279 lines
8.5 KiB
Bash
279 lines
8.5 KiB
Bash
#!/bin/bash
|
|
#
|
|
# SUSE/LSB system startup script for strongswan ipsec
|
|
#
|
|
# Copyright (C) 2007 Marius Tomaschewski, SUSE / Novell Inc.
|
|
# based on /etc/init.d/skeleton.compat by Kurt Garloff.
|
|
#
|
|
# This library is free software; you can redistribute it and/or modify it
|
|
# under the terms of the GNU Lesser General Public License as published by
|
|
# the Free Software Foundation; either version 2.1 of the License, or (at
|
|
# your option) any later version.
|
|
#
|
|
# This library is distributed in the hope that it will be useful, but
|
|
# WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
# Lesser General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU Lesser General Public
|
|
# License along with this library; if not, write to the Free Software
|
|
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
|
|
# USA.
|
|
#
|
|
# /etc/init.d/ipsec
|
|
# and its symbolic link
|
|
# /usr/sbin/rcipsec
|
|
#
|
|
# LSB compatible service control script; see http://www.linuxbase.org/spec/
|
|
# Please send feedback to http://www.suse.de/feedback/
|
|
#
|
|
# Note: This script uses functions rc_XXX defined in /etc/rc.status on
|
|
# UnitedLinux/SUSE/Novell based Linux distributions. However, it shoule
|
|
# work on other distributions as well, by using the LSB (Linux Standard
|
|
# Base) or RH functions or by open coding the needed functions.
|
|
#
|
|
# chkconfig: 345 99 00
|
|
# description: StrongSwan IPsec
|
|
#
|
|
### BEGIN INIT INFO
|
|
# Provides: ipsec
|
|
# Required-Start: $syslog $remote_fs $named
|
|
# Should-Start: $time
|
|
# Required-Stop: $syslog $remote_fs $named
|
|
# Should-Stop: $time
|
|
# Default-Start: 3 5
|
|
# Default-Stop: 0 1 2 6
|
|
# Short-Description: StrongSwan IPsec
|
|
# Description: StrongSwan IPsec provides encrypted and authenticated
|
|
# communication via a unsafe network, such as the internet.
|
|
# This scripts loads the kernel modules and starts the user-space setup.
|
|
### END INIT INFO
|
|
|
|
|
|
# Check for missing binaries (stale symlinks should not happen)
|
|
# Note: Special treatment of stop for LSB conformance
|
|
IPSEC_CMD="/usr/sbin/ipsec"
|
|
test -x $IPSEC_CMD || {
|
|
echo "$IPSEC_CMD not installed";
|
|
if [ "$1" = "stop" ]; then exit 0; else exit 5; fi;
|
|
}
|
|
IPSEC_STARTER="@libexecdir@/ipsec/starter"
|
|
test -x $IPSEC_STARTER || {
|
|
echo "$IPSEC_STARTER not installed";
|
|
if [ "$1" = "stop" ]; then exit 0; else exit 5; fi;
|
|
}
|
|
|
|
# The pid file of the ipsec starter
|
|
IPSEC_PIDFILE="/var/run/starter.pid"
|
|
|
|
# Check for existence of needed config files
|
|
IPSEC_CONFIG="/etc/ipsec.conf"
|
|
test -r $IPSEC_CONFIG || {
|
|
echo "$IPSEC_CONFIG not existing";
|
|
if [ "$1" = "stop" ]; then exit 0; else exit 6; fi;
|
|
}
|
|
IPSEC_SECRET="/etc/ipsec.secrets"
|
|
test -r $IPSEC_SECRET || {
|
|
echo "$IPSEC_SECRET not existing";
|
|
if [ "$1" = "stop" ]; then exit 0; else exit 6; fi;
