Rewrite the pfsense privilege system with the following goals in mind ...

1) Redefine page privileges to not use static urls
2) Accurate generation of privilege definitions from source
3) Merging the user and group privileges into a single set
4) Allow any privilege to be added to users or groups w/ inheritance
5) Cleaning up the related WebUI pages

8 files changed, 1637 insertions, 201 deletions

diff --git a/etc/inc/auth.inc b/etc/inc/auth.inc
index 47a2431..c057d30 100644
--- a/etc/inc/auth.inc
+++ b/etc/inc/auth.inc
@@ -33,6 +33,8 @@
         CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

         ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE

         POSSIBILITY OF SUCH DAMAGE.

+

+		DISABLE_PHP_LINT_CHECKING

 */

 

 require_once("functions.inc");

@@ -40,164 +42,55 @@ require_once("functions.inc");
 $groupindex = index_groups();

 $userindex = index_users();

 

-function isAllowedPage($page) {

-	global $config, $userindex, $_SESSION;

-

-	/* admin/root access check */

-	$username = $_SESSION['Username'];

-	if (isset($username))

-		$user = &$config['system']['user'][$userindex[$username]];

-	if (isset($user))

-		if (isset($user['uid']))

-			if ($user['uid']==0)

-				return true;

-

-	/* user privelege access check */

-	$allowed_pages = $_SESSION['privs'];

-	if (in_array("ANY", $allowed_pages))

-		return true;

-	if (in_array(basename($page), $allowed_pages))

-		return true;

-

-	return false;

-}

+function index_groups() {

+	global $g, $config, $groupindex;

 

-function getAllowedPages($logged_in_user) {

-	global $config, $_SESSION;

+	$groupindex = array();

 

-	if (!function_exists("ldap_connect"))

-		return;

-	

-	$allowed_pages = array();

-	$allowed_groups = array();

-	

-	$ldapon = $_SESSION['ldapon'];

-	//log_error("Getting groups for {$logged_in_user}.");

-

-	/* search for a local user by name */

-	$local_user = false;

-	foreach ($config['system']['user'] as $user) {

-		if ($user['name'] == $logged_in_user) {

-			$local_user = $user;

-			break;

+	if (isset($config['system']['group'])) {

+		$i = 0;

+		foreach($config['system']['group'] as $groupent) {

+			$groupindex[$groupent['name']] = $i;

+			$i++;

 		}

 	}

 

-	/* obtain local groups if we have a local user */

-	if ($local_user) {

-		$allowed_groups = get_local_user_groups($local_user);

-		foreach ($config['system']['group'] as $group)

-			if (in_array($group['name'], $allowed_groups))

-				if (is_array($group['pages']))

-					foreach ($group['pages'] as $page)

-						$allowed_pages[] = $page;

-	}

-

-	/* obtain ldap groups if we are in ldap mode */

-	if ($config['system']['webgui']['backend'] == "ldap" && !$local_user) {

-		//log_error("Calling LDAP_GET_GROUPS from the first section");

-		$allowed_groups = ldap_get_groups($logged_in_user);

-		if (is_array($config['system']['group']) && is_array($allowed_groups))

-			foreach ($config['system']['group'] as $group)

-				if (in_array($group['name'], $allowed_groups))

-					foreach ($group['pages'] as $page)

-						$allowed_pages[] = $page;

-	}

-	if ($config['system']['webgui']['backend'] == "ldapother" && !$local_user) {

-		//log_error("Calling LDAP_GET_GROUPS from the first section");

-		$allowed_groups = ldap_get_groups($logged_in_user);

-		if (is_array($config['system']['group']) && is_array($allowed_groups))

-			foreach ($config['system']['group'] as $group)

-				if (in_array($group['name'], $allowed_groups))

-					foreach ($group['pages'] as $page)

-						$allowed_pages[] = $page;

-	}	

-

-	$allowed_groups = print_r($allowed, true);

-	$fdny = fopen("/tmp/groups", "w");

-	fwrite($fdny, $allowed_groups);

-	fclose($fdny);

-

-	$_SESSION['privs'] = $allowed_pages;

-

-	return $allowed_pages;

+	return ($groupindex);

 }

 

-function &getSystemPrivs() {

-	global $g;

+function index_users() {

+	global $g, $config;

 

-	$privs = array();

-

-	$privs[] = array("id" =>	"lockwc",

-					 "name" =>	"Lock webConfigurator",

-					 "desc" =>	"Indicates whether this user will lock access to " .

-								"the webConfigurator for other users.");

-

-	$privs[] = array("id" =>	"lock-ipages",

-					 "name" =>	"Lock individual pages",

-					 "desc" =>	"Indicates whether this user will lock individual " .

-								"HTML pages after having accessed a particular page" .

-								"(the lock will be freed if the user leaves or " .

-								"saves the page form).");

-

-	$privs[] = array("id" =>	"hasshell",

-					 "name" =>	"Has shell access",

-					 "desc" =>	"Indicates whether this user is able to login for " .

-								"example via SSH.");

-

-	$privs[] = array("id" =>	"copyfiles",

-					 "name" =>	"Is allowed to copy files",

-					 "desc" =>	"Indicates whether this user is allowed to copy files " .

-								"onto the {$g['product_name']} appliance via SCP/SFTP. " .

-								"If you are going to use this privilege, you must install " .

-								"scponly on the appliance (Hint: pkg_add -r scponly).");

-

-	$privs[] = array("id" =>	"isroot",

-					 "name" =>	"Is root user",

-					 "desc" =>	"This user is associated with the UNIX root user " .

-								"(you should associate this privilege only with one " .

-								"single user).");

-

-	return $privs;

+	if (isset($config['system']['user'])) {

+		$i = 0;

+		foreach($config['system']['user'] as $userent) {

+			$userindex[$userent['name']] = $i;

+			$i++;

+		}

+	}

+

+	return ($userindex);

 }

 

 function & getUserEntry($name) {

 	global $config, $userindex;

-	return $config['system']['user'][$userindex[$name]];

-}

-

-function & getGroupEntry($name) {

-	global $config, $groupindex;

-	return $config['system']['group'][$groupindex[$name]];

+	if (isset($userindex[$name]))

+		return $config['system']['user'][$userindex[$name]];

 }

 

-function userHasPrivilege($userent, $privid = false) {

-

-	if (!$privid || !is_array($userent))

-		return false;

-

-	if (!is_array($userent['priv']))

-		return false;

-

-	foreach ($userent['priv'] as $priv)

-		if ($priv['id'] == $privid)

-			return true;

-}

-

-function hasPrivilegeCopyFiles($userent) {

-	return userHasPrivilege($userent, "copyfiles");

-}

-

-function hasPrivilegeLock($userent) {

-	return userHasPrivilege($userent, "lockwc");

-}

+function & getUserEntryByUID($uid) {

+	global $config;

+	foreach ($config['system']['user'] as & $user)

+		if ($user['uid'] == $uid)

+			return $user;

 

-function hasPrivilegeLockPages($userent) {

-	return userHasPrivilege($userent, "lock-ipages");

+	return false;

 }

 

-function hasPrivilegeShell($userent) {

-	return userHasPrivilege($userent, "hasshell");

+function & getGroupEntry($name) {

+	global $config, $groupindex;

+	if (isset($groupindex[$name]))

+		return $config['system']['group'][$groupindex[$name]];

 }

 

 function sync_local_accounts() {

@@ -249,7 +142,8 @@ function sync_local_accounts() {
 	sync_webgui_passwords();

 }

 

-function set_local_user($user) {

+function set_local_user(& $user, $password = false) {

+	global $g;

 

 	$home_base = $g['platform'] == "pfSense" ? "/home" : "/var/home";

 	if (!is_dir($home_base))

@@ -261,6 +155,30 @@ function set_local_user($user) {
 	$user_shell = "/etc/rc.initial";

 	$user_group = "nobody";

 

+	/* set all password hashes if required */

+	if ($password && strlen($password)) {

+

+		$user['password'] = crypt($password);

+		$user['md5-hash'] = md5($password);

+

+		/*

+		 * NOTE : This section of code id based on the BSD

+		 * licensed CHAP.php courtesy of Michael Retterklieber.

+		 */

+		/* Waiting for mhash to settle into the tree

+		// Converts ascii to unicode.

+		$astr = (string) $password;

+		$ustr = '';

+		for ($i = 0; $i < strlen($astr); $i++) {

+			$a = ord($astr{$i}) << 8;

+			$ustr.= sprintf("%X", $a);

+		}

+

+		// Generate the NT-HASH from the unicode string

+		$user['nt-hash'] = bin2hex(mhash(MHASH_MD4, $ustr));

+		*/

+	}

+

 	/* configure shell type */

 	if (!hasPrivilegeShell($user)) {

 		if (!hasPrivilegeCopyFiles($user))

@@ -342,29 +260,6 @@ function get_local_user_groups($user, $all = false) {
 	return $groups;

 }

 

-function set_local_user_password(& $user, $password) {

-

-    $user['password'] = crypt($password);

-    $user['md5-hash'] = md5($password);

-

-	/*

-	 * NOTE : This section of code id based on the BSD

-	 * licensed CHAP.php courtesy of Michael Retterklieber.

-	 */

-	/* Waiting for mhash to settle into the tree

-	// Converts ascii to unicode.

-	$astr = (string) $password;

-	$ustr = '';

-	for ($i = 0; $i < strlen($astr); $i++) {

-		$a = ord($astr{$i}) << 8;

-		$ustr.= sprintf("%X", $a);

-	}

-

-	// Generate the NT-HASH from the unicode string

-	$user['nt-hash'] = bin2hex(mhash(MHASH_MD4, $ustr));

-	*/

-}

-

 function set_local_user_groups($user, $new_groups = NULL ) {

 	global $config, $groupindex;

 

@@ -1135,34 +1030,4 @@ function radius_backed($username, $passwd){
 	return $ret;

 }

 

-function index_groups() {

-	global $g, $config, $groupindex;

-

-	$groupindex = array();

-

-	if (isset($config['system']['group'])) {

-		$i = 0;

-		foreach($config['system']['group'] as $groupent) {

-			$groupindex[$groupent['name']] = $i;

-			$i++;

-		}

-	}

-

-	return ($groupindex);

-}

-

-function index_users() {

-	global $g, $config;

-

-	if (isset($config['system']['user'])) {

-		$i = 0;

-		foreach($config['system']['user'] as $userent) {

-			$userindex[$userent['name']] = $i;

-			$i++;

-		}

-	}

-

-	return ($userindex);

-}

-

 ?>

diff --git a/etc/inc/config.inc b/etc/inc/config.inc
index 5e58689..f811b53 100644
--- a/etc/inc/config.inc
+++ b/etc/inc/config.inc
@@ -1542,7 +1542,7 @@ function convert_config() {
 		$all = array();
 		$all['name'] = "all";
 		$all['description'] = "All Users";
-		$all['scope'] = "System";
+		$all['scope'] = "system";
 		$all['gid'] = 1998;
 		$all['member'] = array();
 
@@ -1582,6 +1582,11 @@ function convert_config() {
 			$all['member'][] = $user['uid'];
 		}
 
+		/* reset group scope information */
+		foreach ($config['system']['group'] as & $group)
+			if ($group['name'] != $g['admin_group'])
+				$group['scope'] = "user";
+
 		/* insert new all group */
 		$groups = Array();
 		$groups[] = $all;
@@ -1589,10 +1594,58 @@ function convert_config() {
 		$config['system']['group'] = $groups;
 		set_local_group($all);
 
+		$config['version'] = 4.9;
+	}
+
+	/* Convert 4.9 -> 5.0 */
+	if ($config['version'] <= 5.0) {
+		
+		/* update user privileges */
+		foreach ($config['system']['user'] as & $user) {
+			$privs = array();
+			if (!is_array($user['priv'])) {
+				unset($user['priv']);
+				continue;
+			}
+			foreach ($user['priv'] as $priv) {
+				switch($priv['id']) {
+					case "lockwc":
+						$privs[] = "user-lock-webcfg";
+						break;
+					case "lock-ipages":
+						$privs[] = "user-lock-ipages";
+						break;
+					case "hasshell":
+						$privs[] = "user-shell-access";
+						break;
+					case "copyfiles":
+						$privs[] = "user-copy-files";
+						break;
+				}
+			}
+			$user['priv'] = $privs;
+		}
+
+		/* update group privileges */
+		foreach ($config['system']['group'] as & $group) {
+			$privs = array();
+			if (!is_array($group['pages'])) {
+				unset($group['pages']);
+				continue;
+			}
+			foreach ($group['pages'] as $page) {
+				$priv = map_page_privname($page);
+				if ($priv)
+					$privs[] = $priv;
+			}
+			unset($group['pages']);
+			$group['priv'] = $privs;
+		}
+
 		/* sync all local account information */
 		sync_local_accounts();
 
-		$config['version'] = 4.9;
+		$config['version'] = 5.0;
 	}
 
 	$now = date("H:i:s");
diff --git a/etc/inc/functions.inc b/etc/inc/functions.inc
index a9ecbea..0fd4811 100644
--- a/etc/inc/functions.inc
+++ b/etc/inc/functions.inc
@@ -71,6 +71,7 @@ if(!function_exists("pfSenseHeader")) {
 
 /* include all configuration functions */
 require_once("auth.inc");
+require_once("priv.inc");
 require_once("captiveportal.inc");
 require_once("filter.inc");
 require_once("interfaces.inc");
@@ -86,4 +87,4 @@ require_once("gwlb.inc");
 require_once("notices.inc");
 require_once("cmd_chain.inc");
 
