25
1
mirror of https://github.com/processone/ejabberd.git synced 2024-12-26 17:38:45 +01:00

* src/ejabberd_sm.erl: An option to limit the number of opened sessions

for a given user have been added. As a default, a given user can only
log in 10 times with different resources. After that, new connections
replace the older ones.
* src/ejabberd.cfg.example: Likewise.
* doc/guide.tex: Likewise.

SVN Revision: 567
This commit is contained in:
Mickaël Rémond 2006-05-21 16:34:32 +00:00
parent 21b912a375
commit 043c2ccf51
5 changed files with 139 additions and 156 deletions

View File

@ -1,3 +1,12 @@
2006-05-21 Mickael Remond <mickael.remond@process-one.net>
* src/ejabberd_sm.erl: An option to limit the number of opened sessions
for a given user have been added. As a default, a given user can only
log in 10 times with different resources. After that, new connections
replace the older ones.
* src/ejabberd.cfg.example: Likewise.
* doc/guide.tex: Likewise.
2006-05-15 Mickael Remond <mickael.remond@process-one.net>
* src/web/ejabberd_http_poll.erl: Timeout disconnection were not

View File

@ -55,105 +55,6 @@ BLOCKQUOTE{margin-left:4ex;margin-right:4ex;text-align:left;}
<H2 CLASS="section">Contents</H2><!--SEC END -->
<UL CLASS="toc"><LI CLASS="li-toc">
<A HREF="#htoc1">1&nbsp;&nbsp;Introduction</A>
<UL CLASS="toc"><LI CLASS="li-toc">
<A HREF="#htoc2">1.1&nbsp;&nbsp;Key Features</A>
<LI CLASS="li-toc"><A HREF="#htoc3">1.2&nbsp;&nbsp;Additional Features</A>
</UL>
<LI CLASS="li-toc"><A HREF="#htoc4">2&nbsp;&nbsp;Installation from Source</A>
<UL CLASS="toc"><LI CLASS="li-toc">
<A HREF="#htoc5">2.1&nbsp;&nbsp;Installation Requirements</A>
<UL CLASS="toc"><LI CLASS="li-toc">
<A HREF="#htoc6">2.1.1&nbsp;&nbsp;&#8220;Unix-like&#8221; operating systems</A>
<LI CLASS="li-toc"><A HREF="#htoc7">2.1.2&nbsp;&nbsp;Windows</A>
</UL>
<LI CLASS="li-toc"><A HREF="#htoc8">2.2&nbsp;&nbsp;Obtaining <TT>ejabberd</TT></A>
<LI CLASS="li-toc"><A HREF="#htoc9">2.3&nbsp;&nbsp;Compilation</A>
<UL CLASS="toc"><LI CLASS="li-toc">
<A HREF="#htoc10">2.3.1&nbsp;&nbsp;&#8220;Unix-like&#8221; operating systems</A>
<LI CLASS="li-toc"><A HREF="#htoc11">2.3.2&nbsp;&nbsp;Windows</A>
</UL>
<LI CLASS="li-toc"><A HREF="#htoc12">2.4&nbsp;&nbsp;Starting</A>
</UL>
<LI CLASS="li-toc"><A HREF="#htoc13">3&nbsp;&nbsp;Configuration</A>
<UL CLASS="toc"><LI CLASS="li-toc">
<A HREF="#htoc14">3.1&nbsp;&nbsp;Initial Configuration</A>
<UL CLASS="toc"><LI CLASS="li-toc">
<A HREF="#htoc15">3.1.1&nbsp;&nbsp;Host Names</A>
<LI CLASS="li-toc"><A HREF="#htoc16">3.1.2&nbsp;&nbsp;Default Language</A>
<LI CLASS="li-toc"><A HREF="#htoc17">3.1.3&nbsp;&nbsp;Access Rules</A>
<LI CLASS="li-toc"><A HREF="#htoc18">3.1.4&nbsp;&nbsp;Shapers</A>
<LI CLASS="li-toc"><A HREF="#htoc19">3.1.5&nbsp;&nbsp;Listened Sockets</A>
<LI CLASS="li-toc"><A HREF="#htoc20">3.1.6&nbsp;&nbsp;Modules</A>
<LI CLASS="li-toc"><A HREF="#htoc21">3.1.7&nbsp;&nbsp;Virtual Hosting</A>
<LI CLASS="li-toc"><A HREF="#htoc22">3.1.8&nbsp;&nbsp;SASL anonymous and anonymous login</A>
