From 57d62b96541d5be4f1433fbfb91e4f31a17d977c Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Sun, 16 Sep 2018 15:57:31 +0200 Subject: [PATCH] ipsec: security polices: Make cipher command plural References: #11446 Signed-off-by: Michael Tremer --- config/vpn/security-policies/performance | 2 +- config/vpn/security-policies/system | 2 +- src/bash-completion/network | 8 +++--- src/functions/functions.vpn-security-policies | 26 +++++++++---------- 4 files changed, 19 insertions(+), 19 deletions(-) diff --git a/config/vpn/security-policies/performance b/config/vpn/security-policies/performance index 6cac47cd..26ba382d 100644 --- a/config/vpn/security-policies/performance +++ b/config/vpn/security-policies/performance @@ -1,4 +1,4 @@ -CIPHER="CHACHA20-POLY1305 AES128-GCM128 AES128-CBC" +CIPHERS="CHACHA20-POLY1305 AES128-GCM128 AES128-CBC" COMPRESSION="off" GROUP_TYPE="ECP521 ECP384 ECP256 ECP224 ECP192 CURVE25519" INTEGRITY="SHA256" diff --git a/config/vpn/security-policies/system b/config/vpn/security-policies/system index b304897d..ce7cb7ae 100644 --- a/config/vpn/security-policies/system +++ b/config/vpn/security-policies/system @@ -1,5 +1,5 @@ KEY_EXCHANGE="ikev2" -CIPHER="CHACHA20-POLY1305 AES256-GCM128 AES192-GCM128 AES128-GCM128 AES256-CBC AES192-CBC AES128-CBC" +CIPHERS="CHACHA20-POLY1305 AES256-GCM128 AES192-GCM128 AES128-GCM128 AES256-CBC AES192-CBC AES128-CBC" INTEGRITY="SHA512 SHA384 SHA256" GROUP_TYPE="MODP8192 MODP6144 MODP4096 MODP2048 ECP521 ECP384 ECP256 ECP224 ECP192 CURVE25519" PSEUDO_RANDOM_FUNCTIONS="SHA512 SHA384 SHA256" diff --git a/src/bash-completion/network b/src/bash-completion/network index 9e35604e..33bf456e 100644 --- a/src/bash-completion/network +++ b/src/bash-completion/network @@ -561,7 +561,7 @@ _network_vpn_security_policies_subcommands() { shift local words=( $@ ) - local commands="cipher compression group-type integrity key-exchange lifetime pfs pseudo-random-functions show" + local commands="ciphers compression group-type integrity key-exchange lifetime pfs pseudo-random-functions show" local cmd="$(_network_find_on_cmdline "${commands}")" if [[ -z "${cmd}" ]]; then COMPREPLY=( $(compgen -W "${commands}" -- "${cur}") ) @@ -571,8 +571,8 @@ _network_vpn_security_policies_subcommands() { local args="${words[@]:1}" case "${cmd}" in - cipher) - _network_vpn_security_policies_subcommands_cipher ${policy} ${args} + ciphers) + _network_vpn_security_policies_subcommands_ciphers ${policy} ${args} ;; compression) _network_vpn_security_policies_subcommands_compression ${policy} ${args} @@ -595,7 +595,7 @@ _network_vpn_security_policies_subcommands() { esac } -_network_vpn_security_policies_subcommands_cipher() { +_network_vpn_security_policies_subcommands_ciphers() { : } diff --git a/src/functions/functions.vpn-security-policies b/src/functions/functions.vpn-security-policies index f8e719dc..4345f085 100644 --- a/src/functions/functions.vpn-security-policies +++ b/src/functions/functions.vpn-security-policies @@ -19,7 +19,7 @@ # # ############################################################################### -VPN_SECURITY_POLICIES_CONFIG_SETTINGS="CIPHER COMPRESSION GROUP_TYPE \ +VPN_SECURITY_POLICIES_CONFIG_SETTINGS="CIPHERS COMPRESSION GROUP_TYPE \ INTEGRITY PSEUDO_RANDOM_FUNCTIONS KEY_EXCHANGE LIFETIME PFS" VPN_SECURITY_POLICIES_READONLY="system performance" @@ -303,7 +303,7 @@ cli_vpn_security_policies() { shift 2 case "${key}" in - cipher|compression|integrity|lifetime|pfs|show) + ciphers|compression|integrity|lifetime|pfs|show) vpn_security_policies_${key} ${security_policy} "$@" ;; pseudo-random-functions) @@ -499,7 +499,7 @@ vpn_security_policies_show() { # because we print 'Group Types' but the variable is named 'GROUP_TYPES' cli_print_fmt1 1 "Ciphers:" local cipher - for cipher in ${CIPHER}; do + for cipher in ${CIPHERS}; do cli_print_fmt1 2 "${VPN_SUPPORTED_CIPHERS[${cipher}]-${cipher}}" done cli_space @@ -558,7 +558,7 @@ vpn_security_policy_exists() { # This function parses the parameters for the 'cipher' command -vpn_security_policies_cipher(){ +vpn_security_policies_ciphers() { local name=${1} shift @@ -567,13 +567,13 @@ vpn_security_policies_cipher(){ return ${EXIT_ERROR} fi - local CIPHER - if ! vpn_security_policies_read_config ${name} "CIPHER"; then + local CIPHERS + if ! vpn_security_policies_read_config ${name} "CIPHERS"; then return ${EXIT_ERROR} fi # Remove duplicated entries to proceed the list safely - CIPHER="$(list_unique ${CIPHER})" + CIPHERS="$(list_unique ${CIPHERS})" local ciphers_added local ciphers_removed @@ -617,7 +617,7 @@ vpn_security_policies_cipher(){ fi done - CIPHER="${ciphers_set}" + CIPHERS="${ciphers_set}" # Perform incremental updates else @@ -625,14 +625,14 @@ vpn_security_policies_cipher(){ # Perform all removals for cipher in ${ciphers_removed}; do - if ! list_remove CIPHER ${cipher}; then + if ! list_remove CIPHERS ${cipher}; then warning "${cipher} was not on the list and could not be removed" fi done for cipher in ${ciphers_added}; do if vpn_security_policies_cipher_supported ${cipher}; then - if ! list_append_unique CIPHER ${cipher}; then + if ! list_append_unique CIPHERS ${cipher}; then warning "${cipher} is already on the cipher list" fi else @@ -642,18 +642,18 @@ vpn_security_policies_cipher(){ fi # Check if the list contain at least one valid cipher - if list_is_empty CIPHER; then + if list_is_empty CIPHERS; then error "Cannot save an empty cipher list" return ${EXIT_ERROR} fi # Save everything - if ! vpn_security_policies_write_config_key ${name} "CIPHER" ${CIPHER}; then + if ! vpn_security_policies_write_config_key ${name} "CIPHERS" ${CIPHERS}; then log ERROR "The changes for the vpn security policy ${name} could not be written." fi cli_headline 1 "Current cipher list for ${name}:" - for cipher in ${CIPHER}; do + for cipher in ${CIPHERS}; do cli_print_fmt1 1 "${cipher}" "${VPN_SUPPORTED_CIPHERS[${cipher}]}" done } -- 2.39.2