]>
Commit | Line | Data |
---|---|---|
1d4b4bae MT |
1 | #!/bin/sh |
2 | # IPsec startup and shutdown script | |
3 | # Copyright (C) 1998, 1999, 2001 Henry Spencer. | |
4 | # Copyright (C) 2002 Michael Richardson <mcr@freeswan.org> | |
2b0b3689 | 5 | # |
1d4b4bae MT |
6 | # This program is free software; you can redistribute it and/or modify it |
7 | # under the terms of the GNU General Public License as published by the | |
8 | # Free Software Foundation; either version 2 of the License, or (at your | |
9 | # option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
2b0b3689 | 10 | # |
1d4b4bae MT |
11 | # This program is distributed in the hope that it will be useful, but |
12 | # WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
13 | # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
14 | # for more details. | |
15 | # | |
16 | # RCSID $Id: setup.in,v 1.122.6.3 2006/10/26 23:54:32 paul Exp $ | |
17 | # | |
18 | # ipsec init.d script for starting and stopping | |
19 | # the IPsec security subsystem (KLIPS and Pluto). | |
20 | # | |
21 | # This script becomes /etc/rc.d/init.d/ipsec (or possibly /etc/init.d/ipsec) | |
22 | # and is also accessible as "ipsec setup" (the preferred route for human | |
23 | # invocation). | |
24 | # | |
25 | # The startup and shutdown times are a difficult compromise (in particular, | |
26 | # it is almost impossible to reconcile them with the insanely early/late | |
27 | # times of NFS filesystem startup/shutdown). Startup is after startup of | |
28 | # syslog and pcmcia support; shutdown is just before shutdown of syslog. | |
29 | # | |
30 | # chkconfig: 2345 47 76 | |
31 | # description: IPsec provides encrypted and authenticated communications; \ | |
32 | # KLIPS is the kernel half of it, Pluto is the user-level management daemon. | |
33 | ||
34 | me='ipsec setup' # for messages | |
35 | ||
36 | # where the private directory and the config files are | |
37 | IPSEC_EXECDIR="${IPSEC_EXECDIR-/usr/libexec/ipsec}" | |
38 | IPSEC_LIBDIR="${IPSEC_LIBDIR-/usr/lib/ipsec}" | |
39 | IPSEC_SBINDIR="${IPSEC_SBINDIR-/usr/sbin}" | |
40 | IPSEC_CONFS="${IPSEC_CONFS-/etc}" | |
41 | ||
42 | if test " $IPSEC_DIR" = " " # if we were not called by the ipsec command | |
43 | then | |
44 | # we must establish a suitable PATH ourselves | |
45 | PATH="${IPSEC_SBINDIR}":/sbin:/usr/sbin:/usr/local/bin:/bin:/usr/bin | |
46 | export PATH | |
47 | ||
48 | IPSEC_DIR="$IPSEC_LIBDIR" | |
49 | export IPSEC_DIR IPSEC_CONFS IPSEC_LIBDIR IPSEC_EXECDIR | |
50 | fi | |
51 | ||
52 | # Check that the ipsec command is available. | |
53 | found= | |
54 | for dir in `echo $PATH | tr ':' ' '` | |
55 | do | |
56 | if test -f $dir/ipsec -a -x $dir/ipsec | |
57 | then | |
58 | found=yes | |
59 | break # NOTE BREAK OUT | |
60 | fi | |
61 | done | |
62 | if ! test "$found" | |
63 | then | |
64 | echo "cannot find ipsec command -- \`$1' aborted" | | |
65 | logger -s -p daemon.error -t ipsec_setup | |
66 | exit 1 | |
67 | fi | |
68 | ||
69 | # accept a few flags | |
70 | ||
71 | export IPSEC_setupflags | |
72 | IPSEC_setupflags="" | |
73 | ||
74 | config="" | |
75 | ||
76 | for dummy | |
