diff options
Diffstat (limited to 'programs/_plutorun/_plutorun.in')
| -rwxr-xr-x | programs/_plutorun/_plutorun.in | 281 |
1 files changed, 0 insertions, 281 deletions
diff --git a/programs/_plutorun/_plutorun.in b/programs/_plutorun/_plutorun.in deleted file mode 100755 index b02afeefb..000000000 --- a/programs/_plutorun/_plutorun.in +++ /dev/null @@ -1,281 +0,0 @@ -#!/bin/sh -# Pluto control daemon -# Copyright (C) 1998, 1999, 2001 Henry Spencer. -# -# This program is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by the -# Free Software Foundation; either version 2 of the License, or (at your -# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. -# -# This program is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY -# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -# for more details. -# -# RCSID $Id: _plutorun.in,v 1.9 2005/10/16 13:28:15 as Exp $ - -me='ipsec _plutorun' # for messages - -info=/var/run/ipsec.info - -popts= -stderrlog= -plutorestartoncrash=true - -wherelog=daemon.error -pidfile=/var/run/pluto.pid -verb="Starting" -for dummy -do - case "$1" in - --re) verb="Restarting" ;; - --plutorestartoncrash) plutorestartoncrash="$2"; shift ;; - --debug) plutodebug="$2" ; shift ;; - --uniqueids) uniqueids="$2" ; shift ;; - --nat_traversal) nat_traversal="$2" ; shift ;; - --keep_alive) keep_alive="$2" ; shift ;; - --force_keepalive) force_keepalive="$2" ; shift ;; - --disable_port_floating) disable_port_floating="$2" ; shift ;; - --virtual_private) virtual_private="$2" ; shift ;; - --nocrsend) nocrsend="$2" ; shift ;; - --strictcrlpolicy) strictcrlpolicy="$2" ; shift ;; - --crlcheckinterval) crlcheckinterval="$2"; shift ;; - --cachecrls) cachecrls="$2" ; shift ;; - --pkcs11module) pkcs11module="$2"; shift ;; - --pkcs11keepstate) pkcs11keepstate="$2"; shift ;; - --pkcs11proxy) pkcs11proxy="$2"; shift ;; - --dump) dumpdir="$2" ; shift ;; - --opts) popts="$2" ; shift ;; - --stderrlog) stderrlog="$2" ; shift ;; - --wait) plutowait="$2" ; shift ;; - --pre) prepluto="$2" ; shift ;; - --post) postpluto="$2" ; shift ;; - --log) wherelog="$2" ; shift ;; - --pid) pidfile="$2" ; shift ;; - --) shift ; break ;; - -*) echo "$me: unknown option \`$1'" >&2 ; exit 2 ;; - *) break ;; - esac - shift -done - -# initially we are in the foreground, with parent looking after logging - -# precautions -if test -f $pidfile -then - echo "pluto appears to be running already (\`$pidfile' exists), will not start another" - exit 1 -fi -if test ! -e /dev/urandom -then - echo "cannot start Pluto, system lacks \`/dev/urandom'!?!" - exit 1 -fi - -# sort out options -for d in $plutodebug -do - popts="$popts --debug-$d" -done -case "$uniqueids" in -yes) popts="$popts --uniqueids" ;; -no|'') ;; -*) echo "unknown uniqueids value (not yes/no) \`$IPSECuniqueids'" ;; -esac -case "$nocrsend" in -yes) popts="$popts --nocrsend" ;; -no|'') ;; -*) echo "unknown nocrsend value (not yes/no) \`$IPSECnocrsend'" ;; -esac -case "$strictcrlpolicy" in -yes) popts="$popts --strictcrlpolicy" ;; -no|'') ;; -*) echo "unknown strictcrlpolicy value (not yes/no) \`$IPSECstrictcrlpolicy'" ;; -esac -case "$cachecrls" in -yes) popts="$popts --cachecrls" ;; -no|'') ;; -*) echo "unknown cachecrls value (not yes/no) \`$IPSECcachecrls'" ;; -esac -case "$nat_traversal" in -yes) popts="$popts --nat_traversal" ;; -no|'') ;; -*) echo "unknown nat_traversal value (not yes/no) \`$IPSECnat_traversal'" ;; -esac -[ -n "$keep_alive" ] && popts="$popts --keep_alive $keep_alive" -case "$force_keepalive" in -yes) popts="$popts --force_keepalive" ;; -no|'') ;; -*) echo "unknown force_keepalive value (not yes/no) \`$IPSECforce_keepalive'" ;; -esac -case "$disable_port_floating" in -yes) popts="$popts --disable_port_floating" ;; -no|'') ;; -*) echo "unknown disable_port_floating (not yes/no) \`$disable_port_floating'" ;; -esac -case "$pkcs11keepstate" in -yes) popts="$popts --pkcs11keepstate" ;; -no|'') ;; -*) echo "unknown pkcs11keepstate value (not yes/no) \`$IPSECpkcs11keepstate'" ;; -esac -case "$pkcs11proxy" in -yes) popts="$popts --pkcs11proxy" ;; -no|'') ;; -*) echo "unknown pkcs11proxy value (not yes/no) \`$IPSECpkcs11proxy'" ;; -esac - -[ -n "$virtual_private" ] && popts="$popts --virtual_private $virtual_private" - -# add crl check interval -if test ${crlcheckinterval:-0} -gt 0 -then - popts="$popts --crlcheckinterval $crlcheckinterval" -fi - -if test -n "$pkcs11module" -then - popts="$popts --pkcs11module $pkcs11module" -fi - -if test -n "$stderrlog" -then - popts="$popts --stderrlog 2>>$stderrlog" - - if test -f $stderrlog - then - if test ! -w $stderrlog - then - echo Cannot write to \"$stderrlog\". - exit 1 - fi - else - if test ! -w "`dirname $stderrlog`" - then - echo Cannot write to directory to create \"$stderrlog\". - exit 1 - fi - fi - - echo "Plutorun started on "`date` >$stderrlog -fi - -# set up dump directory -if test " $dumpdir" = " " -then - ulimit -c 0 # preclude core dumps -elif test ! -d "$dumpdir" -then - echo "dumpdir \`$dumpdir' does not exist, ignored" - ulimit -c 0 # preclude core dumps -elif cd $dumpdir # put them where desired -then - ulimit -c unlimited # permit them -else - echo "cannot cd to dumpdir \`$dumpdir', ignored" - ulimit -c 0 # preclude them -fi - -# execute any preliminaries -if test " $prepluto" != " " -then - $prepluto - st=$? - if test " $st" -ne 0 - then - echo "...prepluto command exited with status $st" - fi -fi - -IPSEC_SECRETS=${IPSEC_CONFS}/ipsec.secrets -if test ! -f "${IPSEC_SECRETS}" -then - ( logger -p authpriv.info -t ipsec__plutorun No file ${IPSEC_SECRETS}, generating key. - ipsec scepclient --out pkcs1 --out cert-self --quiet - echo -e "# /etc/ipsec.secrets - strongSwan IPsec secrets file\n" > ${IPSEC_SECRETS} - chmod 600 ${IPSEC_SECRETS} - echo ": RSA myKey.der" >> ${IPSEC_SECRETS} - - # tell pluto to go re-read the file - ipsec auto --rereadsecrets - ) & -fi - -# -# make sure that the isakmp port is open! -# -if test -f /etc/sysconfig/ipchains -then - if egrep -q 500:500 /etc/sysconfig/ipchains - then - : - else - ipchains -I input 1 -p udp -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 500:500 -j ACCEPT - # if it redhat, then save the rules again. - if [ -f /etc/redhat-release ] - then - sh /etc/rc.d/init.d/ipchains save - fi - fi -fi - -# spin off into the background, with our own logging -echo "$verb Pluto subsystem..." | logger -p authpriv.error -t ipsec__plutorun -execdir=${IPSEC_EXECDIR-@IPSEC_EXECDIR@} -libdir=${IPSEC_LIBDIR-@IPSEC_LIBDIR@} -until ( - if test -s $info - then - . $info - export defaultroutephys defaultroutevirt defaultrouteaddr defaultroutenexthop - fi - # eval allows $popts to contain redirection and other magic - eval $execdir/pluto --nofork --secretsfile "$IPSEC_SECRETS" --policygroupsdir "${IPSEC_CONFS}/ipsec.d/policies" $popts - status=$? - echo "exit" - echo $status - ) | $libdir/_plutoload --wait "$plutowait" --post "$postpluto" -do - status=$? - case "$status" in - 13) echo "internal failure in pluto scripts, impossible to carry on" - exit 1 - ;; - 10) echo "pluto apparently already running (?!?), giving up" - exit 1 - ;; - 137) echo "pluto killed by SIGKILL, terminating without restart or unlock" - exit 0 - ;; - 143) echo "pluto killed by SIGTERM, terminating without restart" - # pluto now does its own unlock for this - exit 0 - ;; - *) st=$status - if $plutorestartoncrash - then - : - else - exit 0 - fi - - if test $st -gt 128 - then - st="$st (signal `expr $st - 128`)" - fi - echo "!pluto failure!: exited with error status $st" - echo "restarting IPsec after pause..." - ( - sleep 10 - ipsec setup _autorestart - ) </dev/null >/dev/null 2>&1 & - exit 1 - ###sleep 10 - ###rm -rf $pidfile - #### and go around the loop again - ;; - esac -done </dev/null 2>&1 | - logger -s -p $wherelog -t ipsec__plutorun >/dev/null 2>/dev/null & - -exit 0 |