5 files changed, 139 insertions, 268 deletions

diff --git a/modules/luci-base/luasrc/dispatcher.lua b/modules/luci-base/luasrc/dispatcher.lua
index 0bd19456f..1b684aa79 100644
--- a/modules/luci-base/luasrc/dispatcher.lua
+++ b/modules/luci-base/luasrc/dispatcher.lua
@@ -14,8 +14,6 @@ uci = require "luci.model.uci"
 i18n = require "luci.i18n"
 _M.fs = fs
 
-authenticator = {}
-
 -- Index table
 local index = nil
 
@@ -101,24 +99,6 @@ function error500(message)
 	return false
 end
 
-function authenticator.htmlauth(validator, accs, default, template)
-	local user = http.formvalue("luci_username")
-	local pass = http.formvalue("luci_password")
-
-	if user and validator(user, pass) then
-		return user
-	end
-
-	require("luci.i18n")
-	require("luci.template")
-	context.path = {}
-	http.status(403, "Forbidden")
-	luci.template.render(template or "sysauth", {duser=default, fuser=user})
-
-	return false
-
-end
-
 function httpdispatch(request, prefix)
 	http.context.request = request
 
@@ -188,6 +168,44 @@ function test_post_security()
 	return true
 end
 
+local function session_retrieve(sid, allowed_users)
+	local sdat = util.ubus("session", "get", { ubus_rpc_session = sid })
+
+	if type(sdat) == "table" and
+	   type(sdat.values) == "table" and
+	   type(sdat.values.token) == "string" and
+	   (not allowed_users or
+	    util.contains(allowed_users, sdat.values.username))
+	then
+		return sid, sdat.values
+	end
+
+	return nil, nil
+end
+
+local function session_setup(user, pass, allowed_users)
+	if util.contains(allowed_users, user) then
+		local login = util.ubus("session", "login", {
+			username = user,
+			password = pass,
+			timeout  = tonumber(luci.config.sauth.sessiontime)
+		})
+
+		if type(login) == "table" and
+		   type(login.ubus_rpc_session) == "string"
+		then
+			util.ubus("session", "set", {
+				ubus_rpc_session = login.ubus_rpc_session,
+				values = { token = sys.uniqueid(16) }
+			})
+
+			return session_retrieve(login.ubus_rpc_session)
+		end
+	end
+
+	return nil, nil
+end
+
 function dispatch(request)
 	--context._disable_memtrace = require "luci.debug".trap_memtrace("l")
 	local ctx = context
@@ -332,74 +350,65 @@ function dispatch(request)
 	)
 
 	if track.sysauth then
-		local authen = type(track.sysauth_authenticator) == "function"
-		 and track.sysauth_authenticator
-		 or authenticator[track.sysauth_authenticator]
+		local authen = track.sysauth_authenticator
+		local _, sid, sdat, default_user, allowed_users
 
-		local def  = (type(track.sysauth) == "string") and track.sysauth
-		local accs = def and {track.sysauth} or track.sysauth
-		local sess = ctx.authsession
-		if not sess then
-			sess = http.getcookie("sysauth")
-			sess = sess and sess:match("^[a-f0-9]*$")
+		if type(authen) == "string" and authen ~= "htmlauth" then
+			error500("Unsupported authenticator %q configured" % authen)
+			return
 		end
 
-		local sdat = (util.ubus("session", "get", { ubus_rpc_session = sess }) or { }).values
-		local user, token
+		if type(track.sysauth) == "table" then
+			default_user, allowed_users = nil, track.sysauth
+		else
+			default_user, allowed_users = track.sysauth, { track.sysauth }
+		end
 
-		if sdat then
-			user = sdat.user
-			token = sdat.token
+		if type(authen) == "function" then
+			_, sid = authen(sys.user.checkpasswd, allowed_users)
 		else
-			local eu = http.getenv("HTTP_AUTH_USER")
-			local ep = http.getenv("HTTP_AUTH_PASS")
-			if eu and ep and sys.user.checkpasswd(eu, ep) then
-				authen = function() return eu end
-			end
+			sid = http.getcookie("sysauth")
 		end
 
