summaryrefslogtreecommitdiff
path: root/src/conf_mode
diff options
context:
space:
mode:
Diffstat (limited to 'src/conf_mode')
-rwxr-xr-xsrc/conf_mode/interfaces-openvpn.py45
1 files changed, 20 insertions, 25 deletions
diff --git a/src/conf_mode/interfaces-openvpn.py b/src/conf_mode/interfaces-openvpn.py
index 2c8df4831..7f4aa367f 100755
--- a/src/conf_mode/interfaces-openvpn.py
+++ b/src/conf_mode/interfaces-openvpn.py
@@ -50,6 +50,7 @@ from vyos.util import chown
from vyos.util import dict_search
from vyos.util import dict_search_args
from vyos.util import makedir
+from vyos.util import read_file
from vyos.util import write_file
from vyos.validate import is_addr_assigned
@@ -385,32 +386,26 @@ def verify(openvpn):
# add mfa users to the file the mfa plugin uses
if dict_search('server.mfa.totp', openvpn):
+ user_data = ''
if not os.path.isfile(otp_file.format(**openvpn)):
- makedir(otp_path)
- open(otp_file.format(**openvpn), 'a').close()
-
- with tempfile.TemporaryFile(mode='w+') as fp:
- with open(otp_file.format(**openvpn), 'r+') as f:
- ovpn_users = f.readlines()
- for client in (dict_search('server.client', openvpn) or []):
- exists = None
- for ovpn_user in ovpn_users:
- if re.search('^' + client + ' ', ovpn_user):
- fp.write(ovpn_user)
- exists = 'true'
-
- if not exists:
- random = SystemRandom()
- totp_secret = ''.join(random.choice(secret_chars) for _ in range(16))
- fp.write(f'{client} otp totp:sha1:base32:{totp_secret}::xxx *\n')
-
- f.seek(0)
- fp.seek(0)
- for tmp_user in fp.readlines():
- f.write(tmp_user)
- f.truncate()
-
- chown(otp_file.format(**openvpn), user, group)
+ write_file(otp_file.format(**openvpn), user_data,
+ user=user, group=group, mode=0o644)
+
+ ovpn_users = read_file(otp_file.format(**openvpn))
+ for client in (dict_search('server.client', openvpn) or []):
+ exists = None
+ for ovpn_user in ovpn_users.split('\n'):
+ if re.search('^' + client + ' ', ovpn_user):
+ user_data += f'{ovpn_user}\n'
+ exists = 'true'
+
+ if not exists:
+ random = SystemRandom()
+ totp_secret = ''.join(random.choice(secret_chars) for _ in range(16))
+ user_data += f'{client} otp totp:sha1:base32:{totp_secret}::xxx *\n'
+
+ write_file(otp_file.format(**openvpn), user_data,
+ user=user, group=group, mode=0o644)
else:
# checks for both client and site-to-site go here