search

mumble-voip / mumble

Mumble is an open-source, low-latency, high quality voice chat software.
https://www.mumble.info
Other
6.41k stars 1.12k forks source link

Creating a channel requires a registered user and a cert hash #1572

Open mkrautz opened 9 years ago

mkrautz commented 9 years ago

bpye reports on IRC that creating a channel requires a user to be registered and have a cert:

https://github.com/mumble-voip/mumble/blame/840a31de0e217f7908d3872b7cd76568ad28ccb1/src/murmur/Messages.cpp#L886

01:22 < bpye> I'm trying to interact from mumble from my own code, I can connect and perform some actions, however adding channels is proving challenging. Despite adding an access token I am getting PermissionDenied with NoCertificate, so I attempt to send a client certiciate. It however seems that mumble does not recognize this certificate, that or it is not being sent but I find that unlikely, is there any way I can check this. I ahve access to the server of course.
[...]
01:38 < bpye> https://github.com/mumble-voip/mumble/blob/840a31de0e217f7908d3872b7cd76568ad28ccb1/src/murmur/Messages.cpp#L886
01:38 < bpye> Why is this check done, why do you require a cert?

This seems overly broad, quoting myself:

07:37 <@mkrautz> bpye: I don't know. It seems a bit arbitrary.
07:40 <@mkrautz> bpye: it's supposed to be a "is this user registered?" check. but it's overly broad, and requires the target user to be using certificate auth in addition to being registered.
07:41 <@mkrautz> also, it adds an additional layer on top of the MakeChannel/MakeTempChannel ACLs, potentially making them useless in some cases.
mkrautz commented 9 years ago 
13:24 < Natenom> mkrautz: Not sure if I understand this bug report exactly, but if a user is not registered then the hash of his certificate is used as his "user id" in the ACL of a temporary created channel. Maybe one could use the session id instead if there is no cert(?).
17:26 < mkrautz> Natenom: ahh
17:26 < mkrautz> right
17:26 < mkrautz> then it makes sense the way it is :)

We should instead add a comment explaining this at the permission check.

hacst commented 9 years ago

Completely sidetracking this issue: I really would like to see us dropping support for connections without a client certificate someday. It's a horrible hassle in all kind of things when working with user identity and we can easily enable similar functionality by offering to generate "single use" certificates or something like that.

ubuntuaddicted commented 9 years ago

I would like to see the certificates go away as well. I'm attempting to use my murmur server as a place for people to gather and its a pain when they're newlinux users and are Distro hoping around trying to find the distro they like. They forget to save their certificate and then thy have to create a new username or ask me to delete their old username. Just my 2 cents if it's worth anything. On Wed, Feb 18, 2015 at 1:48 PM Stefan Hacker notifications@github.com wrote:

Completely sidetracking this issue: I really would like to see us dropping support for connections without a client certificate someday. It's a horrible hassle in all kind of things when working with user identity and we can easily enable similar functionality by offering to generate "single use" certificates or something like that.

— Reply to this email directly or view it on GitHub https://github.com/mumble-voip/mumble/issues/1572#issuecomment-74934440.

cydactyl commented 9 years ago

@ubuntuaddicted, Certificates shouldn't, and wont be going away. They are far too important for identity protection & authentication. It's a wider problem of people not understanding that the certificate's public key is whats saved on the server. Perhaps Mumble could add some helpful information pertaining to certificates, however that would need to be discussed. I think you misunderstood @hacst, he stated that support for clients without a certificate should be dropped, and I agree.