permissions, log when user tries to save the configuration but has the 'deny config write' permission

author: PiBa-NL <pba_2k3@yahoo.com> 2017-06-06 23:52:17 +0200
committer: PiBa-NL <pba_2k3@yahoo.com> 2017-06-06 23:52:17 +0200
commit: 6356e3e8c77c7e18165f7c3a6c2fb871d44adc06 (patch)
tree: 82009d97037e41e81ea56b3c9b5be6b40c4bfadb /src/etc/inc/config.lib.inc
parent: 2c8c85787b3c2e0071b157891425afb819fe2ff1 (diff)
download: pfsense-6356e3e8c77c7e18165f7c3a6c2fb871d44adc06.zip
pfsense-6356e3e8c77c7e18165f7c3a6c2fb871d44adc06.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/src/etc/inc/config.lib.inc b/src/etc/inc/config.lib.inc
index 40c3150..fc152a2 100644
--- a/src/etc/inc/config.lib.inc
+++ b/src/etc/inc/config.lib.inc
@@ -447,6 +447,7 @@ function write_config($desc="Unknown", $backup = true, $write_config_only = fals
 		if (!empty($_SESSION['Username']) && ($_SESSION['Username'] != "admin")) {
 			$user = getUserEntry($_SESSION['Username']);
 			if (is_array($user) && userHasPrivilege($user, "user-config-readonly")) {
+				syslog(LOG_AUTHPRIV, sprintf(gettext("Save config permission denied by the 'User - Config: Deny Config Write' permission for user '%s'."), $_SESSION['Username']));
 				phpsession_end(true);
 				return false;
 			}
author	PiBa-NL <pba_2k3@yahoo.com>	2017-06-06 23:52:17 +0200
committer	PiBa-NL <pba_2k3@yahoo.com>	2017-06-06 23:52:17 +0200
commit	6356e3e8c77c7e18165f7c3a6c2fb871d44adc06 (patch)
tree	82009d97037e41e81ea56b3c9b5be6b40c4bfadb /src/etc/inc/config.lib.inc
parent	2c8c85787b3c2e0071b157891425afb819fe2ff1 (diff)
download	pfsense-6356e3e8c77c7e18165f7c3a6c2fb871d44adc06.zip pfsense-6356e3e8c77c7e18165f7c3a6c2fb871d44adc06.tar.gz