From 6f73c36226d8583b90ddcff50850701c06de2ee2 Mon Sep 17 00:00:00 2001
From: Renato Botelho <renato@netgate.com>
Date: Tue, 25 Aug 2015 08:21:15 -0300
Subject: Import build scripts from pfSense-tools repo

---
 tools/scripts/generate-privdefs.php | 216 ++++++++++++++++++++++++++++++++++++
 1 file changed, 216 insertions(+)
 create mode 100755 tools/scripts/generate-privdefs.php

(limited to 'tools/scripts/generate-privdefs.php')

diff --git a/tools/scripts/generate-privdefs.php b/tools/scripts/generate-privdefs.php
new file mode 100755
index 0000000..917a94d
--- /dev/null
+++ b/tools/scripts/generate-privdefs.php
@@ -0,0 +1,216 @@
+#!/usr/local/bin/php -f
+<?php
+/* ====================================================================
+ *  Copyright (c) 2004-2015 Electric Sheep Fencing, LLC. All rights reserved.
+ *
+ *  Redistribution and use in source and binary forms, with or without
+ *  modification, are permitted provided that the following conditions are met:
+ *
+ *  1. Redistributions of source code must retain the above copyright notice,
+ *     this list of conditions and the following disclaimer.
+ *
+ *  2. Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in
+ *     the documentation and/or other materials provided with the
+ *     distribution.
+ *
+ *  3. All advertising materials mentioning features or use of this software
+ *     must display the following acknowledgment:
+ *     "This product includes software developed by the pfSense Project
+ *     for use in the pfSense® software distribution. (http://www.pfsense.org/).
+ *
+ *  4. The names "pfSense" and "pfSense Project" must not be used to
+ *     endorse or promote products derived from this software without
+ *     prior written permission. For written permission, please contact
+ *     coreteam@pfsense.org.
+ *
+ *  5. Products derived from this software may not be called "pfSense"
+ *     nor may "pfSense" appear in their names without prior written
+ *     permission of the Electric Sheep Fencing, LLC.
+ *
+ *  6. Redistributions of any form whatsoever must retain the following
+ *     acknowledgment:
+ *
+ *  "This product includes software developed by the pfSense Project
+ *  for use in the pfSense software distribution (http://www.pfsense.org/).
+ *
+ *  THIS SOFTWARE IS PROVIDED BY THE pfSense PROJECT ``AS IS'' AND ANY
+ *  EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ *  IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ *  PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE pfSense PROJECT OR
+ *  ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ *  SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ *  NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ *  LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ *  HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ *  STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ *  ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ *  OF THE POSSIBILITY OF SUCH DAMAGE.
+ *  ====================================================================
+ */
+
+/*
+ * This utility processes the <prefix>/usr/local/www
+ * directory and builds a privilege definition file
+ * based on the embedded metadata tags. For more info
+ * please see <prefix>/etc/inc/meta.inc
+ */
+
+if (count($argv) < 2) {
+	echo "usage: generate-privdefs <prefix>\n";
+	echo "\n";
+	echo "This utility generates privilege definitions and writes them to\n";
