1: #! @IPSEC_SHELL@
2: # prefix command to run stuff from our programs directory
3: # Copyright (C) 1998-2002 Henry Spencer.
4: # Copyright (C) 2006-2014 Andreas Steffen
5: # Copyright (C) 2006 Martin Willi
6: #
7: # This program is free software; you can redistribute it and/or modify it
8: # under the terms of the GNU General Public License as published by the
9: # Free Software Foundation; either version 2 of the License, or (at your
10: # option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
11: #
12: # This program is distributed in the hope that it will be useful, but
13: # WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
14: # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
15: # for more details.
16:
17: # define a minimum PATH environment in case it is not set
18: PATH=${PATH:-"/sbin:/bin:/usr/sbin:/usr/bin"}
19: export PATH
20:
21: # set daemon name
22: [ -z "$DAEMON_NAME" ] && DAEMON_NAME="charon"
23:
24: # name and version of the ipsec implementation
25: OS_NAME=`uname -s`
26: IPSEC_NAME="@IPSEC_NAME@"
27: IPSEC_VERSION="U@IPSEC_VERSION@/K`uname -r`"
28:
29: # where the private directory and the config files are
30: IPSEC_DIR="@IPSEC_DIR@"
31: IPSEC_BINDIR="@IPSEC_BINDIR@"
32: IPSEC_SBINDIR="@IPSEC_SBINDIR@"
33: IPSEC_CONFDIR="@IPSEC_CONFDIR@"
34: IPSEC_PIDDIR="@IPSEC_PIDDIR@"
35: IPSEC_SCRIPT="@IPSEC_SCRIPT@"
36:
37: IPSEC_STARTER_PID="${IPSEC_PIDDIR}/starter.${DAEMON_NAME}.pid"
38: IPSEC_CHARON_PID="${IPSEC_PIDDIR}/${DAEMON_NAME}.pid"
39:
40: IPSEC_STROKE="${IPSEC_DIR}/stroke"
41: IPSEC_STARTER="${IPSEC_DIR}/starter"
42:
43: export IPSEC_DIR IPSEC_BINDIR IPSEC_SBINDIR IPSEC_CONFDIR IPSEC_PIDDIR IPSEC_SCRIPT IPSEC_VERSION IPSEC_NAME IPSEC_STARTER_PID IPSEC_CHARON_PID
44:
45: IPSEC_DISTRO="University of Applied Sciences Rapperswil, Switzerland"
46:
47: command_dir="$IPSEC_DIR"
48:
49: case "$1" in
50: '')
51: echo "$IPSEC_SCRIPT command [arguments]"
52: echo
53: echo "Use --help for a list of commands, or refer to the $IPSEC_SCRIPT(8) man page."
54: echo "See <http://www.strongswan.org> for more general information."
55: exit 0
56: ;;
57: --help)
58: echo "$IPSEC_SCRIPT command [arguments]"
59: echo
60: echo "Commands:"
61: echo " start|restart [arguments]"
62: echo " update|reload|stop"
63: echo " up|down|route|unroute <connectionname>"
64: echo " down-srcip <start> [<end>]"
65: echo " status|statusall [<connectionname>]"
66: echo " listalgs|listpubkeys|listcerts [--utc]"
67: echo " listcacerts|listaacerts|listocspcerts [--utc]"
68: echo " listacerts|listgroups|listcainfos [--utc]"
69: echo " listcrls|listocsp|listplugins|listall [--utc]"
70: echo " listcounters|resetcounters [name]"
71: echo " leases [<poolname> [<address>]]"
72: echo " rereadsecrets|rereadcacerts|rereadaacerts"
73: echo " rereadocspcerts|rereadacerts|rereadcrls|rereadall"
74: echo " purgecerts|purgecrls|purgeike|purgeocsp"
75: echo " scepclient|pki"
76: echo " stroke"
77: echo " version"
78: echo
79: echo "Refer to the $IPSEC_SCRIPT(8) man page for details."
80: echo "Some commands have their own man pages, e.g. pki(1) or scepclient(8)."
