diff options
| author | Christian Poessinger <christian@poessinger.com> | 2019-10-19 10:45:05 +0200 |
|---|---|---|
| committer | Christian Poessinger <christian@poessinger.com> | 2019-10-19 10:45:05 +0200 |
| commit | a16ee44ac1c25145d3e938eff0ab3e66923e2513 (patch) | |
| tree | 5ca7970af596a9c91fa53d84ea1009d5a0303df4 /src/conf_mode/interfaces-openvpn.py | |
| parent | 79bc826426385e5b40fbe58137d0a2d2831cf274 (diff) | |
| parent | 6f73338f0a652ca9b68a5778456f63d098f04522 (diff) | |
| download | vyos-1x-a16ee44ac1c25145d3e938eff0ab3e66923e2513.tar.gz vyos-1x-a16ee44ac1c25145d3e938eff0ab3e66923e2513.zip | |
Merge branch 'current' of github.com:vyos/vyos-1x into equuleus
* 'current' of github.com:vyos/vyos-1x:
T1749: support multiple ranges in the numeric validator.
dhcp-server: T1745: bugfix corner case on static-assignments
system-proxy: T1741 - Add system wide proxy setting
wireguard - remove endpoint check to enable roaming connections
system-proxy: T1741 - Add system wide proxy setting CLI implementation
Python/ifconfig: T1712: always start DHCP when configured
Python/ifconfig: T1557: get_status() must use admin state not operstate
bgp: T1490: fix migrator file permissions
snmp: T1737: add missing completion helpers
Revert "Python/ifconfig: T1712: wait when changing interface state"
snmpd: T1705 - High CPU usage by bgpd when snmp is active
Revert "snmpd: T1705 - High CPU usage by bgpd when snmp is active"
openvpn: T1548: clean out import statements
ssh.py: check if file exists before deleting it
[BGP] T1490: Added migration for obsoleted 'bgp scan-time' parameter
Diffstat (limited to 'src/conf_mode/interfaces-openvpn.py')
| -rwxr-xr-x | src/conf_mode/interfaces-openvpn.py | 18 |
1 files changed, 9 insertions, 9 deletions
diff --git a/src/conf_mode/interfaces-openvpn.py b/src/conf_mode/interfaces-openvpn.py index 5345bf7a2..cdd133904 100755 --- a/src/conf_mode/interfaces-openvpn.py +++ b/src/conf_mode/interfaces-openvpn.py @@ -16,11 +16,11 @@ import os import re -import sys -import stat -import jinja2 +from jinja2 import Template from copy import deepcopy +from sys import exit +from stat import S_IRUSR,S_IRWXU,S_IRGRP,S_IXGRP,S_IROTH,S_IXOTH from grp import getgrnam from ipaddress import ip_address,ip_network,IPv4Interface from netifaces import interfaces @@ -331,12 +331,12 @@ def openvpn_mkdir(directory): os.mkdir(directory) # fix permissions - corresponds to mode 755 - os.chmod(directory, stat.S_IRWXU|stat.S_IRGRP|stat.S_IXGRP|stat.S_IROTH|stat.S_IXOTH) + os.chmod(directory, S_IRWXU|S_IRGRP|S_IXGRP|S_IROTH|S_IXOTH) uid = getpwnam(user).pw_uid gid = getgrnam(group).gr_gid os.chown(directory, uid, gid) -def fixup_permission(filename, permission=stat.S_IRUSR): +def fixup_permission(filename, permission=S_IRUSR): """ Check if the given file exists and change ownershit to root/vyattacfg and appripriate file access permissions - default is user and group readable @@ -737,7 +737,7 @@ def verify(openvpn): if openvpn['shared_secret_file']: if openvpn['encryption'] in ['aes128gcm', 'aes192gcm', 'aes256gcm']: raise ConfigError('GCM encryption with shared-secret-key-file is not supported') - + if not checkCertHeader('-----BEGIN OpenVPN Static key V1-----', openvpn['shared_secret_file']): raise ConfigError('Specified shared-secret-key-file "{}" is not valid'.format(openvpn['shared_secret_file'])) @@ -851,13 +851,13 @@ def generate(openvpn): # Generate client specific configuration for client in openvpn['client']: client_file = directory + '/ccd/' + interface + '/' + client['name'] - tmpl = jinja2.Template(client_tmpl) + tmpl = Template(client_tmpl) client_text = tmpl.render(client) with open(client_file, 'w') as f: f.write(client_text) os.chown(client_file, uid, gid) - tmpl = jinja2.Template(config_tmpl) + tmpl = Template(config_tmpl) config_text = tmpl.render(openvpn) # we need to support quoting of raw parameters from OpenVPN CLI @@ -957,4 +957,4 @@ if __name__ == '__main__': apply(c) except ConfigError as e: print(e) - sys.exit(1) + exit(1) |