From 70e008f858be2b88e7402a176c9d9f6ec537ade7 Mon Sep 17 00:00:00 2001
From: Christian Poessinger <christian@poessinger.com>
Date: Sun, 19 Apr 2020 17:34:11 +0200
Subject: openvpn: T2336: fix auth-user-pass file generation

Bug introduced in commit b36e6e6 ("openvpn: T2273: migrate from SysVinit to
systemd") as not all relevant configuration files have been re-rendered
into /run/openvpn
---
 data/templates/openvpn/server.conf.tmpl |  2 +-
 src/conf_mode/interfaces-openvpn.py     | 11 ++++++-----
 2 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/data/templates/openvpn/server.conf.tmpl b/data/templates/openvpn/server.conf.tmpl
index 0f563dc2b..53fe8d400 100644
--- a/data/templates/openvpn/server.conf.tmpl
+++ b/data/templates/openvpn/server.conf.tmpl
@@ -233,7 +233,7 @@ auth {{ hash }}
 {%- endif -%}
 
 {%- if auth %}
-auth-user-pass /tmp/openvpn-{{ intf }}-pw
+auth-user-pass {{ auth_user_pass_file }}
 auth-retry nointeract
 {%- endif %}
 
diff --git a/src/conf_mode/interfaces-openvpn.py b/src/conf_mode/interfaces-openvpn.py
index 9cea07a61..c1c108aa5 100755
--- a/src/conf_mode/interfaces-openvpn.py
+++ b/src/conf_mode/interfaces-openvpn.py
@@ -38,6 +38,7 @@ default_config_data = {
     'address': [],
     'auth_user': '',
     'auth_pass': '',
+    'auth_user_pass_file': '',
     'auth': False,
     'bridge_member': [],
     'compress_lzo': False,
@@ -944,17 +945,17 @@ def generate(openvpn):
     fix_permissions.append(openvpn['tls_key'])
 
     # Generate User/Password authentication file
-    user_auth_file = f'/tmp/openvpn-{interface}-pw'
+    openvpn['auth_user_pass_file'] = f'/run/openvpn/{interface}.pw'
     if openvpn['auth']:
-        with open(user_auth_file, 'w') as f:
+        with open(openvpn['auth_user_pass_file'], 'w') as f:
             f.write('{}\n{}'.format(openvpn['auth_user'], openvpn['auth_pass']))
         # also change permission on auth file
-        fix_permissions.append(user_auth_file)
+        fix_permissions.append(openvpn['auth_user_pass_file'])
 
     else:
         # delete old auth file if present
-        if os.path.isfile(user_auth_file):
-            os.remove(user_auth_file)
+        if os.path.isfile(openvpn['auth_user_pass_file']):
+            os.remove(openvpn['auth_user_pass_file'])
 
     # Generate client specific configuration
     for client in openvpn['client']:
-- 
cgit v1.2.3