From 852d404c126809ebf0d9014609144e704089bfbf Mon Sep 17 00:00:00 2001
From: Kyle Manna <kyle@kylemanna.com>
Date: Sat, 5 Jul 2014 18:51:58 -0700
Subject: [PATCH] env: Re-work environment code

* Instead of storing just a server_url which was necessary to
  regenerate the OpenVPN configs, instead store an env file.
* Move all the env parsing to `ovpn_genconfig` so that it can be re-run
  from genconfig instead of from `ovpn_init`.
* Remove all the parsing and env defaults except for genconfig.

NOTE: This breaks the older config method, uesrs will need to re-run
genconfig with an arg[1] as the previous server_url, this will create
the necessary env file the rest of the tools expect.

Example recovery for legacy users:

    host$ docker run --rm -it kylemanna/openvpn bash -l
    container# ovpn_genconfig $(cat /etc/openvpn/server_url)
---
 bin/ovpn_genconfig | 44 +++++++++++++++++++++++++++++++-------------
 bin/ovpn_getclient | 27 +++++----------------------
 bin/ovpn_init      | 23 ++++-------------------
 3 files changed, 40 insertions(+), 54 deletions(-)

diff --git a/bin/ovpn_genconfig b/bin/ovpn_genconfig
index f8b261e..1e1dbd8 100755
--- a/bin/ovpn_genconfig
+++ b/bin/ovpn_genconfig
@@ -6,20 +6,37 @@
 
 set -ex
 
-server_url=$1
-[ -z "$server_url" ] && server_url=$(cat "$OPENVPN/server_url" 2> /dev/null)
+OVPN_ENV=$OPENVPN/ovpn_env.sh
 
-if [[ "$server_url" =~ ^((udp|tcp)://)?([0-9a-zA-Z\.]+)(:([0-9]+))?$ ]]; then
-    proto=${BASH_REMATCH[2]};
-    port=${BASH_REMATCH[5]};
+# Import defaults if present
+[ -r "$OVPN_ENV" ] && source "$OVPN_ENV"
+
+# Override config if set
+[ -n "$1" ] && OVPN_SERVER_URL="$1"
+
+# Server name is in the form "udp://vpn.example.com:1194"
+if [[ "$OVPN_SERVER_URL" =~ ^((udp|tcp)://)?([0-9a-zA-Z\.]+)(:([0-9]+))?$ ]]; then
+    OVPN_PROTO=${BASH_REMATCH[2]};
+    OVPN_CN=${BASH_REMATCH[3]};
+    OVPN_PORT=${BASH_REMATCH[5]};
 else
     echo "Common name not specified"
     exit 1
 fi
 
 # Apply defaults
-[ -z "$proto" ] && proto=1194
-[ -z "$port" ] && port=udp
+[ -z "$OVPN_PROTO" ] && OVPN_PROTO=udp
+[ -z "$OVPN_PORT" ] && OVPN_PORT=1194
+
+
+# Preserve config
+if [ -f "$OVPN_ENV" ]; then
+    bak_env=$OVPN_ENV.$(date +%s).bak
+    echo "Backing up $OVPN_ENV -> $bak_env"
+    mv "$OVPN_ENV" "$bak_env"
+fi
+export OVPN_SERVER_URL OVPN_ENV OVPN_PROTO OVPN_CN OVPN_PORT
+env | grep ^OVPN_ > "$OVPN_ENV"
 
 conf=$OPENVPN/openvpn.conf
 if [ -f "$conf" ]; then
@@ -32,9 +49,9 @@ cat > "$conf" <<EOF
 server 192.168.255.0 255.255.255.0
 verb 3
 #duplicate-cn
-key $EASYRSA_PKI/private/$cn.key
+key $EASYRSA_PKI/private/$OVPN_CN.key
 ca $EASYRSA_PKI/ca.crt
-cert $EASYRSA_PKI/issued/$cn.crt
+cert $EASYRSA_PKI/issued/$OVPN_CN.crt
 dh $EASYRSA_PKI/dh.pem
 tls-auth $EASYRSA_PKI/ta.key
 key-direction 0
@@ -47,11 +64,12 @@ push "dhcp-option DNS 8.8.8.8"
 client-config-dir $OPENVPN/ccd
 route 192.168.254.0 255.255.255.0
 
