search

kvj / hass_openwrt

Home Assistant integration with OpenWrt devices
MIT License
114 stars 20 forks source link

acces denied #12

Closed romain1206 closed 1 year ago

romain1206 commented 1 year ago

hello

i have this error in home-assistant.log

2022-10-19 22:10:21.835 ERROR (MainThread) [custom_components.openwrt.ubus] api_call rpc error: {'code': -32002, 'message': 'Access denied'}

this command with my user and password return curl -d '{ "jsonrpc": "2.0", "id": 1, "method": "call", "params": [ "00000000000000000000000000000000", "session", "login", { "username": "hass", "password": "homeassistant" } ] }' http://192.168.0.254/ubus

{"jsonrpc":"2.0","id":1,"result":[0,{"ubus_rpc_session":"c95800fca267a2bf9d90c772ccfd458f","timeout":300,"expires":299,"acls":{"access-group":{"unauthenticated":["read"]},"ubus":{"luci":["getFeatures"],"session":["access","login"]}},"data":{"username":"hass"}}]}

on my openwt router

/etc/config/rpcd

`config rpcd option socket /var/run/ubus/ubus.sock option timeout 30

config login option username 'root' option password '$p$root' list read '' list write ''

config login option username 'hass' option password '$p$hass' list read hass list read unauthenticated list write hass`

the file hass.json in /usr/share/rpcd/acl.d/

{ "hass": { "description": "Home Assistant OpenWrt integration permissions", "read": { "ubus": { "network.wireless": ["status"], "network.device": ["status"], "iwinfo": ["info", "assoclist"], "hostapd.*": ["get_clients", "wps_status"], "system": ["board"], "mwan3": ["status"] }, }, "write": { "ubus": { "system": ["reboot"], "hostapd.*": ["wps_start", "wps_cancel"] "file": ["exec"] }, "file": { "/usr/bin/uptime": ["exec"] } }, } }

the result of command "ubus call session list"

{ "ubus_rpc_session": "c95800fca267a2bf9d90c772ccfd458f", "timeout": 300, "expires": 116, "acls": { "access-group": { "unauthenticated": [ "read" ] }, "ubus": { "luci": [ "getFeatures" ], "session": [ "access", "login" ] } }, "data": { "username": "hass" } }

many thanks for your help

kvj commented 1 year ago

Hmm, for some reason the ACLs aren't getting applied. In my case ubus call session list looks like below:

{
        "ubus_rpc_session": "9103610c0c43d4922f63ec1bc89c6972",
        "timeout": 300,
        "expires": 276,
        "acls": {
                "access-group": {
                        "hass": [
                                "read",
                                "write"
                        ],
                        "unauthenticated": [
                                "read"
                        ]
                },
                "ubus": {
                        "hostapd.*": [
                                "get_clients",
                                "wps_status",
                                "wps_start",
                                "wps_cancel"
                        ],
                        "iwinfo": [
                                "info",
                                "assoclist"
                        ],
                        "mwan3": [
                                "status"
                        ],
                        "network.device": [
                                "status"
                        ],
                        "network.wireless": [
                                "status"
                        ],
                        "session": [
                                "access",
                                "login"
                        ],
                        "system": [
                                "board",
                                "reboot"
                        ]
                }
        },
        "data": {
                "username": "hass"
        }
}

Did you restart rpcd?

romain1206 commented 1 year ago

hello, after a week. it's work https://imgsh.net/i/aUETpaN.png