ubus: add option to not authenticate ubus requests

diff --git a/main.c b/main.c
index ebc123c985a243dd097b15e98611235f63c19e83..8cf40274d5334b8733fab07aac160f64beb0b973 100644 (file)
--- a/main.c
+++ b/main.c
@@ -139,14 +139,15 @@ static int usage(const char *name)
                "       -L file         Lua handler script, omit to disable Lua\n"
 #endif
 #ifdef HAVE_UBUS
-               "       -u string       URL prefix for HTTP/JSON handler\n"
+               "       -u string       URL prefix for UBUS via JSON-RPC handler\n"
                "       -U file         Override ubus socket path\n"
+               "       -a              Do not authenticate JSON-RPC requests against UBUS session api\n"
 #endif
                "       -x string       URL prefix for CGI handler, default is '/cgi-bin'\n"
                "       -i .ext=path    Use interpreter at path for files with the given extension\n"
                "       -t seconds      CGI, Lua and UBUS script timeout in seconds, default is 60\n"
                "       -T seconds      Network timeout in seconds, default is 30\n"
-               "       -k seconds              HTTP keepalive timeout\n"
+               "       -k seconds      HTTP keepalive timeout\n"
                "       -d string       URL decode given string\n"
                "       -r string       Specify basic auth realm\n"
                "       -m string       MD5 crypt given string\n"
@@ -206,7 +207,7 @@ int main(int argc, char **argv)
        init_defaults();
        signal(SIGPIPE, SIG_IGN);
 
-       while ((ch = getopt(argc, argv, "fSDRC:K:E:I:p:s:h:c:l:L:d:r:m:n:N:x:i:t:k:T:A:u:U:")) != -1) {
+       while ((ch = getopt(argc, argv, "afSDRC:K:E:I:p:s:h:c:l:L:d:r:m:n:N:x:i:t:k:T:A:u:U:")) != -1) {
                switch(ch) {
 #ifdef HAVE_TLS
                case 'C':
@@ -367,6 +368,10 @@ int main(int argc, char **argv)
                        break;
 #endif
 #ifdef HAVE_UBUS
+               case 'a':
+                       conf.ubus_noauth = 1;
+                       break;
+
                case 'u':
                        conf.ubus_prefix = optarg;
                        break;
@@ -375,6 +380,7 @@ int main(int argc, char **argv)
                        conf.ubus_socket = optarg;
                        break;
 #else
+               case 'a':
                case 'u':
                case 'U':
                        fprintf(stderr, "uhttpd: UBUS support not compiled, "

diff --git a/ubus.c b/ubus.c
index d3cb6df1ab4d757bd26e152411f4020264e4139e..e1281721f242000153ce4bf4d454a3cf966ebba9 100644 (file)
--- a/ubus.c
+++ b/ubus.c
@@ -371,7 +371,7 @@ static void uh_ubus_handle_request_object(struct client *cl, struct json_object
                goto error;
        }
 
-       if (!uh_ubus_allowed(du->sid, data.object, data.function)) {
+       if (!conf.ubus_noauth && !uh_ubus_allowed(du->sid, data.object, data.function)) {
                err = ERROR_ACCESS;
                goto error;
        }

diff --git a/uhttpd.h b/uhttpd.h
index c4afee8ed639c35439e0f204bed0be49fa886de0..d6b698500ee4739dea559071253db232b4b0b05b 100644 (file)
--- a/uhttpd.h
+++ b/uhttpd.h
@@ -66,6 +66,7 @@ struct config {
        int max_connections;
        int http_keepalive;
        int script_timeout;
+       int ubus_noauth;
 };
 
 struct auth_realm {