whereisaaron · April 10, 2022 08:49
diff --git a/openvpn-simple-password-auth.sh b/openvpn-simple-password-auth.sh
 #!/bin/bash

 #
 # Read username and password from the supplied filename
 #
 readarray -t lines < $1
 username=${lines[0]}
 password=${lines[1]}

 #
 # Collection of usernames and SHA512 hashed passwords
 #
 users=(
  'some.user|$6$msd9UoKs$fboHk.i.Orbm8/VWbkagML/QWneNSkFcHpdNMXJF4rGuYhXoSreaYd5r4nKi7gHI9udhSHOhmPwwbbMEvYPAx1'
  'another.user|$6$msd9UoKs$bD1hNG.nh7s/aEOGKyvY7pF9VdzwSNxfBQar.56EvaJ4h2qvECbp0PszzVohQ3WIuctuV88TViWnY3YFJqni3.'
 )

 salt="msd9UoKs"

 for user in "${users[@]}"
 do
  arrIN=(${user//|/ })
  currentUsername=${arrIN[0]}
  currentPassword=${arrIN[1]}

  if [[ "$currentUsername" == "$username" ]]; then
    echo "Found user $currentUsername checking password..."
    passwordToTest=$(python -c "import crypt, getpass, pwd; print(crypt.crypt('${password}', '\$6\$${salt}\$'))")
    if [[ "$passwordToTest" == "$currentPassword" ]]; then
      echo "Correct password"
      exit 0
    fi
  fi
 done
 echo "Could not find a username/password combination."
 exit 1

 #
 # Generate users with python or mkpasswd from Debian whois package:
 #   python -c "import crypt, getpass, pwd; print(crypt.crypt('<password>', '\$6\$<salt>\$'))"
 #   docker run -it ubuntu bash -c "apt-get update && apt-get install -f whois && mkpasswd -m sha-512 -S '<salt>' '<password>'"
 #

 #
 # For OpenVPN configure with:
 #   script-security 2
 #   auth-user-pass-verify /pathtoscript.sh via-file
 #   username-as-common-name    # Without this OpenVPN will use CN in the certificate as the user name
 #   duplicate-cn               # Needed if everyone is using same client certificate
 #
	#!/bin/bash

	#
	# Read username and password from the supplied filename
	#
	readarray -t lines < $1
	username=${lines[0]}
	password=${lines[1]}

	#
	# Collection of usernames and SHA512 hashed passwords
	#
	users=(
	'some.user\|$6$msd9UoKs$fboHk.i.Orbm8/VWbkagML/QWneNSkFcHpdNMXJF4rGuYhXoSreaYd5r4nKi7gHI9udhSHOhmPwwbbMEvYPAx1'
	'another.user\|$6$msd9UoKs$bD1hNG.nh7s/aEOGKyvY7pF9VdzwSNxfBQar.56EvaJ4h2qvECbp0PszzVohQ3WIuctuV88TViWnY3YFJqni3.'
	)

	salt="msd9UoKs"

	for user in "${users[@]}"
	do
	arrIN=(${user//\|/ })
	currentUsername=${arrIN[0]}
	currentPassword=${arrIN[1]}

	if [[ "$currentUsername" == "$username" ]]; then
	echo "Found user $currentUsername checking password..."
	passwordToTest=$(python -c "import crypt, getpass, pwd; print(crypt.crypt('${password}', '\$6\$${salt}\$'))")
	if [[ "$passwordToTest" == "$currentPassword" ]]; then
	echo "Correct password"
	exit 0
	fi
	fi
	done
	echo "Could not find a username/password combination."
	exit 1

	#
	# Generate users with python or mkpasswd from Debian whois package:
	# python -c "import crypt, getpass, pwd; print(crypt.crypt('<password>', '\$6\$<salt>\$'))"
	# docker run -it ubuntu bash -c "apt-get update && apt-get install -f whois && mkpasswd -m sha-512 -S '<salt>' '<password>'"
	#

	#
	# For OpenVPN configure with:
	# script-security 2
	# auth-user-pass-verify /pathtoscript.sh via-file
	# username-as-common-name # Without this OpenVPN will use CN in the certificate as the user name
	# duplicate-cn # Needed if everyone is using same client certificate
	#