-proto $proto
-port $port
+proto $OVPN_PROTO
+port $OVPN_PORT
 dev tun0
 status /tmp/openvpn-status.log
 EOF
 
-# Clean-up duplicate configs
-diff -q "$bak" "$conf" && rm "$bak"
+# Clean-up duplicate configs (always return success)
+diff -q "$bak_env" "$OVPN_ENV" 2> /dev/null && rm "$bak_env" || true
+diff -q "$bak" "$conf" 2> /dev/null && rm "$bak" || true
diff --git a/bin/ovpn_getclient b/bin/ovpn_getclient
index 4def85b..14de814 100755
--- a/bin/ovpn_getclient
+++ b/bin/ovpn_getclient
@@ -6,27 +6,10 @@
 
 set -ex
 
-if [ -s "$OPENVPN/server_url" ]; then
-    server_url=$(cat "$OPENVPN/server_url" 2> /dev/null)
-else
-    # TODO Backwards compatible, need to throw away eventually
-    server_url=$(cat "$OPENVPN/servername" 2> /dev/null)
-fi
+source "$OPENVPN/ovpn_env.sh"
+cn=$1
 
-if [[ "$server_url" =~ ^((udp|tcp)://)?([0-9a-zA-Z\.]+)(:([0-9]+))?$ ]]; then
-    proto=${BASH_REMATCH[2]};
-    servername=${BASH_REMATCH[3]};
-    port=${BASH_REMATCH[5]};
-else
-    echo "Common name not specified"
-    exit 1
-fi
-
-# Apply defaults
-[ -z "$proto" ] && proto=1194
-[ -z "$port" ] && port=udp
-
-if [ ! -f "$EASYRSA_PKI/private/$cn.key" ]; then
+if [ ! -f "$EASYRSA_PKI/private/${cn}.key" ]; then
     easyrsa build-server-full $cn nopass
 fi
 
@@ -38,10 +21,10 @@ redirect-gateway def1
 remote-cert-tls server
 
 <key>
-$(cat $EASYRSA_PKI/private/$cn.key)
+$(cat $EASYRSA_PKI/private/${cn}.key)
 </key>
 <cert>
-$(cat $EASYRSA_PKI/issued/$cn.crt)
+$(cat $EASYRSA_PKI/issued/${cn}.crt)
 </cert>
 <ca>
 $(cat $EASYRSA_PKI/ca.crt)
diff --git a/bin/ovpn_init b/bin/ovpn_init
index 21a9fe2..65130ff 100755
--- a/bin/ovpn_init
+++ b/bin/ovpn_init
@@ -6,21 +6,10 @@
 
 set -ex
 
-server_url=$1
+# Generate the ovpn env file
+ovpn_genconfig "$1"
 
-# Server name is in the form "udp://vpn.example.com:1194"
-if [[ "$server_url" =~ ^((udp|tcp)://)?([0-9a-zA-Z\.]+)(:([0-9]+))?$ ]]; then
-    proto=${BASH_REMATCH[2]};
-    cn=${BASH_REMATCH[3]};
-    port=${BASH_REMATCH[5]};
-else
-    echo "Common name not specified"
-    exit 1
-fi
-
-# Apply defaults
-[ -z "$proto" ] && proto=1194
-[ -z "$port" ] && port=udp
+source "$OPENVPN/ovpn_env.sh"
 
 # Specify "nopass" as arg[2] to make the CA insecure
 nopass=$2
@@ -46,9 +35,5 @@ openvpn --genkey --secret $OPENVPN/pki/ta.key
 #    [ -n "$ptr" ] && cn=$ptr || cn=$ip4
 #fi
 
-echo "$server_url" > $OPENVPN/server_url
-
 # For a server key with a password, manually init; this is autopilot
-easyrsa build-server-full $cn nopass
-
-ovpn_genconfig "$cn"
+easyrsa build-server-full "$OVPN_CN" nopass