diff options
Diffstat (limited to 'programs/_plutorun')
| -rw-r--r-- | programs/_plutorun/.cvsignore | 1 | ||||
| -rw-r--r-- | programs/_plutorun/Makefile | 43 | ||||
| -rw-r--r-- | programs/_plutorun/_plutorun.8 | 37 | ||||
| -rwxr-xr-x | programs/_plutorun/_plutorun.in | 281 |
4 files changed, 0 insertions, 362 deletions
diff --git a/programs/_plutorun/.cvsignore b/programs/_plutorun/.cvsignore deleted file mode 100644 index 13e0ae1a1..000000000 --- a/programs/_plutorun/.cvsignore +++ /dev/null @@ -1 +0,0 @@ -_plutorun diff --git a/programs/_plutorun/Makefile b/programs/_plutorun/Makefile deleted file mode 100644 index b0928797c..000000000 --- a/programs/_plutorun/Makefile +++ /dev/null @@ -1,43 +0,0 @@ -# Makefile for miscelaneous programs -# Copyright (C) 2002 Michael Richardson <mcr@freeswan.org> -# -# This program is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by the -# Free Software Foundation; either version 2 of the License, or (at your -# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. -# -# This program is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY -# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -# for more details. -# -# RCSID $Id: Makefile,v 1.1 2004/03/15 20:35:27 as Exp $ - -FREESWANSRCDIR=../.. -include ${FREESWANSRCDIR}/Makefile.inc - -PROGRAM=_plutorun -PROGRAMDIR=${LIBDIR} - -include ../Makefile.program - -# -# $Log: Makefile,v $ -# Revision 1.1 2004/03/15 20:35:27 as -# added files from freeswan-2.04-x509-1.5.3 -# -# Revision 1.3 2002/08/02 16:01:26 mcr -# moved user visible programs to $PREFIX/libexec, while moving -# private files to $PREFIX/lib. -# -# Revision 1.2 2002/06/02 22:02:14 mcr -# changed TOPDIR->FREESWANSRCDIR in all Makefiles. -# (note that linux/net/ipsec/Makefile uses TOPDIR because this is the -# kernel sense.) -# -# Revision 1.1 2002/04/24 07:55:32 mcr -# #include patches and Makefiles for post-reorg compilation. -# -# -# - diff --git a/programs/_plutorun/_plutorun.8 b/programs/_plutorun/_plutorun.8 deleted file mode 100644 index 9de6927dc..000000000 --- a/programs/_plutorun/_plutorun.8 +++ /dev/null @@ -1,37 +0,0 @@ -.TH _PLUTORUN 8 "25 Apr 2002" -.\" -.\" RCSID $Id: _plutorun.8,v 1.1 2004/03/15 20:35:27 as Exp $ -.\" -.SH NAME -ipsec _plutorun \- internal script to start pluto -.SH DESCRIPTION -.I _plutorun -is called by -.B _realsetup -to configure and bring up -.B ipsec_pluto(8). -It calls -.B _plutoload -to invoke pluto, and watches to makes sure that pluto is restarted if it fails. -.SH "SEE ALSO" -ipsec(8), ipsec_setup(8), ipsec__realsetup(8), ipsec__plutoload(8), ipsec_pluto(8). -.SH HISTORY -Man page written for the Linux FreeS/WAN project <http://www.freeswan.org/> -by Michael Richardson. Original program written by Henry Spencer. -.\" -.\" $Log: _plutorun.8,v $ -.\" Revision 1.1 2004/03/15 20:35:27 as -.\" added files from freeswan-2.04-x509-1.5.3 -.\" -.\" Revision 1.2 2002/04/29 22:39:31 mcr -.\" added basic man page for all internal commands. -.\" -.\" Revision 1.1 2002/04/26 01:21:43 mcr -.\" while tracking down a missing (not installed) /etc/ipsec.conf, -.\" MCR has decided that it is not okay for each program subdir to have -.\" some subset (determined with -f) of possible files. -.\" Each subdir that defines $PROGRAM, MUST have a PROGRAM.8 file as well as a PROGRAM file. -.\" Optional PROGRAM.5 files have been added to the makefiles. -.\" -.\" -.\" diff --git a/programs/_plutorun/_plutorun.in b/programs/_plutorun/_plutorun.in deleted file mode 100755 index b02afeefb..000000000 --- a/programs/_plutorun/_plutorun.in +++ /dev/null @@ -1,281 +0,0 @@ -#!