mnem/nah_vpn_add_user.sh

## nah_vpn_add_user.sh
#!/bin/bash
#######################################
# Simple script to add VPN users to your chap-secrets file. For details
# on setting up a VPN on EC2, see:
#
#   http://noiseandheat.com/blog/2012/01/vpn-with-amazon-ec2-or-saving-your-phone-from-promiscuity/
#
#
# (c) Copyright 2011 David Wagner.
#
# Complain/commend: http://noiseandheat.com/
#
#
# Licensed under the MIT license:
#
#     http://www.opensource.org/licenses/mit-license.php
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
# THE SOFTWARE.
#
#######################################
# FUNCTIONS AND GLOBALS
#######################################
THIS_SCRIPT=`basename $0`
CHAP_SECRETS=/etc/ppp/chap-secrets
USERNAME=""
VPN_NAME="pptpd"
PASSWORD=""

DIGEST_CMD=/usr/bin/sha1sum
DIGEST_CMD_ALTERNATIVE=/usr/bin/shasum

function show_usage {
cat <<USAGE_END

  Simple script to add VPN users, based on the setup described at:

    http://noiseandheat.com/blog/2012/01/vpn-with-amazon-ec2-or-saving-your-phone-from-promiscuity/

  Usage
  =====

    $THIS_SCRIPT vpn_user_name [vpn_service_name]

  or

    $THIS_SCRIPT vpn_user_name vpn_service_name password

      vpn_user_name     The name of the VPN user to create
      vpn_service_name  The name of the VPN service. Defaults to pptpd
      password          Autogenerated if you use the first form of the command.

  It is recommended that you use the first form so that a secure password
  is automatically generated for the user.

USAGE_END
}

function check_can_access_chap_secrets {
	if [ ! -e "$CHAP_SECRETS" ]
	then
		echo ""
		echo "  ERROR: Cannot find chaps secrets file at '$CHAP_SECRETS'"
		echo ""
		echo "  Edit the CHAP_SECRETS variable at the top of $THIS_SCRIPT to"
		echo "  use a different location."
		exit 1
	fi

	if [ ! -r "$CHAP_SECRETS" ]
	then
		echo ""
		echo "  ERROR: Cannot read chaps secrets file at '$CHAP_SECRETS'"
		echo ""
		echo "  For security, the file can only be accessed by root. Please"
		echo "  use sudo to invoke this script so the file can be read."
		echo "  DO NOT make $CHAP_SECRETS world accessible."
		exit 1
	fi

	if [ ! -w "$CHAP_SECRETS" ]
	then
		echo ""
		echo "  ERROR: Cannot modify chaps secrets file at '$CHAP_SECRETS'"
		echo ""
		echo "  For security, the file can only be accessed by root. Please"
		echo "  use sudo to invoke this script so the file can be read."
		echo "  DO NOT make $CHAP_SECRETS world accessible."
		exit 1
	fi
}

function gather_username_and_service_name {
	if [ -n "$1" ]
	then
		USERNAME=`echo "$1" | sed 's/ /_/g'`
	else
		show_usage
		exit 1
	fi


	if [ -n "$2" ]
	then
		VPN_NAME=$2
	fi
}

function check_user_does_not_already_exist {
	MATCHES=`sudo grep -cE "^$USERNAME\b" $CHAP_SECRETS`
	if [ "0" != "$MATCHES" ]
	then
		MATCH=`sudo grep -E "^$USERNAME\b" $CHAP_SECRETS`
		set $MATCH
		echo ""
		echo "  ERROR: User already seems to exist in '$CHAP_SECRETS'"
		echo ""
		echo "      username: $1"
		echo "      password: $3"
		echo ""
		exit 1
	fi
}

function generate_password {
	if [ -n "$1" ]
	then
		PASSWORD=$1
	else
		if [ ! -e $DIGEST_CMD ]
		then
			DIGEST_CMD=$DIGEST_CMD_ALTERNATIVE
			if [ ! -e $DIGEST_CMD ]
			then
				echo ""
				echo "  ERROR: could not find $DIGEST_CMD or $DIGEST_CMD_ALTERNATIVE"
				echo "  so I can't generate a password for the new user. If you want"
				echo "  to set your own digest command for password generation, edit"
				echo "  the DIGEST_CMD variable at the top of $THIS_SCRIPT."
				echo ""
				echo "  You many also have to hack about with the PASSWORD generation"
				echo "  command in the generate_password function."
				echo ""
				exit 1
			fi
		fi
		PASSWORD=`dd if=/dev/urandom count=1 2> /dev/null | $DIGEST_CMD | cut -c-32`
	fi
}

function create_user {
	echo ""
	echo "  Creating VPN user in '$CHAP_SECRETS'"
	echo ""
	echo "              username: $USERNAME"
	echo "              password: $PASSWORD"
	echo "      VPN service name: $VPN_NAME"
	echo -e "\n$USERNAME $VPN_NAME $PASSWORD *\n" >> $CHAP_SECRETS
}

