#!/bin/sh
#
# racoon	IPsec IKE (ISAKMP/Oakley) key management daemon
#
# chkconfig: - 20 80
# description:	IKE (ISAKMP/Oakley) key management daemon.
# processname: racoon
# config: /etc/racoon/racoon.conf
# pidfile: /var/run/racoon.pid

### BEGIN INIT INFO
# Provides:          racoon
# Required-Start:    $remote_fs
# Required-Stop:     $remote_fs
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: Start ipsec key management daemon.
# Description:       Enable ipsec key management daemon.
### END INIT INFO

# Do not load RH compatibility interface.
WITHOUT_RC_COMPAT=1

# Source function library.
. /etc/init.d/functions

# Source service configuration.
SourceIfNotEmpty /etc/sysconfig/network
SourceIfNotEmpty /etc/sysconfig/racoon

PIDFILE=/var/run/racoon.pid
LOCKFILE=/var/lock/subsys/racoon
RETVAL=0

SETKEY="IPsec policies"
SETKEY_BIN=/usr/sbin/setkey
SETKEY_CONF=/etc/racoon/setkey.conf

RACOON="IPsec IKE daemon (racoon)"
RACOON_BIN=/usr/sbin/racoon
RACOON_CONF=/etc/racoon/racoon.conf

start()
{
	is_yes "$NETWORKING" || return 0				

	if [ -f $SETKEY_CONF ]; then
		action "Setting up $SETKEY " $SETKEY_BIN $SETKEY_OPTIONS -f $SETKEY_CONF
	fi
	
	## If there is no conf file, skip starting of ddtd
	## and return with "program not configured"
	if ! [ -f $RACOON_CONF ]; then
		msg_not_running $"$RACOON"
		failure "$RACOON"
		return 1
	fi
	
	msg_starting $"$RACOON"
	start_daemon \
	  --pidfile "$PIDFILE" --lockfile "$LOCKFILE" \
	  --expect-user root --no-announce -- \
	  $RACOON_BIN $RACOON_OPTIONS -f $RACOON_CONF
	RETVAL=$?
	return $RETVAL
}

stop()
{
	msg_stopping $"$RACOON"
	stop_daemon \
	  --pidfile "$PIDFILE" --lockfile "$LOCKFILE" \
	  --expect-user root --no-announce -- \
	  $RACOON_BIN
	RETVAL=$?
	
	# Flush SPD policies if required
	if [ -n "$SETKEY_FLUSH_OPTIONS" ]; then
		action "Flushing $SETKEY " $SETKEY_BIN $SETKEY_FLUSH_OPTIONS
	fi

	return $RETVAL
}

restart()
{
	stop
	start
}

reload()
{
	msg_reloading $"$RACOON"
	stop_daemon --pidfile "$PIDFILE" --expect-user root -HUP -- $RACOON_BIN
	RETVAL=$?
	return $RETVAL
} 

# See how we were called.
case "$1" in
	start)
		start
		;;
	stop)
		stop
		;;
	reload)
		reload
		;;
	restart)
		restart
		;;
	condstop)
		if [ -e "$LOCKFILE" ]; then
			stop
		fi
		;;
	condrestart)
		if [ -e "$LOCKFILE" ]; then
			restart
		fi
		;;
	condreload)
		if [ -e "$LOCKFILE" ]; then
			reload
		fi
		;;
	status)
		status --pidfile "$PIDFILE" --expect-user root -- $RACOON_BIN
		RETVAL=$?
		;;
	*)
		msg_usage "${0##*/} {start|stop|reload|restart|condstop|condrestart|condreload|status}"
		RETVAL=1
esac

exit $RETVAL
