diff --git a/revoke_multiple_keys.sh b/revoke_multiple_keys.sh new file mode 100755 index 0000000..b937728 --- /dev/null +++ b/revoke_multiple_keys.sh @@ -0,0 +1,347 @@ +#!/usr/bin/env bash + +script_name="$(basename $(realpath $0))" +working_dir="$(dirname $(realpath $0))" + +conf_file="${working_dir}/conf/${script_name%%.*}.conf" + +LOCK_DIR="/tmp/${script_name%%.*}.LOCK" +log_file="${LOCK_DIR}/${script_name%%.*}.log" + +clean_up() { + + # Perform program exit housekeeping + rm -rf "$LOCK_DIR" + blank_line + exit $1 +} + + +echononl(){ + if $terminal ; then + echo X\\c > /tmp/shprompt$$ + if [ `wc -c /tmp/shprompt$$ | awk '{print $1}'` -eq 1 ]; then + echo -e -n " $*\\c" 1>&2 + else + echo -e -n " $*" 1>&2 + fi + rm /tmp/shprompt$$ + fi +} +fatal(){ + echo "" + if $terminal ; then + echo -e " [ \033[31m\033[1mFatal\033[m ]: $*" + echo "" + echo -e " \033[31m\033[1mScript was interupted\033[m!" + else + echo " [ Fatal ]: $*" + echo "" + echo " Script was terminated...." + fi + echo "" + clean_up 1 +} +error (){ + echo "" + if $terminal ; then + echo -e " [ \033[31m\033[1mError\033[m ]: $*" + else + echo "[ Error ]: $*" + fi + echo "" +} + +warn (){ + echo "" + if $terminal ; then + echo -e " [ \033[33m\033[1mWarning\033[m ]: $*" + else + echo "[ Warning ]: $*" + fi + echo "" +} + +warn_only_terminal () { + if $terminal ; then + echo "" + echo -e "\t[ \033[33m\033[1mWarning\033[m ]: $*" + echo "" + fi +} + +info (){ + if $terminal ; then + echo "" + echo -e " [ \033[32m\033[1mInfo\033[m ] $*" + echo "" + fi +} + +ok (){ + if $terminal ; then + echo "" + echo -e " [ \033[32m\033[1mOk\033[m ] $*" + echo "" + fi +} + +echo_done() { + if $terminal ; then + echo -e "\033[75G[ \033[32mdone\033[m ]" + fi +} +echo_ok() { + if $terminal ; then + echo -e "\033[75G[ \033[32mok\033[m ]" + fi +} +echo_warn() { + if $terminal ; then + echo -e "\033[75G[ \033[33mwarn\033[m ]" + fi +} +echo_failed(){ + if $terminal ; then + echo -e "\033[75G[ \033[1;31mfailed\033[m ]" + fi +} +echo_skipped() { + if $terminal ; then + echo -e "\033[75G[ \033[90m\033[1mskipped\033[m ]" + fi +} +echo_wait(){ + if $terminal ; then + echo -en "\033[75G[ \033[5m\033[1m...\033[m ]" + fi +} + +# - Check if a given array (parameter 2) contains a given string (parameter 1) +# - +containsElement () { + local e + for e in "${@:2}"; do [[ "$e" == "$1" ]] && return 0; done + return 1 +} + + +trim() { + local var="$*" + var="${var#"${var%%[![:space:]]*}"}" # remove leading whitespace characters + var="${var%"${var##*[![:space:]]}"}" # remove trailing whitespace characters + echo -n "$var" +} + +is_number() { + + return $(test ! -z "${1##*[!0-9]*}" > /dev/null 2>&1); + + # - also possible + # - + #[[ ! -z "${1##*[!0-9]*}" ]] && return 0 || return 1 + #return $([[ ! -z "${1##*[!0-9]*}" ]]) +} + +is_int() { + return $(test "$@" -eq "$@" > /dev/null 2>&1); +} + +blank_line() { + if $terminal ; then + echo "" + fi +} + +# ---------- +# - Some checks .. +# ---------- + +# - Running in a terminal? +# - +if [[ -t 1 ]] ; then + terminal=true +else + terminal=false +fi + +# ------------- +# - Job is already running? +# ------------- + +# - If job already runs, stop execution.. +# - +if mkdir "$LOCK_DIR" 2> /dev/null ; then + + ## - Remove lockdir when the script finishes, or when it receives a signal + trap "clean_up 1" SIGHUP SIGINT SIGTERM + +else + + datum="$(date +"%d.%m.%Y %H:%M")" + + msg="[ Error ]: A previos instance of \"`basename $0`\" seems already be running.