checking in all work done so far because what if my SSD dies?

mumble/.gitignore

@@ -1 +1,2 @@
 /docs
+/testcertimport.py

mumble/TODO

@@ -1,4 +1,8 @@
 -add lsChans()
 -lsACL? lsBans? edit these?
--find out some way to use the DBus/ICE/RPC interface instead? then we can get rid of the restart
--- NOTE: Arch murmur package currently disables ice at compile-time. https://bugs.archlinux.org/task/55958
+-find out some way to use the ICE/GRPC interface completely
+
+-i need to learn way more about GRPC:
+https://wiki.mumble.info/wiki/GRPC
+https://github.com/mumble-voip/mumble/issues/1196
+https://grpc.io/docs/tutorials/basic/python.html

mumble/grpctest.py

@@ -0,0 +1,7 @@
+#!/usr/bin/env python3
+
+import grpc
+from grpc.tools import protoc
+import tempfile
+
+conn = grpc.

mumble/sample.mumbleadmin.ini

@@ -1,5 +1,8 @@
-[ICE]
+[MURMUR]
+# This section controls some general settings.
 
+# The host of the Murmur server. This will be used to determine where to connect to
+# for interaction for whichever interface you choose.
 # Examples:
 #   fqdn.domain.tld
 #   127.0.0.1
@@ -7,6 +10,40 @@
 #   ::1
 host = localhost
 
+# The type of interface to use. Currently, only "ice" and "grpc" are supported.
+# "ice" is the default.
+connection = "ice"
+
+
+[GRPC]
+# The GRPC interface is intended to (potentially) replace the ICE and DBUS interfaces.
+# However, it's currently considered "experimental" - both upstream in Mumble/Murmur,
+# and in this project. It's faster and more secure than Ice, however, if you've
+# enabled TLS transport in your murmur.ini. It requires you to build murmur explicitly
+# with grpc support, however.
+
+# The port GRPC is running on.
+port = 50051
+
+# One of udp or tcp. You probably want to use tcp.
+proto = tcp
+
+# You probably will need to change this.
+# If you need a copy, you can get the most recent at:
+# https://github.com/mumble-voip/mumble/blob/master/src/murmur/MurmurRPC.proto
+# If you leave this empty ("proto = "), we will attempt to fetch the slice from the remote
+# instance ("MURMUR:host" above).
+spec = /usr/local/lib/optools/mumble/murmurRPC.proto
+
+# The maximum size for GRPC Messages (in KB)
+# You're probably fine with the default.
+max_size = 1024
+
+
+[ICE]
+# Ice is on its way out, but is currently the stable interface and most widely
+# supported across versions.
+
 # The port ICE is running on
 port = 6502
 
@@ -18,7 +55,7 @@ proto = tcp
 # https://github.com/mumble-voip/mumble/blob/master/src/murmur/Murmur.ice
 # If you leave this empty ("slice = "), we will attempt to fetch the slice from the remote
 # instance ("host" above).
-slice = /usr/local/lib/optools/mumble/murmur.ice
+spec = /usr/local/lib/optools/mumble/murmur.ice
 
 # The maximum size for ICE Messages (in KB)
 # You're probably fine with the default.
@@ -26,52 +63,12 @@ max_size = 1024
 
 
 [AUTH]
+# If both read and write are populated, write will be used preferentially.
 
 # The Ice secret for read-only operations.
-# Set to a blank string if you want to only make a write-only connection.
+# Can be a blank string if you specify a write connection (see below).
 read =
 
-# The Ice secret for write-only operations.
+# The Ice secret for read+write operations.
 # Set to a blank string if you want to only make a read-only connection.
 write =
-
-[TUNNEL]
-# NOTE: TO USE SSH TUNNELING, YOU MUST HAVE THE "sshtunnel" PYTHON MODULE INSTALLED.
-# If enabled, we will bind the remote port to the host and port given in the [ICE] section.
-# So you probably want to use localhost/127.0.0.1/::1 up there.
-
-# If this is enabled, we will try to initiate an SSH tunnel to the remote server,
-# and use the Ice interface through that. Probably only works with TCP Ice instances.
-# "enable" should be true or false. If blank, assume true. It's a VERY GOOD IDEA
-# to use this feature, as it greatly heightens the security.
-enable = true
-
-# The remote host to bind a port with. In most cases, this is going to be the host
-# that your Murmur instance is running on.
-host = your.murmur.server.tld
-
-# The remote user to auth as. If blank, use the current (local) username.
-user =
-
-# The port for SSH. In most cases, 22 is what you want. You can leave it blank,
-# we'll use the default in that case.
-port = 22
-
-# The authentication method. Currently supported methods are "key" and "passphrase".
-# Key is recommended (and the default). See:
-# https://sysadministrivia.com/news/hardening-ssh-security#auth_client
-# (and/or a multitude of other resources) on how to set up pubkey auth for SSH.
-auth = key
-
-# If "auth" is "password", enter the password here. If password auth is used
-# and no password is provided, you will be prompted to enter it.
-passphrase =
-
-# If "auth" is "key", enter the path to the *private* (not public) key here.
-# If none is provided, we'll use the default of ~/.ssh/id_rsa.
-# Note that if your key is password-protected, you should enable "key_passphrase".
-key = ~/.ssh/id_rsa
-
-# Should we (securely) prompt for a key_passphrase? This is REQUIRED if your key
-# is password-protected and you're using key authentication. Can be "true" or "false".
-key_passphrase = false

