Duet3D Logo

    Duet3D

    • Register
    • Login
    • Search
    • Categories
    • Tags
    • Documentation
    • Order

    Slic3r PE upload (and, optionally, print) functionality

    General Discussion
    3
    7
    742
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • crpalmer
      crpalmer last edited by

      I just installed Slic3r (Prusa Edition) and found that I could enter the IP address (hostname) of my duet controller and it didn't seem to require any login credentials to be able to upload and start a print job remotely. How does that work?

      Thanks,
      Chris

      1 Reply Last reply Reply Quote 0
      • dc42
        dc42 administrators last edited by

        It's probably using the default password, and you haven't changed the password of your Duet. See https://duet3d.dozuki.com/Wiki/GCode#Section_M551_Set_Password.

        Duet WiFi hardware designer and firmware engineer
        Please do not ask me for Duet support via PM or email, use the forum
        http://www.escher3d.com, https://miscsolutions.wordpress.com

        1 Reply Last reply Reply Quote 0
        • crpalmer
          crpalmer last edited by crpalmer

          Either I have something funny in how I setup my Duet or this sounds like there is a security problem.

          I am running:

          Firmware Version: 2.02(RTOS) (2018-12-24b1)
          WiFi Server Version: 1.21
          Web Interface Version: 1.22.6

          and I just verified that I cannot log into the web interface using the password "reprap" but I can with the custom password I have set using M551 in my configuration. I just learned a little about the rr_* rest interface and I find that I can run:

          curl http://tlm-duet/rr_status
          curl http://tlm-duet/rr_filelist?dir=0:/gcodes
          curl http://tlm-duet/rr_mkdir?dir=0:/gcodes/test

          and most surprisingly:

          curl 'http://tlm-duet/rr_gcode?"gcode=0:/gcodes/inner.gcode"'

          (where tlm-duet is the hostname of my printer and inner.gcode exists).

          and my printer starts printing. For fun I also tried adding in a bogus password:

          curl 'http://tlm-duet/rr_gcode?"gcode=0:/gcodes/inner.gcode"&password=ajfdlkajfla'

          and that also successfully started the print. I have verified the same behaviour on 2 different printers both running the same version (one on a Duet WiFi and the other on a Duet Maestro).

          1 Reply Last reply Reply Quote 0
          • dc42
            dc42 administrators last edited by dc42

            If you are already running DWC on the same PC, then that IP address will already be authenticated and any commands from that PC will be allowed.

            Duet WiFi hardware designer and firmware engineer
            Please do not ask me for Duet support via PM or email, use the forum
            http://www.escher3d.com, https://miscsolutions.wordpress.com

            1 Reply Last reply Reply Quote 0
            • crpalmer
              crpalmer last edited by

              Wow, that is pretty magical!

              For this testing, I was logged into DWC in an X windows session (linux) and running these commands using a terminal that I connected to remotely, I just closed Chrome in the X windows session and it now correctly rejects these commands due to authentication failure.

              I guess it is doing IP based authentication?

              After logging back into the DWC on that machine, I created a new user and logged in remotely via ssh as the new user and that user could control the DWC via curl without requiring authentication.

              Which does seem like a smaller security hole but not as bad as it seemed.

              1 Reply Last reply Reply Quote 0
              • dc42
                dc42 administrators last edited by

                Yes, it does IP-based authentication. The HTTP request only tells us the sending IP address and port number, and the port number keeps changing.

                Duet WiFi hardware designer and firmware engineer
                Please do not ask me for Duet support via PM or email, use the forum
                http://www.escher3d.com, https://miscsolutions.wordpress.com

                1 Reply Last reply Reply Quote 0
                • JuJuDelta
                  JuJuDelta last edited by

                  Hi Guys,

                  I've been experiencing a spot of bother using Slic3r STD edition.
                  Is Slic3r Prussa Edition better than Slic3r for a Kossel XL+ ?

                  Thanks,

                  T3DP3D Kossel XL+, Duet2Wifi, PanelDue 7i, RRF V3.2, Fl3xdrive, SmartEffector, Berd Air annulus, Cura 4.x, PrusaSlicer, RPi WiFi Camera, Heated Chamber

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Unless otherwise noted, all forum content is licensed under CC-BY-SA