Software /
code /
prosody-modules
Diff
mod_auth_external/mod_auth_external.lua @ 1154:61f95bf51b35
mod_auth_external: Switch to lpty, remove file-based fallback, improve error messages and handling. Should greatly increase compatibility with scripts.
author | Matthew Wild <mwild1@gmail.com> |
---|---|
date | Tue, 13 Aug 2013 18:56:50 +0100 |
parent | 1086:50ee38e95e75 |
child | 1155:40f7a8d152eb |
line wrap: on
line diff
--- a/mod_auth_external/mod_auth_external.lua Sun Aug 11 23:53:48 2013 +0200 +++ b/mod_auth_external/mod_auth_external.lua Tue Aug 13 18:56:50 2013 +0100 @@ -1,82 +1,46 @@ --- --- NOTE: currently this uses lpc; when waqas fixes process, it can go back to that -- -- Prosody IM -- Copyright (C) 2010 Waqas Hussain -- Copyright (C) 2010 Jeff Mitchell -- Copyright (C) 2013 Mikael Nordfeldth +-- Copyright (C) 2013 Matthew Wild, finally came to fix it all -- -- This project is MIT/X11 licensed. Please see the -- COPYING file in the source package for more information. -- +local lpty = assert(require "lpty", "mod_auth_external requires lpty: https://code.google.com/p/prosody-modules/wiki/mod_auth_external#Installation"); ---local process = require "process"; -local lpc; pcall(function() lpc = require "lpc"; end); - -local config = require "core.configmanager"; local log = module._log; local host = module.host; -local script_type = config.get(host, "core", "external_auth_protocol") or "generic"; -assert(script_type == "ejabberd" or script_type == "generic"); -local command = config.get(host, "core", "external_auth_command") or ""; -assert(type(command) == "string"); -assert(not host:find(":")); +local script_type = module:get_option_string("external_auth_protocol", "generic"); +assert(script_type == "ejabberd" or script_type == "generic", "Config error: external_auth_protocol must be 'ejabberd' or 'generic'"); +local command = module:get_option_string("external_auth_command", ""); +local read_timeout = module:get_option_number("external_auth_timeout", 5); +assert(not host:find(":"), "Invalid hostname"); local usermanager = require "core.usermanager"; local jid_bare = require "util.jid".bare; local new_sasl = require "util.sasl".new; -local function send_query(text) - local tmpname = os.tmpname(); - local p = io.popen(command.." > "..tmpname, "w"); -- dump result to file - p:write(text); -- push colon-separated args through pipe to above command - p:close(); - local tmpfile = io.open(tmpname, "r"); -- open file to read auth result - local result; - if script_type == "ejabberd" then - result = tmpfile:read(4); - elseif script_type == "generic" then - result = tmpfile:read(); - end - tmpfile:close(); - os.remove(tmpname); -- clean up after us - return result; -end +local pty = lpty.new({ throw_errors = false, no_local_echo = true, use_path = false }); -if lpc then - --local proc; - local pid; - local readfile; - local writefile; - - function send_query(text) - if pid and lpc.wait(pid,1) ~= nil then - log("debug","error, process died, force reopen"); - pid=nil; - end - if not pid then - log("debug", "Opening process " .. command); - -- proc = process.popen(command); - pid, writefile, readfile = lpc.run(command); - end - -- if not proc then - if not pid then - log("debug", "Process failed to open"); +function send_query(text) + if not pty:hasproc() then + local status, ret = pty:exitstatus(); + if status and (status ~= "exit" or ret ~= 0) then + log("warn", "Auth process exited unexpectedly with %s %d, restarting", status, ret or 0); return nil; end - -- proc:write(text); - -- proc:flush(); + local ok, err = pty:startproc(command); + if not ok then + log("error", "Failed to start auth process '%s': %s", command, err); + return nil; + end + log("debug", "Started auth process"); + end - writefile:write(text); - writefile:flush(); - if script_type == "ejabberd" then - -- return proc:read(4); -- FIXME do properly - return readfile:read(4); -- FIXME do properly - elseif script_type == "generic" then - -- return proc:read(1); - return readfile:read(); - end - end + pty:send(text); + return pty:read(read_timeout); end function do_query(kind, username, password) @@ -97,15 +61,19 @@ local response = send_query(query); if (script_type == "ejabberd" and response == "\0\2\0\0") or - (script_type == "generic" and response == "0") then + (script_type == "generic" and response:gsub("\r?\n$", "") == "0") then return nil, "not-authorized"; elseif (script_type == "ejabberd" and response == "\0\2\0\1") or - (script_type == "generic" and response == "1") then + (script_type == "generic" and response:gsub("\r?\n$", "") == "1") then return true; else - log("debug", "Nonsense back"); - --proc:close(); - --proc = nil; + if response then + log("warn", "Unable to interpret data from auth process, %d bytes beginning with: %s", #response, (response:sub(1,4):gsub(".", function (c) + return ("%02X "):format(c:byte()); + end))); + else + log("warn", "Error while waiting for result from auth process: %s", response or "unknown error"); + end return nil, "internal-server-error"; end end