From c54b7508db6bceca21ce98b4f97de7f52744424c Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Sun, 19 Apr 2020 17:54:54 +0200 Subject: openvpn: T2336: delete auth-user-pass file when interface is unused #2 --- src/conf_mode/interfaces-openvpn.py | 29 ++++++++++++++--------------- 1 file changed, 14 insertions(+), 15 deletions(-) (limited to 'src/conf_mode') diff --git a/src/conf_mode/interfaces-openvpn.py b/src/conf_mode/interfaces-openvpn.py index c1c108aa5..a5ff3007b 100755 --- a/src/conf_mode/interfaces-openvpn.py +++ b/src/conf_mode/interfaces-openvpn.py @@ -194,6 +194,7 @@ def get_config(): raise ConfigError('Interface (VYOS_TAGNODE_VALUE) not specified') openvpn['intf'] = os.environ['VYOS_TAGNODE_VALUE'] + openvpn['auth_user_pass_file'] = f"/run/openvpn/{openvpn['intf']}.pw" # Check if interface instance has been removed if not conf.exists('interfaces openvpn ' + openvpn['intf']): @@ -918,18 +919,18 @@ def verify(openvpn): return None def generate(openvpn): - if openvpn['deleted'] or openvpn['disable']: - return None - interface = openvpn['intf'] directory = os.path.dirname(get_config_name(interface)) - # we can't know in advance which clients have been, - # remove all client configs + # we can't know in advance which clients have been removed, + # thus all client configs will be removed and re-added on demand ccd_dir = os.path.join(directory, 'ccd', interface) if os.path.isdir(ccd_dir): rmtree(ccd_dir, ignore_errors=True) + if openvpn['deleted'] or openvpn['disable']: + return None + # create config directory on demand directories = [] directories.append(f'{directory}/status') @@ -945,7 +946,6 @@ def generate(openvpn): fix_permissions.append(openvpn['tls_key']) # Generate User/Password authentication file - openvpn['auth_user_pass_file'] = f'/run/openvpn/{interface}.pw' if openvpn['auth']: with open(openvpn['auth_user_pass_file'], 'w') as f: f.write('{}\n{}'.format(openvpn['auth_user'], openvpn['auth_pass'])) @@ -981,15 +981,14 @@ def apply(openvpn): # Do some cleanup when OpenVPN is disabled/deleted if openvpn['deleted'] or openvpn['disable']: - # cleanup old configuration file - if os.path.isfile(get_config_name(interface)): - os.remove(get_config_name(interface)) - - # cleanup client config dir - directory = os.path.dirname(get_config_name(interface)) - ccd_dir = os.path.join(directory, 'ccd', interface) - if os.path.isdir(ccd_dir): - rmtree(ccd_dir, ignore_errors=True) + # cleanup old configuration files + cleanup = [] + cleanup.append(get_config_name(interface)) + cleanup.append(openvpn['auth_user_pass_file']) + + for file in cleanup: + if os.path.isfile(file): + os.unlink(file) return None -- cgit v1.2.3