Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings

Commit a3e2562

Browse files
Added security checks
1 parent ef36799 commit a3e2562

File tree

1 file changed

+70
-31
lines changed

1 file changed

+70
-31
lines changed

‎root/usr/local/bin/ovpn-subject

Lines changed: 70 additions & 31 deletions
Original file line numberDiff line numberDiff line change
@@ -44,22 +44,30 @@ function generate_ovpn() {
4444
fi
4545

4646
# Add CA certificate
47-
$RUNCMD echo '<ca>' >> $OVPN_FILE
48-
$RUNCMD cat $EASYRSA_PKI/ca.crt >> $OVPN_FILE
49-
$RUNCMD echo '</ca>' >> $OVPN_FILE
47+
if [ -f "$EASYRSA_PKI/ca.crt" ]; then
48+
$RUNCMD echo '<ca>' >> $OVPN_FILE
49+
$RUNCMD cat $EASYRSA_PKI/ca.crt >> $OVPN_FILE
50+
$RUNCMD echo '</ca>' >> $OVPN_FILE
51+
else
52+
echo 'No ca.crt added, please add it manually via --ca or <ca>...</ca>'
53+
fi
5054

5155
# Add client's public key
52-
$RUNCMD echo '<cert>' >> $OVPN_FILE
53-
$RUNCMD cat $EASYRSA_PKI/issued/1ドル.crt >> $OVPN_FILE
54-
$RUNCMD echo '</cert>' >> $OVPN_FILE
56+
if [ -f "$EASYRSA_PKI/issued/1ドル.crt" ]; then
57+
$RUNCMD echo '<cert>' >> $OVPN_FILE
58+
$RUNCMD cat $EASYRSA_PKI/issued/1ドル.crt >> $OVPN_FILE
59+
$RUNCMD echo '</cert>' >> $OVPN_FILE
60+
else
61+
echo 'No public key added, please add it manually via --cert or <cert>...</cert>'
62+
fi
5563

5664
# Add client's private key
5765
if [ -f "$EASYRSA_PKI/private/1ドル.key" ]; then
5866
$RUNCMD echo '<key>' >> $OVPN_FILE
5967
$RUNCMD cat $EASYRSA_PKI/private/1ドル.key >> $OVPN_FILE
6068
$RUNCMD echo '</key>' >> $OVPN_FILE
6169
else
62-
echo 'Client private key not added (sign only mode), please add it manualy via --key or <key>...</key>'
70+
echo 'Private key not added (sign only mode), please add it manually via --key or <key>...</key>'
6371
fi
6472

6573
# Add TLS key if specified in client template config
@@ -69,19 +77,31 @@ function generate_ovpn() {
6977
read -r -p "Add --$crypto to .ovpn? [Y/n] " response
7078
if [[ ! "$response" =~ ^[Nn] ]]; then
7179
if [ "$crypto" == 'tls-crypt' ]; then
72-
$RUNCMD echo '<tls-crypt>' >> $OVPN_FILE
73-
$RUNCMD cat $EASYRSA_PKI/ta.key >> $OVPN_FILE
74-
$RUNCMD echo '</tls-crypt>' >> $OVPN_FILE
80+
if [ -f "$EASYRSA_PKI/ta.key" ]; then
81+
$RUNCMD echo '<tls-crypt>' >> $OVPN_FILE
82+
$RUNCMD cat $EASYRSA_PKI/ta.key >> $OVPN_FILE
83+
$RUNCMD echo '</tls-crypt>' >> $OVPN_FILE
84+
else
85+
echo 'No ta.key, please add it manually via --tls-crypt or <tls-crypt></tls-crypt>'
86+
fi
7587
elif [ "$crypto" == 'tls-auth' ]; then
76-
$RUNCMD echo '# Note: If this is server config replace 1 with 0' >> $OVPN_FILE
77-
$RUNCMD echo 'key-direction 1' >> $OVPN_FILE
78-
$RUNCMD echo '<tls-auth>' >> $OVPN_FILE
79-
$RUNCMD cat $EASYRSA_PKI/ta.key >> $OVPN_FILE
80-
$RUNCMD echo '</tls-auth>' >> $OVPN_FILE
88+
if [ -f "$EASYRSA_PKI/ta.key" ]; then
89+
$RUNCMD echo '# Note: If this is server config replace 1 with 0' >> $OVPN_FILE
90+
$RUNCMD echo 'key-direction 1' >> $OVPN_FILE
91+
$RUNCMD echo '<tls-auth>' >> $OVPN_FILE
92+
$RUNCMD cat $EASYRSA_PKI/ta.key >> $OVPN_FILE
93+
$RUNCMD echo '</tls-auth>' >> $OVPN_FILE
94+
else
95+
echo 'No ta.key, please add it manually via --tls-auth or <tls-auth></tls-auth>'
96+
fi
8197
elif [ "$crypto" == "secret" ]; then
82-
$RUNCMD echo '<secret>' >> $OVPN_FILE
83-
$RUNCMD cat $EASYRSA_PKI/secret.key >> $OVPN_FILE
84-
$RUNCMD echo '</secret>' >> $OVPN_FILE
98+
if [ -f "$EASYRSA_PKI/secret.key" ]; then
99+
$RUNCMD echo '<secret>' >> $OVPN_FILE
100+
$RUNCMD cat $EASYRSA_PKI/secret.key >> $OVPN_FILE
101+
$RUNCMD echo '</secret>' >> $OVPN_FILE
102+
else
103+
echo 'No secret.key, please add it manually via --secret or <secret>...</secret>'
104+
fi
85105
fi
86106
fi
87107
fi
@@ -132,20 +152,27 @@ function generate_pkg() {
132152
echo '# Auto-generated config' >> $TMP_CONFIG
133153