+	echo "'<prefix>/etc/inc/priv.defs.inc'. The <prefix> parameter should\n";
+	echo "be specified as your base pfSense working directory.\n";
+	echo "\n";
+	echo "Examples:\n";
+	echo "#generate-privdefs /\n";
+	echo "#generate-privdefs /home/pfsense/RELENG_1/pfSense/\n";
+	echo "\n";
+	exit -1;
+}
+
+$prefix = $argv[1];
+if (!file_exists($prefix)) {
+	echo "prefix {$prefix} is invalid";
+	exit -1;
+}
+
+$metainc = $prefix."etc/inc/meta.inc";
+
+if (!file_exists($metainc)) {
+	echo "unable to locate {$metainc} file\n";
+	exit -1;
+}
+
+require_once($metainc);
+
+echo "--Locating www php files--\n";
+
+$path = $prefix."/usr/local/www";
+list_phpfiles($path, $found);
+
+echo "--Gathering privilege metadata--\n";
+
+$data;
+foreach ($found as $fname)
+	read_file_metadata($path."/".$fname, $data, "PRIV");
+
+echo "--Generating privilege definitions--\n";
+$privdef = $prefix."etc/inc/priv.defs.inc";
+
+$fp = fopen($privdef,"w");
+if (!$fp) {
+	echo "unable to open {$privdef}\n";
+	exit -2;
+}
+
+$pdata;
+$pdata  = "<?php\n";
+$pdata .= "/*\n";
+$pdata .= " * priv.defs.inc - Generated privilege definitions\n";
+$pdata .= " *\n";
+$pdata .= " */\n";
+$pdata .= "\n";
+$pdata .= "\$priv_list = array();\n";
+$pdata .= "\n";
+$pdata .= "\$priv_list['page-all'] = array();\n";
+$pdata .= "\$priv_list['page-all']['name'] = \"WebCfg - All pages\";\n";
+$pdata .= "\$priv_list['page-all']['descr'] = \"Allow access to all pages\";\n";
+$pdata .= "\$priv_list['page-all']['match'] = array();\n";
+$pdata .= "\$priv_list['page-all']['match'][] = \"*\";\n";
+$pdata .= "\n";
+
+foreach ($data as $fname => $tags) {
+
+	foreach ($tags as $tname => $vals) {
+
+		$ident = "";
+		$name = "";
+		$descr = "";
+		$match = array();
+
+		foreach ($vals as $vname => $vlist) {
+
+			switch ($vname) {
+				case "IDENT":
+					$ident = $vlist[0];
+					break;
+				case "NAME":
+					$name = $vlist[0];
+					break;
+				case "DESCR":
+					$descr = $vlist[0];
+					break;
+				case "MATCH":
+					$match = $vlist;
+					break;
+			}
+		}
+
+		if (!$ident) {
+			echo "invalid IDENT in {$fname} privilege\n";
+			continue;
+		}
+
+		if (!count($match)) {
+			echo "invalid MATCH in {$fname} privilege\n";
+			continue;
+		}
+
+		$pdata .= "\$priv_list['{$ident}'] = array();\n";
+		$pdata .= "\$priv_list['{$ident}']['name'] = \"WebCfg - {$name}\";\n";
+		$pdata .= "\$priv_list['{$ident}']['descr'] = \"{$descr}\";\n";
+		$pdata .= "\$priv_list['{$ident}']['match'] = array();\n";
+
+		foreach ($match as $url)
+			$pdata .= "\$priv_list['{$ident}']['match'][] = \"{$url}\";\n";
+
+		$pdata .= "\n";
+	}
+}
+
+$pdata .= "\n";
+$pdata .= "\$priv_rmvd = array();\n";
+$pdata .= "\n";
+
+$pdata .= "?>\n";
+fwrite($fp, $pdata);
+
+fclose($fp);
+
+/*
+ * TODO : Build additional functionality
+ *
+
+echo "--Checking for pages without privilege definitions--\n";
+
+foreach ($found as $fname) {
+	$match = false;
+	foreach ($pages_current as $pname => $pdesc) {
+		if (!strcmp($pname,$fname)) {
+			$match = true;
+			break;
+		}
+	}
+	if (!$match)
+		echo "missing: $fname\n";
+}
+
+echo "--Checking for stale privilege definitions--\n";
+
+foreach ($pages_current as $pname => $pdesc) {
+	$match = false;
+	foreach ($found as $fname) {
+		if (!strncmp($fname,$pname,strlen($fname))) {
+			$match = true;
+			break;
+		}
+	}
+	if (!$match)
+		echo "stale: $pname\n";
+}
+
+ */
+
+?>
-- 
cgit v1.1