diff options
Diffstat (limited to 'programs/_realsetup/_realsetup.in')
| -rwxr-xr-x | programs/_realsetup/_realsetup.in | 456 |
1 files changed, 0 insertions, 456 deletions
diff --git a/programs/_realsetup/_realsetup.in b/programs/_realsetup/_realsetup.in deleted file mode 100755 index 91b6e98d3..000000000 --- a/programs/_realsetup/_realsetup.in +++ /dev/null @@ -1,456 +0,0 @@ -#!/bin/sh -# IPsec startup and shutdown command -# Copyright (C) 1998, 1999, 2001 Henry Spencer. -# -# This program is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by the -# Free Software Foundation; either version 2 of the License, or (at your -# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. -# -# This program is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY -# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -# for more details. -# -# RCSID $Id: _realsetup.in,v 1.10 2005/09/25 21:30:52 as Exp $ - -IPSEC_NAME=strongSwan - -me='ipsec setup' # for messages - -# Misc. paths (some of this should perhaps be overrideable from ipsec.conf). -plutopid=/var/run/pluto.pid -subsyslock=/var/lock/subsys/ipsec -lock=/var/run/ipsec_setup.pid -info=/var/run/ipsec.info -sysflags=/proc/sys/net/ipsec -modules=/proc/modules -ipforward=/proc/sys/net/ipv4/ip_forward -ipsecversion=/proc/net/ipsec_version -kamepfkey=/proc/net/pfkey - -# make sure output of (e.g.) ifconfig is in English -unset LANG LANGUAGE LC_ALL LC_MESSAGES - -# check we were called properly -if test " $IPSEC_confreadsection" != " setup" -then - echo "$me: $0 must be called by ipsec_setup" >&2 - exit 1 -fi -# defaults for "config setup" items - -IPSECinterfaces=${IPSECinterfaces:-%defaultroute} - if test " $IPSECinterfaces" = " %none" ; then IPSECinterfaces= ; fi -# IPSECforwardcontrol "no" -# IPSECsyslog "daemon.error" -# IPSECklipsdebug "none" -# IPSECplutodebug "none" -# IPSECdumpdir "" (no dump) -# IPSECmanualstart "" -# IPSECpluto "yes" -IPSECplutowait=${IPSECplutowait:-no} -# IPSECprepluto "" -# IPSECpostpluto "" -# IPSECfragicmp "yes" -# IPSEChidetos "yes" -IPSECrp_filter=${IPSECrp_filter:-0} -IPSECuniqueids=${IPSECuniqueids:-yes} -IPSECcrlcheckinterval=${IPSECcrlcheckinterval:-0} -# IPSECpkcs11module "" -# IPSECoverridemtu "" - -# Shall we trace? -execute="true" -display="false" -for i in $IPSEC_setupflags -do - case "$i" in - "--showonly") execute="false" ; display=true ;; - "--show") display=true ;; - esac -done - -if $display -then - echo " " PATH="$PATH" -fi - -perform() { - if $display - then - echo " " "$*" - fi - - if $execute - then - eval "$*" - fi -} - -# function to set up manually-keyed connections -manualconns() { - if test " $IPSECmanualstart" != " " - then - for tu in $IPSECmanualstart - do - perform ipsec manual --up $tu - done - fi - - # search for things to "ipsec manual --up": auto == "manual" - eval `ipsec _confread --varprefix MANUALSTART --search auto manual` - if test " $MANUALSTART_confreadstatus" != " " - then - echo "auto=manual search: $MANUALSTART_confreadstatus" - echo "unable to determine what conns to manual --up; none done" - elif test " $MANUALSTART_confreadnames" != " " - then - for tu in $MANUALSTART_confreadnames - do - perform ipsec manual --up $tu - done - fi -} - -# for no-stdout logging: -LOGONLY="logger -p $IPSECsyslog -t ipsec_setup" - -# What an ugly string. -# Must be a string, not a function, because it is nested -# within another sequence (for plutorun). -# Luckily there are NO substitutions in it. -KILLKLIPS='ifl=` ifconfig | sed -n -e "/^ipsec/s/ .