From 8f55500f0fd58b6299862d75768fbaa98f305b02 Mon Sep 17 00:00:00 2001
From: hwdsl2 <hwdsl2@users.noreply.github.com>
Date: Thu, 30 Dec 2021 15:47:49 -0600
Subject: [PATCH] Improve VPN user scripts

- Improve helper scripts for managing VPN users.
- Support running add_vpn_user.sh and del_vpn_user.sh interactively
  without arguments.
---
 extras/add_vpn_user.sh     | 53 ++++++++++++++++++++++++++++----------
 extras/del_vpn_user.sh     | 38 ++++++++++++++++++++-------
 extras/update_vpn_users.sh |  7 +++++
 3 files changed, 76 insertions(+), 22 deletions(-)

diff --git a/extras/add_vpn_user.sh b/extras/add_vpn_user.sh
index 1fff698..a3ad6f7 100755
--- a/extras/add_vpn_user.sh
+++ b/extras/add_vpn_user.sh
@@ -16,6 +16,17 @@ SYS_DT=$(date +%F-%T | tr ':' '_')
 exiterr()  { echo "Error: $1" >&2; exit 1; }
 conf_bk() { /bin/cp -f "$1" "$1.old-$SYS_DT" 2>/dev/null; }
 
+show_intro() {
+cat <<'EOF'
+
+Welcome! Use this script to add or update a VPN user account for both
+IPsec/L2TP and IPsec/XAuth ("Cisco IPsec") modes.
+
+If the username you specify already exists, it will be updated
+with the new password. Otherwise, a new VPN user will be added.
+EOF
+}
+
 add_vpn_user() {
 
 if [ "$(id -u)" != 0 ]; then
@@ -33,15 +44,35 @@ fi
 
 command -v openssl >/dev/null 2>&1 || exiterr "'openssl' not found. Abort."
 
+if [ "$1" = "-h" ] || [ "$1" = "--help" ]; then
+cat 1>&2 <<EOF
+Usage: sudo bash $0 'username_to_add' 'password'
+       sudo bash $0 'username_to_update' 'new_password'
+You may also run this script interactively without arguments.
+EOF
+  exit 1
+fi
+
 VPN_USER=$1
 VPN_PASSWORD=$2
 
 if [ -z "$VPN_USER" ] || [ -z "$VPN_PASSWORD" ]; then
-cat 1>&2 <<EOF
-Usage: sudo bash $0 'username_to_add' 'password'
-       sudo bash $0 'username_to_update' 'new_password'
-EOF
-  exit 1
+  show_intro
+  echo
+  echo "List of existing VPN usernames:"
+  cut -f1 -d : /etc/ipsec.d/passwd
+  echo
+  echo "Enter the VPN username you want to add or update."
+  read -rp "Username: " VPN_USER
+  if [ -z "$VPN_USER" ]; then
+    echo "Abort. No changes were made." >&2
+    exit 1
+  fi
+  read -rp "Password: " VPN_PASSWORD
+  if [ -z "$VPN_PASSWORD" ]; then
+    echo "Abort. No changes were made." >&2
+    exit 1
+  fi
 fi
 
 if printf '%s' "$VPN_USER $VPN_PASSWORD" | LC_ALL=C grep -q '[^ -~]\+'; then
@@ -54,16 +85,12 @@ case "$VPN_USER $VPN_PASSWORD" in
     ;;
 esac
 
+if [ -n "$1" ] && [ -n "$2" ]; then
+  show_intro
+fi
+
 cat <<EOF
 
-Welcome! Use this script to add or update a VPN user account for both
-IPsec/L2TP and IPsec/XAuth ("Cisco IPsec") modes.
-
-If the username you specified already exists, it will be updated
-with the new password. Otherwise, a new VPN user will be added.
-
-Please double check before continuing!
-
 ================================================
 
 VPN user to add or update:
diff --git a/extras/del_vpn_user.sh b/extras/del_vpn_user.sh
index da0f1c9..b0b7ddc 100755
--- a/extras/del_vpn_user.sh
+++ b/extras/del_vpn_user.sh
@@ -16,6 +16,14 @@ SYS_DT=$(date +%F-%T | tr ':' '_')
 exiterr()  { echo "Error: $1" >&2; exit 1; }
 conf_bk() { /bin/cp -f "$1" "$1.old-$SYS_DT" 2>/dev/null; }
 
+show_intro() {
+cat <<'EOF'
+
+Welcome! Use this script to delete a VPN user account for both
+IPsec/L2TP and IPsec/XAuth ("Cisco IPsec") modes.
+EOF
+}
+
 del_vpn_user() {
 
 if [ "$(id -u)" != 0 ]; then
@@ -31,13 +39,28 @@ EOF
   exit 1
 fi
 
+if [ "$1" = "-h" ] || [ "$1" = "--help" ]; then
+cat 1>&2 <<EOF
+Usage: sudo bash $0 'username_to_delete'
+You may also run this script interactively without arguments.
+EOF
+  exit 1
+fi
+
 VPN_USER=$1
 
 if [ -z "$VPN_USER" ]; then
-cat 1>&2 <<EOF
-Usage: sudo bash $0 'username_to_delete'
-EOF
-  exit 1
+  show_intro
+  echo
+  echo "List of existing VPN usernames:"
+  cut -f1 -d : /etc/ipsec.d/passwd
+  echo
+  echo "Enter the VPN username you want to delete."
+  read -rp "Username: " VPN_USER
+  if [ -z "$VPN_USER" ]; then
+    echo "Abort. No changes were made." >&2
+    exit 1
+  fi
 fi
 
 if printf '%s' "$VPN_USER" | LC_ALL=C grep -q '[^ -~]\+'; then
@@ -68,13 +91,10 @@ EOF
   exit 1
 fi
 
+[ -n "$1" ] && show_intro
+
 cat <<EOF
 
-Welcome! Use this script to delete a VPN user account for both
-IPsec/L2TP and IPsec/XAuth ("Cisco IPsec") modes.
-
-Please double check before continuing!
-
 ================================================
 
 VPN user to delete:
diff --git a/extras/update_vpn_users.sh b/extras/update_vpn_users.sh
index 2dffd4e..4917e3a 100755
--- a/extras/update_vpn_users.sh
+++ b/extras/update_vpn_users.sh
@@ -55,6 +55,13 @@ fi
 
 command -v openssl >/dev/null 2>&1 || exiterr "'openssl' not found. Abort."
 
+if [ "$1" = "-h" ] || [ "$1" = "--help" ]; then
+cat 1>&2 <<'EOF'
+For usage information, visit https://git.io/vpnnotes, then click on Manage VPN Users.
+EOF
+  exit 1
+fi
+
 [ -n "$YOUR_USERNAMES" ] && VPN_USERS="$YOUR_USERNAMES"
 [ -n "$YOUR_PASSWORDS" ] && VPN_PASSWORDS="$YOUR_PASSWORDS"