diff --git a/scripts/listOVPN.sh b/scripts/listOVPN.sh
index 4ff34de..90b870d 100644
--- a/scripts/listOVPN.sh
+++ b/scripts/listOVPN.sh
@@ -3,9 +3,8 @@
INDEX="/etc/openvpn/easy-rsa/keys/index.txt"
printf "\n"
-if [ ! -f $INDEX ]; then
- printf "The file: $INDEX \n"
- printf "Was not Found!\n"
+if [ ! -f "$INDEX" ]; then
+ echo "The file: $INDEX was not found!"
exit 1
fi
@@ -14,18 +13,15 @@ printf "\n"
printf "\e[1m::: Certificate Status List :::\e[0m\n"
printf " ::\e[4m Status \e[0m||\e[4m Name \e[0m:: \n"
-while read -r line || [[ -n "$line" ]]; do
- status=$(echo $line | awk '{print $1}')
- var=$(echo $line | sed -e 's/^.*CN=\([^/]*\)\/.*/\1/')
- if [[ $status = "V" ]]; then
- printf " Valid :: "
- printf " $var\n"
- elif [[ $status = "R" ]]; then
- printf " Revoked :: "
- printf " $var\n"
+while read -r line || [ -n "$line" ]; do
+ STATUS=$(echo "$line" | awk '{print $1}')
+ NAME=$(echo "$line" | sed -e 's/^.*CN=\([^/]*\)\/.*/\1/')
+ if [ "$STATUS" = "V" ]; then
+ printf " Valid :: %s\n" "$NAME"
+ elif [ "$STATUS" = "R" ]; then
+ printf " Revoked :: %s\n" "$NAME"
else
- printf " Unknown :: \n"
- printf " $var\n"
+ printf " Unknown :: %s\n" "$NAME"
fi
done <$INDEX
printf "\n"
diff --git a/scripts/makeOVPN.sh b/scripts/makeOVPN.sh
index bb3290e..4dddbc0 100644
--- a/scripts/makeOVPN.sh
+++ b/scripts/makeOVPN.sh
@@ -1,13 +1,14 @@
-#!/bin/bash
-# Create OVPN Client
-# Default Variable Declarations
-DEFAULT="Default.txt"
-FILEEXT=".ovpn"
-CRT=".crt"
+#!/bin/bash
+# Create OVPN Client
+# Default Variable Declarations
+DEFAULT="Default.txt"
+FILEEXT=".ovpn"
+CRT=".crt"
OKEY=".key"
-KEY=".3des.key"
-CA="ca.crt"
-TA="ta.key"
+KEY=".3des.key"
+CA="ca.crt"
+TA="ta.key"
+INDEX="/etc/openvpn/easy-rsa/keys/index.txt"
INSTALL_USER=$(cat /etc/pivpn/INSTALL_USER)
# Functions def
@@ -19,7 +20,7 @@ function keynoPASS() {
#Build the client key
expect << EOF
- spawn ./build-key $NAME
+ spawn ./build-key "$NAME"
expect "Country Name" { send "\r" }
expect "State or Province Name" { send "\r" }
expect "Locality Name" { send "\r" }
@@ -35,7 +36,7 @@ function keynoPASS() {
expect eof
EOF
- cd keys
+ cd keys || exit
}
@@ -44,21 +45,32 @@ function keyPASS() {
stty -echo
while true
do
- printf "Enter the password for the Client: "
- read PASSWD
+ printf "Enter the password for the client: "
+ read -r PASSWD
printf "\n"
printf "Enter the password again to verify: "
- read PASSWD2
+ read -r PASSWD2
printf "\n"
[ "$PASSWD" = "$PASSWD2" ] && break
printf "Passwords do not match! Please try again.\n"
done
stty echo
+ if [[ -z "$PASSWD" ]]; then
+ echo "You left the password blank"
+ echo "If you don't want a password, please run:"
+ echo "pivpn add nopass"
+ exit 1
+ fi
+ if [ ${#PASSWD} -lt 4 ] || [ ${#PASSWD} -gt 1024 ]
+ then
+ echo "Password must be between from 4 to 1024 characters"
+ exit 1
+ fi
#Build the client key and then encrypt the key
expect << EOF
- spawn ./build-key-pass $NAME
+ spawn ./build-key-pass "$NAME"
expect "Enter PEM pass phrase" { send "$PASSWD\r" }
expect "Verifying - Enter PEM pass phrase" { send "$PASSWD\r" }
expect "Country Name" { send "\r" }
@@ -76,10 +88,10 @@ function keyPASS() {
expect eof
EOF
- cd keys
+ cd keys || exit
expect << EOF
- spawn openssl rsa -in $NAME$OKEY -des3 -out $NAME$KEY
+ spawn openssl rsa -in "$NAME$OKEY" -des3 -out "$NAME$KEY"
expect "Enter pass phrase for" { send "$PASSWD\r" }
expect "Enter PEM pass phrase" { send "$PASSWD\r" }
expect "Verifying - Enter PEM pass" { send "$PASSWD\r" }
@@ -88,14 +100,33 @@ EOF
}
printf "Enter a Name for the Client: "
-read NAME
+read -r NAME
-if [[ -z "$NAME" ]]; then
- printf '%s\n' "::: You can not leave this blank!"
