From 1afcc61601cb1e4c6238525f5d07c20e66e32ad9 Mon Sep 17 00:00:00 2001
From: Etienne Champetier <champetier.etienne@gmail.com>
Date: Sat, 20 Oct 2018 19:11:52 -0400
Subject: [PATCH] zabbix: add proper ubus acl for zabbix-extra-wifi

This allow to run zabbix as non root
Thanks to Adrian Kirchner (@adriankirchner)

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
---
 admin/zabbix/Makefile                        | 11 ++++++++++-
 admin/zabbix/files/wifi                      |  1 -
 admin/zabbix/files/zabbix-wifi-ubus-acl.json |  8 ++++++++
 3 files changed, 18 insertions(+), 2 deletions(-)
 create mode 100644 admin/zabbix/files/zabbix-wifi-ubus-acl.json

diff --git a/admin/zabbix/Makefile b/admin/zabbix/Makefile
index 5469af037..b6273eafc 100644
--- a/admin/zabbix/Makefile
+++ b/admin/zabbix/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=zabbix
 PKG_VERSION:=3.4.14
-PKG_RELEASE:=2
+PKG_RELEASE:=3
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_HASH:=7443873cc970672d3c884230d3aeb082f2d8afcc2b757506c2d684ffdd12d77e
@@ -233,6 +233,15 @@ endef
 
 define Package/zabbix-extra-wifi/install
 	$(call Package/zabbix/install/zabbix.conf.d,$(1),wifi)
+	$(INSTALL_DIR) $(1)/usr/share/acl.d
+	$(INSTALL_DATA) ./files/zabbix-wifi-ubus-acl.json $(1)/usr/share/acl.d/zabbix-wifi.json
+endef
+
+define Package/zabbix-extra-wifi/postinst
+#!/bin/sh
+if [ -z "$${IPKG_INSTROOT}" ]; then
+	killall -HUP ubusd
+fi
 endef
 
 define Package/zabbix-sender/install
diff --git a/admin/zabbix/files/wifi b/admin/zabbix/files/wifi
index f03d9b41e..e63b18e98 100644
--- a/admin/zabbix/files/wifi
+++ b/admin/zabbix/files/wifi
@@ -2,7 +2,6 @@
 
 # wifi interface discovery
 # example: {"data":[{"{#IF}":"wlan0", "{#MODE}":"ap", "{#SSID}":"Openwrt", "{#NET}":"lan", "{#DEV}":"radio0", "{#ENC}":"psk2+ccmp", "{#TYPE}":"mac80211", "{#HWMODE}":"11ng", "{#CHANNEL}":"11", "{#BSSID}":"xx:xx:xx:xx:xx:xx"}]}
-# ubus call only work as root so you need to run zabbix as root to use wifi.ifdiscovery
 UserParameter=wifi.ifdiscovery, lua -l ubus -l iwinfo -e 'u=ubus.connect();list="{\"data\":[";stat=u:call("network.wireless", "status", {});for dev, dev_table in pairs(stat) do for i, iface in pairs(dev_table["interfaces"]) do c=iface["config"];i=iface["ifname"];t=iwinfo.type(i);iw=iwinfo[t];e = iw.encryption(i);e = e and e.description or "None";n = table.concat(c["network"]," ");list=list.."{\"{#IF}\":\""..i.."\", \"{#MODE}\":\""..iw.mode(i).."\", \"{#SSID}\":\""..c["ssid"].."\", \"{#NET}\":\""..n.."\", \"{#DEV}\":\""..dev.."\", \"{#ENC}\":\""..e.."\", \"{#TYPE}\":\""..t.."\", \"{#HWMODE}\":\"".."?".."\", \"{#CHANNEL}\":\""..iw.channel(i).."\", \"{#BSSID}\":\""..iw.bssid(i).."\"},";end;end;list=string.gsub(list,",$","");print(list.."]}")'
 
 
diff --git a/admin/zabbix/files/zabbix-wifi-ubus-acl.json b/admin/zabbix/files/zabbix-wifi-ubus-acl.json
new file mode 100644
index 000000000..9d9b093cf
--- /dev/null
+++ b/admin/zabbix/files/zabbix-wifi-ubus-acl.json
@@ -0,0 +1,8 @@
+{
+	"user": "zabbix",
+	"access": {
+		"network.wireless": {
+			"methods": [ "status" ]
+		}
+	}
+}