From c1dc825ace34d8a571908606c29e60fa055fdbab Mon Sep 17 00:00:00 2001 From: giotto Date: Sat, 11 Jul 2020 21:38:11 +0200 Subject: [PATCH 1/4] add parameter to force remove profile --- scripts/wireguard/removeCONF.sh | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/scripts/wireguard/removeCONF.sh b/scripts/wireguard/removeCONF.sh index 345a670..0b3aa06 100755 --- a/scripts/wireguard/removeCONF.sh +++ b/scripts/wireguard/removeCONF.sh @@ -12,11 +12,12 @@ source "${setupVars}" helpFunc(){ echo "::: Remove a client conf profile" echo ":::" - echo "::: Usage: pivpn <-r|remove> [-h|--help] [] ... [] ..." + echo "::: Usage: pivpn <-r|remove> [-f|--force] [-h|--help] [] ... [] ..." echo ":::" echo "::: Commands:" echo "::: [none] Interactive mode" echo "::: Client(s) to remove" + echo "::: -f,--force Remove Client(s) without confirmation" echo "::: -h,--help Show this help dialog" } @@ -29,6 +30,9 @@ do helpFunc exit 0 ;; + -f|--force) + FORCE=true + ;; *) CLIENTS_TO_REMOVE+=("$1") ;; @@ -68,7 +72,11 @@ for CLIENT_NAME in "${CLIENTS_TO_REMOVE[@]}"; do echo -e "::: \e[1m${CLIENT_NAME}\e[0m does not exist" else REQUESTED="$(sha256sum "configs/${CLIENT_NAME}.conf" | cut -c 1-64)" - read -r -p "Do you really want to delete $CLIENT_NAME? [Y/n] " + if [ -n "$FORCE" ]; then + REPLY="y" + else + read -r -p "Do you really want to delete $CLIENT_NAME? [Y/n] " + fi if [[ $REPLY =~ ^[Yy]$ ]]; then From 92f900637e3b315d4fc5bf5dcd1ec0322f306380 Mon Sep 17 00:00:00 2001 From: gi8 Date: Thu, 16 Jul 2020 15:00:35 +0200 Subject: [PATCH 2/4] rename param -f|--force to -y|--yes --- scripts/wireguard/removeCONF.sh | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/scripts/wireguard/removeCONF.sh b/scripts/wireguard/removeCONF.sh index 0b3aa06..61e7a35 100755 --- a/scripts/wireguard/removeCONF.sh +++ b/scripts/wireguard/removeCONF.sh @@ -12,12 +12,12 @@ source "${setupVars}" helpFunc(){ echo "::: Remove a client conf profile" echo ":::" - echo "::: Usage: pivpn <-r|remove> [-f|--force] [-h|--help] [] ... [] ..." + echo "::: Usage: pivpn <-r|remove> [-y|--yes] [-h|--help] [] ... [] ..." echo ":::" echo "::: Commands:" echo "::: [none] Interactive mode" echo "::: Client(s) to remove" - echo "::: -f,--force Remove Client(s) without confirmation" + echo "::: -y,--yes Remove Client(s) without confirmation" echo "::: -h,--help Show this help dialog" } @@ -30,8 +30,8 @@ do helpFunc exit 0 ;; - -f|--force) - FORCE=true + -yes|--yes) + CONFIRM=true ;; *) CLIENTS_TO_REMOVE+=("$1") @@ -72,7 +72,7 @@ for CLIENT_NAME in "${CLIENTS_TO_REMOVE[@]}"; do echo -e "::: \e[1m${CLIENT_NAME}\e[0m does not exist" else REQUESTED="$(sha256sum "configs/${CLIENT_NAME}.conf" | cut -c 1-64)" - if [ -n "$FORCE" ]; then + if [ -n "$CONFIRM" ]; then REPLY="y" else read -r -p "Do you really want to delete $CLIENT_NAME? [Y/n] " From aa297e5296caafd1a83d18a5827d45d59899d309 Mon Sep 17 00:00:00 2001 From: gi8 Date: Thu, 16 Jul 2020 15:01:27 +0200 Subject: [PATCH 3/4] add parameter to force remove profile --- scripts/openvpn/removeOVPN.sh | 57 +++++++++++++++++++++-------------- 1 file changed, 34 insertions(+), 23 deletions(-) diff --git a/scripts/openvpn/removeOVPN.sh b/scripts/openvpn/removeOVPN.sh index 4f79385..4d9296e 100755 --- a/scripts/openvpn/removeOVPN.sh +++ b/scripts/openvpn/removeOVPN.sh @@ -14,11 +14,12 @@ source "${setupVars}" helpFunc() { echo "::: Revoke a client ovpn profile" echo ":::" - echo "::: Usage: pivpn <-r|revoke> [-h|--help] [] ... [] ..." + echo "::: Usage: pivpn <-r|revoke> [-y|--yes] [-h|--help] [] ... [] ..." echo ":::" echo "::: Commands:" echo "::: [none] Interactive mode" echo "::: Client(s) to to revoke" + echo "::: -y,--yes Remove Client(s) without confirmation" echo "::: -h,--help Show this help dialog" } @@ -31,6 +32,9 @@ do helpFunc exit 0 ;; + -y|--yes) + CONFIRM=true + ;; *) CERTS_TO_REVOKE+=("$1") ;; @@ -111,31 +115,38 @@ fi cd /etc/openvpn/easy-rsa || exit for (( ii = 0; ii < ${#CERTS_TO_REVOKE[@]}; ii++)); do - printf "\n::: Revoking certificate '"%s"'.