+if [[ "$NAME" =~ [^a-zA-Z0-9] ]]; then
+ echo "Name can only contain alphanumeric characters"
exit 1
fi
-cd /etc/openvpn/easy-rsa
+if [[ -z "$NAME" ]]; then
+ echo "You cannot leave the name blank"
+ exit 1
+fi
+
+# Check if name is already in use
+while read -r line || [ -n "$line" ]; do
+ if [ "$(echo "$line" | sed -e 's/^.*CN=\([^/]*\)\/.*/\1/')" = "$NAME" ]; then
+ echo "Name is already in use"
+ exit 1
+ fi
+done <$INDEX
+
+# Check if name is reserved
+if [ "$NAME" = "ta" ] || [ "$NAME" = "server" ] || [ "$NAME" = "ca" ]; then
+ echo "Sorry, this name is unavailable, please choose another one"
+ exit 1
+fi
+
+cd /etc/openvpn/easy-rsa || exit
source /etc/openvpn/easy-rsa/vars
if [[ "$@" =~ "nopass" ]]; then
@@ -103,66 +134,68 @@ if [[ "$@" =~ "nopass" ]]; then
else
keyPASS
fi
-
-#1st Verify that clients Public Key Exists
-if [ ! -f $NAME$CRT ]; then
- echo "[ERROR]: Client Public Key Certificate not found: $NAME$CRT"
- exit
-fi
-echo "Client's cert found: $NAME$CRT"
-
-#Then, verify that there is a private key for that client
-if [ ! -f $NAME$KEY ]; then
- echo "[ERROR]: Client 3des Private Key not found: $NAME$KEY"
- exit
-fi
+
+#1st Verify that clients Public Key Exists
+if [ ! -f "$NAME$CRT" ]; then
+ echo "[ERROR]: Client Public Key Certificate not found: $NAME$CRT"
+ exit
+fi
+echo "Client's cert found: $NAME$CRT"
+
+#Then, verify that there is a private key for that client
+if [ ! -f "$NAME$KEY" ]; then
+ echo "[ERROR]: Client 3des Private Key not found: $NAME$KEY"
+ exit
+fi
echo "Client's Private Key found: $NAME$KEY"
-
-#Confirm the CA public key exists
-if [ ! -f $CA ]; then
- echo "[ERROR]: CA Public Key not found: $CA"
- exit
-fi
-echo "CA public Key found: $CA"
-
-#Confirm the tls-auth ta key file exists
-if [ ! -f $TA ]; then
- echo "[ERROR]: tls-auth Key not found: $TA"
- exit
-fi
-echo "tls-auth Private Key found: $TA"
-
-#Ready to make a new .ovpn file - Start by populating with the
-#default file
-cat $DEFAULT > $NAME$FILEEXT
-
-#Now, append the CA Public Cert
-echo "" >> $NAME$FILEEXT
-cat $CA >> $NAME$FILEEXT
-echo "" >> $NAME$FILEEXT
-
-#Next append the client Public Cert
-echo "" >> $NAME$FILEEXT
-cat $NAME$CRT | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' >> $NAME$FILEEXT
-echo "" >> $NAME$FILEEXT
-
-#Then, append the client Private Key
-echo "" >> $NAME$FILEEXT
-cat $NAME$KEY >> $NAME$FILEEXT
-echo "" >> $NAME$FILEEXT
-
-#Finally, append the TA Private Key
-echo "" >> $NAME$FILEEXT
-cat $TA >> $NAME$FILEEXT
-echo "" >> $NAME$FILEEXT
+
+#Confirm the CA public key exists
+if [ ! -f "$CA" ]; then
+ echo "[ERROR]: CA Public Key not found: $CA"
+ exit
+fi
+echo "CA public Key found: $CA"
+
+#Confirm the tls-auth ta key file exists
+if [ ! -f "$TA" ]; then
+ echo "[ERROR]: tls-auth Key not found: $TA"
+ exit
+fi
+echo "tls-auth Private Key found: $TA"
+
+#Ready to make a new .ovpn file
+{
+ # Start by populating with the default file
+ cat "$DEFAULT"
+
+ #Now, append the CA Public Cert
+ echo ""
+ cat "$CA"
+ echo ""
+
+ #Next append the client Public Cert
+ echo ""
+ sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' < "$NAME$CRT"
+ echo ""
+
+ #Then, append the client Private Key
+ echo ""
+ cat "$NAME$KEY"