81: exit 0
82: ;;
83: --versioncode)
84: echo "$IPSEC_VERSION"
85: exit 0
86: ;;
87: --directory)
88: echo "$IPSEC_DIR"
89: exit 0
90: ;;
91: --confdir)
92: echo "$IPSEC_CONFDIR"
93: exit 0
94: ;;
95: --piddir)
96: echo "$IPSEC_PIDDIR"
97: exit 0
98: ;;
99: down)
100: shift
101: if [ "$#" -ne 1 ]
102: then
103: echo "Usage: $IPSEC_SCRIPT down <connection name>"
104: exit 2
105: fi
106: rc=7
107: if [ -e $IPSEC_CHARON_PID ]
108: then
109: $IPSEC_STROKE down "$1"
110: rc="$?"
111: fi
112: exit "$rc"
113: ;;
114: down-srcip)
115: shift
116: if [ "$#" -lt 1 ]
117: then
118: echo "Usage: $IPSEC_SCRIPT down-srcip <start> [<end>]"
119: exit 2
120: fi
121: rc=7
122: if [ -e $IPSEC_CHARON_PID ]
123: then
124: $IPSEC_STROKE down-srcip $*
125: rc="$?"
126: fi
127: exit "$rc"
128: ;;
129: leases)
130: op="$1"
131: rc=7
132: shift
133: if [ -e $IPSEC_CHARON_PID ]
134: then
135: case "$#" in
136: 0) $IPSEC_STROKE "$op" ;;
137: 1) $IPSEC_STROKE "$op" "$1" ;;
138: *) $IPSEC_STROKE "$op" "$1" "$2" ;;
139: esac
140: rc="$?"
141: fi
142: exit "$rc"
143: ;;
144: listalgs|listpubkeys|listplugins|\
145: listcerts|listcacerts|listaacerts|\
146: listacerts|listgroups|listocspcerts|\
147: listcainfos|listcrls|listocsp|listall|\
148: rereadsecrets|rereadcacerts|rereadaacerts|\
149: rereadacerts|rereadocspcerts|rereadcrls|\
150: rereadall|purgeocsp|listcounters|resetcounters)
151: op="$1"
152: rc=7
153: shift
154: if [ -e $IPSEC_CHARON_PID ]
155: then
156: $IPSEC_STROKE "$op" "$@"
157: rc="$?"
158: fi
159: exit "$rc"
160: ;;
161: purgeike|purgecrls|purgecerts)
162: rc=7
163: if [ -e $IPSEC_CHARON_PID ]
164: then
165: $IPSEC_STROKE "$1"
166: rc="$?"
167: fi
168: exit "$rc"
169: ;;
170: reload)
171: rc=7
172: if [ -e $IPSEC_STARTER_PID ]
173: then
174: echo "Reloading strongSwan IPsec configuration..." >&2
175: kill -USR1 `cat $IPSEC_STARTER_PID` 2>/dev/null && rc=0
176: else
177: echo "Reloading strongSwan IPsec failed: starter is not running" >&2
178: fi
179: exit "$rc"
180: ;;
181: restart)
182: $IPSEC_SBINDIR/$IPSEC_SCRIPT stop
183: sleep 2
184: shift
185: exec $IPSEC_SBINDIR/$IPSEC_SCRIPT start "$@"
186: ;;
187: route|unroute)
188: op="$1"
189: rc=7
190: shift
191: if [ "$#" -ne 1 ]
192: then
193: echo "Usage: $IPSEC_SCRIPT $op <connection name>"
194: exit 2
195: fi
196: if [ -e $IPSEC_CHARON_PID ]
197: then
198: $IPSEC_STROKE "$op" "$1"
199: rc="$?"
200: fi
201: exit "$rc"
202: ;;
203: secrets)
204: rc=7
205: if [ -e $IPSEC_CHARON_PID ]
206: then
207: $IPSEC_STROKE rereadsecrets
208: rc="$?"
209: fi
210: exit "$rc"
211: ;;
212: start)
213: shift
214: if [ -d /var/lock/subsys ]; then
215: touch /var/lock/subsys/ipsec
216: fi
217: exec $IPSEC_STARTER --daemon $DAEMON_NAME "$@"
218: ;;
219: status|statusall)
220: op="$1"
221: # Return value is slightly different for the status command:
222: # 0 - service up and running
223: # 1 - service dead, but /var/run/ pid file exists
224: # 2 - service dead, but /var/lock/ lock file exists
225: # 3 - service not running (unused)
226: # 4 - service status unknown :-(
227: # 5--199 reserved (5--99 LSB, 100--149 distro, 150--199 appl.)
