ipsec: security policies: Make integrity command plural

author Michael Tremer <michael.tremer@ipfire.org>

Sun, 16 Sep 2018 14:15:53 +0000 (15:15 +0100)

committer Michael Tremer <michael.tremer@ipfire.org>

Sun, 16 Sep 2018 14:15:53 +0000 (15:15 +0100)
author Michael Tremer <michael.tremer@ipfire.org>
Sun, 16 Sep 2018 14:15:53 +0000 (15:15 +0100)
committer Michael Tremer <michael.tremer@ipfire.org>
Sun, 16 Sep 2018 14:15:53 +0000 (15:15 +0100)
diff --git a/config/vpn/security-policies/performance b/config/vpn/security-policies/performance

index 0ca0f8c3e90e8a1f3bc6948ecddad5c5953718a9..9b8e943681477416d461ba0f741e5f585b358e8b 100644 (file)
--- a/config/vpn/security-policies/performance
+++ b/config/vpn/security-policies/performance
@@ -1,7 +1,7 @@
  CIPHERS="CHACHA20-POLY1305 AES128-GCM128 AES128-CBC"
  COMPRESSION="off"
  GROUP_TYPES="ECP521 ECP384 ECP256 ECP224 ECP192 CURVE25519"
-INTEGRITY="SHA256"
+INTEGRITIES="SHA256"
  PSEUDO_RANDOM_FUNCTIONS="SHA256"
  KEY_EXCHANGE="ikev2"
  LIFETIME="28800"
diff --git a/config/vpn/security-policies/system b/config/vpn/security-policies/system

index 002ac4eb02b8bc26f446c37808d4cf9873fe253f..8fdfe9a09b62e3ebac833cd1c5e3a15aae14037e 100644 (file)
--- a/config/vpn/security-policies/system
+++ b/config/vpn/security-policies/system
@@ -1,6 +1,6 @@
  KEY_EXCHANGE="ikev2"
  CIPHERS="CHACHA20-POLY1305 AES256-GCM128 AES192-GCM128 AES128-GCM128 AES256-CBC AES192-CBC AES128-CBC"
-INTEGRITY="SHA512 SHA384 SHA256"
+INTEGRITIES="SHA512 SHA384 SHA256"
  GROUP_TYPES="MODP8192 MODP6144 MODP4096 MODP2048 ECP521 ECP384 ECP256 ECP224 ECP192 CURVE25519"
  PSEUDO_RANDOM_FUNCTIONS="SHA512 SHA384 SHA256"
  LIFETIME="28800"
diff --git a/src/bash-completion/network b/src/bash-completion/network

index 97061861c28f8e67a1987a1ee6650e3ca04ee147..2621628a1e4b6a3c43a9eb7c0b75af1b2d884dd9 100644 (file)
--- a/src/bash-completion/network
+++ b/src/bash-completion/network
@@ -561,7 +561,7 @@ _network_vpn_security_policies_subcommands() {
         shift
         local words=( $@ )
  
-       local commands="ciphers compression group-types integrity key-exchange lifetime pfs pseudo-random-functions show"
+       local commands="ciphers compression group-types integrities key-exchange lifetime pfs pseudo-random-functions show"
         local cmd="$(_network_find_on_cmdline "${commands}")"
         if [[ -z "${cmd}" ]]; then
                 COMPREPLY=( $(compgen -W "${commands}" -- "${cur}") )
@@ -580,8 +580,8 @@ _network_vpn_security_policies_subcommands() {
                 group-types)
                         _network_vpn_security_policies_subcommands_group_types ${policy} ${args}
                         ;;
-               integrity)
-                       _network_vpn_security_policies_subcommands_integrity ${policy} ${args}
+               integrities)
+                       _network_vpn_security_policies_subcommands_integrities ${policy} ${args}
                         ;;
                 pseudo-random-functions)
                         _network_vpn_security_policies_subcommands_pseudo_random_functions ${policy} ${args}
@@ -607,7 +607,7 @@ _network_vpn_security_policies_subcommands_group_types() {
         :
  }
  
-_network_vpn_security_policies_subcommands_integrity() {
+_network_vpn_security_policies_subcommands_integrities() {
         :
  }
  
diff --git a/src/functions/functions.vpn-security-policies b/src/functions/functions.vpn-security-policies

index 86fa7eaedeb87b9c24b460718aef0b9d8bb0919d..dc0f164e5590dfa3b4a34b4bf717c3f7c6ebd427 100644 (file)
--- a/src/functions/functions.vpn-security-policies
+++ b/src/functions/functions.vpn-security-policies
@@ -20,7 +20,7 @@
  ###############################################################################
  
  VPN_SECURITY_POLICIES_CONFIG_SETTINGS="CIPHERS COMPRESSION GROUP_TYPES \
-       INTEGRITY PSEUDO_RANDOM_FUNCTIONS KEY_EXCHANGE LIFETIME PFS"
+       INTEGRITIES PSEUDO_RANDOM_FUNCTIONS KEY_EXCHANGE LIFETIME PFS"
  VPN_SECURITY_POLICIES_READONLY="system performance"
  
  VPN_DEFAULT_SECURITY_POLICY="system"
@@ -203,7 +203,7 @@ declare -A PSEUDO_RANDOM_FUNCTION_TO_STRONGSWAN=(
         [AES-CMAC]="prfaescmac"
  )
  
-declare -A VPN_SUPPORTED_INTEGRITY=(
+declare -A VPN_SUPPORTED_INTEGRITIES=(
         [MD5]="MD5-HMAC"
  