-?>
\ No newline at end of file
+?>
diff --git a/etc/inc/globals.inc b/etc/inc/globals.inc
index 872ee09..3cbb15a 100644
--- a/etc/inc/globals.inc
+++ b/etc/inc/globals.inc
@@ -60,7 +60,7 @@ $g = array(
     "n_pppoe_units" => 16, /* this value can be overriden in pppoe->n_pppoe_units */
     "pppoe_subnet" => 28,  /* this value can be overriden in pppoe->pppoe_subnet  */
     "debug" => false,
-    "latest_config" => "4.9",
+    "latest_config" => "5.0",
     "nopkg_platforms" => array("cdrom"),
 	"minimum_ram_warning" => "115",
 	"minimum_ram_warning_text" => "128 megabytes",
diff --git a/etc/inc/meta.inc b/etc/inc/meta.inc
new file mode 100644
index 0000000..6b3d003
--- /dev/null
+++ b/etc/inc/meta.inc
@@ -0,0 +1,197 @@
+<?php
+/*
+	Copyright (C) 2008 Shrew Soft Inc
+	All rights reserved.
+
+	Redistribution and use in source and binary forms, with or without
+	modification, are permitted provided that the following conditions are met:
+
+	1. Redistributions of source code must retain the above copyright notice,
+	   this list of conditions and the following disclaimer.
+
+	2. Redistributions in binary form must reproduce the above copyright
+	   notice, this list of conditions and the following disclaimer in the
+	   documentation and/or other materials provided with the distribution.
+
+	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+	INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+	AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+	AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+	OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+	POSSIBILITY OF SUCH DAMAGE.
+*/
+
+/*
+ * The meta data format used in pfSense is denoted using markers
+ * followed by the appropriate value or value pair. All markers
+ * are prefixed with a ##| sequence. The + suffix is used to
+ * denote the beginning of a tag block followed by the tag name.
+ * A - suffix is used to denote the end of a tag blaock. Values
+ * are denoted using the * suffix and can optionally be expressed
+ * as a key value pair. An example of a metadata tag block ...
+ *
+ * ###|+INFO
+ * ###|*BLAH
+ * ###|*TEXT=SOME TEXT
+ * ###|-INFO
+ *
+ * After calling read_file_metadata, the result array would
+ * contain the following information ...
+ *
+ * metadata['<filename>']['INFO']['BLAH'][0] == true
+ * metadata['<filename>']['INFO']['TEXT'][0] == "SOME TEXT"
+ *
+ * NOTE: All statements must be at the begining of a line and
+ * contiguous for a tag. The example shown above would not be
+ * processed due to the extra ' * ' comment chars.
+ *
+ */
+
+/*
+ * locate php files for a given path
+ */
+
+function list_phpfiles($path, & $found) {
+
+	if (!is_array($found))
+		$found = array();
+
+	$dir = opendir($path);
+	if (!$dir) {
+		echo "list_phpfiles: unable to examine path {$path}\n";
+		return;
+	}
+
+	while($fname = readdir($dir)) {
+		if($fname == "." || $fname == ".." || $fname[0] == '.')
+			continue;
+		if (fnmatch('*.php', $fname))
+			$found[] = $fname;
+	}
+}
+
+/*
+ * read embedded metadata from a file
+ */
+
+function read_file_metadata($fpath, & $metadata, $taglist = false) {
+
+	if (!is_array($metadata))
+		$metadata = array();
+
+	if ($taglist)
+		$taglist = explode(",", $taglist);
+
+	$fname = $fpath;
+	$slash = strrpos($fname,"/");
+	if ($slash)
+		$fname = substr($fname,$slash + 1);
+
+	$fdata = @file_get_contents($fpath);
+	if (!$fdata) {
+		echo "unable to read {$fpath}\n";
+		continue;
+	}
+
+	$offset = 0;
+
+	$tags = array();
+
+	while (true) {
+
+		$tagbeg_off = stripos($fdata, "##|+", $offset);
+		if ($tagbeg_off === false)
+			break;
+
+		$tagbeg_trm = stripos($fdata, "\n", $tagbeg_off);
+		if ($tagbeg_trm === false)
+			break;
+
+		$tagend_off = stripos($fdata, "##|-", $tagbeg_trm);
+		if ($tagend_off === false)
+			break;
+
+		$tagend_trm = stripos($fdata, "\n", $tagend_off);
+		if ($tagend_trm === false)
+			break;
+
+		$tagbeg_len = $tagbeg_trm - $tagbeg_off;
+		$tagend_len = $tagend_trm - $tagend_off;
+
+		$tagbeg = substr($fdata, $tagbeg_off + 4, $tagbeg_len - 4);
+		$tagend = substr($fdata, $tagend_off + 4, $tagend_len - 4);
+
+		if ($tagbeg != $tagend) {
+			echo "error: tag mismatch ( {$tagbeg} != {$tagend} ) in '$fpath'\n";
+			break;
+		}
+
+		$mdata_off = $tagbeg_trm + 1;
+		$mdata_trm = $tagend_off - 1;
+		$mdata_len = $mdata_trm - $mdata_off;
+
+		$mdata = substr($fdata, $mdata_off, $mdata_len);
+
+		if (!strlen($mdata)) {
+			echo "warning: tag {$tagbeg} has no data in '$fpath'\n";
+			break;
+		}
+
+		$offset = $tagend_trm + 1;
+
+		if (is_array($taglist))
+			if (!in_array($tagbeg,$taglist))
+				continue;
+
+		$vals = array();
+
+		$lines = explode("\n",$mdata);
+		foreach ($lines as $line) {
+
+			if (!strlen($line)) 
+				continue;
+
+			$valtag = stripos($line, "##|*");
+			if ($valtag === false || $valtag) {
+				echo "warning: tag {$tagbeg} has malformed data in '$fpath'\n";
+				continue;
+			}
+
+			$value = substr($line, 4, strlen($line) - 1);
+			$vlist = explode("=", $value);
+
+			unset($vname);
+			unset($vdata);
+
+			switch (count($vlist)) {
+				case 1:
+					$vname = $vlist[0];
+					$vdata = true;
+					break;
+				case 2:
+					$vname = $vlist[0];
+					$vdata = $vlist[1];
+					break;
+			}
+
+			if (!isset($vname) || !isset($vdata)) {
+				echo "warning: tag {$tagbeg} has invalid data in '$fpath'\n";
+				continue;
+			}
+
+			$vals[$vname][] = $vdata;
+		}
+
+		if (count($vals))
+			$tags[$tagbeg] = $vals;
+	}
+
+	if (count($tags))
+		$metadata[$fname] = $tags;
+}
+
+?>
diff --git a/etc/inc/priv.defs.inc b/etc/inc/priv.defs.inc
new file mode 100644
index 0000000..9bddac7
--- /dev/null
+++ b/etc/inc/priv.defs.inc
@@ -0,0 +1,1014 @@
+<?php
+/*
+ * priv.defs.inc - Generated privilege definitions
+ *
+ */
+
+$priv_list = array();
+
+$priv_list['page-all'] = array();
+$priv_list['page-all']['name'] = "WebCfg - All pages";
+$priv_list['page-all']['descr'] = "Allow access to all pages";
+$priv_list['page-all']['match'] = array();
+$priv_list['page-all']['match'][] = "*";
+
+$priv_list['page-diagnostics-routingtables'] = array();
+$priv_list['page-diagnostics-routingtables']['name'] = "WebCfg - Diagnostics: Routing tables page";
+$priv_list['page-diagnostics-routingtables']['descr'] = "Allow access to the 'Diagnostics: Routing tables' page.";
+$priv_list['page-diagnostics-routingtables']['match'] = array();
+$priv_list['page-diagnostics-routingtables']['match'][] = "diag_routes.php*";
+
+$priv_list['page-status-carp'] = array();
+$priv_list['page-status-carp']['name'] = "WebCfg - Status: CARP page";
+$priv_list['page-status-carp']['descr'] = "Allow access to the 'Status: CARP' page.";
+$priv_list['page-status-carp']['match'] = array();
+$priv_list['page-status-carp']['match'][] = "carp_status.php*";
+
+$priv_list['page-diagnostics-arptable'] = array();
+$priv_list['page-diagnostics-arptable']['name'] = "WebCfg - Diagnostics: ARP Table page";
+$priv_list['page-diagnostics-arptable']['descr'] = "Allow access to the 'Diagnostics: ARP Table' page.";
+$priv_list['page-diagnostics-arptable']['match'] = array();
+$priv_list['page-diagnostics-arptable']['match'][] = "diag_arp.php*";
+
+$priv_list['page-diagnostics-backup/restore'] = array();
+$priv_list['page-diagnostics-backup/restore']['name'] = "WebCfg - Diagnostics: Backup/restore page";
+$priv_list['page-diagnostics-backup/restore']['descr'] = "Allow access to the 'Diagnostics: Backup/restore' page.";
+$priv_list['page-diagnostics-backup/restore']['match'] = array();
+$priv_list['page-diagnostics-backup/restore']['match'][] = "diag_backup.php*";
+
+$priv_list['page-diagnostics-configurationhistory'] = array();
+$priv_list['page-diagnostics-configurationhistory']['name'] = "WebCfg - Diagnostics: Configuration History page";
+$priv_list['page-diagnostics-configurationhistory']['descr'] = "Allow access to the 'Diagnostics: Configuration History' page.";
+$priv_list['page-diagnostics-configurationhistory']['match'] = array();
+$priv_list['page-diagnostics-configurationhistory']['match'][] = "diag_confbak.php*";
+
+$priv_list['page-diagnostics-factorydefaults'] = array();
+$priv_list['page-diagnostics-factorydefaults']['name'] = "WebCfg - Diagnostics: Factory defaults page";
+$priv_list['page-diagnostics-factorydefaults']['descr'] = "Allow access to the 'Diagnostics: Factory defaults' page.";
+$priv_list['page-diagnostics-factorydefaults']['match'] = array();
+$priv_list['page-diagnostics-factorydefaults']['match'][] = "diag_defaults.php*";
+
+$priv_list['page-status-dhcpleases'] = array();
+$priv_list['page-status-dhcpleases']['name'] = "WebCfg - Status: DHCP leases page";
+$priv_list['page-status-dhcpleases']['descr'] = "Allow access to the 'Status: DHCP leases' page.";
+$priv_list['page-status-dhcpleases']['match'] = array();
+$priv_list['page-status-dhcpleases']['match'][] = "diag_dhcp_leases.php*";
+
+$priv_list['page-diagnostics-showstates'] = array();
+$priv_list['page-diagnostics-showstates']['name'] = "WebCfg - Diagnostics: Show States page";
+$priv_list['page-diagnostics-showstates']['descr'] = "Allow access to the 'Diagnostics: Show States' page.";
+$priv_list['page-diagnostics-showstates']['match'] = array();
+$priv_list['page-diagnostics-showstates']['match'][] = "diag_dump_states.php*";
+
+$priv_list['page-status-ipsec'] = array();
+$priv_list['page-status-ipsec']['name'] = "WebCfg - Status: IPsec page";
+$priv_list['page-status-ipsec']['descr'] = "Allow access to the 'Status: IPsec' page.";
+$priv_list['page-status-ipsec']['match'] = array();
+$priv_list['page-status-ipsec']['match'][] = "diag_ipsec.php*";
+
+$priv_list['page-status-ipsec-sad'] = array();
+$priv_list['page-status-ipsec-sad']['name'] = "WebCfg - Status: IPsec: SAD page";
+$priv_list['page-status-ipsec-sad']['descr'] = "Allow access to the 'Status: IPsec: SAD' page.";
+$priv_list['page-status-ipsec-sad']['match'] = array();
+$priv_list['page-status-ipsec-sad']['match'][] = "diag_ipsec_sad.php*";
+
+$priv_list['page-status-ipsec-spd'] = array();
+$priv_list['page-status-ipsec-spd']['name'] = "WebCfg - Status: IPsec: SPD page";
+$priv_list['page-status-ipsec-spd']['descr'] = "Allow access to the 'Status: IPsec: SPD' page.";
+$priv_list['page-status-ipsec-spd']['match'] = array();
+$priv_list['page-status-ipsec-spd']['match'][] = "diag_ipsec_spd.php*";
+
+$priv_list['page-diagnostics-logs-system'] = array();
+$priv_list['page-diagnostics-logs-system']['name'] = "WebCfg - Diagnostics: Logs: System page";
+$priv_list['page-diagnostics-logs-system']['descr'] = "Allow access to the 'Diagnostics: Logs: System' page.";
+$priv_list['page-diagnostics-logs-system']['match'] = array();
+$priv_list['page-diagnostics-logs-system']['match'][] = "diag_logs.php*";
+
+$priv_list['page-status-systemlogs-portalauth'] = array();
+$priv_list['page-status-systemlogs-portalauth']['name'] = "WebCfg - Status: System logs: Portal Auth page";
+$priv_list['page-status-systemlogs-portalauth']['descr'] = "Allow access to the 'Status: System logs: Portal Auth' page.";
+$priv_list['page-status-systemlogs-portalauth']['match'] = array();
+$priv_list['page-status-systemlogs-portalauth']['match'][] = "diag_logs_auth.php*";
+
+$priv_list['page-diagnostics-logs-dhcp'] = array();
+$priv_list['page-diagnostics-logs-dhcp']['name'] = "WebCfg - Diagnostics: Logs: DHCP page";
+$priv_list['page-diagnostics-logs-dhcp']['descr'] = "Allow access to the 'Diagnostics: Logs: DHCP' page.";
+$priv_list['page-diagnostics-logs-dhcp']['match'] = array();
+$priv_list['page-diagnostics-logs-dhcp']['match'][] = "diag_logs_dhcp.php*";
+
+$priv_list['page-package-settings'] = array();
+$priv_list['page-package-settings']['name'] = "WebCfg - Package: Settings page";
+$priv_list['page-package-settings']['descr'] = "Allow access to the 'Package: Settings' page.";
+$priv_list['page-package-settings']['match'] = array();
+$priv_list['page-package-settings']['match'][] = "pkg.php*";
+
+$priv_list['page-diagnostics-logs-firewall'] = array();
+$priv_list['page-diagnostics-logs-firewall']['name'] = "WebCfg - Diagnostics: Logs: Firewall page";
+$priv_list['page-diagnostics-logs-firewall']['descr'] = "Allow access to the 'Diagnostics: Logs: Firewall' page.";
+$priv_list['page-diagnostics-logs-firewall']['match'] = array();
+$priv_list['page-diagnostics-logs-firewall']['match'][] = "diag_logs_filter.php*";
+
+$priv_list['page-hidden-nolongerincluded'] = array();
+$priv_list['page-hidden-nolongerincluded']['name'] = "WebCfg - Hidden: No longer included page";
