Allow empty credentials

If VPN_USERNAME and VPN_PASSWORD are declared but empty, don't pass them to openvpn. This allows one to use other authentication methods.
Trigus42 · Feb 1, 2022 · 37b9b33 · 37b9b33
1 parent 01a9a67
commit 37b9b33
Showing 1 changed file with 9 additions and 16 deletions.
diff --git a/rootfs/etc/cont-init.d/02-vpn b/rootfs/etc/cont-init.d/02-vpn
@@ -50,22 +50,14 @@ fi
 
 # Read username and password env vars and put them in credentials.conf, then add ovpn config for credentials file
 if [[ "${VPN_TYPE}" == "openvpn" ]]; then
-    # Replace line with one that points to credentials.conf
-    auth_cred_exist=$(grep -m 1 'auth-user-pass' < "${VPN_CONFIG}")
-    if [[ -n "${auth_cred_exist}" ]]; then
-        # Get line number of auth-user-pass
-        LINE_NUM=$(grep -Fn -m 1 'auth-user-pass' "${VPN_CONFIG}" | cut -d: -f 1)
-        sed -i "${LINE_NUM}s/.*/auth-user-pass ${VPN_CONFIG_NAME}_credentials.conf/" "${VPN_CONFIG}"
-    else
-        sed -i "1s/.*/auth-user-pass ${VPN_CONFIG_NAME}_credentials.conf/" "${VPN_CONFIG}"
-    fi
-
     if [[ -f /config/openvpn/"${VPN_CONFIG_NAME}"_credentials.conf ]]; then
         echo "$(date +'%Y-%m-%d %H:%M:%S') [INFO] Using credentials from /config/openvpn/${VPN_CONFIG_NAME}_credentials.conf"
-    elif [[ -n "${VPN_USERNAME}" ]] && [[ -n "${VPN_PASSWORD}" ]]; then
+    elif [[ -n "${VPN_USERNAME}" ]] && [[ -n "${VPN_PASSWORD+set}"  ]]; then
         echo "$(date +'%Y-%m-%d %H:%M:%S') [INFO] Using credentials from env vars"
         echo "${VPN_USERNAME}" > /config/openvpn/"${VPN_CONFIG_NAME}"_credentials.conf
         echo "${VPN_PASSWORD}" >> /config/openvpn/"${VPN_CONFIG_NAME}"_credentials.conf
+    elif [[ "${VPN_USERNAME+set}" = set  ]] && [[ "${VPN_PASSWORD+set}" = set  ]]; then
+        echo "$(date +'%Y-%m-%d %H:%M:%S') [INFO] Credentials explicitly set to empty"
     elif [[ -f /config/openvpn/credentials.conf ]]; then
         echo "$(date +'%Y-%m-%d %H:%M:%S') [INFO] Copying credentials from /config/openvpn/credentials.conf to /config/openvpn/${VPN_CONFIG_NAME}_credentials.conf"
         cp /config/openvpn/credentials.conf /config/openvpn/"${VPN_CONFIG_NAME}"_credentials.conf
@@ -204,11 +196,12 @@ if [[ $VPN_ENABLED == "yes" ]]; then
 
         echo "$(date +'%Y-%m-%d %H:%M:%S') [INFO] Starting OpenVPN..."
         echo "--------------------"
-		if [[ "${VPN_OPTIONS}" != "" ]]; then
-			exec openvpn --pull-filter ignore route-ipv6 --pull-filter ignore ifconfig-ipv6 "${VPN_OPTIONS}" --config "${VPN_CONFIG}" --script-security 2 --up /helper/resume-after-connect &
-		else
-			exec openvpn --pull-filter ignore route-ipv6 --pull-filter ignore ifconfig-ipv6 --config "${VPN_CONFIG}" --script-security 2 --up /helper/resume-after-connect &
-		fi
+        # Check if credential file exists and is not empty
+        if [[ -s /config/openvpn/"${VPN_CONFIG_NAME}"_credentials.conf ]]; then
+            exec openvpn --pull-filter ignore route-ipv6 --pull-filter ignore ifconfig-ipv6 --auth-user-pass /config/openvpn/"${VPN_CONFIG_NAME}"_credentials.conf --config "${VPN_CONFIG}" --script-security 2 --up /helper/resume-after-connect &
+        else
+            exec openvpn --pull-filter ignore route-ipv6 --pull-filter ignore ifconfig-ipv6 --config "${VPN_CONFIG}" --script-security 2 --up /helper/resume-after-connect &
+        fi
 
         # Pause execution (until openvpn connection is established and resume-after-connect script is run)
         printf "%s" $$ > /tmp/stopped.pid