\n\n Exiting now.." + + echo "" + echo "[ Error ]: A previos instance of that script \"`basename $0`\" seems already be running." + echo "" + echo -e " Exiting now.." + echo "" + + for _email in ${alert_email_arr[@]} ; do + echo -e "To:${_email}\n${content_type}\nSubject:Error cronjob `basename $0` -- $datum\n${msg}\n" \ + | sendmail -F "Error `hostname -f`" -f $sender_address $_email + done + + exit 1 + +fi + + +# ========== +# - Begin Main Script +# ========== + +# ---------- +# - Headline +# ---------- + +if $terminal ; then + echo "" + echo -e "\033[1m----------\033[m" + echo -e "\033[32m\033[1mRunning script \033[m\033[1m$script_name\033[32m .. \033[m" + echo -e "\033[1m----------\033[m" +fi + + +declare -a conf_file_arr=() +declare -a conf_name_arr=() +for _conf_file in `ls ${working_dir}/conf/server-*.conf 2>/dev/null` ; do + _basename=$(basename $_conf_file) + _tmp_name=${_basename%%.*} + _tmp_name=${_tmp_name#*-} + conf_name_arr+=("$_tmp_name") + conf_file_arr+=("${_conf_file}") +done + +if [[ ${#conf_file_arr[@]} -lt 1 ]] && [[ -z "${conf_file}" ]]; then + fatal "NO Configuration found!" +fi + + +blank_line + +declare -i i=0 + +OPENVPN_INSTANCE= +if [[ ${#conf_file_arr[@]} -gt 1 ]] ; then + if $terminal ; then + echo "" + echo "Which Configuration should be loaded?" + echo "" + fi + for _conf_file in ${conf_file_arr[@]} ; do + if $terminal ; then + echo " [${i}] ${conf_name_arr[${i}]}" + fi + (( i++ )) + done + _OK=false + blank_line + echononl "Eingabe: " + while ! $_OK ; do + read _IN + if is_number "$_IN" && [[ -n ${conf_file_arr[$_IN]} ]]; then + OPENVPN_INSTANCE="${conf_name_arr[$_IN]}" + _OK=true + else + if is_number "$_IN" && [[ -n ${conf_file_arr[$_IN]} ]]; then + if $terminal ; then + echo "" + echo -e "\tFalsche Eingabe !" + echo "" + fi + echononl "Eingabe: " + fi + fi + done + +else + OPENVPN_INSTANCE="${conf_name_arr[0]}" +fi + + +echo "" +echo -e "\033[32m--\033[m" +echo "" +echo "Insert users(s), you wish to revoke from local OpenVPN system.." +echo "" +echo " Multiple users are supported - give a blank separated list" +echo "" +echo "" +users= +if [ -z "$_users" ]; then + echononl "Users: " + read users + while [ "X$users" = "X" ] ; do + echo -e "\n\t\033[33m\033[1mEingabe erforderlich.\033[m\n" + echononl "Users: " + read users + done +else + echononl "Users [${_users}]: " + read users + if [[ "X$users" = "X" ]]; then + users=$_users + fi +fi + + + +# ---------- +# - Main part of script +# ---------- + +if $terminal ; then + echo "" + echo "" + echo -e " \033[1mMain part of script - Goimg to revoke requested user..\033[m" + echo "" +fi + + + +declare -a user_req_for_del_arr=() +for _user in ${users} ; do + user_req_for_del_arr+=("${_user}") +done + +for _user in "${user_req_for_del_arr[@]}" ; do + + echononl " Revoke user \033[1m${_user}\033[m from OpenVPN instance \033[1m${OPENVPN_INSTANCE}\033[m" + echo "1" | /usr/local/src/openvpn/get_all_keys.sh 2> /dev/null | grep -q -i $_user + if [[ $? -eq 0 ]] ; then + echo "1" | /usr/local/src/openvpn/get_revoked_keys.sh 2> /dev/null | grep -q -i $_user + + if [[ $? -gt 0 ]] ; then + /usr/local/src/openvpn/revoke_key.sh -b -S -C ${OPENVPN_INSTANCE} -N ${_user} > ${log_file} 2>&1 + if [[ $? -gt 0 ]]; then + echo_failed + error "$(cat ${log_file})" + else + echo_done + fi + else + echo_skipped + warn_only_terminal "User \033]1m${_user}\033[mn already revoked!" + fi + + else + echo_skipped + warn_only_terminal "User \033]1m${_user}\033[mn has no OpenVPN credentials." + fi + +done + +echo "" +clean_up 0