projects / openwrt / svn-archive / archive.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
[packages] ipv6calc: update to v0.73.0 (#5912)
[openwrt/svn-archive/archive.git] / net / openswan / files / ipsec.init
1 #!/bin/sh /etc/rc.common
2 # IPsec startup and shutdown script
3 # Copyright (C) 1998, 1999, 2001 Henry Spencer.
4 # Copyright (C) 2002 Michael Richardson <mcr@freeswan.org>
5 #
6 # This program is free software; you can redistribute it and/or modify it
7 # under the terms of the GNU General Public License as published by the
8 # Free Software Foundation; either version 2 of the License, or (at your
9 # option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 #
11 # This program is distributed in the hope that it will be useful, but
12 # WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 # for more details.
15 #
16 #
17 # ipsec init.d script for starting and stopping
18 # the IPsec security subsystem (KLIPS and Pluto).
19 #
20 # This script becomes /etc/rc.d/init.d/ipsec (or possibly /etc/init.d/ipsec)
21 # and is also accessible as "ipsec setup" (the preferred route for human
22 # invocation).
23 #
24 # The startup and shutdown times are a difficult compromise (in particular,
25 # it is almost impossible to reconcile them with the insanely early/late
26 # times of NFS filesystem startup/shutdown). Startup is after startup of
27 # syslog and pcmcia support; shutdown is just before shutdown of syslog.
28 #
29 # chkconfig: 2345 47 76
30 # description: IPsec provides encrypted and authenticated communications; \
31 # KLIPS is the kernel half of it, Pluto is the user-level management daemon.
32
33 START=60
34 EXTRA_COMMANDS=status
35 EXTRA_HELP=" status Show the status of the service"
36
37 script_init() {
38 me='ipsec setup' # for messages
39
40 # where the private directory and the config files are
41 IPSEC_EXECDIR="${IPSEC_EXECDIR-/usr/libexec/ipsec}"
42 IPSEC_LIBDIR="${IPSEC_LIBDIR-/usr/lib/ipsec}"
43 IPSEC_SBINDIR="${IPSEC_SBINDIR-/usr/sbin}"
44 IPSEC_CONFS="${IPSEC_CONFS-/etc}"
45
46 if test " $IPSEC_DIR" = " " # if we were not called by the ipsec command
47 then
48 # we must establish a suitable PATH ourselves
49 PATH="${IPSEC_SBINDIR}":/sbin:/usr/sbin:/usr/local/bin:/bin:/usr/bin
50 export PATH
51
52 IPSEC_DIR="$IPSEC_LIBDIR"
53 export IPSEC_DIR IPSEC_CONFS IPSEC_LIBDIR IPSEC_EXECDIR
54 fi
55
56 # Check that the ipsec command is available.
57 found=
58 for dir in `echo $PATH | tr ':' ' '`
59 do
60 if test -f $dir/ipsec -a -x $dir/ipsec
61 then
62 found=yes
63 break # NOTE BREAK OUT
64 fi
65 done
66 if ! test "$found"
67 then
68 echo "cannot find ipsec command -- \`$1' aborted" |
69 logger -s -p daemon.error -t ipsec_setup
70 exit 1
71 fi
72
73 # accept a few flags
74
75 export IPSEC_setupflags
76 IPSEC_setupflags=""
77
78 config=""
79
80 for dummy
81 do
82 case "$1" in
83 --showonly|--show) IPSEC_setupflags="$1" ;;
84 --config) config="--config $2" ; shift ;;
85 *) break ;;
86 esac
87 shift
88 done
89
90
91 # Pick up IPsec configuration (until we have done this, successfully, we
92 # do not know where errors should go, hence the explicit "daemon.error"s.)
93 # Note the "--export", which exports the variables created.
94 variables=`ipsec addconn $config --varprefix IPSEC --configsetup`
95 if [ $? != 0 ]
96 then
97 echo "Failed to parse config setup portion of ipsec.conf"
98 exit $?
99 fi
100 eval $variables
101
102 if test " $IPSEC_confreadstatus" != " "
103 then
104 case $1 in
105 stop|--stop|_autostop)
106 echo "$IPSEC_confreadstatus -- \`$1' may not work" |
107 logger -s -p daemon.error -t ipsec_setup;;
108
109 *) echo "$IPSEC_confreadstatus -- \`$1' aborted" |
110 logger -s -p daemon.error -t ipsec_setup;
111 exit 1;;
112 esac
113 fi
114
115 IPSEC_confreadsection=${IPSEC_confreadsection:-setup}
116 export IPSEC_confreadsection
117
118 IPSECsyslog=${IPSECsyslog-daemon.error}
119 export IPSECsyslog
120
121 # misc setup
122 umask 022
123
124 mkdir -p /var/run/pluto
125 }
126
127 script_command() {
128 # do it
129 case "$1" in
130 start|--start|stop|--stop|_autostop|_autostart)
131 # remove for: @cygwin_START@
132 # portable way for checking for root
133 if [ ! -w / ]
134 then
135
136 echo "permission denied (must be superuser)" |
137 logger -s -p $IPSECsyslog -t ipsec_setup 2>&1
138 exit 1
139 fi
140 # remove for: @cygwin_END@
141 tmp=/var/run/pluto/ipsec_setup.st
142 outtmp=/var/run/pluto/ipsec_setup.out
143 (
144 ipsec _realsetup $1
145 echo "$?" >$tmp
146 ) > ${outtmp} 2>&1
147 st=$?
148 if test -f $tmp
149 then
150 st=`cat $tmp`
151 rm -f $tmp
152 fi
153 if [ -f ${outtmp} ]; then
154 cat ${outtmp} | logger -s -p $IPSECsyslog -t ipsec_setup 2>&1
155 rm -f ${outtmp}
156 fi
157 ;;
158
159 restart|--restart|force-reload)
160 $0 $IPSEC_setupflags stop
161 $0 $IPSEC_setupflags start
162 ;;
163
164 _autorestart) # for internal use only
165 $0 $IPSEC_setupflags _autostop
166 $0 $IPSEC_setupflags _autostart
167 ;;
168
169 status|--status)
170 ipsec _realsetup $1
171 exit
172 ;;
173
174 --version)
175 echo "$me $IPSEC_VERSION"
176 exit 0
177 ;;
178
179 --help)
180 echo "Usage: $me [ --showonly ] {--start|--stop|--restart}"
181 echo " $me --status"
182 exit 0
183 ;;
184
185 *)
186 echo "Usage: $me [ --showonly ] {--start|--stop|--restart}"
187 echo " $me --status"
188 exit 2
189 esac
190 }
191 start() {
192 script_init start "$@"
193 script_command start "$@"
194 }
195
196 stop() {
197 script_init stop "$@"
198 script_command stop "$@"
199 }
200
201 restart() {
202 script_init stop "$@"
203 script_command stop "$@"
204 script_command start "$@"
205 }
206
207 status() {
208 script_init status "$@"
209 ipsec _realsetup status
210 }
211
OpenWrt SVN history