#! /bin/sh
# prefix command to run stuff from our programs directory
# Copyright (C) 1998-2002  Henry Spencer.
# 
# This program is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by the
# Free Software Foundation; either version 2 of the License, or (at your
# option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
# 
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
# or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
# for more details.
#
# RCSID $Id: ipsec.in,v 1.14 2006/05/25 11:52:03 as Exp $

IPSEC_NAME=strongSwan

# where the private directory and the config files are
IPSEC_EXECDIR="${IPSEC_EXECDIR-/usr/libexec/ipsec}"
IPSEC_LIBDIR="${IPSEC_LIBDIR-/usr/lib/ipsec}"
IPSEC_SBINDIR="${IPSEC_SBINDIR-/usr/sbin}"
IPSEC_CONFS="${IPSEC_CONFS-/etc}"

IPSEC_DIR="$IPSEC_LIBDIR"
export IPSEC_DIR IPSEC_CONFS IPSEC_LIBDIR IPSEC_EXECDIR

IPSEC_STARTER_PID="/var/run/starter.pid"

# standardize PATH, and export it for everything else's benefit
PATH="${IPSEC_SBINDIR}":/sbin:/usr/sbin:/usr/local/bin:/bin:/usr/bin
export PATH

# things not to be listed in --help command list
DONTMENTION='^(ipsec|_.*|.*\.old|.*~)$'

# version numbering (details filled in by build)
# Possibly should call a C program to invoke the version_code() function
# instead, but for performance's sake, we inline it here (and only here).
version="2.8.2"

# export the version information
IPSEC_VERSION="$version"
export IPSEC_VERSION

# function for the funky user/kernel version stuff
fixversion() {
	if test -f /proc/net/ipsec_version
	then
	stack=" (KLIPS)"
	kv="`awk '{print $NF}' /proc/net/ipsec_version`"
	else
                if test -f /proc/net/pfkey
                then
			stack=" (native)"
                        kv="`uname -r`"
                else
                        kv="(no kernel code presently loaded)"
                fi
	fi
	if test " $kv" != " $version"
	then
	version="U$version/K$kv"
	fi
	version="$version$stack"
}

