Overview
| Comment: | more updats |
|---|---|
| Downloads: | Tarball | ZIP archive | SQL archive |
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA3-256: |
514964602ba7915d3adfdfcf11063639 |
| User & Date: | lexi on 2019-05-04 03:20:18 |
| Other Links: | manifest | tags |
Context
|
2019-05-06
| ||
| 23:35 | add hue api check-in: 967c6eaf26 user: lexi tags: trunk | |
|
2019-05-04
| ||
| 03:20 | more updats check-in: 514964602b user: lexi tags: trunk | |
| 02:38 | updates check-in: 05feae3cd3 user: lexi tags: trunk | |
Changes
Modified vpn/vpn from [0b831e354e] to [4d7cc51848].
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 .. 34 35 36 37 38 39 40 41 42 43 44 45 46 47 .. 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 .. 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 ... 142 143 144 145 146 147 148 149 150 151 152 153 154 155 ... 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 |
#!/usr/bin/env bash # [ʞ] vpn # ~ lexi hale <lexi@hale.su> # ® affero general public license # $ vpn (join | part | info | clean | key) <name> # : vim:ft=bash # vpn is a simple wrapper around openvpn to make it suitable # for everyday use. it takes two arguments: the vpn, and # what to do with it. # - vpn join <vpn>: opens a connection to vpn <name> # - vpn part <vpn>: closes an active connection to <name> # - vpn info <vpn>: reports the status of of a vpn # - vpn key <host>: automatically provisions the client # with RSA keys from <host> and creates # a configuration file if one does not # already exist # - vpn part <vpn>: closes an active connection to <vpn> # - vpn help: display this text # # a number of environment variables affect the behavior of # vpn. these are listed in the source with their defaults # and an explantion of their function. if you do not wish # users to be able to change the behavior of vpn with # setenv, you must change the param invokation to a simple ................................................................................ # pivot to the account that invoked the script after it is # done with tasks that require privileged access. # # (it should go without saying, but ensure you understand # the security implications before editing sudoers on a # multiuser machine or one that is directly exposed to the # internet.) _text_=$LINENO param(){ eval $1=\${$1:-$2}; } param vpn_basedir ~/opt/vpn # the directory in which vpn's logfiles are stored, ................................................................................ param USER $(whoami) # the user who should own all files and processes # created and destroyed by vpn param vpn_pidbox $TMPDIR/pid.$USER # a directory for storing pids in. this should be chmod # 700 and owned by the user invoking vpn, ideally param vpn_bin openvpn # the binary to use. if openvpn is not in your path, # enter its absolute path here param vpn_script $0 # a path to the executable ................................................................................ param vpn_scrname $(basename $vpn_script) # the name of the executable # thus ends the admin-configurable portion of this script. # abandon all hope, ye who enter here err(){ echo -e "\e[1;31merror:\e[m" $* ; exit 1; } assert(){ msg=$1; shift; test ! $@ && err $msg; } test "$1" == help || assert "incorrect number of arguments" $# -eq 2 act=$1; target=$2 vpnd=$vpn_confdir/$target conf=$vpnd/conf ................................................................................ goodpid && err "\e[1m$target\e[m is already up!" # make sure a private pid directory exists test ! -e $vpn_pidbox && mkdir -p $vpn_pidbox chmod 700 $vpn_pidbox # check and see if we're using automatic # host certificates; tell openvpn if so test -e $vpnd/ca.crt && { hostcert=$vpnd/$vpn_cn cmd=( --askpass --ca $vpnd/ca.crt ................................................................................ # kill an existing connection ( part | down | disc* | stop | p | d ) test -e $pidfile && { goodpid && { kill $(cat $pidfile) && rm -f $pidfile } || { echo -e "\e[1;33mwarn:\e[m pidfile exists but does not name an openvpn process" echo " → removing pidfile for safety" rm -f $pidfile } } || { echo -ne "\e[1mvpn $target\e[m is not up" } ;; # clean up dirty pidfiles ( clean | wipe | clear | fix | tidy ) clean=1 ;& # return profile status ( info | stat* | detail* | i ) echo -ne "\e[1mvpn $target:\e[m " test ! -e $pidfile && { echo -ne "\e[31mno\e[m current connection" pids=($(pidof openvpn)) let pidc=${#pids} ((pidc > 0)) && { echo ", but $pidc vpn instances are running" exit 2 } || { echo; exit 0; } } || { echo -n "pidfile exists" proc=$(ps ho fname $(cat $pidfile)) (($? != 0)) && { echo ", but there are no processes with that pid" stale; exit 1 } || test "$proc" == "openvpn" && { echo -e " and openvpn is \e[32mrunning\e[m" exit 0 } || { echo -e " but named process is \e[31mnot a vpn instance!\e[m" stale; exit 1 } } ;; ( help ) head -n $(expr $_text_ - 2) $vpn_script | tail -n $(expr $_text_ - 2); exit 255;; ( * ) err "action must be one of: join | part | info | clean" ;; esac |
| > > > > > > > > > > > > > > > > > > > > > > | > | > > > > > > > > > > > > | | | | | | | | | < | > > > > | > |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 .. 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 .. 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 ... 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 ... 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 ... 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 |
