25
1
mirror of https://github.com/processone/ejabberd.git synced 2024-11-28 16:34:13 +01:00

* doc/guide.tex: Updated

* src/ejabberd.cfg: Added "register" rule, added some comments,
this file renamed to ejabberd.cfg.example

* src/mod_register.erl (try_register): Fixed error reply, added
check for "register" access rule

* src/stringprep/Makefile.win32: Added Makefile for Win32 (thanks
to Sergei Golovan)

SVN Revision: 148
This commit is contained in:
Alexey Shchepin 2003-10-11 17:39:36 +00:00
parent 4b48617a2d
commit 146d464f96
8 changed files with 181 additions and 60 deletions

View File

@ -1,5 +1,18 @@
2003-10-11 Alexey Shchepin <alexey@sevcom.net>
* doc/guide.tex: Updated
* src/ejabberd.cfg: Added "register" rule, added some comments,
this file renamed to ejabberd.cfg.example
* src/mod_register.erl (try_register): Fixed error reply, added
check for "register" access rule
2003-10-10 Alexey Shchepin <alexey@sevcom.net> 2003-10-10 Alexey Shchepin <alexey@sevcom.net>
* src/stringprep/Makefile.win32: Added Makefile for Win32 (thanks
to Sergei Golovan)
* src/stringprep/stringprep_drv.c: Removed needless iconv.h * src/stringprep/stringprep_drv.c: Removed needless iconv.h
include include

View File

@ -695,13 +695,14 @@ these queries. Possible values are:
be processed until finished this. Hence this discipline is not recommended be processed until finished this. Hence this discipline is not recommended
if processing of query can take relative many time. if processing of query can take relative many time.
<DT><B><TT>one_queue</TT></B><DD> In this case created separate queue for processing <DT><B><TT>one_queue</TT></B><DD> In this case created separate queue for processing
IQ queries of namespace with this discipline, and processing of this queue of IQ queries of namespace with this discipline, and processing of this queue
done in parallel with processing of other packets. This discipline is most is done in parallel with processing of other packets. This discipline is most
recommended. recommended.
<DT><B><TT>parallel</TT></B><DD> In this case for all packets with this discipline <DT><B><TT>parallel</TT></B><DD> In this case for all packets with this discipline
spawned separate Erlang process, so all these packets processed in parallel. spawned separate Erlang process, so all these packets processed in parallel.
Although spawning of Erlang process have relative low cost, this can broke Although spawning of Erlang process have relatively low cost, this can broke
server normal work, because Erlang have limit of 32000 processes. server normal work, because Erlang emulator have limit on number of processes
(32000 by default).
</DL> </DL>
Example: Example:
<PRE> <PRE>
@ -731,6 +732,33 @@ Example:
<H3><A NAME="htoc35">A.2</A>&nbsp;&nbsp;<TT>mod_register</TT></H3><!--SEC END --> <H3><A NAME="htoc35">A.2</A>&nbsp;&nbsp;<TT>mod_register</TT></H3><!--SEC END -->
<A NAME="sec:modregister"></A> <A NAME="sec:modregister"></A>
This module adds support for
<A HREF="http://www.jabber.org/jeps/jep-0077.html">JEP-0077</A> (In-Band
Registration). There is possible to restrict registration via ``register''
access rule. If this rule returns ``deny'' on requested user name, then
registration is not allowed for it.<BR>
<BR>
Options:
<DL COMPACT=compact><DT>
<B><TT>iqdisc</TT></B><DD> <TT>jabber:iq:register</TT> IQ queries processing
discipline.
</DL>
Example:
<PRE>
% Deny registration for users with too short name
{acl, shortname, {user_glob, "?"}}.
{acl, shortname, {user_glob, "??"}}.
% Another variant: {acl, shortname, {user_regexp, "^..?$"}}.
{access, register, [{deny, shortname},
{allow, all}]}.
{modules, [
...
{mod_register, []},
...
]}.
</PRE>
<!--TOC subsection <TT>mod_roster</TT>--> <!--TOC subsection <TT>mod_roster</TT>-->
<H3><A NAME="htoc36">A.3</A>&nbsp;&nbsp;<TT>mod_roster</TT></H3><!--SEC END --> <H3><A NAME="htoc36">A.3</A>&nbsp;&nbsp;<TT>mod_roster</TT></H3><!--SEC END -->
@ -772,7 +800,8 @@ Example:
<A NAME="sec:modstats"></A> <A NAME="sec:modstats"></A>
This module adds support for This module adds support for
<A HREF="http://www.jabber.org/jeps/jep-0039.html">JEP-0039</A> (Statistics Gathering).<BR> <A HREF="http://www.jabber.org/jeps/jep-0039.html">JEP-0039</A> (Statistics
Gathering).<BR>
<BR> <BR>
Options: Options:
<DL COMPACT=compact><DT> <DL COMPACT=compact><DT>

