From: Jo-Philipp Wich Date: Mon, 20 Jan 2020 18:16:59 +0000 (+0100) Subject: luci-app-openvpn: allow and restrict file uploads to /etc/openvpn/ X-Git-Url: http://git.lede-project.org./?a=commitdiff_plain;h=cc01770fa1cf09b729dd931df77b149d1b20d2ef;p=project%2Fluci.git luci-app-openvpn: allow and restrict file uploads to /etc/openvpn/ Signed-off-by: Jo-Philipp Wich --- diff --git a/applications/luci-app-firewall/root/usr/share/rpcd/acl.d/luci-app-openvpn.json b/applications/luci-app-firewall/root/usr/share/rpcd/acl.d/luci-app-openvpn.json new file mode 100644 index 0000000000..bc9d8e184d --- /dev/null +++ b/applications/luci-app-firewall/root/usr/share/rpcd/acl.d/luci-app-openvpn.json @@ -0,0 +1,11 @@ +{ + "luci-app-openvpn": { + "description": "Grant file upload access to /etc/openvpn", + "write": { + "cgi-io": [ "upload" ], + "file": { + "/etc/openvpn/*": [ "write" ] + } + } + } +} diff --git a/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-advanced.lua b/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-advanced.lua index cce850fe0b..d15aaeb4fb 100644 --- a/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-advanced.lua +++ b/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-advanced.lua @@ -838,6 +838,8 @@ for _, option in ipairs(params) do o.value = option[3] elseif option[1] == FileUpload then + o.initial_directory = "/etc/openvpn" + function o.cfgvalue(self, section) local cfg_val = AbstractValue.cfgvalue(self, section) diff --git a/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-basic.lua b/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-basic.lua index 3c793c5ce3..980238cb67 100644 --- a/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-basic.lua +++ b/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-basic.lua @@ -128,6 +128,8 @@ for _, option in ipairs(basicParams) do o.value = option[3] elseif option[1] == FileUpload then + o.initial_directory = "/etc/openvpn" + function o.cfgvalue(self, section) local cfg_val = AbstractValue.cfgvalue(self, section)