Openwrt进程间通信-Ubus

Openwrt进程间通信-Ubus

来源 http://www.ctfiot.com/49535.html

参考 https://openwrt.org/zh/docs/techref/ubus

 

01 介 绍 

Ubus是Openwrt中的进程间通信机制,它让进程间通信的实现变得非常简单。ubus实现的基础就是UNIX Socket,即本地Socket,相对于传统的网络通信Socket变得更加的高效、可靠。

 

1.1   模型架构

UNIX Socket采用C/S模型架构,分为服务端和客户端:

1. server端建立socket,绑定到一个本地socket文件,负责监听客户端的连接

2. client端建立一个或多个socket连接到服务端

3. client端和server端互相发送消息

4. client端和server端收到对方消息后,对收到消息进行对应处理

Ubus同样遵循上述流程,Ubusd实现server端,其它进程(如procd、netifd、ubus)实现client端,client之间通信需要通过服务端进行相应转发。

 

 02 交 互 方 式 

2.1   Ubus Cli

命令行Ubus工具与Ubusd交互(与所有当前注册),对于使用参数调用过程返回响应,使用较为友好的JSON格式。

查看当前运行服务(如图1-1 当前运行服务)

$ ubus

Openwrt进程间通信-Ubus

图1-1 当前运行服务查找特定服务参数及方法(如图1-2 查找特定服务)

$ ubus -v list system

Openwrt进程间通信-Ubus

图1-2 查找特定服务查看特定服务特定参数(如图1-3 查看特定参数)

$ ubus call network.interface.lan status

Openwrt进程间通信-Ubus

图1-3 查看服务特定参数服务参数传递(图1-4 服务参数传递)

$ ubus call network.interface.lan status ‘{“name”:”eth0”}’

Openwrt进程间通信-Ubus

图1-4 服务参数传递 

2.2   HTTP访问

Openwrt uhttpd内置了一个uhttpd-mod-ubus插件运行http协议调用ubus功能,uhttpd中访问/ubus,首先会判断访问者是否有权限。Openwrt中ACl的实现主要通过rpcd,需要在/usr/share/rpcd/acl中配置acl文件。 

以下是ACL定义示例,该示例仅允许访问某些特定的ubus模块,而不是无限制访问所有内容luci-mod-system.json

{

        "luci-mod-system-config": {

                "description": "Grant access to system configuration",

                "read": {

                        "ubus": {

                                "luci": [ "getInitList", "getLEDs", "getTimezones", "getUSBDevices" ],

                                "system": [ "info" ]

                        },

                        "uci": [ "luci", "system" ]

                },

                "write": {

                        "ubus": {

                                "luci": [ "setInitAction", "setLocaltime", "setPassword" ]

                        },

                        "uci": [ "luci", "system" ]

                }

        },

        "luci-mod-system-ssh": {

                "description": "Grant access to SSH configuration",

                "read": {

                        "file": {

                                "/etc/dropbear/authorized_keys": [ "read" ]

                        },

                        "ubus": {

                                "file": [ "read" ]

                        },

                        "uci": [ "dropbear" ]

                },

                "write": {

                        "file": {

                                "/etc/dropbear/authorized_keys": [ "write" ]

                        },

                        "ubus": {

                                "file": [ "write" ],

                                "luci": [ "setInitAction", "setLocaltime" ]

                        },

                        "uci": [ "dropbear" ]

                }

        },

.............