77 | do | |
78 | case "$1" in | |
79 | --showonly|--show) IPSEC_setupflags="$1" ;; | |
80 | --config) config="--config $2" ; shift ;; | |
81 | *) break ;; | |
82 | esac | |
83 | shift | |
84 | done | |
85 | ||
86 | ||
87 | # Pick up IPsec configuration (until we have done this, successfully, we | |
88 | # do not know where errors should go, hence the explicit "daemon.error"s.) | |
89 | # Note the "--export", which exports the variables created. | |
90 | eval `ipsec _confread $config --optional --varprefix IPSEC --export --type config setup` | |
91 | ||
92 | if test " $IPSEC_confreadstatus" != " " | |
93 | then | |
94 | case $1 in | |
95 | stop|--stop|_autostop) | |
96 | echo "$IPSEC_confreadstatus -- \`$1' may not work" | | |
97 | logger -s -p daemon.error -t ipsec_setup;; | |
98 | ||
99 | *) echo "$IPSEC_confreadstatus -- \`$1' aborted" | | |
100 | logger -s -p daemon.error -t ipsec_setup; | |
101 | exit 1;; | |
102 | esac | |
103 | fi | |
104 | ||
105 | IPSEC_confreadsection=${IPSEC_confreadsection:-setup} | |
106 | export IPSEC_confreadsection | |
107 | ||
108 | IPSECsyslog=${IPSECsyslog-daemon.error} | |
109 | export IPSECsyslog | |
110 | ||
111 | # misc setup | |
112 | umask 022 | |
113 | ||
114 | mkdir -p /var/run/pluto | |
115 | ||
116 | ||
117 | # do it | |
118 | case "$1" in | |
119 | start|--start|stop|--stop|_autostop|_autostart) | |
120 | wanttodo=$1 | |
121 | if test " `id -u`" != " 0" | |
122 | then | |
123 | echo "permission denied (must be superuser)" | | |
124 | logger -s -p $IPSECsyslog -t ipsec_setup 2>&1 | |
125 | exit 1 | |
126 | fi | |
127 | tmp=/var/run/pluto/ipsec_setup.st | |
128 | outtmp=/var/run/pluto/ipsec_setup.out | |
129 | ( | |
130 | ipsec _realsetup $1 | |
131 | echo "$?" >$tmp | |
132 | ) > ${outtmp} 2>&1 | |
133 | st=$? | |
134 | if test -f $tmp | |
135 | then | |
136 | st=`cat $tmp` | |
137 | rm -f $tmp | |
138 | fi | |
139 | if [ -f ${outtmp} ]; then | |
140 | cat ${outtmp} | logger -s -p $IPSECsyslog -t ipsec_setup 2>&1 | |
141 | rm -f ${outtmp} | |
142 | fi | |
143 | if [ "$wanttodo" = "start" -o "$wanttodo" = "--start" -o "$wanttodo" = "_autostart" ]; then | |
144 | sleep 20 && chown root:nobody /var/run/pluto -R && chmod 770 /var/run/pluto -R && ln -f /var/run/pluto/pluto.pid /var/run/pluto.pid 2>&1 & | |
145 | fi | |
146 | exit $st | |
147 | ;; | |
148 | ||
149 | restart|--restart|force-reload) | |
150 | $0 $IPSEC_setupflags stop | |
151 | $0 $IPSEC_setupflags start | |
152 | ;; | |
153 | ||
154 | _autorestart) # for internal use only | |
155 | $0 $IPSEC_setupflags _autostop | |
156 | $0 $IPSEC_setupflags _autostart | |
157 | ;; | |
158 | ||
159 | status|--status) | |
160 | ipsec _realsetup $1 | |
161 | exit | |
162 | ;; | |
163 | ||
164 | --version) | |
165 | echo "$me $IPSEC_VERSION" | |
166 | exit 0 | |
167 | ;; | |
168 | ||
169 | --help) | |
170 | echo "Usage: $me [ --showonly ] {--start|--stop|--restart}" | |
171 | echo " $me --status" | |
172 | exit 0 | |
173 | ;; | |
174 | ||
175 | *) | |
176 | echo "Usage: $me [ --showonly ] {--start|--stop|--restart}" | |
177 | echo " $me --status" | |
178 | exit 2 | |
179 | esac | |
180 | ||
181 | exit 0 |