25
1
mirror of https://github.com/processone/ejabberd.git synced 2024-11-24 16:23:40 +01:00

An AccessCommand with Access 'all', don't require auth to execute it.

SVN Revision: 2865
This commit is contained in:
Badlop 2010-01-09 00:39:33 +00:00
parent 761ed1b192
commit 0bf9832187
3 changed files with 11 additions and 11 deletions

View File

@ -3556,9 +3556,8 @@ Arguments = [ {ArgumentName, ArgumentValue}, ...]
ArgumentName = atom() ArgumentName = atom()
ArgumentValue = any() ArgumentValue = any()
</PRE><P>The default value is to not define any restriction: <TT>[]</TT>. </PRE><P>The default value is to not define any restriction: <TT>[]</TT>.
If at least one restriction is defined, then the frontend expects The authentication information is provided when executing a command,
that authentication information is provided when executing a command. and is Username, Hostname and Password of a local XMPP account
The authentication information is Username, Hostname and Password of a local XMPP account
that has permission to execute the corresponding command. that has permission to execute the corresponding command.
This means that the account must be registered in the local ejabberd, This means that the account must be registered in the local ejabberd,
because the information will be verified. because the information will be verified.

View File

@ -4529,9 +4529,8 @@ ArgumentValue = any()
\end{verbatim} \end{verbatim}
The default value is to not define any restriction: \term{[]}. The default value is to not define any restriction: \term{[]}.
If at least one restriction is defined, then the frontend expects The authentication information is provided when executing a command,
that authentication information is provided when executing a command. and is Username, Hostname and Password of a local XMPP account
The authentication information is Username, Hostname and Password of a local XMPP account
that has permission to execute the corresponding command. that has permission to execute the corresponding command.
This means that the account must be registered in the local ejabberd, This means that the account must be registered in the local ejabberd,
because the information will be verified. because the information will be verified.

View File

@ -356,15 +356,14 @@ get_tags_commands() ->
%% @doc Check access is allowed to that command. %% @doc Check access is allowed to that command.
%% At least one AccessCommand must be satisfied. %% At least one AccessCommand must be satisfied.
%% It may throw {error, Error} where: %% It may throw {error, Error} where:
%% Error = account_unprivileged | invalid_account_data | no_auth_provided %% Error = account_unprivileged | invalid_account_data
check_access_commands([], _Auth, _Method, _Command, _Arguments) -> check_access_commands([], _Auth, _Method, _Command, _Arguments) ->
ok; ok;
check_access_commands(AccessCommands, Auth, Method, Command, Arguments) -> check_access_commands(AccessCommands, Auth, Method, Command, Arguments) ->
{ok, User, Server} = check_auth(Auth),
AccessCommandsAllowed = AccessCommandsAllowed =
lists:filter( lists:filter(
fun({Access, Commands, ArgumentRestrictions}) -> fun({Access, Commands, ArgumentRestrictions}) ->
case check_access(Access, User, Server) of case check_access(Access, Auth) of
true -> true ->
check_access_command(Commands, Command, ArgumentRestrictions, check_access_command(Commands, Command, ArgumentRestrictions,
Method, Arguments); Method, Arguments);
@ -379,7 +378,7 @@ check_access_commands(AccessCommands, Auth, Method, Command, Arguments) ->
end. end.
check_auth(noauth) -> check_auth(noauth) ->
throw({error, no_auth_provided}); no_auth_provided;
check_auth({User, Server, Password}) -> check_auth({User, Server, Password}) ->
%% Check the account exists and password is valid %% Check the account exists and password is valid
AccountPass = ejabberd_auth:get_password_s(User, Server), AccountPass = ejabberd_auth:get_password_s(User, Server),
@ -394,7 +393,10 @@ get_md5(AccountPass) ->
lists:flatten([io_lib:format("~.16B", [X]) lists:flatten([io_lib:format("~.16B", [X])
|| X <- binary_to_list(crypto:md5(AccountPass))]). || X <- binary_to_list(crypto:md5(AccountPass))]).
check_access(Access, User, Server) -> check_access(all, _) ->
true;
check_access(Access, Auth) ->
{ok, User, Server} = check_auth(Auth),
%% Check this user has access permission %% Check this user has access permission
case acl:match_rule(Server, Access, jlib:make_jid(User, Server, "")) of case acl:match_rule(Server, Access, jlib:make_jid(User, Server, "")) of
allow -> true; allow -> true;