From b2aada6c8263a75f4a57858edb410aa98669f849 Mon Sep 17 00:00:00 2001 From: Jo-Philipp Wich Date: Mon, 22 Jul 2019 16:35:58 +0200 Subject: [PATCH] luci-base: add conntrack_helpers ubus procedure Also move firewall specific ACLs into separate group. Signed-off-by: Jo-Philipp Wich --- modules/luci-base/root/usr/libexec/rpcd/luci | 93 +++++++++++++++++++ .../root/usr/share/rpcd/acl.d/luci-base.json | 14 ++- 2 files changed, 106 insertions(+), 1 deletion(-) diff --git a/modules/luci-base/root/usr/libexec/rpcd/luci b/modules/luci-base/root/usr/libexec/rpcd/luci index 55233d6d0..c446b19e9 100755 --- a/modules/luci-base/root/usr/libexec/rpcd/luci +++ b/modules/luci-base/root/usr/libexec/rpcd/luci @@ -285,6 +285,99 @@ local methods = { local fs = require "nixio.fs" return { offload_support = not not fs.access("/sys/module/xt_FLOWOFFLOAD/refcnt") } end + }, + + conntrack_helpers = { + call = function() + local fd = io.open("/usr/share/fw3/helpers.conf", "r") + local rv = {} + + local line, entry + while true do + line = fd:read("*l") + if not line then + break + end + + if line:match("^%s*config%s") then + if entry then + rv[#rv+1] = entry + end + entry = {} + else + local opt, val = line:match("^%s*option%s+(%S+)%s+(%S.*)$") + if opt and val then + opt = opt:gsub("^'(.+)'$", "%1"):gsub('^"(.+)"$', "%1") + val = val:gsub("^'(.+)'$", "%1"):gsub('^"(.+)"$', "%1") + entry[opt] = val + end + end + end + + if entry then + rv[#rv+1] = entry + end + + return { helpers = rv } + end + }, + + getMenuItems = { + call = function(args) + local util = require "luci.util" + local http = require "luci.http" + local disp = require "luci.dispatcher" + + local x = coroutine.create(function() + util.coxpcall(function() + http.context.request = http.Request({ + PATH_INFO = "/", + QUERY_STRING = "", + REQUEST_METHOD = "GET", + REQUEST_URI = "/", + BUILD_MENU = "1" + }, function() end, function() end) + + disp.context.request = {} + disp.dispatch(disp.context.request) + + coroutine.yield(-1, disp.node()) + end, error) + end) + + local root = nil + + while coroutine.status(x) ~= "dead" do + local res, id, data1, data2 = coroutine.resume(x, r) + if id == -1 then + root = data1 + elseif id == 6 then + data1:close() + end + end + + local function recurse(prefix, node) + local childs = disp.node_childs(node) + if #childs > 0 then + local i, c + for i, c in ipairs(childs) do + local cnode = node.nodes[c] + local n = { name = c, title = cnode.title, query = cnode.query } + + if prefix.children then + prefix.children[#prefix.children+1] = n + else + prefix.children = { n } + end + + recurse(n, cnode) + end + end + return prefix + end + + return root and recurse({}, root) or {} + end } } diff --git a/modules/luci-base/root/usr/share/rpcd/acl.d/luci-base.json b/modules/luci-base/root/usr/share/rpcd/acl.d/luci-base.json index a9baef8f9..de145ce78 100644 --- a/modules/luci-base/root/usr/share/rpcd/acl.d/luci-base.json +++ b/modules/luci-base/root/usr/share/rpcd/acl.d/luci-base.json @@ -13,7 +13,7 @@ "read": { "ubus": { "iwinfo": [ "info" ], - "luci": [ "boardjson", "duid_hints", "host_hints", "ifaddrs", "initList", "getLocaltime", "leases", "leds", "netdevs", "offload_support", "usb" ], + "luci": [ "boardjson", "duid_hints", "host_hints", "ifaddrs", "initList", "getLocaltime", "leases", "leds", "netdevs", "usb" ], "network.device": [ "status" ], "network.interface": [ "dump" ], "network.wireless": [ "status" ], @@ -28,5 +28,17 @@ }, "uci": [ "*" ] } + }, + "luci-app-firewall": { + "description": "Grant access to firewall procedures", + "read": { + "ubus": { + "luci": [ "conntrack_helpers", "offload_support" ] + }, + "uci": [ "firewall" ] + }, + "write": { + "uci": [ "firewall" ] + } } } -- 2.25.1