Closed romain1206 closed 1 year ago
Hmm,
for some reason the ACLs aren't getting applied.
In my case ubus call session list
looks like below:
{
"ubus_rpc_session": "9103610c0c43d4922f63ec1bc89c6972",
"timeout": 300,
"expires": 276,
"acls": {
"access-group": {
"hass": [
"read",
"write"
],
"unauthenticated": [
"read"
]
},
"ubus": {
"hostapd.*": [
"get_clients",
"wps_status",
"wps_start",
"wps_cancel"
],
"iwinfo": [
"info",
"assoclist"
],
"mwan3": [
"status"
],
"network.device": [
"status"
],
"network.wireless": [
"status"
],
"session": [
"access",
"login"
],
"system": [
"board",
"reboot"
]
}
},
"data": {
"username": "hass"
}
}
Did you restart rpcd
?
hello, after a week. it's work https://imgsh.net/i/aUETpaN.png
hello
i have this error in home-assistant.log
2022-10-19 22:10:21.835 ERROR (MainThread) [custom_components.openwrt.ubus] api_call rpc error: {'code': -32002, 'message': 'Access denied'}
this command with my user and password return
curl -d '{ "jsonrpc": "2.0", "id": 1, "method": "call", "params": [ "00000000000000000000000000000000", "session", "login", { "username": "hass", "password": "homeassistant" } ] }' http://192.168.0.254/ubus
{"jsonrpc":"2.0","id":1,"result":[0,{"ubus_rpc_session":"c95800fca267a2bf9d90c772ccfd458f","timeout":300,"expires":299,"acls":{"access-group":{"unauthenticated":["read"]},"ubus":{"luci":["getFeatures"],"session":["access","login"]}},"data":{"username":"hass"}}]}
on my openwt router
/etc/config/rpcd
`config rpcd option socket /var/run/ubus/ubus.sock option timeout 30
config login option username 'root' option password '$p$root' list read '' list write ''
config login option username 'hass' option password '$p$hass' list read hass list read unauthenticated list write hass`
the file hass.json in /usr/share/rpcd/acl.d/
{ "hass": { "description": "Home Assistant OpenWrt integration permissions", "read": { "ubus": { "network.wireless": ["status"], "network.device": ["status"], "iwinfo": ["info", "assoclist"], "hostapd.*": ["get_clients", "wps_status"], "system": ["board"], "mwan3": ["status"] }, }, "write": { "ubus": { "system": ["reboot"], "hostapd.*": ["wps_start", "wps_cancel"] "file": ["exec"] }, "file": { "/usr/bin/uptime": ["exec"] } }, } }
the result of command "ubus call session list"
{ "ubus_rpc_session": "c95800fca267a2bf9d90c772ccfd458f", "timeout": 300, "expires": 116, "acls": { "access-group": { "unauthenticated": [ "read" ] }, "ubus": { "luci": [ "getFeatures" ], "session": [ "access", "login" ] } }, "data": { "username": "hass" } }
many thanks for your help