228: shift
229: if [ $# -eq 0 ]
230: then
231: if [ -e $IPSEC_CHARON_PID ]
232: then
233: $IPSEC_STROKE "$op"
234: fi
235: else
236: if [ -e $IPSEC_CHARON_PID ]
237: then
238: $IPSEC_STROKE "$op" "$1"
239: fi
240: fi
241: if [ -e $IPSEC_STARTER_PID ]
242: then
243: kill -0 `cat $IPSEC_STARTER_PID` 2>/dev/null
244: exit $?
245: fi
246: exit 3
247: ;;
248: stop)
249: # stopping a not-running service is considered as success
250: if [ -e $IPSEC_STARTER_PID ]
251: then
252: echo "Stopping strongSwan IPsec..." >&2
253: spid=`cat $IPSEC_STARTER_PID`
254: if [ -n "$spid" ]
255: then
256: kill $spid 2>/dev/null
257: loop=110
258: while [ $loop -gt 0 ] ; do
259: kill -0 $spid 2>/dev/null || break
260: sleep 0.1 2>/dev/null
261: if [ $? -ne 0 ]
262: then
263: sleep 1
264: loop=$(($loop - 9))
265: fi
266: loop=$(($loop - 1))
267: done
268: if [ $loop -le 0 ]
269: then
270: kill -KILL $spid 2>/dev/null
271: rm -f $IPSEC_STARTER_PID
272: fi
273: fi
274: else
275: echo "Stopping strongSwan IPsec failed: starter is not running" >&2
276: fi
277: if [ -d /var/lock/subsys ]; then
278: rm -f /var/lock/subsys/ipsec
279: fi
280: exit 0
281: ;;
282: up)
283: shift
284: if [ "$#" -ne 1 ]
285: then
286: echo "Usage: $IPSEC_SCRIPT up <connection name>"
287: exit 2
288: fi
289: rc=7
290: if [ -e $IPSEC_CHARON_PID ]
291: then
292: $IPSEC_STROKE up "$1"
293: rc="$?"
294: fi
295: exit "$rc"
296: ;;
297: update)
298: if [ -e $IPSEC_STARTER_PID ]
299: then
300: echo "Updating strongSwan IPsec configuration..." >&2
301: kill -HUP `cat $IPSEC_STARTER_PID`
302: exit 0
303: else
304: echo "Updating strongSwan IPsec failed: starter is not running" >&2
305: exit 7
306: fi
307: ;;
308: aikgen|pki)
309: # programs in BINDIR may be called directly, these two are listed for legacy reasons
310: command_dir="$IPSEC_BINDIR"
311: # fall through
312: ;;
313: attest|conftest|dumm|irdumm|pool|pt-tls-client|scepclient|stroke|\
314: duplicheck|error-notify|imv_policy_manager|load-tester|lookip|whitelist|\
315: _updown|_imv_policy)
316: # fall through
317: ;;
318: copyright|--copyright)
319: set _copyright
320: # fall through
321: ;;
322: version|--version)
323: printf "$OS_NAME $IPSEC_NAME $IPSEC_VERSION\n"
324: printf "$IPSEC_DISTRO\n"
325: printf "See '$IPSEC_SCRIPT --copyright' for copyright information.\n"
326: exit 0
327: ;;
328: --*)
329: echo "$0: unknown option \`$1' (perhaps command name was omitted?)" >&2
330: exit 2
331: ;;
332: *)
333: echo "$0: unknown command \`$1' (\`$IPSEC_SCRIPT --help' for list)" >&2
334: exit 2
335: ;;
336: esac
337:
338: cmd="$1"
339: shift
340:
341: path="$command_dir/$cmd"
342:
343: if [ ! -x "$path" ]
344: then
345: echo "$0: unknown command \`$cmd' (\`$IPSEC_SCRIPT --help' for list)" >&2
346: exit 2
347: fi
348:
349: exec $path "$@"
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>