Age | Commit message (Collapse) | Author |
|
Default, not deault
|
|
The example murmur.ini file was missing a few options which were added
by this commit.
Fixes #5732
|
|
Previously the opusthreshold config option had a default value of 100
meaning that the first non-Opus client would cause everyone to fall back
to one of the legacy codecs.
Since Opus has been implemented for ages now and we eventually want to
get rid of the legacy codecs, this commit changes the default value of
this config option to be zero, meaning that the server will always
enforce the use of the Opus codec (regardless of what clients are
connected).
|
|
The gRPC implementation never left the experimental state and never
reached a properly stable state to the point where we would feel good
about enabling it by default. In addition to that, there has been no
further attempts at finding and fixing the encountered issues in the
implementation (except #3947 but that was discontinued).
As such we had an essentially unmaintained piece of code in our server
implementation that was known to be buggy and that nobody wanted to fix.
In addition to that the implementation itself could not be considered
very clean or elegant and therefore only represented a few smelly
corners in our code base.
For this reason, we decided to remove the gRPC support entirely from
Mumble (for now).
What we hope to gain by that is:
- Prevent people from building unstable server versions and then coming
to us complaining that it crashed/misbehaved
- Removing (essentially) dead code
- Reduce the RPC implementation complexity
That last piece is crucial: By removing gRPC support we reduce the
amount of supported RPC frameworks to only one (ignoring DBus for now).
Our future plans include a refactoring of how RPC is being handled and
implemented and only having to worry about maintaining compatibility
with one RPC system is much easier than having to worry about two (with
(slightly) different APIs).
Once the RPC implementation has been rewritten, more RPC backends may be
reintroduced and in that process we might investigate adding a proper
gRPC implementation to the code (that then hopefully is more stable than
the current one).
Fixes #4567
Fixes #4197
Fixes #3496
Fixes #3429
Fixes #3265
|
|
This commit adds a new server-configuration that can be used in the
murmur.ini file. It can be used to forbid anyone on the server from
using Mumble's built-in recording functionality.
Any client trying to start a recording nonetheless, will be kicked from
the server.
From Mumble 1.5.0 clients will know about this configuration and will
disable the recording action in the UI, if recording is not allowed on
the server.
|
|
Closes https://github.com/mumble-voip/mumble/issues/3895
|
|
This allows specifying welcometextfile in murmur.ini. If no welcometext
is set in the ini-file, the welcome text is loaded from the file.
Fixes #3723
|
|
This allows specifying welcometextfile in murmur.ini. If no welcometext
is set in the ini-file, the welcome text is loaded from the file.
Fixes #3723
|
|
This option allows to set a threshold on how long a user's channel
should be remembered. This is useful for scenarios where users usually
don't want their channel to be remembered by the server unless they had
a disconnect (aka have ot re-connect after a short period of time).
Implements #4143
|
|
The idea here is that sometimes you really do have a lot of folks connecting from a single IP,
and if those connections are successful you don't want to ban any of them.
However, in cases where the server needs to guard against malicious users attempting a DDOS
by reconnecting their valid user account over and over, we need to be able to configure the
server to still ban those successful attempts.
|
|
|
|
|
|
This adds client authentication using TLS certificates when it is
enabled in gRPC. This just the basic feature right now. You either have
access or you do not.
Access is granted by putting the certificate digests of the authorized
users into the murmur.ini file.
|
|
This adds messagelimit and messageburst to the configuration file murmur.ini as
well as the ability to set these live.
Though adjusting these live is entirely possible, they only take effect for new connections.
|
|
Having to many channels on a server can impact performance to the point
of making the instance unusably slow. This can be a problem for hosters
that allow their users unlimited channel creation.
This patch introduces a new per-server configuration parameter
channelcountlimit which can be used to configure a maximum number of
channels that may be created on each of the virtual servers. Once the
limit is reached channel creation will be rejected with permission
denied.
To allow a translated error message we have to bump the client version
to 1.3.1 to be able to use a fallback message for older clients.
As usual dbus, ice and grpc can ignore this limit. It is only enforced
against clients.
|
|
|
|
grPC -> gRPC
|
|
Let's merge the two, and note in the .ini that
not all builds contain gRPC support.
|
|
Removed useless whitespaces...
|
|
Using SQLite's WAL (write-ahead log) can create less disk I/O while
still providing good consistency and durability.