mumble/usrmgmt2.py

@@ -25,7 +25,9 @@ class IceMgr(object):
         if self.args['verbose']:
             import pprint
         self.getCfg()
-        self.connect()
+        if self.cfg['MURMUR']['connection'] == '':
+            self.cfg['MURMUR']['connection'] == 'ice'
+        self.connect(self.cfg['MURMUR']['connection'])
 
     def getCfg(self):
         _cfg = os.path.join(os.path.abspath(os.path.expanduser(self.args['cfgfile'])))
@@ -42,69 +44,13 @@ class IceMgr(object):
                 self.cfg[section][option] = _parser.get(section, option)
         return()
 
-    def sshTunnel(self):
-        try:
-            from sshtunnel import SSHTunnelForwarder,create_logger
-        except ImportError:
-            raise ImportError('You must install the sshtunnel Python module to use SSH tunneling!')
-        import time
-        _sshcfg = self.cfg['TUNNEL']
-        # Do some munging to make this easier to deal with.
-        if _sshcfg['user'] == '':
-            _sshcfg['user'] = getpass.getuser()
-        if _sshcfg['port'] == '':
-            _sshcfg['port'] = 22
-        else:
-            _sshcfg['port'] = int(_sshcfg['port'])
-        if _sshcfg['auth'].lower() == 'passphrase':
-            if _sshcfg['passphrase'] == '':
-                _sshcfg['passphrase'] = getpass.getpass(('What passphrase should ' +
-                                            'we use for {0}@{1}:{2}? (Will not ' +
-                                            'echo back.)\nPassphrase: ').format(
-                                                    _sshcfg['user'],
-                                                    _sshcfg['host'],
-                                                    _sshcfg['port'])).encode('utf-8')
-            else:
-                _sshcfg['passphrase'] = _sshcfg['passphrase'].encode('utf-8')
-            _sshcfg['key'] = None
-        else:
-            if _sshcfg['key'] == '':
-                _sshcfg['key'] = '~/.ssh/id_rsa'
-            _key = os.path.abspath(os.path.expanduser(_sshcfg['key']))
-            # We need to get the passphrase for the key, if it's set.
-            if _sshcfg['key_passphrase'].lower() == 'true':
-                _keypass = getpass.getpass(('What is the passphrase for {0}? ' +
-                                '(Will not be echoed back.)\nPassphrase: ').format(_key)).encode('utf-8')
-            else:
-                _keypass = None
-        # To pring debug info, just add "logger=create_logger(loglevel=1)" to the params.
-        self.ssh = SSHTunnelForwarder(_sshcfg['host'],
-                                      ssh_pkey = _key,
-                                      ssh_private_key_password = _keypass,
-                                      ssh_username = _sshcfg['user'],
-                                      ssh_port = _sshcfg['port'],
-                                      local_bind_address = ('127.0.0.1', ),
-                                      remote_bind_address = (self.cfg['ICE']['host'],
-                                                             int(self.cfg['ICE']['port'])),
-                                                             set_keepalive = 3.0)
-        self.ssh.start()
-        if self.args['verbose']:
-            print('Configured tunneling for {0}:{1}({2}:{3}) => {4}:{5}'.format(
-                                                    _sshcfg['host'],
-                                                    _sshcfg['port'],
-                                                    self.cfg['ICE']['host'],
-                                                    self.cfg['ICE']['port'],
-                                                    self.ssh.local_bind_address[0],
-                                                    self.ssh.local_bind_address[1]))
-        #self.cfg['ICE']['port'] = int(self.ssh.local_bind_ports[0])
-        self.cfg['ICE']['port'] = int(self.ssh.local_bind_port)
-        self.cfg['ICE']['host'] = self.ssh.local_bind_address[0]
-        time.sleep(3)
-        return()
-
-    def connect(self):
-        if self.cfg['TUNNEL']['enable'].lower() == 'true':
-            self.sshTunnel()
+    def connect(self, ctxtype):
+        ctxtype = ctxtype.strip().upper()
+        if ctxtype.lower() not in ('ice', 'grpc'):
+            raise ValueError('You have specified an invalid connection type.')
+        _cxcfg = self.cfg[ctxtype]
+        self.cfg[ctxtype]['spec'] = os.path.join(os.path.abspath(os.path.expanduser(self.cfg[ctxtype]['spec'])))
+        # ICE START
         _props = {'ImplicitContext': 'Shared',
                   'Default.EncodingVersion': '1.0',
                   'MessageSizeMax': str(self.cfg['ICE']['max_size'])}
@@ -155,7 +101,7 @@ class IceMgr(object):
             _slicefile.close()
             os.remove(_filepath)
         else:  # A .ice file was explicitly defined in the cfg
-            _slicedir.append(os.path.join(os.path.abspath(os.path.expanduser(self.cfg['ICE']['slice']))))
+            _slicedir.append(self.cfg[ctxtype]['spec'])
             Ice.loadSlice('', _slicedir)
         import Murmur
         self.conn = {}