-		if not util.contains(accs, user) then
-			if authen then
-				local user, sess = authen(sys.user.checkpasswd, accs, def, track.sysauth_template)
-				local token
-				if not user or not util.contains(accs, user) then
-					return
-				else
-					if not sess then
-						local sdat = util.ubus("session", "create", { timeout = tonumber(luci.config.sauth.sessiontime) })
-						if sdat then
-							token = sys.uniqueid(16)
-							util.ubus("session", "set", {
-								ubus_rpc_session = sdat.ubus_rpc_session,
-								values = {
-									user = user,
-									token = token,
-									section = sys.uniqueid(16)
-								}
-							})
-							sess = sdat.ubus_rpc_session
-						end
-					end
+		sid, sdat = session_retrieve(sid, allowed_users)
 
-					if sess and token then
-						http.header("Set-Cookie", 'sysauth=%s; path=%s' %{ sess, build_url() })
+		if not (sid and sdat) and authen == "htmlauth" then
+			local user = http.getenv("HTTP_AUTH_USER")
+			local pass = http.getenv("HTTP_AUTH_PASS")
 
-						ctx.authsession = sess
-						ctx.authtoken = token
-						ctx.authuser = user
+			if user == nil and pass == nil then
+				user = http.formvalue("luci_username")
+				pass = http.formvalue("luci_password")
+			end
+
+			sid, sdat = session_setup(user, pass, allowed_users)
+
+			if not sid then
+				local tmpl = require "luci.template"
+
+				context.path = {}
 
-						http.redirect(build_url(unpack(ctx.requestpath)))
-					end
-				end
-			else
 				http.status(403, "Forbidden")
+				tmpl.render(track.sysauth_template or "sysauth", {
+					duser = default_user,
+					fuser = user
+				})
+
 				return
 			end
-		else
-			ctx.authsession = sess
-			ctx.authtoken = token
-			ctx.authuser = user
+
+			http.header("Set-Cookie", 'sysauth=%s; path=%s' %{ sid, build_url() })
+			http.redirect(build_url(unpack(ctx.requestpath)))
 		end
+
+		if not sid or not sdat then
+			http.status(403, "Forbidden")
+			return
+		end
+
+		ctx.authsession = sid
+		ctx.authtoken = sdat.token
+		ctx.authuser = sdat.username
 	end
 
 	if c and require_post_security(c.target) then
diff --git a/modules/luci-base/luasrc/sys.lua b/modules/luci-base/luasrc/sys.lua
index a97271732..99f3ee291 100644
--- a/modules/luci-base/luasrc/sys.lua
+++ b/modules/luci-base/luasrc/sys.lua
@@ -117,45 +117,12 @@ end
 
 net = {}
 
---			The following fields are defined for arp entry objects:
---			{ "IP address", "HW address", "HW type", "Flags", "Mask", "Device" }
-function net.arptable(callback)
-	local arp = (not callback) and {} or nil
-	local e, r, v
-	if fs.access("/proc/net/arp") then
-		for e in io.lines("/proc/net/arp") do
-			local r = { }, v
-			for v in e:gmatch("%S+") do
-				r[#r+1] = v
-			end
-
-			if r[1] ~= "IP" then
-				local x = {
-					["IP address"] = r[1],
-					["HW type"]    = r[2],
-					["Flags"]      = r[3],
-					["HW address"] = r[4],
-					["Mask"]       = r[5],
-					["Device"]     = r[6]
-				}
-
-				if callback then
-					callback(x)
-				else
-					arp = arp or { }
-					arp[#arp+1] = x
-				end
-			end
-		end
-	end
-	return arp
-end
-
 local function _nethints(what, callback)
 	local _, k, e, mac, ip, name
 	local cur = uci.cursor()
 	local ifn = { }
 	local hosts = { }
+	local lookup = { }
 
 	local function _add(i, ...)
 		local k = select(i, ...)
@@ -224,8 +191,20 @@ local function _nethints(what, callback)
 		end
 	end
 
