#!/bin/sh # Pluto database-loading script # Copyright (C) 1998, 1999, 2001 Henry Spencer. # # This program is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by the # Free Software Foundation; either version 2 of the License, or (at your # option) any later version. See . # # This program is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License # for more details. # # RCSID $Id: _plutoload,v 1.2 2001/10/31 01:39:03 henry Exp $ # # exit status is 13 for protocol violation, that of Pluto otherwise me='ipsec _plutoload' # for messages for dummy do case "$1" in --load) plutoload="$2" ; shift ;; --start) plutostart="$2" ; shift ;; --wait) plutowait="$2" ; shift ;; --post) postpluto="$2" ; shift ;; --) shift ; break ;; -*) echo "$me: unknown option \`$1'" >&2 ; exit 2 ;; *) break ;; esac shift done # searches, if needed if test " $plutoload" = " %search" then eval `ipsec _confread --varprefix PLUTO --search auto add route start` if test " $PLUTO_confreadstatus" != " " then echo "auto=add/route/start search: $PLUTO_confreadstatus" echo "unable to determine what conns to add -- adding none" plutoload= else plutoload="$PLUTO_confreadnames" fi fi if test " $plutostart" = " %search" then eval `ipsec _confread --varprefix PLUTO --search auto route start` if test " $PLUTO_confreadstatus" != " " then echo "auto=route/start search: $PLUTO_confreadstatus" echo "unable to determine what conns to route -- routing none" plutoroute= else plutoroute="$PLUTO_confreadnames" fi eval `ipsec _confread --varprefix PLUTO --search auto start` if test " $PLUTO_confreadstatus" != " " then echo "auto=start search: $PLUTO_confreadstatus" echo "unable to determine what conns to start -- starting none" plutostart= else plutostart="$PLUTO_confreadnames" fi fi # the way the searches were done ensures plutoload >= plutoroute >= plutostart # await Pluto's readiness (not likely to be an issue, but...) eofed=y while read saying do case "$saying" in 'Pluto initialized') eofed= ; break ;; # NOTE BREAK OUT *) echo "pluto unexpectedly said \`$saying'" ;; esac done if test "$eofed" then echo "pluto died unexpectedly!?!" exit 13 fi # database load for tu in $plutoload do ipsec auto --add $tu || echo "...could not add conn \"$tu\"" done # enable listening ipsec auto --ready # execute any post-startup cleanup if test " $postpluto" != " " then $postpluto st=$? if test " $st" -ne 0 then echo "...postpluto command exited with status $st" fi fi # quickly establish routing for tu in $plutoroute do ipsec auto --route $tu || echo "...could not route conn \"$tu\"" done # tunnel initiation, which may take a while async= if test " $plutowait" = " no" then async="--asynchronous" fi for tu in $plutostart do ipsec auto --up $async $tu || echo "...could not start conn \"$tu\"" done # report any further utterances, and watch for exit status eofed=y while read saying do case "$saying" in exit) eofed= ; break ;; # NOTE BREAK OUT *) echo "pluto unexpectedly says \`$saying'" ;; esac done if test "$eofed" then echo "pluto died without exit status!?!" exit 13 fi if read status then exit $status else echo "pluto yielded no exit status!?!" exit 13 fi