#!/bin/bash # # SUSE/LSB system startup script for strongswan ipsec # # Copyright (C) 2007 Marius Tomaschewski, SUSE / Novell Inc. # based on /etc/init.d/skeleton.compat by Kurt Garloff. # # This library is free software; you can redistribute it and/or modify it # under the terms of the GNU Lesser General Public License as published by # the Free Software Foundation; either version 2.1 of the License, or (at # your option) any later version. # # This library is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public # License along with this library; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307, # USA. # # /etc/init.d/ipsec # and its symbolic link # /usr/sbin/rcipsec # # LSB compatible service control script; see http://www.linuxbase.org/spec/ # Please send feedback to http://www.suse.de/feedback/ # # Note: This script uses functions rc_XXX defined in /etc/rc.status on # UnitedLinux/SUSE/Novell based Linux distributions. However, it shoule # work on other distributions as well, by using the LSB (Linux Standard # Base) or RH functions or by open coding the needed functions. # # chkconfig: 345 99 00 # description: StrongSwan IPsec # ### BEGIN INIT INFO # Provides: ipsec # Required-Start: $syslog $remote_fs $named # Should-Start: $time # Required-Stop: $syslog $remote_fs $named # Should-Stop: $time # Default-Start: 3 4 5 # Default-Stop: 0 1 2 6 # Short-Description: StrongSwan IPsec # Description: StrongSwan IPsec provides encrypted and authenticated # communication via a unsafe network, such as the internet. # This scripts loads the kernel modules and starts the user-space setup. ### END INIT INFO # Check for missing binaries (stale symlinks should not happen) # Note: Special treatment of stop for LSB conformance IPSEC_CMD="/usr/sbin/ipsec" test -x $IPSEC_CMD || { echo "$IPSEC_CMD not installed"; if [ "$1" = "stop" ]; then exit 0; else exit 5; fi; } IPSEC_STARTER="@libexecdir@/ipsec/starter" test -x $IPSEC_STARTER || { echo "$IPSEC_STARTER not installed"; if [ "$1" = "stop" ]; then exit 0; else exit 5; fi; } # The pid file of the ipsec starter IPSEC_PIDFILE="/var/run/starter.pid" # Check for existence of needed config files IPSEC_CONFIG="/etc/ipsec.conf" test -r $IPSEC_CONFIG || { echo "$IPSEC_CONFIG not existing"; if [ "$1" = "stop" ]; then exit 0; else exit 6; fi; } IPSEC_SECRET="/etc/ipsec.secrets" test -r $IPSEC_SECRET || { echo "$IPSEC_SECRET not existing"; if [ "$1" = "stop" ]; then exit 0; else exit 6; fi; } # Source LSB init functions # providing start_daemon, killproc, pidofproc, # log_success_msg, log_failure_msg and log_warning_msg. # This is currently not used by UnitedLinux based distributions and # not needed for init scripts for UnitedLinux only. If it is used, # the functions from rc.status should not be sourced or used. #. /lib/lsb/init-functions # Shell functions sourced from /etc/rc.status: # rc_check check and set local and overall rc status # rc_status check and set local and overall rc status # rc_status -v be verbose in local rc status and clear it afterwards # rc_status -v -r ditto and clear both the local and overall rc status # rc_status -s display "skipped" and exit with status 3 # rc_status -u display "unused" and exit with status 3 # rc_failed set local and overall rc status to failed # rc_failed set local and overall rc status to # rc_reset clear both the local and overall rc status # rc_exit exit appropriate to overall rc status # rc_active checks whether a service is activated by symlinks # Use the SUSE rc_ init script functions; # emulate them on LSB, RH and other systems # Default: Assume sysvinit binaries exist start_daemon() { /sbin/start_daemon ${1+"$@"}; } killproc() { /sbin/killproc ${1+"$@"}; } pidofproc() { /sbin/pidofproc ${1+"$@"}; } checkproc() { /sbin/checkproc ${1+"$@"}; } if test -e /etc/rc.status; then # SUSE rc script library . /etc/rc.status else export LC_ALL=POSIX _cmd=$1 declare -a _SMSG if test "${_cmd}" = "status"; then _SMSG=(running dead dead unused unknown reserved) _RC_UNUSED=3 else _SMSG=(done failed failed missed failed skipped unused failed failed reserved) _RC_UNUSED=6 fi if test -e /lib/lsb/init-functions; then # LSB . /lib/lsb/init-functions echo_rc() { if test ${_RC_RV} = 0; then log_success_msg " [${_SMSG[${_RC_RV}]}] " else log_failure_msg " [${_SMSG[${_RC_RV}]}] " fi } # TODO: Add checking for lockfiles checkproc() { pidofproc ${1+"$@"} >/dev/null 2>&1; } elif test -e /etc/init.d/functions; then # RHAT . /etc/init.d/functions echo_rc() { #echo -n " [${_SMSG[${_RC_RV}]}] " if test ${_RC_RV} = 0; then success " [${_SMSG[${_RC_RV}]}] " else failure " [${_SMSG[${_RC_RV}]}] " fi } checkproc() { status ${1+"$@"}; } start_daemon() { daemon ${1+"$@"}; } else # emulate it echo_rc() { echo " [${_SMSG[${_RC_RV}]}] "; } fi rc_reset() { _RC_RV=0; } rc_failed() { if test -z "$1"; then _RC_RV=1; elif test "$1" != "0"; then _RC_RV=$1; fi return ${_RC_RV} } rc_check() { rc_failed $? } rc_status() { rc_failed $? if test "$1" = "-r"; then _RC_RV=0; shift; fi if test "$1" = "-s"; then rc_failed 5; echo_rc; rc_failed 3; shift; fi if test "$1" = "-u"; then rc_failed ${_RC_UNUSED}; echo_rc; rc_failed 3; shift; fi if test "$1" = "-v"; then echo_rc; shift; fi if test "$1" = "-r"; then _RC_RV=0; shift; fi return ${_RC_RV} } rc_exit() { exit ${_RC_RV}; } rc_active() { local x for x in /etc/rc.d/rc[0-9].d/S[0-9][0-9]${1} ; do test -e $x && return 0 || break done return 1 } fi # Reset status of this service rc_reset # Return values acc. to LSB for all commands but status: # 0 - success # 1 - generic or unspecified error # 2 - invalid or excess argument(s) # 3 - unimplemented feature (e.g. "reload") # 4 - user had insufficient privileges # 5 - program is not installed # 6 - program is not configured # 7 - program is not running # 8--199 - reserved (8--99 LSB, 100--149 distrib, 150--199 appl) # # Note that starting an already running service, stopping # or restarting a not-running service as well as the restart # with force-reload (in case signaling is not supported) are # considered a success. case "$1" in start) $IPSEC_CMD start 2>&1 | sed -e "s/ -- .*//g" rc_status -v1 ;; stop) $IPSEC_CMD stop 2>&1 rc_status -v1 ;; try-restart|condrestart) ## Do a restart only if the service was active before. ## Note: try-restart is now part of LSB (as of 1.9). ## RH has a similar command named condrestart. if test "$1" = "condrestart"; then echo "${attn} Use try-restart ${done}(LSB)${attn} rather than condrestart ${warn}(RH)${norm}" fi $0 status if test $? = 0; then $0 restart else rc_reset # Not running is not a failure. fi # Remember status and be quiet rc_status ;; restart) ## Stop the service and regardless of whether it was ## running or not, start it again. $0 stop sleep 2 $0 start # Remember status and be quiet rc_status ;; reload|force-reload) $IPSEC_CMD reload rc_status -v1 ;; status) # Return value is slightly different for the status command: # 0 - service up and running # 1 - service dead, but /var/run/ pid file exists # 2 - service dead, but /var/lock/ lock file exists # 3 - service not running (unused) # 4 - service status unknown :-( # 5--199 reserved (5--99 LSB, 100--149 distro, 150--199 appl.) echo -n "Checking for service strongSwan IPsec " #checkproc $IPSEC_STARTER $IPSEC_CMD status 2>&1 >/dev/null # NOTE: rc_status knows that we called this init script with # "status" option and adapts its messages accordingly. rc_status -v ;; probe) ## Optional: Probe for the necessity of a reload, print out the ## argument to this init script which is required for a reload. ## Note: probe is not (yet) part of LSB (as of 1.9) test $IPSEC_CONFIG -nt $IPSEC_PIDFILE || \ test $IPSEC_SECRET -nt $IPSEC_PIDFILE && echo reload ;; *) echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload|probe}" exit 1 ;; esac rc_exit