+	for _, e in pairs(hosts) do
+		lookup[#lookup+1] = (what > 1) and e[what] or (e[2] or e[3])
+	end
+
+	if #lookup > 0 then
+		lookup = luci.util.ubus("network.rrdns", "lookup", {
+			addrs   = lookup,
+			timeout = 250,
+			limit   = 1000
+		}) or { }
+	end
+
 	for _, e in luci.util.kspairs(hosts) do
-		callback(e[1], e[2], e[3], e[4])
+		callback(e[1], e[2], e[3], lookup[e[2]] or lookup[e[3]] or e[4])
 	end
 end
 
@@ -234,17 +213,17 @@ end
 function net.mac_hints(callback)
 	if callback then
 		_nethints(1, function(mac, v4, v6, name)
-			name = name or nixio.getnameinfo(v4 or v6, nil, 100) or v4
+			name = name or v4
 			if name and name ~= mac then
-				callback(mac, name or nixio.getnameinfo(v4 or v6, nil, 100) or v4)
+				callback(mac, name or v4)
 			end
 		end)
 	else
 		local rv = { }
 		_nethints(1, function(mac, v4, v6, name)
-			name = name or nixio.getnameinfo(v4 or v6, nil, 100) or v4
+			name = name or v4
 			if name and name ~= mac then
-				rv[#rv+1] = { mac, name or nixio.getnameinfo(v4 or v6, nil, 100) or v4 }
+				rv[#rv+1] = { mac, name or v4 }
 			end
 		end)
 		return rv
@@ -256,7 +235,7 @@ end
 function net.ipv4_hints(callback)
 	if callback then
 		_nethints(2, function(mac, v4, v6, name)
-			name = name or nixio.getnameinfo(v4, nil, 100) or mac
+			name = name or mac
 			if name and name ~= v4 then
 				callback(v4, name)
 			end
@@ -264,7 +243,7 @@ function net.ipv4_hints(callback)
 	else
 		local rv = { }
 		_nethints(2, function(mac, v4, v6, name)
-			name = name or nixio.getnameinfo(v4, nil, 100) or mac
+			name = name or mac
 			if name and name ~= v4 then
 				rv[#rv+1] = { v4, name }
 			end
@@ -278,7 +257,7 @@ end
 function net.ipv6_hints(callback)
 	if callback then
 		_nethints(3, function(mac, v4, v6, name)
-			name = name or nixio.getnameinfo(v6, nil, 100) or mac
+			name = name or mac
 			if name and name ~= v6 then
 				callback(v6, name)
 			end
@@ -286,7 +265,7 @@ function net.ipv6_hints(callback)
 	else
 		local rv = { }
 		_nethints(3, function(mac, v4, v6, name)
-			name = name or nixio.getnameinfo(v6, nil, 100) or mac
+			name = name or mac
 			if name and name ~= v6 then
 				rv[#rv+1] = { v6, name }
 			end
@@ -378,145 +357,6 @@ function net.devices()
 end
 