</UL>
<LI CLASS="li-toc"><A HREF="#htoc23">3.2&nbsp;&nbsp;Relational Database Support</A>
<UL CLASS="toc"><LI CLASS="li-toc">
<A HREF="#htoc24">3.2.1&nbsp;&nbsp;Authentication against a relational database</A>
<LI CLASS="li-toc"><A HREF="#htoc25">3.2.2&nbsp;&nbsp;Relational database for other modules</A>
</UL>
<LI CLASS="li-toc"><A HREF="#htoc26">3.3&nbsp;&nbsp;Creating an Initial Administrator</A>
<LI CLASS="li-toc"><A HREF="#htoc27">3.4&nbsp;&nbsp;Online Configuration and Monitoring</A>
<UL CLASS="toc"><LI CLASS="li-toc">
<A HREF="#htoc28">3.4.1&nbsp;&nbsp;Web Interface</A>
<LI CLASS="li-toc"><A HREF="#htoc29">3.4.2&nbsp;&nbsp;<TT>ejabberdctl</TT></A>
</UL>
</UL>
<LI CLASS="li-toc"><A HREF="#htoc30">4&nbsp;&nbsp;Firewall Settings</A>
<LI CLASS="li-toc"><A HREF="#htoc31">5&nbsp;&nbsp;SRV Records</A>
<LI CLASS="li-toc"><A HREF="#htoc32">6&nbsp;&nbsp;Clustering</A>
<UL CLASS="toc"><LI CLASS="li-toc">
<A HREF="#htoc33">6.1&nbsp;&nbsp;How it Works</A>
<UL CLASS="toc"><LI CLASS="li-toc">
<A HREF="#htoc34">6.1.1&nbsp;&nbsp;Router</A>
<LI CLASS="li-toc"><A HREF="#htoc35">6.1.2&nbsp;&nbsp;Local Router</A>
<LI CLASS="li-toc"><A HREF="#htoc36">6.1.3&nbsp;&nbsp;Session Manager</A>
<LI CLASS="li-toc"><A HREF="#htoc37">6.1.4&nbsp;&nbsp;s2s Manager</A>
</UL>
<LI CLASS="li-toc"><A HREF="#htoc38">6.2&nbsp;&nbsp;Clustering Setup</A>
</UL>
<LI CLASS="li-toc"><A HREF="#htoc39">A&nbsp;&nbsp;Built-in Modules</A>
<UL CLASS="toc"><LI CLASS="li-toc">
<A HREF="#htoc40">A.1&nbsp;&nbsp;Overview</A>
<LI CLASS="li-toc"><A HREF="#htoc41">A.2&nbsp;&nbsp;Common Options</A>
<UL CLASS="toc"><LI CLASS="li-toc">
<A HREF="#htoc42">A.2.1&nbsp;&nbsp;<TT>iqdisc</TT></A>
<LI CLASS="li-toc"><A HREF="#htoc43">A.2.2&nbsp;&nbsp;<TT>hosts</TT></A>
</UL>
<LI CLASS="li-toc"><A HREF="#htoc44">A.3&nbsp;&nbsp;<TT>mod_announce</TT></A>
<LI CLASS="li-toc"><A HREF="#htoc45">A.4&nbsp;&nbsp;<TT>mod_disco</TT></A>
<LI CLASS="li-toc"><A HREF="#htoc46">A.5&nbsp;&nbsp;<TT>mod_echo</TT></A>
<LI CLASS="li-toc"><A HREF="#htoc47">A.6&nbsp;&nbsp;<TT>mod_irc</TT></A>
<LI CLASS="li-toc"><A HREF="#htoc48">A.7&nbsp;&nbsp;<TT>mod_last</TT></A>
<LI CLASS="li-toc"><A HREF="#htoc49">A.8&nbsp;&nbsp;<TT>mod_muc</TT></A>
<LI CLASS="li-toc"><A HREF="#htoc50">A.9&nbsp;&nbsp;<TT>mod_muc_log</TT></A>
<LI CLASS="li-toc"><A HREF="#htoc51">A.10&nbsp;&nbsp;<TT>mod_offline</TT></A>
<LI CLASS="li-toc"><A HREF="#htoc52">A.11&nbsp;&nbsp;<TT>mod_privacy</TT></A>
<LI CLASS="li-toc"><A HREF="#htoc53">A.12&nbsp;&nbsp;<TT>mod_private</TT></A>
<LI CLASS="li-toc"><A HREF="#htoc54">A.13&nbsp;&nbsp;<TT>mod_pubsub</TT></A>
<LI CLASS="li-toc"><A HREF="#htoc55">A.14&nbsp;&nbsp;<TT>mod_register</TT></A>
<LI CLASS="li-toc"><A HREF="#htoc56">A.15&nbsp;&nbsp;<TT>mod_roster</TT></A>
<LI CLASS="li-toc"><A HREF="#htoc57">A.16&nbsp;&nbsp;<TT>mod_service_log</TT></A>
<LI CLASS="li-toc"><A HREF="#htoc58">A.17&nbsp;&nbsp;<TT>mod_shared_roster</TT></A>
<LI CLASS="li-toc"><A HREF="#htoc59">A.18&nbsp;&nbsp;<TT>mod_stats</TT></A>
<LI CLASS="li-toc"><A HREF="#htoc60">A.19&nbsp;&nbsp;<TT>mod_time</TT></A>
