openswan/ipsec-initscript

#!/bin/sh
# IPsec startup and shutdown script
# Copyright (C) 1998, 1999, 2001  Henry Spencer.
# Copyright (C) 2002              Michael Richardson <mcr@freeswan.org>
# 
# This program is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by the
# Free Software Foundation; either version 2 of the License, or (at your
# option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
# 
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
# or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
# for more details.
#
# RCSID $Id: setup.in,v 1.118 2003/02/27 16:51:55 dhr Exp $
#
# ipsec         init.d script for starting and stopping
#               the IPsec security subsystem (KLIPS and Pluto).
#
# This script becomes /etc/rc.d/init.d/ipsec (or possibly /etc/init.d/ipsec)
# and is also accessible as "ipsec setup" (the preferred route for human
# invocation).
#
# The startup and shutdown times are a difficult compromise (in particular,
# it is almost impossible to reconcile them with the insanely early/late
# times of NFS filesystem startup/shutdown).  Startup is after startup of
# syslog and pcmcia support; shutdown is just before shutdown of syslog.
#
# chkconfig: 2345 47 68
# description: IPsec provides encrypted and authenticated communications; \
# KLIPS is the kernel half of it, Pluto is the user-level management daemon.

me='ipsec setup'		# for messages


# where the private directory and the config files are
IPSEC_EXECDIR="${IPSEC_EXECDIR-/usr/lib/ipsec}"
IPSEC_LIBDIR="${IPSEC_LIBDIR-/usr/lib/ipsec}"
IPSEC_SBINDIR="${IPSEC_SBINDIR-/usr/sbin}"
IPSEC_CONFS="${IPSEC_CONFS-/etc}"

if test " $IPSEC_DIR" = " "	# if we were not called by the ipsec command
then
    # we must establish a suitable PATH ourselves
    PATH="${IPSEC_SBINDIR}":/sbin:/usr/sbin:/usr/local/bin:/bin:/usr/bin
    export PATH

    IPSEC_DIR="$IPSEC_LIBDIR"
    export IPSEC_DIR IPSEC_CONFS IPSEC_LIBDIR IPSEC_EXECDIR
fi

# Check that the ipsec command is available.
found=
for dir in `echo $PATH | tr ':' ' '`
do
	if test -f $dir/ipsec -a -x $dir/ipsec
	then
		found=yes
		break			# NOTE BREAK OUT
	fi
done
if ! test "$found"
then
	echo "cannot find ipsec command -- \`$1' aborted" |
		logger -s -p daemon.error -t ipsec_setup
	exit 1
fi

# accept a few flags

export IPSEC_setupflags
IPSEC_setupflags=""

config=""

for dummy
do
	case "$1" in
	--showonly|--show)  IPSEC_setupflags="$1" ;;
	--config)  config="--config $2" ; shift	;;
	*) break ;;
	esac
	shift
done


# Pick up IPsec configuration (until we have done this, successfully, we
# do not know where errors should go, hence the explicit "daemon.error"s.)
# Note the "--export", which exports the variables created.
eval `ipsec _confread $config --optional --varprefix IPSEC --export --type config setup`
if test " $IPSEC_confreadstatus" != " "
then
	echo "$IPSEC_confreadstatus -- \`$1' aborted" |
		logger -s -p daemon.error -t ipsec_setup
	exit 1
fi

IPSEC_confreadsection=${IPSEC_confreadsection:-setup}
export IPSEC_confreadsection

IPSECsyslog=${IPSECsyslog-daemon.error}
export IPSECsyslog

# misc setup
umask 022


# do it
case "$1" in
  start|--start|stop|--stop|_autostop|_autostart)
	if test " `id -u`" != " 0"
	then
		echo "permission denied (must be superuser)" |
			logger -s -p $IPSECsyslog -t ipsec_setup 2>&1
		exit 1
	fi
	tmp=/var/run/ipsec_setup.st
	(
		ipsec _realsetup $1
		echo "$?" >$tmp
	) 2>&1 | logger -s -p $IPSECsyslog -t ipsec_setup 2>&1
	st=$?
	if test -f $tmp
	then
		st=`cat $tmp`
		rm -f $tmp
	fi
	exit $st
	;;

  restart|--restart|force-reload)
	$0 $IPSEC_setupflags stop
	$0 $IPSEC_setupflags start
	;;

  _autorestart)			# for internal use only
	$0 $IPSEC_setupflags _autostop
	$0 $IPSEC_setupflags _autostart
	;;

  status|--status)
	ipsec _realsetup $1
	exit
	;;

  --version)
	echo "$me $IPSEC_VERSION"
	exit 0
	;;

  --help)
	echo "Usage: $me {--start|--stop|--restart|--status}"
	exit 0
	;;

