unbound: remove custom configuration support #4327

Since we have /usr/local/etc/unbound.opnsense.d/ now we can go ahead with the removal of the GUI based "permanent workaround".
2026-03-15 17:14:46 +00:00 · 2021-07-09 14:06:17 +02:00 · 2021-07-09 14:06:17 +02:00 · 72bfc498da
commit 72bfc498da
parent a0e7b21e2b
2 changed files with 2 additions and 28 deletions
--- a/src/etc/inc/plugins.inc.d/unbound.inc
+++ b/src/etc/inc/plugins.inc.d/unbound.inc
@ -219,12 +219,6 @@ EOF;
    unbound_add_domain_overrides();
    unbound_acls_config();

-    // Add custom Unbound options
-    $custom_options = '';
-    if (!empty($config['unbound']['custom_options'])) {
-        $custom_options = "# Unbound custom options\n{$config['unbound']['custom_options']}\n";
-    }
-
    $port = is_port($config['unbound']['port']) ? $config['unbound']['port'] : "53";
    $hide_id = !empty($config['unbound']['hideidentity']) ? "yes" : "no";
    $hide_version = !empty($config['unbound']['hideversion']) ? "yes" : "no";
@ -361,11 +355,9 @@ include: /var/unbound/host_entries.conf
 # Domain overrides
 include: /var/unbound/domainoverrides.conf

-# Custom includes (plugins)
+# Custom includes
 include: /var/unbound/etc/*.conf

-{$custom_options}
-
 {$forward_conf}

 remote-control:
--- a/src/www/services_unbound.php
+++ b/src/www/services_unbound.php
@ -50,7 +50,6 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
    $pconfig['txtsupport'] = isset($a_unboundcfg['txtsupport']);
    // text values
    $pconfig['port'] = !empty($a_unboundcfg['port']) ? $a_unboundcfg['port'] : null;
-    $pconfig['custom_options'] = !empty($a_unboundcfg['custom_options']) ? $a_unboundcfg['custom_options'] : null;
    $pconfig['regdhcpdomain'] = !empty($a_unboundcfg['regdhcpdomain']) ? $a_unboundcfg['regdhcpdomain'] : null;
    $pconfig['dns64prefix'] = !empty($a_unboundcfg['dns64prefix']) ? $a_unboundcfg['dns64prefix'] : null;
    // array types
@ -87,10 +86,6 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
        if (!empty($pconfig['local_zone_type']) && !array_key_exists($pconfig['local_zone_type'], unbound_local_zone_types())) {
            $input_errors[] = sprintf(gettext('Local zone type "%s" is not known.'), $pconfig['local_zone_type']);
        }
-        $prev_opt = !empty($a_unboundcfg['custom_options']) ? $a_unboundcfg['custom_options'] : "";
-        if ($prev_opt != str_replace("\r\n", "\n", $pconfig['custom_options']) && !userIsAdmin($_SESSION['Username'])) {
-            $input_errors[] = gettext('Advanced options may only be edited by system administrators due to the increased possibility of privilege escalation.');
-        }

        if (count($input_errors) == 0) {
            // text types
@ -115,8 +110,6 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
                unset($a_unboundcfg['local_zone_type']);
            }

-            $a_unboundcfg['custom_options'] = !empty($pconfig['custom_options']) ? str_replace("\r\n", "\n", $pconfig['custom_options']) : null;
-
            // boolean values
            $a_unboundcfg['enable'] = !empty($pconfig['enable']);
            $a_unboundcfg['enable_wpad'] = !empty($pconfig['enable_wpad']);
@ -177,7 +170,7 @@ include_once("head.inc");
            $(window).trigger('resize');
        });
        // show advanced when option set
-        if ($("#outgoing_interface").val() != '' || $("#custom_options").val() != '' || $("#enable_wpad").prop('checked')) {
+        if ($("#outgoing_interface").val() != '' || $("#enable_wpad").prop('checked')) {
            $("#show_advanced_dns").click();
        }
    });
@ -344,16 +337,6 @@ include_once("head.inc");
                          <button id="show_advanced_dns" class="btn btn-xs btn-default" value="yes"><?= gettext('Show advanced option') ?></button>
                        </td>
                      </tr>
-                      <tr class="showadv" style="display:none">
-                        <td><a id="help_for_custom_options" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?= gettext('Custom options') ?></td>
-                        <td>
-                          <textarea rows="6" cols="78" name="custom_options" id="custom_options"><?=$pconfig['custom_options'];?></textarea>
-                          <?=gettext("This option will be removed in the future due to being insecure by nature. In the mean time only full administrators are allowed to change this setting.");?>
-                          <div class="hidden" data-for="help_for_custom_options">
-                            <?=gettext("Enter any additional options you would like to add to the Unbound configuration here."); ?>
-                          </div>
-                        </td>
-                      </tr>
                      <tr class="showadv" style="display:none">
                        <td><a id="help_for_outgoing_interface" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Outgoing Network Interfaces"); ?></td>
                        <td>
@ -363,7 +346,6 @@ include_once("head.inc");
                              <?= html_safe($ifdescr) ?>
                            </option>
 <?php endforeach ?>
-
                          </select>
                          <div class="hidden" data-for="help_for_outgoing_interface">
                            <?=gettext("Utilize different network interfaces that Unbound will use to send queries to authoritative servers and receive their replies. By default all interfaces are used. Note that setting explicit outgoing interfaces only works when they are statically configured.");?>