*//p" ` ; - test "X$ifl" != "X" && - for i in $ifl ; - do - ifconfig $i down ; - ipsec tncfg --detach --virtual $i ; - done ; - test -r /proc/net/ipsec_klipsdebug && ipsec klipsdebug --none ; - ipsec eroute --clear ; - ipsec spi --clear ; - for alg in aes serpent twofish blowfish sha2 ; - do - lsmod 2>&1 | grep "^ipsec_$alg" > /dev/null && rmmod ipsec_$alg ; - done ; - lsmod 2>&1 | grep "^ipsec" > /dev/null && rmmod ipsec' - -if test -f $kamepfkey -then - KILLKLIPS=' - if ip xfrm state > /dev/null 2>&1 ; - then - ip xfrm state flush ; - ip xfrm policy flush ; - elif type setkey > /dev/null 2>&1 ; - then - setkey -F ; - setkey -FP ; - fi' -fi - - - -# do it -case "$1" in - start|--start|_autostart) - # First, does it seem to be going already? - perform test ! -f $lock "||" "{" \ - echo "\"$IPSEC_NAME IPsec apparently already running, start aborted\"" ";" \ - exit 1 ";" \ - "}" - - # announcement - # (Warning, changes to this log message may affect barf.) - version="`ipsec --version | awk 'NR == 1 { print $(3) }' | sed -e 's/^U\(.*\)\/K(.*/\1/'`" - case "$1" in - start|--start) perform echo "\"Starting $IPSEC_NAME IPsec $version...\"" ;; - _autostart) perform echo "\"Restarting $IPSEC_NAME IPsec $version...\"" ;; - esac - - # preliminaries - perform rm -f $lock - - for f in /dev/random /dev/urandom - do - perform test -r $f "||" "{" \ - echo "\"...unable to start $IPSEC_NAME IPsec, no $f!\"" ";" \ - exit 1 ";" \ - "}" - done - - # the meaning of $$ at a different runtime is questionable! - perform echo '$$' ">" $lock - perform test -s $lock "||" "{" \ - echo "\"...unable to create $lock, aborting start!\"" ";" \ - rm -f $lock ";" \ - exit 1 ";" \ - "}" - - perform ">" $info - - # here we go - perform ipsec _startklips \ - --info $info \ - --debug "\"$IPSECklipsdebug\"" \ - --omtu "\"$IPSECoverridemtu\"" \ - --fragicmp "\"$IPSECfragicmp\"" \ - --hidetos "\"$IPSEChidetos\"" \ - --rpfilter "\"$IPSECrp_filter\"" \ - --log "\"$IPSECsyslog\"" \ - $IPSECinterfaces "||" \ - "{" rm -f $lock ";" exit 1 ";" "}" - - perform test -f $ipsecversion "||" \ - test -f $kamepfkey "||" "{" \ - echo "\"OOPS, should have aborted! Broken shell!\"" ";" \ - exit 1 ";" \ - "}" - - # misc pre-Pluto setup - - perform test -d `dirname $subsyslock` "&&" touch $subsyslock - - if test " $IPSECforwardcontrol" = " yes" - then - perform grep '"^0"' $ipforward ">" /dev/null "&&" "{" \ - echo "\"enabling IP forwarding:\"" "|" $LOGONLY ";" \ - echo "\"ipforwardingwas=$fw\"" ">>" $info ";" \ - echo 1 ">" $ipforward ";" \ - "}" - fi - manualconns - - plutorestartoncrash="" - case "$IPSECplutorestartoncrash" in - true|[yY]|yes|restart) plutorestartoncrash="--plutorestartoncrash true";; - false|[nN]|no|die) plutorestartoncrash="--plutorestartoncrash false" ;; - esac - - # Pluto - case "$1" in - start|--start) re= ;; - _autostart) re=--re ;; - esac - if test " $IPSECpluto" != " no" - then - perform ipsec _plutorun $re \ - --debug "\"$IPSECplutodebug\"" \ - --uniqueids "\"$IPSECuniqueids\"" \ - --nocrsend "\"$IPSECnocrsend\"" \ - --strictcrlpolicy "\"$IPSECstrictcrlpolicy\"" \ - --cachecrls "\"$IPSECcachecrls\"" \ - --nat_traversal "\"$IPSECnat_traversal\"" \ - --keep_alive "\"$IPSECkeep_alive\"" \ - --force_keepalive "\"$IPSECforce_keepalive\"" \ - --disable_port_floating "\"$IPSECdisable_port_floating\"" \ - --virtual_private "\"$IPSECvirtual_private\"" \ - --crlcheckinterval "\"$IPSECcrlcheckinterval\"" \ - --pkcs11module "\"$IPSECpkcs11module\"" \ - --pkcs11keepstate "\"$IPSECpkcs11keepstate\"" \ - --pkcs11proxy "\"$IPSECpkcs11proxy\"" \ - --dump "\"$IPSECdumpdir\"" \ - --opts "\"$IPSECplutoopts\"" \ - --stderrlog "\"$IPSECplutostderrlog\"" \ - --wait "\"$IPSECplutowait\"" \ - --pre "\"$IPSECprepluto\"" \ - --post "\"$IPSECpostpluto\"" \ - --log "\"$IPSECsyslog\"" $plutorestartoncrash \ - --pid "\"$plutopid\"" "||" "{" \ - $KILLKLIPS ";" \ - rm -f $lock ";" \ - exit 1 ";" \ - "}" - fi - - # done! - perform echo "\"...