|
|
}
|
|
|
|
# Source LSB init functions
|
|
# providing start_daemon, killproc, pidofproc,
|
|
# log_success_msg, log_failure_msg and log_warning_msg.
|
|
# This is currently not used by UnitedLinux based distributions and
|
|
# not needed for init scripts for UnitedLinux only. If it is used,
|
|
# the functions from rc.status should not be sourced or used.
|
|
#. /lib/lsb/init-functions
|
|
|
|
# Shell functions sourced from /etc/rc.status:
|
|
# rc_check check and set local and overall rc status
|
|
# rc_status check and set local and overall rc status
|
|
# rc_status -v be verbose in local rc status and clear it afterwards
|
|
# rc_status -v -r ditto and clear both the local and overall rc status
|
|
# rc_status -s display "skipped" and exit with status 3
|
|
# rc_status -u display "unused" and exit with status 3
|
|
# rc_failed set local and overall rc status to failed
|
|
# rc_failed <num> set local and overall rc status to <num>
|
|
# rc_reset clear both the local and overall rc status
|
|
# rc_exit exit appropriate to overall rc status
|
|
# rc_active checks whether a service is activated by symlinks
|
|
|
|
# Use the SUSE rc_ init script functions;
|
|
# emulate them on LSB, RH and other systems
|
|
|
|
# Default: Assume sysvinit binaries exist
|
|
start_daemon() { /sbin/start_daemon ${1+"$@"}; }
|
|
killproc() { /sbin/killproc ${1+"$@"}; }
|
|
pidofproc() { /sbin/pidofproc ${1+"$@"}; }
|
|
checkproc() { /sbin/checkproc ${1+"$@"}; }
|
|
if test -e /etc/rc.status; then
|
|
# SUSE rc script library
|
|
. /etc/rc.status
|
|
else
|
|
export LC_ALL=POSIX
|
|
_cmd=$1
|
|
declare -a _SMSG
|
|
if test "${_cmd}" = "status"; then
|
|
_SMSG=(running dead dead unused unknown reserved)
|
|
_RC_UNUSED=3
|
|
else
|
|
_SMSG=(done failed failed missed failed skipped unused failed failed reserved)
|
|
_RC_UNUSED=6
|
|
fi
|
|
if test -e /lib/lsb/init-functions; then
|
|
# LSB
|
|
. /lib/lsb/init-functions
|
|
echo_rc()
|
|
{
|
|
if test ${_RC_RV} = 0; then
|
|
log_success_msg " [${_SMSG[${_RC_RV}]}] "
|
|
else
|
|
log_failure_msg " [${_SMSG[${_RC_RV}]}] "
|
|
fi
|
|
}
|
|
# TODO: Add checking for lockfiles
|
|
checkproc() { pidofproc ${1+"$@"} >/dev/null 2>&1; }
|
|
elif test -e /etc/init.d/functions; then
|
|
# RHAT
|
|
. /etc/init.d/functions
|
|
echo_rc()
|
|
{
|
|
#echo -n " [${_SMSG[${_RC_RV}]}] "
|
|
if test ${_RC_RV} = 0; then
|
|
success " [${_SMSG[${_RC_RV}]}] "
|
|
else
|
|
failure " [${_SMSG[${_RC_RV}]}] "
|
|
fi
|
|
}
|
|
checkproc() { status ${1+"$@"}; }
|
|
start_daemon() { daemon ${1+"$@"}; }
|
|
else
|
|
# emulate it
|
|
echo_rc() { echo " [${_SMSG[${_RC_RV}]}] "; }
|
|
fi
|
|
rc_reset() { _RC_RV=0; }
|
|
rc_failed()
|
|
{
|
|
if test -z "$1"; then
|
|
_RC_RV=1;
|
|
elif test "$1" != "0"; then
|
|
_RC_RV=$1;
|
|
fi
|
|
return ${_RC_RV}
|
|
}
|
|
rc_check()
|
|
{
|
|
rc_failed $?
|
|
}
|
|
rc_status()
|
|
{
|
|
rc_failed $?
