#!/bin/sh
# IPsec startup and shutdown script
# Copyright (C) 1998, 1999, 2001  Henry Spencer.
#
# This program is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by the
# Free Software Foundation; either version 2 of the License, or (at your
# option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
# or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
# for more details.
#
# RCSID $Id: setup,v 1.110 2001/06/20 15:55:13 henry Exp $
#
# ipsec         init.d script for starting and stopping
#               the IPsec security subsystem (KLIPS and Pluto).
#
# This script becomes /etc/rc.d/init.d/ipsec (or possibly /etc/init.d/ipsec)
# and is also accessible as "ipsec setup" (the preferred route for human
# invocation).
#
# The startup and shutdown times are a difficult compromise (in particular,
# it is almost impossible to reconcile them with the insanely early/late
# times of NFS filesystem startup/shutdown).  Startup is after startup of
# syslog and pcmcia support; shutdown is just before shutdown of syslog.
#
# chkconfig: 2345 47 68
# description: IPsec provides encrypted and authenticated communications; \
# KLIPS is the kernel half of it, Pluto is the user-level management daemon.

me='ipsec setup'		# for messages

if [ -f /etc/rc.d/init.d/functions ]
then
    . /etc/rc.d/init.d/functions
    LOGGERMINUSS=""
else
    failure() {
	echo $* >&2
    }
    LOGGERMINUSS="-s"
fi

if test " $IPSEC_DIR" = " "	# if we were not called by the ipsec command
then
	# we must establish a suitable PATH ourselves
	PATH=/usr/local/sbin:/sbin:/usr/sbin:/usr/local/bin:/bin:/usr/bin
	export PATH
fi

# Check that the ipsec command is available.
found=
for dir in `echo $PATH | tr ':' ' '`
do
	if test -f $dir/ipsec -a -x $dir/ipsec
	then
		found=yes
		break			# NOTE BREAK OUT
	fi
done
if ! test "$found"
then
	echo "cannot find ipsec command -- \`$1' aborted" |
	exit 1
fi

# misc setup
umask 022



# do it
case "$1" in
  start|stop|_autostop|_autostart)
        case $1 in
	  start|_autostart) echo -n "Starting IPsec";;
	  stop|_autostop) echo -n "Stopping IPsec";;
        esac
	if test " `id -u`" != " 0"
	then
		echo "permission denied (must be superuser)" |
			logger $LOGGERMINUSS -p $IPSECsyslog -t ipsec_setup 2>&1
			failure "ipsec startup"
		exit 1
	fi
	tmp=/var/run/ipsec_setup.st
	(
		ipsec _realsetup $1
		echo "$?" >$tmp
	) 2>&1 | logger $LOGGERMINUSS -p $IPSECsyslog -t ipsec_setup 2>&1
	st=`cat $tmp`
	rm -f $tmp
	if [ $st -ne 0 ]
	then
	    failure "ipsec startup"
	fi
	exit $st
	;;

  restart|--restart)
	$0 stop
	$0 start
	;;

  _autorestart)			# for internal use only
	$0 _autostop
	$0 _autostart
	;;

  status)
	ipsec _realsetup $1
	exit
	;;

  version)
	echo "$me $IPSEC_VERSION"
	exit 0
	;;

  help)
	echo "Usage: $me {start|stop|restart|status}"
	exit 0
	;;

  *)
	echo "Usage: $me {start|stop|restart|status}" >&2
	exit 2
esac

exit 0