This change uses SQLite's WAL with synchronous=NORMAL which can
cause loss of transactions on power failure. Only the transactions
which haven't been synced to the disk by the OS are lost. The
database itself will still be in a consistent state, but it might
not have all recent changes.
|
|
fixes #1814
|
|
Clients do not show welcome text's that are empty.
|
|
parmeters.
This change allows server admins to specify Diffie-Hellman
parameters for Murmur to use. This is done using the sslDHParams
option in the config file. Diffie-Hellman parameters can also be
set on a per-server basis using the sslDHParams option.
Note: the functionality implemented in this change requires the
QSslDiffieHellmanParameters class in Qt, which has not yet landed
upstream in the Qt 5 'dev' branch. This means that the functionality
discussed in this change will, for now, only work in binaries provided
by the Mumble project, or binaries that are built using our build
environments, and not binaries that link against any released versions
of Qt at present.
This change modifies the default TLS cipher suite string to add
EDH+aRSA+AESGCM, DHE-RSA-AES256-SHA and DHE-RSA-AES128-SHA.
This yields the following ciphers, in TLS/RFC notation:
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
This change also allows Murmur servers to provide forward secrecy
to older clients, such as our own pre-built binaries before 1.2.9.
It also provides forward secrecy for users that use Mumble 1.2.x
versions on Linux distros, and other Unix-like systems. This is
because Mumble 1.2.x on Unix-like systems builds against Qt 4, which
limits the connection to TLS 1.0.
Before this change, Murmur was not able to negotiate an ephemeral
Diffie-Hellman key exchange for those clients. This is now possible.
|
|
Lines starting with a hash are not considered to be comments!!
The QSettings() class has no formal support for comments. In fact,
there's no mention of comments at all in the class documentation:
http://doc.qt.io/qt-5/qsettings.html
There is some limited support for comments by denoting a line with a
semicolon. You can confirm this via the associated source code:
https://github.com/qtproject/qtbase/blob/5.6/src/corelib/io/qsettings.cpp
However, if saving the file via the Qt interfaces, comments will
generally be stripped out. This isn't to my knowledge a problem for
Murmur as there's no case where the server itself will update its
configuration and save the changes back to its INI file automatically.
The existing sample INI file prior to this commit only ever worked as
there's an even number of unescaped special characters in the header!
|
|
|
|
|
|
Murmur's advertised TLS cipher suites.
This commit adds the 'sslCiphers' option to Murmur.
The 'sslCiphers' option is used to configure the list of advertised
TLS cipher suites. The option lives on Meta, so it is a server-wide
configuration, and cannot be configured on a per-virtual-server basis.
The 'sslCiphers' option uses the OpenSSL's cipher list format to
describe the cipher suite selection. For more information on this
format, see:
https://www.openssl.org/docs/apps/ciahers.html#CIPHER-LIST-FORMAT
|
|
|
|
* Adjusted to coding guidelines
* Pulled out PBKDF2 functionality into own class
* Make benchmark a best of N approach with guaranteed minimum
* Fixed broken database migration code. Don't try to alter
tables and instead rely on them being re-created with the
new fields.
* Fixed some typos in ini. Also move to the setting to the
end so ppl. don't get the idea they have to change this.
* Chose a scarier name for the plain hash function
* Use int instead of size_t for iteration counts as it is
the datatype used in the OpenSSL API. Otherwise we just
have to much pain with constantly converting and might
expose ourselves to size issues in the future.
* Moved new UserInfo enum entry to the end as to preserve
the order
|
|
|
|
Fixes #1083
|
|
* Consistently refer to Mumrur as 'Murmur'.
* Consistently end comments with a period.
* Update the comments for logfile and pidfile
to reflect what actually happens in practice.
|
|
|
|
|
|
* Mention that values in there might be overridden with virtual server specific values
* Mention rules on value formating (no commas without quoting, escaping \ and so on)
|
|
Add NestingLimitException to Ice Interface and introduce a new NestingLimit PermissionDenied type.
Addresses #3566322 "ServerDB::deleteServer crashes master"
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|