diff --git a/src/opnsense/mvc/app/models/OPNsense/Core/ACL.php b/src/opnsense/mvc/app/models/OPNsense/Core/ACL.php index 640ff74bc..537d53f35 100644 --- a/src/opnsense/mvc/app/models/OPNsense/Core/ACL.php +++ b/src/opnsense/mvc/app/models/OPNsense/Core/ACL.php @@ -36,30 +36,40 @@ namespace OPNsense\Core; */ class ACL { + /** + * @var array legacy users + */ private $legacyUsers = array(); + + /** + * @var array privileges per group + */ private $legacyGroupPrivs = array(); /** - * temporary hack to support the old pfSense priv to page mapping. + * @var array old page mapping structure + */ + private $legacyACL = array(); + + /** + * temporary hack to support the old pfSense priv to page mapping and metadata. * @return array */ private function loadLegacyPageMap() { $legacyPageMap = array(); - $handle = fopen(__DIR__."/ACL_Legacy_Page_Map.txt", "r"); - if ($handle) { - while (($line = fgets($handle)) !== false) { - $parts = explode("=", $line); - if (count($parts) == 2) { - if (array_key_exists($parts[0], $legacyPageMap) == 0) { - $legacyPageMap[$parts[0]] = array(); - } - $legacyPageMap[$parts[0]][] = trim($parts[1]); + + foreach ($this->legacyACL as $aclKey => $aclItem) { + if (property_exists($aclItem, "match")) { + // check if acl item already exists and add match expressions + if (!array_key_exists($aclKey, $legacyPageMap)) { + $legacyPageMap[$aclKey] = array(); + } + foreach ($aclItem->match as $matchexpr) { + $legacyPageMap[$aclKey][] = trim($matchexpr); } } - fclose($handle); } - return $legacyPageMap; } @@ -68,6 +78,10 @@ class ACL */ private function initLegacy() { + // load legacy acl from json file + $this->legacyACL = json_decode(file_get_contents(__DIR__."/ACL_Legacy_Page_Map.json")); + + // create privilege mappings $this->legacyUsers = array(); $this->legacyGroupPrivs = array(); @@ -131,6 +145,14 @@ class ACL } } + /** + * Construct new ACL object + */ + public function __construct() + { + $this->initLegacy(); + } + /** * legacy functionality to check if a page is accessible for the specified user. * @param $username user name @@ -148,7 +170,7 @@ class ACL } } } - // search groups + // search group privs foreach ($this->legacyUsers[$username]["groups"] as $itemkey => $group) { if (array_key_exists($group, $this->legacyGroupPrivs)) { foreach ($this->legacyGroupPrivs[$group] as $privset) { @@ -159,15 +181,37 @@ class ACL } } } - } } return false; } - public function __construct() + /** + * return privilege list as array (sorted) + * @return array + */ + public function getLegacyPrivList() { - $this->initLegacy(); + // convert json priv map to array + $priv_list = array(); + foreach ($this->legacyACL as $aclKey => $aclItem) { + $priv_list[$aclKey] = array(); + foreach ($aclItem as $propName => $propValue) { + if ($propName == 'name' || $propName == 'descr') { + // translate name and description tags + $priv_list[$aclKey][$propName] = gettext($propValue); + } else { + $priv_list[$aclKey][$propName] = $propValue; + } + } + } + + // sort by name ( case insensitive ) + uasort($priv_list, function($a, $b) { + return strcasecmp($a["name"], $b["name"]) ; + }); + + return $priv_list; } } diff --git a/src/opnsense/mvc/app/models/OPNsense/Core/ACL_Legacy_Page_Map.txt b/src/opnsense/mvc/app/models/OPNsense/Core/ACL_Legacy_Page_Map.txt deleted file mode 100644 index dd5a76659..000000000 --- a/src/opnsense/mvc/app/models/OPNsense/Core/ACL_Legacy_Page_Map.txt +++ /dev/null @@ -1,228 +0,0 @@ -page-all=* -page-status-carp=carp_status.php* -page-diagnostics-crash-reporter=crash_reporter.php* -page-diagnostics-arptable=diag_arp.php* -page-diagnostics-authentication=diag_authentication.php* -page-diagnostics-backup/restore=diag_backup.php* -page-diagnostics-configurationhistory=diag_confbak.php* -page-diagnostics-factorydefaults=diag_defaults.php* -page-diagnostics-ndptable=diag_ndp.php* -page-diagnostics-restore-full-backup=system_firmware_restorefullbackup.php -page-diagnostics-showstates=diag_dump_states.php* -page-diagnostics-sockets=diag_sockets.php* -page-diagnostics-testport=diag_testport.php* -page-status-ipsec=diag_ipsec.php* -page-status-ipsec-leases=diag_ipsec_leases.php* -page-status-ipsec-sad=diag_ipsec_sad.php* -page-status-ipsec-spd=diag_ipsec_spd.php* -page-status-ntp=status_ntpd.php* -page-ipsecxml=diag_ipsec_xml.php -page-diagnostics-logs-system=diag_logs.php* -page-status-systemlogs-portalauth=diag_logs_auth.php* -page-diagnostics-logs-dhcp=diag_logs_dhcp.php* -page-diagnostics-logs-firewall=diag_logs_filter.php* -page-diagnostics-logs-gateways=diag_logs_gateways.php* -page-diagnostics-logs-resolver=diag_logs_resolver.php* -page-hidden-nolongerincluded=diag_logs_filter_dynamic.php* -page-status-systemlogs-ipsecvpn=diag_logs_ipsec.php* -page-status-systemlogs-ntpd=diag_logs_ntpd.php* -page-status-systemlogs-openvpn=diag_logs_openvpn.php* -page-status-systemlogs-ppp=diag_logs_ppp.php* -page-status-systemlogs-loadbalancer=diag_logs_relayd.php* -page-status-systemlogs-routing=diag_logs_routing.php* -page-status-systemlogs-wireless=diag_logs_wireless.php* -page-diagnostics-logs-settings=diag_logs_settings.php* -page-diagnostics-logs-pptpvpn=diag_logs_vpn.php* -page-diagnostics-nanobsd=diag_nanobsd.php* -page-diagnostics-packetcapture=diag_packet_capture.php* -page-diagnostics-patters=patterns.php* -page-diagnostics-limiter-info=diag_limiter_info.php* -page-diagnostics-pf-info=diag_pf_info.php* -page-diagnostics-system-activity=diag_system_activity.php* -page-diagnostics-system-pftop=diag_system_pftop.php* -page-diagnostics-ping=diag_ping.php* -page-status-packagelogs=diag_pkglogs.php* -page-diagnostics-resetstate=diag_resetstate.php* -page-diagnostics-routingtables=diag_routes.php* -page-diagnostics-statessummary=diag_states_summary.php* -page-diagnostics-tables=diag_tables.php* -page-diagnostics-traceroute=diag_traceroute.php* -page-firewall-aliases=firewall_aliases.php* -page-firewall-alias-edit=firewall_aliases_edit.php* -page-firewall-alias-import=firewall_aliases_import.php* -page-firewall-nat-npt=firewall_nat_npt.php* -page-firewall-nat-npt-edit=firewall_nat_npt_edit.php* -page-firewall-nat-portforward=firewall_nat.php* -page-firewall-nat-1-1=firewall_nat_1to1.php* -page-firewall-nat-1-1-edit=firewall_nat_1to1_edit.php* -page-firewall-nat-portforward-edit=firewall_nat_edit.php* -page-firewall-nat-outbound=firewall_nat_out.php* -page-firewall-nat-outbound-edit=firewall_nat_out_edit.php* -page-firewall-rules=firewall_rules.php* -page-firewall-rules-edit=firewall_rules_edit.php* -page-firewall-schedules=firewall_schedule.php* -page-firewall-schedules-edit=firewall_schedule_edit.php* -page-firewall-trafficshaper=firewall_shaper.php* -page-firewall-trafficshaper-queues=firewall_shaper_queues.php* -page-firewall-trafficshaper-wizard=firewall_shaper_wizards.php* -page-firewall-virtualipaddresses=firewall_virtual_ip.php* -page-firewall-virtualipaddress-edit=firewall_virtual_ip_edit.php* -page-getserviceproviders=getserviceproviders.php* -page-getstats=getstats.php* -page-diagnostics-interfacetraffic=graph.php* -page-diagnostics-cpuutilization=graph_cpu.php* -page-diagnostics-haltsystem=diag_halt.php* -page-xmlrpcinterfacestats=ifstats.php* -page-system-login/logout=index.php* -page-interfaces=interfaces.php* -page-interfaces-assignnetworkports=interfaces_assign.php* -page-interfaces-bridge=interfaces_bridge.php* -page-interfaces-bridge-edit=interfaces_bridge_edit.php* -page-interfaces-gif=interfaces_gif.php* -page-interfaces-gif-edit=interfaces_gif_edit.php* -page-interfaces-gre=interfaces_gre.php* -page-interfaces-gre-edit=interfaces_gre_edit.php* -page-interfaces-groups=interfaces_groups.php* -page-interfaces-groups-edit=interfaces_groups_edit.php* -page-interfaces-lagg=interfaces_lagg.php* -page-interfaces-lagg-edit=interfaces_lagg_edit