diff options
author | Felix Fietkau <nbd@openwrt.org> | 2006-10-15 21:03:30 +0000 |
---|---|---|
committer | Felix Fietkau <nbd@openwrt.org> | 2006-10-15 21:03:30 +0000 |
commit | c731d42b1adbc6fc0d72bf3f551ae96962d1d26a (patch) | |
tree | 30a7c428135c35e4bfa2117bfe86448ff7239c92 /package/openswan/files | |
parent | cb21a64972f9467c77af343d0e031d1c39857940 (diff) | |
download | upstream-c731d42b1adbc6fc0d72bf3f551ae96962d1d26a.tar.gz upstream-c731d42b1adbc6fc0d72bf3f551ae96962d1d26a.tar.bz2 upstream-c731d42b1adbc6fc0d72bf3f551ae96962d1d26a.zip |
init script cleanup, use /etc/rc.d/ for enabled scripts, /etc/init.d/<pkgname> (enable|disable) manages symlinks
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@5128 3c298f89-4303-0410-b956-a3cf2f4a3e73
Diffstat (limited to 'package/openswan/files')
-rwxr-xr-x | package/openswan/files/ipsec.init | 158 |
1 files changed, 158 insertions, 0 deletions
diff --git a/package/openswan/files/ipsec.init b/package/openswan/files/ipsec.init new file mode 100755 index 0000000000..33c416351d --- /dev/null +++ b/package/openswan/files/ipsec.init @@ -0,0 +1,158 @@ +#!/bin/sh /etc/rc.common +# IPsec startup and shutdown script +# Copyright (C) 1998, 1999, 2001 Henry Spencer. +# Copyright (C) 2002 Michael Richardson <mcr@freeswan.org> +# Copyright (C) 2006 OpenWrt.org +# +# This program is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 2 of the License, or (at your +# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY +# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License +# for more details. +# +# RCSID $Id: setup.in,v 1.122.6.1 2005/07/25 19:17:03 ken Exp $ +# +# ipsec init.d script for starting and stopping +# the IPsec security subsystem (KLIPS and Pluto). +# +# This script becomes /etc/rc.d/init.d/ipsec (or possibly /etc/init.d/ipsec) +# and is also accessible as "ipsec setup" (the preferred route for human +# invocation). +# +# The startup and shutdown times are a difficult compromise (in particular, +# it is almost impossible to reconcile them with the insanely early/late +# times of NFS filesystem startup/shutdown). Startup is after startup of +# syslog and pcmcia support; shutdown is just before shutdown of syslog. +# +# chkconfig: 2345 47 76 +# description: IPsec provides encrypted and authenticated communications; \ +# KLIPS is the kernel half of it, Pluto is the user-level management daemon. + +START=60 +script_init() { + me='ipsec setup' # for messages + + # where the private directory and the config files are + IPSEC_EXECDIR="${IPSEC_EXECDIR-/usr/libexec/ipsec}" + IPSEC_LIBDIR="${IPSEC_LIBDIR-/usr/lib/ipsec}" + IPSEC_SBINDIR="${IPSEC_SBINDIR-/usr/sbin}" + IPSEC_CONFS="${IPSEC_CONFS-/etc}" + + if test " $IPSEC_DIR" = " " # if we were not called by the ipsec command + then + # we must establish a suitable PATH ourselves + PATH="${IPSEC_SBINDIR}":/sbin:/usr/sbin:/usr/local/bin:/bin:/usr/bin + export PATH + + IPSEC_DIR="$IPSEC_LIBDIR" + export IPSEC_DIR IPSEC_CONFS IPSEC_LIBDIR IPSEC_EXECDIR + fi + + # Check that the ipsec command is available. + found= + for dir in `echo $PATH | tr ':' ' '` + do + if test -f $dir/ipsec -a -x $dir/ipsec + then + found=yes + break # NOTE BREAK OUT + fi + done + if ! test "$found" + then + echo "cannot find ipsec command -- \`$1' aborted" | + logger -s -p daemon.error -t ipsec_setup + exit 1 + fi + + # Pick up IPsec configuration (until we have done this, successfully, we + # do not know where errors should go, hence the explicit "daemon.error"s.) + # Note the "--export", which exports the variables created. + eval `ipsec _confread $config --optional --varprefix IPSEC --export --type config setup` + + if test " $IPSEC_confreadstatus" != " " + then + case $1 in + stop|--stop|_autostop) + echo "$IPSEC_confreadstatus -- \`$1' may not work" | + logger -s -p daemon.error -t ipsec_setup;; + + *) echo "$IPSEC_confreadstatus -- \`$1' aborted" | + logger -s -p daemon.error -t ipsec_setup; + exit 1;; + esac + fi + + IPSEC_confreadsection=${IPSEC_confreadsection:-setup} + export IPSEC_confreadsection + + IPSECsyslog=${IPSECsyslog-daemon.error} + export IPSECsyslog + + # misc setup + umask 022 + + mkdir -p /var/run/pluto +} + +script_command() { + if [ "${USER}" != "root" ] + then + echo "permission denied (must be superuser)" | + logger -s -p $IPSECsyslog -t ipsec_setup 2>&1 + exit 1 + fi + # make sure all required directories exist + if [ ! -d /var/run/pluto ] + then + mkdir -p /var/run/pluto + fi + if [ ! -d /var/lock/subsys ] + then + mkdir -p /var/lock/subsys + fi + tmp=/var/run/pluto/ipsec_setup.st + outtmp=/var/run/pluto/ipsec_setup.out + ( + ipsec _realsetup $1 + echo "$?" >$tmp + ) > ${outtmp} 2>&1 + st=$? + if test -f $tmp + then + st=`cat $tmp` + rm -f $tmp + fi + if [ -f ${outtmp} ]; then + cat ${outtmp} | logger -s -p $IPSECsyslog -t ipsec_setup 2>&1 + rm -f ${outtmp} + fi +} + + +start() { + script_init start "$@" + script_command start "$@" +} + +stop() { + script_init stop "$@" + script_command stop "$@" +} + +restart() { + script_init stop "$@" + script_command stop "$@" + script_command start "$@" +} + +status() { + script_init status "$@" + ipsec _realsetup status +} +EXTRA_COMMANDS=status +EXTRA_HELP=" status Show the status of the service" |