#!/bin/sh
#
# this file maintained at http://git.mdcc.cx/uruk.git
#
# Uruk init script.

# chkconfig: 2345 11 89
# description: starts, stops and saves iptables state, as created by uruk
# beware! above two lines are parsed by chkconfig(8), as commonly found on
# (old?  << 2013 ?) RPM based systems

### BEGIN INIT INFO
# Provides:          uruk
# Required-Start:    $local_fs
# Required-Stop:     $local_fs
# Default-Start:     S
# Default-Stop:      0 1 6
# X-Start-Before: networking
# X-Stop-Before:
# Description: Starts uruk firewall configuration
# short-description: uruk firewall configuration
### END INIT INFO

# Copyright (C) 2002, 2003 Laurence J. Lane
# Copyright (C) 2003, 2004, 2005, 2007, 2010 Joost van Baal 
# Copyright (C) 2013 Joost van Baal-Ilić
#
# This file is free software; you can redistribute it and/or modify it under
# the terms of the GNU General Public License as published by the Free
# Software Foundation, either version 3 of the License, or (at your option)
# any later version.
#
# This file is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE.  See the GNU GPL for more details.
#
# You should have received a copy of the GNU GPL along with this file, see
# e.g. the file named COPYING.  If not, see <http://www.gnu.org/licenses/>.

# Based upon /etc/init.d/iptables as shipped with the Debian iptables
# package by Laurence J. Lane

NAME=uruk
DAEMON=/sbin/uruk
SCRIPTNAME=/etc/init.d/"$NAME"

initd="$0"

# Debian-ism?  Not exit 5 but exit 0.
test -f $DAEMON || exit 0


###############################################################################
#
# This script should be LSB 3.1.0 compliant.  In particular,
# http://refspecs.freestandards.org/LSB_3.1.0/LSB-generic/LSB-generic/initscrcomconv.html
# and
# http://refspecs.freestandards.org/LSB_3.1.0/LSB-generic/LSB-generic/iniscrptact.html
# should be adhered to:
# 
# Error and status messages should be printed with the logging functions (see
# Init Script Functions) log_success_msg(), log_failure_msg() and
# log_warning_msg(). Scripts may write to standard error or standard output, but
# implementations need not present text written to standard error/output to the
# user or do anything else with it.
# 
# LSB required:
# start   start the service
# stop    stop the service
# restart stop and restart the service if the service is already running,
#         otherwise start the service
# force-reload   cause the configuration to be reloaded if the service supports
#         this, otherwise restart the service if it is running
# status  print the current status of the service
# 
# In case of an error while processing any init-script action except for status,
# the init script shall print an error message and exit with a non-zero status
# code:
# 
# 1   generic or unspecified error (current practice)
# 2   invalid or excess argument(s)
# 3   unimplemented feature (for example, "reload")
# 4   user had insufficient privilege
# 5   program is not installed
# 6   program is not configured
# 7   program is not running
#
#
# Note that those situation shall also be regarded as success:
# * restarting a service (instead of reloading it)
#   with the "force-reload" argument
# * running "start" on a service already running
# * running "stop" on a service already stopped or not running
# * running "restart" on a service already stopped or not running
# * running "try-restart" on a service already stopped or not running
#
###############################################################################



#                        /lib/lsb/init-functions
# Red Hat EL AS rel 3          Yes
#
# Debian GNU/Linux >= Sarge    Yes, in lsb-base package
#
# See /usr/share/doc/lsb-core/examples/init-skeleton.gz for sample lsb init
# script.
#
# include lsb functions
lsb_init_functions=/lib/lsb/init-functions
uruk_lsb_init_functions=/lib/uruk/lsb/init-functions
if test -f $lsb_init_functions; then
  . $lsb_init_functions
elif test -f $uruk_lsb_init_functions; then
  . $uruk_lsb_init_functions
else
  cat << END
File $lsb_init_functions nor file $uruk_lsb_init_functions found. Exiting.
END
  exit 1
fi

usage () {
  cat <<END
$initd options:
  start
     If not yet done, save current iptables status in "inactive" ruleset.
     (Re)build and load the "active" ruleset.
  force-reload
     (Re)build and load the "active" ruleset, in case uruk is running.
  stop
     Load the "inactive" ruleset.
  restart
     Perform stop-actions followed by start-actions.
  status
     Print the current status of the service: show which ruleset is loaded, and
     wether uruk is "running".

Saved ruleset locations: /var/lib/uruk/iptables/ and /var/lib/uruk/ip6tables/ .
END
}


set -e

case "$1" in
  start)
    urukctl start
    STATUS=$?
    if test "$STATUS" = 0; then
      log_success_msg "Starting uruk"
    else
      log_failure_msg "Starting uruk"
    fi
    ;;
  stop)
    urukctl stop
    STATUS=$?
    if test "$STATUS" = 0; then
      log_success_msg "Shutting down uruk"
    else
      log_failure_msg "Shutting down uruk"
    fi
    ;;
  restart)
    # Restart service (if running) or start service
    $initd stop
    $initd start
    ;;
  force-reload)
    urukctl status
    STATUS=$?
    if test "$STATUS" = 0; then
      # uruk is running
      urukctl force-reload
      log_success_msg "Reloading uruk"
    else
      log_success_msg "Nothing to do for reloading uruk: uruk is not running"
      STATUS=0
    fi

    ;;
  status)
    # If the status action is requested, the init script will
    # return the following exit status codes.
    #
    # 0  program is running or service is OK
    # 1  program is dead and /var/run pid file exists
    # 2  program is dead and /var/lock lock file exists
    # 3  program is not running
    # 4  program or service status is unknown

    urukctl status
    STATUS=$?
    if test "$STATUS" = 0; then
      if test "$status_active"; then
        log_success_msg "Checking uruk ($iptables_command): uruk running"
      else
        log_failure_msg "Checking uruk ($iptables_command): both active and inactive rulesets present, but active ruleset not loaded"
        STATUS=4
      fi
    elif test "$STATUS" = 3; then
      log_success_msg "Checking uruk ($iptables_command): uruk not running"
    else
      # STATUS=4 no active file present
      log_failure_msg "Checking uruk ($iptables_command): active ruleset not present"
    fi
    ;;
  save|create|load|reload|clear|halt|flush)
    # FIXME to be phased out at 2013-12 (introduced 2013-05)
    log_warning_msg "Passing argument $* to the uruk initscript is deprecrated.  In an upcoming release, be sure to use the new urukctl interface.  Calling urukctl for you now."
    exec urukctl $*
    ;;
  *)
    usage
    log_failure_msg "Aborting uruk $1: unsupported argument."
    exit 2
    ;;
esac

