mumble-voip / mumble-scripts Goto Github PK

View Code? Open in Web Editor NEW

49.0 18.0 33.0 202 KB

Mumble scripts is a place for gathering various scripts written for the Mumble VoIP application.

Home Page: https://www.mumble.info

Python 64.53% Slice 35.47%

mumble python zeroc-ice hacktoberfest

mumble-scripts's Introduction

mumble-scripts

Mumble scripts is a place for gathering various scripts written for the Mumble VoIP application.

Mumble script isn't limited to specific languages or use-cases. If you have a neat, self-contained, script you think might be useful to the community and you are not bothered by being poked by people if it breaks feel free to create a pull request.

If you notice anything wrong with the existing scripts please report a bug using the github issue tracker at https://github.com/mumble-voip/mumble-scripts/issues . Of course we also take patches.

mumble-scripts's People

Contributors

Stargazers

Watchers

mumble-scripts's Issues

LDAP Authenticator: unencrypted traffic with 'use_start_tls = True'

I've setup the LDAP authenticator with on our mumble server but checking the traffic with tcpdump I've noticed that only the first query is encrypted. Subsequent queries are unecrypted. No user pass is leaked (used in the first query) but all the user's details and the bind pass are leaked.

You can verify this with:

$ sudo tcpdump host ldap.example.com -s0 -w mumble-ldap.pcap

and read the mumble-ldap.pcap file with wireshark.

Authenticator :How to handle multi virtual servers?

Dear All.
I'm learning on how to write authenticator.

Currently I have a simple one, just with hardcoded username, password and group name.

It's based on https://github.com/mumble-voip/mumble-scripts/blob/master/Authenticators/phpBB3/phpBB3auth.py

From the .ini file and code line 399, looks like a single authenticator 'daemon' can handle authentication request from multiple virtual servers.

But in class phpBBauthenticator (line 444) I could not find/understand how this class will know which virtual server make a call.

Kindly please give me some clue.

LDAP authenticator: StartTLS support

Does the LDAP authenticator support StartTLS? If so, how this can be configured? If no, is this planned in a future version?

LDAP authenticator: number_attr - use hash(username_attr) instead

Hi,
instead of using a possibly unused field in LDAP why do you not just use a hash function to generate a unique number from the unique username_attr instead.

This would also save time when creating user accounts.

Thanks
Rainer

Drupal 8 Authentication (Request)

As Drupal8 is nearing release and is likely to be used for the next 3-6 years, it would be great if a mumble authenticator could be supported for it.

Unlike Drupal6 which used a simple md5 hash, Drupal 8 is based on phpass. Their implementation can be found here:
https://api.drupal.org/api/drupal/core!lib!Drupal!Core!Password!PhpassHashedPassword.php/class/PhpassHashedPassword/8

The table of interest is now 'users_field_data' instead of 'users'.
The fields are:

uid
name
pass

It would probably also make sense to verify that their status is '1' (0 being blocked)

Porting to Python 3

Is it possible to port those scripts to Python 3, since Python 2 is now officially not supported anymore?

I tried to run the LDAPAuthenticator however, after fixing some syntax with "2to3", python-daemon package seemed to be incompatible between versions for py3 and py2.
I would really appreciate any help :)

Client disconnects after ~15s when using LDAPauth

Hello Mumble Crew!
I would love to start using Mumble as VoIP platform for remote working employees in the company where I work, but I have a problem, which is blocking me:

I have a fresh installation of Murmur 1.3.0-1~ppa1~bionic1. When I join the server without any authorization, everything works flawlessly, I can see created channels and I can speak with other users. Murmur log looks as below:

