#!/bin/sh /etc/rc.common
# IPsec startup and shutdown script
# Copyright (C) 1998, 1999, 2001 Henry Spencer.
-# Copyright (C) 2002 Michael Richardson <mcr@freeswan.org>
-# Copyright (C) 2006 OpenWrt.org
+# Copyright (C) 2002 Michael Richardson <mcr@freeswan.org>
#
# This program is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by the
# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
# for more details.
#
-# RCSID $Id: setup.in,v 1.122.6.1 2005/07/25 19:17:03 ken Exp $
#
-# ipsec init.d script for starting and stopping
-# the IPsec security subsystem (KLIPS and Pluto).
+# ipsec init.d script for starting and stopping
+# the IPsec security subsystem (KLIPS and Pluto).
#
# This script becomes /etc/rc.d/init.d/ipsec (or possibly /etc/init.d/ipsec)
# and is also accessible as "ipsec setup" (the preferred route for human
# KLIPS is the kernel half of it, Pluto is the user-level management daemon.
START=60
+EXTRA_COMMANDS=status
+EXTRA_HELP=" status Show the status of the service"
+
script_init() {
me='ipsec setup' # for messages
if test " $IPSEC_DIR" = " " # if we were not called by the ipsec command
then
- # we must establish a suitable PATH ourselves
- PATH="${IPSEC_SBINDIR}":/sbin:/usr/sbin:/usr/local/bin:/bin:/usr/bin
- export PATH
+ # we must establish a suitable PATH ourselves
+ PATH="${IPSEC_SBINDIR}":/sbin:/usr/sbin:/usr/local/bin:/bin:/usr/bin
+ export PATH
- IPSEC_DIR="$IPSEC_LIBDIR"
- export IPSEC_DIR IPSEC_CONFS IPSEC_LIBDIR IPSEC_EXECDIR
+ IPSEC_DIR="$IPSEC_LIBDIR"
+ export IPSEC_DIR IPSEC_CONFS IPSEC_LIBDIR IPSEC_EXECDIR
fi
# Check that the ipsec command is available.
exit 1
fi
+ # accept a few flags
+
+ export IPSEC_setupflags
+ IPSEC_setupflags=""
+
+ config=""
+
+ for dummy
+ do
+ case "$1" in
+ --showonly|--show) IPSEC_setupflags="$1" ;;
+ --config) config="--config $2" ; shift ;;
+ *) break ;;
+ esac
+ shift
+ done
+
+
# Pick up IPsec configuration (until we have done this, successfully, we
# do not know where errors should go, hence the explicit "daemon.error"s.)
# Note the "--export", which exports the variables created.
- eval `ipsec _confread $config --optional --varprefix IPSEC --export --type config setup`
+ variables=`ipsec addconn $config --varprefix IPSEC --configsetup`
+ if [ $? != 0 ]
+ then
+ echo "Failed to parse config setup portion of ipsec.conf"
+ exit $?
+ fi
+ eval $variables
if test " $IPSEC_confreadstatus" != " "
then
- case $1 in
- stop|--stop|_autostop)
+ case $1 in
+ stop|--stop|_autostop)
echo "$IPSEC_confreadstatus -- \`$1' may not work" |
logger -s -p daemon.error -t ipsec_setup;;
-
- *) echo "$IPSEC_confreadstatus -- \`$1' aborted" |
- logger -s -p daemon.error -t ipsec_setup;
+
+ *) echo "$IPSEC_confreadstatus -- \`$1' aborted" |
+ logger -s -p daemon.error -t ipsec_setup;
exit 1;;
- esac
+ esac
fi
IPSEC_confreadsection=${IPSEC_confreadsection:-setup}
}
script_command() {
- if [ "${USER}" != "root" ]
- then
- echo "permission denied (must be superuser)" |
- logger -s -p $IPSECsyslog -t ipsec_setup 2>&1
- exit 1
- fi
- # make sure all required directories exist
- if [ ! -d /var/run/pluto ]
- then
- mkdir -p /var/run/pluto
- fi
- if [ ! -d /var/lock/subsys ]
- then
- mkdir -p /var/lock/subsys
- fi
- tmp=/var/run/pluto/ipsec_setup.st
- outtmp=/var/run/pluto/ipsec_setup.out
- (
- ipsec _realsetup $1
- echo "$?" >$tmp
- ) > ${outtmp} 2>&1
- st=$?
