2019-10-14 10:27:28 +00:00
|
|
|
#!/bin/bash
|
|
|
|
|
|
2022-10-07 23:11:10 +00:00
|
|
|
### Constants
|
2020-04-28 22:44:56 +00:00
|
|
|
setupVars="/etc/pivpn/wireguard/setupVars.conf"
|
2019-10-14 10:27:28 +00:00
|
|
|
|
2022-10-07 23:11:10 +00:00
|
|
|
# shellcheck disable=SC1090
|
|
|
|
|
source "${setupVars}"
|
|
|
|
|
|
2023-11-23 10:54:07 +00:00
|
|
|
if [ ! -r /opt/pivpn/ipaddr_utils.sh ]; then
|
|
|
|
|
exit 1
|
|
|
|
|
fi
|
|
|
|
|
# shellcheck disable=SC1091
|
|
|
|
|
source /opt/pivpn/ipaddr_utils.sh
|
|
|
|
|
|
2022-10-07 23:11:10 +00:00
|
|
|
### Functions
|
2022-10-01 06:55:06 +00:00
|
|
|
err() {
|
|
|
|
|
echo "[$(date +'%Y-%m-%dT%H:%M:%S%z')]: $*" >&2
|
|
|
|
|
}
|
|
|
|
|
|
2022-07-27 12:53:36 +00:00
|
|
|
helpFunc() {
|
|
|
|
|
echo "::: Remove a client conf profile"
|
|
|
|
|
echo ":::"
|
|
|
|
|
echo -n "::: Usage: pivpn <-r|remove> [-y|--yes] [-h|--help] "
|
|
|
|
|
echo "[<client-1> ... [<client-2>] ...]"
|
|
|
|
|
echo ":::"
|
|
|
|
|
echo "::: Commands:"
|
|
|
|
|
echo "::: [none] Interactive mode"
|
|
|
|
|
echo "::: <client> Client(s) to remove"
|
|
|
|
|
echo "::: -y,--yes Remove Client(s) without confirmation"
|
|
|
|
|
echo "::: -h,--help Show this help dialog"
|
2019-10-14 10:27:28 +00:00
|
|
|
}
|
|
|
|
|
|
2022-10-07 23:11:10 +00:00
|
|
|
### Script
|
|
|
|
|
if [[ ! -f "${setupVars}" ]]; then
|
|
|
|
|
err "::: Missing setup vars file!"
|
|
|
|
|
exit 1
|
|
|
|
|
fi
|
|
|
|
|
|
2019-10-14 10:27:28 +00:00
|
|
|
# Parse input arguments
|
2022-07-27 12:53:36 +00:00
|
|
|
while [[ "$#" -gt 0 ]]; do
|
|
|
|
|
_key="${1}"
|
|
|
|
|
|
|
|
|
|
case "${_key}" in
|
|
|
|
|
-h | --help)
|
|
|
|
|
helpFunc
|
|
|
|
|
exit 0
|
|
|
|
|
;;
|
|
|
|
|
-y | --yes)
|
|
|
|
|
CONFIRM=true
|
|
|
|
|
;;
|
|
|
|
|
*)
|
|
|
|
|
CLIENTS_TO_REMOVE+=("${1}")
|
|
|
|
|
;;
|
|
|
|
|
esac
|
|
|
|
|
|
|
|
|
|
shift
|
2019-10-14 10:27:28 +00:00
|
|
|
done
|
|
|
|
|
|
2021-02-13 11:09:11 +00:00
|
|
|
cd /etc/wireguard || exit
|
2022-07-27 12:53:36 +00:00
|
|
|
|
|
|
|
|
if [[ ! -s configs/clients.txt ]]; then
|
|
|
|
|
err "::: There are no clients to remove"
|
|
|
|
|
exit 1
|
2019-10-14 10:27:28 +00:00
|
|
|
fi
|
|
|
|
|
|
2021-11-03 17:09:00 +00:00
|
|
|
mapfile -t LIST < <(awk '{print $1}' configs/clients.txt)
|
2022-07-27 12:53:36 +00:00
|
|
|
|
|
|
|
|
if [[ "${#CLIENTS_TO_REMOVE[@]}" -eq 0 ]]; then
|
|
|
|
|
echo -e "::\e[4m Client list \e[0m::"
|
|
|
|
|
len="${#LIST[@]}"
|
|
|
|
|
COUNTER=1
|
|
|
|
|
|
|
|
|
|
while [[ "${COUNTER}" -le "${len}" ]]; do
|
|
|
|
|
printf "%0${#len}s) %s\r\n" "${COUNTER}" "${LIST[(($COUNTER - 1))]}"
|
|
|
|
|
((COUNTER++))
|
|
|
|
|
done
|
|
|
|
|
|
|
|
|
|
echo -n "Please enter the Index/Name of the Client to be removed "
|
|
|
|
|
echo -n "from the list above: "
|
|
|
|
|
read -r CLIENTS_TO_REMOVE
|
|
|
|
|
|
|
|
|
|
if [[ -z "${CLIENTS_TO_REMOVE}" ]]; then
|
|
|
|
|
err "::: You can not leave this blank!"
