diff --git a/scripts/makeOVPN.sh b/scripts/makeOVPN.sh
index bb3290e..4b5a52d 100644
--- a/scripts/makeOVPN.sh
+++ b/scripts/makeOVPN.sh
@@ -1,13 +1,13 @@
-#!/bin/bash
-# Create OVPN Client
-# Default Variable Declarations
-DEFAULT="Default.txt"
-FILEEXT=".ovpn"
-CRT=".crt"
+#!/bin/bash
+# Create OVPN Client
+# Default Variable Declarations
+DEFAULT="Default.txt"
+FILEEXT=".ovpn"
+CRT=".crt"
OKEY=".key"
-KEY=".3des.key"
-CA="ca.crt"
-TA="ta.key"
+KEY=".3des.key"
+CA="ca.crt"
+TA="ta.key"
INSTALL_USER=$(cat /etc/pivpn/INSTALL_USER)
# Functions def
@@ -19,7 +19,7 @@ function keynoPASS() {
#Build the client key
expect << EOF
- spawn ./build-key $NAME
+ spawn ./build-key "$NAME"
expect "Country Name" { send "\r" }
expect "State or Province Name" { send "\r" }
expect "Locality Name" { send "\r" }
@@ -35,7 +35,7 @@ function keynoPASS() {
expect eof
EOF
- cd keys
+ cd keys || exit
}
@@ -45,20 +45,31 @@ function keyPASS() {
while true
do
printf "Enter the password for the Client: "
- read PASSWD
+ read -r PASSWD
printf "\n"
printf "Enter the password again to verify: "
- read PASSWD2
+ read -r PASSWD2
printf "\n"
[ "$PASSWD" = "$PASSWD2" ] && break
printf "Passwords do not match! Please try again.\n"
done
stty echo
+ if [[ -z "$PASSWD" ]]; then
+ echo "You left the password blank"
+ echo "If you don't want a password, please run:"
+ echo "pivpn add nopass"
+ exit 1
+ fi
+ if [ ${#PASSWD} -lt 4 ] || [ ${#PASSWD} -gt 1024 ]
+ then
+ echo "Password must be between from 4 to 1024 characters"
+ exit 1
+ fi
#Build the client key and then encrypt the key
expect << EOF
- spawn ./build-key-pass $NAME
+ spawn ./build-key-pass "$NAME"
expect "Enter PEM pass phrase" { send "$PASSWD\r" }
expect "Verifying - Enter PEM pass phrase" { send "$PASSWD\r" }
expect "Country Name" { send "\r" }
@@ -76,10 +87,10 @@ function keyPASS() {
expect eof
EOF
- cd keys
+ cd keys || exit
expect << EOF
- spawn openssl rsa -in $NAME$OKEY -des3 -out $NAME$KEY
+ spawn openssl rsa -in "$NAME$OKEY" -des3 -out "$NAME$KEY"
expect "Enter pass phrase for" { send "$PASSWD\r" }
expect "Enter PEM pass phrase" { send "$PASSWD\r" }
expect "Verifying - Enter PEM pass" { send "$PASSWD\r" }
@@ -88,14 +99,19 @@ EOF
}
printf "Enter a Name for the Client: "
-read NAME
+read -r NAME
-if [[ -z "$NAME" ]]; then
- printf '%s\n' "::: You can not leave this blank!"
