epam helper for Erlang / Elixir PAM authentication support
processone / epam Goto Github PK
View Code? Open in Web Editor NEWepam helper for Erlang / Elixir PAM authentication support
Home Page: http://ejabberd.im
License: Other
epam's Introduction
epam's People
Contributors
Stargazers
Watchers
Forkers
jabber-at jeffwelling bowlofeggs cloudxtreme kruegger boshra-pardaz badlop nosnilmot santosh653 isabella232 zinidepam's Issues
Erlang/OTP 23 support
Please see https://bugs.debian.org/961652
priv/bin/epam gets loaded from ejabberd rather than from the epam library
Hello!
A Fedora user reported that ejabberd would not start on Fedora Rawhide when PAM authentication was enabled. He received these log messages:
2016-05-18 23:40:47.128 [info] <0.38.0>@cyrsasl_digest:start:60 FQDN used to check DIGEST-MD5 SASL authentication: jenkins-dev.last-bastion.net
2016-05-18 23:40:47.154 [error] <0.392.0> Can't open file "/usr/lib64/erlang/lib/ejabberd/priv/bin/epam": enoent
2016-05-18 23:40:47.154 [error] <0.392.0> CRASH REPORT Process epam with 0 neighbours exited with reason: bad return value: error in gen_server:init_it/6 line 356
2016-05-18 23:40:47.154 [error] <0.391.0> Supervisor epam_sup had child epam started with epam:start_link() at undefined exit with reason bad return value: error in context start_error
2016-05-18 23:40:47.154 [error] <0.389.0> CRASH REPORT Process <0.389.0> with 0 neighbours exited with reason: {{shutdown,{failed_to_start_child,epam,{bad_return_value,error}}},{epam_app,start,[normal,[]]}} in application_master:init/4 line 134
2016-05-18 23:40:47.154 [critical] <0.38.0>@ejabberd:exit_or_halt:133 failed to start application 'p1_pam': {error,
{{shutdown,
{failed_to_start_child,epam,
{bad_return_value,error}}},
{epam_app,start,[normal,[]]}}}
2016-05-18 23:40:47.155 [info] <0.7.0> Application p1_pam exited with reason: {{shutdown,{failed_to_start_child,epam,{bad_return_value,error}}},{epam_app,start,[normal,[]]}}
In investigating this, I found that this is the code that locates the epam binary:
https://github.com/processone/epam/blob/1.0.0/src/epam.erl#L142-L153
For source installations this code is probably reasonable since the libraries get bundled into ejabberd, but for distribution installations it is common to separate epam into its own installation path separate of ejabberd. For example, Fedora installs epam like this:
$ tree -p /usr/lib64/erlang/lib/p1_pam-1.0.0
/usr/lib64/erlang/lib/p1_pam-1.0.0
├── [drwxr-xr-x] ebin
│ ├── [-rw-r--r--] epam_app.beam
│ ├── [-rw-r--r--] epam.beam
│ ├── [-rw-r--r--] epam_sup.beam
│ └── [-rw-r--r--] p1_pam.app
└── [drwxr-xr-x] priv
└── [drwxr-xr-x] bin
└── [-rwxr-xr-x] epam
3 directories, 5 files
To work around this issue, I've applied this patch in Fedora for now but I would like to develop a solution that will work for both source installations and Fedora so we don't have to carry a patch, and so that other distributions can benefit as well:
From 519551454c749f8c6ea1b1fd1fcbdc268cf6bb27 Mon Sep 17 00:00:00 2001
From: Randy Barlow <[email protected]>
Date: Sun, 22 May 2016 12:43:46 -0400
Subject: [PATCH] Load epam from the package's own path rather than ejabberd.
---
src/epam.erl | 15 +++++----------
1 file changed, 5 insertions(+), 10 deletions(-)
diff --git a/src/epam.erl b/src/epam.erl
index bdb331e..5919877 100644
--- a/src/epam.erl
+++ b/src/epam.erl
@@ -140,14 +140,9 @@ handle_cast(_Msg, State) -> {noreply, State}.
code_change(_OldVsn, State, _Extra) -> {ok, State}.
get_bin_path() ->
- case os:getenv("EJABBERD_BIN_PATH") of
- false ->
- case code:priv_dir(p1_pam) of
- {error, _} ->
- filename:join(["priv", "bin"]);
- Path ->
- filename:join([Path, "bin"])
- end;
- Path ->
- Path
+ case code:priv_dir(p1_pam) of
+ {error, _} ->
+ filename:join(["priv", "bin"]);
+ Path ->
+ filename:join([Path, "bin"])
end.
--
2.8.3
Configure failure
Configure fails with the latest HEAD:
$ ./configure
...
config.status: error: cannot find input file: `vars.config.in'
Also, it seems like the application was renamed, but old name is still found in the sources:
$ grep 'p1_pam' -rH .
./src/epam.erl: case code:priv_dir(p1_pam) of
Please provide the remote address to the pam stack
Specifically, please forward the remote address of the user trying to authenticate in the PAM_RHOST item to the pam stack (currently, PAM_SERVICE and PAM_USER are supplied) That would allow to thread users diffrently depending where they come from (e.g. two-factor auth in general, single factor from well-known places)
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.