\n" "${CERTS_TO_REVOKE[ii]}" - ./easyrsa --batch revoke "${CERTS_TO_REVOKE[ii]}" - ./easyrsa gen-crl - printf "\n::: Certificate revoked, and CRL file updated.\n" - printf "::: Removing certs and client configuration for this profile.\n" - rm -rf "pki/reqs/${CERTS_TO_REVOKE[ii]}.req" - rm -rf "pki/private/${CERTS_TO_REVOKE[ii]}.key" - rm -rf "pki/issued/${CERTS_TO_REVOKE[ii]}.crt" + if [ -n "$CONFIRM" ]; then + REPLY="y" + else + read -r -p "Do you really want to revoke ${CERTS_TO_REVOKE[ii]}? [Y/n] " + fi + if [[ $REPLY =~ ^[Yy]$ ]]; then + printf "\n::: Revoking certificate '"%s"'.\n" "${CERTS_TO_REVOKE[ii]}" + ./easyrsa --batch revoke "${CERTS_TO_REVOKE[ii]}" + ./easyrsa gen-crl + printf "\n::: Certificate revoked, and CRL file updated.\n" + printf "::: Removing certs and client configuration for this profile.\n" + rm -rf "pki/reqs/${CERTS_TO_REVOKE[ii]}.req" + rm -rf "pki/private/${CERTS_TO_REVOKE[ii]}.key" + rm -rf "pki/issued/${CERTS_TO_REVOKE[ii]}.crt" - # Grab the client IP address - NET_REDUCED="${pivpnNET::-2}" - STATIC_IP=$(grep -v "^#" /etc/openvpn/ccd/"${CERTS_TO_REVOKE[ii]}" | grep -w ifconfig-push | grep -oE "${NET_REDUCED}\.[0-9]{1,3}") - rm -rf /etc/openvpn/ccd/"${CERTS_TO_REVOKE[ii]}" + # Grab the client IP address + NET_REDUCED="${pivpnNET::-2}" + STATIC_IP=$(grep -v "^#" /etc/openvpn/ccd/"${CERTS_TO_REVOKE[ii]}" | grep -w ifconfig-push | grep -oE "${NET_REDUCED}\.[0-9]{1,3}") + rm -rf /etc/openvpn/ccd/"${CERTS_TO_REVOKE[ii]}" - rm -rf "${install_home}/ovpns/${CERTS_TO_REVOKE[ii]}.ovpn" - rm -rf "/etc/openvpn/easy-rsa/pki/${CERTS_TO_REVOKE[ii]}.ovpn" - cp /etc/openvpn/easy-rsa/pki/crl.pem /etc/openvpn/crl.pem + rm -rf "${install_home}/ovpns/${CERTS_TO_REVOKE[ii]}.ovpn" + rm -rf "/etc/openvpn/easy-rsa/pki/${CERTS_TO_REVOKE[ii]}.ovpn" + cp /etc/openvpn/easy-rsa/pki/crl.pem /etc/openvpn/crl.pem - # If using Pi-hole, remove the client from the hosts file - if [ -f /etc/pivpn/hosts.openvpn ]; then - sed "\#${STATIC_IP} ${CERTS_TO_REVOKE[ii]}.pivpn#d" -i /etc/pivpn/hosts.openvpn - if killall -SIGHUP pihole-FTL; then - echo "::: Updated hosts file for Pi-hole" - else - echo "::: Failed to reload pihole-FTL configuration" + # If using Pi-hole, remove the client from the hosts file + if [ -f /etc/pivpn/hosts.openvpn ]; then + sed "\#${STATIC_IP} ${CERTS_TO_REVOKE[ii]}.pivpn#d" -i /etc/pivpn/hosts.openvpn + if killall -SIGHUP pihole-FTL; then + echo "::: Updated hosts file for Pi-hole" + else + echo "::: Failed to reload pihole-FTL configuration" + fi fi fi done From 689b77b73e3c5c5510630d99a13d5b7a0bcbabc2 Mon Sep 17 00:00:00 2001 From: giotto Date: Sun, 19 Jul 2020 21:46:18 +0200 Subject: [PATCH 4/4] lgtm Co-authored-by: Orazio --- scripts/wireguard/removeCONF.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/wireguard/removeCONF.sh b/scripts/wireguard/removeCONF.sh index 61e7a35..9f62a4d 100755 --- a/scripts/wireguard/removeCONF.sh +++ b/scripts/wireguard/removeCONF.sh @@ -30,7 +30,7 @@ do helpFunc exit 0 ;; - -yes|--yes) + -y|--yes) CONFIRM=true ;; *)