$IPSEC_NAME IPsec started\"" "|" $LOGONLY - ;; - - stop|--stop|_autostop) # _autostop is same as stop - # Shut things down. - perform echo "\"Stopping $IPSEC_NAME IPsec...\"" - perform \ - if test -r $lock ";" \ - then \ - status=0 ";" \ - . $info ";" \ - else \ - echo "\"stop ordered, but IPsec does not appear to be running!\"" ";" \ - echo "\"doing cleanup anyway...\"" ";" \ - status=1 ";" \ - fi - if test " $IPSECforwardcontrol" = " yes" - then - perform test "\"X\$ipforwardingwas\"" = "\"X0\"" "&&" "{" \ - echo "\"disabling IP forwarding:\"" "|" $LOGONLY ";" \ - echo 0 ">" $ipforward ";" \ - "}" - fi - - perform test -f $plutopid "&&" "{" \ - if ps -p '`' cat $plutopid '`' ">" /dev/null ";" \ - then \ - ipsec whack --shutdown "|" grep -v "^002" ";" \ - sleep 1 ";" \ - if test -s $plutopid ";" \ - then \ - echo "\"Attempt to shut Pluto down failed! Trying kill:\"" ";" \ - kill '`' cat $plutopid '`' ";" \ - sleep 5 ";" \ - fi ";" \ - else \ - echo "\"Removing orphaned $plutopid:\"" ";" \ - fi ";" \ - rm -f $plutopid ";" \ - "}" - - perform $KILLKLIPS - - perform test -d `dirname $subsyslock` "&&" rm -f $subsyslock - - perform rm -f $info $lock - perform echo "...$IPSEC_NAME IPsec stopped" "|" $LOGONLY - perform exit \$status - ;; - - status|--status) - if test " $IPSEC_setupflags" != " " - then - echo "$me $1 does not support $IPSEC_setupflags" - exit 1 - fi - - if test -f $info - then - hasinfo=yes - fi - - if test -f $lock - then - haslock=yes - fi - - if test -f $subsyslock - then - hassublock=yes - fi - - if test -s $plutopid - then - if ps -p `cat $plutopid` >/dev/null - then - plutokind=normal - elif ps -C pluto >/dev/null - then - plutokind=illicit - fi - elif ps -C pluto >/dev/null - then - plutokind=orphaned - else - plutokind=no - fi - - if test -r /proc/net/ipsec_eroute - then - if test " `wc -l </proc/net/ipsec_eroute`" -gt 0 - then - eroutes=yes - fi - fi - - if test -r $ipsecversion - then - klips=yes - elif test -r $modules - then - klips=maybe - else - klips=none - fi - - if test "$haslock" - then - echo "IPsec running" - # might not be a subsystem lock dir, ignore that issue - if test "$plutokind" = "normal" -a "$klips" = "yes" -a "$hasinfo" - then - echo "pluto pid `cat $plutopid`" - exit 0 - fi - echo "but..." - if test "$plutokind" != "normal" - then - echo "$plutokind Pluto running!" - fi - if test ! "$hasinfo" - then - echo "$info file missing!" - fi - case $klips in - maybe) echo "KLIPS module is not loaded!" ;; - none) echo "no KLIPS in kernel!" ;; - esac - if test "$eroutes" - then - echo "some eroutes exist" - fi - exit 1 - else - echo "IPsec stopped" - if test ! "$hassublock" -a ! "$hasinfo" -a "$plutokind" = "no" \ - -a ! "$eroutes" - then - exit 0 - fi - echo "but..." - if test "$hassublock" - then - echo "has subsystem lock ($subsyslock)!" - fi - if test "$hasinfo" - then - echo "has $info file!" - fi - if test "$plutokind" != "normal" - then - echo "$plutokind Pluto is running!" - fi - if test "$eroutes" - then - echo "some eroutes exist!" - fi - exit 1 - fi - ;; - - --version) - if test " $IPSEC_setupflags" != " " - then - echo "$me $1 does not support $IPSEC_setupflags" - exit 1 - fi - - echo "$me $IPSEC_VERSION" - exit 0 - ;; - - --help) - if test " $IPSEC_setupflags" != " " - then - echo "$me $1 does not support $IPSEC_setupflags" - exit 1 - fi - - echo "Usage: $me {--start|--stop|--restart|--status}" - exit 0 - ;; - - *) - echo "Usage: $me {--start|--stop|--restart|--status}" >&2 - exit 2 -esac - -exit 0 |