On 08.08.2020 01:47, Andre Valentin wrote:
I'm just experimenting a bit with the patch.
There were multiple this:
You need to reply to all, this is public stuff potentially affecting
all OpenWrt users.
1)
I habe some mips routers and an ipq806x based router.
After I added that patch, I cannot authenticate on via json-rpc on the ipq806x.
I remove the patch, rebuild. It works again.
This does not seem to happen on the mips routers.
I can't think of any explanation for this. Platform or endianess should
not affect ubus behaviour.
Maybe you just missed something in your rpcd confguration? Acl stuff?
I can't say anything without providing more debugging info.
2)
Authentication over rest-api works fine:
"jsonrpc": "2.0",
"id": 1,
"result": {
"ubus_rpc_session": "3653e64078f1f6ebaf4803e67c18fa2a",
"timeout": 300,
Perfect.
But if I try to subscribe I get this error:
GET /ubus/subscribe/hostapd.wap-knet1 HTTP/1.1
Host: ap-av-grwz
User-Agent: curl/7.64.0
Accept: */*
Authorization: Bearer 3653e64078f1f6ebaf4803e67c18fa2a
< HTTP/1.1 200 OK
HTTP/1.1 200 OK
< Connection: Keep-Alive
Connection: Keep-Alive
< Transfer-Encoding: chunked
Transfer-Encoding: chunked
< Keep-Alive: timeout=20
Keep-Alive: timeout=20
< Content-Type: application/json
Content-Type: application/json
<
* Connection #0 to host ap-av-grwz left intact
{"code":-13,"message":"Permission denied"}
I do not have an idea what's wrong, perhaps you have an idea?
Sure, it means you / your session is not allowed to subscribe. See:
if (!conf.ubus_noauth && !uh_ubus_allowed(sid, path, data.method)) {
err = ERROR_ACCESS;
goto error;
}
Until we add acl.d rule for allowing subscription access it's possible
only with ubus_noauth. I'm going to work on proper / new acl.d as soon
as I get this patch accepted.
_______________________________________________
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
