net/openswan/files/ipsec.init

   1 #!/bin/sh /etc/rc.common
   2 # IPsec startup and shutdown script
   3 # Copyright (C) 1998, 1999, 2001  Henry Spencer.
   4 # Copyright (C) 2002                      Michael Richardson <mcr@freeswan.org>
   5 #
   6 # This program is free software; you can redistribute it and/or modify it
   7 # under the terms of the GNU General Public License as published by the
   8 # Free Software Foundation; either version 2 of the License, or (at your
   9 # option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
  10 #
  11 # This program is distributed in the hope that it will be useful, but
  12 # WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  13 # or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  14 # for more details.
  15 #
  16 #
  17 # ipsec          init.d script for starting and stopping
  18 #                          the IPsec security subsystem (KLIPS and Pluto).
  19 #
  20 # This script becomes /etc/rc.d/init.d/ipsec (or possibly /etc/init.d/ipsec)
  21 # and is also accessible as "ipsec setup" (the preferred route for human
  22 # invocation).
  23 #
  24 # The startup and shutdown times are a difficult compromise (in particular,
  25 # it is almost impossible to reconcile them with the insanely early/late
  26 # times of NFS filesystem startup/shutdown).  Startup is after startup of
  27 # syslog and pcmcia support; shutdown is just before shutdown of syslog.
  28 #
  29 # chkconfig: 2345 47 76
  30 # description: IPsec provides encrypted and authenticated communications; \
  31 # KLIPS is the kernel half of it, Pluto is the user-level management daemon.
  32
  33 START=60
  34 EXTRA_COMMANDS=status
  35 EXTRA_HELP="    status  Show the status of the service"
  36
  37 script_init() {
  38         me='ipsec setup'                # for messages
  39
  40         # where the private directory and the config files are
  41         IPSEC_EXECDIR="${IPSEC_EXECDIR-/usr/libexec/ipsec}"
  42         IPSEC_LIBDIR="${IPSEC_LIBDIR-/usr/lib/ipsec}"
  43         IPSEC_SBINDIR="${IPSEC_SBINDIR-/usr/sbin}"
  44         IPSEC_CONFS="${IPSEC_CONFS-/etc}"
  45
  46         if test " $IPSEC_DIR" = " "     # if we were not called by the ipsec command
  47         then
  48                 # we must establish a suitable PATH ourselves
  49                 PATH="${IPSEC_SBINDIR}":/sbin:/usr/sbin:/usr/local/bin:/bin:/usr/bin
  50                 export PATH
  51
  52                 IPSEC_DIR="$IPSEC_LIBDIR"
  53                 export IPSEC_DIR IPSEC_CONFS IPSEC_LIBDIR IPSEC_EXECDIR
  54         fi
  55
  56         # Check that the ipsec command is available.
  57         found=
  58         for dir in `echo $PATH | tr ':' ' '`
  59         do
  60                 if test -f $dir/ipsec -a -x $dir/ipsec
  61                 then
  62                         found=yes
  63                         break                   # NOTE BREAK OUT
  64                 fi
  65         done
  66         if ! test "$found"
  67         then
  68                 echo "cannot find ipsec command -- \`$1' aborted" |
  69                         logger -s -p daemon.error -t ipsec_setup
  70                 exit 1
  71         fi
  72
  73         # accept a few flags
  74
  75         export IPSEC_setupflags
  76         IPSEC_setupflags=""
  77
  78         config=""
  79
  80         for dummy
  81         do
  82                 case "$1" in
  83                 --showonly|--show)  IPSEC_setupflags="$1" ;;
  84                 --config)  config="--config $2" ; shift ;;
  85                 *) break ;;
  86                 esac
  87                 shift
  88         done
  89
  90
  91         # Pick up IPsec configuration (until we have done this, successfully, we
  92         # do not know where errors should go, hence the explicit "daemon.error"s.)
  93         # Note the "--export", which exports the variables created.
  94         variables=`ipsec addconn $config --varprefix IPSEC --configsetup`
  95         if [ $? != 0 ]
  96         then
  97                 echo "Failed to parse config setup portion of ipsec.conf"
  98                 exit $?
  99         fi
 100         eval $variables
 101
 102         if test " $IPSEC_confreadstatus" != " "
 103         then
 104                 case $1 in
 105                 stop|--stop|_autostop)
 106                 echo "$IPSEC_confreadstatus -- \`$1' may not work" |
 107                         logger -s -p daemon.error -t ipsec_setup;;
 108
 109                 *) echo "$IPSEC_confreadstatus -- \`$1' aborted" |
 110                         logger -s -p daemon.error -t ipsec_setup;
 111                 exit 1;;
 112                 esac
 113         fi
 114
 115         IPSEC_confreadsection=${IPSEC_confreadsection:-setup}
 116         export IPSEC_confreadsection
 117
 118         IPSECsyslog=${IPSECsyslog-daemon.error}
 119         export IPSECsyslog
 120
 121         # misc setup
 122         umask 022
 123
 124         mkdir -p /var/run/pluto
 125 }
 126
 127 script_command() {
 128         # do it
 129         case "$1" in
 130         start|--start|stop|--stop|_autostop|_autostart)
 131                 # remove for: @cygwin_START@
 132                 # portable way for checking for root
 133                 if [ ! -w / ]
 134                 then
 135
 136                         echo "permission denied (must be superuser)" |
 137                                 logger -s -p $IPSECsyslog -t ipsec_setup 2>&1
 138                         exit 1
 139                 fi
 140                 # remove for: @cygwin_END@
 141                 tmp=/var/run/pluto/ipsec_setup.st
 142                 outtmp=/var/run/pluto/ipsec_setup.out
 143                 (
 144                         ipsec _realsetup $1
 145                         echo "$?" >$tmp
 146                 ) > ${outtmp} 2>&1
 147                 st=$?
 148                 if test -f $tmp
 149                 then
 150                         st=`cat $tmp`
 151                         rm -f $tmp
 152                 fi
 153                 if [ -f ${outtmp} ]; then
 154                         cat ${outtmp} | logger -s -p $IPSECsyslog -t ipsec_setup 2>&1
 155                         rm -f ${outtmp}
 156                 fi
 157                 ;;
 158
 159         restart|--restart|force-reload)
 160                 $0 $IPSEC_setupflags stop
 161                 $0 $IPSEC_setupflags start
 162                 ;;
 163
 164         _autorestart)                   # for internal use only
 165                 $0 $IPSEC_setupflags _autostop
 166                 $0 $IPSEC_setupflags _autostart
 167                 ;;
 168
 169         status|--status)
 170                 ipsec _realsetup $1
 171                 exit
 172                 ;;
 173
 174         --version)
 175                 echo "$me $IPSEC_VERSION"
 176                 exit 0
 177                 ;;
 178
 179         --help)
 180                 echo "Usage: $me [ --showonly ] {--start|--stop|--restart}"
 181                 echo "     $me --status"
 182                 exit 0
 183                 ;;
 184
 185         *)
 186                 echo "Usage: $me [ --showonly ] {--start|--stop|--restart}"
 187                 echo "     $me --status"
 188                 exit 2
 189         esac
 190 }
 191 start() {
 192         script_init start "$@"
 193         script_command start "$@"
 194 }
 195
 196 stop() {
 197         script_init stop "$@"
 198         script_command stop "$@"
 199 }
 200
 201 restart() {
 202         script_init stop "$@"
 203         script_command stop "$@"
 204         script_command start "$@"
 205 }
 206
 207 status() {
 208         script_init status "$@"
 209         ipsec _realsetup status
 210 }
 211