use vyos read_file and write_file functions

author: Kim Hagen <kim@sentrium.io> 2021-10-21 07:59:06 -0500
committer: Kim Hagen <kim@sentrium.io> 2021-10-21 07:59:06 -0500
commit: 28db7b15426fffc0f656e8d26db397d7bfb72aee (patch)
tree: 2d96e1f7a890965fb93376b45d98ed15545b4785 /src/conf_mode/interfaces-openvpn.py
parent: d2c17f9864d26b7adc6c9f21dbe46f1d7059dbb4 (diff)
download: vyos-1x-28db7b15426fffc0f656e8d26db397d7bfb72aee.tar.gz
vyos-1x-28db7b15426fffc0f656e8d26db397d7bfb72aee.zip
1 files changed, 20 insertions, 25 deletions
diff --git a/src/conf_mode/interfaces-openvpn.py b/src/conf_mode/interfaces-openvpn.py
index 2c8df4831..7f4aa367f 100755
--- a/src/conf_mode/interfaces-openvpn.py
+++ b/src/conf_mode/interfaces-openvpn.py
@@ -50,6 +50,7 @@ from vyos.util import chown
 from vyos.util import dict_search
 from vyos.util import dict_search_args
 from vyos.util import makedir
+from vyos.util import read_file
 from vyos.util import write_file
 from vyos.validate import is_addr_assigned
 
@@ -385,32 +386,26 @@ def verify(openvpn):
 
         # add mfa users to the file the mfa plugin uses
         if dict_search('server.mfa.totp', openvpn):
+            user_data = ''
             if not os.path.isfile(otp_file.format(**openvpn)):
-                makedir(otp_path)
-                open(otp_file.format(**openvpn), 'a').close()
-
-            with tempfile.TemporaryFile(mode='w+') as fp:
-                with open(otp_file.format(**openvpn), 'r+') as f:
-                    ovpn_users = f.readlines()
-                    for client in (dict_search('server.client', openvpn) or []):
-                        exists = None
-                        for ovpn_user in ovpn_users:
-                            if re.search('^' + client + ' ', ovpn_user):
-                                fp.write(ovpn_user)
-                                exists = 'true'
-
-                        if not exists:
-                            random = SystemRandom()
-                            totp_secret = ''.join(random.choice(secret_chars) for _ in range(16))
-                            fp.write(f'{client} otp totp:sha1:base32:{totp_secret}::xxx *\n')
-
-                    f.seek(0)
-                    fp.seek(0)
-                    for tmp_user in fp.readlines():
-                        f.write(tmp_user)
-                    f.truncate()
-
-            chown(otp_file.format(**openvpn), user, group)
+                write_file(otp_file.format(**openvpn), user_data,
+                           user=user, group=group, mode=0o644)
+
+            ovpn_users = read_file(otp_file.format(**openvpn))
+            for client in (dict_search('server.client', openvpn) or []):
+                exists = None
+                for ovpn_user in ovpn_users.split('\n'):
+                    if re.search('^' + client + ' ', ovpn_user):
+                        user_data += f'{ovpn_user}\n'
+                        exists = 'true'
+
+                if not exists:
+                    random = SystemRandom()
+                    totp_secret = ''.join(random.choice(secret_chars) for _ in range(16))
+                    user_data += f'{client} otp totp:sha1:base32:{totp_secret}::xxx *\n'
+
+            write_file(otp_file.format(**openvpn), user_data,
+                           user=user, group=group, mode=0o644)
 
     else:
         # checks for both client and site-to-site go here
author	Kim Hagen <kim@sentrium.io>	2021-10-21 07:59:06 -0500
committer	Kim Hagen <kim@sentrium.io>	2021-10-21 07:59:06 -0500
commit	28db7b15426fffc0f656e8d26db397d7bfb72aee (patch)
tree	2d96e1f7a890965fb93376b45d98ed15545b4785 /src/conf_mode/interfaces-openvpn.py
parent	d2c17f9864d26b7adc6c9f21dbe46f1d7059dbb4 (diff)
download	vyos-1x-28db7b15426fffc0f656e8d26db397d7bfb72aee.tar.gz vyos-1x-28db7b15426fffc0f656e8d26db397d7bfb72aee.zip