From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-ed1-x52a.google.com (mail-ed1-x52a.google.com [IPv6:2a00:1450:4864:20::52a]) by mail.toke.dk (Postfix) with ESMTPS id BE0C0A9B237 for ; Mon, 02 Dec 2024 18:29:36 +0100 (CET) Authentication-Results: mail.toke.dk; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20230601 header.b=L9PsdyiM Received: by mail-ed1-x52a.google.com with SMTP id 4fb4d7f45d1cf-5cf6f367f97so5463652a12.0 for ; Mon, 02 Dec 2024 09:29:36 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1733160516; x=1733765316; darn=lists.galene.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=QjMkDvFE5Fdh6huzNYrDcoTB2fjlf6HxbEhPeyktWl4=; b=L9PsdyiMnK7cs1WJ+q3X+E6yWR0iZCKGJ9X5QM9k24ela1O5rn6riuZ0a/UrIKPHil B6yS6PwQrjNxWFcaZHBcdGhobzBK2mYJJ2FpciCPqmTZdO0vy1yZ4zt9gUaY1+wtztb8 YqLw6VEaDfmgLX5qOAslnylai0xRhS0WMm16DPdfFwnS/lL2YOy9R3q4hm7lW1d7TIUw 7WlwQCFrK9Ju1Gv94+6b1CmbLWCD4YTLvwhz1RKXqAHr+hk/aJUfbINCSRUrLnoBAuPW xfUJ+By62y2BRCwv3j/5EkpRTgsRumRS+CwEWmTvXKu7ke507d7wuMkOw8o51Q8CNV+W 2r6g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1733160516; x=1733765316; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=QjMkDvFE5Fdh6huzNYrDcoTB2fjlf6HxbEhPeyktWl4=; b=o8TtnIJPdbf3W/GL6kX4uU+MbKlCVoaxC3cy2+Qk7uF65aQYwZHcZ2C6eJ0GC3L5kk gZeQZZq/ZC2eNKMOtwREUU0JurvWULbuW1uomOEB1eE0zFP1jaD2+5sFpIP5h7h3xKXE 7fs2sJWqusDsvygQlVH83crc0lZQdZYayeJqZa4VumHlSDaIRW13mOokTMKhWPfSwmZh 9//hVbZku9yaCJAzonvjkZXTcRsx5E8WPehDNECaPbIg5CqF0l40ttIjm31n6SP6bqS7 1sNpWxwop8uVEJAFNKXbUM7BfqJN9K7nzkC94CAp8FkFAEmndxg6shXhvz6ysW8P8dyM uvDQ== X-Gm-Message-State: AOJu0YxFj88xVdNCwraxJ+MhwYU09cQ7gruT9SfEqG5HinSYFROzmjf4 kJv9uO7OF0PSGoNBKytosNHFXBVsisuuue9uHFExKPb5VrearilE6AwEjzGQg+a2kp/Pd1dzzsQ AM9k54duWCfkjbIAX5w/uItWdsT0= X-Gm-Gg: ASbGnctlBgebYorxDAbUVUl/S+wIgw1NI0gv8YvTHsxgv7m67hUu+SnJDnVTT9pNuZn ZnyeJIQJTJYxzPLbrWyCoQldTmqBfLHntbPNlfaJqJrSXT5UakpVPCVxf/TkpeKlf X-Google-Smtp-Source: AGHT+IFmf8XHhqEXLE8fE9AzuPTI63kp1i/w5IFDm0Mzai4Vq6Om2iKtKnf4pnXCpJmyzOpz85lon9ULphZZ13uYA6I= X-Received: by 2002:a05:6402:3227:b0:5d0:bcdd:ff9c with SMTP id 4fb4d7f45d1cf-5d0bcde0298mr16186384a12.2.1733160516066; Mon, 02 Dec 2024 09:28:36 -0800 (PST) MIME-Version: 1.0 References: <87iks2jnic.wl-jch@irif.fr> In-Reply-To: <87iks2jnic.wl-jch@irif.fr> From: Marty Betz Date: Mon, 2 Dec 2024 09:28:24 -0800 Message-ID: To: Juliusz Chroboczek Content-Type: multipart/alternative; boundary="000000000000e6295806284ce0ef" Message-ID-Hash: TZBADB7XNU53T2OBYSEA3Y4U3IBTONH7 X-Message-ID-Hash: TZBADB7XNU53T2OBYSEA3Y4U3IBTONH7 X-MailFrom: martybetz@gmail.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: galene@lists.galene.org X-Mailman-Version: 3.3.10 Precedence: list Subject: [Galene] Re: Admin group creation List-Id: =?utf-8?q?Gal=C3=A8ne_videoconferencing_server_discussion_list?= Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: --000000000000e6295806284ce0ef Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Thanks. This makes sense. I got my group creation working using the REST api. Now here is my question about private groups and wildcard-users. I want a group that authorizes only a few select users (admin, john, and larry). Your example group public.json looks like this: { "op": [{"username": "admin", "password": "password"}], "presenter": [{}], "public": true} So first (before using the REST api) , I tried to make a private group manually in JSON files like this: { "op": [{"username": "admin", "password": "12345"}], "presenter": [{}], "description": "This is a private group to test password-based restrictions.", "displayName": "Private 3", "users":{"john":{"password":"224715","permissions":"present"},"larry":{"pas= sword":"925385","permissions":"present"}} } Being