From abc621a2aec8cbb8fa9bfb15de00bee4faa74343 Mon Sep 17 00:00:00 2001 From: Franco Fichtner Date: Wed, 27 Jan 2016 07:08:55 +0100 Subject: [PATCH] config: tone down overrides for config revision history --- src/etc/inc/config.lib.inc | 32 +++++++++++++------------------- src/etc/inc/openvpn_wizard.inc | 4 ++-- src/www/diag_logs_filter.php | 4 ++-- src/www/firewall_nat_edit.php | 2 +- src/www/firewall_nat_out.php | 2 +- 5 files changed, 19 insertions(+), 25 deletions(-) diff --git a/src/etc/inc/config.lib.inc b/src/etc/inc/config.lib.inc index 378f96082..7f0e3b26f 100644 --- a/src/etc/inc/config.lib.inc +++ b/src/etc/inc/config.lib.inc @@ -306,34 +306,28 @@ function set_device_perms() { } -function make_config_revision_entry($desc = null, $override_user = null) +function make_config_revision_entry($desc = null) { global $config; - if (empty($override_user)) { - if (empty($_SESSION["Username"])) { - $username = getenv("USER"); - if (empty($username) || $username == "root") { - $username = "(system)"; - } - } else { - $username = $_SESSION["Username"]; - } - if (!empty($_SERVER['REMOTE_ADDR'])) { - $username .= '@' . $_SERVER['REMOTE_ADDR']; - } + if (!empty($_SESSION['Username'])) { + $username = $_SESSION['Username']; } else { - $username = $override_user; + $username = '(' . shell_exec('/usr/bin/whoami') . ')'; + } + + if (!empty($_SERVER['REMOTE_ADDR'])) { + $username .= '@' . $_SERVER['REMOTE_ADDR']; + } + + if ($desc == null) { + $desc = sprintf(gettext('%s changed the configuration'), $_SERVER['SCRIPT_NAME']); } $revision = array(); $revision['username'] = $username; $revision['time'] = microtime(true); - if ($desc == null || $desc == 'Unknown') { - $revision['description'] = sprintf(gettext("%s made unknown change"), $_SERVER['SCRIPT_NAME']); - } else { - $revision['description'] = $desc; - } + $revision['description'] = $desc; return $revision; } diff --git a/src/etc/inc/openvpn_wizard.inc b/src/etc/inc/openvpn_wizard.inc index d86817b12..db53c835c 100644 --- a/src/etc/inc/openvpn_wizard.inc +++ b/src/etc/inc/openvpn_wizard.inc @@ -644,7 +644,7 @@ function step12_submitphpaction() { $rule['protocol'] = strtolower($server['protocol']); $rule['type'] = "pass"; $rule['enabled'] = "on"; - $rule['created'] = make_config_revision_entry(null, gettext("OpenVPN Wizard")); + $rule['created'] = make_config_revision_entry(); $config['filter']['rule'][] = $rule; } if (isset($pconfig['step11']['ovpnallow'])) { @@ -659,7 +659,7 @@ function step12_submitphpaction() { //$rule['protocol'] = $server['protocol']; $rule['type'] = "pass"; $rule['enabled'] = "on"; - $rule['created'] = make_config_revision_entry(null, gettext("OpenVPN Wizard")); + $rule['created'] = make_config_revision_entry(); $config['filter']['rule'][] = $rule; } diff --git a/src/www/diag_logs_filter.php b/src/www/diag_logs_filter.php index 7db3f3590..a98685cd8 100644 --- a/src/www/diag_logs_filter.php +++ b/src/www/diag_logs_filter.php @@ -121,7 +121,7 @@ function easyrule_block_rule_create($int = 'wan', $ipproto = "inet") { $filterent['source']['address'] = $blockaliasname . strtoupper($int); $filterent['destination']['any'] = ''; $filterent['descr'] = gettext("Easy Rule: Blocked from Firewall Log View"); - $filterent['created'] = make_config_revision_entry(null, gettext("Easy Rule")); + $filterent['created'] = make_config_revision_entry(); array_splice($a_filter, 0, 0, array($filterent)); @@ -309,7 +309,7 @@ function easyrule_pass_rule_add($int, $proto, $srchost, $dsthost, $dstport, $ipp pconfig_to_address($filterent['source'], $srchost, $srcmask); pconfig_to_address($filterent['destination'], $dsthost, $dstmask, '', $dstport, $dstport); - $filterent['created'] = make_config_revision_entry(null, gettext("Easy Rule")); + $filterent['created'] = make_config_revision_entry(); $a_filter[] = $filterent; write_config($filterent['descr']); diff --git a/src/www/firewall_nat_edit.php b/src/www/firewall_nat_edit.php index 71f1c3ea3..2bbbc87d2 100644 --- a/src/www/firewall_nat_edit.php +++ b/src/www/firewall_nat_edit.php @@ -365,7 +365,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { // If this is a new rule, create an ID and add the rule if( isset($pconfig['filter-rule-association']) && $pconfig['filter-rule-association']=='add-associated' ) { $filterent['associated-rule-id'] = $natent['associated-rule-id'] = uniqid("nat_", true); - $filterent['created'] = make_config_revision_entry(null, gettext("NAT Port Forward")); + $filterent['created'] = make_config_revision_entry(); $config['filter']['rule'][] = $filterent; } mark_subsystem_dirty('filter'); diff --git a/src/www/firewall_nat_out.php b/src/www/firewall_nat_out.php index 6bda01c50..412230dd9 100644 --- a/src/www/firewall_nat_out.php +++ b/src/www/firewall_nat_out.php @@ -84,7 +84,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') { foreach ($automatic_rules as $natent) { $natent['source']['network'] = $tonathost['subnet']; $natent['descr'] .= ' - ' . $tonathost['descr'] . ' -> ' . convert_real_interface_to_friendly_descr($natent['interface']); - $natent['created'] = make_config_revision_entry(null, gettext("Manual Outbound NAT Switch")); + $natent['created'] = make_config_revision_entry(); /* Try to detect already auto created rules and avoid duplicate them */ $found = false;