ipsec and starter exit with LSB-compliant return codes

2007-11-28 17:02:12 +00:00 · 2007-11-28 17:02:12 +00:00 · 0b72091970
parent a349dc58f1
commit 0b72091970
2 changed files with 108 additions and 57 deletions
--- a/src/ipsec/ipsec.in
+++ b/src/ipsec/ipsec.in
@ -97,26 +97,36 @@ down)
 	if [ "$#" -ne 1 ]
 	then
 	    echo "Usage: ipsec down <connection name>"
-	    exit 1
+	    exit 2
 	fi
-	if test -e $IPSEC_PLUTO_PID
+	rc=7
+	if [ -e $IPSEC_PLUTO_PID ]
 	then
 		$IPSEC_WHACK --name "$1" --terminate
+		rc="$?"
 	fi
-	if test -e $IPSEC_CHARON_PID
+	if [ -e $IPSEC_CHARON_PID ]
 	then
 		$IPSEC_STROKE down "$1"
+		rc="$?"
 	fi
-	exit 0
+	exit "$rc"
 	;;
 listalgs|listpubkeys|\listcards|\rereadgroups)
 	op="$1"
 	shift
-	if test -e $IPSEC_PLUTO_PID
+	if [ -e $IPSEC_PLUTO_PID ]
 	then
 		$IPSEC_WHACK "$@" "--$op"
+		exit "$?"
+	else
+		if [ -e $IPSEC_CHARON_PID ]
+		then
+			exit 3
+		else
+			exit 7
+		fi
 	fi
-	exit 0
 	;;
 listcerts|listcacerts|listaacerts|\
 listacerts|listgroups|listocspcerts|\
@ -125,32 +135,39 @@ rereadsecrets|rereadcacerts|rereadaacerts|\
 rereadacerts|rereadocspcerts|rereadcrls|\
 rereadall|purgeocsp)
 	op="$1"
+	rc=7
 	shift
-	if test -e $IPSEC_PLUTO_PID
+	if [ -e $IPSEC_PLUTO_PID ]
 	then
 		$IPSEC_WHACK "$@" "--$op"
+		rc="$?"
 	fi
-	if test -e $IPSEC_CHARON_PID
+	if [ -e $IPSEC_CHARON_PID ]
 	then
 		$IPSEC_STROKE "$op" "$@"
+		rc="$?"
 	fi
-	exit 0
+	exit "$rc"
 	;;
 ready)
 	shift
-	if test -e $IPSEC_PLUTO_PID
+	if [ -e $IPSEC_PLUTO_PID ]
 	then
 		$IPSEC_WHACK --listen
+		exit 0
+	else
+		exit 7
 	fi
-	exit 0
 	;;
 reload)
-	if test -e $IPSEC_STARTER_PID 
+	if [ -e $IPSEC_STARTER_PID ]
 	then
-	    echo "Reloading strongSwan IPsec configuration..." >&2
-	    kill -s USR1 `cat $IPSEC_STARTER_PID`
+		echo "Reloading strongSwan IPsec configuration..." >&2
+		kill -s USR1 `cat $IPSEC_STARTER_PID`
+		exit 0
 	else
-	    echo "ipsec starter is not running" >&2
+		echo "ipsec starter is not running" >&2
+		exit 7
 	fi
 	exit 0
 	;;
@ -163,37 +180,49 @@ restart)
 	;;
 route|unroute)
 	op="$1"
+	rc=7
 	shift
 	if [ "$#" -ne 1 ]
 	then
-	    echo "Usage: ipsec $op <connection name>"
-	    exit 1
+		echo "Usage: ipsec $op <connection name>"
+		exit 2
 	fi
-	if test -e $IPSEC_PLUTO_PID
+	if [ -e $IPSEC_PLUTO_PID ]
 	then
 		$IPSEC_WHACK --name "$1" "--$op"
+		rc="$?"
 	fi
-	if test -e $IPSEC_CHARON_PID
+	if [ -e $IPSEC_CHARON_PID ]
 	then