.php* -page-interfaces-ppps=interfaces_ppps.php* -page-interfaces-ppps-edit=interfaces_ppps_edit.php* -page-interfaces-qinq=interfaces_qinq.php* -page-interfaces-qinq-edit=interfaces_qinq_edit.php* -page-interfaces-vlan=interfaces_vlan.php* -page-interfaces-vlan-edit=interfaces_vlan_edit.php* -page-interfaces-wireless=interfaces_wireless.php* -page-interfaces-wireless-edit=interfaces_wireless_edit.php* -page-system-license=license.php* -page-services-loadbalancer-monitor=load_balancer_monitor.php* -page-services-loadbalancer-monitor-edit=load_balancer_monitor_edit.php* -page-loadbalancer-pool=load_balancer_pool.php* -page-loadbalancer-pool-edit=load_balancer_pool_edit.php* -page-services-loadbalancer-relay-action=load_balancer_relay_action.php* -page-services-loadbalancer-relay-action-edit=load_balancer_relay_action_edit.php* -page-services-loadbalancer-relay-protocol=load_balancer_relay_protocol.php* -page-services-loadbalancer-relay-protocol-edit=load_balancer_relay_protocol_edit.php* -page-services-loadbalancer-setting=load_balancer_setting.php* -page-services-loadbalancer-virtualservers=load_balancer_virtual_server.php* -page-services-ntpd=services_ntpd.php* -page-services-ntp-gps=status_ntpd_gps.php* -page-services-ntp-pps=status_ntpd_pps.php* -page-loadbalancer-virtualserver-edit=load_balancer_virtual_server_edit.php* -page-package-edit=pkg_edit.php* -page-diagnostics-rebootsystem=reboot.php* -page-services-captiveportal=services_captiveportal.php* -page-services-captiveportal-filemanager=services_captiveportal_filemanager.php* -page-services-captiveportal-allowedips=services_captiveportal_ip.php* -page-services-captiveportal-editallowedips=services_captiveportal_ip_edit.php* -page-services-captiveportal-macaddresses=services_captiveportal_mac.php* -page-services-captiveportal-editmacaddresses=services_captiveportal_mac_edit.php* -page-services-captiveportal-allowedhostnames=services_captiveportal_hostname.php* -page-services-captiveportal-editallowedhostnames=services_captiveportal_hostname_edit.php* -page-services-captiveportal-editzones=services_captiveportal_zones_edit.php* -page-services-captiveportal-vouchers=services_captiveportal_vouchers.php* -page-services-captiveportal-voucher-edit=services_captiveportal_vouchers_edit.php* -page-services-captiveportal-zones=services_captiveportal_zones.php* -page-services-dhcpserver=services_dhcp.php* -page-services-dhcpserver-editstaticmapping=services_dhcp_edit.php* -page-services-dhcprelay=services_dhcp_relay.php* -page-services-dhcpv6server=services_dhcpv6.php* -page-services-dhcpserverv6-editstaticmapping=services_dhcpv6_edit.php* -page-services-dhcpv6relay=services_dhcpv6_relay.php* -page-services-dnsforwarder=services_dnsmasq.php* -page-services-dnsforwarder-editdomainoverride=services_dnsmasq_domainoverride_edit.php* -page-services-dnsforwarder-edithost=services_dnsmasq_edit.php* -page-services-opendns=services_opendns.php* -page-services-dnsresolver=services_unbound.php* -page-services-dnsresolver-advanced=services_unbound_advanced.php* -page-services-dnsresolver-acls=services_unbound_acls.php* -page-services-dnsresolver-editacls=services_unbound_acls_edit.php* -page-services-dnsresolver-editdomainoverride=services_unbound_domainoverride_edit.php* -page-services-dnsresolver-edithost=services_unbound_host_edit.php* -page-services-dynamicdnsclients=services_dyndns.php* -page-services-dynamicdnsclient=services_dyndns_edit.php* -page-services-igmpproxy=services_igmpproxy.php* -page-services-igmpproxy-edit=services_igmpproxy_edit.php* -page-services-rfc2136clients=services_rfc2136.php* -page-services-router-advertisements=services_router_advertisements.php* -page-services-snmp=services_snmp.php* -page-services-wakeonlan=services_wol.php* -page-services-wakeonlan-edit=services_wol_edit.php* -page-diagnostics-cpuutilization=stats.php* -page-hidden-detailedstatus=status.php