<LI CLASS="li-toc"><A HREF="#htoc61">A.20&nbsp;&nbsp;<TT>mod_vcard</TT></A>
<LI CLASS="li-toc"><A HREF="#htoc62">A.21&nbsp;&nbsp;<TT>mod_version</TT></A>
</UL>
<LI CLASS="li-toc"><A HREF="#htoc63">B&nbsp;&nbsp;Internationalization and Localization</A>
<LI CLASS="li-toc"><A HREF="#htoc64">C&nbsp;&nbsp;Release Notes</A>
<UL CLASS="toc"><LI CLASS="li-toc">
<A HREF="#htoc65">C.1&nbsp;&nbsp;ejabberd 0.9</A>
<LI CLASS="li-toc"><A HREF="#htoc66">C.2&nbsp;&nbsp;ejabberd 0.9.1</A>
<LI CLASS="li-toc"><A HREF="#htoc67">C.3&nbsp;&nbsp;ejabberd 0.9.8</A>
<LI CLASS="li-toc"><A HREF="#htoc68">C.4&nbsp;&nbsp;ejabberd 1.0.0</A>
<LI CLASS="li-toc"><A HREF="#htoc69">C.5&nbsp;&nbsp;ejabberd 1.1.0</A>
<LI CLASS="li-toc"><A HREF="#htoc70">C.6&nbsp;&nbsp;ejabberd 1.1.1</A>
</UL>
<LI CLASS="li-toc"><A HREF="#htoc71">D&nbsp;&nbsp;Acknowledgements</A>
</UL>
<!--TOC section Introduction-->
@ -631,9 +532,9 @@ Currently next modules are implemented:
<TR><TD VALIGN=top ALIGN=left NOWRAP>&nbsp;</TD>
<TD VALIGN=top ALIGN=left NOWRAP>Options</TD>
<TD VALIGN=top ALIGN=left><TT>access</TT>, <TT>certfile</TT>, <TT>inet6</TT>,
<TT>ip</TT>, <TT>max_stanza_size</TT>, <TT>shaper</TT>, <TT>ssl</TT>,
<TT>tls</TT>, <TT>starttls</TT>, <TT>starttls_required</TT>,
<TT>zlib</TT></TD>
<TT>ip</TT>, <TT>max_stanza_size</TT>, <TT>max_user_sessions</TT>,
<TT>shaper</TT>, <TT>ssl</TT>, <TT>tls</TT>, <TT>starttls</TT>,
<TT>starttls_required</TT>, <TT>zlib</TT></TD>
</TR>
<TR><TD VALIGN=top ALIGN=left NOWRAP><TT>ejabberd_s2s_in</TT></TD>
<TD VALIGN=top ALIGN=left NOWRAP>Description</TD>
@ -694,9 +595,19 @@ If HTTP Polling is enabled, it will be available at
<DT CLASS="dt-description"><B><TT>{max_stanza_size, Size}</TT></B><DD CLASS="dd-description"> This
option specifies an approximate maximal size in bytes of XML stanzas.
For example <CODE>{max\_stanza\_size, 65536}</CODE>. The default value
is &#8220;<TT>infinity</TT>&#8221;.
<DT CLASS="dt-description"><B><TT>{shaper, &lt;access rule&gt;}</TT></B><DD CLASS="dd-description"> This option defines a
shaper for the port (see section&nbsp;<A HREF="#sec:configshaper">3.1.4</A>). The default value
is &#8220;<TT>infinity</TT>&#8221;.<BR>
<BR>
<DT CLASS="dt-description"><B><TT>{max_user_sessions, Max}</TT></B><DD CLASS="dd-description"> This
option specifies the maximum number of sessions (authenticated
connections) per user. If a user tries to open more than the maximum
number of allowed sessions, with different resources, the first opened
session will be disconnected. The error &#8220;<TT>session replaced</TT>&#8221; is
send to the disconnected session. This value is either a number or
<TT>infinity</TT>. For example <CODE>{max\_user\_sessions, 10}</CODE>. The
default value is <TT>10</TT>.<BR>
<BR>
<DT CLASS="dt-description"><B><TT>{shaper, &lt;access rule&gt;}</TT></B><DD CLASS="dd-description"> This option defines a
shaper for the port (see section&nbsp;<A HREF="#sec:configshaper">??</A>). The default value
is &#8220;<TT>none</TT>&#8221;.
