summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorChristian Breunig <christian@breunig.cc>2024-07-22 19:19:18 +0200
committerGitHub <noreply@github.com>2024-07-22 19:19:18 +0200
commit748fb96319cc700dec9e8838e7162ec60d9b2c25 (patch)
tree425825b9ba5b693ec3bbaa2169d2873932690246 /src
parente64322c2171a63d5fe52a431b948727d1df27d9c (diff)
parent40c835992db9217f48e54dbbf15a7fbf1dcba482 (diff)
downloadvyos-1x-748fb96319cc700dec9e8838e7162ec60d9b2c25.tar.gz
vyos-1x-748fb96319cc700dec9e8838e7162ec60d9b2c25.zip
Merge pull request #3850 from c-po/openvpn-totp-T3834
openvpn: T3834: verify() is not allowed to change anything on the system
Diffstat (limited to 'src')
-rwxr-xr-xsrc/conf_mode/interfaces_openvpn.py17
1 files changed, 10 insertions, 7 deletions
diff --git a/src/conf_mode/interfaces_openvpn.py b/src/conf_mode/interfaces_openvpn.py
index 0dc76b39a..320ab7b7b 100755
--- a/src/conf_mode/interfaces_openvpn.py
+++ b/src/conf_mode/interfaces_openvpn.py
@@ -235,10 +235,6 @@ def verify_pki(openvpn):
def verify(openvpn):
if 'deleted' in openvpn:
- # remove totp secrets file if totp is not configured
- if os.path.isfile(otp_file.format(**openvpn)):
- os.remove(otp_file.format(**openvpn))
-
verify_bridge_delete(openvpn)
return None
@@ -635,9 +631,19 @@ def generate_pki_files(openvpn):
def generate(openvpn):
+ if 'deleted' in openvpn:
+ # remove totp secrets file if totp is not configured
+ if os.path.isfile(otp_file.format(**openvpn)):
+ os.remove(otp_file.format(**openvpn))
+ return None
+
+ if 'disable' in openvpn:
+ return None
+
interface = openvpn['ifname']
directory = os.path.dirname(cfg_file.format(**openvpn))
openvpn['plugin_dir'] = '/usr/lib/openvpn'
+
# create base config directory on demand
makedir(directory, user, group)
# enforce proper permissions on /run/openvpn
@@ -654,9 +660,6 @@ def generate(openvpn):
if os.path.isdir(service_dir):
rmtree(service_dir, ignore_errors=True)
- if 'deleted' in openvpn or 'disable' in openvpn:
- return None
-
# create client config directory on demand
makedir(ccd_dir, user, group)