#!/bin/bash # down # remove non-printable chars first... tr -dc '[[:print:]]' <<< "$username" # then do more input validation on the supplied token... if grep -P '^[\-a-zA-Z0-9]+$' <<<$username; then # token contains only allowed chars, good if [[ "${#username}" == 128 ]]; then # token is the length of a sha512 hash, good hash=$username fi if [[ "${#username}" == 127 ]]; then # fix needed for routers that chop off the last char hash=$username fi if [[ "${#username}" == 126 ]]; then # same thing as above hash=$username fi if [[ "${#username}" == 23 ]]; then # token is 23 chars long, someone forgot to hash their token, # so do it for them, then continue hash=`echo -n $username|openssl sha -sha512|awk '{print $NF}'` fi if [ "$hash" == "" ]; then # $hash is empty, which means whatever was provided contained valid chars, # but wasn't the length of a token or a hash, so don't let them in exit 1 fi else # token contains invalid chars, possible screwup, # possible attempt to inject shell/db commands, so reject exit 1 fi # decrease session counter for token result=`timeout 8 wget -qO- -T8 "https://[redacted]?token=${hash}&action=down"` # figure out what the pool dir is (see session_up.sh) openvpn_dir=`echo $config|awk -F/ '{print "/tmp/"$3}'` instance_pool_dir=`echo $openvpn_dir`/pool # remove their internal IP from the pool rm -f $instance_pool_dir/$ifconfig_pool_remote_ip # remove their port forwardings, if any sudo /usr/local/sbin/portfwdrm $ifconfig_pool_remote_ip