From fdafecc0c569f7d5f818a5a2c56bf7ea1983d2f4 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Sun, 22 Mar 2020 11:46:39 +0100 Subject: sstp: T2150: use full file path on SSL certificates --- src/conf_mode/vpn_sstp.py | 30 +++++++++++------------------- 1 file changed, 11 insertions(+), 19 deletions(-) (limited to 'src/conf_mode') diff --git a/src/conf_mode/vpn_sstp.py b/src/conf_mode/vpn_sstp.py index 205702a9f..8583ece74 100755 --- a/src/conf_mode/vpn_sstp.py +++ b/src/conf_mode/vpn_sstp.py @@ -32,15 +32,11 @@ pidfile = r'/var/run/accel_sstp.pid' sstp_cnf_dir = r'/etc/accel-ppp/sstp' chap_secrets = sstp_cnf_dir + '/chap-secrets' sstp_conf = sstp_cnf_dir + '/sstp.config' -ssl_cert_dir = r'/config/user-data/sstp' # config path creation if not os.path.exists(sstp_cnf_dir): os.makedirs(sstp_cnf_dir) -if not os.path.exists(ssl_cert_dir): - os.makedirs(ssl_cert_dir) - sstp_config = """### generated by vpn_sstp.py ### [modules] log_syslog @@ -74,9 +70,9 @@ disable [sstp] verbose=1 accept=ssl -ssl-ca-file=/config/user-data/sstp/{{ ssl_ca }} -ssl-pemfile=/config/user-data/sstp/{{ ssl_cert }} -ssl-keyfile=/config/user-data/sstp/{{ ssl_key }} +ssl-ca-file={{ ssl_ca }} +ssl-pemfile={{ ssl_cert }} +ssl-keyfile={{ ssl_key }} {% if client_ip_pool %} [ip-pool] @@ -452,22 +448,18 @@ def verify(sstp): if not sstp['ssl_ca'] or not sstp['ssl_cert'] or not sstp['ssl_key']: raise ConfigError('One or more SSL certificates missing') - ssl_path = ssl_cert_dir + '/' - if not os.path.exists(ssl_path + sstp['ssl_ca']): - ca = ssl_path + sstp['ssl_ca'] - raise ConfigError(f'CA cert file {ca} does not exist') + if not os.path.exists(sstp['ssl_ca']): + raise ConfigError(f"CA cert file {sstp['ssl_ca']} does not exist") - if not os.path.exists(ssl_path + sstp['ssl_cert']): - cert = ssl_path + sstp['ssl_cert'] - raise ConfigError(f'SSL cert file {cert} does not exist') + if not os.path.exists(sstp['ssl_cert']): + raise ConfigError(f"SSL cert file {sstp['ssl_cert']} does not exist") - if not os.path.exists(ssl_path + sstp['ssl_key']): - key = ssl_path + sstp['ssl_key'] - raise ConfigError(f'SSL key file {key} does not exist') + if not os.path.exists(sstp['ssl_key']): + raise ConfigError(f"SSL key file {sstp['ssl_key']} does not exist") if sstp['auth_mode'] == 'radius': if len(sstp['radius_server']) == 0: - raise ConfigError('RADIUS authentication requires at least one server') + raise ConfigError("RADIUS authentication requires at least one server") for radius in sstp['radius_server']: if not radius['key']: @@ -489,7 +481,7 @@ def generate(sstp): with open(chap_secrets, 'w') as f: f.write(config_text) - os.chmod(chap_secrets, S_IRUSR | S_IWUSR | S_IRGRP ) + os.chmod(chap_secrets, S_IRUSR | S_IWUSR | S_IRGRP) else: if os.path.exists(chap_secrets): os.unlink(chap_secrets) -- cgit v1.2.3