mirror of
https://github.com/processone/ejabberd.git
synced 2024-11-24 16:23:40 +01:00
An AccessCommand with Access 'all', don't require auth to execute it.
SVN Revision: 2865
This commit is contained in:
parent
761ed1b192
commit
0bf9832187
@ -3556,9 +3556,8 @@ Arguments = [ {ArgumentName, ArgumentValue}, ...]
|
|||||||
ArgumentName = atom()
|
ArgumentName = atom()
|
||||||
ArgumentValue = any()
|
ArgumentValue = any()
|
||||||
</PRE><P>The default value is to not define any restriction: <TT>[]</TT>.
|
</PRE><P>The default value is to not define any restriction: <TT>[]</TT>.
|
||||||
If at least one restriction is defined, then the frontend expects
|
The authentication information is provided when executing a command,
|
||||||
that authentication information is provided when executing a command.
|
and is Username, Hostname and Password of a local XMPP account
|
||||||
The authentication information is Username, Hostname and Password of a local XMPP account
|
|
||||||
that has permission to execute the corresponding command.
|
that has permission to execute the corresponding command.
|
||||||
This means that the account must be registered in the local ejabberd,
|
This means that the account must be registered in the local ejabberd,
|
||||||
because the information will be verified.
|
because the information will be verified.
|
||||||
|
@ -4529,9 +4529,8 @@ ArgumentValue = any()
|
|||||||
\end{verbatim}
|
\end{verbatim}
|
||||||
|
|
||||||
The default value is to not define any restriction: \term{[]}.
|
The default value is to not define any restriction: \term{[]}.
|
||||||
If at least one restriction is defined, then the frontend expects
|
The authentication information is provided when executing a command,
|
||||||
that authentication information is provided when executing a command.
|
and is Username, Hostname and Password of a local XMPP account
|
||||||
The authentication information is Username, Hostname and Password of a local XMPP account
|
|
||||||
that has permission to execute the corresponding command.
|
that has permission to execute the corresponding command.
|
||||||
This means that the account must be registered in the local ejabberd,
|
This means that the account must be registered in the local ejabberd,
|
||||||
because the information will be verified.
|
because the information will be verified.
|
||||||
|
@ -356,15 +356,14 @@ get_tags_commands() ->
|
|||||||
%% @doc Check access is allowed to that command.
|
%% @doc Check access is allowed to that command.
|
||||||
%% At least one AccessCommand must be satisfied.
|
%% At least one AccessCommand must be satisfied.
|
||||||
%% It may throw {error, Error} where:
|
%% It may throw {error, Error} where:
|
||||||
%% Error = account_unprivileged | invalid_account_data | no_auth_provided
|
%% Error = account_unprivileged | invalid_account_data
|
||||||
check_access_commands([], _Auth, _Method, _Command, _Arguments) ->
|
check_access_commands([], _Auth, _Method, _Command, _Arguments) ->
|
||||||
ok;
|
ok;
|
||||||
check_access_commands(AccessCommands, Auth, Method, Command, Arguments) ->
|
check_access_commands(AccessCommands, Auth, Method, Command, Arguments) ->
|
||||||
{ok, User, Server} = check_auth(Auth),
|
|
||||||
AccessCommandsAllowed =
|
AccessCommandsAllowed =
|
||||||
lists:filter(
|
lists:filter(
|
||||||
fun({Access, Commands, ArgumentRestrictions}) ->
|
fun({Access, Commands, ArgumentRestrictions}) ->
|
||||||
case check_access(Access, User, Server) of
|
case check_access(Access, Auth) of
|
||||||
true ->
|
true ->
|
||||||
check_access_command(Commands, Command, ArgumentRestrictions,
|
check_access_command(Commands, Command, ArgumentRestrictions,
|
||||||
Method, Arguments);
|
Method, Arguments);
|
||||||
@ -379,7 +378,7 @@ check_access_commands(AccessCommands, Auth, Method, Command, Arguments) ->
|
|||||||
end.
|
end.
|
||||||
|
|
||||||
check_auth(noauth) ->
|
check_auth(noauth) ->
|
||||||
throw({error, no_auth_provided});
|
no_auth_provided;
|
||||||
check_auth({User, Server, Password}) ->
|
check_auth({User, Server, Password}) ->
|
||||||
%% Check the account exists and password is valid
|
%% Check the account exists and password is valid
|
||||||
AccountPass = ejabberd_auth:get_password_s(User, Server),
|
AccountPass = ejabberd_auth:get_password_s(User, Server),
|
||||||
@ -394,7 +393,10 @@ get_md5(AccountPass) ->
|
|||||||
lists:flatten([io_lib:format("~.16B", [X])
|
lists:flatten([io_lib:format("~.16B", [X])
|
||||||
|| X <- binary_to_list(crypto:md5(AccountPass))]).
|
|| X <- binary_to_list(crypto:md5(AccountPass))]).
|
||||||
|
|
||||||
check_access(Access, User, Server) ->
|
check_access(all, _) ->
|
||||||
|
true;
|
||||||
|
check_access(Access, Auth) ->
|
||||||
|
{ok, User, Server} = check_auth(Auth),
|
||||||
%% Check this user has access permission
|
%% Check this user has access permission
|
||||||
case acl:match_rule(Server, Access, jlib:make_jid(User, Server, "")) of
|
case acl:match_rule(Server, Access, jlib:make_jid(User, Server, "")) of
|
||||||
allow -> true;
|
allow -> true;
|
||||||
|
Loading…
Reference in New Issue
Block a user