luci-base: add conntrack_helpers ubus procedure

Also move firewall specific ACLs into separate group. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-07-22 16:35:58 +02:00 · 2019-07-22 16:35:58 +02:00 · b2aada6c82
commit b2aada6c82
parent ac96b8be43
2 changed files with 106 additions and 1 deletions
--- a/modules/luci-base/root/usr/libexec/rpcd/luci
+++ b/modules/luci-base/root/usr/libexec/rpcd/luci
@ -285,6 +285,99 @@ local methods = {
 			local fs = require "nixio.fs"
 			return { offload_support = not not fs.access("/sys/module/xt_FLOWOFFLOAD/refcnt") }
 		end
+	},
+
+	conntrack_helpers = {
+		call = function()
+			local fd = io.open("/usr/share/fw3/helpers.conf", "r")
+			local rv = {}
+
+			local line, entry
+			while true do
+				line = fd:read("*l")
+				if not line then
+					break
+				end
+
+				if line:match("^%s*config%s") then
+					if entry then
+						rv[#rv+1] = entry
+					end
+					entry = {}
+				else
+					local opt, val = line:match("^%s*option%s+(%S+)%s+(%S.*)$")
+					if opt and val then
+						opt = opt:gsub("^'(.+)'$", "%1"):gsub('^"(.+)"$', "%1")
+						val = val:gsub("^'(.+)'$", "%1"):gsub('^"(.+)"$', "%1")
+						entry[opt] = val
+					end
+				end
+			end
+
+			if entry then
+				rv[#rv+1] = entry
+			end
+
+			return { helpers = rv }
+		end
+	},
+
+	getMenuItems = {
+		call = function(args)
+			local util = require "luci.util"
+			local http = require "luci.http"
+			local disp = require "luci.dispatcher"
+
+			local x = coroutine.create(function()
+				util.coxpcall(function()
+					http.context.request = http.Request({
+						PATH_INFO = "/",
+						QUERY_STRING = "",
+						REQUEST_METHOD = "GET",
+						REQUEST_URI = "/",
+						BUILD_MENU = "1"
+					}, function() end, function() end)
+
+					disp.context.request = {}
+					disp.dispatch(disp.context.request)
+
+					coroutine.yield(-1, disp.node())
+				end, error)
+			end)
+
+			local root = nil
+
+			while coroutine.status(x) ~= "dead" do
+				local res, id, data1, data2 = coroutine.resume(x, r)
+				if id == -1 then
+					root = data1
+				elseif id == 6 then
+					data1:close()
+				end
+			end
+
+			local function recurse(prefix, node)
+				local childs = disp.node_childs(node)
+				if #childs > 0 then
+					local i, c
+					for i, c in ipairs(childs) do
+						local cnode = node.nodes[c]
+						local n = { name = c, title = cnode.title, query = cnode.query }
+
+						if prefix.children then
+							prefix.children[#prefix.children+1] = n
+						else
+							prefix.children = { n }
+						end
+
+						recurse(n, cnode)
+					end
+				end
+				return prefix
+			end
+
+			return root and recurse({}, root) or {}
+		end
 	}
 }

--- a/modules/luci-base/root/usr/share/rpcd/acl.d/luci-base.json
+++ b/modules/luci-base/root/usr/share/rpcd/acl.d/luci-base.json
@ -13,7 +13,7 @@
 		"read": {
 			"ubus": {
 				"iwinfo": [ "info" ],
-				"luci": [ "boardjson", "duid_hints", "host_hints", "ifaddrs", "initList", "getLocaltime", "leases", "leds", "netdevs", "offload_support", "usb" ],
+				"luci": [ "boardjson", "duid_hints", "host_hints", "ifaddrs", "initList", "getLocaltime", "leases", "leds", "netdevs", "usb" ],
 				"network.device": [ "status" ],
 				"network.interface": [ "dump" ],
 				"network.wireless": [ "status" ],
@ -28,5 +28,17 @@
 			},
 			"uci": [ "*" ]
 		}
+	},
+	"luci-app-firewall": {
+		"description": "Grant access to firewall procedures",
+		"read": {
+			"ubus": {
+				"luci": [ "conntrack_helpers", "offload_support" ]
+			},
+			"uci": [ "firewall" ]
+		},
+		"write": {
+			"uci": [ "firewall" ]
+		}
 	}
 }