Additions may be written inside opnsense/service/conf/configd.conf.d/ using a name ending in .conf
Another use-case it to "lock-down" configd access by default using a newly default action, e.g.:
[action_defaults]
allowed_groups = wheel
Although "openssl rehash" would be more portable, it doesn't seem to match FreeBSD's file layout.
The script in this commit mimics the certctl tool for the relevant parts, but spending a lot less time while doing so.
If at some point in time the certctl tool starts to behave again, we can simply trash this one and go back to the default option.
proposal for https://github.com/opnsense/core/issues/7063
Although in theory we should also be able to determine a change by looking at the alias and it siblings, it needs more parameters and is likely more difficult to read.
This commit should address the concerns of https://github.com/opnsense/core/pull/7057 by wrapping "read an alias content file" into a static method called "read_alias_file" and use it to determine change in both the resolv() {keeping track of this alias without siblings} and the one in update_tables.py {which is flushed to pf}
Add -u option for this reason as we cannot afford to abort when
otherwise locked and here it also doesn't matter. We could also
wait for the lock but this seems more beneficial and we can pick
up the correct environment as well, see 5c064a57090.
On the mirror we control prevent the use of "legacy" TLS versions
to allow for better security. This could be carried over to other
servers but since we don't controll most community servers this
could have negtive impact on availability depending on their config.
A quick sweep shows that all main functions check.sh, update.sh and
upgrade.sh use the launcher so that works as intended even from the
console. Another audit is required for other firmware scripts and
situations where e.g. opnsense-update is called manually. Ideally
all should go to launcher.sh or somehow be able to access the
required environment.
implode() dies when provided with arrays in arrays (on development),
so this is a good opportunity to extend the behavior a bit.
The consequence of this commit is that information that is not displayed
in a bootgrid, but still passed in as part of the dataset is also
searchable. This isn't a bad thing, but controllers still have
the option of constraining the amount of fields that should be
searched, as showcased here in interfacesInfoAction().
It looks like calling 'toggle' instantly after creation looses the contens of the actual select. This commit adds a timeout and keeps track if picker was already created or not.
It's a bit of an experiment, but likely low risk due to the amount of callers.
These are being used by our login sequence as our usual suspects all run as root, this shouldn't cause any interference.
requires 86c1087dd6 to function.
Use socket.LOCAL_PEERCRED to fetch the callers credentials so we are able to log system (shell) users calling our configuration engine.
Messages are send to our Audit log using severity informational (action succeeded) or error (not allowed or unknown action), this needs a small change in our syslog template to exclude the audit messages (included in this commit).
While here, also add a general overwrite for settings that should apply for all actions, as this would ease applying future default restrictions for all actions.
Action defaults can be set in configd.conf using the following construct:
[action_defaults]
allowed_groups = wheel
To require group membership, the `allowed_groups` option is added to the action, when set, the connected user should be a member to at least one of the mentioned groups. For example, to require wheel membership for a call "echo", the configuration might look like this:
[echo]
command:echo
parameters:%s
type:script_output
allowed_groups = wheel
Finally, remove the simulation mode for the configd service as this is less useful nowadays.
Our policy has always been that shell access should not
not be granted to untrusted users. Apparently this is
also a way to wedge in security reports stemming from
this misconfiguration while glossing over this point and
focusing on something else found in the file system.
If you need access for a user just give them full admin
privileges and that's fixed. For everyone else no longer
render the shell and add a warning in the user edit page.
