summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorJo-Philipp Wich <jo@mein.io>2020-01-20 19:16:59 +0100
committerJo-Philipp Wich <jo@mein.io>2020-01-20 19:40:46 +0100
commitcc01770fa1cf09b729dd931df77b149d1b20d2ef (patch)
tree7a0adcf380d8de68492bf522931e076e67ace655
parent878d6622828676dbb8bf0cb26ffc242079aae306 (diff)
luci-app-openvpn: allow and restrict file uploads to /etc/openvpn/
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
-rw-r--r--applications/luci-app-firewall/root/usr/share/rpcd/acl.d/luci-app-openvpn.json11
-rw-r--r--applications/luci-app-openvpn/luasrc/model/cbi/openvpn-advanced.lua2
-rw-r--r--applications/luci-app-openvpn/luasrc/model/cbi/openvpn-basic.lua2
3 files changed, 15 insertions, 0 deletions
diff --git a/applications/luci-app-firewall/root/usr/share/rpcd/acl.d/luci-app-openvpn.json b/applications/luci-app-firewall/root/usr/share/rpcd/acl.d/luci-app-openvpn.json
new file mode 100644
index 000000000..bc9d8e184
--- /dev/null
+++ b/applications/luci-app-firewall/root/usr/share/rpcd/acl.d/luci-app-openvpn.json
@@ -0,0 +1,11 @@
+{
+ "luci-app-openvpn": {
+ "description": "Grant file upload access to /etc/openvpn",
+ "write": {
+ "cgi-io": [ "upload" ],
+ "file": {
+ "/etc/openvpn/*": [ "write" ]
+ }
+ }
+ }
+}
diff --git a/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-advanced.lua b/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-advanced.lua
index cce850fe0..d15aaeb4f 100644
--- a/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-advanced.lua
+++ b/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-advanced.lua
@@ -838,6 +838,8 @@ for _, option in ipairs(params) do
o.value = option[3]
elseif option[1] == FileUpload then
+ o.initial_directory = "/etc/openvpn"
+
function o.cfgvalue(self, section)
local cfg_val = AbstractValue.cfgvalue(self, section)
diff --git a/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-basic.lua b/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-basic.lua
index 3c793c5ce..980238cb6 100644
--- a/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-basic.lua
+++ b/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-basic.lua
@@ -128,6 +128,8 @@ for _, option in ipairs(basicParams) do
o.value = option[3]
elseif option[1] == FileUpload then
+ o.initial_directory = "/etc/openvpn"
+
function o.cfgvalue(self, section)
local cfg_val = AbstractValue.cfgvalue(self, section)