Update IKEv2 script

- Improvement: If the script is run using sudo, export the VPN client config files to the user's home directory instead of "/root", and set owner/group so that users can more easily download the config files.
2024-11-22 21:16:02 +03:00 · 2021-01-30 14:24:01 -06:00 · 2021-01-30 14:24:01 -06:00 · a44c1ea473
commit a44c1ea473
parent fd0d20ecc1
1 changed files with 31 additions and 4 deletions
--- a/extras/ikev2setup.sh
+++ b/extras/ikev2setup.sh
@ -110,10 +110,8 @@ check_utils_exist() {

 check_container() {
  in_container=0
-  export_dir=~/
  if grep -qs "hwdsl2" /opt/src/run.sh; then
    in_container=1
-    export_dir="/etc/ipsec.d/"
  fi
 }

@ -276,6 +274,22 @@ show_export_client_message() {
  bigecho2 "Exporting existing IKEv2 client '$client_name', using default options."
 }

+get_export_dir() {
+  export_to_home_dir=0
+  if grep -qs "hwdsl2" /opt/src/run.sh; then
+    export_dir="/etc/ipsec.d/"
+  else
+    export_dir=~/
+    if [ -n "$SUDO_USER" ] && getent group "$SUDO_USER" >/dev/null 2>&1; then
+      user_home_dir=$(getent passwd "$SUDO_USER" 2>/dev/null | cut -d: -f6)
+      if [ -d "$user_home_dir" ] && [ "$user_home_dir" != "/" ]; then
+        export_dir="$user_home_dir/"
+        export_to_home_dir=1
+      fi
+    fi
+  fi
+}
+
 get_server_ip() {
  echo "Trying to auto discover IP of this server..."
  public_ip=$(dig @resolver1.opendns.com -t A -4 myip.opendns.com +short)
@ -619,11 +633,17 @@ EOF
    [ -z "$p12_password" ] && exiterr "Could not generate a random password for .p12 file."
  fi

+  p12_file="$export_dir$client_name-$SYS_DT.p12"
  if [ "$use_own_password" = "1" ]; then
-    pk12util -d sql:/etc/ipsec.d -n "$client_name" -o "$export_dir$client_name-$SYS_DT.p12" || exit 1
+    pk12util -d sql:/etc/ipsec.d -n "$client_name" -o "$p12_file" || exit 1
  else
-    pk12util -W "$p12_password" -d sql:/etc/ipsec.d -n "$client_name" -o "$export_dir$client_name-$SYS_DT.p12" || exit 1
+    pk12util -W "$p12_password" -d sql:/etc/ipsec.d -n "$client_name" -o "$p12_file" || exit 1
  fi
+
+  if [ "$export_to_home_dir" = "1" ]; then
+    chown "$SUDO_USER:$SUDO_USER" "$p12_file"
+  fi
+  chmod 600 "$p12_file"
 }

 install_base64_uuidgen() {
@ -802,6 +822,9 @@ $ca_base64
 </plist>
 EOF

+  if [ "$export_to_home_dir" = "1" ]; then
+    chown "$SUDO_USER:$SUDO_USER" "$mc_file"
+  fi
  chmod 600 "$mc_file"
 }

@ -835,6 +858,9 @@ cat > "$sswan_file" <<EOF
 }
 EOF

+  if [ "$export_to_home_dir" = "1" ]; then
+    chown "$SUDO_USER:$SUDO_USER" "$sswan_file"
+  fi
  chmod 600 "$sswan_file"
 }

@ -1162,6 +1188,7 @@ ikev2setup() {
  done

  check_arguments
+  get_export_dir

  if [ "$add_client_using_defaults" = "1" ]; then
    show_add_client_message