From 4f228ef62029cf83c1ba1372ffe16035b704b75c Mon Sep 17 00:00:00 2001 From: Tercio Gaudencio Filho Date: Wed, 16 Nov 2016 17:47:31 -0200 Subject: [PATCH 1/3] Added a check before revoking a client certificate --- openvpn-install.sh | 32 +++++++++++++++++++------------- 1 file changed, 19 insertions(+), 13 deletions(-) diff --git a/openvpn-install.sh b/openvpn-install.sh index 7ca4bf2..119428d 100644 --- a/openvpn-install.sh +++ b/openvpn-install.sh @@ -111,19 +111,25 @@ if [[ -e /etc/openvpn/server.conf ]]; then else read -p "Select one client [1-$NUMBEROFCLIENTS]: " CLIENTNUMBER fi - CLIENT=$(tail -n +2 /etc/openvpn/easy-rsa/pki/index.txt | grep "^V" | cut -d '=' -f 2 | sed -n "$CLIENTNUMBER"p) - cd /etc/openvpn/easy-rsa/ - ./easyrsa --batch revoke $CLIENT - ./easyrsa gen-crl - rm -rf pki/reqs/$CLIENT.req - rm -rf pki/private/$CLIENT.key - rm -rf pki/issued/$CLIENT.crt - rm -rf /etc/openvpn/crl.pem - cp /etc/openvpn/easy-rsa/pki/crl.pem /etc/openvpn/crl.pem - # CRL is read with each client connection, when OpenVPN is dropped to nobody - chown nobody:$GROUPNAME /etc/openvpn/crl.pem - echo "" - echo "Certificate for client $CLIENT revoked" + if [[ "$CLIENTNUMBER" -ge 1 -a "$CLIENTNUMBER" -le $NUMBEROFCLIENTS ]]; then + CLIENT=$(tail -n +2 /etc/openvpn/easy-rsa/pki/index.txt | grep "^V" | cut -d '=' -f 2 | sed -n "$CLIENTNUMBER"p) + cd /etc/openvpn/easy-rsa/ + ./easyrsa --batch revoke $CLIENT + ./easyrsa gen-crl + rm -rf pki/reqs/$CLIENT.req + rm -rf pki/private/$CLIENT.key + rm -rf pki/issued/$CLIENT.crt + rm -rf /etc/openvpn/crl.pem + cp /etc/openvpn/easy-rsa/pki/crl.pem /etc/openvpn/crl.pem + # CRL is read with each client connection, when OpenVPN is dropped to nobody + chown nobody:$GROUPNAME /etc/openvpn/crl.pem + echo "" + echo "Certificate for client $CLIENT revoked" + else + echo "" + echo "You selected a invalid client!" + exit 7 + fi exit ;; 3) From 67b31c75e4c0eb40dbffd6d463111401d393ac3b Mon Sep 17 00:00:00 2001 From: Tercio Gaudencio Filho Date: Wed, 16 Nov 2016 17:55:26 -0200 Subject: [PATCH 2/3] Added a check before integer comparison --- openvpn-install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/openvpn-install.sh b/openvpn-install.sh index 119428d..159c265 100644 --- a/openvpn-install.sh +++ b/openvpn-install.sh @@ -111,7 +111,7 @@ if [[ -e /etc/openvpn/server.conf ]]; then else read -p "Select one client [1-$NUMBEROFCLIENTS]: " CLIENTNUMBER fi - if [[ "$CLIENTNUMBER" -ge 1 -a "$CLIENTNUMBER" -le $NUMBEROFCLIENTS ]]; then + if [[ "$CLIENTNUMBER" =~ ^[0-9]+$ ]] && [[ "$CLIENTNUMBER" -ge 1 ]] && [[ "$CLIENTNUMBER" -le $NUMBEROFCLIENTS ]]; then CLIENT=$(tail -n +2 /etc/openvpn/easy-rsa/pki/index.txt | grep "^V" | cut -d '=' -f 2 | sed -n "$CLIENTNUMBER"p) cd /etc/openvpn/easy-rsa/ ./easyrsa --batch revoke $CLIENT From 332ffb03c5e32c5d5c3873f822e2c6ed7f0e0aed Mon Sep 17 00:00:00 2001 From: Tercio Gaudencio Filho Date: Wed, 16 Nov 2016 17:58:13 -0200 Subject: [PATCH 3/3] Typo --- openvpn-install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/openvpn-install.sh b/openvpn-install.sh index 159c265..4b1c41e 100644 --- a/openvpn-install.sh +++ b/openvpn-install.sh @@ -127,7 +127,7 @@ if [[ -e /etc/openvpn/server.conf ]]; then echo "Certificate for client $CLIENT revoked" else echo "" - echo "You selected a invalid client!" + echo "You selected an invalid client!" exit 7 fi exit