<W>2020-03-11 22:16:02.686 SSL: OpenSSL version is 'OpenSSL 1.1.1  11 Sep 2018'
<W>2020-03-11 22:16:02.686 Initializing settings from /etc/mumble-server.ini (basepath /etc)
<W>2020-03-11 22:16:02.721 MetaParams: TLS cipher preference is "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:AES256-SHA:AES128-SHA"
<W>2020-03-11 22:16:02.755 ServerDB: Opened SQLite database /var/lib/mumble-server/mumble-server.sqlite
<W>2020-03-11 22:16:02.755 ServerDB: Using SQLite's default rollback journal.
<W>2020-03-11 22:16:02.761 MurmurIce: Endpoint "tcp -h 127.0.0.1 -p 6502 -t 60000" running
<W>2020-03-11 22:16:02.810 Murmur 1.3.0 (1.3.0-1~ppa1~bionic1) running on X11: Ubuntu 18.04.3 LTS: Booting servers
<W>2020-03-11 22:16:02.830 1 => Server listening on 0.0.0.0:64738
<W>2020-03-11 22:16:02.870 1 => Announcing server via bonjour
<W>2020-03-11 22:16:02.883 1 => Not registering server as public

<W>2020-03-11 22:16:17.569 1 => <1:(-1)> New connection: 172.18.0.100:45054
<W>2020-03-11 22:16:17.606 1 => <1:(-1)> Client version 1.3.0 (X11: 1.3.0+dfsg-1)
<W>2020-03-11 22:16:17.616 1 => Starting voice thread
<W>2020-03-11 22:16:17.626 1 => CELT codec switch ffffffff8000000b 0 (prefer ffffffff8000000b) (Opus 1)
<W>2020-03-11 22:16:17.635 1 => <1:bartosz.zieba(-1)> Authenticated

<W>2020-03-11 22:16:27.765 1 => <1:bartosz.zieba(-1)> Connection closed: The remote host closed the connection [1]
<W>2020-03-11 22:16:27.775 1 => Ending voice thread

The problem begins, when I enable LDAPauth.py with this config:

[user]
id_offset       = 1000000000
reject_on_error = True
reject_on_miss  = True
[ice]
host            = 127.0.0.1
port            = 6502
slice           = /usr/share/slice/Murmur.ice
secret          = ICE_SECRET
watchdog        = 30
[ldap]
bind_dn = CN=Mumble,OU=Service,OU=Users,DC=xx,DC=yy,DC=zz
bind_pass = BIND_PASS
ldap_uri = ldap://xx.yy.zz
users_dn = OU=Administrators,OU=Users,DC=xx,DC=yy,DC=zz
discover_dn = false
username_attr = sAMAccountName
number_attr = primaryGroupID
[murmur]
servers      =
[log]
level   =
file    = /var/log/mumble-server/LDAPauth.log
[iceraw]
Ice.ThreadPool.Server.Size = 5

After successfull connection to the server, I see only Root channel, and I see no users (even me). After ~15 seconds, the connection interrupt and the client try to reconnect.
Murmur server log:

<W>2020-03-11 22:21:14.652 SSL: OpenSSL version is 'OpenSSL 1.1.1  11 Sep 2018'
<W>2020-03-11 22:21:14.652 Initializing settings from /etc/mumble-server.ini (basepath /etc)
<W>2020-03-11 22:21:14.678 MetaParams: TLS cipher preference is "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:AES256-SHA:AES128-SHA"
<W>2020-03-11 22:21:14.712 ServerDB: Opened SQLite database /var/lib/mumble-server/mumble-server.sqlite
<W>2020-03-11 22:21:14.712 ServerDB: Using SQLite's default rollback journal.
<W>2020-03-11 22:21:14.718 MurmurIce: Endpoint "tcp -h 127.0.0.1 -p 6502 -t 60000" running
<W>2020-03-11 22:21:14.760 Murmur 1.3.0 (1.3.0-1~ppa1~bionic1) running on X11: Ubuntu 18.04.3 LTS: Booting servers
<W>2020-03-11 22:21:14.780 1 => Server listening on 0.0.0.0:64738
<W>2020-03-11 22:21:14.821 1 => Announcing server via bonjour
<W>2020-03-11 22:21:14.833 1 => Not registering server as public

<W>2020-03-11 22:21:29.245 Added Ice MetaCallback 270C2A11-9BBD-4CDD-9E1D-0002D3CE1413 -o -e 1.0:tcp -h 127.0.0.1 -p 40283 -t 5000
<W>2020-03-11 22:21:29.256 1 => Set Ice Authenticator to B06E683D-F47F-4F7C-94D9-6FA0375C1413 -t -e 1.0:tcp -h 127.0.0.1 -p 40283 -t 5000
<W>2020-03-11 22:21:29.266 1 => Set Ice UpdatingAuthenticator to B06E683D-F47F-4F7C-94D9-6FA0375C1413 -t -e 1.0:tcp -h 127.0.0.1 -p 40283 -t 5000

