diff options
author | Jo-Philipp Wich <jo@mein.io> | 2019-12-18 21:32:48 +0100 |
---|---|---|
committer | Jo-Philipp Wich <jo@mein.io> | 2019-12-18 21:33:29 +0100 |
commit | 3a657b8ab585f6e0fef5c9128dc84c5a008a6969 (patch) | |
tree | e97c804ffd2acf0e0d04a5dd6405091f05934302 /modules | |
parent | e884b63916ebf6d1a7e4f7c92240a76964ecaa85 (diff) |
luci-mod-network: replace controller address check action with cgi-io script
This change removes the last bit of Lua code from luci-mod-network.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Diffstat (limited to 'modules')
4 files changed, 51 insertions, 72 deletions
diff --git a/modules/luci-base/root/usr/share/rpcd/acl.d/luci-base.json b/modules/luci-base/root/usr/share/rpcd/acl.d/luci-base.json index e215cf9455..298b5ed336 100644 --- a/modules/luci-base/root/usr/share/rpcd/acl.d/luci-base.json +++ b/modules/luci-base/root/usr/share/rpcd/acl.d/luci-base.json @@ -20,7 +20,7 @@ "luci-access": { "description": "Grant access to basic LuCI procedures", "read": { - "cgi-io": [ "backup", "download" ], + "cgi-io": [ "backup", "download", "exec" ], "file": { "/": [ "list" ], "/*": [ "list" ], @@ -47,7 +47,8 @@ "/usr/bin/ping6 *": [ "exec" ], "/usr/bin/traceroute *": [ "exec" ], "/usr/bin/traceroute6 *": [ "exec" ], - "/usr/bin/nslookup *": [ "exec" ] + "/usr/bin/nslookup *": [ "exec" ], + "/usr/libexec/luci-peeraddr": [ "exec" ] }, "ubus": { "file": [ "list", "read", "stat" ], diff --git a/modules/luci-mod-network/htdocs/luci-static/resources/view/network/interfaces.js b/modules/luci-mod-network/htdocs/luci-static/resources/view/network/interfaces.js index 9ca7773fe1..280356efba 100644 --- a/modules/luci-mod-network/htdocs/luci-static/resources/view/network/interfaces.js +++ b/modules/luci-mod-network/htdocs/luci-static/resources/view/network/interfaces.js @@ -160,8 +160,8 @@ function iface_updown(up, id, ev, force) { btns[1].disabled = true; if (!up) { - L.Request.get(L.url('admin/network/remote_addr')).then(function(res) { - var info = res.json(); + L.resolveDefault(fs.exec_direct('/usr/libexec/luci-peeraddr')).then(function(res) { + var info = null; try { info = JSON.parse(res); } catch(e) {} if (L.isObject(info) && Array.isArray(info.inbound_interfaces) && diff --git a/modules/luci-mod-network/luasrc/controller/admin/network.lua b/modules/luci-mod-network/luasrc/controller/admin/network.lua deleted file mode 100644 index 109c59f2a7..0000000000 --- a/modules/luci-mod-network/luasrc/controller/admin/network.lua +++ /dev/null @@ -1,68 +0,0 @@ --- Copyright 2008 Steven Barth <steven@midlink.org> --- Copyright 2011-2018 Jo-Philipp Wich <jo@mein.io> --- Licensed to the public under the Apache License 2.0. - -module("luci.controller.admin.network", package.seeall) - -local function addr2dev(addr, src) - local ip = require "luci.ip" - local route = ip.route(addr, src) - if not src and route and route.src then - route = ip.route(addr, route.src:string()) - end - return route and route.dev -end - -function remote_addr() - local uci = require "luci.model.uci" - local peer = luci.http.getenv("REMOTE_ADDR") - local serv = luci.http.getenv("SERVER_ADDR") - local device = addr2dev(peer, serv) - local ifaces = luci.util.ubus("network.interface", "dump") - local indevs = {} - local inifs = {} - - local result = { - remote_addr = peer, - server_addr = serv, - inbound_devices = {}, - inbound_interfaces = {} - } - - if type(ifaces) == "table" and type(ifaces.interface) == "table" then - for _, iface in ipairs(ifaces.interface) do - if type(iface) == "table" then - if iface.device == device or iface.l3_device == device then - inifs[iface.interface] = true - indevs[device] = true - end - - local peeraddr = uci:get("network", iface.interface, "peeraddr") - for _, ai in ipairs(peeraddr and nixio.getaddrinfo(peeraddr) or {}) do - local peerdev = addr2dev(ai.address) - if peerdev then - for _, iface in ipairs(ifaces.interface) do - if type(iface) == "table" and - (iface.device == peerdev or iface.l3_device == peerdev) - then - inifs[iface.interface] = true - indevs[peerdev] = true - end - end - end - end - end - end - end - - for k in pairs(inifs) do - result.inbound_interfaces[#result.inbound_interfaces + 1] = k - end - - for k in pairs(indevs) do - result.inbound_devices[#result.inbound_devices + 1] = k - end - - luci.http.prepare_content("application/json") - luci.http.write_json(result) -end diff --git a/modules/luci-mod-network/root/usr/libexec/luci-peeraddr b/modules/luci-mod-network/root/usr/libexec/luci-peeraddr new file mode 100755 index 0000000000..84a0158fd5 --- /dev/null +++ b/modules/luci-mod-network/root/usr/libexec/luci-peeraddr @@ -0,0 +1,46 @@ +#!/bin/sh + +NL=" +" + +function ifaces_by_device() { + ubus call network.interface dump 2>/dev/null | \ + jsonfilter -e "@.interface[@.device='$1' || @.l3_device='$1'].interface" +} + +function device_by_addr() { + set -- $(ip route get "$1" ${2:+from "$2"} 2>/dev/null) + echo "$5" +} + +for inbound_device in $(device_by_addr "$REMOTE_ADDR" "$SERVER_ADDR"); do + inbound_devices="$inbound_device" + inbound_interfaces="" + + for iface in $(ifaces_by_device "$inbound_device"); do + inbound_interfaces="${inbound_interfaces:+$inbound_interfaces$NL}$iface" + + for peeraddr in $(uci get "network.$iface.peeraddr"); do + for ipaddr in $(resolveip -t 1 "$peeraddr" 2>/dev/null); do + for peerdev in $(device_by_addr "$ipaddr"); do + for iface in $(ifaces_by_device "$peerdev"); do + inbound_devices="${inbound_devices:+$inbound_devices$NL}$peerdev" + inbound_interfaces="${inbound_interfaces:+$inbound_interfaces$NL}$iface" + done + done + done + done + done +done + +inbound_devices="$(echo "$inbound_devices" | sort -u | sed ':a;N;$!ba;s/\n/", "/g')" +inbound_interfaces="$(echo "$inbound_interfaces" | sort -u | sed ':a;N;$!ba;s/\n/", "/g')" + +cat <<JSON +{ + "remote_addr": "$REMOTE_ADDR", + "server_addr": "$SERVER_ADDR", + "inbound_devices": [ ${inbound_devices:+\"$inbound_devices\"} ], + "inbound_interfaces": [ ${inbound_interfaces:+\"$inbound_interfaces\"} ] +} +JSON |