From 0c1844c0067cb72cad7e1c7c1c928f9c2c15dce9 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Sun, 16 Sep 2018 15:15:53 +0100 Subject: [PATCH] ipsec: security policies: Make integrity command plural References: #11446 Signed-off-by: Michael Tremer --- config/vpn/security-policies/performance | 2 +- config/vpn/security-policies/system | 2 +- src/bash-completion/network | 8 ++-- src/functions/functions.vpn-security-policies | 40 +++++++++---------- 4 files changed, 26 insertions(+), 26 deletions(-) diff --git a/config/vpn/security-policies/performance b/config/vpn/security-policies/performance index 0ca0f8c3..9b8e9436 100644 --- a/config/vpn/security-policies/performance +++ b/config/vpn/security-policies/performance @@ -1,7 +1,7 @@ CIPHERS="CHACHA20-POLY1305 AES128-GCM128 AES128-CBC" COMPRESSION="off" GROUP_TYPES="ECP521 ECP384 ECP256 ECP224 ECP192 CURVE25519" -INTEGRITY="SHA256" +INTEGRITIES="SHA256" PSEUDO_RANDOM_FUNCTIONS="SHA256" KEY_EXCHANGE="ikev2" LIFETIME="28800" diff --git a/config/vpn/security-policies/system b/config/vpn/security-policies/system index 002ac4eb..8fdfe9a0 100644 --- a/config/vpn/security-policies/system +++ b/config/vpn/security-policies/system @@ -1,6 +1,6 @@ KEY_EXCHANGE="ikev2" CIPHERS="CHACHA20-POLY1305 AES256-GCM128 AES192-GCM128 AES128-GCM128 AES256-CBC AES192-CBC AES128-CBC" -INTEGRITY="SHA512 SHA384 SHA256" +INTEGRITIES="SHA512 SHA384 SHA256" GROUP_TYPES="MODP8192 MODP6144 MODP4096 MODP2048 ECP521 ECP384 ECP256 ECP224 ECP192 CURVE25519" PSEUDO_RANDOM_FUNCTIONS="SHA512 SHA384 SHA256" LIFETIME="28800" diff --git a/src/bash-completion/network b/src/bash-completion/network index 97061861..2621628a 100644 --- a/src/bash-completion/network +++ b/src/bash-completion/network @@ -561,7 +561,7 @@ _network_vpn_security_policies_subcommands() { shift local words=( $@ ) - local commands="ciphers compression group-types integrity key-exchange lifetime pfs pseudo-random-functions show" + local commands="ciphers compression group-types integrities key-exchange lifetime pfs pseudo-random-functions show" local cmd="$(_network_find_on_cmdline "${commands}")" if [[ -z "${cmd}" ]]; then COMPREPLY=( $(compgen -W "${commands}" -- "${cur}") ) @@ -580,8 +580,8 @@ _network_vpn_security_policies_subcommands() { group-types) _network_vpn_security_policies_subcommands_group_types ${policy} ${args} ;; - integrity) - _network_vpn_security_policies_subcommands_integrity ${policy} ${args} + integrities) + _network_vpn_security_policies_subcommands_integrities ${policy} ${args} ;; pseudo-random-functions) _network_vpn_security_policies_subcommands_pseudo_random_functions ${policy} ${args} @@ -607,7 +607,7 @@ _network_vpn_security_policies_subcommands_group_types() { : } -_network_vpn_security_policies_subcommands_integrity() { +_network_vpn_security_policies_subcommands_integrities() { : } diff --git a/src/functions/functions.vpn-security-policies b/src/functions/functions.vpn-security-policies index 86fa7eae..dc0f164e 100644 --- a/src/functions/functions.vpn-security-policies +++ b/src/functions/functions.vpn-security-policies @@ -20,7 +20,7 @@ ############################################################################### VPN_SECURITY_POLICIES_CONFIG_SETTINGS="CIPHERS COMPRESSION GROUP_TYPES \ - INTEGRITY PSEUDO_RANDOM_FUNCTIONS KEY_EXCHANGE LIFETIME PFS" + INTEGRITIES PSEUDO_RANDOM_FUNCTIONS KEY_EXCHANGE LIFETIME PFS" VPN_SECURITY_POLICIES_READONLY="system performance" VPN_DEFAULT_SECURITY_POLICY="system" @@ -203,7 +203,7 @@ declare -A PSEUDO_RANDOM_FUNCTION_TO_STRONGSWAN=( [AES-CMAC]="prfaescmac" ) -declare -A VPN_SUPPORTED_INTEGRITY=( +declare -A VPN_SUPPORTED_INTEGRITIES=( [MD5]="MD5-HMAC" # SHA @@ -303,7 +303,7 @@ cli_vpn_security_policies() { shift 