openvpn: T2146: remove user/pass auth file when not needed

1 files changed, 9 insertions, 0 deletions

diff --git a/src/conf_mode/interfaces-openvpn.py b/src/conf_mode/interfaces-openvpn.py
index fe49f776b..55f9aa67d 100755
--- a/src/conf_mode/interfaces-openvpn.py
+++ b/src/conf_mode/interfaces-openvpn.py
@@ -925,6 +925,11 @@ def generate(openvpn):
 
         fixup_permission(auth_file)
 
+    else:
+        # delete old auth file if present
+        if os.path.isfile('/tmp/openvpn-{}-pw'.format(interface)):
+            os.remove('/tmp/openvpn-{}-pw'.format(interface))
+
     # get numeric uid/gid
     uid = getpwnam(user).pw_uid
     gid = getgrnam(group).gr_gid
@@ -985,6 +990,10 @@ def apply(openvpn):
         if os.path.isdir(os.path.join(directory, 'ccd', openvpn['intf'])):
             rmtree(os.path.join(directory, 'ccd', openvpn['intf']), ignore_errors=True)
 
+        # cleanup auth file
+        if os.path.isfile('/tmp/openvpn-{}-pw'.format(openvpn['intf'])):
+            os.remove('/tmp/openvpn-{}-pw'.format(openvpn['intf']))
+
         return None
 
     # On configuration change we need to wait for the 'old' interface to