Sanitization 'n input validation

scripts/makeOVPN.sh

@@ -19,7 +19,7 @@ function keynoPASS() {
 
     #Build the client key
     expect << EOF
-    spawn ./build-key $NAME
+    spawn ./build-key "$NAME"
     expect "Country Name" { send "\r" }
     expect "State or Province Name" { send "\r" }
     expect "Locality Name" { send "\r" }
@@ -35,7 +35,7 @@ function keynoPASS() {
     expect eof
 EOF
 
-    cd keys
+    cd keys || exit
 
 }
 
@@ -45,20 +45,31 @@ function keyPASS() {
     while true
     do
         printf "Enter the password for the Client:  "
-        read PASSWD
+        read -r PASSWD
         printf "\n"
         printf "Enter the password again to verify:  "
-        read PASSWD2
+        read -r PASSWD2
         printf "\n"
         [ "$PASSWD" = "$PASSWD2" ] && break
         printf "Passwords do not match! Please try again.\n"
     done
     stty echo
+    if [[ -z "$PASSWD" ]]; then
+        echo "You left the password blank"
+        echo "If you don't want a password, please run:"
+        echo "pivpn add nopass"
+        exit 1
+    fi
+    if [ ${#PASSWD} -lt 4 ] || [ ${#PASSWD} -gt 1024 ]
+    then
+        echo "Password must be between from 4 to 1024 characters"
+        exit 1
+    fi
 
     #Build the client key and then encrypt the key
 
     expect << EOF
-    spawn ./build-key-pass $NAME
+    spawn ./build-key-pass "$NAME"
     expect "Enter PEM pass phrase" { send "$PASSWD\r" }
     expect "Verifying - Enter PEM pass phrase" { send "$PASSWD\r" }
     expect "Country Name" { send "\r" }
@@ -76,10 +87,10 @@ function keyPASS() {
     expect eof
 EOF
 
-    cd keys
+    cd keys || exit
 
     expect << EOF
-    spawn openssl rsa -in $NAME$OKEY -des3 -out $NAME$KEY
+    spawn openssl rsa -in "$NAME$OKEY" -des3 -out "$NAME$KEY"
     expect "Enter pass phrase for" { send "$PASSWD\r" }
     expect "Enter PEM pass phrase" { send "$PASSWD\r" }
     expect "Verifying - Enter PEM pass" { send "$PASSWD\r" }
@@ -88,14 +99,19 @@ EOF
 }
 
 printf "Enter a Name for the Client:  "
-read NAME
+read -r NAME
 
-if [[ -z "$NAME" ]]; then
+if [[ "$NAME" =~ [^a-zA-Z0-9] ]]; then
-    printf '%s\n' "::: You can not leave this blank!"
+    echo "Name can only contain alphanumeric characters"
     exit 1
 fi
 
-cd /etc/openvpn/easy-rsa
+if [[ -z "$NAME" ]]; then
+    echo "You cannot leave the name blank"
+    exit 1
+fi
+
+cd /etc/openvpn/easy-rsa || exit
 source /etc/openvpn/easy-rsa/vars
 
 if [[ "$@" =~ "nopass" ]]; then
@@ -105,64 +121,66 @@ else
 fi
 
 #1st Verify that clients Public Key Exists
-if [ ! -f $NAME$CRT ]; then 
+if [ ! -f "$NAME$CRT" ]; then
- echo "[ERROR]: Client Public Key Certificate not found: $NAME$CRT" 
+    echo "[ERROR]: Client Public Key Certificate not found: $NAME$CRT"
- exit 
+    exit
 fi
 echo "Client's cert found: $NAME$CRT"
 
 #Then, verify that there is a private key for that client
-if [ ! -f $NAME$KEY ]; then 
+if [ ! -f "$NAME$KEY" ]; then
- echo "[ERROR]: Client 3des Private Key not found: $NAME$KEY" 
+    echo "[ERROR]: Client 3des Private Key not found: $NAME$KEY"
- exit 
+    exit
 fi
 echo "Client's Private Key found: $NAME$KEY"
 
 #Confirm the CA public key exists
-if [ ! -f $CA ]; then 
+if [ ! -f "$CA" ]; then
- echo "[ERROR]: CA Public Key not found: $CA" 
+    echo "[ERROR]: CA Public Key not found: $CA"
- exit 
+    exit
 fi
 echo "CA public Key found: $CA"
 
 #Confirm the tls-auth ta key file exists
-if [ ! -f $TA ]; then 
+if [ ! -f "$TA" ]; then
- echo "[ERROR]: tls-auth Key not found: $TA" 
+    echo "[ERROR]: tls-auth Key not found: $TA"
- exit 
+    exit
 fi
 echo "tls-auth Private Key found: $TA"
 
-#Ready to make a new .ovpn file - Start by populating with the 
+#Ready to make a new .ovpn file
-#default file 
+{
-cat $DEFAULT > $NAME$FILEEXT 
+    # Start by populating with the default file
+    cat "$DEFAULT"
 
-#Now, append the CA Public Cert 
+    #Now, append the CA Public Cert
-echo "<ca>" >> $NAME$FILEEXT 
+    echo "<ca>"
-cat $CA >> $NAME$FILEEXT 
+    cat "$CA"
-echo "</ca>" >> $NAME$FILEEXT
+    echo "</ca>"
 
-#Next append the client Public Cert 
+    #Next append the client Public Cert
-echo "<cert>" >> $NAME$FILEEXT 
+    echo "<cert>"
-cat $NAME$CRT | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' >> $NAME$FILEEXT 
+    sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' < "$NAME$CRT"
-echo "</cert>" >> $NAME$FILEEXT 
+    echo "</cert>"
 
-#Then, append the client Private Key 
+    #Then, append the client Private Key
-echo "<key>" >> $NAME$FILEEXT 
+    echo "<key>"
-cat $NAME$KEY >> $NAME$FILEEXT 
+    cat "$NAME$KEY"
-echo "</key>" >> $NAME$FILEEXT 
+    echo "</key>"
 
-#Finally, append the TA Private Key 
+    #Finally, append the TA Private Key
-echo "<tls-auth>" >> $NAME$FILEEXT 
+    echo "<tls-auth>"
-cat $TA >> $NAME$FILEEXT 
+    cat "$TA"
-echo "</tls-auth>" >> $NAME$FILEEXT 
+    echo "</tls-auth>"
+} > "$NAME$FILEEXT"
 
 # Copy the .ovpn profile to the home directory for convenient remote access
-cp /etc/openvpn/easy-rsa/keys/$NAME$FILEEXT /home/$INSTALL_USER/ovpns/$NAME$FILEEXT
+cp "/etc/openvpn/easy-rsa/keys/$NAME$FILEEXT" "/home/$INSTALL_USER/ovpns/$NAME$FILEEXT"
-chown $INSTALL_USER /home/$INSTALL_USER/ovpns/$NAME$FILEEXT
+chown "$INSTALL_USER" "/home/$INSTALL_USER/ovpns/$NAME$FILEEXT"
 printf "\n\n"
 printf "========================================================\n"
-printf "\e[1mDone! $NAME$FILEEXT successfully created!\e[0m \n"
+printf "\e[1mDone! %s successfully created!\e[0m \n" "$NAME$FILEEXT"
-printf "$NAME$FILEEXT was copied to:\n"
+printf "%s was copied to:\n" "$NAME$FILEEXT"
-printf "  /home/$INSTALL_USER/ovpns\n"
+printf "  /home/%s/ovpns\n" "$INSTALL_USER"
 printf "for easy transfer.\n"
 printf "========================================================\n\n"