  *)
	echo "Usage: $me {--start|--stop|--restart|--status}" >&2
	exit 2
esac

exit 0
automatic version update by autodist [release 2.6.39-1mamba;Wed Jun 05 2013] 2024-01-06 08:17:14 +01:00			`#!/bin/sh`
			`# IPsec startup and shutdown script`
			`# Copyright (C) 1998, 1999, 2001 Henry Spencer.`
			`# Copyright (C) 2002 Michael Richardson <mcr@freeswan.org>`
			`#`
			`# This program is free software; you can redistribute it and/or modify it`
			`# under the terms of the GNU General Public License as published by the`
			`# Free Software Foundation; either version 2 of the License, or (at your`
			`# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.`
			`#`
			`# This program is distributed in the hope that it will be useful, but`
			`# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY`
			`# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License`
			`# for more details.`
			`#`
			`# RCSID $Id: setup.in,v 1.118 2003/02/27 16:51:55 dhr Exp $`
			`#`
			`# ipsec init.d script for starting and stopping`
			`# the IPsec security subsystem (KLIPS and Pluto).`
			`#`
			`# This script becomes /etc/rc.d/init.d/ipsec (or possibly /etc/init.d/ipsec)`
			`# and is also accessible as "ipsec setup" (the preferred route for human`
			`# invocation).`
			`#`
			`# The startup and shutdown times are a difficult compromise (in particular,`
			`# it is almost impossible to reconcile them with the insanely early/late`
			`# times of NFS filesystem startup/shutdown). Startup is after startup of`
			`# syslog and pcmcia support; shutdown is just before shutdown of syslog.`
			`#`
			`# chkconfig: 2345 47 68`
			`# description: IPsec provides encrypted and authenticated communications; \`
			`# KLIPS is the kernel half of it, Pluto is the user-level management daemon.`

			`me='ipsec setup' # for messages`


			`# where the private directory and the config files are`
			`IPSEC_EXECDIR="${IPSEC_EXECDIR-/usr/lib/ipsec}"`
			`IPSEC_LIBDIR="${IPSEC_LIBDIR-/usr/lib/ipsec}"`
			`IPSEC_SBINDIR="${IPSEC_SBINDIR-/usr/sbin}"`
			`IPSEC_CONFS="${IPSEC_CONFS-/etc}"`

			`if test " $IPSEC_DIR" = " " # if we were not called by the ipsec command`
			`then`
			`# we must establish a suitable PATH ourselves`
			`PATH="${IPSEC_SBINDIR}":/sbin:/usr/sbin:/usr/local/bin:/bin:/usr/bin`
			`export PATH`

			`IPSEC_DIR="$IPSEC_LIBDIR"`
			`export IPSEC_DIR IPSEC_CONFS IPSEC_LIBDIR IPSEC_EXECDIR`
			`fi`

			`# Check that the ipsec command is available.`
			`found=`
			for dir in `echo $PATH \| tr ':' ' '`
			`do`
			`if test -f $dir/ipsec -a -x $dir/ipsec`
			`then`
			`found=yes`
			`break # NOTE BREAK OUT`
			`fi`
			`done`
			`if ! test "$found"`
			`then`
			echo "cannot find ipsec command -- \`$1' aborted" \|
			`logger -s -p daemon.error -t ipsec_setup`
			`exit 1`
			`fi`

			`# accept a few flags`

			`export IPSEC_setupflags`
			`IPSEC_setupflags=""`

			`config=""`

			`for dummy`
			`do`
			`case "$1" in`
			`--showonly\|--show) IPSEC_setupflags="$1" ;;`
			`--config) config="--config $2" ; shift ;;`
			`*) break ;;`
			`esac`
			`shift`
			`done`


			`# Pick up IPsec configuration (until we have done this, successfully, we`
			`# do not know where errors should go, hence the explicit "daemon.error"s.)`
			`# Note the "--export", which exports the variables created.`
			eval `ipsec _confread $config --optional --varprefix IPSEC --export --type config setup`
			`if test " $IPSEC_confreadstatus" != " "`
			`then`
			echo "$IPSEC_confreadstatus -- \`$1' aborted" \|
			`logger -s -p daemon.error -t ipsec_setup`
			`exit 1`
			`fi`

			`IPSEC_confreadsection=${IPSEC_confreadsection:-setup}`
			`export IPSEC_confreadsection`

			`IPSECsyslog=${IPSECsyslog-daemon.error}`
			`export IPSECsyslog`

			`# misc setup`
			`umask 022`


			`# do it`
			`case "$1" in`
			`start\|--start\|stop\|--stop\|_autostop\|_autostart)`
			if test " `id -u`" != " 0"
			`then`
			`echo "permission denied (must be superuser)" \|`
			`logger -s -p $IPSECsyslog -t ipsec_setup 2>&1`
			`exit 1`
			`fi`
			`tmp=/var/run/ipsec_setup.st`
			`(`
			`ipsec _realsetup $1`
			`echo "$?" >$tmp`
			`) 2>&1 \| logger -s -p $IPSECsyslog -t ipsec_setup 2>&1`
			`st=$?`
			`if test -f $tmp`
			`then`
			st=`cat $tmp`
			`rm -f $tmp`
			`fi`
			`exit $st`
			`;;`

			`restart\|--restart\|force-reload)`
			`$0 $IPSEC_setupflags stop`
			`$0 $IPSEC_setupflags start`
			`;;`

			`_autorestart) # for internal use only`
			`$0 $IPSEC_setupflags _autostop`
			`$0 $IPSEC_setupflags _autostart`
			`;;`

			`status\|--status)`
			`ipsec _realsetup $1`
			`exit`
			`;;`

			`--version)`
			`echo "$me $IPSEC_VERSION"`
			`exit 0`
			`;;`

			`--help)`
			`echo "Usage: $me {--start\|--stop\|--restart\|--status}"`
			`exit 0`
			`;;`

			`*)`
			`echo "Usage: $me {--start\|--stop\|--restart\|--status}" >&2`
			`exit 2`
			`esac`

			`exit 0`