diff options
| author | jim-p <jimp@netgate.com> | 2019-05-09 16:22:21 -0400 |
|---|---|---|
| committer | jim-p <jimp@netgate.com> | 2019-05-09 16:23:28 -0400 |
| commit | a8a07cfbb40a6134d47626cb81d249cf45c1df64 (patch) | |
| tree | 9f3384239e64d43638cc603f768ad7990a371ca0 | |
| parent | 48ab49abab178fc03c8b4b437994280272172781 (diff) | |
| download | pfsense-a8a07cfbb40a6134d47626cb81d249cf45c1df64.zip pfsense-a8a07cfbb40a6134d47626cb81d249cf45c1df64.tar.gz | |
Add warning for OpenVPN client, server, and override privileges.
Since these can use OpenVPN advanced directives to call external
scripts, they can be used to run commands that the user may not
otherwise have access to run.
Issue #9510
(cherry picked from commit f75b0eb8e781570a84e8700b150e09e081ccacfe)
| -rw-r--r-- | src/etc/inc/priv.defs.inc | 3 | ||||
| -rw-r--r-- | src/usr/local/www/vpn_openvpn_client.php | 1 | ||||
| -rw-r--r-- | src/usr/local/www/vpn_openvpn_csc.php | 1 | ||||
| -rw-r--r-- | src/usr/local/www/vpn_openvpn_server.php | 1 |
4 files changed, 6 insertions, 0 deletions
diff --git a/src/etc/inc/priv.defs.inc b/src/etc/inc/priv.defs.inc index ba93686..0cb7eae 100644 --- a/src/etc/inc/priv.defs.inc +++ b/src/etc/inc/priv.defs.inc @@ -1281,18 +1281,21 @@ $priv_list['page-vpn-vpnl2tp-users-edit']['match'][] = "vpn_l2tp_users_edit.php* $priv_list['page-openvpn-client'] = array(); $priv_list['page-openvpn-client']['name'] = gettext("WebCfg - OpenVPN: Clients"); $priv_list['page-openvpn-client']['descr'] = gettext("Allow access to the 'OpenVPN: Clients' page."); +$priv_list['page-openvpn-client']['warn'] = "standard-warning-root"; $priv_list['page-openvpn-client']['match'] = array(); $priv_list['page-openvpn-client']['match'][] = "vpn_openvpn_client.php*"; $priv_list['page-openvpn-csc'] = array(); $priv_list['page-openvpn-csc']['name'] = gettext("WebCfg - OpenVPN: Client Specific Override"); $priv_list['page-openvpn-csc']['descr'] = gettext("Allow access to the 'OpenVPN: Client Specific Override' page."); +$priv_list['page-openvpn-csc']['warn'] = "standard-warning-root"; $priv_list['page-openvpn-csc']['match'] = array(); $priv_list['page-openvpn-csc']['match'][] = "vpn_openvpn_csc.php*"; $priv_list['page-openvpn-server'] = array(); $priv_list['page-openvpn-server']['name'] = gettext("WebCfg - OpenVPN: Servers"); $priv_list['page-openvpn-server']['descr'] = gettext("Allow access to the 'OpenVPN: Servers' page."); +$priv_list['page-openvpn-server']['warn'] = "standard-warning-root"; $priv_list['page-openvpn-server']['match'] = array(); $priv_list['page-openvpn-server']['match'][] = "vpn_openvpn_server.php*"; diff --git a/src/usr/local/www/vpn_openvpn_client.php b/src/usr/local/www/vpn_openvpn_client.php index e1c838a..ce6740f 100644 --- a/src/usr/local/www/vpn_openvpn_client.php +++ b/src/usr/local/www/vpn_openvpn_client.php @@ -24,6 +24,7 @@ ##|*IDENT=page-openvpn-client ##|*NAME=OpenVPN: Clients ##|*DESCR=Allow access to the 'OpenVPN: Clients' page. +##|*WARN=standard-warning-root ##|*MATCH=vpn_openvpn_client.php* ##|-PRIV diff --git a/src/usr/local/www/vpn_openvpn_csc.php b/src/usr/local/www/vpn_openvpn_csc.php index 5d06a0e..cba5ba5 100644 --- a/src/usr/local/www/vpn_openvpn_csc.php +++ b/src/usr/local/www/vpn_openvpn_csc.php @@ -24,6 +24,7 @@ ##|*IDENT=page-openvpn-csc ##|*NAME=OpenVPN: Client Specific Override ##|*DESCR=Allow access to the 'OpenVPN: Client Specific Override' page. +##|*WARN=standard-warning-root ##|*MATCH=vpn_openvpn_csc.php* ##|-PRIV diff --git a/src/usr/local/www/vpn_openvpn_server.php b/src/usr/local/www/vpn_openvpn_server.php index 10b4c51..9afcf88 100644 --- a/src/usr/local/www/vpn_openvpn_server.php +++ b/src/usr/local/www/vpn_openvpn_server.php @@ -24,6 +24,7 @@ ##|*IDENT=page-openvpn-server ##|*NAME=OpenVPN: Servers ##|*DESCR=Allow access to the 'OpenVPN: Servers' page. +##|*WARN=standard-warning-root ##|*MATCH=vpn_openvpn_server.php* ##|-PRIV |