<W>2020-03-11 22:21:37.378 1 => <1:(-1)> New connection: 172.18.0.100:45098
<W>2020-03-11 22:21:37.420 1 => <1:(-1)> Client version 1.3.0 (X11: 1.3.0+dfsg-1)

LDAPauth log:

2020-03-11 22:21:29,239 INFO Starting LDAP mumble authenticator
2020-03-11 22:21:29,241 DEBUG Using shared ice secret
2020-03-11 22:21:29,242 INFO Connecting to Ice server (127.0.0.1:6502)
2020-03-11 22:21:29,244 INFO Attaching meta callback
2020-03-11 22:21:29,246 INFO Setting authenticator for virtual server 1
2020-03-11 22:21:29,267 INFO Attaching meta callback
2020-03-11 22:21:29,267 INFO Setting authenticator for virtual server 1
2020-03-11 22:21:37,421 DEBUG try to connect to ldap (bind_dn will be used)
2020-03-11 22:21:37,424 DEBUG User match found, display "Bartosz Zięba" with UID 513
2020-03-11 22:21:37,424 DEBUG Checking group membership for bartosz.zieba
2020-03-11 22:23:48,424 CRITICAL Unexpected exception caught
2020-03-11 22:23:48,424 ERROR {'info': u'Referral:\nldap://example.org/ou=Groups,dc=example,dc=org', 'errno': 107, 'desc': u'Referral'}
Traceback (most recent call last):
  File "/usr/local/sbin/LDAPauth.py", line 356, in newfunc
    return func(*args, **kws)
  File "/usr/local/sbin/LDAPauth.py", line 340, in newfunc
    return func(*args, **kws)
  File "/usr/local/sbin/LDAPauth.py", line 526, in authenticate
    res = ldap_conn.search_s(cfg.ldap.group_dn, ldap.SCOPE_SUBTREE, '(%s=%s)' % (cfg.ldap.group_attr, user_dn), [cfg.ldap.number_attr, cfg.ldap.display_attr])
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 852, in search_s
    return self.search_ext_s(base,scope,filterstr,attrlist,attrsonly,None,None,timeout=self.timeout)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 846, in search_ext_s
    return self.result(msgid,all=1,timeout=timeout)[1]
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 738, in result
    resp_type, resp_data, resp_msgid = self.result2(msgid,all,timeout)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 742, in result2
    resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all,timeout)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 749, in result3
    resp_ctrl_classes=resp_ctrl_classes
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 756, in result4
    ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 329, in _ldap_call
    reraise(exc_type, exc_value, exc_traceback)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 313, in _ldap_call
    result = func(*args,**kwargs)
REFERRAL: {'info': u'Referral:\nldap://example.org/ou=Groups,dc=example,dc=org', 'errno': 107, 'desc': u'Referral'}

Mumble client log:

[23:21:37] Connected.
[23:21:52] Server connection failed: Server is not responding to TCP pings.
[23:22:02] Reconnecting

As you can see, the server log ends differently than in the previous case (without LDAPauth), there is no Starting voice thread and later lines.

How can I dig it deeper?
If the patch is needed, I would like to contribute and help the project, but I don't know where to start.

Simple example of how to use the LDAP authenticator

Hi,

I have been looking for an example on how to set the LDAP authenticator. I have setup the LDAPauth.ini and run the LDAPauth.py script. It starts a daemon at port 36655:

root@mumble:~# ss -lnptu | grep python
tcp    LISTEN     0      128            127.0.0.1:36655                 *:*      users:(("python",pid=20977,fd=7))

How can I tell the mumble server to authenticate against this?

Am I missing something very obvious? I couldn't find any documentation on how to do that.

