ubus session

Path Procedure Signature Description
session create { “timeout”: timeout } Create a new session and return its ID, set the session timeout to timeout in seconds (set 0 for no expire)
session list { “ubus_rpc_session”: “sid” } Dump session info specified by sid, if no ID is given, list all sessions
session grant { “ubus_rpc_session”: “sid”, “scope”: “scope”, “objects”: [ [ “path”, “func” ], ... ] } Within the session identified by sid grant access to all specified procedures func in the namespace path listed in the objects array
session revoke { “ubus_rpc_session”: “sid”, “scope”: “scope”, “objects”: [ [ “path”, “func” ], ... ] } Within the session identified by sid revoke access to all specified procedures func in the namespace path listed in the objects array. If objects is unset, revoke all access
session access { “ubus_rpc_session”: “sid”, “scope”: “scope”, “object”: “path”, “function”: “function” } Query whether access to the specified function in the namespace path is allowed
session set { “ubus_rpc_session”: “sid”, “values”: { “key”: value, ... } } Within the session identified by sid store the given arbitrary values under their corresponding keys specified in the values object
session get { “ubus_rpc_session”: “sid”, “keys”: [ “key”, ... ] } Within the session identified by sid retrieve all values associated with the given keys listed in the keys array. If the key array is unset, dump all key/value pairs
session unset { “ubus_rpc_session”: “sid”, “keys”: [ “key”, ... ] } Within the session identified by sid unset all keys listed in the keys array. If the key list is unset, clear all keys
session destroy { “ubus_rpc_session”: “sid” } Terminate the session identified by the given ID sid
session login { “username”: “username”, “password”: “password”, “timeout”: timeout } Authenticate with rpcd and create a new session with access rights as specified in the ACLs

Note: When using ubus over HTTP, setting ubus_rpc_session isn't allowed, it's automatically set to the calling session.

Note: Sessions are stored in memory so they will persist as long as rpcd is running

Use session.login to authorize and create a new session. The timeout argument is optional, it is set in seconds and by default is 5 minutes (300 seconds). The session timeout is automatically reset on every use.

Return example:

{
        "ubus_rpc_session": "948abf19b632c5460384315d69010e09",
        "timeout": 300,
        "expires": 299,
        "acls": {
                "access-group": {
                        "uci-access": [
                                "read",
                                "write"
                        ],
                        "unauthenticated": [
                                "read"
                        ]
                },
                "ubus": {
                        "file": [
                                "*"
                        ],
                        "session": [
                                "access",
                                "login"
                        ]
                },
                "uci": {
                        "*": [
                                "read",
                                "write"
                        ]
                }
        },
        "data": {
                "username": "root"
        }
}

To list all active sessions call session list.

Create a session then grant access to all functions of file and to the board object function of system object. Also set a custom attribute username to alice then check if the sid have an access to system.reboot function (and there is npo such access)

root@OpenWrt:~# ubus call session create '{"timeout": 3600}'
{
        "ubus_rpc_session": "8c1af812b4b148fcbb92434c74cf61c1",
        "timeout": 3600,
        "expires": 3600,
        "acls": {

        },
        "data": {

        }
}
root@OpenWrt:~# ubus call session grant '{"ubus_rpc_session": "bf11e5cd01cd262ae692600a6a45ccfc", "scope": "write", "objects": [["file", "*"], ["system", "board"]]}'
root@OpenWrt:~# ubus call session set '{"ubus_rpc_session": "bf11e5cd01cd262ae692600a6a45ccfc", "values": { "username": "alice" } }'
root@OpenWrt:~# ubus call session list '{"ubus_rpc_session": "bf11e5cd01cd262ae692600a6a45ccfc"}'
{
        "ubus_rpc_session": "bf11e5cd01cd262ae692600a6a45ccfc",
        "timeout": 3600,
        "expires": 3600,
        "acls": {
                "ubus": {
                        "file": [
                                "*"
                        ],
                        "system": [
                                "board"
                        ]
                }
        },
        "data": {
                "username": "alice"
        }
}
root@OpenWrt:~# ubus call session access '{ "ubus_rpc_session": "bf11e5cd01cd262ae692600a6a45ccfc", "scope": "ubus", "object": "system", "function": "reboot" }'
{
        "access": false
}
This website uses cookies. By using the website, you agree with storing cookies on your computer. Also you acknowledge that you have read and understand our Privacy Policy. If you do not agree leave the website.More information about cookies
  • Last modified: 2020/02/02 15:13
  • by stokito