Copyright © https://mongoose-os.com

Mongoose OS Forum

frame
ATTENTION! This forum has moved to:

https://community.mongoose-os.com

Do not post any new messages.

RPC secure

EstebanBosseEstebanBosse Cordoba Argentina

Hello!
I need security in rpc over wifi, I was trying with mTLS and https with certificates two-side.
I dont want to use two-side certificates for visit my files in http-server. I want have some public files there.
But RPC commands must be accesibles only for me.
Using mos call Config.Get I can see:

"rpc": {
    "enable": true,
    "max_frame_size": 4096,
    "max_queue_length": 25,
    "default_out_channel_idle_close_timeout": 10,
    "acl_file": "",
    "auth_domain": "",
    "auth_file": "",
    "ws": {
      "enable": true,
      "server_address": "",
      "reconnect_interval_min": 1,
      "reconnect_interval_max": 60,
      "ssl_server_name": "",
      "ssl_ca_file": "",
      "ssl_client_cert_file": ""
    },

How can I use "auth_file": "" and ssl_ca_file and ssl_client_cert_file without force my http server to use two-side certificates?

Comments

  • EstebanBosseEstebanBosse Cordoba Argentina
    edited September 2017

    Hello again, I can solve this with help from Deomid Ryabkov.
    I'll explain a few:
    Its possible to implement username and password for RPC commands.
    Looking this RPC config:

    "rpc": { "auth_domain": "blah", "auth_file": "rpc-passwd", "acl_file": "rpc-acl.json" }
    

    auth_domain is known as realm.
    auth_file its like a htdigest apache format file.
    rpc-acl.json contains an array of rules.

    auth_file can be generated with htdigest -c rcp-pass-file realm user
    rpc-acl.json example:

    [ {"method": "FS.*", "acl": "+user1,-user2"}, {"method": "*", "acl": "-*"}, ]
    

    Where user1 have access to FS service and user2 dont have access.
    To the rest of the services nobody will have access

    Thanked by 1SergheiD
  • jonwjonw USA
    edited September 2017

    How is authentication this way passed via websocket and serial RPC calls?

  • SergeySergey Dublin, Ireland

    client sends an authenticated request, gets 401 with nonce.
    client creates auth keys which are added to the rpc frame.
    same as with HTTP .

    Thanked by 1jonw
Sign In or Register to comment.