<DT CLASS="dt-description"><B><TT>ssl</TT></B><DD CLASS="dd-description"> This option specifies that traffic on
the port will be encrypted using SSL. You should also set the
@ -741,7 +652,7 @@ c2s connections are listened for on port 5222 and 5223 (SSL) and denied
traffic enabled.
<LI CLASS="li-itemize">Port 5280 is serving the web interface and the HTTP Polling service. Note
that it is also possible to serve them on different ports. The second
example in section&nbsp;<A HREF="#sec:webadm">3.4.1</A> shows how exactly this can be done.
example in section&nbsp;<A HREF="#sec:webadm">??</A> shows how exactly this can be done.
<LI CLASS="li-itemize">All users except for the administrators have a traffic of limit
1,000&nbsp;Bytes/second
<LI CLASS="li-itemize">The
@ -836,7 +747,7 @@ services you have to make the transports log and do XDB by themselves:
The option <TT>modules</TT> defines the list of modules that will be loaded after
<TT>ejabberd</TT>'s startup. Each entry in the list is a tuple in which the first
element is the name of a module and the second is a list of options for that
module. Read section&nbsp;<A HREF="#sec:modules">A</A> for detailed information about modules.<BR>
module. Read section&nbsp;<A HREF="#sec:modules">??</A> for detailed information about modules.<BR>
<BR>
Examples:
<UL CLASS="itemize"><LI CLASS="li-itemize">
@ -922,7 +833,7 @@ very special cases. It defaults to false.<BR>
enabled.
</UL>
Those options are defined for each virtual host with the <TT>host_config</TT>
parameter (see section&nbsp;<A HREF="#sec:configvirtualhost">3.1.7</A>).<BR>
parameter (see section&nbsp;<A HREF="#sec:configvirtualhost">??</A>).<BR>
<BR>
Examples:
<UL CLASS="itemize"><LI CLASS="li-itemize">
@ -1043,10 +954,10 @@ Register an account on your <TT>ejabberd</TT> deployment. An account can be
created in two ways:
<OL CLASS="enumerate" type=a><LI CLASS="li-enumerate">
Using the tool <TT>ejabberdctl</TT> (see
section&nbsp;<A HREF="#sec:ejabberdctl">3.4.2</A>):
section&nbsp;<A HREF="#sec:ejabberdctl">??</A>):
<PRE CLASS="verbatim">
% ejabberdctl node@host register admin example.org password
</PRE><LI CLASS="li-enumerate">Using In-Band Registration (see section&nbsp;<A HREF="#sec:modregister">A.14</A>): you can
</PRE><LI CLASS="li-enumerate">Using In-Band Registration (see section&nbsp;<A HREF="#sec:modregister">??</A>): you can
use a Jabber client to register an account.
</OL>
<LI CLASS="li-enumerate">Edit the configuration file to promote the account created in the previous
@ -1074,11 +985,11 @@ Register an account on your <TT>ejabberd</TT> deployment. An account can be
To perform online configuration of <TT>ejabberd</TT> you need to enable the
<TT>ejabberd_http</TT> listener with the option <TT>web_admin</TT> (see
section&nbsp;<A HREF="#sec:configlistened">3.1.5</A>). Then you can open
section&nbsp;<A HREF="#sec:configlistened">??</A>). Then you can open
<CODE>http://server:port/admin/</CODE> in your favourite web browser. You
will be asked to enter the username (the <EM>full</EM> Jabber ID) and password
of an <TT>ejabberd</TT> user with administrator rights. After authentication
you will see a page similar to figure&nbsp;<A HREF="#fig:webadmmain">1</A>.
you will see a page similar to figure&nbsp;<A HREF="#fig:webadmmain">??</A>.
<BLOCKQUOTE CLASS="figure"><DIV CLASS="center"><DIV CLASS="center"><HR WIDTH="80%" SIZE=2></DIV>
<IMG SRC="webadmmain.png">
@ -1208,11 +1119,11 @@ You need to take the following TCP ports in mind when configuring your firewall:
<TD ALIGN=left NOWRAP>s2s connections.</TD>
</TR>
<TR><TD ALIGN=left NOWRAP>4369</TD>
<TD ALIGN=left NOWRAP>Only for clustering (see&nbsp;<A HREF="#sec:clustering">6</A>).</TD>
<TD ALIGN=left NOWRAP>Only for clustering (see&nbsp;<A HREF="#sec:clustering">??</A>).</TD>
</TR>
<TR><TD ALIGN=left NOWRAP>port range</TD>
<TD ALIGN=left NOWRAP>Only for clustring (see&nbsp;<A HREF="#sec:clustering">6</A>). This range
is configurable (see&nbsp;<A HREF="#sec:starting">2.4</A>).</TD>
<TD ALIGN=left NOWRAP>Only for clustring (see&nbsp;<A HREF="#sec:clustering">??</A>). This range
is configurable (see&nbsp;<A HREF="#sec:starting">??</A>).</TD>
</TR></TABLE>
<DIV CLASS="center"><HR WIDTH="80%" SIZE=2></DIV></DIV></BLOCKQUOTE>
<!--TOC section SRV Records-->
@ -1686,7 +1597,7 @@ hosts:
to several resources, only the resource with the highest priority will receive
the message. If the registered user is not connected, the message will be
stored offline in assumption that offline storage
(see section&nbsp;<A HREF="#sec:modoffline">A.10</A>) is enabled.
