[PATCH] ipsec-pool: do not delete a pool when this pool is used by a connection

[Jonatan Schlag <jonatan.schlag@ipfire.org>]

[-- Attachment #1: Type: text/plain, Size: 1422 bytes --]

Fixes: #11448

Signed-off-by: Jonatan Schlag <jonatan.schlag(a)ipfire.org>
---
 src/functions/functions.ipsec-pool | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

diff --git a/src/functions/functions.ipsec-pool b/src/functions/functions.ipsec-pool
index e5da518..f7d73f6 100644
--- a/src/functions/functions.ipsec-pool
+++ b/src/functions/functions.ipsec-pool
@@ -219,6 +219,27 @@ ipsec_pool_new() {
 	fi
 }
 
+ipsec_pool_is_in_use() {
+	[ $# -eq 1 ]
+	local pool="${1}"
+
+	for connection in $(ipsec_list_connections); do
+		local POOLS
+
+		if ! ipsec_connection_read_config "${connection}" "POOLS"; then
+			log WARNING "Could not read configuration"
+			continue
+		fi
+
+		if list_match "${pool}" ${POOLS}; then
+			return ${EXIT_TRUE}
+			break
+		fi
+	done
+
+	return ${EXIT_FALSE}
+}
+
 # Function that deletes based on the passed parameters
 # one ore more vpn ipsec pools
 ipsec_pool_destroy() {
@@ -229,6 +250,11 @@ ipsec_pool_destroy() {
 			continue
 		fi
 
+		if ipsec_pool_is_in_use "${pool}"; then
+			log ERROR "The VPN IPsec pool is in use an can thats why not deleted"
+			return ${EXIT_ERROR}
+		fi
+
 		if [ -f	"${NETWORK_IPSEC_SWANCTL_POOLS_DIR}/${pool}.conf" ]; then
 			if ! file_delete "${NETWORK_IPSEC_SWANCTL_POOLS_DIR}/${pool}.conf"; then
 				# We going on here to delete at least the configuration directory
-- 
2.6.3