2 case "${key}" in - ciphers|compression|integrity|lifetime|pfs|show) + ciphers|compression|integrities|lifetime|pfs|show) vpn_security_policies_${key} ${security_policy} "$@" ;; pseudo-random-functions) @@ -506,8 +506,8 @@ vpn_security_policies_show() { cli_print_fmt1 1 "Integrity:" local integrity - for integrity in ${INTEGRITY}; do - cli_print_fmt1 2 "${VPN_SUPPORTED_INTEGRITY[${integrity}]-${integrity}}" + for integrity in ${INTEGRITIES}; do + cli_print_fmt1 2 "${VPN_SUPPORTED_INTEGRITIES[${integrity}]-${integrity}}" done cli_space @@ -787,22 +787,22 @@ vpn_security_policies_group_types() { } # This function parses the parameters for the 'integrity' command -vpn_security_policies_integrity(){ +vpn_security_policies_integrities() { local name=${1} shift if [ $# -eq 0 ]; then - log ERROR "You must pass at least one value after integrity" + log ERROR "You must pass at least one value" return ${EXIT_ERROR} fi - local INTEGRITY - if ! vpn_security_policies_read_config ${name} "INTEGRITY"; then + local INTEGRITIES + if ! vpn_security_policies_read_config ${name} "INTEGRITIES"; then return ${EXIT_ERROR} fi # Remove duplicated entries to proceed the list safely - INTEGRITY="$(list_unique ${INTEGRITY})" + INTEGRITIES="$(list_unique ${INTEGRITIES})" local integritys_added local integritys_removed @@ -846,7 +846,7 @@ vpn_security_policies_integrity(){ fi done - INTEGRITY="${integritys_set}" + INTEGRITIES="${integritys_set}" # Perform incremental updates else @@ -854,14 +854,14 @@ vpn_security_policies_integrity(){ # Perform all removals for integrity in ${integritys_removed}; do - if ! list_remove INTEGRITY ${integrity}; then + if ! list_remove INTEGRITIES ${integrity}; then warning "${integrity} was not on the list and could not be removed" fi done for integrity in ${integritys_added}; do if vpn_security_policies_integrity_supported ${integrity}; then - if ! list_append_unique INTEGRITY ${integrity}; then + if ! list_append_unique INTEGRITIES ${integrity}; then warning "${integrity} is already on the integrity list" fi else @@ -871,19 +871,19 @@ vpn_security_policies_integrity(){ fi # Check if the list contain at least one valid integrity - if list_is_empty INTEGRITY; then + if list_is_empty INTEGRITIES; then error "Cannot save an empty integrity hashes list" return ${EXIT_ERROR} fi # Save everything - if ! vpn_security_policies_write_config_key ${name} "INTEGRITY" ${INTEGRITY}; then + if ! vpn_security_policies_write_config_key ${name} "INTEGRITIES" ${INTEGRITIES}; then log ERROR "The changes for the vpn security policy ${name} could not be written." fi cli_headline 1 "Current integrity hashes list for ${name}:" - for integrity in ${INTEGRITY}; do - cli_print_fmt1 1 "${integrity}" "${VPN_SUPPORTED_INTEGRITY[${integrity}]}" + for integrity in ${INTEGRITIES}; do + cli_print_fmt1 1 "${integrity}" "${VPN_SUPPORTED_INTEGRITIES[${integrity}]}" done } @@ -1155,7 +1155,7 @@ vpn_security_policies_group_type_supported() { vpn_security_policies_integrity_supported() { local integrity=${1} - list_match ${integrity} ${!VPN_SUPPORTED_INTEGRITY[@]} + list_match ${integrity} ${!VPN_SUPPORTED_INTEGRITIES[@]} } vpn_security_policies_pseudo_random_function_supported() { @@ -1253,7 +1253,7 @@ _vpn_security_policies_make_ike_proposal() { done else local integrity - for integrity in ${INTEGRITY}; do + for integrity in ${INTEGRITIES}; do local _integrity=${INTEGRITY_TO_STRONGSWAN[${integrity}]} if ! isset _integrity; then @@ -1344,7 +1344,7 @@ _vpn_security_policies_make_esp_proposal() { done else local integrity - for integrity in ${INTEGRITY}; do + for integrity in ${INTEGRITIES}; do local _integrity=${INTEGRITY_TO_STRONGSWAN[${integrity}]} if ! isset _integrity; then -- 2.39.2