(see section&nbsp;<A HREF="#sec:modoffline">??</A>) is enabled.
<DT CLASS="dt-description"><B><TT>example.org/announce/online (example.org/announce/all-hosts/online)</TT></B><DD CLASS="dd-description">The
message is sent to all connected users. If the user is online and connected
to several resources, all resources will receive the message.
@ -1753,7 +1664,7 @@ Options:
<B><TT>iqdisc</TT></B><DD CLASS="dd-description"> This specifies
the processing discipline for Service Discovery (<TT>http://jabber.org/protocol/disco#items</TT> and
<TT>http://jabber.org/protocol/disco#info</TT>) IQ queries
(see section&nbsp;<A HREF="#sec:modiqdiscoption">A.2.1</A>).
(see section&nbsp;<A HREF="#sec:modiqdiscoption">??</A>).
<DT CLASS="dt-description"><B><TT>extra_domains</TT></B><DD CLASS="dd-description"> With this option,
extra domains can be added to the Service Discovery item list.
</DL>
@ -1800,7 +1711,7 @@ Options:
<DL CLASS="description" COMPACT=compact><DT CLASS="dt-description">
<B><TT>hosts</TT></B><DD CLASS="dd-description"> This option defines the hostnames of the
service (see section&nbsp;<A HREF="#sec:modhostsoption">A.2.2</A>). If neither <TT>hosts</TT> nor
service (see section&nbsp;<A HREF="#sec:modhostsoption">??</A>). If neither <TT>hosts</TT> nor
the old <TT>host</TT> is present, the prefix &#8220;<TT>echo.</TT>&#8221; is added to all
<TT>ejabberd</TT> hostnames.
@ -1817,7 +1728,7 @@ Mirror, mirror, on the wall, who is the most beautiful
...
]}.
</PRE><LI CLASS="li-itemize">If you still do not understand the inner workings of <TT>mod_echo</TT>,
you can find a few more examples in section&nbsp;<A HREF="#sec:modhostsoption">A.2.2</A>.
you can find a few more examples in section&nbsp;<A HREF="#sec:modhostsoption">??</A>.
</UL>
<!--TOC subsection <TT>mod_irc</TT>-->
@ -1850,7 +1761,7 @@ Options:
<DL CLASS="description" COMPACT=compact><DT CLASS="dt-description">
<B><TT>hosts</TT></B><DD CLASS="dd-description"> This option defines the hostnames of the
service (see section&nbsp;<A HREF="#sec:modhostsoption">A.2.2</A>). If neither <TT>hosts</TT> nor
service (see section&nbsp;<A HREF="#sec:modhostsoption">??</A>). If neither <TT>hosts</TT> nor
the old <TT>host</TT> is present, the prefix &#8220;<TT>irc.</TT>&#8221; is added to all
<TT>ejabberd</TT> hostnames.
@ -1904,7 +1815,7 @@ Options:
<DL CLASS="description" COMPACT=compact><DT CLASS="dt-description">
<B><TT>iqdisc</TT></B><DD CLASS="dd-description"> This specifies
the processing discipline for Last activity (<TT>jabber:iq:last</TT>) IQ queries
(see section&nbsp;<A HREF="#sec:modiqdiscoption">A.2.1</A>).
(see section&nbsp;<A HREF="#sec:modiqdiscoption">??</A>).
</DL>
<!--TOC subsection <TT>mod_muc</TT>-->
@ -1928,7 +1839,7 @@ Options:
<DL CLASS="description" COMPACT=compact><DT CLASS="dt-description">
<B><TT>hosts</TT></B><DD CLASS="dd-description"> This option defines the hostnames of the
service (see section&nbsp;<A HREF="#sec:modhostsoption">A.2.2</A>). If neither <TT>hosts</TT> nor
service (see section&nbsp;<A HREF="#sec:modhostsoption">??</A>). If neither <TT>hosts</TT> nor
the old <TT>host</TT> is present, the prefix &#8220;<TT>conference.</TT>&#8221; is added to all
<TT>ejabberd</TT> hostnames.
