summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2020-04-19 17:37:38 +0200
committerChristian Poessinger <christian@poessinger.com>2020-04-19 17:37:43 +0200
commit26adfd6d0d03af44a03f327478199f3009f2ad3c (patch)
treef773360453ea53de242086ef21fd49b4ee50c3e0
parent70e008f858be2b88e7402a176c9d9f6ec537ade7 (diff)
downloadvyos-1x-26adfd6d0d03af44a03f327478199f3009f2ad3c.tar.gz
vyos-1x-26adfd6d0d03af44a03f327478199f3009f2ad3c.zip
openvpn: T2336: delete auth-user-pass file when interface is unused
Unused means disabled or even deleted - there should be no secrets left-over.
-rwxr-xr-xsrc/conf_mode/interfaces-openvpn.py4
1 files changed, 4 insertions, 0 deletions
diff --git a/src/conf_mode/interfaces-openvpn.py b/src/conf_mode/interfaces-openvpn.py
index c1c108aa5..e4360ce56 100755
--- a/src/conf_mode/interfaces-openvpn.py
+++ b/src/conf_mode/interfaces-openvpn.py
@@ -919,6 +919,10 @@ def verify(openvpn):
def generate(openvpn):
if openvpn['deleted'] or openvpn['disable']:
+ # delete old auth file if present
+ if os.path.isfile(openvpn['auth_user_pass_file']):
+ os.remove(openvpn['auth_user_pass_file'])
+
return None
interface = openvpn['intf']