+$priv_list['page-hidden-nolongerincluded']['descr'] = "Allow access to the 'Hidden: No longer included' page.";
+$priv_list['page-hidden-nolongerincluded']['match'] = array();
+$priv_list['page-hidden-nolongerincluded']['match'][] = "diag_logs_filter_dynamic.php*";
+
+$priv_list['page-status-systemlogs-ipsecvpn'] = array();
+$priv_list['page-status-systemlogs-ipsecvpn']['name'] = "WebCfg - Status: System logs: IPsec VPN page";
+$priv_list['page-status-systemlogs-ipsecvpn']['descr'] = "Allow access to the 'Status: System logs: IPsec VPN' page.";
+$priv_list['page-status-systemlogs-ipsecvpn']['match'] = array();
+$priv_list['page-status-systemlogs-ipsecvpn']['match'][] = "diag_logs_ipsec.php*";
+
+$priv_list['page-status-systemlogs-openntpd'] = array();
+$priv_list['page-status-systemlogs-openntpd']['name'] = "WebCfg - Status: System logs: OpenNTPD page";
+$priv_list['page-status-systemlogs-openntpd']['descr'] = "Allow access to the 'Status: System logs: OpenNTPD' page.";
+$priv_list['page-status-systemlogs-openntpd']['match'] = array();
+$priv_list['page-status-systemlogs-openntpd']['match'][] = "diag_logs_ntpd.php*";
+
+$priv_list['page-status-systemlogs-openvpn'] = array();
+$priv_list['page-status-systemlogs-openvpn']['name'] = "WebCfg - Status: System logs: OpenVPN page";
+$priv_list['page-status-systemlogs-openvpn']['descr'] = "Allow access to the 'Status: System logs: OpenVPN' page.";
+$priv_list['page-status-systemlogs-openvpn']['match'] = array();
+$priv_list['page-status-systemlogs-openvpn']['match'][] = "diag_logs_openvpn.php*";
+
+$priv_list['page-status-systemlogs-loadbalancer'] = array();
+$priv_list['page-status-systemlogs-loadbalancer']['name'] = "WebCfg - Status: System logs: Load Balancer page";
+$priv_list['page-status-systemlogs-loadbalancer']['descr'] = "Allow access to the 'Status: System logs: Load Balancer' page.";
+$priv_list['page-status-systemlogs-loadbalancer']['match'] = array();
+$priv_list['page-status-systemlogs-loadbalancer']['match'][] = "diag_logs_relayd.php*";
+
+$priv_list['page-diagnostics-logs-settings'] = array();
+$priv_list['page-diagnostics-logs-settings']['name'] = "WebCfg - Diagnostics: Logs: Settings page";
+$priv_list['page-diagnostics-logs-settings']['descr'] = "Allow access to the 'Diagnostics: Logs: Settings' page.";
+$priv_list['page-diagnostics-logs-settings']['match'] = array();
+$priv_list['page-diagnostics-logs-settings']['match'][] = "diag_logs_settings.php*";
+
+$priv_list['page-status-systemlogs-loadbalancer'] = array();
+$priv_list['page-status-systemlogs-loadbalancer']['name'] = "WebCfg - Status: System logs: Load Balancer page";
+$priv_list['page-status-systemlogs-loadbalancer']['descr'] = "Allow access to the 'Status: System logs: Load Balancer' page.";
+$priv_list['page-status-systemlogs-loadbalancer']['match'] = array();
+$priv_list['page-status-systemlogs-loadbalancer']['match'][] = "diag_logs_slbd.php*";
+
+$priv_list['page-diagnostics-logs-pptpvpn'] = array();
+$priv_list['page-diagnostics-logs-pptpvpn']['name'] = "WebCfg - Diagnostics: Logs: PPTP VPN page";
+$priv_list['page-diagnostics-logs-pptpvpn']['descr'] = "Allow access to the 'Diagnostics: Logs: PPTP VPN' page.";
+$priv_list['page-diagnostics-logs-pptpvpn']['match'] = array();
+$priv_list['page-diagnostics-logs-pptpvpn']['match'][] = "diag_logs_vpn.php*";
+
+$priv_list['page-diagnostics-packetcapture'] = array();
+$priv_list['page-diagnostics-packetcapture']['name'] = "WebCfg - Diagnostics: Packet Capture page";
+$priv_list['page-diagnostics-packetcapture']['descr'] = "Allow access to the 'Diagnostics: Packet Capture' page.";
+$priv_list['page-diagnostics-packetcapture']['match'] = array();
+$priv_list['page-diagnostics-packetcapture']['match'][] = "diag_packet_capture.php*";
+
+$priv_list['page-diagnostics-ping'] = array();
+$priv_list['page-diagnostics-ping']['name'] = "WebCfg - Diagnostics: Ping page";
+$priv_list['page-diagnostics-ping']['descr'] = "Allow access to the 'Diagnostics: Ping' page.";
+$priv_list['page-diagnostics-ping']['match'] = array();
+$priv_list['page-diagnostics-ping']['match'][] = "diag_ping.php*";
+
+$priv_list['page-status-packagelogs'] = array();
+$priv_list['page-status-packagelogs']['name'] = "WebCfg - Status: Package logs page";
+$priv_list['page-status-packagelogs']['descr'] = "Allow access to the 'Status: Package logs' page.";
+$priv_list['page-status-packagelogs']['match'] = array();
+$priv_list['page-status-packagelogs']['match'][] = "diag_pkglogs.php*";
+
+$priv_list['page-diagnostics-resetstate'] = array();
+$priv_list['page-diagnostics-resetstate']['name'] = "WebCfg - Diagnostics: Reset state page";
+$priv_list['page-diagnostics-resetstate']['descr'] = "Allow access to the 'Diagnostics: Reset state' page.";
+$priv_list['page-diagnostics-resetstate']['match'] = array();
+$priv_list['page-diagnostics-resetstate']['match'][] = "diag_resetstate.php*";
+
+$priv_list['page-diagnostics-traceroute'] = array();
+$priv_list['page-diagnostics-traceroute']['name'] = "WebCfg - Diagnostics: Traceroute page";
+$priv_list['page-diagnostics-traceroute']['descr'] = "Allow access to the 'Diagnostics: Traceroute' page.";
+$priv_list['page-diagnostics-traceroute']['match'] = array();
+$priv_list['page-diagnostics-traceroute']['match'][] = "diag_traceroute.php*";
+
+$priv_list['page-diagnostics-editfile'] = array();
+$priv_list['page-diagnostics-editfile']['name'] = "WebCfg - Diagnostics: Edit File page";
+$priv_list['page-diagnostics-editfile']['descr'] = "Allow access to the 'Diagnostics: Edit File' page.";
+$priv_list['page-diagnostics-editfile']['match'] = array();
+$priv_list['page-diagnostics-editfile']['match'][] = "edit.php*";
+
+$priv_list['page-diagnostics-command'] = array();
+$priv_list['page-diagnostics-command']['name'] = "WebCfg - Diagnostics: Command page";
+$priv_list['page-diagnostics-command']['descr'] = "Allow access to the 'Diagnostics: Command' page.";
+$priv_list['page-diagnostics-command']['match'] = array();
+$priv_list['page-diagnostics-command']['match'][] = "exec.php*";
+
+$priv_list['page-hidden-execraw'] = array();
+$priv_list['page-hidden-execraw']['name'] = "WebCfg - Hidden: Exec Raw page";
+$priv_list['page-hidden-execraw']['descr'] = "Allow access to the 'Hidden: Exec Raw' page.";
+$priv_list['page-hidden-execraw']['match'] = array();
+$priv_list['page-hidden-execraw']['match'][] = "exec_raw.php*";
+
+$priv_list['page-firewall-aliases'] = array();
+$priv_list['page-firewall-aliases']['name'] = "WebCfg - Firewall: Aliases page";
+$priv_list['page-firewall-aliases']['descr'] = "Allow access to the 'Firewall: Aliases' page.";
+$priv_list['page-firewall-aliases']['match'] = array();
+$priv_list['page-firewall-aliases']['match'][] = "firewall_aliases.php*";
+
+$priv_list['page-firewall-alias-edit'] = array();
+$priv_list['page-firewall-alias-edit']['name'] = "WebCfg - Firewall: Alias: Edit page";
+$priv_list['page-firewall-alias-edit']['descr'] = "Allow access to the 'Firewall: Alias: Edit' page.";
+$priv_list['page-firewall-alias-edit']['match'] = array();
+$priv_list['page-firewall-alias-edit']['match'][] = "firewall_aliases_edit.php*";
+
+$priv_list['page-firewall-alias-import'] = array();
+$priv_list['page-firewall-alias-import']['name'] = "WebCfg - Firewall: Alias: Import page";
+$priv_list['page-firewall-alias-import']['descr'] = "Allow access to the 'Firewall: Alias: Import' page.";
+$priv_list['page-firewall-alias-import']['match'] = array();
+$priv_list['page-firewall-alias-import']['match'][] = "firewall_aliases_import.php*";
+
+$priv_list['page-firewall-nat-portforward'] = array();
+$priv_list['page-firewall-nat-portforward']['name'] = "WebCfg - Firewall: NAT: Port Forward page";
+$priv_list['page-firewall-nat-portforward']['descr'] = "Allow access to the 'Firewall: NAT: Port Forward' page.";
+$priv_list['page-firewall-nat-portforward']['match'] = array();
+$priv_list['page-firewall-nat-portforward']['match'][] = "firewall_nat.php*";
+
+$priv_list['page-firewall-nat-1-1'] = array();
+$priv_list['page-firewall-nat-1-1']['name'] = "WebCfg - Firewall: NAT: 1:1 page";
+$priv_list['page-firewall-nat-1-1']['descr'] = "Allow access to the 'Firewall: NAT: 1:1' page.";
+$priv_list['page-firewall-nat-1-1']['match'] = array();
+$priv_list['page-firewall-nat-1-1']['match'][] = "firewall_nat_1to1.php*";
+
+$priv_list['page-firewall-nat-1-1-edit'] = array();
+$priv_list['page-firewall-nat-1-1-edit']['name'] = "WebCfg - Firewall: NAT: 1:1: Edit page";
+$priv_list['page-firewall-nat-1-1-edit']['descr'] = "Allow access to the 'Firewall: NAT: 1:1: Edit' page.";
+$priv_list['page-firewall-nat-1-1-edit']['match'] = array();
+$priv_list['page-firewall-nat-1-1-edit']['match'][] = "firewall_nat_1to1_edit.php*";
+
+$priv_list['page-firewall-nat-portforward-edit'] = array();
+$priv_list['page-firewall-nat-portforward-edit']['name'] = "WebCfg - Firewall: NAT: Port Forward: Edit page";
+$priv_list['page-firewall-nat-portforward-edit']['descr'] = "Allow access to the 'Firewall: NAT: Port Forward: Edit' page.";
+$priv_list['page-firewall-nat-portforward-edit']['match'] = array();
+$priv_list['page-firewall-nat-portforward-edit']['match'][] = "firewall_nat_edit.php*";
+
+$priv_list['page-firewall-nat-outbound'] = array();
+$priv_list['page-firewall-nat-outbound']['name'] = "WebCfg - Firewall: NAT: Outbound page";
+$priv_list['page-firewall-nat-outbound']['descr'] = "Allow access to the 'Firewall: NAT: Outbound' page.";
+$priv_list['page-firewall-nat-outbound']['match'] = array();
+$priv_list['page-firewall-nat-outbound']['match'][] = "firewall_nat_out.php*";
+
+$priv_list['page-firewall-nat-outbound-edit'] = array();
+$priv_list['page-firewall-nat-outbound-edit']['name'] = "WebCfg - Firewall: NAT: Outbound: Edit page";
+$priv_list['page-firewall-nat-outbound-edit']['descr'] = "Allow access to the 'Firewall: NAT: Outbound: Edit' page.";
+$priv_list['page-firewall-nat-outbound-edit']['match'] = array();
+$priv_list['page-firewall-nat-outbound-edit']['match'][] = "firewall_nat_out_edit.php*";
+
+$priv_list['page-firewall-nat-nataddresses'] = array();
+$priv_list['page-firewall-nat-nataddresses']['name'] = "WebCfg - Firewall: NAT: NAT Addresses page";
+$priv_list['page-firewall-nat-nataddresses']['descr'] = "Allow access to the 'Firewall: NAT: NAT Addresses' page.";
+$priv_list['page-firewall-nat-nataddresses']['match'] = array();
+$priv_list['page-firewall-nat-nataddresses']['match'][] = "firewall_nat_server.php*";
+
+$priv_list['page-firewall-rules'] = array();
+$priv_list['page-firewall-rules']['name'] = "WebCfg - Firewall: Rules page";
+$priv_list['page-firewall-rules']['descr'] = "Allow access to the 'Firewall: Rules' page.";
+$priv_list['page-firewall-rules']['match'] = array();
+$priv_list['page-firewall-rules']['match'][] = "firewall_rules.php*";
+
+$priv_list['page-firewall-nat-nataddresses-edit'] = array();
+$priv_list['page-firewall-nat-nataddresses-edit']['name'] = "WebCfg - Firewall: NAT: NAT Addresses: Edit page";
+$priv_list['page-firewall-nat-nataddresses-edit']['descr'] = "Allow access to the 'Firewall: NAT: NAT Addresses: Edit' page.";
+$priv_list['page-firewall-nat-nataddresses-edit']['match'] = array();
+$priv_list['page-firewall-nat-nataddresses-edit']['match'][] = "firewall_nat_server_edit.php*";
+
+$priv_list['page-firewall-rules-edit'] = array();
+$priv_list['page-firewall-rules-edit']['name'] = "WebCfg - Firewall: Rules: Edit page";
+$priv_list['page-firewall-rules-edit']['descr'] = "Allow access to the 'Firewall: Rules: Edit' page.";
+$priv_list['page-firewall-rules-edit']['match'] = array();
+$priv_list['page-firewall-rules-edit']['match'][] = "firewall_rules_edit.php*";
+
+$priv_list['page-firewall-schedules'] = array();
+$priv_list['page-firewall-schedules']['name'] = "WebCfg - Firewall: Schedules page";
+$priv_list['page-firewall-schedules']['descr'] = "Allow access to the 'Firewall: Schedules' page.";
+$priv_list['page-firewall-schedules']['match'] = array();
+$priv_list['page-firewall-schedules']['match'][] = "firewall_schedule.php*";
+
+$priv_list['page-firewall-schedules-edit'] = array();
+$priv_list['page-firewall-schedules-edit']['name'] = "WebCfg - Firewall: Schedules: Edit page";
+$priv_list['page-firewall-schedules-edit']['descr'] = "Allow access to the 'Firewall: Schedules: Edit' page.";
+$priv_list['page-firewall-schedules-edit']['match'] = array();
+$priv_list['page-firewall-schedules-edit']['match'][] = "firewall_schedule_edit.php*";
+
+$priv_list['page-firewall-trafficshaper'] = array();
