mirror of
https://github.com/pivpn/pivpn.git
synced 2024-12-19 11:20:15 +00:00
Sanitization 'n input validation
This commit is contained in:
redfast00
parent
8f09ee9afd
commit
caee0858cf
1 changed files with 94 additions and 76 deletions
|
|
@ -1,13 +1,13 @@
|
|||
#!/bin/bash
|
||||
# Create OVPN Client
|
||||
# Default Variable Declarations
|
||||
DEFAULT="Default.txt"
|
||||
FILEEXT=".ovpn"
|
||||
CRT=".crt"
|
||||
#!/bin/bash
|
||||
# Create OVPN Client
|
||||
# Default Variable Declarations
|
||||
DEFAULT="Default.txt"
|
||||
FILEEXT=".ovpn"
|
||||
CRT=".crt"
|
||||
OKEY=".key"
|
||||
KEY=".3des.key"
|
||||
CA="ca.crt"
|
||||
TA="ta.key"
|
||||
KEY=".3des.key"
|
||||
CA="ca.crt"
|
||||
TA="ta.key"
|
||||
INSTALL_USER=$(cat /etc/pivpn/INSTALL_USER)
|
||||
|
||||
# Functions def
|
||||
|
|
@ -19,7 +19,7 @@ function keynoPASS() {
|
|||
|
||||
#Build the client key
|
||||
expect << EOF
|
||||
spawn ./build-key $NAME
|
||||
spawn ./build-key "$NAME"
|
||||
expect "Country Name" { send "\r" }
|
||||
expect "State or Province Name" { send "\r" }
|
||||
expect "Locality Name" { send "\r" }
|
||||
|
|
@ -35,7 +35,7 @@ function keynoPASS() {
|
|||
expect eof
|
||||
EOF
|
||||
|
||||
cd keys
|
||||
cd keys || exit
|
||||
|
||||
}
|
||||
|
||||
|
|
@ -45,20 +45,31 @@ function keyPASS() {
|
|||
while true
|
||||
do
|
||||
printf "Enter the password for the Client: "
|
||||
read PASSWD
|
||||
read -r PASSWD
|
||||
printf "\n"
|
||||
printf "Enter the password again to verify: "
|
||||
read PASSWD2
|
||||
read -r PASSWD2
|
||||
printf "\n"
|
||||
[ "$PASSWD" = "$PASSWD2" ] && break
|
||||
printf "Passwords do not match! Please try again.\n"
|
||||
done
|
||||
stty echo
|
||||
if [[ -z "$PASSWD" ]]; then
|
||||
echo "You left the password blank"
|
||||
echo "If you don't want a password, please run:"
|
||||
echo "pivpn add nopass"
|
||||
exit 1
|
||||
fi
|
||||
if [ ${#PASSWD} -lt 4 ] || [ ${#PASSWD} -gt 1024 ]
|
||||
then
|
||||
echo "Password must be between from 4 to 1024 characters"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
#Build the client key and then encrypt the key
|
||||
|
||||
expect << EOF
|
||||
spawn ./build-key-pass $NAME
|
||||
spawn ./build-key-pass "$NAME"
|
||||
expect "Enter PEM pass phrase" { send "$PASSWD\r" }
|
||||
expect "Verifying - Enter PEM pass phrase" { send "$PASSWD\r" }
|
||||
expect "Country Name" { send "\r" }
|
||||
|
|
@ -76,10 +87,10 @@ function keyPASS() {
|
|||
expect eof
|
||||
EOF
|
||||
|
||||
cd keys
|
||||
cd keys || exit
|
||||
|
||||
expect << EOF
|
||||
spawn openssl rsa -in $NAME$OKEY -des3 -out $NAME$KEY
|
||||
spawn openssl rsa -in "$NAME$OKEY" -des3 -out "$NAME$KEY"
|
||||
expect "Enter pass phrase for" { send "$PASSWD\r" }
|
||||
expect "Enter PEM pass phrase" { send "$PASSWD\r" }
|
||||
expect "Verifying - Enter PEM pass" { send "$PASSWD\r" }
|
||||
|
|
@ -88,14 +99,19 @@ EOF
|
|||
}
|
||||
|
||||
printf "Enter a Name for the Client: "
|
||||
read NAME
|
||||
read -r NAME
|
||||
|
||||
if [[ -z "$NAME" ]]; then
|
||||
printf '%s\n' "::: You can not leave this blank!"