View File

@ -658,13 +658,14 @@ these queries. Possible values are:
be processed until finished this. Hence this discipline is not recommended be processed until finished this. Hence this discipline is not recommended
if processing of query can take relative many time. if processing of query can take relative many time.
\item[\texttt{one\_queue}] In this case created separate queue for processing \item[\texttt{one\_queue}] In this case created separate queue for processing
IQ queries of namespace with this discipline, and processing of this queue of IQ queries of namespace with this discipline, and processing of this queue
done in parallel with processing of other packets. This discipline is most is done in parallel with processing of other packets. This discipline is most
recommended. recommended.
\item[\texttt{parallel}] In this case for all packets with this discipline \item[\texttt{parallel}] In this case for all packets with this discipline
spawned separate Erlang process, so all these packets processed in parallel. spawned separate Erlang process, so all these packets processed in parallel.
Although spawning of Erlang process have relative low cost, this can broke Although spawning of Erlang process have relatively low cost, this can broke
server normal work, because Erlang have limit of 32000 processes. server normal work, because Erlang emulator have limit on number of processes
(32000 by default).
\end{description} \end{description}
Example: Example:
@ -696,6 +697,36 @@ Example:
\subsection{\modregister{}} \subsection{\modregister{}}
\label{sec:modregister} \label{sec:modregister}
This module adds support for
\footahref{http://www.jabber.org/jeps/jep-0077.html}{JEP-0077} (In-Band
Registration). There is possible to restrict registration via ``register''
access rule. If this rule returns ``deny'' on requested user name, then
registration is not allowed for it.
Options:
\begin{description}
\item[\texttt{iqdisc}] \ns{jabber:iq:register} IQ queries processing
discipline.
\end{description}
Example:
\begin{verbatim}
% Deny registration for users with too short name
{acl, shortname, {user_glob, "?"}}.
{acl, shortname, {user_glob, "??"}}.
% Another variant: {acl, shortname, {user_regexp, "^..?$"}}.
{access, register, [{deny, shortname},
{allow, all}]}.
{modules, [
...
{mod_register, []},
...
]}.
\end{verbatim}
\subsection{\modroster{}} \subsection{\modroster{}}
@ -738,7 +769,8 @@ Example:
\label{sec:modstats} \label{sec:modstats}
This module adds support for This module adds support for
\footahref{http://www.jabber.org/jeps/jep-0039.html}{JEP-0039} (Statistics Gathering). \footahref{http://www.jabber.org/jeps/jep-0039.html}{JEP-0039} (Statistics
Gathering).
Options: Options:
\begin{description} \begin{description}