non-public, this doesn't appear in the public list of groups. Great. But, a big problem! Login [admin/12345] >>> logged in Login [admin/ anything_else ] >>> "not authorized" Login [john/224715] >>> logged in Login [john/ anything_else ] >>> "not authorized" Login [larry/925385] >>> logged in Login [larry/ anything_else ] >>> "not authorized" PROBLEM: Login [anyone_else/anything] >>> logged in It seems I can only stop anonymous logins by adding a wildcard user with obscure password: { "op": [{"username": "admin", "password": "12345"}], "presenter": [{}], "description": "This is a private group to test password-based restrictions.", "displayName": "Private Test Group", "users":{"john":{"password":"224715","permissions":"present"},"larry":{"pas= sword":"925385","permissions":"present"}}, "wildcard-user":{"password":"98579223487","permissions":"present"} } Login [admin/12345] >>> logged in Login [admin/monkey] >>> "not authorized" Login [rando/98579223487] >>> logged in Login [rando/anything_else] >>> "not authorized" What am I doing wrong or do I have the wrong mental model? -Marty On Mon, Dec 2, 2024 at 4:08=E2=80=AFAM Juliusz Chroboczek wro= te: > Hello, > > > In particular I tried to create a group using PUT method with JSON body > and it > > works fine for simple groups > > Good. > > > But if I include a "users" list or a "wildcard-user" value, it fails > with a > > "description is not sanitized" error. > > Right. That's by design. > > > Why is this "sanitized" check existing in UpdateDescription(). > > The API splits the group description into two parts: > > - the "sanitised" group description itself; > - the users' database. > > Every user, in turn, is split into two parts: > > - the user description; > - the password. > > So in order to create a group, you need to make 1 + 2n requests: > > - create the group: PUT /api/v0/.groups/groupname > - for every user > - create the user: PUT /api/v0/.groups/groupname/.users/username > - set the password: PUT > /api/v0/.groups/groupname/.users/username/.password > > You use .wildcard-user for the wildcard user. > > The main reason why I've used this organisation is that it makes > fine-grained access control possible: for example, a normal (non-admin) > user is allowed to change their own password, but they're of course not > allowed to change the rest of the group description. Conversely, an admi= n > is allowed to change the group description, but they're not allowed to GE= T > a password. > > (There are other advantages, but they're less important, so I won't bore > you with them here.) > > The main drawback, of course, is that it makes some operations > inefficient. For example, in order to display the list of users together > with their persmissions, you need to do this: > > GET /api/v0/.groups/groupname/.users/ > for every user > GET /api/v0/.groups/groupname/.users/username > > (It also makes the operation non-atomic: if a user is deleted between the > first and the subsequent GET, then you'll unexpectedly get a 404 error. > Oh, well.) > > If it becomes a problem in the future, I'll extend the API with operation= s > over collections, but until we gain more experience with the API, I'd > rather stick to simple operations only. > > By the way: the main user of the API right now is the galenectl program, > which you're find in the Galene sources. Feel free to copy-paste code > from there. > > I hope this helps, > > -- Juliusz Chroboczek > --000000000000e6295806284ce0ef Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Thanks. This makes sense. I got my group creation working = using the REST api.