#!/usr/bin/env bash # [ʞ] vpn # ~ lexi hale <lexi@hale.su> # ® affero general public license # $ vpn (join | part | info | clean | key | pid) <name> # : vim:ft=bash # vpn is a simple wrapper around openvpn to make it suitable # for everyday use. it takes two arguments: the vpn, and # what to do with it. # - vpn join <vpn>: opens a connection to vpn <name> # - vpn part <vpn>: closes an active connection to <name> # - vpn info <vpn>: reports the status of of a vpn # - vpn key <host>: automatically provisions the client # with RSA keys from <host> and creates # a configuration file if one does not # already exist # - vpn part <vpn>: closes an active connection to <vpn> # - vpn pid <vpn>: print the pid of an active connection # - vpn help: display this text # # a number of environment variables affect the behavior of # vpn. these are listed in the source with their defaults # and an explantion of their function. if you do not wish # users to be able to change the behavior of vpn with # setenv, you must change the param invokation to a simple ................................................................................ # pivot to the account that invoked the script after it is # done with tasks that require privileged access. # # (it should go without saying, but ensure you understand # the security implications before editing sudoers on a # multiuser machine or one that is directly exposed to the # internet.) # # this script is designed to automatically handle # certificate-based authentication. if there is a file named # "ca.crt" in the config folder for a script, the script # will look for files named $vpn_cn.crt and $vpn_cn.key, # which are automatically passed to openvpn (you don't need # to name them in the config file; this feature is designed # to enable the syncing of config files across multiple # devices each with their own certificate for the host. it # can also automatically download the necessary certificate # files from the server using ssh (scp); to enable this # feature, $vpn_srv_keydir must be set to the location of # the "pki" directory on the server. users may then invoke # `vpn key $server-url` to create a default configuration # and provision the device. $vpn_cn should probably be # set to your hostname (the default) or a device-unique # identifier issued by your organization. # TODO set up `key` mode so that it is able to accept # paths from the command line as well as in the # $vpn_srv_keydir environment variable. _text_=$LINENO param(){ eval $1=\${$1:-$2}; } param vpn_basedir ~/opt/vpn # the directory in which vpn's logfiles are stored, ................................................................................ param USER $(whoami) # the user who should own all files and processes # created and destroyed by vpn param vpn_pidbox $TMPDIR/pid.$USER # a directory for storing pids in. this should be chmod # 700 and owned by the user invoking vpn, ideally on a # tmpfs param vpn_bin openvpn # the binary to use. if openvpn is not in your path, # enter its absolute path here param vpn_script $0 # a path to the executable ................................................................................ param vpn_scrname $(basename $vpn_script) # the name of the executable # thus ends the admin-configurable portion of this script. # abandon all hope, ye who enter here err(){ echo -e "\e[1;31merror:\e[m" $* >&2; exit 1; } warn(){ echo -e "\e[1;33mwarn:\e[m " $* >&2; } assert(){ msg=$1; shift; test ! $@ && err $msg; } test "$1" == help || assert "incorrect number of arguments" $# -eq 2 act=$1; target=$2 vpnd=$vpn_confdir/$target conf=$vpnd/conf ................................................................................ goodpid && err "\e[1m$target\e[m is already up!" # make sure a private pid directory exists test ! -e $vpn_pidbox && mkdir -p $vpn_pidbox chmod 700 $vpn_pidbox # make sure a private base directory exists test ! -e $vpn_basedir && { mkdir -p $vpn_basedir && { chmod 700 $USER $vpn_pidbox } || { err '$vpn_basedir is not set or points to a nonexistent directory you cannot create.' } } test -e $vpn_global || err "global configuration file $vpn_global does not exist or is not in $vpn_basedir" # check and see if we're using automatic # host certificates; tell openvpn if so test -e $vpnd/ca.crt && { hostcert=$vpnd/$vpn_cn cmd=( --askpass --ca $vpnd/ca.crt ................................................................................ # kill an existing connection ( part | down | disc* | stop | p | d ) test -e $pidfile && { goodpid && { kill $(cat $pidfile) && rm -f $pidfile } || { warn 'pidfile exists but does not name an openvpn process' echo ' → removing pidfile for safety' >&2 rm -f $pidfile } } || { echo -ne "\e[1mvpn $target\e[m is not up" >&2 } ;; # clean up dirty pidfiles ( clean | wipe | clear | fix | tidy ) clean=1 ;& # return profile status ( info | stat* | detail* | i ) echo -ne "\e[1mvpn $target:\e[m " >&2 test ! -e $pidfile && { echo -ne "\e[31mno\e[m current connection" >&2 pids=($(pidof openvpn)) let pidc=${#pids} ((pidc > 0)) && { echo ", but $pidc vpn instances are running" >&2 exit 2 } || { echo; exit 0; } } || { echo -n "pidfile exists" >&2 proc=$(ps ho fname $(cat $pidfile)) (($? != 0)) && { echo ", but there are no processes with that pid" >&2 stale; exit 1 } || test "$proc" == "openvpn" && { echo -e " and openvpn is \e[32mrunning\e[m" >&2 } || { echo -e " but named process is \e[31mnot a vpn instance!\e[m" >&2 stale; exit 1 } } ;; ( help ) head -n $(expr $_text_ - 2) $vpn_script | tail -n $(expr $_text_ - 2); exit 255;; ( pid ) test -e $pidfile && cat $pidfile || err "no pidfile exists for \e[1m$target\e[m; are you sure you're connected" ;; ( * ) err "action must be one of: join | part | info | clean | key | pid | help" ;; esac exit 0 |