+$priv_list['page-firewall-trafficshaper']['name'] = "WebCfg - Firewall: Traffic Shaper page";
+$priv_list['page-firewall-trafficshaper']['descr'] = "Allow access to the 'Firewall: Traffic Shaper' page.";
+$priv_list['page-firewall-trafficshaper']['match'] = array();
+$priv_list['page-firewall-trafficshaper']['match'][] = "firewall_shaper.php*";
+
+$priv_list['page-firewall-trafficshaper-queues'] = array();
+$priv_list['page-firewall-trafficshaper-queues']['name'] = "WebCfg - Firewall: Traffic Shaper: Queues page";
+$priv_list['page-firewall-trafficshaper-queues']['descr'] = "Allow access to the 'Firewall: Traffic Shaper: Queues' page.";
+$priv_list['page-firewall-trafficshaper-queues']['match'] = array();
+$priv_list['page-firewall-trafficshaper-queues']['match'][] = "firewall_shaper_queues.php*";
+
+$priv_list['page-firewall-trafficshaper-limiter'] = array();
+$priv_list['page-firewall-trafficshaper-limiter']['name'] = "WebCfg - Firewall: Traffic Shaper: Limiter page";
+$priv_list['page-firewall-trafficshaper-limiter']['descr'] = "Allow access to the 'Firewall: Traffic Shaper: Limiter' page.";
+$priv_list['page-firewall-trafficshaper-limiter']['match'] = array();
+$priv_list['page-firewall-trafficshaper-limiter']['match'][] = "firewall_shaper_vinterface.php*";
+
+$priv_list['page-firewall-trafficshaper-wizard'] = array();
+$priv_list['page-firewall-trafficshaper-wizard']['name'] = "WebCfg - Firewall: Traffic Shaper: Wizard page";
+$priv_list['page-firewall-trafficshaper-wizard']['descr'] = "Allow access to the 'Firewall: Traffic Shaper: Wizard' page.";
+$priv_list['page-firewall-trafficshaper-wizard']['match'] = array();
+$priv_list['page-firewall-trafficshaper-wizard']['match'][] = "firewall_shaper_wizards.php*";
+
+$priv_list['page-firewall-system-tunables'] = array();
+$priv_list['page-firewall-system-tunables']['name'] = "WebCfg - Firewall: System: Tunables page";
+$priv_list['page-firewall-system-tunables']['descr'] = "Allow access to the 'Firewall: System: Tunables' page.";
+$priv_list['page-firewall-system-tunables']['match'] = array();
+$priv_list['page-firewall-system-tunables']['match'][] = "firewall_system_tunables.php*";
+
+$priv_list['page-firewall-system-tunables-edit'] = array();
+$priv_list['page-firewall-system-tunables-edit']['name'] = "WebCfg - Firewall: System: Tunables: Edit page";
+$priv_list['page-firewall-system-tunables-edit']['descr'] = "Allow access to the 'Firewall: System: Tunables: Edit' page.";
+$priv_list['page-firewall-system-tunables-edit']['match'] = array();
+$priv_list['page-firewall-system-tunables-edit']['match'][] = "firewall_system_tunables_edit.php*";
+
+$priv_list['page-firewall-virtualipaddresses'] = array();
+$priv_list['page-firewall-virtualipaddresses']['name'] = "WebCfg - Firewall: Virtual IP Addresses page";
+$priv_list['page-firewall-virtualipaddresses']['descr'] = "Allow access to the 'Firewall: Virtual IP Addresses' page.";
+$priv_list['page-firewall-virtualipaddresses']['match'] = array();
+$priv_list['page-firewall-virtualipaddresses']['match'][] = "firewall_virtual_ip.php*";
+
+$priv_list['page-diagnostics-interfacetraffic'] = array();
+$priv_list['page-diagnostics-interfacetraffic']['name'] = "WebCfg - Diagnostics: Interface Traffic page";
+$priv_list['page-diagnostics-interfacetraffic']['descr'] = "Allow access to the 'Diagnostics: Interface Traffic' page.";
+$priv_list['page-diagnostics-interfacetraffic']['match'] = array();
+$priv_list['page-diagnostics-interfacetraffic']['match'][] = "graph.php*";
+
+$priv_list['page-firewall-virtualipaddress-edit'] = array();
+$priv_list['page-firewall-virtualipaddress-edit']['name'] = "WebCfg - Firewall: Virtual IP Address: Edit page";
+$priv_list['page-firewall-virtualipaddress-edit']['descr'] = "Allow access to the 'Firewall: Virtual IP Address: Edit' page.";
+$priv_list['page-firewall-virtualipaddress-edit']['match'] = array();
+$priv_list['page-firewall-virtualipaddress-edit']['match'][] = "firewall_virtual_ip_edit.php*";
+
+$priv_list['page-diagnostics-cpuutilization'] = array();
+$priv_list['page-diagnostics-cpuutilization']['name'] = "WebCfg - Diagnostics: CPU Utilization page";
+$priv_list['page-diagnostics-cpuutilization']['descr'] = "Allow access to the 'Diagnostics: CPU Utilization' page.";
+$priv_list['page-diagnostics-cpuutilization']['match'] = array();
+$priv_list['page-diagnostics-cpuutilization']['match'][] = "graph_cpu.php*";
+
+$priv_list['page-diagnostics-haltsystem'] = array();
+$priv_list['page-diagnostics-haltsystem']['name'] = "WebCfg - Diagnostics: Halt system page";
+$priv_list['page-diagnostics-haltsystem']['descr'] = "Allow access to the 'Diagnostics: Halt system' page.";
+$priv_list['page-diagnostics-haltsystem']['match'] = array();
+$priv_list['page-diagnostics-haltsystem']['match'][] = "halt.php*";
+
+$priv_list['page-requiredforjavascript'] = array();
+$priv_list['page-requiredforjavascript']['name'] = "WebCfg - Required for javascript page";
+$priv_list['page-requiredforjavascript']['descr'] = "Allow access to the 'Required for javascript' page.";
+$priv_list['page-requiredforjavascript']['match'] = array();
+$priv_list['page-requiredforjavascript']['match'][] = "headjs.php*";
+
+$priv_list['page-xmlrpcinterfacestats'] = array();
+$priv_list['page-xmlrpcinterfacestats']['name'] = "WebCfg - XMLRPC Interface Stats page";
+$priv_list['page-xmlrpcinterfacestats']['descr'] = "Allow access to the 'XMLRPC Interface Stats' page.";
+$priv_list['page-xmlrpcinterfacestats']['match'] = array();
+$priv_list['page-xmlrpcinterfacestats']['match'][] = "ifstats.php*";
+
+$priv_list['page-system-login/logout'] = array();
+$priv_list['page-system-login/logout']['name'] = "WebCfg - System: Login / Logout page";
+$priv_list['page-system-login/logout']['descr'] = "Allow access to the 'System: Login / Logout' page.";
+$priv_list['page-system-login/logout']['match'] = array();
+$priv_list['page-system-login/logout']['match'][] = "index.php*";
+
+$priv_list['page-interfaces-assignnetworkports'] = array();
+$priv_list['page-interfaces-assignnetworkports']['name'] = "WebCfg - Interfaces: Assign network ports page";
+$priv_list['page-interfaces-assignnetworkports']['descr'] = "Allow access to the 'Interfaces: Assign network ports' page.";
+$priv_list['page-interfaces-assignnetworkports']['match'] = array();
+$priv_list['page-interfaces-assignnetworkports']['match'][] = "interfaces_assign.php*";
+
+$priv_list['page-interfaces-gif'] = array();
+$priv_list['page-interfaces-gif']['name'] = "WebCfg - Interfaces: GIF page";
+$priv_list['page-interfaces-gif']['descr'] = "Allow access to the 'Interfaces: GIF' page.";
+$priv_list['page-interfaces-gif']['match'] = array();
+$priv_list['page-interfaces-gif']['match'][] = "interfaces_gif.php*";
+
+$priv_list['page-interfaces-gif-edit'] = array();
+$priv_list['page-interfaces-gif-edit']['name'] = "WebCfg - Interfaces: GIF: Edit page";
+$priv_list['page-interfaces-gif-edit']['descr'] = "Allow access to the 'Interfaces: GIF: Edit' page.";
+$priv_list['page-interfaces-gif-edit']['match'] = array();
+$priv_list['page-interfaces-gif-edit']['match'][] = "interfaces_gif_edit.php*";
+
+$priv_list['page-interfaces-gre'] = array();
+$priv_list['page-interfaces-gre']['name'] = "WebCfg - Interfaces: GRE page";
+$priv_list['page-interfaces-gre']['descr'] = "Allow access to the 'Interfaces: GRE' page.";
+$priv_list['page-interfaces-gre']['match'] = array();
+$priv_list['page-interfaces-gre']['match'][] = "interfaces_gre.php*";
+
+$priv_list['page-interfaces-gre-edit'] = array();
+$priv_list['page-interfaces-gre-edit']['name'] = "WebCfg - Interfaces: GRE: Edit page";
+$priv_list['page-interfaces-gre-edit']['descr'] = "Allow access to the 'Interfaces: GRE: Edit' page.";
+$priv_list['page-interfaces-gre-edit']['match'] = array();
+$priv_list['page-interfaces-gre-edit']['match'][] = "interfaces_gre_edit.php*";
+
+$priv_list['page-interfaces-lan'] = array();
+$priv_list['page-interfaces-lan']['name'] = "WebCfg - Interfaces: LAN page";
+$priv_list['page-interfaces-lan']['descr'] = "Allow access to the 'Interfaces: LAN' page.";
+$priv_list['page-interfaces-lan']['match'] = array();
+$priv_list['page-interfaces-lan']['match'][] = "interfaces_lan.php*";
+
+$priv_list['page-interfaces-ppp'] = array();
+$priv_list['page-interfaces-ppp']['name'] = "WebCfg - Interfaces: PPP page";
+$priv_list['page-interfaces-ppp']['descr'] = "Allow access to the 'Interfaces: PPP' page.";
+$priv_list['page-interfaces-ppp']['match'] = array();
+$priv_list['page-interfaces-ppp']['match'][] = "interfaces_ppp.php*";
+
+$priv_list['page-interfaces-ppp-edit'] = array();
+$priv_list['page-interfaces-ppp-edit']['name'] = "WebCfg - Interfaces: PPP: Edit page";
+$priv_list['page-interfaces-ppp-edit']['descr'] = "Allow access to the 'Interfaces: PPP: Edit' page.";
+$priv_list['page-interfaces-ppp-edit']['match'] = array();
+$priv_list['page-interfaces-ppp-edit']['match'][] = "interfaces_ppp_edit.php*";
+
+$priv_list['page-interfaces-vlan'] = array();
+$priv_list['page-interfaces-vlan']['name'] = "WebCfg - Interfaces: VLAN page";
+$priv_list['page-interfaces-vlan']['descr'] = "Allow access to the 'Interfaces: VLAN' page.";
+$priv_list['page-interfaces-vlan']['match'] = array();
+$priv_list['page-interfaces-vlan']['match'][] = "interfaces_vlan.php*";
+
+$priv_list['page-interfaces-vlan-edit'] = array();
+$priv_list['page-interfaces-vlan-edit']['name'] = "WebCfg - Interfaces: VLAN: Edit page";
+$priv_list['page-interfaces-vlan-edit']['descr'] = "Allow access to the 'Interfaces: VLAN: Edit' page.";
+$priv_list['page-interfaces-vlan-edit']['match'] = array();
+$priv_list['page-interfaces-vlan-edit']['match'][] = "interfaces_vlan_edit.php*";
+
+$priv_list['page-interfaces-wan'] = array();
+$priv_list['page-interfaces-wan']['name'] = "WebCfg - Interfaces: WAN page";
+$priv_list['page-interfaces-wan']['descr'] = "Allow access to the 'Interfaces: WAN' page.";
+$priv_list['page-interfaces-wan']['match'] = array();
+$priv_list['page-interfaces-wan']['match'][] = "interfaces_wan.php*";
+
+$priv_list['page-interfaces-scanwireless'] = array();
+$priv_list['page-interfaces-scanwireless']['name'] = "WebCfg - Interfaces: Scan Wireless page";
+$priv_list['page-interfaces-scanwireless']['descr'] = "Allow access to the 'Interfaces: Scan Wireless' page.";
+$priv_list['page-interfaces-scanwireless']['match'] = array();
+$priv_list['page-interfaces-scanwireless']['match'][] = "interfaces_wlan_scan.php*";
+
+$priv_list['page-system-license'] = array();
+$priv_list['page-system-license']['name'] = "WebCfg - System: License page";
+$priv_list['page-system-license']['descr'] = "Allow access to the 'System: License' page.";
+$priv_list['page-system-license']['match'] = array();
+$priv_list['page-system-license']['match'][] = "license.php*";
+
+$priv_list['page-loadbalancer-pool'] = array();
+$priv_list['page-loadbalancer-pool']['name'] = "WebCfg - Load Balancer: Pool page";
+$priv_list['page-loadbalancer-pool']['descr'] = "Allow access to the 'Load Balancer: Pool' page.";
+$priv_list['page-loadbalancer-pool']['match'] = array();
+$priv_list['page-loadbalancer-pool']['match'][] = "load_balancer_pool.php*";
+
+$priv_list['page-system-packagemanager'] = array();
+$priv_list['page-system-packagemanager']['name'] = "WebCfg - System: Package Manager page";
+$priv_list['page-system-packagemanager']['descr'] = "Allow access to the 'System: Package Manager' page.";
+$priv_list['page-system-packagemanager']['match'] = array();
+$priv_list['page-system-packagemanager']['match'][] = "pkg_mgr.php*";
+
+$priv_list['page-loadbalancer-pool-edit'] = array();
+$priv_list['page-loadbalancer-pool-edit']['name'] = "WebCfg - Load Balancer: Pool: Edit page";
+$priv_list['page-loadbalancer-pool-edit']['descr'] = "Allow access to the 'Load Balancer: Pool: Edit' page.";
+$priv_list['page-loadbalancer-pool-edit']['match'] = array();
+$priv_list['page-loadbalancer-pool-edit']['match'][] = "load_balancer_pool_edit.php*";
+
+$priv_list['page-services-loadbalancer-virtualservers'] = array();
+$priv_list['page-services-loadbalancer-virtualservers']['name'] = "WebCfg - Services: Load Balancer: Virtual Servers page";
+$priv_list['page-services-loadbalancer-virtualservers']['descr'] = "Allow access to the 'Services: Load Balancer: Virtual Servers' page.";
+$priv_list['page-services-loadbalancer-virtualservers']['match'] = array();
+$priv_list['page-services-loadbalancer-virtualservers']['match'][] = "load_balancer_virtual_server.php*";