View File

@ -2,45 +2,51 @@
%override_acls. %override_acls.
{acl, admin, {user, "aleksey"}}.
{acl, admin, {user, "ermine"}}.
{acl, admin, {user, "test"}}.
{acl, admin, {user, "aleksey", "jabber.ru"}}.
{acl, admin, {user, "ermine", "jabber.ru"}}.
% Users that have admin access. Add line like one of the following after you
% will be successfully registered on server to get admin access:
%{acl, admin, {user, "aleksey"}}.
%{acl, admin, {user, "ermine"}}.
{acl, blocked, {user, "test2"}}. % Blocked users:
%{acl, blocked, {user, "test"}}.
{acl, jabberorg, {server, "jabber.org"}}.
{acl, aleksey, {user, "aleksey", "jabber.ru"}}.
% Another examples of ACLs:
%{acl, jabberorg, {server, "jabber.org"}}.
%{acl, aleksey, {user, "aleksey", "jabber.ru"}}.
%{acl, test, {user_regexp, "^test"}}. %{acl, test, {user_regexp, "^test"}}.
%{acl, test2, {user_glob, "test*"}}. %{acl, test, {user_glob, "test*"}}.
{shaper, normal, {maxrate, 1000}}. % Only admins can use configuration interface:
{access, disco_admin, [{allow, admin},
{deny, all}]}.
{access, configure, [{allow, admin}]}. {access, configure, [{allow, admin}]}.
% Every username can be registered via in-band registration:
{access, register, [{allow, all}]}.
% Only non-blocked users can use c2s connections:
{access, c2s, [{deny, blocked}, {access, c2s, [{deny, blocked},
{allow, all}]}. {allow, all}]}.
% Set shaper with name "normal" to limit traffic speed to 1000B/s
{shaper, normal, {maxrate, 1000}}.
% For all users except admins used "normal" shaper
{access, c2s_shaper, [{none, admin}, {access, c2s_shaper, [{none, admin},
{normal, all}]}. {normal, all}]}.
% Admins of this server are also admins of MUC service:
{access, muc_admin, [{allow, admin}]}. {access, muc_admin, [{allow, admin}]}.
% Host name:
{host, "localhost"}.
{host, "e.localhost"}.
{listen, [{5522, ejabberd_c2s, [{access, c2s}, % Listened ports:
{listen, [{5222, ejabberd_c2s, [{access, c2s},
{shaper, c2s_shaper}]}, {shaper, c2s_shaper}]},
{5523, ejabberd_c2s, [{access, c2s}, {5223, ejabberd_c2s, [{access, c2s},
{ssl, [{certfile, "./ssl.pem"}]}]}, {ssl, [{certfile, "./ssl.pem"}]}]},
{5269, ejabberd_s2s_in, []}, {5269, ejabberd_s2s_in, []},
{8888, ejabberd_service, [{host, {8888, ejabberd_service, [{host,
@ -48,9 +54,11 @@
[{password, "asdqwe"}]}]} [{password, "asdqwe"}]}]}
]}. ]}.
% This value (5569) is only for debugging, must be 5269 % If SRV lookup fails, then port 5269 used to communicate with other servers
{outgoing_s2s_port, 5569}. {outgoing_s2s_port, 5269}.
% Used modules:
{modules, [ {modules, [
{mod_register, []}, {mod_register, []},
{mod_roster, []}, {mod_roster, []},

View File

@ -52,7 +52,8 @@ init(Port, Module, Opts) ->
{ok, ListenSocket} = gen_tcp:listen(Port, [binary, {ok, ListenSocket} = gen_tcp:listen(Port, [binary,
{packet, 0}, {packet, 0},
{active, false}, {active, false},
{reuseaddr, true}]), {reuseaddr, true},
{nodelay, true}]),
accept(ListenSocket, Module, Opts). accept(ListenSocket, Module, Opts).
accept(ListenSocket, Module, Opts) -> accept(ListenSocket, Module, Opts) ->