+ echo ""
+
+ #Finally, append the TA Private Key
+ echo ""
+ cat "$TA"
+ echo ""
+} > "$NAME$FILEEXT"
# Copy the .ovpn profile to the home directory for convenient remote access
-cp /etc/openvpn/easy-rsa/keys/$NAME$FILEEXT /home/$INSTALL_USER/ovpns/$NAME$FILEEXT
-chown $INSTALL_USER /home/$INSTALL_USER/ovpns/$NAME$FILEEXT
+cp "/etc/openvpn/easy-rsa/keys/$NAME$FILEEXT" "/home/$INSTALL_USER/ovpns/$NAME$FILEEXT"
+chown "$INSTALL_USER" "/home/$INSTALL_USER/ovpns/$NAME$FILEEXT"
printf "\n\n"
printf "========================================================\n"
-printf "\e[1mDone! $NAME$FILEEXT successfully created!\e[0m \n"
-printf "$NAME$FILEEXT was copied to:\n"
-printf " /home/$INSTALL_USER/ovpns\n"
+printf "\e[1mDone! %s successfully created!\e[0m \n" "$NAME$FILEEXT"
+printf "%s was copied to:\n" "$NAME$FILEEXT"
+printf " /home/%s/ovpns\n" "$INSTALL_USER"
printf "for easy transfer.\n"
printf "========================================================\n\n"
diff --git a/scripts/removeOVPN.sh b/scripts/removeOVPN.sh
index 6f7e433..d695e3b 100644
--- a/scripts/removeOVPN.sh
+++ b/scripts/removeOVPN.sh
@@ -6,9 +6,8 @@ REVOKE_STATUS=$(cat /etc/pivpn/REVOKE_STATUS)
PLAT=$(cat /etc/pivpn/DET_PLATFORM)
INDEX="/etc/openvpn/easy-rsa/keys/index.txt"
-if [ ! -f $INDEX ]; then
- printf "The file: $INDEX \n"
- printf "Was not Found!\n"
+if [ ! -f "$INDEX" ]; then
+ printf "The file: %s was not found\n" "$INDEX"
exit 1
fi
@@ -16,49 +15,49 @@ printf "\n"
printf " ::\e[4m Certificate List \e[0m:: \n"
i=0
-while read -r line || [[ -n "$line" ]]; do
- status=$(echo $line | awk '{print $1}')
- if [[ $status = "V" ]]; then
- var=$(echo $line | sed -e 's/^.*CN=\([^/]*\)\/.*/\1/')
- certs[$i]=$var
+while read -r line || [ -n "$line" ]; do
+ STATUS=$(echo "$line" | awk '{print $1}')
+ if [[ "$STATUS" = "V" ]]; then
+ NAME=$(echo "$line" | sed -e 's/^.*CN=\([^/]*\)\/.*/\1/')
+ CERTS[$i]=$NAME
if [ "$i" != 0 ]; then
- printf " $var\n"
+ # Prevent printing "server" certificate
+ printf " %s\n" "$NAME"
fi
let i=i+1
- y=$i
fi
done <$INDEX
printf "\n"
echo "::: Please enter the Name of the client to be revoked from the list above:"
-read NAME
+read -r NAME
if [[ -z "$NAME" ]]; then
- printf '%s\n' "::: You can not leave this blank!"
+ echo "::: You can not leave this blank!"
exit 1
fi
-for((x=1;x<=$y;++x)); do
- if [[ ${certs[$x]} = ${NAME} ]]; then
- Valid=1
+for((x=1;x<=i;++x)); do
+ if [ "${CERTS[$x]}" = "${NAME}" ]; then
+ VALID=1
fi
done
-if [[ -z "$Valid" ]]; then
+if [ -z "$VALID" ]; then
printf "::: You didn't enter a valid cert name!\n"
exit 1
fi
-cd /etc/openvpn/easy-rsa
+cd /etc/openvpn/easy-rsa || exit
source /etc/openvpn/easy-rsa/vars
-./revoke-full $NAME
+./revoke-full "$NAME"
echo "::: Certificate revoked, removing ovpns from /home/$INSTALL_USER/ovpns"
-rm /home/$INSTALL_USER/ovpns/$NAME.ovpn
+rm "/home/$INSTALL_USER/ovpns/$NAME.ovpn"
cp /etc/openvpn/easy-rsa/keys/crl.pem /etc/openvpn/crl.pem
echo "::: Completed!"
-if [ $REVOKE_STATUS == 0 ]; then
+if [ "$REVOKE_STATUS" == 0 ]; then
echo 1 > /etc/pivpn/REVOKE_STATUS
printf "\nThis seems to be the first time you have revoked a cert.\n"
printf "We are adding the CRL to the server.conf and restarting openvpn.\n"