#######################################
# MAIN
#######################################

gather_username_and_service_name $1 $2

check_can_access_chap_secrets

check_user_does_not_already_exist

generate_password $3

create_user $USERNAME $VPN_NAME $PASSWORD $CHAP_SECRETS
	#!/bin/bash
	#######################################
	# Simple script to add VPN users to your chap-secrets file. For details
	# on setting up a VPN on EC2, see:
	#
	# http://noiseandheat.com/blog/2012/01/vpn-with-amazon-ec2-or-saving-your-phone-from-promiscuity/
	#
	#
	# (c) Copyright 2011 David Wagner.
	#
	# Complain/commend: http://noiseandheat.com/
	#
	#
	# Licensed under the MIT license:
	#
	# http://www.opensource.org/licenses/mit-license.php
	#
	# Permission is hereby granted, free of charge, to any person obtaining a copy
	# of this software and associated documentation files (the "Software"), to deal
	# in the Software without restriction, including without limitation the rights
	# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
	# copies of the Software, and to permit persons to whom the Software is
	# furnished to do so, subject to the following conditions:
	#
	# The above copyright notice and this permission notice shall be included in
	# all copies or substantial portions of the Software.
	#
	# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
	# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
	# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
	# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
	# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
	# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
	# THE SOFTWARE.
	#
	#######################################
	# FUNCTIONS AND GLOBALS
	#######################################
	THIS_SCRIPT=`basename $0`
	CHAP_SECRETS=/etc/ppp/chap-secrets
	USERNAME=""
	VPN_NAME="pptpd"
	PASSWORD=""

	DIGEST_CMD=/usr/bin/sha1sum
	DIGEST_CMD_ALTERNATIVE=/usr/bin/shasum

	function show_usage {
	cat <<USAGE_END

	Simple script to add VPN users, based on the setup described at:

	http://noiseandheat.com/blog/2012/01/vpn-with-amazon-ec2-or-saving-your-phone-from-promiscuity/

	Usage
	=====

	$THIS_SCRIPT vpn_user_name [vpn_service_name]

	or

	$THIS_SCRIPT vpn_user_name vpn_service_name password

	vpn_user_name The name of the VPN user to create
	vpn_service_name The name of the VPN service. Defaults to pptpd
	password Autogenerated if you use the first form of the command.

	It is recommended that you use the first form so that a secure password
	is automatically generated for the user.

	USAGE_END
	}

	function check_can_access_chap_secrets {
	if [ ! -e "$CHAP_SECRETS" ]
	then
	echo ""
	echo " ERROR: Cannot find chaps secrets file at '$CHAP_SECRETS'"
	echo ""
	echo " Edit the CHAP_SECRETS variable at the top of $THIS_SCRIPT to"
	echo " use a different location."
	exit 1
	fi

	if [ ! -r "$CHAP_SECRETS" ]
	then
	echo ""
	echo " ERROR: Cannot read chaps secrets file at '$CHAP_SECRETS'"
	echo ""
	echo " For security, the file can only be accessed by root. Please"
	echo " use sudo to invoke this script so the file can be read."
	echo " DO NOT make $CHAP_SECRETS world accessible."
	exit 1
	fi

	if [ ! -w "$CHAP_SECRETS" ]
	then
	echo ""
	echo " ERROR: Cannot modify chaps secrets file at '$CHAP_SECRETS'"
	echo ""
	echo " For security, the file can only be accessed by root. Please"
	echo " use sudo to invoke this script so the file can be read."
	echo " DO NOT make $CHAP_SECRETS world accessible."
	exit 1
	fi
	}

	function gather_username_and_service_name {
	if [ -n "$1" ]
	then
	USERNAME=`echo "$1" \| sed 's/ /_/g'`
	else
	show_usage
	exit 1
	fi


	if [ -n "$2" ]
	then
	VPN_NAME=$2
	fi
	}

	function check_user_does_not_already_exist {
	MATCHES=`sudo grep -cE "^$USERNAME\b" $CHAP_SECRETS`
	if [ "0" != "$MATCHES" ]
	then
	MATCH=`sudo grep -E "^$USERNAME\b" $CHAP_SECRETS`
	set $MATCH
	echo ""
	echo " ERROR: User already seems to exist in '$CHAP_SECRETS'"
	echo ""
	echo " username: $1"
	echo " password: $3"
	echo ""
	exit 1
	fi
	}

	function generate_password {
	if [ -n "$1" ]
	then
	PASSWORD=$1
	else
	if [ ! -e $DIGEST_CMD ]
	then
	DIGEST_CMD=$DIGEST_CMD_ALTERNATIVE
	if [ ! -e $DIGEST_CMD ]
	then
	echo ""
	echo " ERROR: could not find $DIGEST_CMD or $DIGEST_CMD_ALTERNATIVE"
	echo " so I can't generate a password for the new user. If you want"
	echo " to set your own digest command for password generation, edit"
	echo " the DIGEST_CMD variable at the top of $THIS_SCRIPT."
	echo ""
	echo " You many also have to hack about with the PASSWORD generation"
	echo " command in the generate_password function."
	echo ""
	exit 1
	fi
	fi
	PASSWORD=`dd if=/dev/urandom count=1 2> /dev/null \| $DIGEST_CMD \| cut -c-32`
	fi
	}

	function create_user {
	echo ""
	echo " Creating VPN user in '$CHAP_SECRETS'"
	echo ""
	echo " username: $USERNAME"
	echo " password: $PASSWORD"
	echo " VPN service name: $VPN_NAME"
	echo -e "\n$USERNAME $VPN_NAME $PASSWORD *\n" >> $CHAP_SECRETS
	}

	#######################################
	# MAIN
	#######################################

	gather_username_and_service_name $1 $2

	check_can_access_chap_secrets

	check_user_does_not_already_exist

	generate_password $3

	create_user $USERNAME $VPN_NAME $PASSWORD $CHAP_SECRETS