        "luci-mod-system-reboot": {

                "description": "Allow rebooting the device",

                "write": {

                        "file": {

                                "/sbin/reboot": [ "exec" ]

                        },

                        "ubus": {

                                "file": [ "exec" ],

                                "system": [ "reboot" ]

                        }

                }

        }

}

注意:rpcd处理接口请求同时也需要预验证,配置登录文件为/etc/config/rpcd

config rpcd

        option socket /var/run/ubus/ubus.sock

        option timeout 30

config login

        option username 'root'

        option password '$p$root'

        list read '*'

        list write '

登录请求(获取rpc_session)

$ curl -d '{"jsonrpc": "2.0", "id": 1, "method": "call", "params": [ "00000000000000000000000000000000", "session", "login", {"username": "root", "password": "secret"  }]}'  http://your.server.ip/ubus

{

"jsonrpc":"2.0",

"id":1,"result":

[0,

{

"ubus_rpc_session":"c1ed6c7b025d0caca723a816fa61b668",

"timeout":300,

"expires":299,

"acls":

{

"access-group":

{

"superuser":["read","write"],

"unauthenticated":["read"]

},

"ubus":

{

"*":["*"],

"session":["access","login"]},

"uci":{"*":["read","write"]}

},

"data":{"username":"root"}}]}

 

03 会 话 管 理 

获取ubus_rpc_session就可以调用函数(图2-1 获取rpc session)

Openwrt进程间通信-Ubus

图2-1 获取rpc session请求头包格式

{ "jsonrpc": "2.0",  "id": <unique-id-to-identify-request>,   "method": "call",  "params": [             <ubus_rpc_session>,               <ubus_object>,//system             <ubus_method>, //board             { <ubus_arguments> }            ]}

数据包响应错误码

enum ubus_msg_status {    UBUS_STATUS_OK,/* 0 */    UBUS_STATUS_INVALID_COMMAND,/* 1 */    UBUS_STATUS_INVALID_ARGUMENT,/* 2 */    UBUS_STATUS_METHOD_NOT_FOUND,/* 3 */    UBUS_STATUS_NOT_FOUND,/* 4 */    UBUS_STATUS_NO_DATA,/* 5 */    UBUS_STATUS_PERMISSION_DENIED,/* 6 */    UBUS_STATUS_TIMEOUT,/* 7 */    UBUS_STATUS_NOT_SUPPORTED,/* 8 */    UBUS_STATUS_UNKNOWN_ERROR,/* 9 */    UBUS_STATUS_CONNECTION_FAILED,/* 10 */    __UBUS_STATUS_LAST};{“jsonrpc”:“2.0”,”id“:1,”result“:[6]}`That is a valid jsonrpc response, 6 is the ubus code for UBUS_STATUS_PERMISSION_DENIED

04 挖 掘 潜 在 漏 洞 请求方式File

  1. 1.     read

  2. 2.     list

  3. 3.     write

UCI

  1. 1.     set

  2. 2.     get

  3. 3.     show

  4.  

    4.1   文件目录泄露

Openwrt进程间通信-Ubus

4.2   任意文件读取

Openwrt进程间通信-Ubus

设置权限的原因导致任意文件读取失败。

 

========== End

 

 

 

posted @   lsgxeva  阅读(1802)  评论(0编辑  收藏  举报
相关博文:
· uci rpc
· USB拨号驱动
· OpenWRT(7):OpenWRT进程间通信-ubus、ubusd、libubus等
· OpenWRT(16):基于ubus的远程调用守护进程rpcd(Remote Procedure Call Daemon)
· 12 ubus
阅读排行:
· 阿里最新开源QwQ-32B,效果媲美deepseek-r1满血版,部署成本又又又降低了!
· SQL Server 2025 AI相关能力初探
· AI编程工具终极对决:字节Trae VS Cursor,谁才是开发者新宠?
· 开源Multi-agent AI智能体框架aevatar.ai,欢迎大家贡献代码
· Manus重磅发布:全球首款通用AI代理技术深度解析与实战指南
历史上的今天:
2020-09-29 USB挂载&U盘启动
2020-09-29 OPKG 介绍
2020-09-29 OPKG 配置
2020-09-29 OPKG 软件包管理
2020-09-29 opkg install 自动安装
2020-09-29 MIPS 24k 34k 74k
2020-09-29 Linux中arp表的老化机制
点击右上角即可分享
微信分享提示
AI IDE Trae