From 6956fcb99b96679a15ab1ed2378352b2155600ee Mon Sep 17 00:00:00 2001 From: Kaladin Light <0.kaladin@gmail.com> Date: Sat, 30 Apr 2016 23:37:27 -0400 Subject: [PATCH] Implement the "planetahuevo enhancement", IE the ability to generate a client cert with no password. Run 'pivpn add nopass' --- auto_install/install.sh | 2 +- pivpn | 11 ++-- scripts/makeOVPN.sh | 125 ++++++++++++++++++++++++++-------------- 3 files changed, 89 insertions(+), 49 deletions(-) diff --git a/auto_install/install.sh b/auto_install/install.sh index 5ddeffc..05b7e3d 100644 --- a/auto_install/install.sh +++ b/auto_install/install.sh @@ -125,7 +125,7 @@ chooseUser() { verifyFreeDiskSpace() { - # I have no idea what the minimum space needed is, but checking for at least 50MB sounds like a good idea. + # Seems we need about 30MB so checking for at least 50MB sounds like a good idea. requiredFreeBytes=51200 existingFreeBytes=$(df -lk / 2>&1 | awk '{print $4}' | head -2 | tail -1) diff --git a/pivpn b/pivpn index 1558230..c0d4c58 100644 --- a/pivpn +++ b/pivpn @@ -11,7 +11,8 @@ if [[ ! $EUID -eq 0 ]];then fi function makeOVPNFunc { - $SUDO /opt/pivpn/makeOVPN.sh + shift + $SUDO /opt/pivpn/makeOVPN.sh "$@" exit 1 } @@ -42,10 +43,10 @@ function versionFunc { function helpFunc { echo "::: Control all PiVPN specific functions!" echo ":::" - echo "::: Usage: pivpn [options]" + echo "::: Usage: pivpn [option]" echo ":::" - echo "::: Options:" - echo "::: -a, add Create a client ovpn profile" + echo "::: Commands:" + echo "::: -a, add [nopass] Create a client ovpn profile, optional nopass" echo "::: -d, debug Start a debugging session if having trouble" echo "::: -l, list List all valid and revoked certificates" echo "::: -r, revoke Revoke a client ovpn profile" @@ -60,7 +61,7 @@ fi # Handle redirecting to specific functions based on arguments case "$1" in -"-a" | "add" ) makeOVPNFunc;; +"-a" | "add" ) makeOVPNFunc "$@";; "-d" | "debug" ) debugFunc;; "-l" | "list" ) listOVPNFunc;; "-r" | "revoke" ) removeOVPNFunc;; diff --git a/scripts/makeOVPN.sh b/scripts/makeOVPN.sh index 5db8997..ab8c3e9 100644 --- a/scripts/makeOVPN.sh +++ b/scripts/makeOVPN.sh @@ -10,55 +10,94 @@ CA="ca.crt" TA="ta.key" INSTALL_USER=$(cat /etc/pivpn/INSTALL_USER) +# Functions def + +function keynoPASS() { + + # Override key def + KEY=".key" + + #Build the client key + expect << EOF + spawn ./build-key $NAME + expect "Country Name" { send "\r" } + expect "State or Province Name" { send "\r" } + expect "Locality Name" { send "\r" } + expect "Organization Name" { send "\r" } + expect "Organizational Unit" { send "\r" } + expect "Common Name" { send "\r" } + expect "Name" { send "\r" } + expect "Email Address" { send "\r" } + expect "challenge password" { send "\r" } + expect "optional company name" { send "\r" } + expect "Sign the certificate" { send "y\r" } + expect "commit" { send "y\r" } + expect eof +EOF + + cd keys + +} + +function keyPASS() { + + stty -echo + while true + do + printf "Enter the password for the Client: " + read PASSWD + printf "\n" + printf "Enter the password again to verify: " + read PASSWD2 + printf "\n" + [ "$PASSWD" = "$PASSWD2" ] && break + printf "Passwords do not match! Please try again.\n" + done + stty echo + + #Build the client key and then encrypt the key + + expect << EOF + spawn ./build-key-pass $NAME + expect "Enter PEM pass phrase" { send "$PASSWD\r" } + expect "Verifying - Enter PEM pass phrase" { send "$PASSWD\r" } + expect "Country Name" { send "\r" } + expect "State or Province Name" { send "\r" } + expect "Locality Name" { send "\r" } + expect "Organization Name" { send "\r" } + expect "Organizational Unit" { send "\r" } + expect "Common Name" { send "\r" } + expect "Name" { send "\r" } + expect "Email Address" { send "\r" } + expect "challenge password" { send "\r" } + expect "optional company name" { send "\r" } + expect "Sign the certificate" { send "y\r" } + expect "commit" { send "y\r" } + expect eof +EOF + + cd keys + + expect << EOF + spawn openssl rsa -in $NAME$OKEY -des3 -out $NAME$KEY + expect "Enter pass phrase for" { send "$PASSWD\r" } + expect "Enter PEM pass phrase" { send "$PASSWD\r" } + expect "Verifying - Enter PEM pass" { send "$PASSWD\r" } + expect eof +EOF +} + printf "Enter a Name for the Client: " read NAME -stty -echo -while true -do - printf "Enter the password for the Client: " - read PASSWD - printf "\n" - printf "Enter the password again to verify: " - read PASSWD2 - printf "\n" - [ "$PASSWD" = "$PASSWD2" ] && break - printf "Passwords do not match! Please try again.\n" -done -stty echo - -#Build the client key and then encrypt the key cd /etc/openvpn/easy-rsa source /etc/openvpn/easy-rsa/vars -expect << EOF -spawn ./build-key-pass $NAME -expect "Enter PEM pass phrase" { send "$PASSWD\r" } -expect "Verifying - Enter PEM pass phrase" { send "$PASSWD\r" } -expect "Country Name" { send "\r" } -expect "State or Province Name" { send "\r" } -expect "Locality Name" { send "\r" } -expect "Organization Name" { send "\r" } -expect "Organizational Unit" { send "\r" } -expect "Common Name" { send "\r" } -expect "Name" { send "\r" } -expect "Email Address" { send "\r" } -expect "challenge password" { send "\r" } -expect "optional company name" { send "\r" } -expect "Sign the certificate" { send "y\r" } -expect "commit" { send "y\r" } -expect eof -EOF - -cd keys - -expect << EOF -spawn openssl rsa -in $NAME$OKEY -des3 -out $NAME$KEY -expect "Enter pass phrase for" { send "$PASSWD\r" } -expect "Enter PEM pass phrase" { send "$PASSWD\r" } -expect "Verifying - Enter PEM pass" { send "$PASSWD\r" } -expect eof -EOF +if [[ "$@" =~ "nopass" ]]; then + keynoPASS +else + keyPASS +fi #1st Verify that clients Public Key Exists if [ ! -f $NAME$CRT ]; then