OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 19.1 Legacy Series »
  • API: What is correct permission to get the routing tables?
« previous next »
  • Print
Pages: [1]

Author Topic: API: What is correct permission to get the routing tables?  (Read 4681 times)

haaa

  • Newbie
  • *
  • Posts: 8
  • Karma: 0
    • View Profile
API: What is correct permission to get the routing tables?
« on: July 24, 2019, 09:38:33 am »
Hello,

I just wrote my first script to determine active routing table entries automatically by using the API. For this purpose I create a user, granted the permission for "Diagnostics: Routing Tables" and added an API key. When using curl to get https://<IP>/api/diagnostics/interface/getroutes, I get "Authentication failed". Adding permission "All pages" to the user leads me to the correct result.

What permission do I have to enable to only allow the user reading the routing tables?

Thank you in advance,
Andreas
Logged

mimugmail

  • Hero Member
  • *****
  • Posts: 6767
  • Karma: 494
    • View Profile
Re: API: What is correct permission to get the routing tables?
« Reply #1 on: July 24, 2019, 11:14:17 am »
Did you set api key and secret before in your curl?
Logged
WWW: www.routerperformance.net
Support plans: https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German): https://opnsense.max-it.de/

haaa

  • Newbie
  • *
  • Posts: 8
  • Karma: 0
    • View Profile
Re: API: What is correct permission to get the routing tables?
« Reply #2 on: July 24, 2019, 11:30:19 am »
Yes, of course.
Logged

mimugmail

  • Hero Member
  • *****
  • Posts: 6767
  • Karma: 494
    • View Profile
Re: API: What is correct permission to get the routing tables?
« Reply #3 on: July 24, 2019, 12:00:20 pm »
Have you tried to put the user in admin group?
Logged
WWW: www.routerperformance.net
Support plans: https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German): https://opnsense.max-it.de/

haaa

  • Newbie
  • *
  • Posts: 8
  • Karma: 0
    • View Profile
Re: API: What is correct permission to get the routing tables?
« Reply #4 on: July 24, 2019, 12:29:18 pm »
No, because that is not, what I want. The user shall have the permission to display routing table, and ONLY this permission. I don't want to have an additional admin user. For this I could have added an API key to root ;-)
Logged

franco

  • Administrator
  • Hero Member
  • *****
  • Posts: 17707
  • Karma: 1618
    • View Profile
Re: API: What is correct permission to get the routing tables?
« Reply #5 on: July 25, 2019, 08:26:43 pm »
https://github.com/opnsense/core/blob/master/src/opnsense/mvc/app/models/OPNsense/Diagnostics/ACL/ACL.xml#L16-L22
Logged

haaa

  • Newbie
  • *
  • Posts: 8
  • Karma: 0
    • View Profile
Re: API: What is correct permission to get the routing tables?
« Reply #6 on: July 25, 2019, 09:01:40 pm »
Hello Franco,

thank you for your reply. As I also found this reference in the code, I already granted permission "Diagnostics: Routing Tables" to the user. But that does not work as I get "Authentication failed". So maybe there is a bug?

Regards,
Andreas
Logged
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 19.1 Legacy Series »
  • API: What is correct permission to get the routing tables?
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2