 
-function net.deviceinfo()
-	local devs = {}
-	for k, v in ipairs(nixio.getifaddrs()) do
-		if v.family == "packet" then
-			local d = v.data
-			d[1] = d.rx_bytes
-			d[2] = d.rx_packets
-			d[3] = d.rx_errors
-			d[4] = d.rx_dropped
-			d[5] = 0
-			d[6] = 0
-			d[7] = 0
-			d[8] = d.multicast
-			d[9] = d.tx_bytes
-			d[10] = d.tx_packets
-			d[11] = d.tx_errors
-			d[12] = d.tx_dropped
-			d[13] = 0
-			d[14] = d.collisions
-			d[15] = 0
-			d[16] = 0
-			devs[v.name] = d
-		end
-	end
-	return devs
-end
-
-
---			The following fields are defined for route entry tables:
---			{ "dest", "gateway", "metric", "refcount", "usecount", "irtt",
---			  "flags", "device" }
-function net.routes(callback)
-	local routes = { }
-
-	for line in io.lines("/proc/net/route") do
-
-		local dev, dst_ip, gateway, flags, refcnt, usecnt, metric,
-			  dst_mask, mtu, win, irtt = line:match(
-			"([^%s]+)\t([A-F0-9]+)\t([A-F0-9]+)\t([A-F0-9]+)\t" ..
-			"(%d+)\t(%d+)\t(%d+)\t([A-F0-9]+)\t(%d+)\t(%d+)\t(%d+)"
-		)
-
-		if dev then
-			gateway  = luci.ip.Hex( gateway,  32, luci.ip.FAMILY_INET4 )
-			dst_mask = luci.ip.Hex( dst_mask, 32, luci.ip.FAMILY_INET4 )
-			dst_ip   = luci.ip.Hex(
-				dst_ip, dst_mask:prefix(dst_mask), luci.ip.FAMILY_INET4
-			)
-
-			local rt = {
-				dest     = dst_ip,
-				gateway  = gateway,
-				metric   = tonumber(metric),
-				refcount = tonumber(refcnt),
-				usecount = tonumber(usecnt),
-				mtu      = tonumber(mtu),
-				window   = tonumber(window),
-				irtt     = tonumber(irtt),
-				flags    = tonumber(flags, 16),
-				device   = dev
-			}
-
-			if callback then
-				callback(rt)
-			else
-				routes[#routes+1] = rt
-			end
-		end
-	end
-
-	return routes
-end
-
---			The following fields are defined for route entry tables:
---			{ "source", "dest", "nexthop", "metric", "refcount", "usecount",
---			  "flags", "device" }
-function net.routes6(callback)
-	if fs.access("/proc/net/ipv6_route", "r") then
-		local routes = { }
-
-		for line in io.lines("/proc/net/ipv6_route") do
-
-			local dst_ip, dst_prefix, src_ip, src_prefix, nexthop,
-				  metric, refcnt, usecnt, flags, dev = line:match(
-				"([a-f0-9]+) ([a-f0-9]+) " ..
-				"([a-f0-9]+) ([a-f0-9]+) " ..
-				"([a-f0-9]+) ([a-f0-9]+) " ..
-				"([a-f0-9]+) ([a-f0-9]+) " ..
-				"([a-f0-9]+) +([^%s]+)"
-			)
-
-			if dst_ip and dst_prefix and
-			   src_ip and src_prefix and
-			   nexthop and metric and
-			   refcnt and usecnt and
-			   flags and dev
-			then
-				src_ip = luci.ip.Hex(
-					src_ip, tonumber(src_prefix, 16), luci.ip.FAMILY_INET6, false
-				)
-
-				dst_ip = luci.ip.Hex(
-					dst_ip, tonumber(dst_prefix, 16), luci.ip.FAMILY_INET6, false
-				)
-
-				nexthop = luci.ip.Hex( nexthop, 128, luci.ip.FAMILY_INET6, false )
-
-				local rt = {
-					source   = src_ip,
-					dest     = dst_ip,
-					nexthop  = nexthop,
-					metric   = tonumber(metric, 16),
-					refcount = tonumber(refcnt, 16),
-					usecount = tonumber(usecnt, 16),
-					flags    = tonumber(flags, 16),
-					device   = dev,
-
-					-- lua number is too small for storing the metric
-					-- add a metric_raw field with the original content
-					metric_raw = metric
-				}
-
-				if callback then
-					callback(rt)
-				else
-					routes[#routes+1] = rt
-				end
-			end
-		end
-
-		return routes
-	end
-end
-
-function net.pingtest(host)
-	return os.execute("ping -c1 '"..host:gsub("'", '').."' >/dev/null 2>&1")
-end
-
-
 process = {}
 
 function process.info(key)
diff --git a/modules/luci-mod-admin-full/luasrc/controller/admin/status.lua b/modules/luci-mod-admin-full/luasrc/controller/admin/status.lua
index ad575e0d2..22e1b7e17 100644
--- a/modules/luci-mod-admin-full/luasrc/controller/admin/status.lua
+++ b/modules/luci-mod-admin-full/luasrc/controller/admin/status.lua
@@ -139,14 +139,12 @@ function action_connections()
 end
 
