external auth module for ejabberd on windows

1
votes

How can I get ejabberd to run an external auth script on windows?

So far- I've modified the file

C:\Program Files\ejabberd-15.06\lib\ejabberd-15.06\priv\cfg\ejabberd.yml

to comment out the existing auth_method directive and instead added this:

auth_method: external
extauth_program: "D:\\DROPBOX\\Dropbox (Personal)\\EJABBERD\\auth\\ejabberd-auth.exe"

However, when I try to connect to the server- I see nothing in the logs indicating an attempt to run the script. I've even tried changing it to a non-existant file to see if that will log an error of some sort, but nothing.

All I get are "Accepted connection" type of logs.

In case it matters- upon start I do get several "unknown option" errors, including "ejabberd_config:validate_opts:752 unknown option 'auth_method' will be likely ignored" - however it seems this is a known, cosmetic-only error (see: https://github.com/processone/ejabberd/issues/630)

1
ejabberd
No idea what is your external-auth.exe file doing. Where do it come from ?Mickaël Rémond
So far it does nothing but print "Hello World"- so I'd expect an error in the log- or some record of an attempt to call it?davidkomer
Without real familiarity with ejabberd- it seems that the "unknown option 'auth_method'" error is not only cosmetic maybe?davidkomer
Error is cosmetic and will be fix in next package.Mickaël Rémond

1 Answers

0
votes

I do not use Windows, but, you should try playing with Erlang open_port command:

 open_port({spawn, "YOURCOMMAND"}, [{packet, 2}]).

Note that open_port Erlang documentation says:

For external programs, the PATH is searched (or an equivalent method is used to find programs, depending on operating system). This is done by invoking the shell on certain platforms. The first space separated token of the command will be considered as the name of the executable (or driver). This (among other things) makes this option unsuitable for running programs having spaces in file or directory names.

I see your path has spaces. That alone should indeed make it impossible to call your command.

That said, external_auth command has never been tested on Windows. You may need to patch ejabberd command to make that authentication through external process work. I would be surprised if it works as is.