From cc01770fa1cf09b729dd931df77b149d1b20d2ef Mon Sep 17 00:00:00 2001
From: Jo-Philipp Wich <jo@mein.io>
Date: Mon, 20 Jan 2020 19:16:59 +0100
Subject: [PATCH] luci-app-openvpn: allow and restrict file uploads to
 /etc/openvpn/

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
---
 .../root/usr/share/rpcd/acl.d/luci-app-openvpn.json   | 11 +++++++++++
 .../luasrc/model/cbi/openvpn-advanced.lua             |  2 ++
 .../luasrc/model/cbi/openvpn-basic.lua                |  2 ++
 3 files changed, 15 insertions(+)
 create mode 100644 applications/luci-app-firewall/root/usr/share/rpcd/acl.d/luci-app-openvpn.json

diff --git a/applications/luci-app-firewall/root/usr/share/rpcd/acl.d/luci-app-openvpn.json b/applications/luci-app-firewall/root/usr/share/rpcd/acl.d/luci-app-openvpn.json
new file mode 100644
index 0000000000..bc9d8e184d
--- /dev/null
+++ b/applications/luci-app-firewall/root/usr/share/rpcd/acl.d/luci-app-openvpn.json
@@ -0,0 +1,11 @@
+{
+	"luci-app-openvpn": {
+		"description": "Grant file upload access to /etc/openvpn",
+		"write": {
+			"cgi-io": [ "upload" ],
+			"file": {
+				"/etc/openvpn/*": [ "write" ]
+			}
+		}
+	}
+}
diff --git a/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-advanced.lua b/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-advanced.lua
index cce850fe0b..d15aaeb4fb 100644
--- a/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-advanced.lua
+++ b/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-advanced.lua
@@ -838,6 +838,8 @@ for _, option in ipairs(params) do
 		o.value = option[3]
 	elseif option[1] == FileUpload then
 
+		o.initial_directory = "/etc/openvpn"
+
 		function o.cfgvalue(self, section)
 			local cfg_val = AbstractValue.cfgvalue(self, section)
 
diff --git a/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-basic.lua b/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-basic.lua
index 3c793c5ce3..980238cb67 100644
--- a/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-basic.lua
+++ b/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-basic.lua
@@ -128,6 +128,8 @@ for _, option in ipairs(basicParams) do
 		o.value = option[3]
 	elseif option[1] == FileUpload then
 
+		o.initial_directory = "/etc/openvpn"
+
 		function o.cfgvalue(self, section)
 			local cfg_val = AbstractValue.cfgvalue(self, section)
 
-- 
2.30.2