ubus session
| Path | Procedure | Signature | Description |
|---|---|---|---|
session | create | { “timeout”: timeout } | Create a new session and return its ID, set the session timeout to timeout in seconds (set 0 for no expire) |
session | list | { “ubus_rpc_session”: “sid” } | Dump session info specified by sid, if no ID is given, list all sessions |
session | grant | { “ubus_rpc_session”: “sid”, “scope”: “scope”,
“objects”: [ [ “path”, “func” ], ... ] } | Within the session identified by sid grant access to all specified procedures func in the namespace path listed in the objects array |
session | revoke | { “ubus_rpc_session”: “sid”, “scope”: “scope”,
“objects”: [ [ “path”, “func” ], ... ] } | Within the session identified by sid revoke access to all specified procedures func in the namespace path listed in the objects array. If objects is unset, revoke all access |
session | access | { “ubus_rpc_session”: “sid”, “scope”: “scope”,
“object”: “path”, “function”: “function” } | Query whether access to the specified function in the namespace path is allowed |
session | set | { “ubus_rpc_session”: “sid”,
“values”: { “key”: value, ... } } | Within the session identified by sid store the given arbitrary values under their corresponding keys specified in the values object |
session | get | { “ubus_rpc_session”: “sid”,
“keys”: [ “key”, ... ] } | Within the session identified by sid retrieve all values associated with the given keys listed in the keys array. If the key array is unset, dump all key/value pairs |
session | unset | { “ubus_rpc_session”: “sid”,
“keys”: [ “key”, ... ] } | Within the session identified by sid unset all keys listed in the keys array. If the key list is unset, clear all keys |
session | destroy | { “ubus_rpc_session”: “sid” } | Terminate the session identified by the given ID sid |
session | login | { “username”: “username”,
“password”: “password”,
“timeout”: timeout } | Authenticate with rpcd and create a new session with access rights as specified in the ACLs |
Note: When using ubus over HTTP, setting ubus_rpc_session isn't allowed, it's automatically set to the calling session.
Note: Sessions are stored in memory so they will persist as long as rpcd is running
login call description
Use session.login to authorize and create a new session. The timeout argument is optional, it is set in seconds and by default is 5 minutes (300 seconds).
The session timeout is automatically reset on every use.
Return example:
{ "ubus_rpc_session": "948abf19b632c5460384315d69010e09", "timeout": 300, "expires": 299, "acls": { "access-group": { "uci-access": [ "read", "write" ], "unauthenticated": [ "read" ] }, "ubus": { "file": [ "*" ], "session": [ "access", "login" ] }, "uci": { "*": [ "read", "write" ] } }, "data": { "username": "root" } }
To list all active sessions call session list.
Example of manual session creation
Create a session then grant access to all functions of file and to the board object function of system object.
Also set a custom attribute username to alice then check if the sid have an access to system.reboot function (and there is npo such access)
root@OpenWrt:~# ubus call session create '{"timeout": 3600}'
{
"ubus_rpc_session": "8c1af812b4b148fcbb92434c74cf61c1",
"timeout": 3600,
"expires": 3600,
"acls": {
},
"data": {
}
}
root@OpenWrt:~# ubus call session grant '{"ubus_rpc_session": "bf11e5cd01cd262ae692600a6a45ccfc", "scope": "write", "objects": [["file", "*"], ["system", "board"]]}'
root@OpenWrt:~# ubus call session set '{"ubus_rpc_session": "bf11e5cd01cd262ae692600a6a45ccfc", "values": { "username": "alice" } }'
root@OpenWrt:~# ubus call session list '{"ubus_rpc_session": "bf11e5cd01cd262ae692600a6a45ccfc"}'
{
"ubus_rpc_session": "bf11e5cd01cd262ae692600a6a45ccfc",
"timeout": 3600,
"expires": 3600,
"acls": {
"ubus": {
"file": [
"*"
],
"system": [
"board"
]
}
},
"data": {
"username": "alice"
}
}
root@OpenWrt:~# ubus call session access '{ "ubus_rpc_session": "bf11e5cd01cd262ae692600a6a45ccfc", "scope": "ubus", "object": "system", "function": "reboot" }'
{
"access": false
}