From ed8f1c4c1c47465f79ddaf6af118d1dd29ee7d12 Mon Sep 17 00:00:00 2001 From: Jo-Philipp Wich Date: Wed, 14 Aug 2019 17:07:55 +0200 Subject: [PATCH] luci-app-firewall: honour global default policies in per-zone settings Signed-off-by: Jo-Philipp Wich --- .../resources/view/firewall/forwards.js | 3 +- .../resources/view/firewall/rules.js | 3 +- .../resources/view/firewall/zones.js | 8 +- .../htdocs/luci-static/resources/network.js | 7 +- modules/luci-base/root/usr/libexec/rpcd/luci | 90 ++++++++++--------- .../root/usr/share/rpcd/acl.d/luci-base.json | 6 +- .../resources/view/network/dhcp.js | 9 +- .../resources/view/network/hosts.js | 3 +- .../luci-static/resources/view/system/leds.js | 34 +++---- .../resources/view/system/system.js | 15 ++-- 10 files changed, 98 insertions(+), 80 deletions(-) diff --git a/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/forwards.js b/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/forwards.js index 63af69f8a..80938711e 100644 --- a/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/forwards.js +++ b/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/forwards.js @@ -75,7 +75,8 @@ function forward_via_txt(s) { return L.view.extend({ callHostHints: rpc.declare({ object: 'luci', - method: 'host_hints' + method: 'getHostHints', + expect: { '': {} } }), load: function() { diff --git a/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/rules.js b/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/rules.js index a7924b107..6df3bc7f8 100644 --- a/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/rules.js +++ b/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/rules.js @@ -112,7 +112,8 @@ function rule_target_txt(s) { return L.view.extend({ callHostHints: rpc.declare({ object: 'luci', - method: 'host_hints' + method: 'getHostHints', + expect: { '': {} } }), load: function() { diff --git a/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/zones.js b/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/zones.js index 22f1683fe..3ac3f6e2f 100644 --- a/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/zones.js +++ b/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/zones.js @@ -15,12 +15,14 @@ return L.view.extend({ load: function() { return Promise.all([ - this.callConntrackHelpers() + this.callConntrackHelpers(), + firewall.getDefaults() ]); }, render: function(data) { var ctHelpers = data[0], + fwDefaults = data[1], m, s, o, inp, out; m = new form.Map('firewall', _('Firewall - Zone Settings'), @@ -118,6 +120,10 @@ return L.view.extend({ p[i].editable = true; } + p[0].default = fwDefaults.getInput(); + p[1].default = fwDefaults.getOutput(); + p[2].default = fwDefaults.getForward(); + o = s.taboption('general', form.Flag, 'masq', _('Masquerading')); o.editable = true; diff --git a/modules/luci-base/htdocs/luci-static/resources/network.js b/modules/luci-base/htdocs/luci-static/resources/network.js index 86e6ea574..487adabb4 100644 --- a/modules/luci-base/htdocs/luci-static/resources/network.js +++ b/modules/luci-base/htdocs/luci-static/resources/network.js @@ -51,18 +51,19 @@ var callNetworkWirelessStatus = rpc.declare({ var callLuciNetdevs = rpc.declare({ object: 'luci', - method: 'netdevs' + method: 'getNetworkDevices', + expect: { '': {} } }); var callLuciIfaddrs = rpc.declare({ object: 'luci', - method: 'ifaddrs', + method: 'getIfaddrs', expect: { result: [] } }); var callLuciBoardjson = rpc.declare({ object: 'luci', - method: 'boardjson' + method: 'getBoardJSON' }); var callIwinfoInfo = rpc.declare({ diff --git a/modules/luci-base/root/usr/libexec/rpcd/luci