From 459db4b62a16ed617b9c762a492d82db59ad84cc Mon Sep 17 00:00:00 2001 From: bedefaced Date: Wed, 30 Aug 2017 01:57:18 +0300 Subject: [PATCH] openvpn check and deluser (revoke); crl-verify option added; adduser bugfix --- ipsec/adduser.sh | 2 + openvpn/adduser.sh | 67 ++++++++++++++++++-------------- openvpn/checkuser.sh | 22 +++++++++++ openvpn/deluser.sh | 26 +++++++++++++ openvpn/install.sh | 4 ++ openvpn/openvpn-server.conf.dist | 1 + pptp/adduser.sh | 2 + 7 files changed, 95 insertions(+), 29 deletions(-) create mode 100755 openvpn/checkuser.sh create mode 100755 openvpn/deluser.sh diff --git a/ipsec/adduser.sh b/ipsec/adduser.sh index c140117..3950a17 100755 --- a/ipsec/adduser.sh +++ b/ipsec/adduser.sh @@ -48,6 +48,7 @@ do else read -p "Would you want to add another user? [no] " ANSUSER : ${ANSUSER:=$NOTADDUSER} + unset LOGIN fi continue else @@ -101,6 +102,7 @@ do echo read -p "Would you want to add another user? [no] " ANSUSER : ${ANSUSER:=$NOTADDUSER} + unset LOGIN else ANSUSER=$NOTADDUSER fi diff --git a/openvpn/adduser.sh b/openvpn/adduser.sh index 83b0c35..5b9caa0 100755 --- a/openvpn/adduser.sh +++ b/openvpn/adduser.sh @@ -25,51 +25,60 @@ do read -p "Enter name: " LOGIN done - ./build-key --batch $LOGIN + $DIR/checkuser.sh $LOGIN - if [ $? -eq 0 ]; then + if [[ $? -ne 0 ]]; then - # copy files and OVPN config - mkdir -p "$DIR/$LOGIN" - cp $CADIR/keys/ca.crt $CADIR/keys/$LOGIN.key $CADIR/keys/$LOGIN.crt ta.key "$DIR/$LOGIN/" + ./build-key --batch $LOGIN - DIST="$DIR/$LOGIN/openvpn-server.ovpn" - cp $DIR/openvpn-server.ovpn.dist $DIST - sed -i -e "s@LOGIN@$LOGIN@g" $DIST - sed -i -e "s@IP@$IP@g" $DIST + if [ $? -eq 0 ]; then - SRC="$DIR/$LOGIN" - DIST="$DIR/$LOGIN/openvpn-server-embedded.ovpn" - cp $DIR/openvpn-server-embedded.ovpn.dist $DIST - sed -i -e "s@IP@$IP@g" $DIST + # copy files and OVPN config + mkdir -p "$DIR/$LOGIN" + cp $CADIR/keys/ca.crt $CADIR/keys/$LOGIN.key $CADIR/keys/$LOGIN.crt ta.key "$DIR/$LOGIN/" - echo "" >> $DIST - cat $SRC/ca.crt >> $DIST - echo "" >> $DIST + DIST="$DIR/$LOGIN/openvpn-server.ovpn" + cp $DIR/openvpn-server.ovpn.dist $DIST + sed -i -e "s@LOGIN@$LOGIN@g" $DIST + sed -i -e "s@IP@$IP@g" $DIST - echo "" >> $DIST - cat $SRC/$LOGIN.crt >> $DIST - echo "" >> $DIST + SRC="$DIR/$LOGIN" + DIST="$DIR/$LOGIN/openvpn-server-embedded.ovpn" + cp $DIR/openvpn-server-embedded.ovpn.dist $DIST + sed -i -e "s@IP@$IP@g" $DIST - echo "" >> $DIST - cat $SRC/$LOGIN.key >> $DIST - echo "" >> $DIST + echo "" >> $DIST + cat $SRC/ca.crt >> $DIST + echo "" >> $DIST - echo "" >> $DIST - cat $SRC/ta.key >> $DIST - echo "" >> $DIST + echo "" >> $DIST + cat $SRC/$LOGIN.crt >> $DIST + echo "" >> $DIST - echo - echo "Directory $DIR/$LOGIN with necessary files has been created." - USERNAME=${SUDO_USER:-$USER} - chown -R $USERNAME:$USERNAME $DIR/$LOGIN/ + echo "" >> $DIST + cat $SRC/$LOGIN.key >> $DIST + echo "" >> $DIST + + echo "" >> $DIST + cat $SRC/ta.key >> $DIST + echo "" >> $DIST + echo + echo "Directory $DIR/$LOGIN with necessary files has been created." + USERNAME=${SUDO_USER:-$USER} + chown -R $USERNAME:$USERNAME $DIR/$LOGIN/ + + fi + else + echo "User $LOGIN already exists." + unset LOGIN fi if [[ $# -eq 0 ]]; then echo read -p "Would you want to add another user? [no] " ANSUSER : ${ANSUSER:=$NOTADDUSER} + unset LOGIN else ANSUSER=$NOTADDUSER fi diff --git a/openvpn/checkuser.sh b/openvpn/checkuser.sh new file mode 100755 index 0000000..0c9924e --- /dev/null +++ b/openvpn/checkuser.sh @@ -0,0 +1,22 @@ +#!/usr/bin/env bash + +DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd ) +source $DIR/env.sh + +if [[ "$EUID" -ne 0 ]]; then + echo "Sorry, you need to run this as root" + exit 1 +fi + +if [[ $# -gt 0 ]]; then + LOGIN="$1" +fi + +while [[ -z "$LOGIN" ]]; +do + read -p "Enter name: " LOGIN +done + +RET=$(ls $CADIR/keys | grep "^$LOGIN.key$" >/dev/null) + +exit $? diff --git a/openvpn/deluser.sh b/openvpn/deluser.sh new file mode 100755 index 0000000..75ae5b2 --- /dev/null +++ b/openvpn/deluser.sh @@ -0,0 +1,26 @@ +#!/usr/bin/env bash + +DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd ) +source $DIR/env.sh + +if [[ "$EUID" -ne 0 ]]; then + echo "Sorry, you need to run this as root" + exit 1 +fi + +if [[ $# -gt 0 ]]; then + LOGIN="$1" +fi + +while [[ -z "$LOGIN" ]]; +do + read -p "Enter name: " LOGIN +done + +cd $CADIR +source ./vars + +./revoke-full $LOGIN + +cp -rf $CADIR/keys/crl.pem $OPENVPNDIR +chown nobody:$NOBODYGROUP $OPENVPNDIR/crl.pem diff --git a/openvpn/install.sh b/openvpn/install.sh index 72328ca..4a3f3ee 100755 --- a/openvpn/install.sh +++ b/openvpn/install.sh @@ -29,6 +29,7 @@ echo echo "Installing configuration files..." yes | cp -rf $DIR/openvpn-server.conf.dist $OPENVPNCONFIG +sed -i -e "s@OPENVPNDIR@$OPENVPNDIR@g" $OPENVPNCONFIG sed -i -e "s@CADIR@$CADIR@g" $OPENVPNCONFIG sed -i -e "s@LOCALPREFIX@$LOCALPREFIX@g" $OPENVPNCONFIG sed -i -e "s@NOBODYGROUP@$NOBODYGROUP@g" $OPENVPNCONFIG @@ -63,6 +64,9 @@ source ./vars ./build-dh openvpn --genkey --secret ta.key +# add dummy user and revoke its certificate for non-empty crl.pem file +./build-key --batch client000 +./revoke-full client000 echo echo "Adding cron jobs..." diff --git a/openvpn/openvpn-server.conf.dist b/openvpn/openvpn-server.conf.dist index e2e3299..79497bf 100644 --- a/openvpn/openvpn-server.conf.dist +++ b/openvpn/openvpn-server.conf.dist @@ -2,6 +2,7 @@ mode server port 1194 proto udp dev tun +crl-verify OPENVPNDIR/crl.pem ca CADIR/keys/ca.crt cert CADIR/keys/openvpn-server.crt key CADIR/keys/openvpn-server.key diff --git a/pptp/adduser.sh b/pptp/adduser.sh index 56b557d..c44464a 100755 --- a/pptp/adduser.sh +++ b/pptp/adduser.sh @@ -48,6 +48,7 @@ do else read -p "Would you want to add another user? [no] " ANSUSER : ${ANSUSER:=$NOTADDUSER} + unset LOGIN fi continue else @@ -79,6 +80,7 @@ do echo read -p "Would you want to add another user? [no] " ANSUSER : ${ANSUSER:=$NOTADDUSER} + unset LOGIN else ANSUSER=$NOTADDUSER fi