         # SHA
@@ -303,7 +303,7 @@ cli_vpn_security_policies() {
                 shift 2
  
                 case "${key}" in
-                       ciphers|compression|integrity|lifetime|pfs|show)
+                       ciphers|compression|integrities|lifetime|pfs|show)
                                 vpn_security_policies_${key} ${security_policy} "$@"
                                 ;;
                         pseudo-random-functions)
@@ -506,8 +506,8 @@ vpn_security_policies_show() {
  
         cli_print_fmt1 1 "Integrity:"
         local integrity
-       for integrity in ${INTEGRITY}; do
-               cli_print_fmt1 2 "${VPN_SUPPORTED_INTEGRITY[${integrity}]-${integrity}}"
+       for integrity in ${INTEGRITIES}; do
+               cli_print_fmt1 2 "${VPN_SUPPORTED_INTEGRITIES[${integrity}]-${integrity}}"
         done
         cli_space
  
@@ -787,22 +787,22 @@ vpn_security_policies_group_types() {
  }
  
  # This function parses the parameters for the 'integrity' command
-vpn_security_policies_integrity(){
+vpn_security_policies_integrities() {
         local name=${1}
         shift
  
         if [ $# -eq 0 ]; then
-               log ERROR "You must pass at least one value after integrity"
+               log ERROR "You must pass at least one value"
                 return ${EXIT_ERROR}
         fi
  
-       local INTEGRITY
-       if ! vpn_security_policies_read_config ${name} "INTEGRITY"; then
+       local INTEGRITIES
+       if ! vpn_security_policies_read_config ${name} "INTEGRITIES"; then
                 return ${EXIT_ERROR}
         fi
  
         # Remove duplicated entries to proceed the list safely
-       INTEGRITY="$(list_unique ${INTEGRITY})"
+       INTEGRITIES="$(list_unique ${INTEGRITIES})"
  
         local integritys_added
         local integritys_removed
@@ -846,7 +846,7 @@ vpn_security_policies_integrity(){
                         fi
                 done
  
-               INTEGRITY="${integritys_set}"
+               INTEGRITIES="${integritys_set}"
  
         # Perform incremental updates
         else
@@ -854,14 +854,14 @@ vpn_security_policies_integrity(){
  
                 # Perform all removals
                 for integrity in ${integritys_removed}; do
-                       if ! list_remove INTEGRITY ${integrity}; then
+                       if ! list_remove INTEGRITIES ${integrity}; then
                                 warning "${integrity} was not on the list and could not be removed"
                         fi
                 done
  
                 for integrity in ${integritys_added}; do
                         if vpn_security_policies_integrity_supported ${integrity}; then
-                               if ! list_append_unique INTEGRITY ${integrity}; then
+                               if ! list_append_unique INTEGRITIES ${integrity}; then
                                         warning "${integrity} is already on the integrity list"
                                 fi
                         else
@@ -871,19 +871,19 @@ vpn_security_policies_integrity(){
         fi
  
         # Check if the list contain at least one valid integrity
-       if list_is_empty INTEGRITY; then
+       if list_is_empty INTEGRITIES; then
                 error "Cannot save an empty integrity hashes list"
                 return ${EXIT_ERROR}
         fi
  
         # Save everything
-       if ! vpn_security_policies_write_config_key ${name} "INTEGRITY" ${INTEGRITY}; then
+       if ! vpn_security_policies_write_config_key ${name} "INTEGRITIES" ${INTEGRITIES}; then
                 log ERROR "The changes for the vpn security policy ${name} could not be written."
         fi
  
         cli_headline 1 "Current integrity hashes list for ${name}:"
-       for integrity in ${INTEGRITY}; do
-               cli_print_fmt1 1 "${integrity}" "${VPN_SUPPORTED_INTEGRITY[${integrity}]}"
+       for integrity in ${INTEGRITIES}; do
+               cli_print_fmt1 1 "${integrity}" "${VPN_SUPPORTED_INTEGRITIES[${integrity}]}"
         done
  }
  
@@ -1155,7 +1155,7 @@ vpn_security_policies_group_type_supported() {
  vpn_security_policies_integrity_supported() {
         local integrity=${1}
  
-       list_match ${integrity} ${!VPN_SUPPORTED_INTEGRITY[@]}
+       list_match ${integrity} ${!VPN_SUPPORTED_INTEGRITIES[@]}
  }
  
  vpn_security_policies_pseudo_random_function_supported() {
@@ -1253,7 +1253,7 @@ _vpn_security_policies_make_ike_proposal() {
                         done
                 else
                         local integrity
-                       for integrity in ${INTEGRITY}; do
+                       for integrity in ${INTEGRITIES}; do
                                 local _integrity=${INTEGRITY_TO_STRONGSWAN[${integrity}]}
  
                                 if ! isset _integrity; then
@@ -1344,7 +1344,7 @@ _vpn_security_policies_make_esp_proposal() {
                         done
                 else
                         local integrity
-                       for integrity in ${INTEGRITY}; do
+                       for integrity in ${INTEGRITIES}; do
                                 local _integrity=${INTEGRITY_TO_STRONGSWAN[${integrity}]}
  
                                 if ! isset _integrity; then
author	Michael Tremer <michael.tremer@ipfire.org>
	Sun, 16 Sep 2018 14:15:53 +0000 (15:15 +0100)
committer	Michael Tremer <michael.tremer@ipfire.org>
	Sun, 16 Sep 2018 14:15:53 +0000 (15:15 +0100)
config/vpn/security-policies/performance		patch \| blob \| blame \| history
config/vpn/security-policies/system		patch \| blob \| blame \| history
src/bash-completion/network		patch \| blob \| blame \| history
src/functions/functions.vpn-security-policies		patch \| blob \| blame \| history