b/modules/luci-base/root/usr/libexec/rpcd/luci index 7eac09214..89bf14900 100755 --- a/modules/luci-base/root/usr/libexec/rpcd/luci +++ b/modules/luci-base/root/usr/libexec/rpcd/luci @@ -9,7 +9,7 @@ local function readfile(path) end local methods = { - initList = { + getInitList = { args = { name = "name" }, call = function(args) local sys = require "luci.sys" @@ -22,11 +22,11 @@ local methods = { return { error = "No such init script" } end end - return { result = scripts } + return scripts end }, - initCall = { + setInitAction = { args = { name = "name", action = "action" }, call = function(args) local sys = require "luci.sys" @@ -39,7 +39,7 @@ local methods = { getLocaltime = { call = function(args) - return { localtime = os.time() } + return { result = os.time() } end }, @@ -52,11 +52,11 @@ local methods = { sys.call("date -s '%04d-%02d-%02d %02d:%02d:%02d' >/dev/null" %{ date.year, date.month, date.day, date.hour, date.min, date.sec }) sys.call("/etc/init.d/sysfixtime restart >/dev/null") end - return { localtime = args.localtime } + return { result = args.localtime } end }, - timezone = { + getTimezones = { call = function(args) local util = require "luci.util" local zones = require "luci.sys.zoneinfo" @@ -76,11 +76,11 @@ local methods = { active = (res and res.value == zone[1]) and true or nil } end - return { result = result } + return result end }, - leds = { + getLEDs = { call = function() local iter = fs.dir("/sys/class/leds") local result = { } @@ -115,7 +115,7 @@ local methods = { end }, - usb = { + getUSBDevices = { call = function() local fs = require "nixio.fs" local iter = fs.glob("/sys/bus/usb/devices/[0-9]*/manufacturer") @@ -126,7 +126,7 @@ local methods = { local p for p in iter do - local id = p:match("%d+-%d+") + local id = p:match("/([^/]+)/manufacturer$") result.devices[#result.devices+1] = { id = id, @@ -139,18 +139,19 @@ local methods = { end end - iter = fs.glob("/sys/bus/usb/devices/*/usb[0-9]*-port[0-9]*") + iter = fs.glob("/sys/bus/usb/devices/*/*-port[0-9]*") if iter then result.ports = {} local p for p in iter do - local bus, port = p:match("usb(%d+)-port(%d+)") + local port = p:match("([^/]+)$") + local link = fs.readlink(p.."/device") result.ports[#result.ports+1] = { - hub = tonumber(bus), - port = tonumber(port) + port = port, + device = link and fs.basename(link) } end end @@ -159,20 +160,20 @@ local methods = { end }, - ifaddrs = { + getIfaddrs = { call = function() return { result = nixio.getifaddrs() } end }, - host_hints = { + getHostHints = { call = function() local sys = require "luci.sys" return sys.net.host_hints() end }, - duid_hints = { + getDUIDHints = { call = function() local fp = io.open('/var/hosts/odhcpd') local result = { } @@ -192,7 +193,7 @@ local methods = { end }, - leases = { + getDHCPLeases = { args = { family = 0 }, call = function(args) local s = require "luci.tools.status" @@ -210,7 +211,7 @@ local methods = { end }, - netdevs = { + getNetworkDevices = { call = function(args) local dir = fs.dir("/sys/class/net") local result = { } @@ -273,45 +274,50 @@ local methods = { end }, - boardjson = { + getBoardJSON = { call = function(args) local jsc = require "luci.jsonc" return jsc.parse(fs.readfile("/etc/board.json") or "") end }, - conntrack_helpers = { + getConntrackHelpers = { call = function() - local fd = io.open("/usr/share/fw3/helpers.conf", "r") + local ok, fd = pcall(io.open, "/usr/share/fw3/helpers.conf", "r") local rv = {} - local line, entry - while true do - line = fd:read("*l") - if not line then - break - end + if ok then + local entry - if line:match("^%s*config%s") then - if entry then - rv[#rv+1] = entry + while true do + local line = fd:read("*l") + if not line then + break end - entry = {} - else - local opt, val = line:match("^%s*option%s+(%S+)%s+(%S.