programs/_plutoload/_plutoload.in

   1 #!/bin/sh
   2 # Pluto database-loading script
   3 # Copyright (C) 1998, 1999, 2001  Henry Spencer.
   4 #
   5 # This program is free software; you can redistribute it and/or modify it
   6 # under the terms of the GNU General Public License as published by the
   7 # Free Software Foundation; either version 2 of the License, or (at your
   8 # option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
   9 #
  10 # This program is distributed in the hope that it will be useful, but
  11 # WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  12 # or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  13 # for more details.
  14 #
  15 # RCSID $Id: _plutoload.in,v 1.2 2004/03/31 16:15:10 as Exp $
  16 #
  17 # exit status is 13 for protocol violation, that of Pluto otherwise
  18
  19 me='ipsec _plutoload'           # for messages
  20
  21 for dummy
  22 do
  23         case "$1" in
  24         --load) plutoload="$2" ; shift  ;;
  25         --start)        plutostart="$2" ; shift ;;
  26         --wait) plutowait="$2" ; shift  ;;
  27         --post) postpluto="$2" ; shift  ;;
  28         --)     shift ; break   ;;
  29         -*)     echo "$me: unknown option \`$1'" >&2 ; exit 2   ;;
  30         *)      break   ;;
  31         esac
  32         shift
  33 done
  34
  35 # load ca information
  36 eval `ipsec _confread --varprefix PLUTO --type ca --search auto add start`
  37 if test " $PLUTO_confreadstatus" != " "
  38 then
  39         echo "auto=add/start search: $PLUTO_confreadstatus"
  40         echo "unable to determine what ca information to add -- adding none"
  41         caload=
  42 else
  43         caload="$PLUTO_confreadnames"
  44 fi
  45
  46 # searches, if needed
  47 # the way the searches were done ensures plutoload >= plutoroute >= plutostart
  48
  49 # search for things to "ipsec auto --add": auto in "add" "route" "start"
  50 eval `ipsec _confread --varprefix PLUTO --search auto add route start`
  51 if test " $PLUTO_confreadstatus" != " "
  52 then
  53         echo "auto=add/route/start search: $PLUTO_confreadstatus"
  54         echo "unable to determine what conns to add -- adding none"
  55         plutoload=
  56 else
  57         plutoload="$PLUTO_confreadnames"
  58 fi
  59
  60 # search for things to "ipsec auto --route": auto in  "route" "start"
  61 eval `ipsec _confread --varprefix PLUTO --search auto route start`
  62 if test " $PLUTO_confreadstatus" != " "
  63 then
  64         echo "auto=route/start search: $PLUTO_confreadstatus"
  65         echo "unable to determine what conns to route -- routing none"
  66         plutoroute=
  67 else
  68         plutoroute="$PLUTO_confreadnames"
  69 fi
  70
  71 # search for things to "ipsec auto --up": auto in  "start"
  72 eval `ipsec _confread --varprefix PLUTO --search auto start`
  73 if test " $PLUTO_confreadstatus" != " "
  74 then
  75         echo "auto=start search: $PLUTO_confreadstatus"
  76         echo "unable to determine what conns to start -- starting none"
  77         plutostart=
  78 else
  79         plutostart="$PLUTO_confreadnames"
  80 fi
  81
  82 # await Pluto's readiness (not likely to be an issue, but...)
  83 eofed=y
  84 while read saying
  85 do
  86         case "$saying" in
  87         'Pluto initialized')    eofed= ; break  ;;      # NOTE BREAK OUT
  88         *)      echo "pluto unexpectedly said \`$saying'"       ;;
  89         esac
  90 done
  91 if test "$eofed"
  92 then
  93         echo "pluto died unexpectedly!?!"
  94         exit 13
  95 fi
  96
  97 # ca database load
  98 for tu in $caload
  99 do
 100         ipsec auto --type ca --add $tu ||
 101                 echo "...could not add ca \"$tu\""
 102 done
 103
 104 # conn database load
 105 for tu in $plutoload
 106 do
 107         ipsec auto --add $tu ||
 108                 echo "...could not add conn \"$tu\""
 109 done
 110
 111 # enable listening
 112 ipsec auto --ready
 113
 114 # execute any post-startup cleanup
 115 if test " $postpluto" != " "
 116 then
 117         $postpluto
 118         st=$?
 119         if test " $st" -ne 0
 120         then
 121                 echo "...postpluto command exited with status $st"
 122         fi
 123 fi
 124
 125 # quickly establish routing
 126 for tu in $plutoroute
 127 do
 128         ipsec auto --route $tu ||
 129                 echo "...could not route conn \"$tu\""
 130 done
 131
 132 # tunnel initiation, which may take a while
 133 async=
 134 if test " $plutowait" = " no"
 135 then
 136         async="--asynchronous"
 137 fi
 138 for tu in $plutostart
 139 do
 140         ipsec auto --up $async $tu ||
 141                 echo "...could not start conn \"$tu\""
 142 done
 143
 144 # report any further utterances, and watch for exit status
 145 eofed=y
 146 while read saying
 147 do
 148         case "$saying" in
 149         exit)   eofed= ; break  ;;              # NOTE BREAK OUT
 150         *)      echo "pluto unexpectedly says \`$saying'"       ;;
 151         esac
 152 done
 153 if test "$eofed"
 154 then
 155         echo "pluto died without exit status!?!"
 156         exit 13
 157 fi
 158 if read status
 159 then
 160         exit $status
 161 else
 162         echo "pluto yielded no exit status!?!"
 163         exit 13
 164 fi