134154
# Add CA certificate
135-
$RUNCMD cp $EASYRSA_PKI/ca.crt $TMP_DIR/openvpn
136-
[ -n "$(grep ^\s*ca $TMP_CONFIG)" ] || $RUNCMD echo 'ca ca.crt' >> $TMP_CONFIG
155+
if [ -f "$EASYRSA_PKI/ca.crt" ]; then
156+
$RUNCMD cp $EASYRSA_PKI/ca.crt $TMP_DIR/openvpn
157+
[ -n "$(grep ^\s*ca $TMP_CONFIG)" ] || $RUNCMD echo 'ca ca.crt' >> $TMP_CONFIG
158+
else
159+
echo 'No ca.crt added, please add it manually via --ca or <ca>...</ca>'
160+
fi
137161

138162
# Add client's public key
139-
$RUNCMD cp $EASYRSA_PKI/issued/1ドル.crt $TMP_DIR/openvpn
140-
[ -n "$(grep ^\s*cert $TMP_CONFIG)" ] || $RUNCMD echo "cert 1ドル.crt" >> $TMP_CONFIG
163+
if [ -f "$EASYRSA_PKI/issued/1ドル.crt" ]; then
164+
$RUNCMD cp $EASYRSA_PKI/issued/1ドル.crt $TMP_DIR/openvpn
165+
[ -n "$(grep ^\s*cert $TMP_CONFIG)" ] || $RUNCMD echo "cert 1ドル.crt" >> $TMP_CONFIG
166+
else
167+
echo 'No public key added, please add it manually via --cert or <cert>...</cert>'
168+
fi
141169

142170
# Add client's private key
143171
if [ -f "$EASYRSA_PKI/private/1ドル.key" ]; then
144172
$RUNCMD cp $EASYRSA_PKI/private/1ドル.key $TMP_DIR/openvpn
145173
[ -n "$(grep ^\s*key $TMP_CONFIG)" ] || $RUNCMD echo "key 1ドル.key" >> $TMP_CONFIG
146174
else
147-
$RUNCMD echo "#key 1ドル.key" >> $TMP_CONFIG
148-
echo 'Client private key not added (sign only mode), please add it manualy via --key or <key>...</key>'
175+
echo 'Private key not added (sign only mode), please add it manualy via --key or <key>...</key>'
149176
fi
150177

151178
# Add TLS key if specified in client template config
@@ -155,15 +182,27 @@ function generate_pkg() {
155182
read -r -p "Add --$crypto to .ovpn? [Y/n] " response
156183
if [[ ! "$response" =~ ^[Nn] ]]; then
157184
if [ "$crypto" == 'tls-crypt' ]; then
158-
$RUNCMD cp $EASYRSA_PKI/ta.key $TMP_DIR/openvpn
159-
[ -n "$(grep ^\s*tls-crypt $TMP_CONFIG)" ] || $RUNCMD echo 'tls-crypt ta.key' >> $TMP_CONFIG
185+
if [ -f "$EASYRSA_PKI/ta.key" ]; then
186+
$RUNCMD cp $EASYRSA_PKI/ta.key $TMP_DIR/openvpn
187+
[ -n "$(grep ^\s*tls-crypt $TMP_CONFIG)" ] || $RUNCMD echo 'tls-crypt ta.key' >> $TMP_CONFIG
188+
else
189+
echo 'No ta.key, please add it manually via --tls-crypt or <tls-crypt></tls-crypt>'
190+
fi
160191
elif [ "$crypto" == 'tls-auth' ]; then
161-
$RUNCMD cp $EASYRSA_PKI/ta.key $TMP_DIR/openvpn
162-
[ -n "$(grep ^\s*tls-auth $TMP_CONFIG)" ] || $RUNCMD echo '# Note: If this is server config replace 1 with 0' >> $TMP_CONFIG
163-
[ -n "$(grep ^\s*tls-auth $TMP_CONFIG)" ] || $RUNCMD echo 'tls-auth 1 ta.key' >> $TMP_CONFIG
192+
if [ -f "$EASYRSA_PKI/ta.key" ]; then
193+
$RUNCMD cp $EASYRSA_PKI/ta.key $TMP_DIR/openvpn
194+
[ -n "$(grep ^\s*tls-auth $TMP_CONFIG)" ] || $RUNCMD echo '# Note: If this is server config replace 1 with 0' >> $TMP_CONFIG
195+
[ -n "$(grep ^\s*tls-auth $TMP_CONFIG)" ] || $RUNCMD echo 'tls-auth 1 ta.key' >> $TMP_CONFIG
196+
else
197+
echo 'No ta.key, please add it manually via --tls-auth or <tls-auth></tls-auth>'
198+
fi
164199
elif [ "$crypto" == "secret" ]; then
165-
$RUNCMD cat $EASYRSA_PKI/secret.key $TMP_DIR/openvpn
166-
[ -n "$(grep ^\s*secret $TMP_CONFIG)" ] || $RUNCMD echo 'secret secret.key' >> $TMP_CONFIG
200+
if [ -f "$EASYRSA_PKI/secret.key" ]; then
201+
$RUNCMD cat $EASYRSA_PKI/secret.key $TMP_DIR/openvpn
202+
[ -n "$(grep ^\s*secret $TMP_CONFIG)" ] || $RUNCMD echo 'secret secret.key' >> $TMP_CONFIG
203+
else
204+
echo 'No secret.key, please add it manually via --secret or <secret>...</secret>'
205+
fi
167206
fi
168207
fi
169208
fi

0 commit comments

Comments
(0)

AltStyle によって変換されたページ (->オリジナル) /