+
+$priv_list['page-loadbalancer-virtualserver-edit'] = array();
+$priv_list['page-loadbalancer-virtualserver-edit']['name'] = "WebCfg - Load Balancer: Virtual Server: Edit page";
+$priv_list['page-loadbalancer-virtualserver-edit']['descr'] = "Allow access to the 'Load Balancer: Virtual Server: Edit' page.";
+$priv_list['page-loadbalancer-virtualserver-edit']['match'] = array();
+$priv_list['page-loadbalancer-virtualserver-edit']['match'][] = "load_balancer_virtual_server_edit.php*";
+
+$priv_list['page-package-edit'] = array();
+$priv_list['page-package-edit']['name'] = "WebCfg - Package: Edit page";
+$priv_list['page-package-edit']['descr'] = "Allow access to the 'Package: Edit' page.";
+$priv_list['page-package-edit']['match'] = array();
+$priv_list['page-package-edit']['match'][] = "pkg_edit.php*";
+
+$priv_list['page-system-packagemanager-installpackage'] = array();
+$priv_list['page-system-packagemanager-installpackage']['name'] = "WebCfg - System: Package Manager: Install Package page";
+$priv_list['page-system-packagemanager-installpackage']['descr'] = "Allow access to the 'System: Package Manager: Install Package' page.";
+$priv_list['page-system-packagemanager-installpackage']['match'] = array();
+$priv_list['page-system-packagemanager-installpackage']['match'][] = "pkg_mgr_install.php*";
+
+$priv_list['page-system-packagemanager-installed'] = array();
+$priv_list['page-system-packagemanager-installed']['name'] = "WebCfg - System: Package Manager: Installed page";
+$priv_list['page-system-packagemanager-installed']['descr'] = "Allow access to the 'System: Package Manager: Installed' page.";
+$priv_list['page-system-packagemanager-installed']['match'] = array();
+$priv_list['page-system-packagemanager-installed']['match'][] = "pkg_mgr_installed.php*";
+
+$priv_list['page-diagnostics-rebootsystem'] = array();
+$priv_list['page-diagnostics-rebootsystem']['name'] = "WebCfg - Diagnostics: Reboot System page";
+$priv_list['page-diagnostics-rebootsystem']['descr'] = "Allow access to the 'Diagnostics: Reboot System' page.";
+$priv_list['page-diagnostics-rebootsystem']['match'] = array();
+$priv_list['page-diagnostics-rebootsystem']['match'][] = "reboot.php*";
+
+$priv_list['page-services-captiveportal'] = array();
+$priv_list['page-services-captiveportal']['name'] = "WebCfg - Services: Captive portal page";
+$priv_list['page-services-captiveportal']['descr'] = "Allow access to the 'Services: Captive portal' page.";
+$priv_list['page-services-captiveportal']['match'] = array();
+$priv_list['page-services-captiveportal']['match'][] = "services_captiveportal.php*";
+
+$priv_list['page-services-captiveportal-filemanager'] = array();
+$priv_list['page-services-captiveportal-filemanager']['name'] = "WebCfg - Services: Captive portal: File Manager page";
+$priv_list['page-services-captiveportal-filemanager']['descr'] = "Allow access to the 'Services: Captive portal: File Manager' page.";
+$priv_list['page-services-captiveportal-filemanager']['match'] = array();
+$priv_list['page-services-captiveportal-filemanager']['match'][] = "services_captiveportal_filemanager.php*";
+
+$priv_list['page-services-captiveportal-allowedips'] = array();
+$priv_list['page-services-captiveportal-allowedips']['name'] = "WebCfg - Services: Captive portal: Allowed IPs page";
+$priv_list['page-services-captiveportal-allowedips']['descr'] = "Allow access to the 'Services: Captive portal: Allowed IPs' page.";
+$priv_list['page-services-captiveportal-allowedips']['match'] = array();
+$priv_list['page-services-captiveportal-allowedips']['match'][] = "services_captiveportal_ip.php*";
+
+$priv_list['page-services-captiveportal-editallowedips'] = array();
+$priv_list['page-services-captiveportal-editallowedips']['name'] = "WebCfg - Services: Captive portal: Edit Allowed IPs page";
+$priv_list['page-services-captiveportal-editallowedips']['descr'] = "Allow access to the 'Services: Captive portal: Edit Allowed IPs' page.";
+$priv_list['page-services-captiveportal-editallowedips']['match'] = array();
+$priv_list['page-services-captiveportal-editallowedips']['match'][] = "services_captiveportal_ip_edit.php*";
+
+$priv_list['page-services-captiveportal-macaddresses'] = array();
+$priv_list['page-services-captiveportal-macaddresses']['name'] = "WebCfg - Services: Captive portal: Mac Addresses page";
+$priv_list['page-services-captiveportal-macaddresses']['descr'] = "Allow access to the 'Services: Captive portal: Mac Addresses' page.";
+$priv_list['page-services-captiveportal-macaddresses']['match'] = array();
+$priv_list['page-services-captiveportal-macaddresses']['match'][] = "services_captiveportal_mac.php*";
+
+$priv_list['page-services-captiveportal-editmacaddresses'] = array();
+$priv_list['page-services-captiveportal-editmacaddresses']['name'] = "WebCfg - Services: Captive portal: Edit MAC Addresses page";
+$priv_list['page-services-captiveportal-editmacaddresses']['descr'] = "Allow access to the 'Services: Captive portal: Edit MAC Addresses' page.";
+$priv_list['page-services-captiveportal-editmacaddresses']['match'] = array();
+$priv_list['page-services-captiveportal-editmacaddresses']['match'][] = "services_captiveportal_mac_edit.php*";
+
+$priv_list['page-services-captiveportal-users'] = array();
+$priv_list['page-services-captiveportal-users']['name'] = "WebCfg - Services: Captive portal: Users page";
+$priv_list['page-services-captiveportal-users']['descr'] = "Allow access to the 'Services: Captive portal: Users' page.";
+$priv_list['page-services-captiveportal-users']['match'] = array();
+$priv_list['page-services-captiveportal-users']['match'][] = "services_captiveportal_users.php*";
+
+$priv_list['page-services-captiveportal-edituser'] = array();
+$priv_list['page-services-captiveportal-edituser']['name'] = "WebCfg - Services: Captive portal: Edit User page";
+$priv_list['page-services-captiveportal-edituser']['descr'] = "Allow access to the 'Services: Captive portal: Edit User' page.";
+$priv_list['page-services-captiveportal-edituser']['match'] = array();
+$priv_list['page-services-captiveportal-edituser']['match'][] = "services_captiveportal_users_edit.php*";
+
+$priv_list['page-services-dhcpserver'] = array();
+$priv_list['page-services-dhcpserver']['name'] = "WebCfg - Services: DHCP server page";
+$priv_list['page-services-dhcpserver']['descr'] = "Allow access to the 'Services: DHCP server' page.";
+$priv_list['page-services-dhcpserver']['match'] = array();
+$priv_list['page-services-dhcpserver']['match'][] = "services_dhcp.php*";
+
+$priv_list['page-services-dhcpserver-editstaticmapping'] = array();
+$priv_list['page-services-dhcpserver-editstaticmapping']['name'] = "WebCfg - Services: DHCP Server : Edit static mapping page";
+$priv_list['page-services-dhcpserver-editstaticmapping']['descr'] = "Allow access to the 'Services: DHCP Server : Edit static mapping' page.";
+$priv_list['page-services-dhcpserver-editstaticmapping']['match'] = array();
+$priv_list['page-services-dhcpserver-editstaticmapping']['match'][] = "services_dhcp_edit.php*";
+
+$priv_list['page-services-dhcprelay'] = array();
+$priv_list['page-services-dhcprelay']['name'] = "WebCfg - Services: DHCP Relay page";
+$priv_list['page-services-dhcprelay']['descr'] = "Allow access to the 'Services: DHCP Relay' page.";
+$priv_list['page-services-dhcprelay']['match'] = array();
+$priv_list['page-services-dhcprelay']['match'][] = "services_dhcp_relay.php*";
+
+$priv_list['page-services-dnsforwarder'] = array();
+$priv_list['page-services-dnsforwarder']['name'] = "WebCfg - Services: DNS Forwarder page";
+$priv_list['page-services-dnsforwarder']['descr'] = "Allow access to the 'Services: DNS Forwarder' page.";
+$priv_list['page-services-dnsforwarder']['match'] = array();
+$priv_list['page-services-dnsforwarder']['match'][] = "services_dnsmasq.php*";
+
+$priv_list['page-services-dnsforwarder-editdomainoverride'] = array();
+$priv_list['page-services-dnsforwarder-editdomainoverride']['name'] = "WebCfg - Services: DNS Forwarder: Edit Domain Override page";
+$priv_list['page-services-dnsforwarder-editdomainoverride']['descr'] = "Allow access to the 'Services: DNS Forwarder: Edit Domain Override' page.";
+$priv_list['page-services-dnsforwarder-editdomainoverride']['match'] = array();
+$priv_list['page-services-dnsforwarder-editdomainoverride']['match'][] = "services_dnsmasq_domainoverride_edit.php*";
+
+$priv_list['page-services-dnsforwarder-edithost'] = array();
+$priv_list['page-services-dnsforwarder-edithost']['name'] = "WebCfg - Services: DNS Forwarder: Edit host page";
+$priv_list['page-services-dnsforwarder-edithost']['descr'] = "Allow access to the 'Services: DNS Forwarder: Edit host' page.";
+$priv_list['page-services-dnsforwarder-edithost']['match'] = array();
+$priv_list['page-services-dnsforwarder-edithost']['match'][] = "services_dnsmasq_edit.php*";
+
+$priv_list['page-services-dynamicdnsclients'] = array();
+$priv_list['page-services-dynamicdnsclients']['name'] = "WebCfg - Services: Dynamic DNS clients page";
+$priv_list['page-services-dynamicdnsclients']['descr'] = "Allow access to the 'Services: Dynamic DNS clients' page.";
+$priv_list['page-services-dynamicdnsclients']['match'] = array();
+$priv_list['page-services-dynamicdnsclients']['match'][] = "services_dyndns.php*";
+
+$priv_list['page-services-dynamicdnsclient'] = array();
+$priv_list['page-services-dynamicdnsclient']['name'] = "WebCfg - Services: Dynamic DNS client page";
+$priv_list['page-services-dynamicdnsclient']['descr'] = "Allow access to the 'Services: Dynamic DNS client' page.";
+$priv_list['page-services-dynamicdnsclient']['match'] = array();
+$priv_list['page-services-dynamicdnsclient']['match'][] = "services_dyndns_edit.php*";
+
+$priv_list['page-services-proxyarp'] = array();
+$priv_list['page-services-proxyarp']['name'] = "WebCfg - Services: Proxy ARP page";
+$priv_list['page-services-proxyarp']['descr'] = "Allow access to the 'Services: Proxy ARP' page.";
+$priv_list['page-services-proxyarp']['match'] = array();
+$priv_list['page-services-proxyarp']['match'][] = "services_proxyarp.php*";
+
+$priv_list['page-services-proxyarp-edit'] = array();
+$priv_list['page-services-proxyarp-edit']['name'] = "WebCfg - Services: Proxy ARP: Edit page";
+$priv_list['page-services-proxyarp-edit']['descr'] = "Allow access to the 'Services: Proxy ARP: Edit' page.";
+$priv_list['page-services-proxyarp-edit']['match'] = array();
+$priv_list['page-services-proxyarp-edit']['match'][] = "services_proxyarp_edit.php*";
+
+$priv_list['page-services-rfc2136clients'] = array();
+$priv_list['page-services-rfc2136clients']['name'] = "WebCfg - Services: RFC 2136 clients page";
+$priv_list['page-services-rfc2136clients']['descr'] = "Allow access to the 'Services: RFC 2136 clients' page.";
+$priv_list['page-services-rfc2136clients']['match'] = array();
+$priv_list['page-services-rfc2136clients']['match'][] = "services_rfc2136.php*";
+
+$priv_list['page-services-snmp'] = array();
+$priv_list['page-services-snmp']['name'] = "WebCfg - Services: SNMP page";
+$priv_list['page-services-snmp']['descr'] = "Allow access to the 'Services: SNMP' page.";
+$priv_list['page-services-snmp']['match'] = array();
+$priv_list['page-services-snmp']['match'][] = "services_snmp.php*";
+
+$priv_list['page-services-usermanager'] = array();
+$priv_list['page-services-usermanager']['name'] = "WebCfg - Services: User Manager page";
+$priv_list['page-services-usermanager']['descr'] = "Allow access to the 'Services: User Manager' page.";
+$priv_list['page-services-usermanager']['match'] = array();
+$priv_list['page-services-usermanager']['match'][] = "services_usermanager.php*";
+
+$priv_list['page-services-wakeonlan'] = array();
+$priv_list['page-services-wakeonlan']['name'] = "WebCfg - Services: Wake on LAN page";
+$priv_list['page-services-wakeonlan']['descr'] = "Allow access to the 'Services: Wake on LAN' page.";
+$priv_list['page-services-wakeonlan']['match'] = array();
+$priv_list['page-services-wakeonlan']['match'][] = "services_wol.php*";
+
+$priv_list['page-services-wakeonlan-edit'] = array();
+$priv_list['page-services-wakeonlan-edit']['name'] = "WebCfg - Services: Wake on LAN: Edit page";
+$priv_list['page-services-wakeonlan-edit']['descr'] = "Allow access to the 'Services: Wake on LAN: Edit' page.";
+$priv_list['page-services-wakeonlan-edit']['match'] = array();
+$priv_list['page-services-wakeonlan-edit']['match'][] = "services_wol_edit.php*";
+
