diff options
author | Christian Poessinger <christian@poessinger.com> | 2020-04-19 17:37:38 +0200 |
---|---|---|
committer | Christian Poessinger <christian@poessinger.com> | 2020-04-19 17:37:43 +0200 |
commit | 26adfd6d0d03af44a03f327478199f3009f2ad3c (patch) | |
tree | f773360453ea53de242086ef21fd49b4ee50c3e0 | |
parent | 70e008f858be2b88e7402a176c9d9f6ec537ade7 (diff) | |
download | vyos-1x-26adfd6d0d03af44a03f327478199f3009f2ad3c.tar.gz vyos-1x-26adfd6d0d03af44a03f327478199f3009f2ad3c.zip |
openvpn: T2336: delete auth-user-pass file when interface is unused
Unused means disabled or even deleted - there should be no secrets left-over.
-rwxr-xr-x | src/conf_mode/interfaces-openvpn.py | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/src/conf_mode/interfaces-openvpn.py b/src/conf_mode/interfaces-openvpn.py index c1c108aa5..e4360ce56 100755 --- a/src/conf_mode/interfaces-openvpn.py +++ b/src/conf_mode/interfaces-openvpn.py @@ -919,6 +919,10 @@ def verify(openvpn): def generate(openvpn): if openvpn['deleted'] or openvpn['disable']: + # delete old auth file if present + if os.path.isfile(openvpn['auth_user_pass_file']): + os.remove(openvpn['auth_user_pass_file']) + return None interface = openvpn['intf'] |