luci-base: add conntrack_helpers ubus procedure

Also move firewall specific ACLs into separate group. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-07-22 16:35:58 +02:00 · 2019-07-22 16:35:58 +02:00 · b2aada6c82
commit b2aada6c82
parent ac96b8be43
2 changed files with 106 additions and 1 deletions
--- a/modules/luci-base/root/usr/libexec/rpcd/luci
+++ b/modules/luci-base/root/usr/libexec/rpcd/luci
@ -285,6 +285,99 @@ local methods = {
 			local fs = require "nixio.fs"
 			return { offload_support = not not fs.access("/sys/module/xt_FLOWOFFLOAD/refcnt") }
 		end
 	},
 	conntrack_helpers = {
 		call = function()
 			local fd = io.open("/usr/share/fw3/helpers.conf", "r")
 			local rv = {}
 			local line, entry
 			while true do
 				line = fd:read("*l")
 				if not line then
 					break
 				end
 				if line:match("^%s*config%s") then
 					if entry then
 						rv[#rv+1] = entry
 					end
 					entry = {}
 				else
 					local opt, val = line:match("^%s*option%s+(%S+)%s+(%S.*)$")
 					if opt and val then
 						opt = opt:gsub("^'(.+)'$", "%1"):gsub('^"(.+)"$', "%1")
 						val = val:gsub("^'(.+)'$", "%1"):gsub('^"(.+)"$', "%1")
 						entry[opt] = val
 					end
 				end
 			end
 			if entry then
 				rv[#rv+1] = entry
 			end
 			return { helpers = rv }
 		end
 	},
 	getMenuItems = {
 		call = function(args)
 			local util = require "luci.util"
 			local http = require "luci.http"
 			local disp = require "luci.dispatcher"
 			local x = coroutine.create(function()
 				util.coxpcall(function()
 					http.context.request = http.Request({
 						PATH_INFO = "/",
 						QUERY_STRING = "",
 						REQUEST_METHOD = "GET",
 						REQUEST_URI = "/",
 						BUILD_MENU = "1"
 					}, function() end, function() end)
 					disp.context.request = {}
 					disp.dispatch(disp.context.request)
 					coroutine.yield(-1, disp.node())
 				end, error)
 			end)
 			local root = nil
 			while coroutine.status(x) ~= "dead" do
 				local res, id, data1, data2 = coroutine.resume(x, r)
 				if id == -1 then
 					root = data1
 				elseif id == 6 then
 					data1:close()
 				end
 			end
 			local function recurse(prefix, node)
 				local childs = disp.node_childs(node)
 				if #childs > 0 then
 					local i, c
 					for i, c in ipairs(childs) do
 						local cnode = node.nodes[c]
 						local n = { name = c, title = cnode.title, query = cnode.query }
 						if prefix.children then
 							prefix.children[#prefix.children+1] = n
 						else
 							prefix.children = { n }
 						end
 						recurse(n, cnode)
 					end
 				end
 				return prefix
 			end
 			return root and recurse({}, root) or {}
 		end
 	}
 }
--- a/modules/luci-base/root/usr/share/rpcd/acl.d/luci-base.json
+++ b/modules/luci-base/root/usr/share/rpcd/acl.d/luci-base.json
@ -13,7 +13,7 @@
 		"read": {
 			"ubus": {
 				"iwinfo": [ "info" ],
-				"luci": [ "boardjson", "duid_hints", "host_hints", "ifaddrs", "initList", "getLocaltime", "leases", "leds", "netdevs", "offload_support", "usb" ],
+				"luci": [ "boardjson", "duid_hints", "host_hints", "ifaddrs", "initList", "getLocaltime", "leases", "leds", "netdevs", "usb" ],
 				"network.device": [ "status" ],
 				"network.interface": [ "dump" ],
 				"network.wireless": [ "status" ],
@ -28,5 +28,17 @@
 			},
 			"uci": [ "*" ]
 		}
 	},
 	"luci-app-firewall": {
 		"description": "Grant access to firewall procedures",
 		"read": {
 			"ubus": {
 				"luci": [ "conntrack_helpers", "offload_support" ]
 			},
 			"uci": [ "firewall" ]
 		},
 		"write": {
 			"uci": [ "firewall" ]
 		}
 	}
 }