+$priv_list['page-hidden-detailedstatus'] = array();
+$priv_list['page-hidden-detailedstatus']['name'] = "WebCfg - Hidden: Detailed Status page";
+$priv_list['page-hidden-detailedstatus']['descr'] = "Allow access to the 'Hidden: Detailed Status' page.";
+$priv_list['page-hidden-detailedstatus']['match'] = array();
+$priv_list['page-hidden-detailedstatus']['match'][] = "status.php*";
+
+$priv_list['page-status-captiveportal'] = array();
+$priv_list['page-status-captiveportal']['name'] = "WebCfg - Status: Captive portal page";
+$priv_list['page-status-captiveportal']['descr'] = "Allow access to the 'Status: Captive portal' page.";
+$priv_list['page-status-captiveportal']['match'] = array();
+$priv_list['page-status-captiveportal']['match'][] = "status_captiveportal.php*";
+
+$priv_list['page-status-filterreloadstatus'] = array();
+$priv_list['page-status-filterreloadstatus']['name'] = "WebCfg - Status: Filter Reload Status page";
+$priv_list['page-status-filterreloadstatus']['descr'] = "Allow access to the 'Status: Filter Reload Status' page.";
+$priv_list['page-status-filterreloadstatus']['match'] = array();
+$priv_list['page-status-filterreloadstatus']['match'][] = "status_filter_reload.php*";
+
+$priv_list['page-status-gatewaygroups'] = array();
+$priv_list['page-status-gatewaygroups']['name'] = "WebCfg - Status: Gateway Groups page";
+$priv_list['page-status-gatewaygroups']['descr'] = "Allow access to the 'Status: Gateway Groups' page.";
+$priv_list['page-status-gatewaygroups']['match'] = array();
+$priv_list['page-status-gatewaygroups']['match'][] = "status_gateway_groups.php*";
+
+$priv_list['page-status-gateways'] = array();
+$priv_list['page-status-gateways']['name'] = "WebCfg - Status: Gateways page";
+$priv_list['page-status-gateways']['descr'] = "Allow access to the 'Status: Gateways' page.";
+$priv_list['page-status-gateways']['match'] = array();
+$priv_list['page-status-gateways']['match'][] = "status_gateways.php*";
+
+$priv_list['page-status-trafficgraph'] = array();
+$priv_list['page-status-trafficgraph']['name'] = "WebCfg - Status: Traffic Graph page";
+$priv_list['page-status-trafficgraph']['descr'] = "Allow access to the 'Status: Traffic Graph' page.";
+$priv_list['page-status-trafficgraph']['match'] = array();
+$priv_list['page-status-trafficgraph']['match'][] = "status_graph.php*";
+
+$priv_list['page-status-cpuload'] = array();
+$priv_list['page-status-cpuload']['name'] = "WebCfg - Status: CPU load page";
+$priv_list['page-status-cpuload']['descr'] = "Allow access to the 'Status: CPU load' page.";
+$priv_list['page-status-cpuload']['match'] = array();
+$priv_list['page-status-cpuload']['match'][] = "status_graph_cpu.php*";
+
+$priv_list['page-status-interfaces'] = array();
+$priv_list['page-status-interfaces']['name'] = "WebCfg - Status: Interfaces page";
+$priv_list['page-status-interfaces']['descr'] = "Allow access to the 'Status: Interfaces' page.";
+$priv_list['page-status-interfaces']['match'] = array();
+$priv_list['page-status-interfaces']['match'][] = "status_interfaces.php*";
+
+$priv_list['page-status-openvpn'] = array();
+$priv_list['page-status-openvpn']['name'] = "WebCfg - Status: OpenVPN page";
+$priv_list['page-status-openvpn']['descr'] = "Allow access to the 'Status: OpenVPN' page.";
+$priv_list['page-status-openvpn']['match'] = array();
+$priv_list['page-status-openvpn']['match'][] = "status_ovpn.php*";
+
+$priv_list['page-status-trafficshaper-queues'] = array();
+$priv_list['page-status-trafficshaper-queues']['name'] = "WebCfg - Status: Traffic shaper: Queues page";
+$priv_list['page-status-trafficshaper-queues']['descr'] = "Allow access to the 'Status: Traffic shaper: Queues' page.";
+$priv_list['page-status-trafficshaper-queues']['match'] = array();
+$priv_list['page-status-trafficshaper-queues']['match'][] = "status_queues.php*";
+
+$priv_list['page-status-rrdgraphs'] = array();
+$priv_list['page-status-rrdgraphs']['name'] = "WebCfg - Status: RRD Graphs page";
+$priv_list['page-status-rrdgraphs']['descr'] = "Allow access to the 'Status: RRD Graphs' page.";
+$priv_list['page-status-rrdgraphs']['match'] = array();
+$priv_list['page-status-rrdgraphs']['match'][] = "status_rrd_graph.php*";
+
+$priv_list['page-status-rrdgraphs'] = array();
+$priv_list['page-status-rrdgraphs']['name'] = "WebCfg - Status: RRD Graphs page";
+$priv_list['page-status-rrdgraphs']['descr'] = "Allow access to the 'Status: RRD Graphs' page.";
+$priv_list['page-status-rrdgraphs']['match'] = array();
+$priv_list['page-status-rrdgraphs']['match'][] = "status_rrd_graph_settings.php*";
+
+$priv_list['page-status-services'] = array();
+$priv_list['page-status-services']['name'] = "WebCfg - Status: Services page";
+$priv_list['page-status-services']['descr'] = "Allow access to the 'Status: Services' page.";
+$priv_list['page-status-services']['match'] = array();
+$priv_list['page-status-services']['match'][] = "status_services.php*";
+
+$priv_list['page-status-loadbalancer-pool'] = array();
+$priv_list['page-status-loadbalancer-pool']['name'] = "WebCfg - Status: Load Balancer: Pool page";
+$priv_list['page-status-loadbalancer-pool']['descr'] = "Allow access to the 'Status: Load Balancer: Pool' page.";
+$priv_list['page-status-loadbalancer-pool']['match'] = array();
+$priv_list['page-status-loadbalancer-pool']['match'][] = "status_slbd_pool.php*";
+
+$priv_list['page-status-loadbalancer-virtualserver'] = array();
+$priv_list['page-status-loadbalancer-virtualserver']['name'] = "WebCfg - Status: Load Balancer: Virtual Server page";
+$priv_list['page-status-loadbalancer-virtualserver']['descr'] = "Allow access to the 'Status: Load Balancer: Virtual Server' page.";
+$priv_list['page-status-loadbalancer-virtualserver']['match'] = array();
+$priv_list['page-status-loadbalancer-virtualserver']['match'][] = "status_slbd_vs.php*";
+
+$priv_list['page-status-upnpstatus'] = array();
+$priv_list['page-status-upnpstatus']['name'] = "WebCfg - Status: UPnP Status page";
+$priv_list['page-status-upnpstatus']['descr'] = "Allow access to the 'Status: UPnP Status' page.";
+$priv_list['page-status-upnpstatus']['match'] = array();
+$priv_list['page-status-upnpstatus']['match'][] = "status_upnp.php*";
+
+$priv_list['page-diagnostics-wirelessstatus'] = array();
+$priv_list['page-diagnostics-wirelessstatus']['name'] = "WebCfg - Diagnostics: Wireless Status page";
+$priv_list['page-diagnostics-wirelessstatus']['descr'] = "Allow access to the 'Diagnostics: Wireless Status' page.";
+$priv_list['page-diagnostics-wirelessstatus']['match'] = array();
+$priv_list['page-diagnostics-wirelessstatus']['match'][] = "status_wireless.php*";
+
+$priv_list['page-system-generalsetup'] = array();
+$priv_list['page-system-generalsetup']['name'] = "WebCfg - System: General Setup page";
+$priv_list['page-system-generalsetup']['descr'] = "Allow access to the 'System: General Setup' page.";
+$priv_list['page-system-generalsetup']['match'] = array();
+$priv_list['page-system-generalsetup']['match'][] = "system.php*";
+
+$priv_list['page-system-advancedfunctions'] = array();
+$priv_list['page-system-advancedfunctions']['name'] = "WebCfg - System: Advanced functions page";
+$priv_list['page-system-advancedfunctions']['descr'] = "Allow access to the 'System: Advanced functions' page.";
+$priv_list['page-system-advancedfunctions']['match'] = array();
+$priv_list['page-system-advancedfunctions']['match'][] = "system_advanced.php*";
+
+$priv_list['page-system-advancedfunctions-createcertificates'] = array();
+$priv_list['page-system-advancedfunctions-createcertificates']['name'] = "WebCfg - System: Advanced functions: Create Certificates page";
+$priv_list['page-system-advancedfunctions-createcertificates']['descr'] = "Allow access to the 'System: Advanced functions: Create Certificates' page.";
+$priv_list['page-system-advancedfunctions-createcertificates']['match'] = array();
+$priv_list['page-system-advancedfunctions-createcertificates']['match'][] = "system_advanced_create_certs.php*";
+
+$priv_list['page-system-firmware-manualupdate'] = array();
+$priv_list['page-system-firmware-manualupdate']['name'] = "WebCfg - System: Firmware: Manual Update page";
+$priv_list['page-system-firmware-manualupdate']['descr'] = "Allow access to the 'System: Firmware: Manual Update' page.";
+$priv_list['page-system-firmware-manualupdate']['match'] = array();
+$priv_list['page-system-firmware-manualupdate']['match'][] = "system_firmware.php*";
+
+$priv_list['page-system-firmware-checkforupdate'] = array();
+$priv_list['page-system-firmware-checkforupdate']['name'] = "WebCfg - System: Firmware: Check For Update page";
+$priv_list['page-system-firmware-checkforupdate']['descr'] = "Allow access to the 'System: Firmware: Check For Update' page.";
+$priv_list['page-system-firmware-checkforupdate']['match'] = array();
+$priv_list['page-system-firmware-checkforupdate']['match'][] = "system_firmware_auto.php*";
+
+$priv_list['page-system-firmware-autoupdate'] = array();
+$priv_list['page-system-firmware-autoupdate']['name'] = "WebCfg - System: Firmware: Auto Update page";
+$priv_list['page-system-firmware-autoupdate']['descr'] = "Allow access to the 'System: Firmware: Auto Update' page.";
+$priv_list['page-system-firmware-autoupdate']['match'] = array();
+$priv_list['page-system-firmware-autoupdate']['match'][] = "system_firmware_check.php*";
+
+$priv_list['page-system-firmware-settings'] = array();
+$priv_list['page-system-firmware-settings']['name'] = "WebCfg - System: Firmware: Settings page";
+$priv_list['page-system-firmware-settings']['descr'] = "Allow access to the 'System: Firmware: Settings' page.";
+$priv_list['page-system-firmware-settings']['match'] = array();
+$priv_list['page-system-firmware-settings']['match'][] = "system_firmware_settings.php*";
+
+$priv_list['page-system-gateways'] = array();
+$priv_list['page-system-gateways']['name'] = "WebCfg - System: Gateways page";
+$priv_list['page-system-gateways']['descr'] = "Allow access to the 'System: Gateways' page.";
+$priv_list['page-system-gateways']['match'] = array();
+$priv_list['page-system-gateways']['match'][] = "system_gateways.php*";
+
+$priv_list['page-system-gatewaygroups'] = array();
+$priv_list['page-system-gatewaygroups']['name'] = "WebCfg - System: Gateway Groups page";
+$priv_list['page-system-gatewaygroups']['descr'] = "Allow access to the 'System: Gateway Groups' page.";
+$priv_list['page-system-gatewaygroups']['match'] = array();
+$priv_list['page-system-gatewaygroups']['match'][] = "system_gateway_groups.php*";
+
+$priv_list['page-system-gateways-editgatewaygroups'] = array();
+$priv_list['page-system-gateways-editgatewaygroups']['name'] = "WebCfg - System: Gateways: Edit Gateway Groups page";
+$priv_list['page-system-gateways-editgatewaygroups']['descr'] = "Allow access to the 'System: Gateways: Edit Gateway Groups' page.";
+$priv_list['page-system-gateways-editgatewaygroups']['match'] = array();
+$priv_list['page-system-gateways-editgatewaygroups']['match'][] = "system_gateway_groups_edit.php*";
+
+$priv_list['page-system-gateways-editgateway'] = array();
+$priv_list['page-system-gateways-editgateway']['name'] = "WebCfg - System: Gateways: Edit Gateway page";
+$priv_list['page-system-gateways-editgateway']['descr'] = "Allow access to the 'System: Gateways: Edit Gateway' page.";
+$priv_list['page-system-gateways-editgateway']['match'] = array();
+$priv_list['page-system-gateways-editgateway']['match'][] = "system_gateways_edit.php*";
+
+$priv_list['page-system-groupmanager'] = array();
+$priv_list['page-system-groupmanager']['name'] = "WebCfg - System: Group manager page";
+$priv_list['page-system-groupmanager']['descr'] = "Allow access to the 'System: Group manager' page.";
+$priv_list['page-system-groupmanager']['match'] = array();
+$priv_list['page-system-groupmanager']['match'][] = "system_groupmanager.php*";
+
+$priv_list['page-system-groupmanager-editprivileges'] = array();
+$priv_list['page-system-groupmanager-editprivileges']['name'] = "WebCfg - System: Group manager: Edit Privileges page";
+$priv_list['page-system-groupmanager-editprivileges']['descr'] = "Allow access to the 'System: Group manager: Edit Privileges' page.";
+$priv_list['page-system-groupmanager-editprivileges']['match'] = array();
+$priv_list['page-system-groupmanager-editprivileges']['match'][] = "system_groupmanager_edit.php*";
+
+$priv_list['page-system-staticroutes'] = array();
+$priv_list['page-system-staticroutes']['name'] = "WebCfg - System: Static Routes page";
