From 30b3a0af7e079bfdf9b0e696cccf0e052ff40e8d Mon Sep 17 00:00:00 2001
From: Jernej Jakob <jernej.jakob@gmail.com>
Date: Tue, 24 Mar 2020 21:59:54 +0100
Subject: openvpn: T2146: remove user/pass auth file when not needed

---
 src/conf_mode/interfaces-openvpn.py | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'src/conf_mode/interfaces-openvpn.py')

diff --git a/src/conf_mode/interfaces-openvpn.py b/src/conf_mode/interfaces-openvpn.py
index fe49f776b..55f9aa67d 100755
--- a/src/conf_mode/interfaces-openvpn.py
+++ b/src/conf_mode/interfaces-openvpn.py
@@ -925,6 +925,11 @@ def generate(openvpn):
 
         fixup_permission(auth_file)
 
+    else:
+        # delete old auth file if present
+        if os.path.isfile('/tmp/openvpn-{}-pw'.format(interface)):
+            os.remove('/tmp/openvpn-{}-pw'.format(interface))
+
     # get numeric uid/gid
     uid = getpwnam(user).pw_uid
     gid = getgrnam(group).gr_gid
@@ -985,6 +990,10 @@ def apply(openvpn):
         if os.path.isdir(os.path.join(directory, 'ccd', openvpn['intf'])):
             rmtree(os.path.join(directory, 'ccd', openvpn['intf']), ignore_errors=True)
 
+        # cleanup auth file
+        if os.path.isfile('/tmp/openvpn-{}-pw'.format(openvpn['intf'])):
+            os.remove('/tmp/openvpn-{}-pw'.format(openvpn['intf']))
+
         return None
 
     # On configuration change we need to wait for the 'old' interface to
-- 
cgit v1.2.3