@ -2078,7 +1989,7 @@ This module implements offline message storage. This means that all messages
sent to an offline user will be stored on the server until that user comes
online again. Thus it is very similar to how email works. Note that
<TT>ejabberdctl</TT> has a command to delete expired messages
(see section&nbsp;<A HREF="#sec:ejabberdctl">3.4.2</A>).<BR>
(see section&nbsp;<A HREF="#sec:ejabberdctl">??</A>).<BR>
<BR>
<!--TOC subsection <TT>mod_privacy</TT>-->
@ -2113,7 +2024,7 @@ Options:
<DL CLASS="description" COMPACT=compact><DT CLASS="dt-description">
<B><TT>iqdisc</TT></B><DD CLASS="dd-description"> This specifies
the processing discipline for Blocking Communication (<TT>jabber:iq:privacy</TT>) IQ queries
(see section&nbsp;<A HREF="#sec:modiqdiscoption">A.2.1</A>).
(see section&nbsp;<A HREF="#sec:modiqdiscoption">??</A>).
</DL>
<!--TOC subsection <TT>mod_private</TT>-->
@ -2132,7 +2043,7 @@ Options:
<DL CLASS="description" COMPACT=compact><DT CLASS="dt-description">
<B><TT>iqdisc</TT></B><DD CLASS="dd-description"> This specifies
the processing discipline for Private XML Storage (<TT>jabber:iq:private</TT>) IQ queries
(see section&nbsp;<A HREF="#sec:modiqdiscoption">A.2.1</A>).
(see section&nbsp;<A HREF="#sec:modiqdiscoption">??</A>).
</DL>
<!--TOC subsection <TT>mod_pubsub</TT>-->
@ -2166,7 +2077,7 @@ Options:
<DL CLASS="description" COMPACT=compact><DT CLASS="dt-description">
<B><TT>hosts</TT></B><DD CLASS="dd-description"> This option defines the hostnames of the
service (see section&nbsp;<A HREF="#sec:modhostsoption">A.2.2</A>). If neither <TT>hosts</TT> nor
service (see section&nbsp;<A HREF="#sec:modhostsoption">??</A>). If neither <TT>hosts</TT> nor
the old <TT>host</TT> is present, the prefix &#8220;<TT>pubsub.</TT>&#8221; is added to all
<TT>ejabberd</TT> hostnames.
@ -2204,7 +2115,7 @@ Options:
restrictions by default).
<DT CLASS="dt-description"><B><TT>iqdisc</TT></B><DD CLASS="dd-description"> This specifies
the processing discipline for In-Band Registration (<TT>jabber:iq:register</TT>) IQ queries
(see section&nbsp;<A HREF="#sec:modiqdiscoption">A.2.1</A>).
(see section&nbsp;<A HREF="#sec:modiqdiscoption">??</A>).
</DL>
Examples:
<UL CLASS="itemize"><LI CLASS="li-itemize">
@ -2252,7 +2163,7 @@ Options:
<DL CLASS="description" COMPACT=compact><DT CLASS="dt-description">
<B><TT>iqdisc</TT></B><DD CLASS="dd-description"> This specifies
the processing discipline for Roster Management (<TT>jabber:iq:roster</TT>) IQ queries
(see section&nbsp;<A HREF="#sec:modiqdiscoption">A.2.1</A>).
(see section&nbsp;<A HREF="#sec:modiqdiscoption">??</A>).
</DL>
<!--TOC subsection <TT>mod_service_log</TT>-->
@ -2439,7 +2350,7 @@ Options:
<DL CLASS="description" COMPACT=compact><DT CLASS="dt-description">
<B><TT>iqdisc</TT></B><DD CLASS="dd-description"> This specifies
the processing discipline for Statistics Gathering (<TT>http://jabber.org/protocol/stats</TT>) IQ queries
(see section&nbsp;<A HREF="#sec:modiqdiscoption">A.2.1</A>).
(see section&nbsp;<A HREF="#sec:modiqdiscoption">??</A>).
</DL>
As there are only a small amount of clients (for example
<A HREF="http://tkabber.jabber.ru/">Tkabber</A>) and software libraries with
@ -2476,7 +2387,7 @@ Options:
<DL CLASS="description" COMPACT=compact><DT CLASS="dt-description">
<B><TT>iqdisc</TT></B><DD CLASS="dd-description"> This specifies
the processing discipline for Entity Time (<TT>jabber:iq:time</TT>) IQ queries
(see section&nbsp;<A HREF="#sec:modiqdiscoption">A.2.1</A>).
(see section&nbsp;<A HREF="#sec:modiqdiscoption">??</A>).
