oktupol · January 1, 2022 12:56
diff --git a/tor-client-authorization.sh b/tor-client-authorization.sh
 #!/bin/bash

 show_help() {
 	echo "$0 - List, update or revoke authorized clients for an onion service"
 	echo ""
 	echo "Available commands:"
 	echo "  $0 list"
 	echo "  List authorized clients"
 	echo ""
 	echo "  $0 add [name]"
 	echo "  Add a new authorized client"
 	echo ""
 	echo "  $0 revoke [name]"
 	echo "  Revoke an auhtorized client"
 }

 list_clients() {
 	echo "Authorized clients:"
 	echo ""
 	for client in $(ls $ONION_AUTH_DIR); do
 		echo $client | sed 's/\.auth$//'
 	done
 }

 add_client() {
 	local name="$1"

 	if [[ ! -n "$name" ]]; then
 		echo "Missing parameter 'name'"
 		return
 	fi

 	if [[ -f "$ONION_AUTH_DIR/$name.auth" ]]; then
 		echo "There is already an authorized client by the name $name."
 		return
 	fi

 	local pem="$(openssl genpkey -algorithm x25519)"
 	local private_key="$(echo "$pem" | grep -v " PRIVATE KEY" | base64pem -d | tail --bytes=32 | base32 | sed 's/=//g')"
 	local public_key="$(echo "$pem" | openssl pkey -pubout | grep -v " PUBLIC KEY" | base64pem -d | tail --bytes=32 | base32 | sed 's/=//g')"

 	echo "descriptor:x25519:$public_key" > "$ONION_AUTH_DIR/$name.auth"
 	chown $TOR_USER:$TOR_GROUP "$ONION_AUTH_DIR/$name.auth"

 	service tor restart

 	echo "Patched configuration and restarted Tor."
 	echo "Private key for $name:"
 	echo "$private_key"
 }

 revoke_client() {
 	local name="$1"

 	if [[ ! -n "$name" ]]; then
 		echo "Missing parameter 'name'"
 		return
 	fi

 	if [[ ! -f "$ONION_AUTH_DIR/$name.auth" ]]; then
 		echo "There is no authorized client by the name $name."
 		return
 	fi

 	rm "$ONION_AUTH_DIR/$name.auth"

 	service tor restart

 	echo "Patched configuration and restarted Tor."
 	echo "$name was revoked access"
 }


 cmd="$1"
 arg="$2"

 ONION_AUTH_DIR="/var/lib/tor/ncp_ssh/authorized_clients"
 TOR_USER="debian-tor"
 TOR_GROUP="debian-tor"

 if [[ ! -n "$cmd" ]]; then
 	show_help
 elif [[ $USER != "root" ]]; then
 	echo "This script requires sudo-permissions"
 elif [[ "$1" = "list" ]]; then
 	list_clients
 elif [[ "$1" = "add" ]]; then
 	add_client "$2"
 elif [[ "$1" = "revoke" ]]; then
 	revoke_client "$2"
 else
 	echo "Unrecognised command $1"
 fi
	#!/bin/bash

	show_help() {
	echo "$0 - List, update or revoke authorized clients for an onion service"
	echo ""
	echo "Available commands:"
	echo " $0 list"
	echo " List authorized clients"
	echo ""
	echo " $0 add [name]"
	echo " Add a new authorized client"
	echo ""
	echo " $0 revoke [name]"
	echo " Revoke an auhtorized client"
	}

	list_clients() {
	echo "Authorized clients:"
	echo ""
	for client in $(ls $ONION_AUTH_DIR); do
	echo $client \| sed 's/\.auth$//'
	done
	}

	add_client() {
	local name="$1"

	if [[ ! -n "$name" ]]; then
	echo "Missing parameter 'name'"
	return
	fi

	if [[ -f "$ONION_AUTH_DIR/$name.auth" ]]; then
	echo "There is already an authorized client by the name $name."
	return
	fi

	local pem="$(openssl genpkey -algorithm x25519)"
	local private_key="$(echo "$pem" \| grep -v " PRIVATE KEY" \| base64pem -d \| tail --bytes=32 \| base32 \| sed 's/=//g')"
	local public_key="$(echo "$pem" \| openssl pkey -pubout \| grep -v " PUBLIC KEY" \| base64pem -d \| tail --bytes=32 \| base32 \| sed 's/=//g')"

	echo "descriptor:x25519:$public_key" > "$ONION_AUTH_DIR/$name.auth"
	chown $TOR_USER:$TOR_GROUP "$ONION_AUTH_DIR/$name.auth"

	service tor restart

	echo "Patched configuration and restarted Tor."
	echo "Private key for $name:"
	echo "$private_key"
	}

	revoke_client() {
	local name="$1"

	if [[ ! -n "$name" ]]; then
	echo "Missing parameter 'name'"
	return
	fi

	if [[ ! -f "$ONION_AUTH_DIR/$name.auth" ]]; then
	echo "There is no authorized client by the name $name."
	return
	fi

	rm "$ONION_AUTH_DIR/$name.auth"

	service tor restart

	echo "Patched configuration and restarted Tor."
	echo "$name was revoked access"
	}


	cmd="$1"
	arg="$2"

	ONION_AUTH_DIR="/var/lib/tor/ncp_ssh/authorized_clients"
	TOR_USER="debian-tor"
	TOR_GROUP="debian-tor"

	if [[ ! -n "$cmd" ]]; then
	show_help
	elif [[ $USER != "root" ]]; then
	echo "This script requires sudo-permissions"
	elif [[ "$1" = "list" ]]; then
	list_clients
	elif [[ "$1" = "add" ]]; then
	add_client "$2"
	elif [[ "$1" = "revoke" ]]; then
	revoke_client "$2"
	else
	echo "Unrecognised command $1"
	fi