+$priv_list['page-system-staticroutes']['descr'] = "Allow access to the 'System: Static Routes' page.";
+$priv_list['page-system-staticroutes']['match'] = array();
+$priv_list['page-system-staticroutes']['match'][] = "system_routes.php*";
+
+$priv_list['page-system-staticroutes-editroute'] = array();
+$priv_list['page-system-staticroutes-editroute']['name'] = "WebCfg - System: Static Routes: Edit route page";
+$priv_list['page-system-staticroutes-editroute']['descr'] = "Allow access to the 'System: Static Routes: Edit route' page.";
+$priv_list['page-system-staticroutes-editroute']['match'] = array();
+$priv_list['page-system-staticroutes-editroute']['match'][] = "system_routes_edit.php*";
+
+$priv_list['page-system-usermanager'] = array();
+$priv_list['page-system-usermanager']['name'] = "WebCfg - System: User Manager page";
+$priv_list['page-system-usermanager']['descr'] = "Allow access to the 'System: User Manager' page.";
+$priv_list['page-system-usermanager']['match'] = array();
+$priv_list['page-system-usermanager']['match'][] = "system_usermanager.php*";
+
+$priv_list['page-system-usermanager-addprivileges'] = array();
+$priv_list['page-system-usermanager-addprivileges']['name'] = "WebCfg - System: User Manager: Add Privileges page";
+$priv_list['page-system-usermanager-addprivileges']['descr'] = "Allow access to the 'System: User Manager: Add Privileges' page.";
+$priv_list['page-system-usermanager-addprivileges']['match'] = array();
+$priv_list['page-system-usermanager-addprivileges']['match'][] = "system_usermanager_addprivs.php*";
+
+$priv_list['page-system-usermanager-settings'] = array();
+$priv_list['page-system-usermanager-settings']['name'] = "WebCfg - System: User manager: settings page";
+$priv_list['page-system-usermanager-settings']['descr'] = "Allow access to the 'System: User manager: settings' page.";
+$priv_list['page-system-usermanager-settings']['match'] = array();
+$priv_list['page-system-usermanager-settings']['match'][] = "system_usermanager_settings.php*";
+
+$priv_list['page-system-usermanager-settings-testldap'] = array();
+$priv_list['page-system-usermanager-settings-testldap']['name'] = "WebCfg - System: User Manager: Settings: Test LDAP page";
+$priv_list['page-system-usermanager-settings-testldap']['descr'] = "Allow access to the 'System: User Manager: Settings: Test LDAP' page.";
+$priv_list['page-system-usermanager-settings-testldap']['match'] = array();
+$priv_list['page-system-usermanager-settings-testldap']['match'][] = "system_usermanager_settings_test.php*";
+
+$priv_list['page-hidden-uploadconfiguration'] = array();
+$priv_list['page-hidden-uploadconfiguration']['name'] = "WebCfg - Hidden: Upload Configuration page";
+$priv_list['page-hidden-uploadconfiguration']['descr'] = "Allow access to the 'Hidden: Upload Configuration' page.";
+$priv_list['page-hidden-uploadconfiguration']['match'] = array();
+$priv_list['page-hidden-uploadconfiguration']['match'][] = "uploadconfig.php*";
+
+$priv_list['page-vpn-ipsec'] = array();
+$priv_list['page-vpn-ipsec']['name'] = "WebCfg - VPN: IPsec page";
+$priv_list['page-vpn-ipsec']['descr'] = "Allow access to the 'VPN: IPsec' page.";
+$priv_list['page-vpn-ipsec']['match'] = array();
+$priv_list['page-vpn-ipsec']['match'][] = "vpn_ipsec.php*";
+
+$priv_list['page-vpn-ipsec-certificateauthority'] = array();
+$priv_list['page-vpn-ipsec-certificateauthority']['name'] = "WebCfg - VPN: IPsec: Certificate Authority page";
+$priv_list['page-vpn-ipsec-certificateauthority']['descr'] = "Allow access to the 'VPN: IPsec: Certificate Authority' page.";
+$priv_list['page-vpn-ipsec-certificateauthority']['match'] = array();
+$priv_list['page-vpn-ipsec-certificateauthority']['match'][] = "vpn_ipsec_ca.php*";
+
+$priv_list['page-vpn-ipsec-certificateauthority-edit'] = array();
+$priv_list['page-vpn-ipsec-certificateauthority-edit']['name'] = "WebCfg - VPN: IPsec: Certificate Authority: Edit page";
+$priv_list['page-vpn-ipsec-certificateauthority-edit']['descr'] = "Allow access to the 'VPN: IPsec: Certificate Authority: Edit' page.";
+$priv_list['page-vpn-ipsec-certificateauthority-edit']['match'] = array();
+$priv_list['page-vpn-ipsec-certificateauthority-edit']['match'][] = "vpn_ipsec_ca_edit.php*";
+
+$priv_list['page-vpn-ipsec-mobile'] = array();
+$priv_list['page-vpn-ipsec-mobile']['name'] = "WebCfg - VPN: IPsec: Mobile page";
+$priv_list['page-vpn-ipsec-mobile']['descr'] = "Allow access to the 'VPN: IPsec: Mobile' page.";
+$priv_list['page-vpn-ipsec-mobile']['match'] = array();
+$priv_list['page-vpn-ipsec-mobile']['match'][] = "vpn_ipsec_mobile.php*";
+
+$priv_list['page-vpn-ipsec-editphase1'] = array();
+$priv_list['page-vpn-ipsec-editphase1']['name'] = "WebCfg - VPN: IPsec: Edit Phase 1 page";
+$priv_list['page-vpn-ipsec-editphase1']['descr'] = "Allow access to the 'VPN: IPsec: Edit Phase 1' page.";
+$priv_list['page-vpn-ipsec-editphase1']['match'] = array();
+$priv_list['page-vpn-ipsec-editphase1']['match'][] = "vpn_ipsec_phase1.php*";
+
+$priv_list['page-vpn-ipsec-editphase2'] = array();
+$priv_list['page-vpn-ipsec-editphase2']['name'] = "WebCfg - VPN: IPsec: Edit Phase 2 page";
+$priv_list['page-vpn-ipsec-editphase2']['descr'] = "Allow access to the 'VPN: IPsec: Edit Phase 2' page.";
+$priv_list['page-vpn-ipsec-editphase2']['match'] = array();
+$priv_list['page-vpn-ipsec-editphase2']['match'][] = "vpn_ipsec_phase2.php*";
+
+$priv_list['page-vpn-openvpn-createcerts'] = array();
+$priv_list['page-vpn-openvpn-createcerts']['name'] = "WebCfg - VPN: OpenVPN: Create Certs page";
+$priv_list['page-vpn-openvpn-createcerts']['descr'] = "Allow access to the 'VPN: OpenVPN: Create Certs' page.";
+$priv_list['page-vpn-openvpn-createcerts']['match'] = array();
+$priv_list['page-vpn-openvpn-createcerts']['match'][] = "vpn_openvpn_certs_create.php*";
+
+$priv_list['page-vpn-openvpn-createexistingcerts'] = array();
+$priv_list['page-vpn-openvpn-createexistingcerts']['name'] = "WebCfg - VPN: OpenVPN: Create Existing Certs page";
+$priv_list['page-vpn-openvpn-createexistingcerts']['descr'] = "Allow access to the 'VPN: OpenVPN: Create Existing Certs' page.";
+$priv_list['page-vpn-openvpn-createexistingcerts']['match'] = array();
+$priv_list['page-vpn-openvpn-createexistingcerts']['match'][] = "vpn_openvpn_certs_existing.php*";
+
+$priv_list['page-vpn-openvpn-editclient'] = array();
+$priv_list['page-vpn-openvpn-editclient']['name'] = "WebCfg - VPN: OpenVPN: Edit client page";
+$priv_list['page-vpn-openvpn-editclient']['descr'] = "Allow access to the 'VPN: OpenVPN: Edit client' page.";
+$priv_list['page-vpn-openvpn-editclient']['match'] = array();
+$priv_list['page-vpn-openvpn-editclient']['match'][] = "vpn_openvpn_cli_edit.php*";
+
+$priv_list['page-vpn-openvpn-createcerts'] = array();
+$priv_list['page-vpn-openvpn-createcerts']['name'] = "WebCfg - VPN: OpenVPN: Create Certs page";
+$priv_list['page-vpn-openvpn-createcerts']['descr'] = "Allow access to the 'VPN: OpenVPN: Create Certs' page.";
+$priv_list['page-vpn-openvpn-createcerts']['match'] = array();
+$priv_list['page-vpn-openvpn-createcerts']['match'][] = "vpn_openvpn_create_certs.php*";
+
+$priv_list['page-vpn-openvpn-editcrl'] = array();
+$priv_list['page-vpn-openvpn-editcrl']['name'] = "WebCfg - VPN: OpenVPN: Edit CRL page";
+$priv_list['page-vpn-openvpn-editcrl']['descr'] = "Allow access to the 'VPN: OpenVPN: Edit CRL' page.";
+$priv_list['page-vpn-openvpn-editcrl']['match'] = array();
+$priv_list['page-vpn-openvpn-editcrl']['match'][] = "vpn_openvpn_crl_edit.php*";
+
+$priv_list['page-vpn-openvpn-editserver'] = array();
+$priv_list['page-vpn-openvpn-editserver']['name'] = "WebCfg - VPN: OpenVPN: Edit server page";
+$priv_list['page-vpn-openvpn-editserver']['descr'] = "Allow access to the 'VPN: OpenVPN: Edit server' page.";
+$priv_list['page-vpn-openvpn-editserver']['match'] = array();
+$priv_list['page-vpn-openvpn-editserver']['match'][] = "vpn_openvpn_srv_edit.php*";
+
+$priv_list['page-vpn-vpnopenvpn-user-edit'] = array();
+$priv_list['page-vpn-vpnopenvpn-user-edit']['name'] = "WebCfg - VPN: VPN OpenVPN: User: Edit page";
+$priv_list['page-vpn-vpnopenvpn-user-edit']['descr'] = "Allow access to the 'VPN: VPN OpenVPN: User: Edit' page.";
+$priv_list['page-vpn-vpnopenvpn-user-edit']['match'] = array();
+$priv_list['page-vpn-vpnopenvpn-user-edit']['match'][] = "vpn_openvpn_user_edit.php*";
+
+$priv_list['page-vpn-vpnopenvpn-users'] = array();
+$priv_list['page-vpn-vpnopenvpn-users']['name'] = "WebCfg - VPN: VPN OpenVPN: Users page";
+$priv_list['page-vpn-vpnopenvpn-users']['descr'] = "Allow access to the 'VPN: VPN OpenVPN: Users' page.";
+$priv_list['page-vpn-vpnopenvpn-users']['match'] = array();
+$priv_list['page-vpn-vpnopenvpn-users']['match'][] = "vpn_openvpn_users.php*";
+
+$priv_list['page-vpn-vpnopenvpn-user-edit'] = array();
+$priv_list['page-vpn-vpnopenvpn-user-edit']['name'] = "WebCfg - VPN: VPN OpenVPN: User: Edit page";
+$priv_list['page-vpn-vpnopenvpn-user-edit']['descr'] = "Allow access to the 'VPN: VPN OpenVPN: User: Edit' page.";
+$priv_list['page-vpn-vpnopenvpn-user-edit']['match'] = array();
+$priv_list['page-vpn-vpnopenvpn-user-edit']['match'][] = "vpn_openvpn_users_edit.php*";
+
+$priv_list['page-services-pppoeserver'] = array();
+$priv_list['page-services-pppoeserver']['name'] = "WebCfg - Services: PPPoE Server page";
+$priv_list['page-services-pppoeserver']['descr'] = "Allow access to the 'Services: PPPoE Server' page.";
+$priv_list['page-services-pppoeserver']['match'] = array();
+$priv_list['page-services-pppoeserver']['match'][] = "vpn_pppoe.php*";
+
+$priv_list['page-services-pppoeserver-users'] = array();
+$priv_list['page-services-pppoeserver-users']['name'] = "WebCfg - Services: PPPoE Server: Users page";
+$priv_list['page-services-pppoeserver-users']['descr'] = "Allow access to the 'Services: PPPoE Server: Users' page.";
+$priv_list['page-services-pppoeserver-users']['match'] = array();
+$priv_list['page-services-pppoeserver-users']['match'][] = "vpn_pppoe_users.php*";
+
+$priv_list['page-services-pppoeserver-user-edit'] = array();
+$priv_list['page-services-pppoeserver-user-edit']['name'] = "WebCfg - Services: PPPoE Server: User: Edit page";
+$priv_list['page-services-pppoeserver-user-edit']['descr'] = "Allow access to the 'Services: PPPoE Server: User: Edit' page.";
+$priv_list['page-services-pppoeserver-user-edit']['match'] = array();
+$priv_list['page-services-pppoeserver-user-edit']['match'][] = "vpn_pppoe_users_edit.php*";
+
+$priv_list['page-vpn-vpnpptp'] = array();
+$priv_list['page-vpn-vpnpptp']['name'] = "WebCfg - VPN: VPN PPTP page";
+$priv_list['page-vpn-vpnpptp']['descr'] = "Allow access to the 'VPN: VPN PPTP' page.";
+$priv_list['page-vpn-vpnpptp']['match'] = array();
+$priv_list['page-vpn-vpnpptp']['match'][] = "vpn_pptp.php*";
+
+$priv_list['page-vpn-vpnpptp-users'] = array();
+$priv_list['page-vpn-vpnpptp-users']['name'] = "WebCfg - VPN: VPN PPTP: Users page";
+$priv_list['page-vpn-vpnpptp-users']['descr'] = "Allow access to the 'VPN: VPN PPTP: Users' page.";
+$priv_list['page-vpn-vpnpptp-users']['match'] = array();
+$priv_list['page-vpn-vpnpptp-users']['match'][] = "vpn_pptp_users.php*";
+
+$priv_list['page-vpn-vpnpptp-user-edit'] = array();
+$priv_list['page-vpn-vpnpptp-user-edit']['name'] = "WebCfg - VPN: VPN PPTP: User: Edit page";
+$priv_list['page-vpn-vpnpptp-user-edit']['descr'] = "Allow access to the 'VPN: VPN PPTP: User: Edit' page.";
+$priv_list['page-vpn-vpnpptp-user-edit']['match'] = array();
+$priv_list['page-vpn-vpnpptp-user-edit']['match'][] = "vpn_pptp_users_edit.php*";
+
+$priv_list['page-pfsensewizardsubsystem'] = array();
+$priv_list['page-pfsensewizardsubsystem']['name'] = "WebCfg - pfSense wizard subsystem page";
+$priv_list['page-pfsensewizardsubsystem']['descr'] = "Allow access to the 'pfSense wizard subsystem' page.";
+$priv_list['page-pfsensewizardsubsystem']['match'] = array();
+$priv_list['page-pfsensewizardsubsystem']['match'][] = "wizard.php*";
+
+$priv_list['page-xmlrpclibrary'] = array();
+$priv_list['page-xmlrpclibrary']['name'] = "WebCfg - XMLRPC Library page";
+$priv_list['page-xmlrpclibrary']['descr'] = "Allow access to the 'XMLRPC Library' page.";
+$priv_list['page-xmlrpclibrary']['match'] = array();
+$priv_list['page-xmlrpclibrary']['match'][] = "xmlrpc.php*";
+
+
+$priv_rmvd = array();
+
+?>
diff --git a/etc/inc/priv.inc b/etc/inc/priv.inc
new file mode 100644
index 0000000..917cc00
--- /dev/null
+++ b/etc/inc/priv.inc
@@ -0,0 +1,307 @@
+<?php

