#855 mod_auth_external error in bash script response read

Reporter Damien Fetis
Owner Nobody
Stars ★ (1)  
  • Status-New
  • Priority-Medium
  • Type-Defect
  1. Damien Fetis on

    On my system there is an issue regarding external bash script authentification response read. What steps will reproduce the problem? 1. Set authentification in VirtualHost configuration file to : authentication = "external" external_auth_protocol = "generic" external_auth_command = "prosody-auth-example.sh" 2. Restart prosody service 3. authenticate a user with "someone" What is the expected output? in /var/log/prosody/prosody.log : info Authenticated as someone@XXXXXX What do you see instead? sasl reply: <failure xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><not-authorized/><text>Unable to authorize you with the aut hentication credentials you&apos;ve sent.</text></failure> What version of the product are you using? On what operating system? Prosody : 0.9.1 OS : Ubuntu 14.04 LTS Please provide any additional information below. If we log the script response seen by mod_auth_external.lua, we can see the echo of lpty.send(text) for the first response of the script. And the next call return the first call response. There is a known issue with lpty no_local_echo not working as expected as described in lpty README (https://tset.de/lpty/README.html). My solution is to check manually if response is send echo or not : --- mod_auth_external (2).lua 2017-03-17 11:58:24.000000000 +0100 +++ mod_auth_external.lua 2017-03-17 14:23:52.000000000 +0100 @@ -67,14 +67,22 @@ end pty:send(text); + pty:flush("i"); if blocking then - return pty:read(read_timeout); + local response; + response = pty:read(read_timeout); + if response == text then + response = pty:read(read_timeout); + end + return response; else local response; local wait, done = waiter(); server.addevent(pty:getfd(), server.event.EV_READ, function () response = pty:read(); - done(); + if not response == text then + done(); + end return -1; end); wait(); @@ -99,6 +107,9 @@ end local response, err = send_query(query); + if response then log("debug", "Reponse %s", response ); end + + if not response then log("warn", "Error while waiting for result from auth process: %s", err or "unknown error"); elseif (script_type == "ejabberd" and response == "\0\2\0\0") or Best Regards, Damien

New comment