| Path | Procedure | Signature | Description |
|---|---|---|---|
session |
create |
{ "timeout": timeout } |
Create a new session and return its ID, set the session timeout to timeout in seconds (set 0 for no expire) |
session |
list |
{ "ubus_rpc_session": "sid" } |
Dump session info specified by sid, if no ID is given, list all sessions |
session |
grant |
{ "ubus_rpc_session": "sid", "scope": "scope", "objects": [ [ "path", "func" ], ... ] } |
Within the session identified by sid grant access to all specified procedures func in the namespace path listed in the objects array |
session |
revoke |
{ "ubus_rpc_session": "sid", "scope": "scope", "objects": [ [ "path", "func" ], ... ] } |
Within the session identified by sid revoke access to all specified procedures func in the namespace path listed in the objects array. If objects is unset, revoke all access |
session |
access |
{ "ubus_rpc_session": "sid", "scope": "scope", "object": "path", "function": "function" } |
Query whether access to the specified function in the namespace path is allowed |
session |
set |
{ "ubus_rpc_session": "sid", "values": { "key": value, ... } } |
Within the session identified by sid store the given arbitrary values under their corresponding keys specified in the values object |
session |
get |
{ "ubus_rpc_session": "sid", "keys": [ "key", ... ] } |
Within the session identified by sid retrieve all values associated with the given keys listed in the keys array. If the key array is unset, dump all key/value pairs |
session |
unset |
{ "ubus_rpc_session": "sid", "keys": [ "key", ... ] } |
Within the session identified by sid unset all keys listed in the keys array. If the key list is unset, clear all keys |
session |
destroy |
{ "ubus_rpc_session": "sid" } |
Terminate the session identified by the given ID sid |
session |
login |
{ "username": "username", "password": "password", "timeout": timeout } |
Authenticate with rpcd and create a new session with access rights as specified in the ACLs |
Note: When using ubus over HTTP, setting ubus_rpc_session isn't allowed, it's automatically set to the calling session.
Note: Sessions are stored in memory so they will persist as long as rpcd is running
Use session.login to authorize and create a new session. The timeout argument is optional, it is set in seconds and by default is 5 minutes (300 seconds). The session timeout is automatically reset on every use.
Return example:
{
"ubus_rpc_session": "948abf19b632c5460384315d69010e09",
"timeout": 300,
"expires": 299,
"acls": {
"access-group": {
"uci-access": [
"read",
"write"
],
"unauthenticated": [
"read"
]
},
"ubus": {
"file": [
"*"
],
"session": [
"access",
"login"
]
},
"uci": {
"*": [
"read",
"write"
]
}
},
"data": {
"username": "root"
}
}
To list all active sessions call session list.
Create a session then grant access to all functions of file and to the board object function of system object. Also set a custom attribute username to alice then check if the sid have an access to system.reboot function (and there is npo such access)
root@OpenWrt:~# ubus call session create '{"timeout": 3600}'
{
"ubus_rpc_session": "8c1af812b4b148fcbb92434c74cf61c1",
"timeout": 3600,
"expires": 3600,
"acls": {
},
"data": {
}
}
root@OpenWrt:~# ubus call session grant '{"ubus_rpc_session": "bf11e5cd01cd262ae692600a6a45ccfc", "scope": "write", "objects": [["file", "*"], ["system", "board"]]}'
root@OpenWrt:~# ubus call session set '{"ubus_rpc_session": "bf11e5cd01cd262ae692600a6a45ccfc", "values": { "username": "alice" } }'
root@OpenWrt:~# ubus call session list '{"ubus_rpc_session": "bf11e5cd01cd262ae692600a6a45ccfc"}'
{
"ubus_rpc_session": "bf11e5cd01cd262ae692600a6a45ccfc",
"timeout": 3600,
"expires": 3600,
"acls": {
"ubus": {
"file": [
"*"
],
"system": [
"board"
]
}
},
"data": {
"username": "alice"
}
}
root@OpenWrt:~# ubus call session access '{ "ubus_rpc_session": "bf11e5cd01cd262ae692600a6a45ccfc", "scope": "ubus", "object": "system", "function": "reboot" }'
{
"access": false
}