|
|
|
|
|
exit 1
|
|
|
|
|
fi
|
2019-10-14 10:27:28 +00:00
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
DELETED_COUNT=0
|
|
|
|
|
|
|
|
|
|
for CLIENT_NAME in "${CLIENTS_TO_REMOVE[@]}"; do
|
2022-07-27 12:53:36 +00:00
|
|
|
re='^[0-9]+$'
|
2019-10-14 10:27:28 +00:00
|
|
|
|
2022-07-27 12:53:36 +00:00
|
|
|
if [[ "${CLIENT_NAME}" =~ $re ]]; then
|
|
|
|
|
CLIENT_NAME="${LIST[$((CLIENT_NAME - 1))]}"
|
|
|
|
|
fi
|
2020-07-08 13:32:19 +00:00
|
|
|
|
2022-07-27 12:53:36 +00:00
|
|
|
if ! grep -q "^${CLIENT_NAME} " configs/clients.txt; then
|
|
|
|
|
echo -e "::: \e[1m${CLIENT_NAME}\e[0m does not exist"
|
|
|
|
|
else
|
|
|
|
|
REQUESTED="$(sha256sum "configs/${CLIENT_NAME}.conf" | cut -c 1-64)"
|
2019-10-14 10:27:28 +00:00
|
|
|
|
2022-07-27 12:53:36 +00:00
|
|
|
if [[ -n "${CONFIRM}" ]]; then
|
|
|
|
|
REPLY="y"
|
|
|
|
|
else
|
|
|
|
|
read -r -p "Do you really want to delete ${CLIENT_NAME}? [y/N] "
|
|
|
|
|
fi
|
2020-02-07 17:07:15 +00:00
|
|
|
|
2022-07-27 12:53:36 +00:00
|
|
|
if [[ "${REPLY}" =~ ^[Yy]$ ]]; then
|
2023-11-23 10:54:07 +00:00
|
|
|
# Grab the decimal representation of the client IP address
|
|
|
|
|
IPV4_DEC="$(grep "^${CLIENT_NAME} " configs/clients.txt | awk '{print $4}')"
|
2022-07-27 12:53:36 +00:00
|
|
|
# The creation date of the client
|
2022-08-05 21:11:22 +00:00
|
|
|
CREATION_DATE="$(grep "^${CLIENT_NAME} " configs/clients.txt \
|
|
|
|
|
| awk '{print $3}')"
|
2022-07-27 12:53:36 +00:00
|
|
|
# And its public key
|
2022-08-05 21:11:22 +00:00
|
|
|
PUBLIC_KEY="$(grep "^${CLIENT_NAME} " configs/clients.txt \
|
|
|
|
|
| awk '{print $2}')"
|
2022-07-27 12:53:36 +00:00
|
|
|
|
|
|
|
|
# Then remove the client matching the variables above
|
|
|
|
|
sed \
|
2023-11-23 10:54:07 +00:00
|
|
|
-e "\#${CLIENT_NAME} ${PUBLIC_KEY} ${CREATION_DATE} ${IPV4_DEC}#d" \
|
2022-08-09 08:09:25 +00:00
|
|
|
-i configs/clients.txt
|
2022-07-27 12:53:36 +00:00
|
|
|
|
|
|
|
|
# Remove the peer section from the server config
|
|
|
|
|
sed_pattern="/### begin ${CLIENT_NAME} ###/,"
|
|
|
|
|
sed_pattern="${sed_pattern}/### end ${CLIENT_NAME} ###/d"
|
|
|
|
|
sed -e "${sed_pattern}" -i wg0.conf
|
|
|
|
|
echo "::: Updated server config"
|
|
|
|
|
|
|
|
|
|
rm "configs/${CLIENT_NAME}.conf"
|
|
|
|
|
echo "::: Client config for ${CLIENT_NAME} removed"
|
|
|
|
|
|
|
|
|
|
rm "keys/${CLIENT_NAME}_priv"
|
|
|
|
|
rm "keys/${CLIENT_NAME}_pub"
|
|
|
|
|
rm "keys/${CLIENT_NAME}_psk"
|
|
|
|
|
echo "::: Client Keys for ${CLIENT_NAME} removed"
