Implement the "planetahuevo enhancement", IE the ability to

generate a client cert with no password. Run 'pivpn add nopass'
2024-12-18 19:00:15 +00:00 · 2016-04-30 23:37:27 -04:00 · 2016-04-30 23:37:27 -04:00 · 6956fcb99b
commit 6956fcb99b
parent 6032aa7f2e
3 changed files with 89 additions and 49 deletions
--- a/auto_install/install.sh
+++ b/auto_install/install.sh
@ -125,7 +125,7 @@ chooseUser() {


 verifyFreeDiskSpace() {
-    # I have no idea what the minimum space needed is, but checking for at least 50MB sounds like a good idea.
+    # Seems we need about 30MB so checking for at least 50MB sounds like a good idea.
    requiredFreeBytes=51200

    existingFreeBytes=$(df -lk / 2>&1 | awk '{print $4}' | head -2 | tail -1)
--- a/11
+++ b/11
@ -11,7 +11,8 @@ if [[ ! $EUID -eq 0 ]];then
 fi

 function makeOVPNFunc {
-    $SUDO /opt/pivpn/makeOVPN.sh
+    shift
+    $SUDO /opt/pivpn/makeOVPN.sh "$@"
    exit 1
 }

@ -42,10 +43,10 @@ function versionFunc {
 function helpFunc {
    echo "::: Control all PiVPN specific functions!"
    echo ":::"
-    echo "::: Usage: pivpn [options]"
+    echo "::: Usage: pivpn <command> [option]"
    echo ":::"
-    echo "::: Options:"
-    echo ":::  -a, add              Create a client ovpn profile"
+    echo "::: Commands:"
+    echo ":::  -a, add [nopass]     Create a client ovpn profile, optional nopass"
    echo ":::  -d, debug            Start a debugging session if having trouble"
    echo ":::  -l, list             List all valid and revoked certificates"
    echo ":::  -r, revoke           Revoke a client ovpn profile"
@ -60,7 +61,7 @@ fi

 # Handle redirecting to specific functions based on arguments
 case "$1" in
-"-a" | "add"                ) makeOVPNFunc;;
+"-a" | "add"                ) makeOVPNFunc "$@";;
 "-d" | "debug"              ) debugFunc;;
 "-l" | "list"               ) listOVPNFunc;;
 "-r" | "revoke"             ) removeOVPNFunc;;
--- a/scripts/makeOVPN.sh
+++ b/scripts/makeOVPN.sh
@ -10,55 +10,94 @@ CA="ca.crt"
 TA="ta.key" 
 INSTALL_USER=$(cat /etc/pivpn/INSTALL_USER)

+# Functions def
+
+function keynoPASS() {
+
+    # Override key def
+    KEY=".key"
+
+    #Build the client key
+    expect << EOF
+    spawn ./build-key $NAME
+    expect "Country Name" { send "\r" }
+    expect "State or Province Name" { send "\r" }
+    expect "Locality Name" { send "\r" }
+    expect "Organization Name" { send "\r" }
+    expect "Organizational Unit" { send "\r" }
+    expect "Common Name" { send "\r" }
+    expect "Name" { send "\r" }
+    expect "Email Address" { send "\r" }
+    expect "challenge password" { send "\r" }
+    expect "optional company name" { send "\r" }
+    expect "Sign the certificate" { send "y\r" }
+    expect "commit" { send "y\r" }
+    expect eof
+EOF
+
+    cd keys
+
+}
+
+function keyPASS() {
+
+    stty -echo
+    while true
+    do
+        printf "Enter the password for the Client:  "
+        read PASSWD
+        printf "\n"
+        printf "Enter the password again to verify:  "
+        read PASSWD2
+        printf "\n"
+        [ "$PASSWD" = "$PASSWD2" ] && break
+        printf "Passwords do not match! Please try again.\n"
+    done
+    stty echo
+
+    #Build the client key and then encrypt the key
+
+    expect << EOF
+    spawn ./build-key-pass $NAME
+    expect "Enter PEM pass phrase" { send "$PASSWD\r" }
+    expect "Verifying - Enter PEM pass phrase" { send "$PASSWD\r" }
+    expect "Country Name" { send "\r" }
+    expect "State or Province Name" { send "\r" }
+    expect "Locality Name" { send "\r" }
+    expect "Organization Name" { send "\r" }
+    expect "Organizational Unit" { send "\r" }
+    expect "Common Name" { send "\r" }
+    expect "Name" { send "\r" }
+    expect "Email Address" { send "\r" }
+    expect "challenge password" { send "\r" }
+    expect "optional company name" { send "\r" }
+    expect "Sign the certificate" { send "y\r" }
+    expect "commit" { send "y\r" }
+    expect eof
+EOF
+
+    cd keys
+
+    expect << EOF
+    spawn openssl rsa -in $NAME$OKEY -des3 -out $NAME$KEY
+    expect "Enter pass phrase for" { send "$PASSWD\r" }
+    expect "Enter PEM pass phrase" { send "$PASSWD\r" }
+    expect "Verifying - Enter PEM pass" { send "$PASSWD\r" }
+    expect eof
+EOF
+}
+
 printf "Enter a Name for the Client:  "
 read NAME

-stty -echo
-while true
-do
-    printf "Enter the password for the Client:  "
-    read PASSWD
-    printf "\n"
-    printf "Enter the password again to verify:  "
-    read PASSWD2
-    printf "\n"
-    [ "$PASSWD" = "$PASSWD2" ] && break
-    printf "Passwords do not match! Please try again.\n"
-done
-stty echo
-
-#Build the client key and then encrypt the key
 cd /etc/openvpn/easy-rsa
 source /etc/openvpn/easy-rsa/vars

-expect << EOF
-spawn ./build-key-pass $NAME
-expect "Enter PEM pass phrase" { send "$PASSWD\r" }
-expect "Verifying - Enter PEM pass phrase" { send "$PASSWD\r" }
-expect "Country Name" { send "\r" }
-expect "State or Province Name" { send "\r" }
-expect "Locality Name" { send "\r" }
-expect "Organization Name" { send "\r" }
-expect "Organizational Unit" { send "\r" }
-expect "Common Name" { send "\r" }
-expect "Name" { send "\r" }
-expect "Email Address" { send "\r" }
-expect "challenge password" { send "\r" }
-expect "optional company name" { send "\r" }
-expect "Sign the certificate" { send "y\r" }
-expect "commit" { send "y\r" }
-expect eof
-EOF
-
-cd keys
-
-expect << EOF
-spawn openssl rsa -in $NAME$OKEY -des3 -out $NAME$KEY
-expect "Enter pass phrase for" { send "$PASSWD\r" }
-expect "Enter PEM pass phrase" { send "$PASSWD\r" }
-expect "Verifying - Enter PEM pass" { send "$PASSWD\r" }
-expect eof
-EOF
+if [[ "$@" =~ "nopass" ]]; then
+    keynoPASS
+else
+    keyPASS
+fi
 
 #1st Verify that clients Public Key Exists 
 if [ ! -f $NAME$CRT ]; then