Skip to content

Commit

Permalink
Merge pull request #3850 from c-po/openvpn-totp-T3834
Browse files Browse the repository at this point in the history 
openvpn: T3834: verify() is not allowed to change anything on the system
  • Loading branch information
@c-po
c-po authored Jul 22, 2024
2 parents e64322c + 40c8359 commit 748fb96
Showing 1 changed file with 10 additions and 7 deletions.
17 changes: 10 additions & 7 deletions src/conf_mode/interfaces_openvpn.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -235,10 +235,6 @@ def verify_pki(openvpn):

def verify(openvpn):
if 'deleted' in openvpn:
# remove totp secrets file if totp is not configured
if os.path.isfile(otp_file.format(**openvpn)):
os.remove(otp_file.format(**openvpn))

verify_bridge_delete(openvpn)
return None

Expand Down Expand Up @@ -635,9 +631,19 @@ def generate_pki_files(openvpn):


def generate(openvpn):
if 'deleted' in openvpn:
# remove totp secrets file if totp is not configured
if os.path.isfile(otp_file.format(**openvpn)):
os.remove(otp_file.format(**openvpn))
return None

if 'disable' in openvpn:
return None

interface = openvpn['ifname']
directory = os.path.dirname(cfg_file.format(**openvpn))
openvpn['plugin_dir'] = '/usr/lib/openvpn'

# create base config directory on demand
makedir(directory, user, group)
# enforce proper permissions on /run/openvpn
Expand All @@ -654,9 +660,6 @@ def generate(openvpn):
if os.path.isdir(service_dir):
rmtree(service_dir, ignore_errors=True)

if 'deleted' in openvpn or 'disable' in openvpn:
return None

# create client config directory on demand
makedir(ccd_dir, user, group)

Expand Down

0 comments on commit 748fb96

Please sign in to comment.