25
1
mirror of https://github.com/processone/ejabberd.git synced 2024-10-15 15:19:20 +02:00

*** empty log message ***

SVN Revision: 54
This commit is contained in:
Alexey Shchepin 2003-01-29 20:21:14 +00:00
parent 9a3a723f1b
commit 45abdd240c
4 changed files with 168 additions and 25 deletions

View File

@ -17,7 +17,7 @@
<H3 ALIGN=center>Alexey Shchepin<BR><A HREF="mailto:alexey@sevcom.net"><TT>mailto:alexey@sevcom.net</TT></A><BR><A HREF="xmpp:aleksey@jabber.ru"><TT>xmpp:aleksey@jabber.ru</TT></A></H3>
<H3 ALIGN=center>January 26, 2003</H3> <DIV ALIGN=center><IMG SRC="logo.png">
<H3 ALIGN=center>January 29, 2003</H3> <DIV ALIGN=center><IMG SRC="logo.png">
</DIV><BR>
<BR>
@ -96,7 +96,10 @@ erl -name ejabberd -s ejabberd
<A NAME="sec:initconfig"></A>Configuration file is loaded after first start of <TT>ejabberd</TT>. It consists of
sequence of Erlang terms. Parts of lines after <TT>`%'</TT> sign are ignored.
Each term is tuple, where first element is name of option, and other are option
values.<BR>
values. Note, that after first start all values from this file stored in
database, and in next time they will be APPENDED to existing values. E.&nbsp;g.
if this file will not contain ``host'' definition, then old value will be
used.<BR>
<BR>
<!--TOC subsubsection Host Name-->
@ -160,7 +163,7 @@ config file they looks like this:
{acl, admin, {user, "aleksey"}}.
</PRE>
<DT><TT>{user, &lt;username&gt;, &lt;server&gt;}</TT><DD> Matches user with JID
<TT>&lt;username&gt;@&lt;server&gt;</TT>. Example:
<TT>&lt;username&gt;@&lt;server&gt;</TT> and any resource. Example:
<PRE>
{acl, admin, {user, "aleksey", "jabber.ru"}}.
</PRE>
@ -168,7 +171,49 @@ config file they looks like this:
<TT>&lt;server&gt;</TT>. Example:
<PRE>
{acl, jabberorg, {server, "jabber.org"}}.
</PRE></DL>Allowing or denying of different services is like this:
</PRE>
<DT><TT>{user_regexp, &lt;regexp&gt;}</TT><DD> Matches local user with name that
mathes <TT>&lt;regexp&gt;</TT>. Example:
<PRE>
{acl, tests, {user, "test.*"}}.
</PRE>
<DT><TT>{user_regexp, &lt;regexp&gt;, &lt;server&gt;}</TT><DD> Matches user with name
that mathes <TT>&lt;regexp&gt;</TT> and from server <TT>&lt;server&gt;</TT>. Example:
<PRE>
{acl, tests, {user, "test.*", "localhost"}}.
</PRE>
<DT><TT>{server_regexp, &lt;regexp&gt;}</TT><DD> Matches any JID from server that
matches <TT>&lt;regexp&gt;</TT>. Example:
<PRE>
{acl, icq, {server, "icq.*"}}.
</PRE>
<DT><TT>{node_regexp, &lt;user_regexp&gt;, &lt;server_regexp&gt;}</TT><DD> Matches user
with name that mathes <TT>&lt;user_regexp&gt;</TT> and from server that matches
<TT>&lt;server_regexp&gt;</TT>. Example:
<PRE>
{acl, aleksey, {node_regexp, "aleksey.*", "jabber.(ru|org)"}}.
</PRE>
<DT><TT>{user_glob, &lt;glob&gt;}</TT><DD>
<DT><TT>{user_glob, &lt;glob&gt;, &lt;server&gt;}</TT><DD>
<DT><TT>{server_glob, &lt;glob&gt;}</TT><DD>
<DT><TT>{node_glob, &lt;user_glob&gt;, &lt;server_glob&gt;}</TT><DD> This is same as
above, but use shell glob patterns instead of regexp. This patterns can have
following special characters:
<DL COMPACT=compact>
<DT>
<TT>*</TT><DD> matches any string including the null string.
<DT><TT>?</TT><DD> matches any single character.
<DT><TT>[...]</TT><DD> matches any of the enclosed characters. Character
ranges are specified by a pair of characters separated by a <TT>`-'</TT>.
If the first character after <TT>`['</TT> is a <TT>`!'</TT>, then any
character not enclosed is matched.
</DL>
</DL>Allowing or denying of different services is like this:
<PRE>
{access, &lt;accessname&gt;, [{allow, &lt;aclname&gt;},
{deny, &lt;aclname&gt;},
@ -215,8 +260,11 @@ Example:
<A NAME="sec:onlineconfig"></A>To use facility of online reconfiguration of <TT>ejabberd</TT> needed to have
<TT>mod_configure</TT> loaded (see section&nbsp;<A HREF="#sec:modconfigure">5.4</A>). Also highly
recommended to load <TT>mod_disco</TT> (see section&nbsp;<A HREF="#sec:moddisco">5.5</A>), because
<TT>mod_configure</TT> highly integrates with it. Also recommended to use
disco- and xdata-capable client.<BR>
<TT>mod_configure</TT> highly integrates with it. Also recommended to use disco- and
xdata-capable client
(<A HREF="http://www.jabber.ru/projects/tkabber/index_en.html">Tkabber</A>
developed synchronously with <TT>ejabberd</TT>, its CVS version use most of
<TT>ejabberd</TT> features).<BR>
<BR>
TBD<BR>
<BR>
@ -232,7 +280,7 @@ TBD<BR>
runned on different machines that can be connected via network. They all must
have access to connect to port 4369 of all another nodes, and must have same
magic cookie (see Erlang/OTP documentation, in short file
<TT>ejabberd/.erlang.cookie</TT> must be the same on all nodes). This is
<TT>~ejabberd/.erlang.cookie</TT> must be the same on all nodes). This is
needed because all nodes exchange information about connected users, S2S
connection, registered services, etc...<BR>
<BR>
@ -275,8 +323,8 @@ sended to session manager on it.<BR>
<H4>4.1.4&nbsp;&nbsp; S2S Manager</H4><!--SEC END -->
This module route packets to another Jabber servers. First, it check if
to domain of packet destination from domain of source already opened S2S
connection. If it opened on another node, then it routed to S2S manager on
already exists opened S2S connection from domain of packet source to domain of
destination. If it opened on another node, then it routed to S2S manager on
that node, if it opened on this node, then it routed to process that serve this
connection, and if this connection not exists, then it opened and registered.<BR>
<BR>

