From: Jo-Philipp Wich Date: Mon, 20 Jan 2020 18:16:59 +0000 (+0100) Subject: luci-app-openvpn: allow and restrict file uploads to /etc/openvpn/ X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=refs%2Fpull%2F3544%2Fhead;p=oweals%2Fluci.git luci-app-openvpn: allow and restrict file uploads to /etc/openvpn/ Signed-off-by: Jo-Philipp Wich (cherry picked from commit cc01770fa1cf09b729dd931df77b149d1b20d2ef) --- diff --git a/applications/luci-app-firewall/root/usr/share/rpcd/acl.d/luci-app-openvpn.json b/applications/luci-app-firewall/root/usr/share/rpcd/acl.d/luci-app-openvpn.json new file mode 100644 index 000000000..bc9d8e184 --- /dev/null +++ b/applications/luci-app-firewall/root/usr/share/rpcd/acl.d/luci-app-openvpn.json @@ -0,0 +1,11 @@ +{ + "luci-app-openvpn": { + "description": "Grant file upload access to /etc/openvpn", + "write": { + "cgi-io": [ "upload" ], + "file": { + "/etc/openvpn/*": [ "write" ] + } + } + } +} diff --git a/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-advanced.lua b/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-advanced.lua index c310efc11..a79288d20 100644 --- a/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-advanced.lua +++ b/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-advanced.lua @@ -838,6 +838,8 @@ for _, option in ipairs(params) do o.value = option[3] elseif option[1] == FileUpload then + o.initial_directory = "/etc/openvpn" + function o.cfgvalue(self, section) local cfg_val = AbstractValue.cfgvalue(self, section) diff --git a/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-basic.lua b/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-basic.lua index 54f082a1f..20b7790de 100644 --- a/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-basic.lua +++ b/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-basic.lua @@ -128,6 +128,8 @@ for _, option in ipairs(basicParams) do o.value = option[3] elseif option[1] == FileUpload then + o.initial_directory = "/etc/openvpn" + function o.cfgvalue(self, section) local cfg_val = AbstractValue.cfgvalue(self, section)