Merge remote-tracking branch 'upstream/master'

diff --git a/config/vpn/security-policies/performance b/config/vpn/security-policies/performance
index 26ba382d3a9407e012716e6dfd7cb4ac6aacd695..9b8e943681477416d461ba0f741e5f585b358e8b 100644 (file)
--- a/config/vpn/security-policies/performance
+++ b/config/vpn/security-policies/performance
@@ -1,7 +1,7 @@
 CIPHERS="CHACHA20-POLY1305 AES128-GCM128 AES128-CBC"
 COMPRESSION="off"
-GROUP_TYPE="ECP521 ECP384 ECP256 ECP224 ECP192 CURVE25519"
-INTEGRITY="SHA256"
+GROUP_TYPES="ECP521 ECP384 ECP256 ECP224 ECP192 CURVE25519"
+INTEGRITIES="SHA256"
 PSEUDO_RANDOM_FUNCTIONS="SHA256"
 KEY_EXCHANGE="ikev2"
 LIFETIME="28800"

diff --git a/config/vpn/security-policies/system b/config/vpn/security-policies/system
index ce7cb7ae33d65412d00200d04fae7a7a00d714bf..8fdfe9a09b62e3ebac833cd1c5e3a15aae14037e 100644 (file)
--- a/config/vpn/security-policies/system
+++ b/config/vpn/security-policies/system
@@ -1,7 +1,7 @@
 KEY_EXCHANGE="ikev2"
 CIPHERS="CHACHA20-POLY1305 AES256-GCM128 AES192-GCM128 AES128-GCM128 AES256-CBC AES192-CBC AES128-CBC"
-INTEGRITY="SHA512 SHA384 SHA256"
-GROUP_TYPE="MODP8192 MODP6144 MODP4096 MODP2048 ECP521 ECP384 ECP256 ECP224 ECP192 CURVE25519"
+INTEGRITIES="SHA512 SHA384 SHA256"
+GROUP_TYPES="MODP8192 MODP6144 MODP4096 MODP2048 ECP521 ECP384 ECP256 ECP224 ECP192 CURVE25519"
 PSEUDO_RANDOM_FUNCTIONS="SHA512 SHA384 SHA256"
 LIFETIME="28800"
 PFS="on"

diff --git a/src/bash-completion/network b/src/bash-completion/network
index 33bf456e56f45a5009e7b9d1c840b9faa0930e30..2621628a1e4b6a3c43a9eb7c0b75af1b2d884dd9 100644 (file)
--- a/src/bash-completion/network
+++ b/src/bash-completion/network
@@ -561,7 +561,7 @@ _network_vpn_security_policies_subcommands() {
        shift
        local words=( $@ )
 
-       local commands="ciphers compression group-type integrity key-exchange lifetime pfs pseudo-random-functions show"
+       local commands="ciphers compression group-types integrities key-exchange lifetime pfs pseudo-random-functions show"
        local cmd="$(_network_find_on_cmdline "${commands}")"
        if [[ -z "${cmd}" ]]; then
                COMPREPLY=( $(compgen -W "${commands}" -- "${cur}") )
@@ -577,14 +577,14 @@ _network_vpn_security_policies_subcommands() {
                compression)
                        _network_vpn_security_policies_subcommands_compression ${policy} ${args}
                        ;;
-               group-type)
-                       _network_vpn_security_policies_subcommands_group_type ${policy} ${args}
+               group-types)
+                       _network_vpn_security_policies_subcommands_group_types ${policy} ${args}
                        ;;
-               integrity)
-                       _network_vpn_security_policies_subcommands_integrity ${policy} ${args}
+               integrities)
+                       _network_vpn_security_policies_subcommands_integrities ${policy} ${args}
                        ;;
                pseudo-random-functions)
-                       _network_vpn_security_policies_subcommands_pseudo_random_functions "${policy}" "${args}"
+                       _network_vpn_security_policies_subcommands_pseudo_random_functions ${policy} ${args}
                        ;;
                key-exchange)
                        _network_vpn_security_policies_subcommands_key_exchange ${policy} ${args}
@@ -603,11 +603,11 @@ _network_vpn_security_policies_subcommands_compression() {
        :
 }
 
-_network_vpn_security_policies_subcommands_group_type() {
+_network_vpn_security_policies_subcommands_group_types() {
        :
 }
 
-_network_vpn_security_policies_subcommands_integrity() {
+_network_vpn_security_policies_subcommands_integrities() {
        :
 }
 

diff --git a/src/functions/functions.vpn-security-policies b/src/functions/functions.vpn-security-policies
index 88d55bad9fd252e506e9fc2c3388e4bc6a606308..dc0f164e5590dfa3b4a34b4bf717c3f7c6ebd427 100644 (file)
--- a/src/functions/functions.vpn-security-policies
+++ b/src/functions/functions.vpn-security-policies
@@ -19,8 +19,8 @@
 #                                                                             #
 ###############################################################################
 