View File

@ -227,25 +227,7 @@ jid_to_string({Node, Server, Resource}) ->
is_nodename([]) -> is_nodename([]) ->
false; false;
is_nodename(J) -> is_nodename(J) ->
is_nodename1(J). nodeprep(J).
is_nodename1([C | J])
when (C =< 32) or
(C == $") or
(C == $&) or
(C == $') or
(C == $:) or
(C == $<) or
(C == $>) or
(C == $@) or
(C == $/) or
(C == 127)
->
false;
is_nodename1([C | J]) ->
is_nodename1(J);
is_nodename1([]) ->
true.
@ -301,7 +283,19 @@ resourceprep(S) ->
jid_tolower(#jid{luser = U, lserver = S, lresource = R}) -> jid_tolower(#jid{luser = U, lserver = S, lresource = R}) ->
{U, S, R}; {U, S, R};
jid_tolower({U, S, R}) -> jid_tolower({U, S, R}) ->
{tolower(U), tolower(S), R}. case stringprep:nodeprep(U) of
error -> error;
LUser ->
case stringprep:nameprep(S) of
error -> error;
LServer ->
case stringprep:resourceprep(R) of
error -> error;
LResource ->
{LUser, LServer, LResource}
end
end
end.
jid_remove_resource(#jid{} = JID) -> jid_remove_resource(#jid{} = JID) ->
JID#jid{resource = "", lresource = ""}; JID#jid{resource = "", lresource = ""};

View File

@ -116,14 +116,18 @@ try_register(User, Password) ->
false -> false ->
{error, ?ERR_BAD_REQUEST}; {error, ?ERR_BAD_REQUEST};
_ -> _ ->
case ejabberd_auth:try_register(User, Password) of case acl:match_rule(register, jlib:make_jid(User, ?MYNAME, "")) of
{atomic, ok} -> deny ->
ok; {error, ?ERR_CONFLICT};
{atomic, exists} -> allow ->
% TODO: replace to "username unavailable" case ejabberd_auth:try_register(User, Password) of
{error, ?ERR_NOT_ALLOWED}; {atomic, ok} ->
{error, Reason} -> ok;
{error, ?ERR_INTERNAL_SERVER_ERROR} {atomic, exists} ->
{error, ?ERR_CONFLICT};
{error, _Reason} ->
{error, ?ERR_INTERNAL_SERVER_ERROR}
end
end end
end. end.

View File

@ -0,0 +1,40 @@
include ..\Makefile.inc
OUTDIR = ..
EFLAGS = -I .. -pz ..
ALL : $(OUTDIR)\stringprep_drv.dll $(OUTDIR)\stringprep.beam
CLEAN :
-@erase $(OUTDIR)\stringprep_drv.dll
-@erase $(OUTDIR)\stringprep_drv.exp
-@erase $(OUTDIR)\stringprep_drv.lib
-@erase stringprep_drv.obj
-@erase stringprep_drv.pch
-@erase vc60.idb
-@erase $(OUTDIR)\stringprep.beam
$(OUTDIR)\stringprep.beam : stringprep.erl
erlc -W $(EFLAGS) -o $(OUTDIR) stringprep.erl
CPP=cl.exe
CPP_PROJ=/nologo /ML /W3 /GX /O2 /I "$(ERLANG_DIR)\usr\include" /I "$(EI_DIR)\include" /D "WIN32" /D "NDEBUG" /D "_USRDLL" /D "_MBCS" /Fpstringprep_drv.pch /YX /FD /c
.c.obj::
$(CPP) @<<
$(CPP_PROJ) $<
<<
LINK32=link.exe
LINK32_FLAGS=kernel32.lib "$(ERLANG_DIR)\usr\lib\erl_dll.lib" "$(EI_DIR)\lib\ei.lib" "$(EI_DIR)\lib\erl_interface.lib" /nologo /subsystem:console /dll /pdb:none /machine:I386 /out:$(OUTDIR)\stringprep_drv.dll
LINK32_OBJS=stringprep_drv.obj
$(OUTDIR)\stringprep_drv.dll : $(LINK32_OBJS)
$(LINK32) @<<
$(LINK32_FLAGS) $(LINK32_OBJS)
<<
stringprep_drv.obj : stringprep_drv.c