openswan/ipsec-initscript

163 lines
4.1 KiB
Bash

#!/bin/sh
# IPsec startup and shutdown script
# Copyright (C) 1998, 1999, 2001 Henry Spencer.
# Copyright (C) 2002 Michael Richardson <mcr@freeswan.org>
#
# This program is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by the
# Free Software Foundation; either version 2 of the License, or (at your
# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
# for more details.
#
# RCSID $Id: setup.in,v 1.118 2003/02/27 16:51:55 dhr Exp $
#
# ipsec init.d script for starting and stopping
# the IPsec security subsystem (KLIPS and Pluto).
#
# This script becomes /etc/rc.d/init.d/ipsec (or possibly /etc/init.d/ipsec)
# and is also accessible as "ipsec setup" (the preferred route for human
# invocation).
#
# The startup and shutdown times are a difficult compromise (in particular,
# it is almost impossible to reconcile them with the insanely early/late
# times of NFS filesystem startup/shutdown). Startup is after startup of
# syslog and pcmcia support; shutdown is just before shutdown of syslog.
#
# chkconfig: 2345 47 68
# description: IPsec provides encrypted and authenticated communications; \
# KLIPS is the kernel half of it, Pluto is the user-level management daemon.
me='ipsec setup' # for messages
# where the private directory and the config files are
IPSEC_EXECDIR="${IPSEC_EXECDIR-/usr/lib/ipsec}"
IPSEC_LIBDIR="${IPSEC_LIBDIR-/usr/lib/ipsec}"
IPSEC_SBINDIR="${IPSEC_SBINDIR-/usr/sbin}"
IPSEC_CONFS="${IPSEC_CONFS-/etc}"
if test " $IPSEC_DIR" = " " # if we were not called by the ipsec command
then
# we must establish a suitable PATH ourselves
PATH="${IPSEC_SBINDIR}":/sbin:/usr/sbin:/usr/local/bin:/bin:/usr/bin
export PATH
IPSEC_DIR="$IPSEC_LIBDIR"
export IPSEC_DIR IPSEC_CONFS IPSEC_LIBDIR IPSEC_EXECDIR
fi
# Check that the ipsec command is available.
found=
for dir in `echo $PATH | tr ':' ' '`
do
if test -f $dir/ipsec -a -x $dir/ipsec
then
found=yes
break # NOTE BREAK OUT
fi
done
if ! test "$found"
then
echo "cannot find ipsec command -- \`$1' aborted" |
logger -s -p daemon.error -t ipsec_setup
exit 1
fi
# accept a few flags
export IPSEC_setupflags
IPSEC_setupflags=""
config=""
for dummy
do
case "$1" in
--showonly|--show) IPSEC_setupflags="$1" ;;
--config) config="--config $2" ; shift ;;
*) break ;;
esac
shift
done
# Pick up IPsec configuration (until we have done this, successfully, we
# do not know where errors should go, hence the explicit "daemon.error"s.)
# Note the "--export", which exports the variables created.
eval `ipsec _confread $config --optional --varprefix IPSEC --export --type config setup`
if test " $IPSEC_confreadstatus" != " "
then
echo "$IPSEC_confreadstatus -- \`$1' aborted" |
logger -s -p daemon.error -t ipsec_setup
exit 1
fi
IPSEC_confreadsection=${IPSEC_confreadsection:-setup}
export IPSEC_confreadsection
IPSECsyslog=${IPSECsyslog-daemon.error}
export IPSECsyslog
# misc setup
umask 022
# do it
case "$1" in
start|--start|stop|--stop|_autostop|_autostart)
if test " `id -u`" != " 0"
then
echo "permission denied (must be superuser)" |
logger -s -p $IPSECsyslog -t ipsec_setup 2>&1
exit 1
fi
tmp=/var/run/ipsec_setup.st
(
ipsec _realsetup $1
echo "$?" >$tmp
) 2>&1 | logger -s -p $IPSECsyslog -t ipsec_setup 2>&1
st=$?
if test -f $tmp
then
st=`cat $tmp`
rm -f $tmp
fi
exit $st
;;
restart|--restart|force-reload)
$0 $IPSEC_setupflags stop
$0 $IPSEC_setupflags start
;;
_autorestart) # for internal use only
$0 $IPSEC_setupflags _autostop
$0 $IPSEC_setupflags _autostart
;;
status|--status)
ipsec _realsetup $1
exit
;;
--version)
echo "$me $IPSEC_VERSION"
exit 0
;;
--help)
echo "Usage: $me {--start|--stop|--restart|--status}"
exit 0
;;
*)
echo "Usage: $me {--start|--stop|--restart|--status}" >&2
exit 2
esac
exit 0