</DL>
<!--TOC subsection <TT>mod_vcard</TT>-->
@ -2493,13 +2404,13 @@ Options:
<DL CLASS="description" COMPACT=compact><DT CLASS="dt-description">
<B><TT>hosts</TT></B><DD CLASS="dd-description"> This option defines the hostnames of the
service (see section&nbsp;<A HREF="#sec:modhostsoption">A.2.2</A>). If neither <TT>hosts</TT> nor
service (see section&nbsp;<A HREF="#sec:modhostsoption">??</A>). If neither <TT>hosts</TT> nor
the old <TT>host</TT> is present, the prefix &#8220;<TT>vjud.</TT>&#8221; is added to all
<TT>ejabberd</TT> hostnames.
<DT CLASS="dt-description"><B><TT>iqdisc</TT></B><DD CLASS="dd-description"> This specifies
the processing discipline for <TT>vcard-temp</TT> IQ queries
(see section&nbsp;<A HREF="#sec:modiqdiscoption">A.2.1</A>).
(see section&nbsp;<A HREF="#sec:modiqdiscoption">??</A>).
<DT CLASS="dt-description"><B><TT>search</TT></B><DD CLASS="dd-description"> This option specifies whether the search
functionality is enabled (value: <TT>true</TT>) or disabled
(value: <TT>false</TT>). If disabled, the option <TT>hosts</TT> will be
@ -2557,7 +2468,7 @@ Options:
<DL CLASS="description" COMPACT=compact><DT CLASS="dt-description">
<B><TT>iqdisc</TT></B><DD CLASS="dd-description"> This specifies
the processing discipline for Software Version (<TT>jabber:iq:version</TT>) IQ queries
(see section&nbsp;<A HREF="#sec:modiqdiscoption">A.2.1</A>).
(see section&nbsp;<A HREF="#sec:modiqdiscoption">??</A>).
</DL>
<!--TOC section Internationalization and Localization-->
@ -2566,7 +2477,7 @@ the processing discipline for Software Version (<TT>jabber:iq:version</TT>) IQ q
<A NAME="sec:i18nl10n"></A>
All built-in modules support the <TT>xml:lang</TT> attribute inside IQ queries.
Figure&nbsp;<A HREF="#fig:discorus">2</A>, for example, shows the reply to the following query:
Figure&nbsp;<A HREF="#fig:discorus">??</A>, for example, shows the reply to the following query:
<PRE CLASS="verbatim">
&lt;iq id='5'
to='example.org'
@ -2588,7 +2499,7 @@ Figure&nbsp;<A HREF="#fig:discorus">2</A>, for example, shows the reply to the f
<A NAME="fig:discorus"></A>
<DIV CLASS="center"><HR WIDTH="80%" SIZE=2></DIV></DIV></BLOCKQUOTE>
The web interface also supports the <CODE>Accept-Language</CODE> HTTP header (compare
figure&nbsp;<A HREF="#fig:webadmmainru">3</A> with figure&nbsp;<A HREF="#fig:webadmmain">1</A>)
figure&nbsp;<A HREF="#fig:webadmmainru">??</A> with figure&nbsp;<A HREF="#fig:webadmmain">??</A>)
<BLOCKQUOTE CLASS="figure"><DIV CLASS="center"><DIV CLASS="center"><HR WIDTH="80%" SIZE=2></DIV>
<IMG SRC="webadmmainru.png">
@ -3138,7 +3049,7 @@ END
This release fix a security issue introduced in ejabberd 1.1.0. In SASL
mode, anonymous login was enabled as a default. Upgrading ejabberd 1.1.0 to
ejabberd 1.1.1 is highly recommanded.
ejabberd 1.1.1 is highly recommended.
ejabberd can be downloaded from the Process-one website:
http://www.process-one.net/en/projects/ejabberd/

View File

@ -526,9 +526,9 @@ Currently next modules are implemented:
\begin{tabular}{|l|l|p{87mm}|}
\hline \texttt{ejabberd\_c2s}& Description& Handles c2s connections.\\
\cline{2-3} & Options& \texttt{access}, \texttt{certfile}, \texttt{inet6},
\texttt{ip}, \texttt{max\_stanza\_size}, \texttt{shaper}, \texttt{ssl},
\texttt{tls}, \texttt{starttls}, \texttt{starttls\_required},
\texttt{zlib}\\
\texttt{ip}, \texttt{max\_stanza\_size}, \texttt{max\_user\_sessions},
\texttt{shaper}, \texttt{ssl}, \texttt{tls}, \texttt{starttls},
\texttt{starttls\_required}, \texttt{zlib}\\
\hline \texttt{ejabberd\_s2s\_in}& Description& Handles incoming s2s
connections.\\
\cline{2-3} & Options& \texttt{inet6}, \texttt{ip},
@ -574,6 +574,16 @@ The following options are available:
option specifies an approximate maximal size in bytes of XML stanzas.
For example \verb|{max\_stanza\_size, 65536}|. The default value
is ``\term{infinity}''.