/bin/sh -# Pluto control daemon -# Copyright (C) 1998, 1999, 2001 Henry Spencer. -# -# This program is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by the -# Free Software Foundation; either version 2 of the License, or (at your -# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. -# -# This program is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY -# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -# for more details. -# -# RCSID $Id: _plutorun.in,v 1.9 2005/10/16 13:28:15 as Exp $ - -me='ipsec _plutorun' # for messages - -info=/var/run/ipsec.info - -popts= -stderrlog= -plutorestartoncrash=true - -wherelog=daemon.error -pidfile=/var/run/pluto.pid -verb="Starting" -for dummy -do - case "$1" in - --re) verb="Restarting" ;; - --plutorestartoncrash) plutorestartoncrash="$2"; shift ;; - --debug) plutodebug="$2" ; shift ;; - --uniqueids) uniqueids="$2" ; shift ;; - --nat_traversal) nat_traversal="$2" ; shift ;; - --keep_alive) keep_alive="$2" ; shift ;; - --force_keepalive) force_keepalive="$2" ; shift ;; - --disable_port_floating) disable_port_floating="$2" ; shift ;; - --virtual_private) virtual_private="$2" ; shift ;; - --nocrsend) nocrsend="$2" ; shift ;; - --strictcrlpolicy) strictcrlpolicy="$2" ; shift ;; - --crlcheckinterval) crlcheckinterval="$2"; shift ;; - --cachecrls) cachecrls="$2" ; shift ;; - --pkcs11module) pkcs11module="$2"; shift ;; - --pkcs11keepstate) pkcs11keepstate="$2"; shift ;; - --pkcs11proxy) pkcs11proxy="$2"; shift ;; - --dump) dumpdir="$2" ; shift ;; - --opts) popts="$2" ; shift ;; - --stderrlog) stderrlog="$2" ; shift ;; - --wait) plutowait="$2" ; shift ;; - --pre) prepluto="$2" ; shift ;; - --post) postpluto="$2" ; shift ;; - --log) wherelog="$2" ; shift ;; - --pid) pidfile="$2" ; shift ;; - --) shift ; break ;; - -*) echo "$me: unknown option \`$1'" >&2 ; exit 2 ;; - *) break ;; - esac - shift -done - -# initially we are in the foreground, with parent looking after logging - -# precautions -if test -f $pidfile -then - echo "pluto appears to be running already (\`$pidfile' exists), will not start another" - exit 1 -fi -if test ! -e /dev/urandom -then - echo "cannot start Pluto, system lacks \`/dev/urandom'!?!" - exit 1 -fi - -# sort out options -for d in $plutodebug -do - popts="$popts --debug-$d" -done -case "$uniqueids" in -yes) popts="$popts --uniqueids" ;; -no|'') ;; -*) echo "unknown uniqueids value (not yes/no) \`$IPSECuniqueids'" ;; -esac -case "$nocrsend" in -yes) popts="$popts --nocrsend" ;; -no|'') ;; -*) echo "unknown nocrsend value (not yes/no) \`$IPSECnocrsend'" ;; -esac -case "$strictcrlpolicy" in -yes) popts="$popts --strictcrlpolicy" ;; -no|'') ;; -*) echo "unknown strictcrlpolicy value (not yes/no) \`$IPSECstrictcrlpolicy'" ;; -esac -case "$cachecrls" in -yes) popts="$popts --cachecrls" ;; -no|'') ;; -*) echo "unknown cachecrls value (not yes/no) \`$IPSECcachecrls'" ;; -esac -case "$nat_traversal" in -yes) popts="$popts --nat_traversal" ;; -no|'') ;; -*) echo "unknown nat_traversal value (not yes/no) \`$IPSECnat_traversal'" ;; -esac -[ -n "$keep_alive" ] && popts="$popts --keep_alive $keep_alive" -case "$force_keepalive" in -yes) popts="$popts --force_keepalive" ;; -no|'') ;; -*) echo "unknown force_keepalive value (not yes/no) \`$IPSECforce_keepalive'" ;; -esac -case "$disable_port_floating" in -yes) popts="$popts --disable_port_floating" ;; -no|'') ;; -*) echo "unknown disable_port_floating (not yes/no) \`$disable_port_floating'" ;; -esac -case "$pkcs11keepstate" in -yes) popts="$popts --pkcs11keepstate" ;; -no|'') ;; -*) echo "unknown pkcs11keepstate value (not yes/no) \`$IPSECpkcs11keepstate'" ;; -esac -case "$pkcs11proxy" in -yes) popts="$popts --pkcs11proxy" ;; -no|'') ;; -*) echo "unknown pkcs11proxy value (not yes/no) \`$IPSECpkcs11proxy'" ;; -esac - -[ -n "$virtual_private" ] && popts="$popts --virtual_private $virtual_private" - -# add crl check interval -if test ${crlcheckinterval:-0} -gt 0 -then - popts="$popts --crlcheckinterval $crlcheckinterval" -fi - -if test -n "$pkcs11module" -then - popts="$popts --pkcs11module $pkcs11module" -fi - -if test -n "$stderrlog" -then - popts="$popts --stderrlog 2>>$stderrlog" - - if test -f $stderrlog - then - if test ! -w $stderrlog - then - echo Cannot write to \"$stderrlog\". - exit 1 - fi - else - if test ! -w "`dirname $stderrlog`" - then - echo Cannot write to directory to create \"$stderrlog\". - exit 1 - fi - fi - - echo "Plutorun started on "`date` >$stderrlog -fi - -# set up dump directory -if test " $dumpdir" = " " -then - ulimit -c 0 # preclude core dumps -elif test ! -d "$dumpdir" -then - echo "dumpdir \`$dumpdir' does not exist, ignored" - ulimit -c 0 # preclude core dumps -elif cd $dumpdir # put them where desired -then - ulimit -c unlimited # permit them -else - echo "cannot cd to dumpdir \`$dumpdir', ignored" - ulimit -c 0 # preclude them -fi - -# execute any preliminaries -if test " $prepluto" != " " -then - $prepluto - st=$? - if test " $st" -ne 0 - then - echo "...prepluto command exited with status $st" - fi -fi - -IPSEC_SECRETS=${IPSEC_CONFS}/ipsec.secrets -if test ! -f "${IPSEC_SECRETS}" -then - ( logger -p authpriv.info -t ipsec__plutorun No file ${IPSEC_SECRETS}, generating key. - ipsec scepclient --out pkcs1 --out cert-self --quiet - echo -e "# /etc/ipsec.secrets - strongSwan IPsec secrets file\n" > ${IPSEC_SECRETS} - chmod 600 ${IPSEC_SECRETS} - echo ": RSA myKey.der" >> ${IPSEC_SECRETS} - - # tell pluto to go re-read the file - ipsec auto --rereadsecrets - ) & -fi - -# -# make sure that the isakmp port is open! -# -if test -f /etc/sysconfig/ipchains -then - if egrep -q 500:500 /etc/sysconfig/ipchains - then - : - else - ipchains -I input 1 -p udp -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 500:500 -j ACCEPT - # if it redhat, then save the rules again. - if [ -f /etc/redhat-release ] - then - sh /etc/rc.d/init.d/ipchains save - fi - fi -fi - -# spin off into the background, with our own logging -echo "$verb Pluto subsystem..." | logger -p authpriv.error -t ipsec__plutorun -execdir=${IPSEC_EXECDIR-@IPSEC_EXECDIR@} -libdir=${IPSEC_LIBDIR-@IPSEC_LIBDIR@} -until ( - if test -s $info - then - . $info - export defaultroutephys defaultroutevirt defaultrouteaddr defaultroutenexthop - fi - # eval allows $popts to contain redirection and other magic - eval $execdir/pluto --nofork --secretsfile "$IPSEC_SECRETS" --policygroupsdir "${IPSEC_CONFS}/ipsec.d/policies" $popts - status=$? - echo "exit" - echo $status - ) | $libdir/_plutoload --wait "$plutowait" --post "$postpluto" -do - status=$? - case "$status" in - 13) echo "internal failure in pluto scripts, impossible to carry on" - exit 1 - ;; - 10) echo "pluto apparently already running (?!?), giving up" - exit 1 - ;; - 137) echo "pluto killed by SIGKILL, terminating without restart or unlock" - exit 0 - ;; - 143) echo "pluto killed by SIGTERM, terminating without restart" - # pluto now does its own unlock for this - exit 0 - ;; - *) st=$status - if $plutorestartoncrash - then - : - else - exit 0 - fi - - if test $st -gt 128 - then - st="$st (signal `expr $st - 128`)" - fi - echo "!pluto failure!: exited with error status $st" - echo "restarting IPsec after pause..." - ( - sleep 10 - ipsec setup _autorestart - ) </dev/null >/dev/null 2>&1 & - exit 1 - ###sleep 10 - ###rm -rf $pidfile - #### and go around the loop again - ;; - esac -done </dev/null 2>&1 | - logger -s -p $wherelog -t ipsec__plutorun >/dev/null 2>/dev/null & - -exit 0 |