security, better guard free text inputs, only allow admin groups and …

…signal the user about its likely disappearance in the future. In some cases users would be able to execute arbitrary commands, which is impossible to protect against.
opnsense · May 10, 2019 · d62015d · d62015d
1 parent 7af6473
commit d62015d
Show file tree

Hide file tree

Showing 6 changed files with 32 additions and 1 deletion.
diff --git a/src/www/services_dnsmasq.php b/src/www/services_dnsmasq.php
@@ -70,7 +70,11 @@
             $input_errors[] = gettext('Unbound is still active on the same port. Disable it before enabling Dnsmasq.');
         }
 
-        if (!empty($pconfig['custom_options'])) {
+        $prev_opt = !empty($config['dnsmasq']['custom_options']) ? $config['dnsmasq']['custom_options'] : "";
+        if ($prev_opt != str_replace("\r\n", "\n", $pconfig['custom_options']) && !userIsAdmin($_SESSION['Username'])) {
+            $input_errors[] = gettext("Advanced options may only be edited by admins (role page-all), due to the increased possibility of privilege escalation.");
+        }
+        if (!empty($pconfig['custom_options']) && userIsAdmin($_SESSION['Username'])) {
             $args = '';
             foreach (preg_split('/\s+/', str_replace("\r\n", "\n", $pconfig['custom_options'])) as $c) {
                 if (!empty($c)) {
@@ -386,6 +390,7 @@
                     </div>
                     <div id="showadv" <?= empty($pconfig['custom_options']) ? "style='display:none'" : "" ?>>
                       <textarea rows="6" cols="78" name="custom_options" id="custom_options"><?=$pconfig['custom_options'];?></textarea>
+                      <?=gettext("This option will be removed in the future due to being insecure by nature. In the mean time only full administrators are allowed to change this setting.");?>
                     </div>
                     <div class="hidden" data-for="help_for_advanced">
                       <?=gettext("Enter any additional options you would like to add to the Dnsmasq configuration here, separated by a space or newline"); ?>

diff --git a/src/www/services_ntpd.php b/src/www/services_ntpd.php
@@ -72,6 +72,10 @@
     if (!empty($pconfig['orphan']) && ($pconfig['orphan'] < 0 || $pconfig['orphan'] > 15 || !is_numeric($pconfig['orphan']))) {
         $input_errors[] = gettext("Orphan mode must be a value between 0..15");
     }
+    $prev_opt = !empty($a_ntpd['custom_options']) ? $a_ntpd['custom_options'] : "";
+    if ($prev_opt != str_replace("\r\n", "\n", $pconfig['custom_options']) && !userIsAdmin($_SESSION['Username'])) {
+        $input_errors[] = gettext("Advanced options may only be edited by admins (role page-all), due to the increased possibility of privilege escalation.");
+    }
 
     // swap fields, really stupid field usage which we are not going to change now....
     foreach (array('kod', 'nomodify', 'nopeer', 'notrap') as $fieldname) {
@@ -411,6 +415,7 @@ function removeRow() {
                       <div id="showadv" <?=empty($pconfig['custom_options']) ? "style='display:none'" : ""; ?>>
                         <strong><?=gettext("Advanced");?><br /></strong>
                         <textarea rows="6" cols="78" name="custom_options" id="custom_options"><?=$pconfig['custom_options'];?></textarea><br />
+                        <?=gettext("This option will be removed in the future due to being insecure by nature. In the mean time only full administrators are allowed to change this setting.");?><br/>
                         <?= gettext('Enter any additional options you would like to add to the network time configuration here, separated by a space or newline.') ?>
                       </div>
                     </td>

diff --git a/src/www/services_unbound.php b/src/www/services_unbound.php
@@ -83,6 +83,10 @@
         if (!empty($pconfig['local_zone_type']) && !array_key_exists($pconfig['local_zone_type'], unbound_local_zone_types())) {
             $input_errors[] = sprintf(gettext('Local zone type "%s" is not known.'), $pconfig['local_zone_type']);
         }
+        $prev_opt = !empty($a_unboundcfg['custom_options']) ? $a_unboundcfg['custom_options'] : "";
+        if ($prev_opt != str_replace("\r\n", "\n", $pconfig['custom_options']) && !userIsAdmin($_SESSION['Username'])) {
+            $input_errors[] = gettext("Advanced options may only be edited by admins (role page-all), due to the increased possibility of privilege escalation.");
+        }
 
