#! /bin/sh

### BEGIN INIT INFO
# Provides:          fwknop-server
# Required-Start:    $local_fs $remote_fs $syslog $network
# Required-Stop:     $local_fs $remote_fs $syslog $network
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: start and stop fwknopd
# Description: Fwknop implements an authorization scheme known as \
#              Single Packet Authorization (SPA) for Linux systems \
#              running iptables.
### END INIT INFO

# Author: Franck Joncourt <franck@debian.org>

PATH=/sbin:/usr/sbin:/bin:/usr/bin
DESC="FireWall KNock OPerator"
NAME=fwknopd
DAEMON=/usr/sbin/$NAME
PIDDIR=/run/fwknop
SCRIPTNAME=/etc/init.d/fwknop-server

# Exit if the package is not installed
[ -x "$DAEMON" ] || exit 0

# Load user options to pass to fwknopd daemon
START_DAEMON="no"
DAEMON_ARGS=""
[ -r /etc/default/fwknop-server ] && . /etc/default/fwknop-server

# Exit if the dameon must not be started
[ "$START_DAEMON" = "yes" ] || exit 0

# Load the VERBOSE setting and other rcS variables
. /lib/init/vars.sh

# Define LSB log_* functions.
# Depend on lsb-base (>= 3.0-6) to ensure that this file is present.
. /lib/lsb/init-functions

##
# Function that checks if all of the configuration files exist
#
# @return status
#          0 : all of the configuration files exist
#          6 : at least one file is missing
##

check_config()
{
	local retval
	local file_list

	retval=0
	file_list="/etc/fwknop/access.conf /etc/fwknop/fwknopd.conf"

	for ConfFile in $file_list; do
		if [ ! -f "$ConfFile" ]; then
			retval=6	
		 	break	
		fi
	done

	return $retval
}

##
# Function that starts the daemon/service
#
# @return status
#          0 : daemon has been started or was already running
#          1 : generic or unspecified errors (could not be started)
#          6 : program is not configured (missing configuration files)
##

do_start()
{
	local retval

        mkdir -p $PIDDIR
        chmod 755 $PIDDIR

	# Check fwknopd configuration
	check_config
	retval=$?

	# Try to start fwknopd
	if [ "$retval"  = "0" ]; then
		start-stop-daemon --start --quiet --pidfile $PIDDIR/$NAME --exec $DAEMON -- $DAEMON_ARGS
		retval="$?"
	fi

	# Handle return status codes
	case "$retval" in
		0)	 
			;;
		6)	
			log_action_msg "You are missing the configuration file $ConfFile." || true
			;;
		9)	
			retval=0
			;;
		*)
			retval=1
			log_action_msg "Unable to start the daemon." || true
			;;
	esac

       log_daemon_msg "Starting $DESC" "$NAME" || true
       log_end_msg $retval || true

	return $retval
}

##
# Function that stops the daemon/service
#
# @return status
#            0 : daemon has been stopped or was already stopped
#            1 : daemon could not be stopped
##

do_stop()
{
	local retval="0"
	local status kill_status
	local pid pidfile
	local process_list="fwknopd"

	# For each process
	for process in $process_list; do

		pidfile="$PIDDIR/$process.pid"
		status="0"
		kill_status="1"

		# Try to kill the process associated to the pid
		if [ -r "$pidfile" ]; then
			pid=`cat "$pidfile" 2>/dev/null`
			kill -0 "${pid:-}" 2>/dev/null
			kill_status="$?"
		fi

		# Stop the process
		if [ "$kill_status" = "0" ]; then
			start-stop-daemon --stop --oknodo --quiet --pidfile "$pidfile"
			status="$?"
		fi

		# Remove its pid file
		if [ -r "$pidfile" ] && [ "$status" = "0" ]; then
			 rm -f "$pidfile" 2>/dev/null
			 status="$?"
		fi

		[ "$status" = "0" ] || retval="1"

	done


	if [ "$retval" != "0" ]; then
		log_action_msg "The process could not be stopped" || true
	fi

        log_daemon_msg "Stopping $DESC" "$NAME" || true
        log_end_msg $retval || true

	return $retval
}

##
# Function that returns the daemon status
##

do_status()
{
	echo "Status of $DESC:"
	$DAEMON -S
}

case "$1" in
	start)
		do_start
		;;

	stop)
		do_stop
		;;

	restart|force-reload)
		do_stop
		sleep 1
		do_start
		;;

	status)
		do_status
		exit $?
		;;

	*)
		log_success_msg "Usage: $0 {start|stop|restart|status}" >&2
		exit 1 
		;;
esac

exit