|
|
|
|
|
|
|
|
|
|
# Find all .conf files in the home folder of the user matching the
|
|
|
|
|
# checksum of the config and delete them. '-maxdepth 3' is used to
|
|
|
|
|
# avoid traversing too many folders.
|
|
|
|
|
# Disabling SC2154, variable sourced externaly and may vary
|
|
|
|
|
# shellcheck disable=SC2154
|
|
|
|
|
while IFS= read -r -d '' CONFIG; do
|
|
|
|
|
if sha256sum -c <<< "${REQUESTED} ${CONFIG}" &> /dev/null; then
|
|
|
|
|
rm "${CONFIG}"
|
|
|
|
|
fi
|
|
|
|
|
done < <(find "${install_home}" \
|
2022-08-09 08:09:25 +00:00
|
|
|
-maxdepth 3 -type f -name '*.conf' -print0)
|
2022-07-27 12:53:36 +00:00
|
|
|
|
|
|
|
|
((DELETED_COUNT++))
|
|
|
|
|
echo "::: Successfully deleted ${CLIENT_NAME}"
|
|
|
|
|
|
|
|
|
|
# If using Pi-hole, remove the client from the hosts file
|
|
|
|
|
# Disabling SC2154, variable sourced externaly and may vary
|
|
|
|
|
# shellcheck disable=SC2154
|
|
|
|
|
if [[ -f /etc/pivpn/hosts.wireguard ]]; then
|
2023-11-23 10:54:07 +00:00
|
|
|
IPV4_DOT="$(decIPv4ToDot "${IPV4_DEC}")"
|
|
|
|
|
IPV4_HEX="$(decIPv4ToHex "${IPV4_DEC}")"
|
2022-07-27 12:53:36 +00:00
|
|
|
sed \
|
2023-11-23 10:54:07 +00:00
|
|
|
-e "\#${IPV4_DOT} ${CLIENT_NAME}.pivpn#d" \
|
|
|
|
|
-e "\#${pivpnNETv6}${IPV4_HEX} ${CLIENT_NAME}.pivpn#d" \
|
2022-08-09 08:09:25 +00:00
|
|
|
-i /etc/pivpn/hosts.wireguard
|
2022-07-27 12:53:36 +00:00
|
|
|
|
|
|
|
|
if killall -SIGHUP pihole-FTL; then
|
|
|
|
|
echo "::: Updated hosts file for Pi-hole"
|
2020-12-26 23:34:54 +00:00
|
|
|
else
|
2022-07-27 12:53:36 +00:00
|
|
|
err "::: Failed to reload pihole-FTL configuration"
|
2019-10-14 10:27:28 +00:00
|
|
|
fi
|
2022-07-27 12:53:36 +00:00
|
|
|
fi
|
2019-10-14 10:27:28 +00:00
|
|
|
|
2022-07-27 12:53:36 +00:00
|
|
|
unset sed_pattern
|
|
|
|
|
else
|
|
|
|
|
err "Aborting operation"
|
|
|
|
|
exit 1
|
|
|
|
|
fi
|
|
|
|
|
fi
|
2019-10-14 10:27:28 +00:00
|
|
|
done
|
|
|
|
|
|
|
|
|
|
# Restart WireGuard only if some clients were actually deleted
|
2022-07-27 12:53:36 +00:00
|
|
|
if [[ "${DELETED_COUNT}" -gt 0 ]]; then
|
|
|
|
|
if [[ "${PLAT}" == 'Alpine' ]]; then
|
|
|
|
|
if rc-service wg-quick restart; then
|
|
|
|
|
echo "::: WireGuard reloaded"
|
2019-10-14 10:27:28 +00:00
|
|
|
else
|
2022-07-27 12:53:36 +00:00
|
|
|
err "::: Failed to reload WireGuard"
|
|
|
|
|
fi
|
|
|
|
|
else
|
|
|
|
|
if systemctl reload wg-quick@wg0; then
|
|
|
|
|
echo "::: WireGuard reloaded"
|
|
|
|
|
else
|
|
|
|
|
err "::: Failed to reload WireGuard"
|
2019-10-14 10:27:28 +00:00
|
|
|
fi
|
2022-07-27 12:53:36 +00:00
|
|
|
fi
|
2019-10-14 10:27:28 +00:00
|
|
|
fi
|
