core01 · June 18, 2020 07:35
diff --git a/del_vpn_user.sh b/del_vpn_user.sh
 #!/bin/sh
 #
 # Script to delete an VPN user for both IPsec/L2TP and Cisco IPsec
 #
 # Copyright (C) 2018-2020 Lin Song <[email protected]>
 #
 # This work is licensed under the Creative Commons Attribution-ShareAlike 3.0
 # Unported License: http://creativecommons.org/licenses/by-sa/3.0/
 #
 # Attribution required: please include my name in any derivative and let me
 # know how you have improved it!

 export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
 SYS_DT=$(date +%F-%T | tr ':' '_')

 exiterr()  { echo "Error: $1" >&2; exit 1; }
 conf_bk() { /bin/cp -f "$1" "$1.old-$SYS_DT" 2>/dev/null; }

 del_vpn_user() {

 if [ "$(id -u)" != 0 ]; then
  exiterr "Script must be run as root. Try 'sudo sh $0'"
 fi

 if [ ! -f "/etc/ppp/chap-secrets" ] || [ ! -f "/etc/ipsec.d/passwd" ]; then
 cat 1>&2 <<'EOF'
 Error: File /etc/ppp/chap-secrets and/or /etc/ipsec.d/passwd do not exist!
       Your must first set up the VPN server before deleting VPN users.
       See: https://github.com/hwdsl2/setup-ipsec-vpn
 EOF
  exit 1
 fi

 if ! grep -qs "hwdsl2 VPN script" /etc/sysctl.conf; then
 cat 1>&2 <<'EOF'
 Error: This script can only be used with VPN servers created using:
       https://github.com/hwdsl2/setup-ipsec-vpn
 EOF
  exit 1
 fi

 VPN_USER=$1

 if [ -z "$VPN_USER" ]; then
 cat 1>&2 <<EOF
 Usage: sudo sh $0 'username_to_delete'
 EOF
  exit 1
 fi

 if printf '%s' "$VPN_USER" | LC_ALL=C grep -q '[^ -~]\+'; then
  exiterr "VPN username must not contain non-ASCII characters."
 fi

 case "$VPN_USER" in
  *[\\\"\']*)
    exiterr "VPN username must not contain these special characters: \\ \" '"
    ;;
 esac

 if [ "$(grep -c "^\"$VPN_USER\" " /etc/ppp/chap-secrets)" = "0" ] \
  || [ "$(grep -c "^$VPN_USER:\\\$1\\\$" /etc/ipsec.d/passwd)" = "0" ]; then
 cat 1>&2 <<'EOF'
 Error: The specified VPN user does not exist in /etc/ppp/chap-secrets
       and/or /etc/ipsec.d/passwd.
 EOF
  exit 1
 fi

 if [ "$(grep -c -v -e '^#' -e '^[[:space:]]*$' /etc/ppp/chap-secrets)" = "1" ] \
  || [ "$(grep -c -v -e '^#' -e '^[[:space:]]*$' /etc/ipsec.d/passwd)" = "1" ]; then
 cat 1>&2 <<'EOF'
 Error: Cannot delete the only VPN user from /etc/ppp/chap-secrets
       and/or /etc/ipsec.d/passwd.
 EOF
  exit 1
 fi

 # Backup config files
 conf_bk "/etc/ppp/chap-secrets"
 conf_bk "/etc/ipsec.d/passwd"

 # Delete VPN user
 sed -i "/^\"$VPN_USER\" /d" /etc/ppp/chap-secrets
 # shellcheck disable=SC2016
 sed -i '/^'"$VPN_USER"':\$1\$/d' /etc/ipsec.d/passwd

 # Update file attributes
 chmod 600 /etc/ppp/chap-secrets* /etc/ipsec.d/passwd*

 echo true

 }

 ## Defer until we have the complete script
 del_vpn_user "$@"

 exit 0
	#!/bin/sh
	#
	# Script to delete an VPN user for both IPsec/L2TP and Cisco IPsec
	#
	# Copyright (C) 2018-2020 Lin Song <[email protected]>
	#
	# This work is licensed under the Creative Commons Attribution-ShareAlike 3.0
	# Unported License: http://creativecommons.org/licenses/by-sa/3.0/
	#
	# Attribution required: please include my name in any derivative and let me
	# know how you have improved it!

	export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
	SYS_DT=$(date +%F-%T \| tr ':' '_')

	exiterr() { echo "Error: $1" >&2; exit 1; }
	conf_bk() { /bin/cp -f "$1" "$1.old-$SYS_DT" 2>/dev/null; }

	del_vpn_user() {

	if [ "$(id -u)" != 0 ]; then
	exiterr "Script must be run as root. Try 'sudo sh $0'"
	fi

	if [ ! -f "/etc/ppp/chap-secrets" ] \|\| [ ! -f "/etc/ipsec.d/passwd" ]; then
	cat 1>&2 <<'EOF'
	Error: File /etc/ppp/chap-secrets and/or /etc/ipsec.d/passwd do not exist!
	Your must first set up the VPN server before deleting VPN users.
	See: https://github.com/hwdsl2/setup-ipsec-vpn
	EOF
	exit 1
	fi

	if ! grep -qs "hwdsl2 VPN script" /etc/sysctl.conf; then
	cat 1>&2 <<'EOF'
	Error: This script can only be used with VPN servers created using:
	https://github.com/hwdsl2/setup-ipsec-vpn
	EOF
	exit 1
	fi

	VPN_USER=$1

	if [ -z "$VPN_USER" ]; then
	cat 1>&2 <<EOF
	Usage: sudo sh $0 'username_to_delete'
	EOF
	exit 1
	fi

	if printf '%s' "$VPN_USER" \| LC_ALL=C grep -q '[^ -~]\+'; then
	exiterr "VPN username must not contain non-ASCII characters."
	fi

	case "$VPN_USER" in
	[\\\"\'])
	exiterr "VPN username must not contain these special characters: \\ \" '"
	;;
	esac

	if [ "$(grep -c "^\"$VPN_USER\" " /etc/ppp/chap-secrets)" = "0" ] \
	\|\| [ "$(grep -c "^$VPN_USER:\\\$1\\\$" /etc/ipsec.d/passwd)" = "0" ]; then
	cat 1>&2 <<'EOF'
	Error: The specified VPN user does not exist in /etc/ppp/chap-secrets
	and/or /etc/ipsec.d/passwd.
	EOF
	exit 1
	fi

	if [ "$(grep -c -v -e '^#' -e '^[[:space:]]*$' /etc/ppp/chap-secrets)" = "1" ] \
	\|\| [ "$(grep -c -v -e '^#' -e '^[[:space:]]*$' /etc/ipsec.d/passwd)" = "1" ]; then
	cat 1>&2 <<'EOF'
	Error: Cannot delete the only VPN user from /etc/ppp/chap-secrets
	and/or /etc/ipsec.d/passwd.
	EOF
	exit 1
	fi

	# Backup config files
	conf_bk "/etc/ppp/chap-secrets"
	conf_bk "/etc/ipsec.d/passwd"

	# Delete VPN user
	sed -i "/^\"$VPN_USER\" /d" /etc/ppp/chap-secrets
	# shellcheck disable=SC2016
	sed -i '/^'"$VPN_USER"':\$1\$/d' /etc/ipsec.d/passwd

	# Update file attributes
	chmod 600 /etc/ppp/chap-secrets* /etc/ipsec.d/passwd*

	echo true

	}

	## Defer until we have the complete script
	del_vpn_user "$@"

	exit 0