 		$IPSEC_STROKE "$op" "$1"
+		rc="$?"
 	fi
-	exit 0
+	exit "$rc"
 	;;
 scencrypt|scdecrypt)
 	op="$1"
 	shift
-	if test -e $IPSEC_PLUTO_PID
+	if [ -e $IPSEC_PLUTO_PID ]
 	then
 		$IPSEC_WHACK "--$op" "$@"
+		exit "$?"
+	else
+		exit 7
 	fi
-	exit 0
 	;;
 secrets)
-	if test -e $IPSEC_PLUTO_PID
+	rc=7
+	if [ -e $IPSEC_PLUTO_PID ]
 	then
 		$IPSEC_WHACK --rereadsecrets
+		rc="$?"
 	fi
-	exit 0
+	if [ -e $IPSEC_CHARON_PID ]
+	then
+		$IPSEC_STROKE rereadsecrets
+		rc="$?"
+	fi
+	exit "$rc"
 	;;
 start)
 	shift
@ -201,65 +230,75 @@ start)
 	;;
 status|statusall)
 	op="$1"
+	rc=7
 	shift
-	if test $# -eq 0
+	if [ $# -eq 0 ]
 	then
-		if test -e $IPSEC_PLUTO_PID
+		if [ -e $IPSEC_PLUTO_PID ]
 		then
 			$IPSEC_WHACK "--$op"
+			rc="$?"
 		fi
-		if test -e $IPSEC_CHARON_PID
+		if [ -e $IPSEC_CHARON_PID ]
 		then
 			$IPSEC_STROKE "$op"
+			rc="$?"
 		fi
 	else
-		if test -e $IPSEC_PLUTO_PID
+		if [ -e $IPSEC_PLUTO_PID ]
 		then
 			$IPSEC_WHACK --name "$1" "--$op"
+			rc="$?"
 		fi
-		if test -e $IPSEC_CHARON_PID
+		if [ -e $IPSEC_CHARON_PID ]
 		then
 			$IPSEC_STROKE "$op" "$1"
+			rc="$?"
 		fi
 	fi
-	exit 0
+	exit "$rc"
 	;;
 stop)
-	if test -e $IPSEC_STARTER_PID 
+	if [ -e $IPSEC_STARTER_PID ]
 	then
-	    echo "Stopping strongSwan IPsec..." >&2
-	    kill `cat $IPSEC_STARTER_PID`
+		echo "Stopping strongSwan IPsec..." >&2
+		kill `cat $IPSEC_STARTER_PID`
+		exit 0
 	else
-	    echo "ipsec starter is not running" >&2
+	    	echo "ipsec starter is not running" >&2
+		exit 7
 	fi
-	exit 0
 	;;
 up)
 	shift
 	if [ "$#" -ne 1 ]
 	then
 	    echo "Usage: ipsec up <connection name>"
-	    exit 1
+	    exit 2
 	fi
-	if test -e $IPSEC_PLUTO_PID
+	rc=7
+	if [ -e $IPSEC_PLUTO_PID ]
 	then
 		$IPSEC_WHACK --name "$1" --initiate
+		rc="$?"
 	fi
-	if test -e $IPSEC_CHARON_PID
+	if [ -e $IPSEC_CHARON_PID ]
 	then
-	    $IPSEC_STROKE up "$1"
+		$IPSEC_STROKE up "$1"
+		rc="$?"
 	fi
-	exit 0
+	exit "$rc"
 	;;
 update)
-	if test -e $IPSEC_STARTER_PID 
+	if [ -e $IPSEC_STARTER_PID ]
 	then
 		echo "Updating strongSwan IPsec configuration..." >&2
 		kill -s HUP `cat $IPSEC_STARTER_PID`
+		exit 0
 	else
 		echo "ipsec starter is not running" >&2
+		exit 7
 	fi
-	exit 0
 	;;
 version|--version)
 	echo "Linux $IPSEC_NAME $IPSEC_VERSION"
@ -269,7 +308,7 @@ version|--version)
 	;;
 --*)
 	echo "$0: unknown option \`$1' (perhaps command name was omitted?)" >&2
-	exit 1
+	exit 2
 	;;
 esac

