Merge pull request #4044 from annando/ejabberd-lock

Prevent the running of multiple xmpp auth daemons at a time
This commit is contained in:
Hypolite Petovan 2017-12-09 14:04:13 -05:00 committed by GitHub
commit 33ccd501b9
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 435 additions and 353 deletions

View file

@ -19,6 +19,7 @@ Example: To set the directory value please add this line to your .htconfig.php:
## jabber ## ## jabber ##
* **debug** (Boolean) - Enable debug level for the jabber account synchronisation. * **debug** (Boolean) - Enable debug level for the jabber account synchronisation.
* **lockpath** - Must be writable by the ejabberd process. if set then it will prevent the running of multiple processes.
## system ## ## system ##

View file

@ -45,6 +45,7 @@ require_once 'include/dba.php';
class ExAuth class ExAuth
{ {
private $bDebug; private $bDebug;
private $host;
/** /**
* @brief Create the class * @brief Create the class
@ -133,6 +134,10 @@ class ExAuth
return; return;
} }
// We only allow one process per hostname. So we set a lock file
// Problem: We get the firstname after the first auth - not before
$this->setHost($aCommand[2]);
// Now we check if the given user is valid // Now we check if the given user is valid
$sUser = str_replace(array('%20', '(a)'), array(' ', '@'), $aCommand[1]); $sUser = str_replace(array('%20', '(a)'), array(' ', '@'), $aCommand[1]);
@ -209,6 +214,10 @@ class ExAuth
return; return;
} }
// We only allow one process per hostname. So we set a lock file
// Problem: We get the firstname after the first auth - not before
$this->setHost($aCommand[2]);
// We now check if the password match // We now check if the password match
$sUser = str_replace(array('%20', '(a)'), array(' ', '@'), $aCommand[1]); $sUser = str_replace(array('%20', '(a)'), array(' ', '@'), $aCommand[1]);
@ -260,7 +269,9 @@ class ExAuth
*/ */
private function checkCredentials($host, $user, $password, $ssl) private function checkCredentials($host, $user, $password, $ssl)
{ {
$url = ($ssl ? 'https' : 'http') . '://' . $host . '/api/account/verify_credentials.json'; $this->writeLog(LOG_INFO, 'external credential check for ' . $user . '@' . $host);
$url = ($ssl ? 'https' : 'http') . '://' . $host . '/api/account/verify_credentials.json?skip_status=true';
$ch = curl_init(); $ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_URL, $url);
@ -281,6 +292,40 @@ class ExAuth
return $http_code == 200; return $http_code == 200;
} }
/**
* @brief Set the hostname for this process
*
* @param string $host The hostname
*/
private function setHost($host)
{
if (!empty($this->host)) {
return;
}
$this->writeLog(LOG_INFO, 'Hostname for process ' . getmypid() . ' is ' . $host);
$this->host = $host;
$lockpath = Config::get('jabber', 'lockpath');
if (is_null($lockpath)) {
return;
}
$file = $lockpath . DIRECTORY_SEPARATOR . $host;
if (Pidfile::isRunningProcess($file)) {
if (PidFile::killProcess($file)) {
$this->writeLog(LOG_INFO, 'Old process was successfully killed');
} else {
$this->writeLog(LOG_ERR, "The old Process wasn't killed in time. We now quit our process.");
die();
}
}
// Now it is safe to create the pid file
Pidfile::create($file);
}
/** /**
* @brief write data to the syslog * @brief write data to the syslog
* *

View file

@ -9,64 +9,100 @@ namespace Friendica\Util;
*/ */
class Pidfile class Pidfile
{ {
private $file;
private $running;
/** /**
* @param string $dir path * @brief Read the pid from a given pid file
* @param string $name filename *
* @return void * @param string $file Filename of pid file
*
* @return boolean|string PID or "false" if not existent
*/ */
public function __construct($dir, $name) static private function pidFromFile($file) {
{ if (!file_exists($file)) {
$this->_file = "$dir/$name.pid"; return false;
if (file_exists($this->_file)) {
$pid = trim(@file_get_contents($this->file));
if (($pid != "") && posix_kill($pid, 0)) {
$this->running = true;
}
} }
if (! $this->running) { return trim(@file_get_contents($file));
$pid = getmypid();
file_put_contents($this->file, $pid);
}
} }
/** /**
* @return void * @brief Is there a running process with the given pid file
*
* @param string $file Filename of pid file
*
* @return boolean Is it running?
*/ */
public function __destruct() static public function isRunningProcess($file) {
{ $pid = self::pidFromFile($file);
if ((! $this->running) && file_exists($this->file)) {
@unlink($this->file); if (!$pid) {
return false;
} }
}
/** // Is the process running?
* @return boolean $running = posix_kill($pid, 0);
*/
public static function isRunning()
{
return self::$running;
}
/** // If not, then we will kill the stale file
* @return object if (!$running) {
*/ self::delete($file);
public static function runningTime()
{
return time() - @filectime(self::$file);
}
/**
* @return boolean
*/
public static function kill()
{
if (file_exists(self::$file)) {
return posix_kill(file_get_contents(self::$file), SIGTERM);
} }
return $running;
}
/**
* @brief Kills a process from a given pid file
*
* @param string $file Filename of pid file
*
* @return boolean Was it killed successfully?
*/
static public function killProcess($file) {
$pid = self::pidFromFile($file);
// We don't have a process id? then we quit
if (!$pid) {
return false;
}
// We now kill the process
$killed = posix_kill($pid, SIGTERM);
// If we killed the process successfully, we can remove the pidfile
if ($killed) {
self::delete($file);
}
return $killed;
}
/**
* @brief Creates a pid file
*
* @param string $file Filename of pid file
*
* @return boolean|string PID or "false" if not created
*/
static public function create($file) {
$pid = self::pidFromFile($file);
// We have a process id? then we quit
if ($pid) {
return false;
}
$pid = getmypid();
file_put_contents($file, $pid);
// Now we check if everything is okay
return self::pidFromFile($file);
}
/**
* @brief Deletes a given pid file
*
* @param string $file Filename of pid file
*
* @return boolean Is it running?
*/
static public function delete($file) {
return @unlink($file);
} }
} }