         if (count($input_errors) == 0) {
             // text types
@@ -318,6 +322,7 @@
                         <td><a id="help_for_custom_options" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?= gettext('Custom options') ?></td>
                         <td>
                           <textarea rows="6" cols="78" name="custom_options" id="custom_options"><?=$pconfig['custom_options'];?></textarea>
+                          <?=gettext("This option will be removed in the future due to being insecure by nature. In the mean time only full administrators are allowed to change this setting.");?>
                           <div class="hidden" data-for="help_for_custom_options">
                             <?=gettext("Enter any additional options you would like to add to the Unbound configuration here."); ?>
                           </div>

diff --git a/src/www/vpn_openvpn_client.php b/src/www/vpn_openvpn_client.php
@@ -294,6 +294,10 @@
         if (($pconfig['mode'] != "p2p_shared_key") && empty($pconfig['certref']) && empty($pconfig['auth_user']) && empty($pconfig['auth_pass'])) {
             $input_errors[] = gettext("If no Client Certificate is selected, a username and password must be entered.");
         }
+        $prev_opt = (isset($id) && !empty($a_client[$id])) ? $a_client[$id]['custom_options'] : "";
+        if ($prev_opt != str_replace("\r\n", "\n", $pconfig['custom_options']) && !userIsAdmin($_SESSION['Username'])) {
+            $input_errors[] = gettext("Advanced options may only be edited by admins (role page-all), due to the increased possibility of privilege escalation.");
+        }
 
         if (count($input_errors) == 0) {
             // save data
@@ -1101,6 +1105,7 @@ function addRow() {
             <td style="width:22%"><a id="help_for_custom_options" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Advanced"); ?></td>
             <td style="width:78%">
               <textarea rows="6" cols="78" name="custom_options" id="custom_options"><?=$pconfig['custom_options'];?></textarea>
+              <?=gettext("This option will be removed in the future due to being insecure by nature. In the mean time only full administrators are allowed to change this setting.");?>
               <div class="hidden" data-for="help_for_custom_options">
                 <?=gettext("Enter any additional options you would like to add to the configuration file here."); ?>
               </div>

diff --git a/src/www/vpn_openvpn_csc.php b/src/www/vpn_openvpn_csc.php
@@ -177,6 +177,11 @@
                 }
             }
         }
+        $prev_opt = (isset($id) && !empty($a_csc[$id])) ? $a_csc[$id]['custom_options'] : "";
+        if ($prev_opt != str_replace("\r\n", "\n", $pconfig['custom_options']) && !userIsAdmin($_SESSION['Username'])) {
+            $input_errors[] = gettext("Advanced options may only be edited by admins (role page-all), due to the increased possibility of privilege escalation.");
+        }
+
 
         $reqdfields[] = 'common_name';
         $reqdfieldsn[] = 'Common name';
@@ -655,6 +660,7 @@
                     <td><a id="help_for_custom_options" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Advanced"); ?></td>
                     <td>
                       <textarea rows="6" cols="70" name="custom_options" id="custom_options"><?=$pconfig['custom_options'];?></textarea>
+                      <?=gettext("This option will be removed in the future due to being insecure by nature. In the mean time only full administrators are allowed to change this setting.");?>
                       <div class="hidden" data-for="help_for_custom_options">
                         <?=gettext("Enter any additional options you would like to add for this client specific override, separated by a semicolon"); ?><br />
                         <?=gettext("EXAMPLE: push \"route 10.0.0.0 255.255.255.0\""); ?>;

diff --git a/src/www/vpn_openvpn_server.php b/src/www/vpn_openvpn_server.php
@@ -341,6 +341,10 @@
                 }
             }
         }
+        $prev_opt = (isset($id) && !empty($a_server[$id])) ? $a_server[$id]['custom_options'] : "";
+        if ($prev_opt != str_replace("\r\n", "\n", $pconfig['custom_options']) && !userIsAdmin($_SESSION['Username'])) {
+            $input_errors[] = gettext("Advanced options may only be edited by admins (role page-all), due to the increased possibility of privilege escalation.");
+        }
 
         do_input_validation($pconfig, $reqdfields, $reqdfieldsn, $input_errors);
 
@@ -1547,6 +1551,7 @@
                       <td style="width:22%"><a id="help_for_custom_options" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Advanced"); ?></td>
                       <td>
                         <textarea rows="6" cols="78" name="custom_options" id="custom_options"><?=$pconfig['custom_options'];?></textarea>
+                        <?=gettext("This option will be removed in the future due to being insecure by nature. In the mean time only full administrators are allowed to change this setting.");?>
                         <div class="hidden" data-for="help_for_custom_options">
                           <?=gettext("Enter any additional options you would like to add to the configuration file here."); ?>
                         </div>