diff options
| author | Phil Davis <phil.davis@inf.org> | 2017-01-02 17:45:37 +0545 |
|---|---|---|
| committer | Phil Davis <phil.davis@inf.org> | 2017-01-02 17:45:37 +0545 |
| commit | 57188e4752b9606c54cd49f4d8f96ec0fc38f8f3 (patch) | |
| tree | c035bdc261d27847a7dd4667f7a3d83ff8a2fe18 /src/usr/local/www/system_groupmanager_addprivs.php | |
| parent | 8db81fbcaa33012cb4fa573312a8f72ed3660dd1 (diff) | |
| download | pfsense-57188e4752b9606c54cd49f4d8f96ec0fc38f8f3.zip pfsense-57188e4752b9606c54cd49f4d8f96ec0fc38f8f3.tar.gz | |
Add security notes for privilege assignment pages
Suggested solution for Redmine 2247
Diffstat (limited to 'src/usr/local/www/system_groupmanager_addprivs.php')
| -rw-r--r-- | src/usr/local/www/system_groupmanager_addprivs.php | 34 |
1 files changed, 33 insertions, 1 deletions
diff --git a/src/usr/local/www/system_groupmanager_addprivs.php b/src/usr/local/www/system_groupmanager_addprivs.php index ad07c1c..0947d97 100644 --- a/src/usr/local/www/system_groupmanager_addprivs.php +++ b/src/usr/local/www/system_groupmanager_addprivs.php @@ -28,6 +28,7 @@ ##|*IDENT=page-system-groupmanager-addprivs ##|*NAME=System: Group Manager: Add Privileges ##|*DESCR=Allow access to the 'System: Group Manager: Add Privileges' page. +##|*WARN=standard-warning-root ##|*MATCH=system_groupmanager_addprivs.php* ##|-PRIV @@ -117,6 +118,20 @@ function build_priv_list() { return($list); } +function get_root_priv_item_text() { + global $priv_list; + + $priv_text = ""; + + foreach ($priv_list as $pname => $pdata) { + if (isset($pdata['warn']) && ($pdata['warn'] == 'standard-warning-root')) { + $priv_text .= '<br/>' . $pdata['name']; + } + } + + return($priv_text); +} + include("head.inc"); if ($input_errors) { @@ -171,6 +186,19 @@ $section->addInput(new Form_Input( null ))->setHelp('Show only the choices containing this term'); +$section->addInput(new Form_StaticText( + gettext('Privilege information'), + '<span class="help-block">'. + gettext('The following privileges effectively give root privilege to users in the group' . + ' because the user gains access to execute general commands, edit system files, ' . + ' modify users, change passwords or similar:') . + '<br/>' . + get_root_priv_item_text() . + '<br/><br/>' . + gettext('Please take care when granting these privileges.') . + '</span>' +)); + $btnfilter = new Form_Button( 'btnfilter', 'Filter', @@ -215,7 +243,11 @@ events.push(function() { continue; } - $desc = addslashes(preg_replace("/pfSense/i", $g['product_name'], $pdata['descr'])); + $desc = preg_replace("/pfSense/i", $g['product_name'], $pdata['descr']); + if (isset($pdata['warn']) && ($pdata['warn'] == 'standard-warning-root')) { + $desc .= ' ' . gettext('(This privilege effectively gives root privilege to users in the group)'); + } + $desc = addslashes($desc); $jdescs .= "descs[{$id}] = '{$desc}';\n"; $id++; } |
