Access Tokens Rejected When Disconnect and Reconnect to Server

[tohizma]

The issue

With right Access Tokens, when client disonnect and connect again, entering any password protected channel always denied, must open Access Tokens window and click OK and then enter the channel (in Mumble App for windows), and in Mumla must open Access Tokens menu and add another token entry to get working. Very annoying for non-technical clients

Mumble Windows Client version 1.4.287, tried on multiple PC
Mumla Android Client version 3.6.7 (Android 12 and 13), tried on multiple android device
Server Version: 1.6.287 (Official Docker Builds)

Maybe existing client's access tokens data not sent to server when connecting/entering channel?

Mumble version

1.6.287

Mumble component

Both

OS

Linux, Windows

Additional information

No response

[Hartmnt]

This sounds like a duplicate of #5907 which has been fixed on the master branch. Since that would be a server-side issue, updating the server to the latest master commit should fix this. Please report back, if that fixes the issue.

[tohizma]

I rebuild docker image with latest MUMBLE_VERSION tag, delete server sqlite db, clean run server (no existing/previous server config), create only 2 test channel. Problem still persist.

Here's my Dockerfile:

FROM debian:bookworm-slim as base

ENV TZ=Asia/Jakarta

ARG DEBIAN_FRONTEND=noninteractive
RUN apt-get update && apt-get install --no-install-recommends -y \
        nano htop \
        libcap2 \
        libzeroc-ice3.7 \
        '^libprotobuf[0-9]+$' \
        libavahi-compat-libdnssd1 \
        libqt5core5a \
        libqt5network5 \
        libqt5sql5 \
        libqt5sql5-mysql \
        libqt5sql5-psql \
        libqt5sql5-sqlite \
        libqt5xml5 \
        libqt5dbus5 \
        ca-certificates \
        # Workaround for systems like CentOS 7 which won't load libQt5Core.so as expected:
        # see also https://stackoverflow.com/a/68897099/
        binutils \
        && find /lib* /usr/lib* -name 'libQt5Core.so.*' -exec strip --remove-section=.note.ABI-tag {} \; \
        && apt-get -y purge binutils \
        # End of workaround
        && apt-get clean \
        && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* \
        && ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone




FROM base as build
ARG DEBIAN_FRONTEND=noninteractive

RUN apt-get update && apt-get install --no-install-recommends -y \
  git cmake build-essential ca-certificates pkg-config \
  libssl-dev \
  qtbase5-dev \
  qttools5-dev \
  qttools5-dev-tools \
  libboost-dev \
  libprotobuf-dev \
  protobuf-compiler \
  libprotoc-dev \
  libcap-dev \
  libxi-dev \
  libavahi-compat-libdnssd-dev \
  libzeroc-ice-dev \
  python3 \
  git \
  && apt-get clean \
  && rm -rf /var/lib/apt/lists/*

ADD ./scripts/* /mumble/scripts/
WORKDIR /mumble/repo

ARG MUMBLE_VERSION=latest
ARG MUMBLE_BUILD_NUMBER=""
ARG MUMBLE_CMAKE_ARGS=""

# Clone the repo, build it and finally copy the default server ini file. Since this file may be at different locations and Docker
# doesn't support conditional copies, we have to ensure that regardless of where the file is located in the repo, it will end
# up at a unique path in our build container to be copied further down.
RUN /mumble/scripts/clone.sh && /mumble/scripts/build.sh \
&& /mumble/scripts/copy_one_of.sh ./scripts/murmur.ini ./auxiliary_files/mumble-server.ini default_config.ini



FROM base

ARG MUMBLE_UID=1060
ARG MUMBLE_GID=1060

RUN groupadd --gid $MUMBLE_GID mumble && useradd --uid $MUMBLE_UID --gid $MUMBLE_GID mumble

COPY --from=build /mumble/repo/build/mumble-server /usr/bin/mumble-server
COPY --from=build /mumble/repo/default_config.ini /etc/mumble/bare_config.ini

RUN mkdir -p /data && chown -R mumble:mumble /data && chown -R mumble:mumble /etc/mumble \
&& mkdir -p /var/log/mumble && chown -R mumble:mumble /var/log/mumble

USER mumble

COPY entrypoint.sh /entrypoint.sh

#VOLUME ["/data","/var/log/mumble"]

EXPOSE 64738/tcp 64738/udp

ENTRYPOINT ["/entrypoint.sh"]
CMD ["/usr/bin/mumble-server", "-fg"]

Here's my docker run command:

docker run -d \
  --restart=always \
  --name mumble \
  --memory="64m" --memory-swap="128m" --memory-reservation="32m" \
  --cpus=".8" \
  -p 64738:64738 \
  -p 64738:64738/udp \
  -e "MUMBLE_CONFIG_DATABASE=/data/mumble-server.sqlite" \
  -e "MUMBLE_CONFIG_PORT=64738" \
  -e "MUMBLE_SUPERUSER_PASSWORD=<my-superuser-passswwd>" \
  -e "MUMBLE_CONFIG_SERVER_PASSWORD=<serverjoinpasswd>" \
  -e "MUMBLE_CONFIG_WELCOME_TEXT=<br />Hai... <br />Enjoy your stay!<br />" \
  -e "MUMBLE_CONFIG_LOG_FILE=/var/log/mumble/mumble.log" \
  -e "MUMBLE_CONFIG_LOG_DAYS=31" \
  -e "MUMBLE_CONFIG_BANDWIDTH=262144" \
  -e "MUMBLE_CONFIG_USERS=1000" \
  -e "MUMBLE_CONFIG_MESSAGE_BURST=10" \
  -e "MUMBLE_CONFIG_MESSAGE_LIMIT=5" \
  -e "MUMBLE_CONFIG_ALLOW_PING=true" \
  -e "MUMBLE_CONFIG_OPUS_THRESHOLD=0" \
  -e "MUMBLE_CONFIG_REGISTER_NAME=RUANG TAMU" \
  -e "MUMBLE_CONFIG_SEND_VERSION=true" \
  -e "MUMBLE_CONFIG_REMEMBER_CHANNEL=true" \
  -e "MUMBLE_CONFIG_REMEMBER_CHANNEL_DURATION=10800" \
  -v /data/app/mumble:/data \
  -v /log/mumble:/var/log/mumble \
  --log-driver=json-file \
  --log-opt mode=non-blocking \
  --log-opt max-size=50m \
  --log-opt max-file=10 \
  --log-opt max-buffer-size=4m \
  mymumble-build

[Krzmbrzl]

I rebuild docker image with latest MUMBLE_VERSION tag, delete server sqlite db, clean run server (no existing/previous server config), create only 2 test channel. Problem still persist.

What version number does this server report (under server information)?

[tohizma]

Protocol: 1.6.287
Release: 1.6.287

TLS: 1.3
Cipher: TLS_AES_256_GCM_SHA384
PFS: Yes

[Krzmbrzl]

Hm alright. In that case it seems like there is either another bug very similar to #5907 or another facet to this bug that has not yet been addressed 🤔

[Hartmnt]

Can reproduce. Only affects unregistered users

[Hartmnt]

@tohizma Thanks for reporting this. Without your bug report this thing could have gone undetected for decades 🥲

Anyway, would you be able to test the commit in #6339 and see, if that fixes the problem for you, too?