Page MenuHomeFreeBSD
Differential D8417 Diff 21981 security/openiked/files/iked.in

Changeset View

Standalone View

View Options

security/openiked/files/iked.in

PropertyOld ValueNew Value
svn:eol-stylenullnative
\ No newline at end of property
svn:mime-typenulltext/plain
\ No newline at end of property
#!/bin/sh
# $FreeBSD$
#
# PROVIDE: iked
# REQUIRE: LOGIN
# KEYWORD: shutdown
#
# Add these lines to /etc/rc.conf.local or /etc/rc.conf
# to enable this service:
#
# iked_enable (bool): Set to NO by default.
# Set it to YES to enable iked.
# iked_ramdisk (bool): Set to NO by default. See below.
#
# When iked_ramdisk is set to YES, the rc.d script will make sure
# all directories exist, but will not generate a key pair if none
# exists. The daemon is not started when the key pair no config
# files are missing. It is assumed the ramdisk is not populated
# completely. When iked_ramdisk is NO, key pairs are created as
# needed and thr daemon is started unconditionally.
. /etc/rc.subr
name=iked
desc="IKEv2 daemon"
rcvar=iked_enable
load_rc_config $name
: ${iked_enable:=NO}
: ${iked_ramdisk=NO}
command=%%PREFIX%%/sbin/iked
start_precmd=iked_precmd
iked_config=%%PREFIX%%/etc/iked.conf
iked_rootdir=%%PREFIX%%/etc/iked
iked_privkey=${iked_rootdir}/private/local.key
iked_pubkey=${iked_rootdir}/local.pub
iked_precmd()
{
if checkyesno iked_ramdisk; then
# Make sure we have our directory hierarchy.
for D in ca certs crls export private pubkeys \
pubkeys/fqdn pubkeys/ipv4 pubkeys/ipv6 pubkeys/ufqdn; do
mkdir -p %%PREFIX%%/etc/iked/$D
done
chmod 700 %%PREFIX%%/etc/iked/private
else
# Create a key pair if not already present.
if test ! -f $iked_privkey; then
/usr/bin/openssl genrsa -out $iked_privkey 2048
/bin/chmod 600 $iked_privkey
/usr/bin/openssl rsa -out $iked_pubkey \
-in $iked_privkey -pubout
fi
fi
# We must have a private key and a configuration file.
# Don't start iked when those are missing.
if test ! \( -f $iked_privkey -a -f $iked_config \); then
# Be quiet about it; it must be intentional.
exit 1
fi
}
run_rc_command "$1"