 function action_nameinfo(...)
-	local i
-	local rv = { }
-	for i = 1, select('#', ...) do
-		local addr = select(i, ...)
-		local fqdn = nixio.getnameinfo(addr)
-		rv[addr] = fqdn or (addr:match(":") and "[%s]" % addr or addr)
-	end
+	local util = require "luci.util"
 
 	luci.http.prepare_content("application/json")
-	luci.http.write_json(rv)
+	luci.http.write_json(util.ubus("network.rrdns", "lookup", {
+		addrs = { ... },
+		timeout = 5000,
+		limit = 1000
+	}) or { })
 end
diff --git a/modules/luci-mod-admin-mini/luasrc/model/cbi/mini/network.lua b/modules/luci-mod-admin-mini/luasrc/model/cbi/mini/network.lua
index c895430a3..7bc4df859 100644
--- a/modules/luci-mod-admin-mini/luasrc/model/cbi/mini/network.lua
+++ b/modules/luci-mod-admin-mini/luasrc/model/cbi/mini/network.lua
@@ -5,15 +5,40 @@
 local wa  = require "luci.tools.webadmin"
 local sys = require "luci.sys"
 local fs  = require "nixio.fs"
+local nx  = require "nixio"
 
 local has_pptp  = fs.access("/usr/sbin/pptp")
 local has_pppoe = fs.glob("/usr/lib/pppd/*/rp-pppoe.so")()
 
 local network = luci.model.uci.cursor_state():get_all("network")
 
-local netstat = sys.net.deviceinfo()
+local netstat = {}
 local ifaces = {}
 
+local k, v
+for k, v in ipairs(nx.getifaddrs()) do
+	if v.family == "packet" then
+		local d = v.data
+		d[1] = d.rx_bytes
+		d[2] = d.rx_packets
+		d[3] = d.rx_errors
+		d[4] = d.rx_dropped
+		d[5] = 0
+		d[6] = 0
+		d[7] = 0
+		d[8] = d.multicast
+		d[9] = d.tx_bytes
+		d[10] = d.tx_packets
+		d[11] = d.tx_errors
+		d[12] = d.tx_dropped
+		d[13] = 0
+		d[14] = d.collisions
+		d[15] = 0
+		d[16] = 0
+		netstat[v.name] = d
+	end
+end
+
 for k, v in pairs(network) do
 	if v[".type"] == "interface" and k ~= "loopback" then
 		table.insert(ifaces, v)
diff --git a/modules/luci-mod-freifunk/luasrc/controller/freifunk/freifunk.lua b/modules/luci-mod-freifunk/luasrc/controller/freifunk/freifunk.lua
index 84669dce8..e2291e5ca 100644
--- a/modules/luci-mod-freifunk/luasrc/controller/freifunk/freifunk.lua
+++ b/modules/luci-mod-freifunk/luasrc/controller/freifunk/freifunk.lua
@@ -70,7 +70,7 @@ function index()
 	page.target = cbi("freifunk/basics")
 	page.title  = _("Basic Settings")
 	page.order  = 5
-	
+
 	page        = node("admin", "freifunk", "basics", "profile")
 	page.target = cbi("freifunk/profile")
 	page.title  = _("Profile")
@@ -102,7 +102,7 @@ function zeroes()
 	local zeroes = string.rep(string.char(0), 8192)
 	local cnt = 0
 	local lim = 1024 * 1024 * 1024
-	
+
 	http.prepare_content("application/x-many-zeroes")
 
 	while cnt < lim do
@@ -188,7 +188,6 @@ function jsonstatus()
 	root.network = {}
 	root.wireless = {devices = {}, interfaces = {}, status = {}}
 	local wifs = root.wireless.interfaces
-	local netdata = luci.sys.net.deviceinfo() or {}
 
 	for _, vif in ipairs(ffwifs) do
 		root.network[vif] = cursor:get_all("network", vif)