+if [[ "$NAME" =~ [^a-zA-Z0-9] ]]; then
+ echo "Name can only contain alphanumeric characters"
exit 1
fi
-cd /etc/openvpn/easy-rsa
+if [[ -z "$NAME" ]]; then
+ echo "You cannot leave the name blank"
+ exit 1
+fi
+
+cd /etc/openvpn/easy-rsa || exit
source /etc/openvpn/easy-rsa/vars
if [[ "$@" =~ "nopass" ]]; then
@@ -103,66 +119,68 @@ if [[ "$@" =~ "nopass" ]]; then
else
keyPASS
fi
-
-#1st Verify that clients Public Key Exists
-if [ ! -f $NAME$CRT ]; then
- echo "[ERROR]: Client Public Key Certificate not found: $NAME$CRT"
- exit
-fi
-echo "Client's cert found: $NAME$CRT"
-
-#Then, verify that there is a private key for that client
-if [ ! -f $NAME$KEY ]; then
- echo "[ERROR]: Client 3des Private Key not found: $NAME$KEY"
- exit
-fi
+
+#1st Verify that clients Public Key Exists
+if [ ! -f "$NAME$CRT" ]; then
+ echo "[ERROR]: Client Public Key Certificate not found: $NAME$CRT"
+ exit
+fi
+echo "Client's cert found: $NAME$CRT"
+
+#Then, verify that there is a private key for that client
+if [ ! -f "$NAME$KEY" ]; then
+ echo "[ERROR]: Client 3des Private Key not found: $NAME$KEY"
+ exit
+fi
echo "Client's Private Key found: $NAME$KEY"
-
-#Confirm the CA public key exists
-if [ ! -f $CA ]; then
- echo "[ERROR]: CA Public Key not found: $CA"
- exit
-fi
-echo "CA public Key found: $CA"
-
-#Confirm the tls-auth ta key file exists
-if [ ! -f $TA ]; then
- echo "[ERROR]: tls-auth Key not found: $TA"
- exit
-fi
-echo "tls-auth Private Key found: $TA"
-
-#Ready to make a new .ovpn file - Start by populating with the
-#default file
-cat $DEFAULT > $NAME$FILEEXT
-
-#Now, append the CA Public Cert
-echo "" >> $NAME$FILEEXT
-cat $CA >> $NAME$FILEEXT
-echo "" >> $NAME$FILEEXT
-
-#Next append the client Public Cert
-echo "" >> $NAME$FILEEXT
-cat $NAME$CRT | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' >> $NAME$FILEEXT
-echo "" >> $NAME$FILEEXT
-
-#Then, append the client Private Key
-echo "" >> $NAME$FILEEXT
-cat $NAME$KEY >> $NAME$FILEEXT
-echo "" >> $NAME$FILEEXT
-
-#Finally, append the TA Private Key
-echo "" >> $NAME$FILEEXT
-cat $TA >> $NAME$FILEEXT
-echo "" >> $NAME$FILEEXT
+
+#Confirm the CA public key exists
+if [ ! -f "$CA" ]; then
+ echo "[ERROR]: CA Public Key not found: $CA"
+ exit
+fi
+echo "CA public Key found: $CA"
+
+#Confirm the tls-auth ta key file exists
+if [ ! -f "$TA" ]; then
+ echo "[ERROR]: tls-auth Key not found: $TA"
+ exit
+fi
+echo "tls-auth Private Key found: $TA"
+
+#Ready to make a new .ovpn file
+{
+ # Start by populating with the default file
+ cat "$DEFAULT"
+
+ #Now, append the CA Public Cert
+ echo ""
+ cat "$CA"
+ echo ""
+
+ #Next append the client Public Cert
+ echo ""
+ sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' < "$NAME$CRT"
+ echo ""
+
+ #Then, append the client Private Key
+ echo ""
+ cat "$NAME$KEY"
+ echo ""
+
+ #Finally, append the TA Private Key
+ echo ""
+ cat "$TA"
+ echo ""
+} > "$NAME$FILEEXT"
# Copy the .ovpn profile to the home directory for convenient remote access
-cp /etc/openvpn/easy-rsa/keys/$NAME$FILEEXT /home/$INSTALL_USER/ovpns/$NAME$FILEEXT
-chown $INSTALL_USER /home/$INSTALL_USER/ovpns/$NAME$FILEEXT
+cp "/etc/openvpn/easy-rsa/keys/$NAME$FILEEXT" "/home/$INSTALL_USER/ovpns/$NAME$FILEEXT"
+chown "$INSTALL_USER" "/home/$INSTALL_USER/ovpns/$NAME$FILEEXT"
printf "\n\n"
printf "========================================================\n"
-printf "\e[1mDone! $NAME$FILEEXT successfully created!\e[0m \n"
-printf "$NAME$FILEEXT was copied to:\n"
-printf " /home/$INSTALL_USER/ovpns\n"
+printf "\e[1mDone! %s successfully created!\e[0m \n" "$NAME$FILEEXT"
+printf "%s was copied to:\n" "$NAME$FILEEXT"
+printf " /home/%s/ovpns\n" "$INSTALL_USER"
printf "for easy transfer.\n"
printf "========================================================\n\n"