fix: improve CLIENT_FILEPATH handling and reduce code duplication

- Fix getClientOwner() to verify user exists via `id` command before attempting to set ownership (prevents issues when /home/foo exists but user foo doesn't) - Add writeClientConfig() helper that handles filepath determination, directory creation for custom paths, config generation, and permission setting - Refactor newClient() and renewClient() to use the new helper, eliminating ~30 lines of duplicated code
2025-12-17 17:27:03 +01:00 · 2025-12-13 21:24:31 +01:00
parent 08f6f1e7cc
commit ae50439c86
1 changed files with 43 additions and 37 deletions
--- a/openvpn-install.sh
+++ b/openvpn-install.sh
@@ -1565,7 +1565,8 @@ function getHomeDir() {
 # Helper function to get the owner of a client config file (if client matches a system user)
 function getClientOwner() {
 	local client="$1"
-	if [ -e "/home/${client}" ]; then
+	# Check if client name corresponds to an existing system user with a home directory
+	if id "$client" &>/dev/null && [ -d "/home/${client}" ]; then
 		echo "${client}"
 	elif [ "${SUDO_USER}" ] && [ "${SUDO_USER}" != "root" ]; then
 		echo "${SUDO_USER}"
@@ -1585,6 +1586,41 @@ function setClientConfigPermissions() {
 	fi
 }

+# Helper function to write client config file with proper path and permissions
+# Usage: writeClientConfig <client_name>
+# Uses CLIENT_FILEPATH env var if set, otherwise defaults to home directory
+# Returns: sets GENERATED_CONFIG_PATH variable with the final path
+function writeClientConfig() {
+	local client="$1"
+	local clientFilePath
+
+	# Determine output file path
+	if [[ -n "$CLIENT_FILEPATH" ]]; then
+		clientFilePath="$CLIENT_FILEPATH"
+		# Ensure parent directory exists for custom paths
+		local parentDir
+		parentDir=$(dirname "$clientFilePath")
+		if [[ ! -d "$parentDir" ]]; then
+			run_cmd "Creating directory $parentDir" mkdir -p "$parentDir"
+		fi
+	else
+		local homeDir
+		homeDir=$(getHomeDir "$client")
+		clientFilePath="$homeDir/$client.ovpn"
+	fi
+
+	# Generate the .ovpn config file
+	generateClientConfig "$client" "$clientFilePath"
+
+	# Set proper ownership and permissions if client matches a system user
+	local clientOwner
+	clientOwner=$(getClientOwner "$client")
+	setClientConfigPermissions "$clientFilePath" "$clientOwner"
+
+	# Export path for caller to use
+	GENERATED_CONFIG_PATH="$clientFilePath"
+}
+
 # Helper function to regenerate the CRL after certificate changes
 function regenerateCRL() {
 	export EASYRSA_CRL_DAYS=$DEFAULT_CRL_VALIDITY_DURATION_DAYS
@@ -1845,26 +1881,11 @@ function newClient() {
 		log_success "Client $CLIENT added and is valid for $CLIENT_CERT_DURATION_DAYS days."
 	fi

-	# Determine output file path
-	local clientFilePath
-	if [[ -n "$CLIENT_FILEPATH" ]]; then
-		clientFilePath="$CLIENT_FILEPATH"
-	else
-		local homeDir
-		homeDir=$(getHomeDir "$CLIENT")
-		clientFilePath="$homeDir/$CLIENT.ovpn"
-	fi
-
-	# Generate the .ovpn config file
-	generateClientConfig "$CLIENT" "$clientFilePath"
-
-	# Set proper ownership and permissions if client matches a system user
-	local clientOwner
-	clientOwner=$(getClientOwner "$CLIENT")
-	setClientConfigPermissions "$clientFilePath" "$clientOwner"
+	# Write the .ovpn config file with proper path and permissions
+	writeClientConfig "$CLIENT"

 	log_menu ""
-	log_success "The configuration file has been written to $clientFilePath."
+	log_success "The configuration file has been written to $GENERATED_CONFIG_PATH."
 	log_info "Download the .ovpn file and import it in your OpenVPN client."

 	exit 0
@@ -1921,27 +1942,12 @@ function renewClient() {
 	# Regenerate the CRL
 	regenerateCRL

-	# Determine output file path
-	local clientFilePath
-	if [[ -n "$CLIENT_FILEPATH" ]]; then
-		clientFilePath="$CLIENT_FILEPATH"
-	else
-		local homeDir
-		homeDir=$(getHomeDir "$CLIENT")
-		clientFilePath="$homeDir/$CLIENT.ovpn"
-	fi
-
-	# Regenerate the .ovpn file with the new certificate
-	generateClientConfig "$CLIENT" "$clientFilePath"
-
-	# Set proper ownership and permissions if client matches a system user
-	local clientOwner
-	clientOwner=$(getClientOwner "$CLIENT")
-	setClientConfigPermissions "$clientFilePath" "$clientOwner"
+	# Write the .ovpn config file with proper path and permissions
+	writeClientConfig "$CLIENT"

 	log_menu ""
 	log_success "Certificate for client $CLIENT renewed and is valid for $client_cert_duration_days days."
-	log_info "The new configuration file has been written to $clientFilePath."
+	log_info "The new configuration file has been written to $GENERATED_CONFIG_PATH."
 	log_info "Download the new .ovpn file and import it in your OpenVPN client."
 }