LDAPauth.py No module named 'Ice.Py3'

Running Ubuntu 22.04 I stumbled upon an error when trying to make mumble-server (1.3.4-1ubuntu1) work with my ldap.
I have installed the suggested packages: zeroc-ice-slice python3-daemon python3-ldap python3-zeroc-ice

Dec 23 16:14:57 baldr LDAPauth.py[25811]: Traceback (most recent call last):
Dec 23 16:14:57 baldr LDAPauth.py[25811]:   File "/usr/local/sbin/LDAPauth.py", line 114, in <module>
Dec 23 16:14:57 baldr LDAPauth.py[25811]:     import Ice
Dec 23 16:14:57 baldr LDAPauth.py[25811]:   File "/usr/lib/python3/dist-packages/Ice/__init__.py", line 78, in <module>
Dec 23 16:14:57 baldr LDAPauth.py[25811]:     from Ice.Py3.IceFuture import FutureBase, wrap_future
Dec 23 16:14:57 baldr LDAPauth.py[25811]: ModuleNotFoundError: No module named 'Ice.Py3'

LDAP Group synchronisation

Hi,

do you think it is possible to synchronize groups? In case of my setup I would like to have all groups that I created in mumble manually to be added or removed upon login. With the cn of the group being the groupname in mumble.

I have never done anything with mumble / ice, but I have used python quite a bit. If you give me a short snippet of how to add / remove groups I'll implement it myself and send a PR.

Authenticators should use dynamic slice retrieval

Authenticators (and possibly other scripts lacking that functionality) should fetch slice file from server by default.

phpBB3 authenticator error 'ERROR not all arguments converted during string formatting`

2015-02-08 03:26:31,248 CRITICAL Unexpected exception caught
2015-02-08 03:26:31,248 ERROR not all arguments converted during string formatting
Traceback (most recent call last):
File "./phpBB3auth.py", line 375, in newfunc
return func(_args, *_kws)
File "./phpBB3auth.py", line 466, in authenticate
cur = threadDB.execute(sql, name)
File "./phpBB3auth.py", line 188, in execute
c.execute(_args, *_kwargs)
File "/usr/local/lib/python2.7/dist-packages/MySQLdb/cursors.py", line 187, in execute
query = query % tuple([db.literal(item) for item in args])
TypeError: not all arguments converted during string formatting

LDAP Script doesn't start

When I try to start LDAPauth.py with ice enabled and the right credentials and port I get the following error in the Logfile:

icecpp: error: cannot open `/usr/local/sbin/Murmur.ice' for reading
Traceback (most recent call last):
  File "/usr/local/sbin/LDAPauth.py", line 881, in <module>
    do_main_program()
  File "/usr/local/sbin/LDAPauth.py", line 219, in do_main_program
    Ice.loadSlice('', ["-I/usr/share/slice/","Murmur.ice"])
RuntimeError: Slice preprocessing failed for `'`

I already tried forcing another ice path but as you can see in the first line, it somehow tries to find the .ice in the Directory the Script is in.

Suggestion for addition: gencerthash.py

Hello.

I wrote a python script for generating the certificate fingerprint hash client-side.

You can view it here: upstream/authoritative source, GitHub mirror

It:

Requires Python 3 and the pyOpenSSL module (at the very least/for now) (user-friendly information is printed if it does not find required modules etc.)
If an exported certificate file (.p12) is specified, it does not require Mumble to even be installed on the machine.
Supports *BSD, GNU/Linux, Windows, MacOS/OSX
Tries very hard to find the certificate Mumble uses - there shouldn't be a need to specify/use an exported certificate, but it is supported.
Supports password-protected certificates, even though Mumble currently does not. This is there as "future-proofing" should Mumble ever support this in the future.

It is useful for Murmur administrators that run a locked-down Murmur instance (such as myself) that refuse joining for unregistered users (ergo users cannot self-register). I'm still working on other tools that can use this fingerprint hash that do it The Right Way (Ice/GRPC for 1.3.x), but for now I've been simply just manually creating the user in the DB and restarting Murmur as needed.

mumble-voip / mumble-scripts Goto Github PK

mumble-scripts's Introduction

mumble-scripts

mumble-scripts's People

Contributors

Stargazers

Watchers

Forkers

mumble-scripts's Issues

Recommend Projects

Recommend Topics

Recommend Org