mirror of
https://github.com/pivpn/pivpn.git
synced 2025-01-18 18:44:29 +00:00
Implement the "planetahuevo enhancement", IE the ability to
generate a client cert with no password. Run 'pivpn add nopass'
This commit is contained in:
parent
6032aa7f2e
commit
6956fcb99b
3 changed files with 89 additions and 49 deletions
|
@ -125,7 +125,7 @@ chooseUser() {
|
|||
|
||||
|
||||
verifyFreeDiskSpace() {
|
||||
# I have no idea what the minimum space needed is, but checking for at least 50MB sounds like a good idea.
|
||||
# Seems we need about 30MB so checking for at least 50MB sounds like a good idea.
|
||||
requiredFreeBytes=51200
|
||||
|
||||
existingFreeBytes=$(df -lk / 2>&1 | awk '{print $4}' | head -2 | tail -1)
|
||||
|
|
11
pivpn
11
pivpn
|
@ -11,7 +11,8 @@ if [[ ! $EUID -eq 0 ]];then
|
|||
fi
|
||||
|
||||
function makeOVPNFunc {
|
||||
$SUDO /opt/pivpn/makeOVPN.sh
|
||||
shift
|
||||
$SUDO /opt/pivpn/makeOVPN.sh "$@"
|
||||
exit 1
|
||||
}
|
||||
|
||||
|
@ -42,10 +43,10 @@ function versionFunc {
|
|||
function helpFunc {
|
||||
echo "::: Control all PiVPN specific functions!"
|
||||
echo ":::"
|
||||
echo "::: Usage: pivpn [options]"
|
||||
echo "::: Usage: pivpn <command> [option]"
|
||||
echo ":::"
|
||||
echo "::: Options:"
|
||||
echo "::: -a, add Create a client ovpn profile"
|
||||
echo "::: Commands:"
|
||||
echo "::: -a, add [nopass] Create a client ovpn profile, optional nopass"
|
||||
echo "::: -d, debug Start a debugging session if having trouble"
|
||||
echo "::: -l, list List all valid and revoked certificates"
|
||||
echo "::: -r, revoke Revoke a client ovpn profile"
|
||||
|
@ -60,7 +61,7 @@ fi
|
|||
|
||||
# Handle redirecting to specific functions based on arguments
|
||||
case "$1" in
|
||||
"-a" | "add" ) makeOVPNFunc;;
|
||||
"-a" | "add" ) makeOVPNFunc "$@";;
|
||||
"-d" | "debug" ) debugFunc;;
|
||||
"-l" | "list" ) listOVPNFunc;;
|
||||
"-r" | "revoke" ) removeOVPNFunc;;
|
||||
|
|
|
@ -10,55 +10,94 @@ CA="ca.crt"
|
|||
TA="ta.key"
|
||||
INSTALL_USER=$(cat /etc/pivpn/INSTALL_USER)
|
||||
|
||||
# Functions def
|
||||
|
||||
function keynoPASS() {
|
||||
|
||||
# Override key def
|
||||
KEY=".key"
|
||||
|
||||
#Build the client key
|
||||
expect << EOF
|
||||
spawn ./build-key $NAME
|
||||
expect "Country Name" { send "\r" }
|
||||
expect "State or Province Name" { send "\r" }
|
||||
expect "Locality Name" { send "\r" }
|
||||
expect "Organization Name" { send "\r" }
|
||||
expect "Organizational Unit" { send "\r" }
|
||||
expect "Common Name" { send "\r" }
|
||||
expect "Name" { send "\r" }
|
||||
expect "Email Address" { send "\r" }
|
||||
expect "challenge password" { send "\r" }
|
||||
expect "optional company name" { send "\r" }
|
||||
expect "Sign the certificate" { send "y\r" }
|
||||
expect "commit" { send "y\r" }
|
||||
expect eof
|
||||
EOF
|
||||
|
||||
cd keys
|
||||
|
||||
}
|
||||
|
||||
function keyPASS() {
|
||||
|
||||
stty -echo
|
||||
while true
|
||||
do
|
||||
printf "Enter the password for the Client: "
|
||||
read PASSWD
|
||||
printf "\n"
|
||||
printf "Enter the password again to verify: "
|
||||
read PASSWD2
|
||||
printf "\n"
|
||||
[ "$PASSWD" = "$PASSWD2" ] && break