* -page-status-captiveportal=status_captiveportal.php* -page-status-captiveportal-expire=status_captiveportal_expire.php* -page-status-captiveportal-test=status_captiveportal_test.php* -page-status-captiveportal-voucher-rolls=status_captiveportal_voucher_rolls.php* -page-status-captiveportal-vouchers=status_captiveportal_vouchers.php* -page-status-dhcpleases=status_dhcp_leases.php* -page-status-dhcpv6leases=status_dhcpv6_leases.php* -page-status-filterreloadstatus=status_filter_reload.php* -page-status-gatewaygroups=status_gateway_groups.php* -page-status-gateways=status_gateways.php* -page-status-trafficgraph=status_graph.php* -page-status-trafficgraph=bandwidth_by_ip.php* -page-status-trafficgraph=graph.php* -page-status-trafficgraph=ifstats.php* -page-status-cpuload=status_graph_cpu.php* -page-status-interfaces=status_interfaces.php* -page-status-loadbalancer-pool=status_lb_pool.php* -page-status-loadbalancer-virtualserver=status_lb_vs.php* -page-status-openvpn=status_openvpn.php* -page-status-trafficshaper-queues=status_queues.php* -page-status-rrdgraphs=status_rrd_graph.php* -page-status-rrdgraphs=status_rrd_graph_img.php* -page-status-rrdgraph-settings=status_rrd_graph_settings.php* -page-status-services=status_services.php* -page-status-upnpstatus=status_upnp.php* -page-diagnostics-wirelessstatus=status_wireless.php* -page-system-generalsetup=system_general.php* -page-system-advanced-admin=system_advanced_admin.php* -page-system-advanced-firewall=system_advanced_firewall.php* -page-system-advanced-misc=system_advanced_misc.php* -page-system-advanced-network=system_advanced_network.php* -page-system-advanced-notifications=system_advanced_notifications.php* -page-system-advanced-sysctl=system_advanced_sysctl.php* -page-system-authservers=system_authservers.php* -page-system-camanager=system_camanager.php* -page-system-certmanager=system_certmanager.php* -page-system-crlmanager=system_crlmanager.php* -page-system-firmware-manualupdate=system_firmware.php* -page-system-firmware-autoupdate=system_firmware_check.php* -page-system-firmware-settings=system_firmware_settings.php* -page-system-gatewaygroups=system_gateway_groups.php* -page-system-gateways-editgatewaygroups=system_gateway_groups_edit.php* -page-system-gateways=system_gateways.php* -page-system-gateways-editgateway=system_gateways_edit.php* -page-system-groupmanager=system_groupmanager.php* -page-system-groupmanager-addprivs=system_groupmanager_addprivs.php* -page-system-hasync=system_hasync.php* -page-system-staticroutes=system_routes.php* -page-system-staticroutes-editroute=system_routes_edit.php* -page-system-usermanager=system_usermanager.php* -page-system-usermanager-addprivs=system_usermanager_addprivs.php* -page-system-usermanager-passwordmg=system_usermanager_passwordmg.php* -page-system-usermanager-settings=system_usermanager_settings.php* -page-system-usermanager-settings-testldap=system_usermanager_settings_test.php* -page-upload_progress=upload_progress* -page-vpn-ipsec=vpn_ipsec.php* -page-vpn-ipsec-listkeys=vpn_ipsec_keys.php* -page-vpn-ipsec-editkeys=vpn_ipsec_keys_edit.php* -page-vpn-ipsec-mobile=vpn_ipsec_mobile.php* -page-vpn-ipsec-editphase1=vpn_ipsec_phase1.php* -page-vpn-ipsec-editphase2=vpn_ipsec_phase2.php* -page-vpn-vpnl2tp=vpn_l2tp.php* -page-vpn-vpnl2tp-users=vpn_l2tp_users.php* -page-vpn-vpnl2tp-users-edit=vpn_l2tp_users_edit.php* -page-openvpn-client=vpn_openvpn_client.php* -page-openvpn-csc=vpn_openvpn_csc.php* -page-openvpn-server=vpn_openvpn_server.php* -page-openvpn-client-export=vpn_openvpn_export.php* -page-services-pppoeserver=vpn_pppoe.php* -page-services-pppoeserver-edit=vpn_pppoe_edit.php* -page-vpn-vpnpptp=vpn_pptp.php* -page-vpn-vpnpptp-users=vpn_pptp_users.php* -page-vpn-vpnpptp-user-edit=vpn_pptp_users_edit.php* -page-pfsensewizardsubsystem=wizard.php* -page-xmlrpclibrary=xmlrpc.php* -page-firewall-easyrule=easyrule.php*