From 26adfd6d0d03af44a03f327478199f3009f2ad3c Mon Sep 17 00:00:00 2001
From: Christian Poessinger <christian@poessinger.com>
Date: Sun, 19 Apr 2020 17:37:38 +0200
Subject: openvpn: T2336: delete auth-user-pass file when interface is unused

Unused means disabled or even deleted - there should be no secrets left-over.
---
 src/conf_mode/interfaces-openvpn.py | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'src/conf_mode')

diff --git a/src/conf_mode/interfaces-openvpn.py b/src/conf_mode/interfaces-openvpn.py
index c1c108aa5..e4360ce56 100755
--- a/src/conf_mode/interfaces-openvpn.py
+++ b/src/conf_mode/interfaces-openvpn.py
@@ -919,6 +919,10 @@ def verify(openvpn):
 
 def generate(openvpn):
     if openvpn['deleted'] or openvpn['disable']:
+        # delete old auth file if present
+        if os.path.isfile(openvpn['auth_user_pass_file']):
+            os.remove(openvpn['auth_user_pass_file'])
+
         return None
 
     interface = openvpn['intf']
-- 
cgit v1.2.3