case "$1" in
'')
	echo "Usage: ipsec command argument ..."
	echo "Use --help for list of commands, or see ipsec(8) manual page"
	echo "or the $IPSEC_NAME documentation for names of the common ones."
	echo "Most have their own manual pages, e.g. ipsec_auto(8)."
	echo "See <http://www.strongswan.org> for more general info."
	exit 0
	;;
--help)
	echo "Usage: ipsec command argument ..."
	echo "where command is one of:"
	echo "	start|restart  arguments..."
	echo "	update|reload|stop"
	echo "	up|down|route|unroute <connectionname>"
	echo "	status|statusall [<connectionname>]"
	echo "	ready"
	echo "	listalgs|listpubkeys|listcerts [--utc]"
	echo "	listcacerts|listaacerts|listocspcerts [--utc]"
	echo "	listacerts|listgroups|listcainfos [--utc]"
	echo "	listcrls|listocsp|listcards|listall [--utc]"
	echo "	rereadsecrets|rereadgroups"
	echo "	rereadcacerts|rereadaacerts|rereadocspcerts"
	echo "	rereadacerts|rereadcrls|rereadall"
	echo "	purgeocsp"
	echo "	scencrypt|scdecrypt <value> [--inbase <base>] [--outbase <base>] [--keyid <id>]"
        echo "	barf"
	echo "	openac"
	echo "	pluto"
	echo "	scepclient"
	echo "	secrets"
	echo "	starter"
	echo "	version"
	echo "	whack"
	echo
	echo "Some of these functions have their own manual pages, e.g. ipsec_scepclient(8)."
	exit 0
	;;
--versioncode)
	fixversion
	echo "$version"
	exit 0
	;;
--copyright)
	set _copyright
	# and fall through, invoking "ipsec _copyright"
	;;
--directory)
	echo "$IPSEC_DIR"
	exit 0
	;;
--confdir)
	echo "$IPSEC_CONFS"
	exit 0
	;;
down)
	shift
	if [ "$#" -ne 1 ]
	then
	    echo "Usage: ipsec down <connection name>"
	    exit 1
	fi
	$IPSEC_EXECDIR/whack --name "$1" --terminate
	exit 0
	;;
listalgs|listpubkeys|listcerts|listcacerts|\
listaacerts|listocspcerts|listacerts|listgroups|\
listcainfos|listcrls|listocsp|listcards|\
listall|purgeocsp|rereadsecrets|rereadgroups|\
rereadcacerts|rereadaacerts|rereadocspcerts|\
rereadacerts|rereadcrls|rereadall)
	op="$1"
	shift
        $IPSEC_EXECDIR/whack "$@" "--$op"
	exit 0
	;;
ready)
	shift
	$IPSEC_EXECDIR/whack --listen
	exit 0
	;;
reload)
	if test -e $IPSEC_STARTER_PID 
	then
	    echo "Reloading strongSwan IPsec configuration..." >&2
	    kill -s USR1 `cat $IPSEC_STARTER_PID`
	else
	    echo "ipsec starter is not running" >&2
	fi
	exit 0
	;;
restart)
	$IPSEC_SBINDIR/ipsec stop
	sleep 2
	shift
	$IPSEC_SBINDIR/ipsec start "$@"
	exit 0
	;;
route|unroute)
	op="$1"
	shift
	if [ "$#" -ne 1 ]
	then
	    echo "Usage: ipsec $op <connection name>"
	    exit 1
	fi
	$IPSEC_EXECDIR/whack --name "$1" "--$op"
	exit 0
	;;
scencrypt|scdecrypt)
	op="$1"
	shift
        $IPSEC_EXECDIR/whack "--$op" "$@"
	exit 0
	;;
start)
	shift
	exec $IPSEC_EXECDIR/starter "$@"
	;;
status|statusall)
	op="$1"
	shift
	if test $# -eq 0
	then
	    $IPSEC_EXECDIR/whack "--$op"
	else
	    $IPSEC_EXECDIR/whack --name "$1" "--$op"
	fi
	exit 0
	;;
stop)
	if test -e $IPSEC_STARTER_PID 
	then
	    echo "Stopping strongSwan IPsec..." >&2
	    kill `cat $IPSEC_STARTER_PID`
	else
	    echo "ipsec starter is not running" >&2
	fi
	exit 0
	;;
up)
	shift
	if [ "$#" -ne 1 ]
	then
	    echo "Usage: ipsec up <connection name>"
	    exit 1
	fi
	$IPSEC_EXECDIR/whack --name "$1" --initiate
	exit 0
	;;
update)
	if test -e $IPSEC_STARTER_PID 
	then
	    echo "Updating strongSwan IPsec configuration..." >&2
	    kill -s HUP `cat $IPSEC_STARTER_PID`
	else
	    echo "ipsec starter is not running" >&2
	fi
	exit 0
	;;
version|--version)
	fixversion
	echo "Linux $IPSEC_NAME $version"
	echo "See \`ipsec --copyright' for copyright information."
	if [ -f $IPSEC_LIBDIR/distro.txt ]
	then
	    cat $IPSEC_LIBDIR/distro.txt
	fi
	exit 0
	;;
--*)
	echo "$0: unknown option \`$1' (perhaps command name was omitted?)" >&2
	exit 1
	;;
esac

cmd="$1"
shift

path="$IPSEC_EXECDIR/$cmd"

if test ! -x "$path" 
then
    path="$IPSEC_LIBDIR/$cmd"
    if test ! -x "$path"
    then
	echo "$0: unknown IPsec command \`$cmd' (\`ipsec --help' for list)" >&2
	exit 1
    fi
fi

exec $path "$@"
