163 lines
4.1 KiB
Bash
163 lines
4.1 KiB
Bash
#!/bin/sh
|
|
# IPsec startup and shutdown script
|
|
# Copyright (C) 1998, 1999, 2001 Henry Spencer.
|
|
# Copyright (C) 2002 Michael Richardson <mcr@freeswan.org>
|
|
#
|
|
# This program is free software; you can redistribute it and/or modify it
|
|
# under the terms of the GNU General Public License as published by the
|
|
# Free Software Foundation; either version 2 of the License, or (at your
|
|
# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
|
|
#
|
|
# This program is distributed in the hope that it will be useful, but
|
|
# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
|
# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
|
# for more details.
|
|
#
|
|
# RCSID $Id: setup.in,v 1.118 2003/02/27 16:51:55 dhr Exp $
|
|
#
|
|
# ipsec init.d script for starting and stopping
|
|
# the IPsec security subsystem (KLIPS and Pluto).
|
|
#
|
|
# This script becomes /etc/rc.d/init.d/ipsec (or possibly /etc/init.d/ipsec)
|
|
# and is also accessible as "ipsec setup" (the preferred route for human
|
|
# invocation).
|
|
#
|
|
# The startup and shutdown times are a difficult compromise (in particular,
|
|
# it is almost impossible to reconcile them with the insanely early/late
|
|
# times of NFS filesystem startup/shutdown). Startup is after startup of
|
|
# syslog and pcmcia support; shutdown is just before shutdown of syslog.
|
|
#
|
|
# chkconfig: 2345 47 68
|
|
# description: IPsec provides encrypted and authenticated communications; \
|
|
# KLIPS is the kernel half of it, Pluto is the user-level management daemon.
|
|
|
|
me='ipsec setup' # for messages
|
|
|
|
|
|
# where the private directory and the config files are
|
|
IPSEC_EXECDIR="${IPSEC_EXECDIR-/usr/lib/ipsec}"
|
|
IPSEC_LIBDIR="${IPSEC_LIBDIR-/usr/lib/ipsec}"
|
|
IPSEC_SBINDIR="${IPSEC_SBINDIR-/usr/sbin}"
|
|
IPSEC_CONFS="${IPSEC_CONFS-/etc}"
|
|
|
|
if test " $IPSEC_DIR" = " " # if we were not called by the ipsec command
|
|
then
|
|
# we must establish a suitable PATH ourselves
|
|
PATH="${IPSEC_SBINDIR}":/sbin:/usr/sbin:/usr/local/bin:/bin:/usr/bin
|
|
export PATH
|
|
|
|
IPSEC_DIR="$IPSEC_LIBDIR"
|
|
export IPSEC_DIR IPSEC_CONFS IPSEC_LIBDIR IPSEC_EXECDIR
|
|
fi
|
|
|
|
# Check that the ipsec command is available.
|
|
found=
|
|
for dir in `echo $PATH | tr ':' ' '`
|
|
do
|
|
if test -f $dir/ipsec -a -x $dir/ipsec
|
|
then
|
|
found=yes
|
|
break # NOTE BREAK OUT
|
|
fi
|
|
done
|
|
if ! test "$found"
|
|
then
|
|
echo "cannot find ipsec command -- \`$1' aborted" |
|
|
logger -s -p daemon.error -t ipsec_setup
|
|
exit 1
|
|
fi
|
|
|
|
# accept a few flags
|
|
|
|
export IPSEC_setupflags
|
|
IPSEC_setupflags=""
|
|
|
|
config=""
|
|
|
|
for dummy
|
|
do
|
|
case "$1" in
|
|
--showonly|--show) IPSEC_setupflags="$1" ;;
|
|
--config) config="--config $2" ; shift ;;
|
|
*) break ;;
|
|
esac
|
|
shift
|
|
done
|
|
|
|
|
|
# Pick up IPsec configuration (until we have done this, successfully, we
|
|
# do not know where errors should go, hence the explicit "daemon.error"s.)
|
|
# Note the "--export", which exports the variables created.
|
|
eval `ipsec _confread $config --optional --varprefix IPSEC --export --type config setup`
|
|
if test " $IPSEC_confreadstatus" != " "
|
|
then
|
|
echo "$IPSEC_confreadstatus -- \`$1' aborted" |
|
|
logger -s -p daemon.error -t ipsec_setup
|
|
exit 1
|
|
fi
|
|
|
|
IPSEC_confreadsection=${IPSEC_confreadsection:-setup}
|
|
export IPSEC_confreadsection
|
|
|
|
IPSECsyslog=${IPSECsyslog-daemon.error}
|
|
export IPSECsyslog
|
|
|
|
# misc setup
|
|
umask 022
|
|
|
|
|
|
# do it
|
|
case "$1" in
|
|
start|--start|stop|--stop|_autostop|_autostart)
|
|
if test " `id -u`" != " 0"
|
|
then
|
|
echo "permission denied (must be superuser)" |
|
|
logger -s -p $IPSECsyslog -t ipsec_setup 2>&1
|
|
exit 1
|
|
fi
|
|
tmp=/var/run/ipsec_setup.st
|
|
(
|
|
ipsec _realsetup $1
|
|
echo "$?" >$tmp
|
|
) 2>&1 | logger -s -p $IPSECsyslog -t ipsec_setup 2>&1
|
|
st=$?
|
|
if test -f $tmp
|
|
then
|
|
st=`cat $tmp`
|
|
rm -f $tmp
|
|
fi
|
|
exit $st
|
|
;;
|
|
|
|
restart|--restart|force-reload)
|
|
$0 $IPSEC_setupflags stop
|
|
$0 $IPSEC_setupflags start
|
|
;;
|
|
|
|
_autorestart) # for internal use only
|
|
$0 $IPSEC_setupflags _autostop
|
|
$0 $IPSEC_setupflags _autostart
|
|
;;
|
|
|
|
status|--status)
|
|
ipsec _realsetup $1
|
|
exit
|
|
;;
|
|
|
|
--version)
|
|
echo "$me $IPSEC_VERSION"
|
|
exit 0
|
|
;;
|
|
|
|
--help)
|
|
echo "Usage: $me {--start|--stop|--restart|--status}"
|
|
exit 0
|
|
;;
|
|
|
|
*)
|
|
echo "Usage: $me {--start|--stop|--restart|--status}" >&2
|
|
exit 2
|
|
esac
|
|
|
|
exit 0
|