diff options
author | Christian Breunig <christian@breunig.cc> | 2024-07-22 19:19:18 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-07-22 19:19:18 +0200 |
commit | 748fb96319cc700dec9e8838e7162ec60d9b2c25 (patch) | |
tree | 425825b9ba5b693ec3bbaa2169d2873932690246 /src/conf_mode | |
parent | e64322c2171a63d5fe52a431b948727d1df27d9c (diff) | |
parent | 40c835992db9217f48e54dbbf15a7fbf1dcba482 (diff) | |
download | vyos-1x-748fb96319cc700dec9e8838e7162ec60d9b2c25.tar.gz vyos-1x-748fb96319cc700dec9e8838e7162ec60d9b2c25.zip |
Merge pull request #3850 from c-po/openvpn-totp-T3834
openvpn: T3834: verify() is not allowed to change anything on the system
Diffstat (limited to 'src/conf_mode')
-rwxr-xr-x | src/conf_mode/interfaces_openvpn.py | 17 |
1 files changed, 10 insertions, 7 deletions
diff --git a/src/conf_mode/interfaces_openvpn.py b/src/conf_mode/interfaces_openvpn.py index 0dc76b39a..320ab7b7b 100755 --- a/src/conf_mode/interfaces_openvpn.py +++ b/src/conf_mode/interfaces_openvpn.py @@ -235,10 +235,6 @@ def verify_pki(openvpn): def verify(openvpn): if 'deleted' in openvpn: - # remove totp secrets file if totp is not configured - if os.path.isfile(otp_file.format(**openvpn)): - os.remove(otp_file.format(**openvpn)) - verify_bridge_delete(openvpn) return None @@ -635,9 +631,19 @@ def generate_pki_files(openvpn): def generate(openvpn): + if 'deleted' in openvpn: + # remove totp secrets file if totp is not configured + if os.path.isfile(otp_file.format(**openvpn)): + os.remove(otp_file.format(**openvpn)) + return None + + if 'disable' in openvpn: + return None + interface = openvpn['ifname'] directory = os.path.dirname(cfg_file.format(**openvpn)) openvpn['plugin_dir'] = '/usr/lib/openvpn' + # create base config directory on demand makedir(directory, user, group) # enforce proper permissions on /run/openvpn @@ -654,9 +660,6 @@ def generate(openvpn): if os.path.isdir(service_dir): rmtree(service_dir, ignore_errors=True) - if 'deleted' in openvpn or 'disable' in openvpn: - return None - # create client config directory on demand makedir(ccd_dir, user, group) |