-VPN_SECURITY_POLICIES_CONFIG_SETTINGS="CIPHERS COMPRESSION GROUP_TYPE \
-       INTEGRITY PSEUDO_RANDOM_FUNCTIONS KEY_EXCHANGE LIFETIME PFS"
+VPN_SECURITY_POLICIES_CONFIG_SETTINGS="CIPHERS COMPRESSION GROUP_TYPES \
+       INTEGRITIES PSEUDO_RANDOM_FUNCTIONS KEY_EXCHANGE LIFETIME PFS"
 VPN_SECURITY_POLICIES_READONLY="system performance"
 
 VPN_DEFAULT_SECURITY_POLICY="system"
@@ -203,7 +203,7 @@ declare -A PSEUDO_RANDOM_FUNCTION_TO_STRONGSWAN=(
        [AES-CMAC]="prfaescmac"
 )
 
-declare -A VPN_SUPPORTED_INTEGRITY=(
+declare -A VPN_SUPPORTED_INTEGRITIES=(
        [MD5]="MD5-HMAC"
 
        # SHA
@@ -303,14 +303,14 @@ cli_vpn_security_policies() {
                shift 2
 
                case "${key}" in
-                       ciphers|compression|integrity|lifetime|pfs|show)
+                       ciphers|compression|integrities|lifetime|pfs|show)
                                vpn_security_policies_${key} ${security_policy} "$@"
                                ;;
                        pseudo-random-functions)
                                vpn_security_policies_pseudo_random_functions "${security_policy}" "$@"
                                ;;
-                       group-type)
-                               vpn_security_policies_group_type ${security_policy} "$@"
+                       group-types)
+                               vpn_security_policies_group_types ${security_policy} "$@"
                                ;;
                        key-exchange)
                                vpn_security_policies_key_exchange ${security_policy} "$@"
@@ -506,8 +506,8 @@ vpn_security_policies_show() {
 
        cli_print_fmt1 1 "Integrity:"
        local integrity
-       for integrity in ${INTEGRITY}; do
-               cli_print_fmt1 2 "${VPN_SUPPORTED_INTEGRITY[${integrity}]-${integrity}}"
+       for integrity in ${INTEGRITIES}; do
+               cli_print_fmt1 2 "${VPN_SUPPORTED_INTEGRITIES[${integrity}]-${integrity}}"
        done
        cli_space
 
@@ -520,7 +520,7 @@ vpn_security_policies_show() {
 
        cli_print_fmt1 1 "Group Types:"
        local group_type
-       for group_type in ${GROUP_TYPE}; do
+       for group_type in ${GROUP_TYPES}; do
                cli_print_fmt1 2 "${VPN_SUPPORTED_GROUP_TYPES[${group_type}]-${group_type}}"
        done
        cli_space
@@ -686,7 +686,7 @@ vpn_security_policies_compression(){
 }
 
 # This function parses the parameters for the 'group-type' command
-vpn_security_policies_group_type(){
+vpn_security_policies_group_types() {
        local name=${1}
        shift
 
@@ -695,13 +695,13 @@ vpn_security_policies_group_type(){
                return ${EXIT_ERROR}
        fi
 
-       local GROUP_TYPE
-       if ! vpn_security_policies_read_config ${name} "GROUP_TYPE"; then
+       local GROUP_TYPES
+       if ! vpn_security_policies_read_config ${name} "GROUP_TYPES"; then
                return ${EXIT_ERROR}
        fi
 
        # Remove duplicated entries to proceed the list safely
-       GROUP_TYPE="$(list_unique ${GROUP_TYPE})"
+       GROUP_TYPES="$(list_unique ${GROUP_TYPES})"
 
        local group_types_added
        local group_types_removed
@@ -745,7 +745,7 @@ vpn_security_policies_group_type(){
                        fi
                done
 
-               GROUP_TYPE="${group_types_set}"
+               GROUP_TYPES="${group_types_set}"
 
        # Perform incremental updates
        else
@@ -753,14 +753,14 @@ vpn_security_policies_group_type(){
 
                # Perform all removals
                for group_type in ${group_types_removed}; do
-                       if ! list_remove GROUP_TYPE ${group_type}; then
+                       if ! list_remove GROUP_TYPES ${group_type}; then
                                warning "${group_type} was not on the list and could not be removed"
                        fi
                done
 
                for group_type in ${group_types_added}; do
                        if vpn_security_policies_group_type_supported ${group_type}; then
-                               if ! list_append_unique GROUP_TYPE ${group_type}; then
+                               if ! list_append_unique GROUP_TYPES ${group_type}; then
                                        warning "${group_type} is already on the group type list"
                                fi
                        else
@@ -770,39 +770,39 @@ vpn_security_policies_group_type(){
        fi
 
        # Check if the list contain at least one valid group_type
-       if list_is_empty GROUP_TYPE; then
+       if list_is_empty GROUP_TYPES; then
                error "Cannot save an empty group type list"
                return ${EXIT_ERROR}
        fi
 