Now here is my question about privat= e groups and wildcard-users. I want a group that authorizes only a few sele= ct users (admin, john, and larry).

Your example group public.= json looks like this:
{ "= ;op": [{"username": "admin", "password":= "password"}], "presenter": [{}], "public": t= rue}

So first (before using the REST api) , I tried to make a= private group manually in JSON files like this:

{
=C2=A0 =C2=A0 "op": [{"username= ": "admin", "password": "12345"}],
= =C2=A0 =C2=A0 "presenter": [{}],
=C2=A0 =C2=A0 "descripti= on": "This is a private group to test password-based restrictions= .",
=C2=A0 =C2=A0 "displayName": "Private 3",=C2=A0 =C2=A0 "users":{"john":{"password":&= quot;224715","permissions":"present"},"larry&= quot;:{"password":"925385","permissions":&quo= t;present"}}
}

Being non-public, this doesn't app= ear in the public list of groups.=C2=A0 Great. =C2=A0

<= div>But, a big problem!

Login [admin/12345] =C2=A0>>>= ; logged in
Login [admin/ anything_else=C2=A0 ] >>> "not authorized"
Login [joh= n/224715] =C2=A0>>> logged in
Login [john/ anything_else=C2=A0 ] >>> "not authorized"
Login [lar= ry/925385] =C2=A0>>> logged in
Login [larry/ anything_else=C2=A0 ] >>> "not authorized"
PRO= BLEM:=C2=A0 Login [anyone_else/anything] >>&g= t; logged in

It seems I can only stop anonymous logins by add= ing a wildcard user with obscure password:
{
=C2=A0 =C2=A0 "op": [{"username": &= quot;admin", "password": "12345"}],
=C2=A0 =C2= =A0 "presenter": [{}],
=C2=A0 =C2=A0 "description": = "This is a private group to test password-based restrictions.",=C2=A0 =C2=A0 "displayName": "Private Test Group",=C2=A0 =C2=A0 "users":{"john":{"password":&q= uot;224715","permissions":"present"},"larry&q= uot;:{"password":"925385","permissions":"= ;present"}},
=C2=A0 =C2=A0 "wildcard-user":{"passwor= d":"98579223487","permissions":"present"= }
}

Login [admin/12345] =C2=A0>>> logged in
Lo= gin [admin/monkey] >>> "not authorized"
Login [rando/= 98579223487] >>> logged in
Login [rando/anything_else] >>= > "not authorized"

What am I doing wrong or = do I have the wrong mental model?
-Marty



On Mon, Dec 2, 2024 at 4:08=E2=80=AFAM Jul= iusz Chroboczek <jch@irif.fr> wrot= e:
Hello,

> In particular I tried to create a group using PUT method with JSON bod= y and it
> works fine for simple groups

Good.

> But if I include a "users" list or a "wildcard-user&quo= t; value, it fails with a
> "description is not sanitized" error.

Right.=C2=A0 That's by design.

> Why is this "sanitized" check existing in UpdateDescription(= ).

The API splits the group description into two parts:

=C2=A0 - the "sanitised" group description itself;
=C2=A0 - the users' database.

Every user, in turn, is split into two parts:

=C2=A0 - the user description;
=C2=A0 - the password.

So in order to create a group, you need to make 1 + 2n requests:

=C2=A0 - create the group: PUT /api/v0/.groups/groupname
=C2=A0 - for every user
=C2=A0 =C2=A0 =C2=A0- create the user: PUT /api/v0/.groups/groupname/.users= /username
=C2=A0 =C2=A0 =C2=A0- set the password: PUT /api/v0/.groups/groupname/.user= s/username/.password

You use .wildcard-user for the wildcard user.

The main reason why I've used this organisation is that it makes
fine-grained access control possible: for example, a normal (non-admin)
user is allowed to change their own password, but they're of course not=
allowed to change the rest of the group description.=C2=A0 Conversely, an a= dmin
is allowed to change the group description, but they're not allowed to = GET
a password.

(There are other advantages, but they're less important, so I won't= bore
you with them here.)

The main drawback, of course, is that it makes some operations
inefficient.=C2=A0 For example, in order to display the list of users toget= her
with their persmissions, you need to do this:

=C2=A0 GET /api/v0/.groups/groupname/.users/
=C2=A0 for every user
=C2=A0 =C2=A0 =C2=A0 GET /api/v0/.groups/groupname/.users/username

(It also makes the operation non-atomic: if a user is deleted between the first and the subsequent GET, then you'll unexpectedly get a 404 error.=
Oh, well.)

If it becomes a problem in the future, I'll extend the API with operati= ons
over collections, but until we gain more experience with the API, I'd rather stick to simple operations only.

By the way: the main user of the API right now is the galenectl program, which you're find in the Galene sources.=C2=A0 Feel free to copy-paste = code
from there.

I hope this helps,

-- Juliusz Chroboczek
--000000000000e6295806284ce0ef--