summaryrefslogtreecommitdiff
path: root/src/conf_mode
diff options
context:
space:
mode:
authorJernej Jakob <jernej.jakob@gmail.com>2020-03-24 21:57:15 +0100
committerJernej Jakob <jernej.jakob@gmail.com>2020-03-24 22:03:05 +0100
commit9d48ba7a84d3a29ac3f83b983159019e3ce11e3c (patch)
tree72d765ca2fc7ade0ea654b5b84f6ae5824ddc5b5 /src/conf_mode
parent64fbf0865eb47271e27a7e737f5ba2e6bd541292 (diff)
downloadvyos-1x-9d48ba7a84d3a29ac3f83b983159019e3ce11e3c.tar.gz
vyos-1x-9d48ba7a84d3a29ac3f83b983159019e3ce11e3c.zip
openvpn: T2146: delete old client configs
Previously old client configs for clients that were deleted from the server stayed in the ccd directory, causing them to still be used. As we can't know which clients were deleted, this deletes all the client configs as they are recreated shortly later.
Diffstat (limited to 'src/conf_mode')
-rwxr-xr-xsrc/conf_mode/interfaces-openvpn.py12
1 files changed, 7 insertions, 5 deletions
diff --git a/src/conf_mode/interfaces-openvpn.py b/src/conf_mode/interfaces-openvpn.py
index 3a3c69e37..fe49f776b 100755
--- a/src/conf_mode/interfaces-openvpn.py
+++ b/src/conf_mode/interfaces-openvpn.py
@@ -28,6 +28,7 @@ from psutil import pid_exists
from pwd import getpwnam
from subprocess import Popen, PIPE
from time import sleep
+from shutil import rmtree
from vyos import ConfigError
from vyos.config import Config
@@ -899,6 +900,10 @@ def generate(openvpn):
interface = openvpn['intf']
directory = os.path.dirname(get_config_name(interface))
+ # we can't know which clients were deleted, remove all client configs
+ if os.path.isdir(os.path.join(directory, 'ccd', interface)):
+ rmtree(os.path.join(directory, 'ccd', interface), ignore_errors=True)
+
# create config directory on demand
openvpn_mkdir(directory)
# create status directory on demand
@@ -977,11 +982,8 @@ def apply(openvpn):
# cleanup client config dir
directory = os.path.dirname(get_config_name(openvpn['intf']))
- if os.path.isdir(directory + '/ccd/' + openvpn['intf']):
- try:
- os.remove(directory + '/ccd/' + openvpn['intf'] + '/*')
- except:
- pass
+ if os.path.isdir(os.path.join(directory, 'ccd', openvpn['intf'])):
+ rmtree(os.path.join(directory, 'ccd', openvpn['intf']), ignore_errors=True)
return None