*)$") - if opt and val then - opt = opt:gsub("^'(.+)'$", "%1"):gsub('^"(.+)"$', "%1") - val = val:gsub("^'(.+)'$", "%1"):gsub('^"(.+)"$', "%1") - entry[opt] = val + + if line:match("^%s*config%s") then + if entry then + rv[#rv+1] = entry + end + entry = {} + else + local opt, val = line:match("^%s*option%s+(%S+)%s+(%S.*)$") + if opt and val then + opt = opt:gsub("^'(.+)'$", "%1"):gsub('^"(.+)"$', "%1") + val = val:gsub("^'(.+)'$", "%1"):gsub('^"(.+)"$', "%1") + entry[opt] = val + end end end - end - if entry then - rv[#rv+1] = entry + if entry then + rv[#rv+1] = entry + end + + fd:close() end - return { helpers = rv } + return { result = rv } end }, diff --git a/modules/luci-base/root/usr/share/rpcd/acl.d/luci-base.json b/modules/luci-base/root/usr/share/rpcd/acl.d/luci-base.json index fb7be94cf..5ffcbdc2e 100644 --- a/modules/luci-base/root/usr/share/rpcd/acl.d/luci-base.json +++ b/modules/luci-base/root/usr/share/rpcd/acl.d/luci-base.json @@ -22,7 +22,7 @@ "read": { "ubus": { "iwinfo": [ "info" ], - "luci": [ "boardjson", "duid_hints", "host_hints", "ifaddrs", "initList", "getLocaltime", "leases", "leds", "netdevs", "usb" ], + "luci": [ "getBoardJSON", "getDUIDHints", "getHostHints", "getIfaddrs", "getInitList", "getLocaltime", "getTimezones", "getDHCPLeases", "getLEDs", "getNetworkDevices", "getUSBDevices" ], "network.device": [ "status" ], "network.interface": [ "dump" ], "network.wireless": [ "status" ], @@ -33,7 +33,7 @@ }, "write": { "ubus": { - "luci": [ "initCall", "setLocaltime", "timezone" ], + "luci": [ "setInitAction", "setLocaltime" ], "uci": [ "add", "apply", "confirm", "delete", "order", "set" ] }, "uci": [ "*" ] @@ -43,7 +43,7 @@ "description": "Grant access to firewall procedures", "read": { "ubus": { - "luci": [ "conntrack_helpers" ] + "luci": [ "getConntrackHelpers" ] }, "uci": [ "firewall" ] }, diff --git a/modules/luci-mod-network/htdocs/luci-static/resources/view/network/dhcp.js b/modules/luci-mod-network/htdocs/luci-static/resources/view/network/dhcp.js index 7035dc476..1e9c402e0 100644 --- a/modules/luci-mod-network/htdocs/luci-static/resources/view/network/dhcp.js +++ b/modules/luci-mod-network/htdocs/luci-static/resources/view/network/dhcp.js @@ -7,17 +7,19 @@ var callHostHints, callDUIDHints, callDHCPLeases, CBILeaseStatus; callHostHints = rpc.declare({ object: 'luci', - method: 'host_hints' + method: 'getHostHints', + expect: { '': {} } }); callDUIDHints = rpc.declare({ object: 'luci', - method: 'duid_hints' + method: 'getDUIDHints', + expect: { '': {} } }); callDHCPLeases = rpc.declare({ object: 'luci', - method: 'leases', + method: 'getDHCPLeases', params: [ 'family' ], expect: { dhcp_leases: [] } }); @@ -57,7 +59,6 @@ return L.view.extend({ m, s, o, ss, so; m = new form.Map('dhcp', _('DHCP and DNS'), _('Dnsmasq is a combined DHCP-Server and DNS-Forwarder for NAT firewalls')); - m.tabbed = true; s = m.section(form.TypedSection, 'dnsmasq', _('Server Settings')); s.anonymous = true; diff --git a/modules/luci-mod-network/htdocs/luci-static/resources/view/network/hosts.js b/modules/luci-mod-network/htdocs/luci-static/resources/view/network/hosts.js index 2a49b0481..3cdea8adb 100644 --- a/modules/luci-mod-network/htdocs/luci-static/resources/view/network/hosts.js +++ b/modules/luci-mod-network/htdocs/luci-static/resources/view/network/hosts.js @@ -5,7 +5,8 @@ return L.view.extend({ callHostHints: rpc.declare({ object: 'luci', - method: 'host_hints' + method: 'getHostHints', + expect: { '': {} } }), load: function() { diff --git a/modules/luci-mod-system/htdocs/luci-static/resources/view/system/leds.js b/modules/luci-mod-system/htdocs/luci-static/resources/view/system/leds.js index c1109b5d6..a5bda0576 100644 --- a/modules/luci-mod-system/htdocs/luci-static/resources/view/system/leds.js +++ b/modules/luci-mod-system/htdocs/luci-static/resources/view/system/leds.js @@ -3,28 +3,23 @@ 'require rpc'; 'require form'; -var callInitAction, callLeds, callUSB, callNetdevs; - -callInitAction = rpc.declare({ - object: 'luci', - method: 'initCall', - params: [ 'name', 'action' ], - expect: { result: false } -}); +var callLeds, callUSB, callNetdevs; callLeds = rpc.declare({ object: 'luci', - method: 'leds' + method: 'getLEDs', + expect: { '': {} } }); callUSB = rpc.declare({ object: 'luci', - method: 'usb' + method: 'getUSBDevices', + expect: { '': {} } }); callNetdevs = rpc.declare({ object: 'luci', - method: 'ifaddrs', + method: 'getIfaddrs', expect: { result: [] }, filter: function(res) { var devs = {}; @@ -130,16 +125,23 @@ return L.view.extend({ value = String(value || '').split(/\s+/); for (var i = 0; i < value.length; i++) - if (value[i].match(/^usb(\d+)-port(\d+)$/)) - ports.push(value[i]); - else if (value[i].match(/^(\d+)-(\d+)$/)) + if (value[i].match(/^(\d+)-(\d+)$/)) ports.push('usb%d-port%d'.format(Regexp.$1, Regexp.$2)); + else + ports.push(value[i]); return ports; }; usb.ports.forEach(function(usbport) { - o.value('usb%d-port%d'.format(usbport.hub, usbport.port), - 'Hub %d, Port %d'.format(usbport.hub, usbport.port)); + var dev = (usbport.device && Array.isArray(usb.devices)) + ? usb.devices.filter(function(d) { return d.id == usbport.device })[0] : null; + + var label = _('Port %s').format(usbport.port); + + if (dev) + label += ' (%s - %s)'.format(dev.vendor || '?', dev.product || '?'); + + o.value(usbport.port, label); }); } diff --git a/modules/luci-mod-system/htdocs/luci-static/resources/view/system/system.js b/modules/luci-mod-system/htdocs/luci-static/resources/view/system/system.js index 6db973a8d..1ed8f64d8 100644 --- a/modules/luci-mod-system/htdocs/luci-static/resources/view/system/system.js +++ b/modules/luci-mod-system/htdocs/luci-static/resources/view/system/system.js @@ -8,9 +8,9 @@ var callInitList, callInitAction, callTimezone, callInitList = rpc.declare({ object: 'luci', - method: 'initList', + method: 'getInitList', params: [ 'name' ], - expect: { result: {} }, + expect: { '': {} }, filter: function(res) { for (var k in res) return +res[k].enabled; @@ -20,7 +20,7 @@ callInitList = rpc.declare({ callInitAction = rpc.declare({ object: 'luci', - method: 'initCall', + method: 'setInitAction', params: [ 'name', 'action' ], expect: { result: false } }); @@ -28,20 +28,20 @@ callInitAction = rpc.declare({ callGetLocaltime = rpc.declare({ object: 'luci', method: 'getLocaltime', - expect: { localtime: 0 } + expect: { result: 0 } }); callSetLocaltime = rpc.declare({ object: 'luci', method: 'setLocaltime', params: [ 'localtime' ], - expect: { localtime: 0 } + expect: { result: 0 } }); callTimezone = rpc.declare({ object: 'luci', - method: 'timezone', - expect: { result: {} } + method: 'getTimezones', + expect: { '': {} } }); CBILocalTime = form.DummyValue.extend({ @@ -103,7 +103,6 @@ return L.view.extend({ _('Here you can configure the basic aspects of your device like its hostname or the timezone.')); m.chain('luci'); - m.tabbed = true; s = m.section(form.TypedSection, 'system', _('System Properties')); s.anonymous = true; -- 2.25.1