|
|
if test "$1" = "-r"; then _RC_RV=0; shift; fi
|
|
if test "$1" = "-s"; then rc_failed 5; echo_rc; rc_failed 3; shift; fi
|
|
if test "$1" = "-u"; then rc_failed ${_RC_UNUSED}; echo_rc; rc_failed 3; shift; fi
|
|
if test "$1" = "-v"; then echo_rc; shift; fi
|
|
if test "$1" = "-r"; then _RC_RV=0; shift; fi
|
|
return ${_RC_RV}
|
|
}
|
|
rc_exit() { exit ${_RC_RV}; }
|
|
rc_active()
|
|
{
|
|
local x
|
|
for x in /etc/rc.d/rc[0-9].d/S[0-9][0-9]${1} ; do
|
|
test -e $x && return 0 || break
|
|
done
|
|
return 1
|
|
}
|
|
fi
|
|
|
|
# Reset status of this service
|
|
rc_reset
|
|
|
|
# Return values acc. to LSB for all commands but status:
|
|
# 0 - success
|
|
# 1 - generic or unspecified error
|
|
# 2 - invalid or excess argument(s)
|
|
# 3 - unimplemented feature (e.g. "reload")
|
|
# 4 - user had insufficient privileges
|
|
# 5 - program is not installed
|
|
# 6 - program is not configured
|
|
# 7 - program is not running
|
|
# 8--199 - reserved (8--99 LSB, 100--149 distrib, 150--199 appl)
|
|
#
|
|
# Note that starting an already running service, stopping
|
|
# or restarting a not-running service as well as the restart
|
|
# with force-reload (in case signaling is not supported) are
|
|
# considered a success.
|
|
|
|
case "$1" in
|
|
start)
|
|
$IPSEC_CMD start 2>&1
|
|
rc_status -v1
|
|
;;
|
|
stop)
|
|
$IPSEC_CMD stop 2>&1
|
|
rc_status -v1
|
|
;;
|
|
try-restart|condrestart)
|
|
## Do a restart only if the service was active before.
|
|
## Note: try-restart is now part of LSB (as of 1.9).
|
|
## RH has a similar command named condrestart.
|
|
if test "$1" = "condrestart"; then
|
|
echo "${attn} Use try-restart ${done}(LSB)${attn} rather than condrestart ${warn}(RH)${norm}"
|
|
fi
|
|
$0 status
|
|
if test $? = 0; then
|
|
$0 restart
|
|
else
|
|
rc_reset # Not running is not a failure.
|
|
fi
|
|
# Remember status and be quiet
|
|
rc_status
|
|
;;
|
|
restart)
|
|
## Stop the service and regardless of whether it was
|
|
## running or not, start it again.
|
|
$0 stop
|
|
sleep 2
|
|
$0 start
|
|
|
|
# Remember status and be quiet
|
|
rc_status
|
|
;;
|
|
reload|force-reload)
|
|
$IPSEC_CMD reload
|
|
rc_status -v1
|
|
;;
|
|
status)
|
|
# Return value is slightly different for the status command:
|
|
# 0 - service up and running
|
|
# 1 - service dead, but /var/run/ pid file exists
|
|
# 2 - service dead, but /var/lock/ lock file exists
|
|
# 3 - service not running (unused)
|
|
# 4 - service status unknown :-(
|
|
# 5--199 reserved (5--99 LSB, 100--149 distro, 150--199 appl.)
|
|
|
|
echo -n "Checking for service strongSwan IPsec "
|
|
#checkproc $IPSEC_STARTER
|
|
$IPSEC_CMD status 2>&1 >/dev/null
|
|
|
|
# NOTE: rc_status knows that we called this init script with
|
|
# "status" option and adapts its messages accordingly.
|
|
rc_status -v
|
|
;;
|
|
probe)
|
|
## Optional: Probe for the necessity of a reload, print out the
|
|
## argument to this init script which is required for a reload.
|
|
## Note: probe is not (yet) part of LSB (as of 1.9)
|
|
|
|
test $IPSEC_CONFIG -nt $IPSEC_PIDFILE || \
|
|
test $IPSEC_SECRET -nt $IPSEC_PIDFILE && echo reload
|
|
;;
|
|
*)
|
|
echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload|probe}"
|
|
exit 1
|
|
;;
|
|
esac
|
|
rc_exit
|