|
||||
printf "Passwords do not match! Please try again.\n"
|
||||
done
|
||||
stty echo
|
||||
|
||||
#Build the client key and then encrypt the key
|
||||
|
||||
expect << EOF
|
||||
spawn ./build-key-pass $NAME
|
||||
expect "Enter PEM pass phrase" { send "$PASSWD\r" }
|
||||
expect "Verifying - Enter PEM pass phrase" { send "$PASSWD\r" }
|
||||
expect "Country Name" { send "\r" }
|
||||
expect "State or Province Name" { send "\r" }
|
||||
expect "Locality Name" { send "\r" }
|
||||
expect "Organization Name" { send "\r" }
|
||||
expect "Organizational Unit" { send "\r" }
|
||||
expect "Common Name" { send "\r" }
|
||||
expect "Name" { send "\r" }
|
||||
expect "Email Address" { send "\r" }
|
||||
expect "challenge password" { send "\r" }
|
||||
expect "optional company name" { send "\r" }
|
||||
expect "Sign the certificate" { send "y\r" }
|
||||
expect "commit" { send "y\r" }
|
||||
expect eof
|
||||
EOF
|
||||
|
||||
cd keys
|
||||
|
||||
expect << EOF
|
||||
spawn openssl rsa -in $NAME$OKEY -des3 -out $NAME$KEY
|
||||
expect "Enter pass phrase for" { send "$PASSWD\r" }
|
||||
expect "Enter PEM pass phrase" { send "$PASSWD\r" }
|
||||
expect "Verifying - Enter PEM pass" { send "$PASSWD\r" }
|
||||
expect eof
|
||||
EOF
|
||||
}
|
||||
|
||||
printf "Enter a Name for the Client: "
|
||||
read NAME
|
||||
|
||||
stty -echo
|
||||
while true
|
||||
do
|
||||
printf "Enter the password for the Client: "
|
||||
read PASSWD
|
||||
printf "\n"
|
||||
printf "Enter the password again to verify: "
|
||||
read PASSWD2
|
||||
printf "\n"
|
||||
[ "$PASSWD" = "$PASSWD2" ] && break
|
||||
printf "Passwords do not match! Please try again.\n"
|
||||
done
|
||||
stty echo
|
||||
|
||||
#Build the client key and then encrypt the key
|
||||
cd /etc/openvpn/easy-rsa
|
||||
source /etc/openvpn/easy-rsa/vars
|
||||
|
||||
expect << EOF
|
||||
spawn ./build-key-pass $NAME
|
||||
expect "Enter PEM pass phrase" { send "$PASSWD\r" }
|
||||
expect "Verifying - Enter PEM pass phrase" { send "$PASSWD\r" }
|
||||
expect "Country Name" { send "\r" }
|
||||
expect "State or Province Name" { send "\r" }
|
||||
expect "Locality Name" { send "\r" }
|
||||
expect "Organization Name" { send "\r" }
|
||||
expect "Organizational Unit" { send "\r" }
|
||||
expect "Common Name" { send "\r" }
|
||||
expect "Name" { send "\r" }
|
||||
expect "Email Address" { send "\r" }
|
||||
expect "challenge password" { send "\r" }
|
||||
expect "optional company name" { send "\r" }
|
||||
expect "Sign the certificate" { send "y\r" }
|
||||
expect "commit" { send "y\r" }
|
||||
expect eof
|
||||
EOF
|
||||
|
||||
cd keys
|
||||
|
||||
expect << EOF
|
||||
spawn openssl rsa -in $NAME$OKEY -des3 -out $NAME$KEY
|
||||
expect "Enter pass phrase for" { send "$PASSWD\r" }
|
||||
expect "Enter PEM pass phrase" { send "$PASSWD\r" }
|
||||
expect "Verifying - Enter PEM pass" { send "$PASSWD\r" }
|
||||
expect eof
|
||||
EOF
|
||||
if [[ "$@" =~ "nopass" ]]; then
|
||||
keynoPASS
|
||||
else
|
||||
keyPASS
|
||||
fi
|
||||
|
||||
#1st Verify that clients Public Key Exists
|
||||
if [ ! -f $NAME$CRT ]; then
|
||||
|
|
Loading…
Reference in a new issue