- if test -f $tmp
- then
- st=`cat $tmp`
- rm -f $tmp
- fi
- if [ -f ${outtmp} ]; then
- cat ${outtmp} | logger -s -p $IPSECsyslog -t ipsec_setup 2>&1
- rm -f ${outtmp}
- fi
-}
+ # do it
+ case "$1" in
+ start|--start|stop|--stop|_autostop|_autostart)
+ # remove for: @cygwin_START@
+ # portable way for checking for root
+ if [ ! -w / ]
+ then
+ echo "permission denied (must be superuser)" |
+ logger -s -p $IPSECsyslog -t ipsec_setup 2>&1
+ exit 1
+ fi
+ # remove for: @cygwin_END@
+ tmp=/var/run/pluto/ipsec_setup.st
+ outtmp=/var/run/pluto/ipsec_setup.out
+ (
+ ipsec _realsetup $1
+ echo "$?" >$tmp
+ ) > ${outtmp} 2>&1
+ st=$?
+ if test -f $tmp
+ then
+ st=`cat $tmp`
+ rm -f $tmp
+ fi
+ if [ -f ${outtmp} ]; then
+ cat ${outtmp} | logger -s -p $IPSECsyslog -t ipsec_setup 2>&1
+ rm -f ${outtmp}
+ fi
+ ;;
+
+ restart|--restart|force-reload)
+ $0 $IPSEC_setupflags stop
+ $0 $IPSEC_setupflags start
+ ;;
+
+ _autorestart) # for internal use only
+ $0 $IPSEC_setupflags _autostop
+ $0 $IPSEC_setupflags _autostart
+ ;;
+ status|--status)
+ ipsec _realsetup $1
+ exit
+ ;;
+
+ --version)
+ echo "$me $IPSEC_VERSION"
+ exit 0
+ ;;
+
+ --help)
+ echo "Usage: $me [ --showonly ] {--start|--stop|--restart}"
+ echo " $me --status"
+ exit 0
+ ;;
+
+ *)
+ echo "Usage: $me [ --showonly ] {--start|--stop|--restart}"
+ echo " $me --status"
+ exit 2
+ esac
+}
start() {
script_init start "$@"
script_command start "$@"
script_init status "$@"
ipsec _realsetup status
}
-EXTRA_COMMANDS=status
-EXTRA_HELP=" status Show the status of the service"
+
+++ /dev/null
-Index: openswan-2.4.8/programs/ranbits/ranbits.c
-===================================================================
---- openswan-2.4.8.orig/programs/ranbits/ranbits.c 2007-06-04 13:22:49.835279168 +0200
-+++ openswan-2.4.8/programs/ranbits/ranbits.c 2007-06-04 13:22:51.648003592 +0200
-@@ -29,7 +29,7 @@
- #include <openswan.h>
-
- #ifndef DEVICE
--#define DEVICE "/dev/random"
-+#define DEVICE "/dev/urandom"
- #endif
- #ifndef QDEVICE
- #define QDEVICE "/dev/urandom"
-Index: openswan-2.4.8/programs/rsasigkey/rsasigkey.c
-===================================================================
---- openswan-2.4.8.orig/programs/rsasigkey/rsasigkey.c 2007-06-04 13:22:49.842278104 +0200
-+++ openswan-2.4.8/programs/rsasigkey/rsasigkey.c 2007-06-04 13:22:51.649003440 +0200
-@@ -31,7 +31,7 @@
- #include <gmp.h>
-
- #ifndef DEVICE
--#define DEVICE "/dev/random"
-+#define DEVICE "/dev/urandom"
- #endif
- #ifndef MAXBITS
- #define MAXBITS 20000
-Index: openswan-2.4.8/programs/starter/files.h
-===================================================================
---- openswan-2.4.8.orig/programs/starter/files.h 2007-06-04 13:22:49.850276888 +0200
-+++ openswan-2.4.8/programs/starter/files.h 2007-06-04 13:22:51.649003440 +0200
-@@ -36,7 +36,7 @@
-
- #define MY_PID_FILE "/var/run/pluto/ipsec-starter.pid"
-
--#define DEV_RANDOM "/dev/random"
-+#define DEV_RANDOM "/dev/urandom"
- #define DEV_URANDOM "/dev/urandom"
-
- #define PROC_IPSECVERSION "/proc/net/ipsec_version"
projects / openwrt / svn-archive / packages.git / commitdiff