summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorJo-Philipp Wich <jo@mein.io>2019-07-22 16:35:58 +0200
committerJo-Philipp Wich <jo@mein.io>2019-07-22 16:35:58 +0200
commitb2aada6c8263a75f4a57858edb410aa98669f849 (patch)
tree7812d350701df891f4adc5a607fbf182aefd388a
parentac96b8be436c95eed5fffdb2117e3c8d7a79dcb0 (diff)
luci-base: add conntrack_helpers ubus procedure
Also move firewall specific ACLs into separate group. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
-rwxr-xr-xmodules/luci-base/root/usr/libexec/rpcd/luci93
-rw-r--r--modules/luci-base/root/usr/share/rpcd/acl.d/luci-base.json14
2 files changed, 106 insertions, 1 deletions
diff --git a/modules/luci-base/root/usr/libexec/rpcd/luci b/modules/luci-base/root/usr/libexec/rpcd/luci
index 55233d6d0a..c446b19e92 100755
--- a/modules/luci-base/root/usr/libexec/rpcd/luci
+++ b/modules/luci-base/root/usr/libexec/rpcd/luci
@@ -285,6 +285,99 @@ local methods = {
local fs = require "nixio.fs"
return { offload_support = not not fs.access("/sys/module/xt_FLOWOFFLOAD/refcnt") }
end
+ },
+
+ conntrack_helpers = {
+ call = function()
+ local fd = io.open("/usr/share/fw3/helpers.conf", "r")
+ local rv = {}
+
+ local line, entry
+ while true do
+ line = fd:read("*l")
+ if not line then
+ break
+ end
+
+ if line:match("^%s*config%s") then
+ if entry then
+ rv[#rv+1] = entry
+ end
+ entry = {}
+ else
+ local opt, val = line:match("^%s*option%s+(%S+)%s+(%S.*)$")
+ if opt and val then
+ opt = opt:gsub("^'(.+)'$", "%1"):gsub('^"(.+)"$', "%1")
+ val = val:gsub("^'(.+)'$", "%1"):gsub('^"(.+)"$', "%1")
+ entry[opt] = val
+ end
+ end
+ end
+
+ if entry then
+ rv[#rv+1] = entry
+ end
+
+ return { helpers = rv }
+ end
+ },
+
+ getMenuItems = {
+ call = function(args)
+ local util = require "luci.util"
+ local http = require "luci.http"
+ local disp = require "luci.dispatcher"
+
+ local x = coroutine.create(function()
+ util.coxpcall(function()
+ http.context.request = http.Request({
+ PATH_INFO = "/",
+ QUERY_STRING = "",
+ REQUEST_METHOD = "GET",
+ REQUEST_URI = "/",
+ BUILD_MENU = "1"
+ }, function() end, function() end)
+
+ disp.context.request = {}
+ disp.dispatch(disp.context.request)
+
+ coroutine.yield(-1, disp.node())
+ end, error)
+ end)
+
+ local root = nil
+
+ while coroutine.status(x) ~= "dead" do
+ local res, id, data1, data2 = coroutine.resume(x, r)
+ if id == -1 then
+ root = data1
+ elseif id == 6 then
+ data1:close()
+ end
+ end
+
+ local function recurse(prefix, node)
+ local childs = disp.node_childs(node)
+ if #childs > 0 then
+ local i, c
+ for i, c in ipairs(childs) do
+ local cnode = node.nodes[c]
+ local n = { name = c, title = cnode.title, query = cnode.query }
+
+ if prefix.children then
+ prefix.children[#prefix.children+1] = n
+ else
+ prefix.children = { n }
+ end
+
+ recurse(n, cnode)
+ end
+ end
+ return prefix
+ end
+
+ return root and recurse({}, root) or {}
+ end
}
}
diff --git a/modules/luci-base/root/usr/share/rpcd/acl.d/luci-base.json b/modules/luci-base/root/usr/share/rpcd/acl.d/luci-base.json
index a9baef8f9c..de145ce784 100644
--- a/modules/luci-base/root/usr/share/rpcd/acl.d/luci-base.json
+++ b/modules/luci-base/root/usr/share/rpcd/acl.d/luci-base.json
@@ -13,7 +13,7 @@
"read": {
"ubus": {
"iwinfo": [ "info" ],
- "luci": [ "boardjson", "duid_hints", "host_hints", "ifaddrs", "initList", "getLocaltime", "leases", "leds", "netdevs", "offload_support", "usb" ],
+ "luci": [ "boardjson", "duid_hints", "host_hints", "ifaddrs", "initList", "getLocaltime", "leases", "leds", "netdevs", "usb" ],
"network.device": [ "status" ],
"network.interface": [ "dump" ],
"network.wireless": [ "status" ],
@@ -28,5 +28,17 @@
},
"uci": [ "*" ]
}
+ },
+ "luci-app-firewall": {
+ "description": "Grant access to firewall procedures",
+ "read": {
+ "ubus": {
+ "luci": [ "conntrack_helpers", "offload_support" ]
+ },
+ "uci": [ "firewall" ]
+ },
+ "write": {
+ "uci": [ "firewall" ]
+ }
}
}