Ana Sayfa Keşfet Yardım
Giriş Yap
rajven
/
openvpn-status-page
şunun yansıması https://github.com/rajven/openvpn-status-page
1
0
Çatalla 0
Dosyalar Sorunlar 0 Wiki
Ağaç: 0721828ad1
Dallar Biçim İmleri
openvpn-status-...
/
addons
/
cmd
/
revoke_client.sh

revoke_client.sh 2.1 KB
Geçmiş Ham

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586 
  1. #!/bin/bash
    2. 

  2. 

  3. SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
    4. 

  4. #SCRIPT_DIR="$(dirname "$(realpath "${BASH_SOURCE[0]}")")"
    5. 

  5. source "$SCRIPT_DIR/functions.sh"
    6. 

  6. 

  7. if [ "$#" -ne 3 ]; then
    8. 

  8.     log "Usage: $0 <service_name> <rsa_dir> <username>"
    9. 

  9.     exit 1
    10. 

  10. fi
    11. 

  11. 

  12. check_permissions
    13. 

  13. 

  14. SRV_NAME="${1}"
    15. 

  15. RSA_DIR="${2}"
    16. 

  16. USERNAME="${3}"
    17. 

  17. 

  18. log "Starting certificate revocation for $USERNAME by user $ORIGINAL_USER"
    19. 

  19. 

  20. # Check that the RSA directory exists
    21. 

  21. if [ ! -d "$RSA_DIR" ]; then
    22. 

  22.     log "Error: RSA directory not found: $RSA_DIR"
    23. 

  23.     exit 1
    24. 

  24. fi
    25. 

  25. 

  26. # Change to the RSA directory
    27. 

  27. cd "$RSA_DIR" || exit 1
    28. 

  28. 

  29. # Check that easyrsa exists
    30. 

  30. if [ ! -f "./easyrsa" ]; then
    31. 

  31.     log "Error: easyrsa not found in $RSA_DIR"
    32. 

  32.     exit 1
    33. 

  33. fi
    34. 

  34. 

  35. # Check that the certificate exists
    36. 

  36. if [ ! -f "./pki/issued/${USERNAME}.crt" ]; then
    37. 

  37.     log "Error: Certificate for user $USERNAME not found"
    38. 

  38.     exit 1
    39. 

  39. fi
    40. 

  40. 

  41. # Check whether the certificate is already revoked
    42. 

  42. if grep -q "/CN=${USERNAME}" ./pki/index.txt | grep -q "R"; then
    43. 

  43.     log "Error: Certificate for $USERNAME is already revoked"
    44. 

  44.     exit 1
    45. 

  45. fi
    46. 

  46. 

  47. # Revoke the certificate
    48. 

  48. log "Revoking certificate for user: $USERNAME"
    49. 

  49. ./easyrsa --batch revoke "$USERNAME"
    50. 

  50. 

  51. if [ $? -eq 0 ]; then
    52. 

  52.     log "Successfully revoked certificate for $USERNAME"
    53. 

  53. 

  54.     # Generate CRL (Certificate Revocation List)
    55. 

  55.     log "Generating CRL..."
    56. 

  56.     ./easyrsa --batch gen-crl
    57. 

  57. 

  58.     if [ $? -eq 0 ]; then
    59. 

  59.         log "CRL generated successfully"
    60. 

  60. 

  61.         chown ${owner_user}:${owner_group} -R "$RSA_DIR/pki/issued/"
    62. 

  62.         chown ${owner_user}:${owner_group} "$RSA_DIR/pki/crl.pem"
    63. 

  63.         chmod 660 "${RSA_DIR}/pki/issued/"*.crt
    64. 

  64. 

  65.         # Restart the service
    66. 

  66.         log "Restarting service: $SRV_NAME"
    67. 

  67.         systemctl restart "${SRV_NAME}"
    68. 

  68. 

  69.         if [ $? -eq 0 ]; then
    70. 

  70.             log "Service $SRV_NAME restarted successfully"
    71. 

  71.             log "Certificate revocation completed for $USERNAME"
    72. 

  72.             exit 0
    73. 

  73.         else
    74. 

  74.             log "Error: Failed to restart service $SRV_NAME"
    75. 

  75.             exit 1
    76. 

  76.         fi
    77. 

  77.     else
    78. 

  78.         log "Error: Failed to generate CRL"
    79. 

  79.         exit 1
    80. 

  80.     fi
    81. 

  81. else
    82. 

  82.     log "Error: Failed to revoke certificate for $USERNAME"
    83. 

  83.     exit 1
    84. 

  84. fi
    85. 

  85. 

  86. exit 0
    87.