From: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed, 19 Jul 2017 18:53:55 +0000 (+0200)
Subject: security-policies: Check if default policy exists
X-Git-Tag: 009~146
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6fdbda800308fa501c8b5524198f7121d087cf26;p=network.git

security-policies: Check if default policy exists

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/src/functions/functions.vpn-security-policies b/src/functions/functions.vpn-security-policies
index e7068483..012c43f6 100644
--- a/src/functions/functions.vpn-security-policies
+++ b/src/functions/functions.vpn-security-policies
@@ -22,6 +22,8 @@
 VPN_SECURITY_POLICIES_CONFIG_SETTINGS="CIPHER COMPRESSION GROUP_TYPE INTEGRITY KEY_EXCHANGE LIFETIME PFS"
 VPN_SECURITY_POLICIES_READONLY="system"
 
+VPN_DEFAULT_SECURITY_POLICY="system"
+
 VPN_SUPPORTED_CIPHERS="AES192 AES256 AES512"
 VPN_SUPPORTED_INTEGRITY="SHA512 SHA256 SHA128"
 VPN_SUPPORTED_GROUP_TYPES="MODP8192 MODP4096"
@@ -517,9 +519,15 @@ vpn_security_policies_new() {
 		return ${EXIT_ERROR}
 	fi
 
+	# Check if our source policy exists
+	if ! vpn_security_policy_exists "${VPN_DEFAULT_SECURITY_POLICY}"; then
+		error "Default VPN Security Policy '${VPN_DEFAULT_SECURITY_POLICY}' does not exist"
+		return ${EXIT_ERROR}
+	fi
+
 	log DEBUG "Creating VPN Security Policy ${name}"
 
-	if copy "$(vpn_security_policies_path "system")" "$(vpn_security_policies_path ${name})"; then
+	if copy "$(vpn_security_policies_path "${VPN_DEFAULT_SECURITY_POLICY}")" "$(vpn_security_policies_path ${name})"; then
 		log INFO "VPN Security Policy ${name} successfully created"
 	else
 		log ERROR "Could not create VPN Security Policy ${name}"