From 3f17deb1c41a6352f28b3e9f665a17b9231768e1 Mon Sep 17 00:00:00 2001
From: Jo-Philipp Wich <jow@openwrt.org>
Date: Fri, 25 Jan 2013 17:49:44 +0100
Subject: [PATCH] ubus: add option to not authenticate ubus requests

---
 main.c   | 12 +++++++++---
 ubus.c   |  2 +-
 uhttpd.h |  1 +
 3 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/main.c b/main.c
index ebc123c..8cf4027 100644
--- a/main.c
+++ b/main.c
@@ -139,14 +139,15 @@ static int usage(const char *name)
 		"	-L file         Lua handler script, omit to disable Lua\n"
 #endif
 #ifdef HAVE_UBUS
-		"	-u string       URL prefix for HTTP/JSON handler\n"
+		"	-u string       URL prefix for UBUS via JSON-RPC handler\n"
 		"	-U file         Override ubus socket path\n"
+		"	-a              Do not authenticate JSON-RPC requests against UBUS session api\n"
 #endif
 		"	-x string       URL prefix for CGI handler, default is '/cgi-bin'\n"
 		"	-i .ext=path    Use interpreter at path for files with the given extension\n"
 		"	-t seconds      CGI, Lua and UBUS script timeout in seconds, default is 60\n"
 		"	-T seconds      Network timeout in seconds, default is 30\n"
-		"	-k seconds		HTTP keepalive timeout\n"
+		"	-k seconds      HTTP keepalive timeout\n"
 		"	-d string       URL decode given string\n"
 		"	-r string       Specify basic auth realm\n"
 		"	-m string       MD5 crypt given string\n"
@@ -206,7 +207,7 @@ int main(int argc, char **argv)
 	init_defaults();
 	signal(SIGPIPE, SIG_IGN);
 
-	while ((ch = getopt(argc, argv, "fSDRC:K:E:I:p:s:h:c:l:L:d:r:m:n:N:x:i:t:k:T:A:u:U:")) != -1) {
+	while ((ch = getopt(argc, argv, "afSDRC:K:E:I:p:s:h:c:l:L:d:r:m:n:N:x:i:t:k:T:A:u:U:")) != -1) {
 		switch(ch) {
 #ifdef HAVE_TLS
 		case 'C':
@@ -367,6 +368,10 @@ int main(int argc, char **argv)
 			break;
 #endif
 #ifdef HAVE_UBUS
+		case 'a':
+			conf.ubus_noauth = 1;
+			break;
+
 		case 'u':
 			conf.ubus_prefix = optarg;
 			break;
@@ -375,6 +380,7 @@ int main(int argc, char **argv)
 			conf.ubus_socket = optarg;
 			break;
 #else
+		case 'a':
 		case 'u':
 		case 'U':
 			fprintf(stderr, "uhttpd: UBUS support not compiled, "
diff --git a/ubus.c b/ubus.c
index d3cb6df..e128172 100644
--- a/ubus.c
+++ b/ubus.c
@@ -371,7 +371,7 @@ static void uh_ubus_handle_request_object(struct client *cl, struct json_object
 		goto error;
 	}
 
-	if (!uh_ubus_allowed(du->sid, data.object, data.function)) {
+	if (!conf.ubus_noauth && !uh_ubus_allowed(du->sid, data.object, data.function)) {
 		err = ERROR_ACCESS;
 		goto error;
 	}
diff --git a/uhttpd.h b/uhttpd.h
index c4afee8..d6b6985 100644
--- a/uhttpd.h
+++ b/uhttpd.h
@@ -66,6 +66,7 @@ struct config {
 	int max_connections;
 	int http_keepalive;
 	int script_timeout;
+	int ubus_noauth;
 };
 
 struct auth_realm {
-- 
2.11.0