        # Save everything
-       if ! vpn_security_policies_write_config_key ${name} "GROUP_TYPE" ${GROUP_TYPE}; then
+       if ! vpn_security_policies_write_config_key ${name} "GROUP_TYPES" ${GROUP_TYPES}; then
                log ERROR "The changes for the vpn security policy ${name} could not be written."
        fi
 
        cli_headline 1 "Current group type list for ${name}:"
-       for group_type in ${GROUP_TYPE}; do
+       for group_type in ${GROUP_TYPES}; do
                cli_print_fmt1 1 "${group_type}" "${VPN_SUPPORTED_GROUP_TYPES[${group_type}]}"
        done
 }
 
 # This function parses the parameters for the 'integrity' command
-vpn_security_policies_integrity(){
+vpn_security_policies_integrities() {
        local name=${1}
        shift
 
        if [ $# -eq 0 ]; then
-               log ERROR "You must pass at least one value after integrity"
+               log ERROR "You must pass at least one value"
                return ${EXIT_ERROR}
        fi
 
-       local INTEGRITY
-       if ! vpn_security_policies_read_config ${name} "INTEGRITY"; then
+       local INTEGRITIES
+       if ! vpn_security_policies_read_config ${name} "INTEGRITIES"; then
                return ${EXIT_ERROR}
        fi
 
        # Remove duplicated entries to proceed the list safely
-       INTEGRITY="$(list_unique ${INTEGRITY})"
+       INTEGRITIES="$(list_unique ${INTEGRITIES})"
 
        local integritys_added
        local integritys_removed
@@ -846,7 +846,7 @@ vpn_security_policies_integrity(){
                        fi
                done
 
-               INTEGRITY="${integritys_set}"
+               INTEGRITIES="${integritys_set}"
 
        # Perform incremental updates
        else
@@ -854,14 +854,14 @@ vpn_security_policies_integrity(){
 
                # Perform all removals
                for integrity in ${integritys_removed}; do
-                       if ! list_remove INTEGRITY ${integrity}; then
+                       if ! list_remove INTEGRITIES ${integrity}; then
                                warning "${integrity} was not on the list and could not be removed"
                        fi
                done
 
                for integrity in ${integritys_added}; do
                        if vpn_security_policies_integrity_supported ${integrity}; then
-                               if ! list_append_unique INTEGRITY ${integrity}; then
+                               if ! list_append_unique INTEGRITIES ${integrity}; then
                                        warning "${integrity} is already on the integrity list"
                                fi
                        else
@@ -871,19 +871,19 @@ vpn_security_policies_integrity(){
        fi
 
        # Check if the list contain at least one valid integrity
-       if list_is_empty INTEGRITY; then
+       if list_is_empty INTEGRITIES; then
                error "Cannot save an empty integrity hashes list"
                return ${EXIT_ERROR}
        fi
 
        # Save everything
-       if ! vpn_security_policies_write_config_key ${name} "INTEGRITY" ${INTEGRITY}; then
+       if ! vpn_security_policies_write_config_key ${name} "INTEGRITIES" ${INTEGRITIES}; then
                log ERROR "The changes for the vpn security policy ${name} could not be written."
        fi
 
        cli_headline 1 "Current integrity hashes list for ${name}:"
-       for integrity in ${INTEGRITY}; do
-               cli_print_fmt1 1 "${integrity}" "${VPN_SUPPORTED_INTEGRITY[${integrity}]}"
+       for integrity in ${INTEGRITIES}; do
+               cli_print_fmt1 1 "${integrity}" "${VPN_SUPPORTED_INTEGRITIES[${integrity}]}"
        done
 }
 
@@ -1155,7 +1155,7 @@ vpn_security_policies_group_type_supported() {
 vpn_security_policies_integrity_supported() {
        local integrity=${1}
 
-       list_match ${integrity} ${!VPN_SUPPORTED_INTEGRITY[@]}
+       list_match ${integrity} ${!VPN_SUPPORTED_INTEGRITIES[@]}
 }
 
 vpn_security_policies_pseudo_random_function_supported() {
@@ -1253,7 +1253,7 @@ _vpn_security_policies_make_ike_proposal() {
                        done
                else
                        local integrity
-                       for integrity in ${INTEGRITY}; do
+                       for integrity in ${INTEGRITIES}; do
                                local _integrity=${INTEGRITY_TO_STRONGSWAN[${integrity}]}
 
                                if ! isset _integrity; then
@@ -1344,7 +1344,7 @@ _vpn_security_policies_make_esp_proposal() {
                        done
                else
                        local integrity
-                       for integrity in ${INTEGRITY}; do
+                       for integrity in ${INTEGRITIES}; do
                                local _integrity=${INTEGRITY_TO_STRONGSWAN[${integrity}]}
 
                                if ! isset _integrity; then