@ -278,13 +317,13 @@ shift

 path="$IPSEC_DIR/$cmd"

-if test ! -x "$path" 
+if [ ! -x "$path" ]
 then
    path="$IPSEC_DIR/$cmd"
-    if test ! -x "$path"
+    if [ ! -x "$path" ]
    then
 	echo "$0: unknown IPsec command \`$cmd' (\`ipsec --help' for list)" >&2
-	exit 1
+	exit 2
    fi
 fi

--- a/src/starter/starter.c
+++ b/src/starter/starter.c
@ -43,6 +43,19 @@
 #include "cmp.h"
 #include "interfaces.h"

+/**
+ * Return codes defined by Linux Standard Base Core Specification 3.1
+ * in section 20.2. Init Script Actions
+ */
+#define LSB_RC_SUCCESS               0   /* success                          */
+#define LSB_RC_FAILURE               1   /* generic or unspecified error     */
+#define LSB_RC_INVALID_ARGUMENT      2   /* invalid or excess argument(s)    */
+#define LSB_RC_NOT_IMPLEMENTED       3   /* unimplemented feature (reload)   */
+#define LSB_RC_NOT_ALLOWED           4   /* user had insufficient privilege  */
+#define LSB_RC_NOT_INSTALLED         5   /* program is not installed         */
+#define LSB_RC_NOT_CONFIGURED        6   /* program is not configured        */
+#define LSB_RC_NOT_RUNNING           7   /* program is not running           */
+
 #define FLAG_ACTION_START_PLUTO   0x01
 #define FLAG_ACTION_UPDATE        0x02
 #define FLAG_ACTION_RELOAD        0x04
@ -131,7 +144,7 @@ usage(char *name)
 {
    fprintf(stderr, "Usage: starter [--nofork] [--auto-update <sec>] "
 	    "[--debug|--debug-more|--debug-all]\n");
-    exit(1);
+    exit(LSB_RC_INVALID_ARGUMENT);
 }

 int main (int argc, char **argv)
@ -205,7 +218,7 @@ int main (int argc, char **argv)
    if (getuid() != 0)
    {
 	plog("permission denied (must be superuser)");
-	exit(1);
+	exit(LSB_RC_NOT_ALLOWED);
    }

    if (stat(PLUTO_PID_FILE, &stb) == 0)
@ -227,13 +240,13 @@ int main (int argc, char **argv)
    if (stat(DEV_RANDOM, &stb) != 0)
    {
 	plog("unable to start strongSwan IPsec -- no %s!", DEV_RANDOM);
-	exit(1);
+	exit(LSB_RC_FAILURE);
    }

    if (stat(DEV_URANDOM, &stb)!= 0)
    {
 	plog("unable to start strongSwan IPsec -- no %s!", DEV_URANDOM);
-	exit(1);
+	exit(LSB_RC_FAILURE);
    }

    cfg = confread_load(CONFIG_FILE);
@ -244,14 +257,14 @@ int main (int argc, char **argv)
 	{
 	    confread_free(cfg);
 	}
-	exit(1);
+	exit(LSB_RC_INVALID_ARGUMENT);
    }

    /* determine if we have a native netkey IPsec stack */
    if (!starter_netkey_init())
    {
 	plog("no netkey IPSec stack detected");
-	exit(1);
+	exit(LSB_RC_FAILURE);
    }

    last_reload = time(NULL);
@ -259,7 +272,7 @@ int main (int argc, char **argv)
    if (stat(STARTER_PID_FILE, &stb) == 0)
    {
 	plog("starter is already running (%s exists) -- no fork done", STARTER_PID_FILE);
-	exit(0);
+	exit(LSB_RC_SUCCESS);
    }

    /* fork if we're not debugging stuff */
@ -287,7 +300,7 @@ int main (int argc, char **argv)
 		plog("can't fork: %s", strerror(errno));
 		break;
 	    default:
-		exit(0);
+		exit(LSB_RC_SUCCESS);
 	}
    }

@ -322,7 +335,7 @@ int main (int argc, char **argv)
 #endif /* LEAK_DETECTIVE */
 	    close_log();
 	    plog("ipsec starter stopped");
-	    exit(0);
+	    exit(LSB_RC_SUCCESS);
 	}

 	/*
@ -643,7 +656,6 @@ int main (int argc, char **argv)
 	    _action_ |= FLAG_ACTION_UPDATE;
 	}
    }
-
-    return 0;
+    exit(LSB_RC_SUCCESS);
 }