View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0005669||GNUnet||rest service||public||2019-03-27 17:13||2021-02-21 11:01|
|Summary||0005669: REST service is not multiuser enabled|
|Description||The service potentially exposes a users GNUnet services to other users (on the same system) through the REST service.|
the GNUnet architecture is comprised of services which communicate via IPC. On UNIX systems, the communications happen via UNIX sockets.
The architecture distinguishes user components and system components.
System components are processes used by all users of the same system and user components are processes of the user.
An example for a system component would be the basic connectivity service such as core or transport.
An example for a user component would be the "identity" service which store's a user's identities (public/private key pairs).
Each user runs his own identity service.
The problem with the current REST service is that it listens on a specific port: 7776.
So there can only be one process (service) => It must be a system service.
However, the identity REST API must use the correct identity service for the user calling the API.
Hence, the goal is to extend the REST service to:
1. Authenticate the user (e.g. using PAM and setuid()). For example using HTTP Basic Authentication
2. Load the user-specific GNUnet service configuration to connect to the (correct) user services.
It may also be a good idea to have the option for a "single user" mode for the REST service which does not require a password.