It's a bit of an experiment, but likely low risk due to the amount of callers.
These are being used by our login sequence as our usual suspects all run as root, this shouldn't cause any interference.
requires 86c1087dd6 to function.
Use socket.LOCAL_PEERCRED to fetch the callers credentials so we are able to log system (shell) users calling our configuration engine.
Messages are send to our Audit log using severity informational (action succeeded) or error (not allowed or unknown action), this needs a small change in our syslog template to exclude the audit messages (included in this commit).
While here, also add a general overwrite for settings that should apply for all actions, as this would ease applying future default restrictions for all actions.
Action defaults can be set in configd.conf using the following construct:
[action_defaults]
allowed_groups = wheel
To require group membership, the `allowed_groups` option is added to the action, when set, the connected user should be a member to at least one of the mentioned groups. For example, to require wheel membership for a call "echo", the configuration might look like this:
[echo]
command:echo
parameters:%s
type:script_output
allowed_groups = wheel
Finally, remove the simulation mode for the configd service as this is less useful nowadays.
Our policy has always been that shell access should not
not be granted to untrusted users. Apparently this is
also a way to wedge in security reports stemming from
this misconfiguration while glossing over this point and
focusing on something else found in the file system.
If you need access for a user just give them full admin
privileges and that's fixed. For everyone else no longer
render the shell and add a warning in the user edit page.
We seem to be missing some context regarding rule generation
so as a first step try to provide a matching ifconfig set with
the rules to diff in order to make debugging easier.
PR: https://forum.opnsense.org/index.php?topic=37248.0
Separate use cases to allow for clean non-removal of static addressing
(including CARP VIPs) for use in rc.linkup et al. While interface_bring_down()
is more or less only being extended with $suspend the journey of this code
change was long and winding. Therefore remove the old ambiguous function
and introduce the new interface_reset() and interface_suspend() variant to
make more sense of the caller's requirements.
interfaces.php is a special case depending on interface enable state so we
pass the $suspend request down to interface_reset() to avoid an if-else
dance.
This commit omits some of the link-specific information such as ppp uptime, disconnect/release mechanism, as well as wireless and bridge information. Since there is more of this type of information available than was originally being handled by get_interfaces_info(), perhaps it makes more sense to extend the backend script with the relevant bits in time.
This commit contains the following changes to improve revision visibility.
* add username and api token for external (non-gui) callers.
* offer the ability to merge revision information into configuration saves. (getRevisionContext / setRevisionContext)
* merge session attributes starting with xrevision_ into a revision item, for example. xrevision_impersonated_by would be recorded as impersonated_by
* add "impersonated_by" to audit log when specified (for future use)
* remove revision attributes before adding, this prevents attributes sticking around.
The plugin package is "os-squid" fitting better into the naming
conventions. With "DNS" and "DHCP" following a similar naming
convention start stuffing "Squid" before menu name and descriptive
labels so users can find it using any desireable key word and
the documentation doesn't have to change (much).
Find out which directory we want and keep it in an array.
Use the first one that exists and ignore the others. This
allows us to do a late fallback into "en" language on top
which wasn't handled gracefully before.
This commit adds the connection to the action.execute() method which offers the ability to flush data back to the client instantly without having to wait for the call to end. As the existing types are only slighly modified, the impact of this change should be rather low. To demonstrate the streaming capability, also adjust configctl to flush output when received.
Example usage:
[find]
command:find / ; xxx
parameters:
type:stream_output
message:test stream output
Add groups attribute to remote auth, to avoid random input hook the names to our local account management and require the user to create a local group first, which is similar to other areas of our system. We don't have to store the membership in this case in our local user db.
Only enable "class_group" attribute when there is at least one enabled connection using these groups.
Offer configuration access for the kea control agent needed for high availabilty and basic peer setup.
o add Control Agent menu item with basic settings
o split dhcpv4 settings in general and ha
o add peer configuration
In a /31 there are only two addresses and these are generally
allowed to be used so adjust the network/broadcast check to
only trigger on /30 or below.
Ideally we should only force validation on the requested node and its children, but since we currently don't have a method for this and the performance decrease is likely low, we just request full validation on performValidation().
closes https://github.com/opnsense/core/issues/6978
