From ed38b0dfc901ebafd597cc0f09400038f17cf058 Mon Sep 17 00:00:00 2001
From: Christian Poessinger <christian@poessinger.com>
Date: Sat, 21 Nov 2020 12:00:02 +0100
Subject: openvpn: T3060: fix client authentication username and password file

---
 src/conf_mode/interfaces-openvpn.py | 12 +++---------
 1 file changed, 3 insertions(+), 9 deletions(-)

(limited to 'src/conf_mode')

diff --git a/src/conf_mode/interfaces-openvpn.py b/src/conf_mode/interfaces-openvpn.py
index c23e79948..a4524a59e 100755
--- a/src/conf_mode/interfaces-openvpn.py
+++ b/src/conf_mode/interfaces-openvpn.py
@@ -464,12 +464,9 @@ def generate(openvpn):
     if tmp: fix_permissions.append(tmp)
 
     # Generate User/Password authentication file
-    if 'auth' in openvpn:
-        with open(openvpn['auth_user_pass_file'], 'w') as f:
-            f.write('{}\n{}'.format(openvpn['auth_user'], openvpn['auth_pass']))
-        # also change permission on auth file
-        fix_permissions.append(openvpn['auth_user_pass_file'])
-
+    if 'authentication' in openvpn:
+        render(openvpn['auth_user_pass_file'], 'openvpn/auth.pw.tmpl', openvpn,
+               trim_blocks=True, user=user, group=group, permission=0o600)
     else:
         # delete old auth file if present
         if os.path.isfile(openvpn['auth_user_pass_file']):
@@ -483,9 +480,6 @@ def generate(openvpn):
             # Our client need's to know its subnet mask ...
             client_config['server_subnet'] = dict_search('server.subnet', openvpn)
 
-            import pprint
-            pprint.pprint(client_config)
-
             render(client_file, 'openvpn/client.conf.tmpl', client_config,
                    trim_blocks=True, user=user, group=group)
 
-- 
cgit v1.2.3