#!/bin/sh
# tcpcryptd startup and shutdown script
# Copyright (C) 2015              Paul Wouters <paul@libreswan.org>
#
### BEGIN INIT INFO
# Provides: tcpcryptd
# Required-Start: $network $remote_fs $syslog $named
# Required-Stop: $syslog $remote_fs
# Default-Start:
# Default-Stop: 0 1 6
# Short-Description: Start tcpcryptd at boot time
# Description: Opportunisticly encrypt TCP connections
### END INIT INFO
#
### see https://bugzilla.redhat.com/show_bug.cgi?id=636572
### Debian and Fedora interpret the LSB differently for Default-Start:

# This program is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by the
# Free Software Foundation; either version 2 of the License, or (at your
# option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
# or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
# for more details.
#
# tcpcryptd		sysv style init.d script for starting and stopping
#		the tcpcryptd service
#
# chkconfig: - 47 76
# description: Opportunisticly encrypt TCP connections

# Source function library.
. /etc/rc.d/init.d/functions

# Check that networking is up.
[ "${NETWORKING}" = "no" ] && exit 6

if [ ! -f /etc/sysconfig/network ]; then
    exit 6
fi

if [ $(id -u) -ne 0 ]; then
    echo "permission denied (must be superuser)" | \
	logger -s -p daemon.error 2>&1
    exit 4
fi

rundir=/var/run/tcpcryptd
lockdir=/var/lock/subsys
lockfile=${lockdir}/tcpcryptd

[ -f /etc/sysconfig/tcpcryptd ] && . /etc/sysconfig/tcpcryptd

# misc setup
umask 022

mkdir -p ${rundir}
chmod 700 ${rundir}
chown tcpcrypt.tcpcrypt ${rundir}

start() {
    echo -n $"Starting tcpcrypt daemon: "

    [ -d ${lockdir} ] || mkdir -p ${lockdir}
    touch ${lockfile}
    /usr/bin/tcpcryptd -f -x 0x10 > /dev/null 2>&1 &
}


stop() {
    killproc -p $(pidof tcpcryptd) /usr/bin/tcpcryptd
    rm -f ${lockfile}
}

restart() {
    stop
    start
    return $?
}

condrestart() {
    if [ -f ${lockfile} ]; then
	restart
	return $?
    fi
}

# do it
case "$1" in
    start)
	start
	RETVAL=$?
	;;
    stop)
	stop
	RETVAL=$?
	;;
    restart)
	restart
	RETVAL=$?
	;;
    reload|force-reload)
	restart
	RETVAL=$?
	;;
    condrestart|try-restart)
	condrestart
	RETVAL=$?
	;;
    status)
	/usr/bin/tcnetstat
	RETVAL=$?
	;;
    version)
	version
	RETVAL=$?
	;;
    *)
	echo "Usage: $0 {start|stop|restart|reload|force-reload|condrestart|try-restart|status|version}"
	RETVAL=2
esac

exit ${RETVAL}