gt-rail / rosauth Goto Github PK
View Code? Open in Web Editor NEWServer Side tools for Authorization and Authentication of ROS Clients
Home Page: http://wiki.ros.org/rosauth
License: Other
Server Side tools for Authorization and Authentication of ROS Clients
Home Page: http://wiki.ros.org/rosauth
License: Other
how use this tool , i think that is very useful.
thankyou
Could you release rosauth for Lunar? I've tested that it works and that that debian packages built. I'm trying to release the rospilot package for Lunar, which depends on this. Thanks!
Could you release rosauth for ROS Melodic? I've tested it, and it seems like everything builds and all tests pass. Thanks!
Would you release rosauth on noetic? I am waiting to release rosbridge_suite
To resolve run dependency of rosbridge in hydro
Could you release rosauth for Kinetic? I tested it and it seems to be working fine with no changes
It's your friendly, neighborhood package-release-poker. Could we get a release of this package for Galactic to support a Galactic release of rosbridge_suite
?
I'm setting up a rosbridge websocket that should authenticate the clients to harden security. The rosbridge already comes with authentication mechanism, which points to this project.
Here I face the first problem, it's very difficult to find information about how the authentication is performed or how should this service be used. After some digging I found this issue that explained a bit of how this works. (#3)
Still it's unclear to me how exactly to construct the authentication request, there's no information regarding which digest the MAC should be, or which message is MAC calculated for. After further digging by looking into the source code, it seems that the digest is SHA-512 and the message is the concatenation of secret and values from the authentication request.
With this knowledge I tried to authenticate by calling /authenticate manually using the following setup.
secret:
f1JlG2fNnJIHgjnL
request:
client: '' dest: '' rand: 'random' t: {secs: 0, nsecs: 0} level: '' end: {secs: 0, nsecs: 0}
The MAC should therefore be the SHA-512 digest of f1JlG2fNnJIHgjnLrandom00
, which is
01C0D1F9FB2E945DFE8E19F66072BFC2115518E81D805BCBA6F427D94995181D6725DF71B74C536B1CC43D5133E1CEB81999DA2AA2768CA20363DFB6797B941E
Complete call to the service is
rosservice call /authenticate "mac: '01C0D1F9FB2E945DFE8E19F66072BFC2115518E81D805BCBA6F427D94995181D6725DF71B74C536B1CC43D5133E1CEB81999DA2AA2768CA20363DFB6797B941E' client: '' dest: '' rand: 'random' t: {secs: 0, nsecs: 0} level: '' end: {secs: 0, nsecs: 0}"
But the service returns
authenticated: False
Any help or suggestions will be appreciated
Thanks in advance
Looks like this package is a dependency for releasing https://github.com/RobotWebTools/rosbridge_suite/ to Foxy. Could we get a release of this package for Foxy? Looks like @dirk-thomas did the last ROS2 release.
https://github.com/GT-RAIL/rosauth/blob/develop/src/ros_mac_authentication.cpp#L29 ensures that the parameter path of the secret is always the same. However, usually private node parameters are kept in the namespace of the node which is now not possible (unless you call the node ros_mac_authentication
).
What about using the local nodehandle to perform the parameters lookup?
Currently rosauth implements Hash(secret | message) which is vunerable to a length extension attack https://en.wikipedia.org/wiki/HMAC
Typically you'd want Hash(secret | hash(secret | message))
Gazebo is running with use_sim_time
true
. However, my roslibjs
client is not connected to the /clock
topic which makes it impossible to authenticate the roslibjs
client. It would be nice if we could make the time delta check configurable (instead of harcoded 5
https://github.com/GT-RAIL/rosauth/blob/develop/src/ros_mac_authentication.cpp#L68) so I can work around this.
What do you think?
I ran into some issues compiling the rosauth package. The include file "rosauth.h" is missing during compilation, which can be fixed by restarting catkin_make 3 - 4 times in a row.
Adding explicit dependencies on gencpp for the test target fixes this issue for me.
Please see #8 for further details
We (OSRF) would like to contribute a ROS 2 port of this package. Commonly we prefer to create a ros2
branch in the upstream repository in order to keep the code as close as possible to the ROS 1 code and ease porting of patches between the branches.
I just wanted to check if the maintainers of this repo would be open to this? This could either be done by creating a ros2
branch for us and we create PRs or (if you would be comfortable with giving us write access) we could move forward on this without requiring your attention for future PRs (we would still go through PRs).
Otherwise we would need to create a fork of the repo (which is more difficult to discover and sometime unclear to users which repo to use).
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.