|
||||
if [[ "$NAME" =~ [^a-zA-Z0-9] ]]; then
|
||||
echo "Name can only contain alphanumeric characters"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
cd /etc/openvpn/easy-rsa
|
||||
if [[ -z "$NAME" ]]; then
|
||||
echo "You cannot leave the name blank"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
cd /etc/openvpn/easy-rsa || exit
|
||||
source /etc/openvpn/easy-rsa/vars
|
||||
|
||||
if [[ "$@" =~ "nopass" ]]; then
|
||||
|
|
@ -103,66 +119,68 @@ if [[ "$@" =~ "nopass" ]]; then
|
|||
else
|
||||
keyPASS
|
||||
fi
|
||||
|
||||
#1st Verify that clients Public Key Exists
|
||||
if [ ! -f $NAME$CRT ]; then
|
||||
echo "[ERROR]: Client Public Key Certificate not found: $NAME$CRT"
|
||||
exit
|
||||
fi
|
||||
echo "Client's cert found: $NAME$CRT"
|
||||
|
||||
#Then, verify that there is a private key for that client
|
||||
if [ ! -f $NAME$KEY ]; then
|
||||
echo "[ERROR]: Client 3des Private Key not found: $NAME$KEY"
|
||||
exit
|
||||
fi
|
||||
|
||||
#1st Verify that clients Public Key Exists
|
||||
if [ ! -f "$NAME$CRT" ]; then
|
||||
echo "[ERROR]: Client Public Key Certificate not found: $NAME$CRT"
|
||||
exit
|
||||
fi
|
||||
echo "Client's cert found: $NAME$CRT"
|
||||
|
||||
#Then, verify that there is a private key for that client
|
||||
if [ ! -f "$NAME$KEY" ]; then
|
||||
echo "[ERROR]: Client 3des Private Key not found: $NAME$KEY"
|
||||
exit
|
||||
fi
|
||||
echo "Client's Private Key found: $NAME$KEY"
|
||||
|
||||
#Confirm the CA public key exists
|
||||
if [ ! -f $CA ]; then
|
||||
echo "[ERROR]: CA Public Key not found: $CA"
|
||||
exit
|
||||
fi
|
||||
echo "CA public Key found: $CA"
|
||||
|
||||
#Confirm the tls-auth ta key file exists
|
||||
if [ ! -f $TA ]; then
|
||||
echo "[ERROR]: tls-auth Key not found: $TA"
|
||||
exit
|
||||
fi
|
||||
echo "tls-auth Private Key found: $TA"
|
||||
|
||||
#Ready to make a new .ovpn file - Start by populating with the
|
||||
#default file
|
||||
cat $DEFAULT > $NAME$FILEEXT
|
||||
|
||||
#Now, append the CA Public Cert
|
||||
echo "<ca>" >> $NAME$FILEEXT
|
||||
cat $CA >> $NAME$FILEEXT
|
||||
echo "</ca>" >> $NAME$FILEEXT
|
||||
|
||||
#Next append the client Public Cert
|
||||
echo "<cert>" >> $NAME$FILEEXT
|
||||
cat $NAME$CRT | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' >> $NAME$FILEEXT
|
||||
echo "</cert>" >> $NAME$FILEEXT
|
||||
|
||||
#Then, append the client Private Key
|
||||
echo "<key>" >> $NAME$FILEEXT
|
||||
cat $NAME$KEY >> $NAME$FILEEXT
|
||||
echo "</key>" >> $NAME$FILEEXT
|
||||
|
||||
#Finally, append the TA Private Key
|
||||
echo "<tls-auth>" >> $NAME$FILEEXT
|
||||
cat $TA >> $NAME$FILEEXT
|
||||
echo "</tls-auth>" >> $NAME$FILEEXT
|
||||
|
||||
#Confirm the CA public key exists
|
||||
if [ ! -f "$CA" ]; then
|
||||
echo "[ERROR]: CA Public Key not found: $CA"
|
||||
exit
|
||||
fi
|
||||
echo "CA public Key found: $CA"
|
||||
|
||||
#Confirm the tls-auth ta key file exists
|
||||
if [ ! -f "$TA" ]; then
|
||||
echo "[ERROR]: tls-auth Key not found: $TA"
|
||||
exit
|
||||
fi
|
||||
echo "tls-auth Private Key found: $TA"
|
||||
|
||||
#Ready to make a new .ovpn file
|
||||
{
|
||||
# Start by populating with the default file
|
||||
cat "$DEFAULT"
|
||||
|
||||
#Now, append the CA Public Cert
|
||||
echo "<ca>"
|
||||
cat "$CA"
|
||||
echo "</ca>"
|
||||
|
||||
#Next append the client Public Cert
|
||||
echo "<cert>"
|
||||
sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' < "$NAME$CRT"
|
||||
echo "</cert>"
|
||||
|
||||
#Then, append the client Private Key
|
||||
echo "<key>"
|
||||
cat "$NAME$KEY"
|
||||
echo "</key>"
|
||||
|
||||
#Finally, append the TA Private Key
|
||||
echo "<tls-auth>"
|
||||
cat "$TA"
|
||||
echo "</tls-auth>"
|
||||
} > "$NAME$FILEEXT"
|
||||
|
||||
# Copy the .ovpn profile to the home directory for convenient remote access
|
||||
cp /etc/openvpn/easy-rsa/keys/$NAME$FILEEXT /home/$INSTALL_USER/ovpns/$NAME$FILEEXT
|
||||
chown $INSTALL_USER /home/$INSTALL_USER/ovpns/$NAME$FILEEXT
|
||||
cp "/etc/openvpn/easy-rsa/keys/$NAME$FILEEXT" "/home/$INSTALL_USER/ovpns/$NAME$FILEEXT"
|
||||
chown "$INSTALL_USER" "/home/$INSTALL_USER/ovpns/$NAME$FILEEXT"
|
||||
printf "\n\n"
|
||||
printf "========================================================\n"
|
||||
printf "\e[1mDone! $NAME$FILEEXT successfully created!\e[0m \n"
|
||||
printf "$NAME$FILEEXT was copied to:\n"
|
||||
printf " /home/$INSTALL_USER/ovpns\n"
|
||||
printf "\e[1mDone! %s successfully created!\e[0m \n" "$NAME$FILEEXT"
|
||||
printf "%s was copied to:\n" "$NAME$FILEEXT"
|
||||
printf " /home/%s/ovpns\n" "$INSTALL_USER"
|
||||
printf "for easy transfer.\n"
|
||||
printf "========================================================\n\n"
|
||||
|
|
|
|||
Loading…
Reference in a new issue