+/* $Id$ */

+/*

+		Copyright (C) 2008 Shrew Soft Inc

+		All rights reserved.

+

+		Copyright (C) 2007, 2008 Scott Ullrich <sullrich@gmail.com>

+		All rights reserved.

+

+        Copyright (C) 2005-2006 Bill Marquette <bill.marquette@gmail.com>

+        All rights reserved.

+

+        Copyright (C) 2006 Paul Taylor <paultaylor@winn-dixie.com>.

+        All rights reserved.

+

+        Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>.

+        All rights reserved.

+

+        Redistribution and use in source and binary forms, with or without

+        modification, are permitted provided that the following conditions are met:

+

+        1. Redistributions of source code must retain the above copyright notice,

+           this list of conditions and the following disclaimer.

+

+        2. Redistributions in binary form must reproduce the above copyright

+           notice, this list of conditions and the following disclaimer in the

+           documentation and/or other materials provided with the distribution.

+

+        THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,

+        INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY

+        AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE

+        AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,

+        OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF

+        SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS

+        INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN

+        CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

+        ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE

+        POSSIBILITY OF SUCH DAMAGE.

+

+		DISABLE_PHP_LINT_CHECKING

+*/

+

+require_once("functions.inc");

+require_once("priv.defs.inc");

+

+/*

+ * USER PRIVILEGE DEFINITIONS

+ */

+

+$priv_list['user-lock-webcfg'] = array();

+$priv_list['user-lock-webcfg']['name']  = "User - Locks webConfigurator";

+$priv_list['user-lock-webcfg']['descr'] = "Indicates whether the user will lock access to ".

+										  "the webConfigurator for other users";

+

+$priv_list['user-lock-ipages'] = array();

+$priv_list['user-lock-ipages']['name']  = "User - Locks individual pages";

+$priv_list['user-lock-ipages']['descr'] = "Indicates whether the user will lock individual ".

+										  "HTML pages after having accessed a particular page".

+										  "(the lock will be freed if the user leaves or ".

+										  "saves the page form).";

+

+$priv_list['user-shell-access'] = array();

+$priv_list['user-shell-access']['name']  = "User - Shell account access";

+$priv_list['user-shell-access']['descr'] = "Indicates whether the user is able to login for ".

+										   "example via SSH.";

+

+$priv_list['user-copy-files'] = array();

+$priv_list['user-copy-files']['name']  = "User - Copy files";

+$priv_list['user-copy-files']['descr'] = "Indicates whether the user is allowed to copy files ".

+										 "onto the {$g['product_name']} appliance via SCP/SFTP. ".

+										 "If you are going to use this privilege, you must install ".

+										 "scponly on the appliance (Hint: pkg_add -r scponly).";

+

+sort_privs($priv_list);

+

+function cmp_privkeys($a, $b) {

+	/* user privs at the top */

+	$auser = strncmp("user-", $a, 5);

+	$buser = strncmp("user-", $b, 5);

+	if($auser != $buser)

+		return $auser - buser;

+

+	/* name compare others */

+	return strcasecmp($a, $b);

+}

+

+function sort_privs(& $privs) {

+

+	uksort($privs, "cmp_privkeys");

+}

+

+function cmp_page_matches($page, & $matches, $fullwc = true) {

+

+	if (!is_array($matches))

+		return false;

+

+	/* skip any leading fwdslash */

+	$test = strpos($page, "/");

+	if ($test !== false && $test == 0)

+		$page = substr($page, 1);

+

+	/* look for a match */

+	foreach ($matches as $match) {

+

+		/* possibly ignore full wildcard match */

+		if (!$fullwc && !strcmp($match ,"*"))

+			continue;

+

+		/* compare exact or wildcard match */

+		$wcpos = strpos($match, "*");

+		if ($wcpos === false)

+			$result = strcmp($page, $match);

+		else

+			$result = strncmp($page, $match, $wcpos);

+

+		if (!$result)

+			return true;

+	}

+

+	return false;

+}

+

+function map_page_privname($page) {

+	global $priv_list;

+

+	foreach ($priv_list as $pname => $pdata) {

+		if (strncmp($pname, "page-", 5))

+			continue;

+		$fullwc = false;

+		if (!strcasecmp($page,"any")||!strcmp($page,"*"))

+			$fullwc = true;

+		if (cmp_page_matches($page, $pdata['match'], $fullwc))

+			return $pname;

+	}

+

+	return false;

+}

+

+function get_user_privileges(& $user) {

+

+	$privs = $user['priv'];

+	if (!is_array($privs))

+		$privs = array();

+

+	$names = get_local_user_groups($user, true);

+

+	foreach ($names as $name) {

+		$group = getGroupEntry($name);

+		if (is_array($group['priv']))

+			$privs = array_merge( $privs, $group['priv']);

+	}

+

+	return $privs;

+}

+

+function get_user_privdesc(& $user) {

+	global $priv_list;

+

+	$privs = array();

+

+	$user_privs = $user['priv'];

+	if (!is_array($user_privs))

+		$user_privs = array();

+

+	$names = get_local_user_groups($user, true);

+

+	foreach ($names as $name) {

+		$group = getGroupEntry($name);

+		$group_privs = $group['priv'];

+		if (!is_array($group_privs))

+			continue;

+		foreach ($group_privs as $pname) {

+			if (in_array($pname,$user_privs))

+				continue;

+			if (!$priv_list[$pname])

+				continue;

+			$priv = $priv_list[$pname];

+			$priv['group'] = $group['name'];

+			$privs[] = $priv;

+		}

+	}

+

+	foreach ($user_privs as $pname)

+		if($priv_list[$pname])

+			$privs[] = $priv_list[$pname];

+

+	return $privs;

+}

+

+function isAllowedPage($page) {

+	global $_SESSION;

+

+	$username = $_SESSION['Username'];

+	if (!isset($username))

+		return false;

+

+	/* admin/root access check */

+	$user = getUserEntry($username);

+	if (isset($user))

+		if (isset($user['uid']))

+			if ($user['uid']==0)

+				return true;

+

+	/* user privelege access check */

+	if (cmp_page_matches($page, $allowed_pages))

+		return true;

+

+	return false;

+}

+

+function getPrivPages(& $entry, & $allowed_pages) {

+	global $priv_list;

+

+	if (!is_array($entry['priv']))

+		return;

+

+	foreach ($entry['priv'] as $pname) {

+		if (strncmp($pname, "page-", 5))

+			continue;

+		$priv = &$priv_list[$pname];

+		if (!is_array($priv))

+			continue;

+		$matches = &$priv['match'];

+		if (!is_array($matches))

+			continue;

+		foreach ($matches as $match)

+			$allowed_pages[] = $match;

+	}

+}

+

+function getAllowedPages($username) {

+	global $config, $_SESSION;

+

+	if (!function_exists("ldap_connect"))

+		return;

+	

+	$allowed_pages = array();

+	$allowed_groups = array();

+	

+	$ldapon = $_SESSION['ldapon'];

+

+	// search for a local user by name

+	$local_user = getUserEntry($username);

+

+	// obtain local groups if we have a local user

+	if ($local_user) {

+		$allowed_groups = get_local_user_groups($local_user);

+		getPrivPages($local_user, $allowed_pages);

+	}

+

+	// obtain ldap groups if we are in ldap mode

+	if ($config['system']['webgui']['backend'] == "ldap" && !$local_user)

+		$allowed_groups = ldap_get_groups($username);

+

+	// obtain ldapother groups if we are in ldap mode

+	if ($config['system']['webgui']['backend'] == "ldapother" && !$local_user)

+		$allowed_groups = ldap_get_groups($username);

+

+	// build a list of allowed pages

+	if (is_array($config['system']['group']) && is_array($allowed_groups))

+		foreach ($config['system']['group'] as $group)

+			if (in_array($group['name'], $allowed_groups))

+				getPrivPages($group, $allowed_pages);

+

+	$allowed_groups = print_r($allowed_groups, true);

+	$fdny = fopen("/tmp/groups", "w");

+	fwrite($fdny, $allowed_groups);

+	fclose($fdny);

+

+	$_SESSION['privs'] = $allowed_pages;

+

+	return $allowed_pages;

+}

+

+function userHasPrivilege($userent, $privid = false) {

+

+	if (!$privid || !is_array($userent))

+		return false;

+

+	$privs = get_user_privileges($userent);

+

+	if (!is_array($privs))

+		return false;

+

+	if (!in_array($privid, $privs))

+		return false;

+

+	return true;

+}

+

+function hasPrivilegeLock($userent) {

+	return userHasPrivilege($userent, "user-lock-webcfg");

+}

+

+function hasPrivilegeLockPages($userent) {

+	return userHasPrivilege($userent, "user-lock-ipages");

+}

+

+function hasPrivilegeShell($userent) {

+	return userHasPrivilege($userent, "user-shell-access");

+}

+

+function hasPrivilegeCopyFiles($userent) {

+	return userHasPrivilege($userent, "user-copy-files");

+}

+

+?>

diff --git a/etc/rc.initial.password b/etc/rc.initial.password
index 64dd34e..f92055f 100755
--- a/etc/rc.initial.password
+++ b/etc/rc.initial.password
@@ -45,8 +45,7 @@ The webConfigurator password will be reset to the default (which is "' . strtolo
 		foreach ($config['system']['user'] as & $user) {
 			if (isset($user['uid']) && !$user['uid']) {
 				$user['name'] = "admin";
-				set_local_user_password($user,strtolower($g['product_name']));
-				set_local_user($user);
+				set_local_user($user, strtolower($g['product_name']));
 				write_config(gettext("password changed from console menu"));
 				system_password_configure();
 				break;