projects / project / luci.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 878d662)
luci-app-openvpn: allow and restrict file uploads to /etc/openvpn/
authorJo-Philipp Wich <jo@mein.io>
Mon, 20 Jan 2020 18:16:59 +0000 (19:16 +0100)
committerJo-Philipp Wich <jo@mein.io>
Mon, 20 Jan 2020 18:40:46 +0000 (19:40 +0100)
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
applications/luci-app-firewall/root/usr/share/rpcd/acl.d/luci-app-openvpn.json [new file with mode: 0644] patch | blob
applications/luci-app-openvpn/luasrc/model/cbi/openvpn-advanced.lua patch | blob | history
applications/luci-app-openvpn/luasrc/model/cbi/openvpn-basic.lua patch | blob | history

diff --git a/applications/luci-app-firewall/root/usr/share/rpcd/acl.d/luci-app-openvpn.json b/applications/luci-app-firewall/root/usr/share/rpcd/acl.d/luci-app-openvpn.json
new file mode 100644 (file)
index 0000000..bc9d8e1
--- /dev/null
+++ b/applications/luci-app-firewall/root/usr/share/rpcd/acl.d/luci-app-openvpn.json
@@ -0,0 +1,11 @@
+{
+       "luci-app-openvpn": {
+               "description": "Grant file upload access to /etc/openvpn",
+               "write": {
+                       "cgi-io": [ "upload" ],
+                       "file": {
+                               "/etc/openvpn/*": [ "write" ]
+                       }
+               }
+       }
+}
diff --git a/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-advanced.lua b/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-advanced.lua
index cce850fe0b9650383f676da44198ee8f6818a9b9..d15aaeb4fb768b91e8ddc6f70563e6decb1c7c81 100644 (file)
--- a/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-advanced.lua
+++ b/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-advanced.lua
@@ -838,6 +838,8 @@ for _, option in ipairs(params) do
                o.value = option[3]
        elseif option[1] == FileUpload then
 
+               o.initial_directory = "/etc/openvpn"
+
                function o.cfgvalue(self, section)
                        local cfg_val = AbstractValue.cfgvalue(self, section)
 
diff --git a/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-basic.lua b/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-basic.lua
index 3c793c5ce3c68e60d011d84b7f888720b3985f76..980238cb670d14f42bad84b09ecbb1833b9c8a19 100644 (file)
--- a/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-basic.lua
+++ b/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-basic.lua
@@ -128,6 +128,8 @@ for _, option in ipairs(basicParams) do
                o.value = option[3]
        elseif option[1] == FileUpload then
 
+               o.initial_directory = "/etc/openvpn"
+
                function o.cfgvalue(self, section)
                        local cfg_val = AbstractValue.cfgvalue(self, section)
 
Lua Configuration Interface (mirror)