\titem{\{max\_user\_sessions, Max\}} \ind{options!max\_user\_sessions}This
option specifies the maximum number of sessions (authenticated
connections) per user. If a user tries to open more than the maximum
number of allowed sessions, with different resources, the first opened
session will be disconnected. The error ``\term{session replaced}'' is
send to the disconnected session. This value is either a number or
\term{infinity}. For example \verb|{max\_user\_sessions, 10}|. The
default value is \term{10}.
\titem{\{shaper, <access rule>\}} \ind{options!shaper}This option defines a
shaper for the port (see section~\ref{sec:configshaper}). The default value
is ``\term{none}''.

View File

@ -114,6 +114,7 @@
{listen,
[{5222, ejabberd_c2s, [{access, c2s}, {shaper, c2s_shaper},
{max_stanza_size, 65536},
{max_user_sessions, 10},
starttls, {certfile, "./ssl.pem"}]},
{5223, ejabberd_c2s, [{access, c2s},
{max_stanza_size, 65536},

View File

@ -42,6 +42,9 @@
-record(session, {sid, usr, us, priority}).
-record(state, {}).
%% default value for the maximum number of user connections
-define(MAX_USER_SESSIONS, 10).
%%====================================================================
%% API
%%====================================================================
@ -63,6 +66,7 @@ route(From, To, Packet) ->
open_session(SID, User, Server, Resource) ->
set_session(SID, User, Server, Resource, undefined),
check_for_sessions_to_replace(User, Server, Resource),
JID = jlib:make_jid(User, Server, Resource),
ejabberd_hooks:run(sm_register_connection_hook, JID#jid.lserver,
[SID, JID]).
@ -177,6 +181,7 @@ init([]) ->
{"connected-users-number", "print a number of established sessions"},
{"user-resources user server", "print user's connected resources"}],
?MODULE, ctl_process),
{ok, #state{}}.
%%--------------------------------------------------------------------
@ -270,23 +275,7 @@ set_session(SID, User, Server, Resource, Priority) ->
us = US,
priority = Priority})
end,
mnesia:sync_dirty(F),
SIDs = mnesia:dirty_select(
session,
[{#session{sid = '$1', usr = USR, _ = '_'}, [], ['$1']}]),
if
SIDs == [] ->
ok;
true ->
MaxSID = lists:max(SIDs),
lists:foreach(
fun({_, Pid} = S) when S /= MaxSID ->
Pid ! replaced;
(_) ->
ok
end, SIDs)
end.
mnesia:sync_dirty(F).
clean_table_from_bad_node(Node) ->
F = fun() ->
@ -509,6 +498,69 @@ get_user_present_resources(LUser, LServer) ->
S <- clean_session_list(Ss), is_integer(S#session.priority)]
end.
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%% On new session, check if some existing connections need to be replace
check_for_sessions_to_replace(User, Server, Resource) ->
LUser = jlib:nodeprep(User),
LServer = jlib:nameprep(Server),
LResource = jlib:resourceprep(Resource),
%% TODO: Depending on how this is executed, there could be an unneeded
%% replacement for max_sessions. We need to check this at some point.
check_existing_resources(LUser, LServer, LResource),
check_max_sessions(LUser, LServer).
check_existing_resources(LUser, LServer, LResource) ->
USR = {LUser, LServer, LResource},
%% A connection exist with the same resource. We replace it:
SIDs = mnesia:dirty_select(
session,
[{#session{sid = '$1', usr = USR, _ = '_'}, [], ['$1']}]),
if
SIDs == [] -> ok;
true ->
MaxSID = lists:max(SIDs),
lists:foreach(
fun({_, Pid} = S) when S /= MaxSID ->
Pid ! replaced;
(_) -> ok
end, SIDs)
end.
check_max_sessions(LUser, LServer) ->
%% If the max number of sessions for a given is reached, we replace the
%% first one
SIDs = mnesia:dirty_select(
session,
[{#session{sid = '$1', usr = {LUser, LServer, '_'}, _ = '_'}, [], ['$1']}]),
MaxSessions = get_max_user_sessions(),
if length(SIDs) =< MaxSessions -> ok;
true -> {_, Pid} = lists:min(SIDs),
Pid ! replaced
end.
%% Get the user_max_session setting
%% This option defines the max number of time a given users are allowed to
%% log in
%% This option is only used on c2s connections
%% Defaults to 10
%% Can be set to infinity
get_max_user_sessions() ->
case ejabberd_config:get_local_option(listen) of
undefined -> ?MAX_USER_SESSIONS;
Listeners ->
case lists:keysearch(ejabberd_c2s, 2, Listeners) of
{value, {_Port, _Method, Opts}} ->
case lists:keysearch(max_user_sessions, 1, Opts) of
{value, {_, Max}} -> Max;
_ -> ?MAX_USER_SESSIONS
end;
_ -> ?MAX_USER_SESSIONS
end
end.
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%