luci-app-openvpn: allow and restrict file uploads to /etc/openvpn/ 3544/head
authorJo-Philipp Wich <jo@mein.io>
Mon, 20 Jan 2020 18:16:59 +0000 (19:16 +0100)
committerJo-Philipp Wich <jo@mein.io>
Mon, 20 Jan 2020 18:41:49 +0000 (19:41 +0100)
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit cc01770fa1cf09b729dd931df77b149d1b20d2ef)

applications/luci-app-firewall/root/usr/share/rpcd/acl.d/luci-app-openvpn.json [new file with mode: 0644]
applications/luci-app-openvpn/luasrc/model/cbi/openvpn-advanced.lua
applications/luci-app-openvpn/luasrc/model/cbi/openvpn-basic.lua

diff --git a/applications/luci-app-firewall/root/usr/share/rpcd/acl.d/luci-app-openvpn.json b/applications/luci-app-firewall/root/usr/share/rpcd/acl.d/luci-app-openvpn.json
new file mode 100644 (file)
index 0000000..bc9d8e1
--- /dev/null
@@ -0,0 +1,11 @@
+{
+       "luci-app-openvpn": {
+               "description": "Grant file upload access to /etc/openvpn",
+               "write": {
+                       "cgi-io": [ "upload" ],
+                       "file": {
+                               "/etc/openvpn/*": [ "write" ]
+                       }
+               }
+       }
+}
index c310efc1172d48c156cd5e97b87901b33c79409b..a79288d20df971b5c8f754c3f4ebae7c4b8dc85e 100644 (file)
@@ -838,6 +838,8 @@ for _, option in ipairs(params) do
                o.value = option[3]
        elseif option[1] == FileUpload then
 
+               o.initial_directory = "/etc/openvpn"
+
                function o.cfgvalue(self, section)
                        local cfg_val = AbstractValue.cfgvalue(self, section)
 
index 54f082a1fa45e34d619b0d4a7c430705df835796..20b7790de379fa0783e29a323dea1798258beebe 100644 (file)
@@ -128,6 +128,8 @@ for _, option in ipairs(basicParams) do
                o.value = option[3]
        elseif option[1] == FileUpload then
 
+               o.initial_directory = "/etc/openvpn"
+
                function o.cfgvalue(self, section)
                        local cfg_val = AbstractValue.cfgvalue(self, section)