xcauth.py is not killed when prosody shuts down. There is an upstream fix of mod_auth_external which resolves the problem. I backported it along with other recent cosmetic changes.
diff --git a/prosody-modules/mod_auth_external.lua b/prosody-modules/mod_auth_external.lua
index dfcd9a8..9ed9fcc 100644
--- a/prosody-modules/mod_auth_external.lua
+++ b/prosody-modules/mod_auth_external.lua
@@ -34,7 +34,8 @@ else
log("info", "External auth with pty command %s", command);
pty_options = { throw_errors = false, no_local_echo = true, use_path = false };
end
-assert(script_type == "ejabberd" or script_type == "generic", "Config error: external_auth_protocol must be 'ejabberd' or 'generic'");
+assert(script_type == "ejabberd" or script_type == "generic",
+ "Config error: external_auth_protocol must be 'ejabberd' or 'generic'");
assert(not host:find(":"), "Invalid hostname");
@@ -52,6 +53,14 @@ for i = 1, auth_processes do
ptys[i] = lpty.new(pty_options);
end
+function module.unload()
+ for i = 1, auth_processes do
+ ptys[i]:endproc();
+ end
+end
+
+module:hook_global("server-cleanup", module.unload);
+
local curr_process = 0;
function send_query(text)
curr_process = (curr_process%auth_processes)+1;
@@ -126,12 +135,12 @@ function do_query(kind, username, password)
(script_type == "generic" and response:gsub("\r?\n$", "") == "1") then
return true;
else
- log("warn", "Unable to interpret data from auth process, %s", (response:match("^error:") and response) or ("["..#response.." bytes]"));
+ log("warn", "Unable to interpret data from auth process, %s",
+ (response:match("^error:") and response) or ("["..#response.." bytes]"));
return nil, "internal-server-error";
end
end
-local host = module.host;
local provider = {};
function provider.test_password(username, password)
@@ -146,7 +155,9 @@ function provider.user_exists(username)
return do_query("isuser", username);
end
-function provider.create_user(username, password) return nil, "Account creation/modification not available."; end
+function provider.create_user(username, password) -- luacheck: ignore 212
+ return nil, "Account creation/modification not available.";
+end
function provider.get_sasl_handler()
local testpass_authentication_profile = {
root@nc:/opt/prosody-modules/mod_auth_external# hg log . -r 2827:2834
changeset: 2827:45380b77303d
user: Kim Alvefur <zash@zash.se>
date: Sat Nov 18 00:34:47 2017 +0100
summary: mod_auth_external: Split long lines [luacheck]
changeset: 2828:3ba36b66f297
user: Kim Alvefur <zash@zash.se>
date: Sat Nov 18 00:35:36 2017 +0100
summary: mod_auth_external: Remove duplicated local variable [luacheck]
changeset: 2829:8082bfc10e65
user: Kim Alvefur <zash@zash.se>
date: Sat Nov 18 00:36:22 2017 +0100
summary: mod_auth_external: Silence warnings about unused arguments [luacheck]
changeset: 2830:92f6f82397c9
user: Kim Alvefur <zash@zash.se>
date: Sat Nov 18 00:37:42 2017 +0100
summary: mod_auth_external: Shut down all auth processes when module is unloaded (fixes #674) (thanks ZNikke)
changeset: 2834:3fb5f173f213
user: Kim Alvefur <zash@zash.se>
date: Sat Nov 18 01:01:59 2017 +0100
summary: mod_auth_external: Make sure processes are killed when Prosody shuts down
xcauth.py is not killed when prosody shuts down. There is an upstream fix of mod_auth_external which resolves the problem. I backported it along with other recent cosmetic changes.