View File

@ -30,7 +30,7 @@
\author{Alexey Shchepin \\
\ahrefurl{mailto:alexey@sevcom.net} \\
\ahrefurl{xmpp:aleksey@jabber.ru}}
\date{January 26, 2003}
\date{January 29, 2003}
\begin{document}
\begin{titlepage}
@ -127,7 +127,10 @@ TBD
Configuration file is loaded after first start of \ejabberd{}. It consists of
sequence of Erlang terms. Parts of lines after \texttt{`\%'} sign are ignored.
Each term is tuple, where first element is name of option, and other are option
values.
values. Note, that after first start all values from this file stored in
database, and in next time they will be APPENDED to existing values. E.\,g.\
if this file will not contain ``host'' definition, then old value will be
used.
\subsubsection{Host Name}
@ -190,21 +193,64 @@ config file they looks like this:
\begin{verbatim}
{acl, all, all}.
\end{verbatim}
\item[\texttt{\{user, <username>\}}] Matches local user with name
\texttt{<username>}. Example:
\begin{verbatim}
{acl, admin, {user, "aleksey"}}.
\end{verbatim}
\item[\texttt{\{user, <username>, <server>\}}] Matches user with JID
\texttt{<username>@<server>}. Example:
\texttt{<username>@<server>} and any resource. Example:
\begin{verbatim}
{acl, admin, {user, "aleksey", "jabber.ru"}}.
\end{verbatim}
\item[\texttt{\{server, <server>\}}] Matches any JID from server
\texttt{<server>}. Example:
\begin{verbatim}
{acl, jabberorg, {server, "jabber.org"}}.
\end{verbatim}
\item[\texttt{\{user\_regexp, <regexp>\}}] Matches local user with name that
mathes \texttt{<regexp>}. Example:
\begin{verbatim}
{acl, tests, {user, "test.*"}}.
\end{verbatim}
\item[\texttt{\{user\_regexp, <regexp>, <server>\}}] Matches user with name
that mathes \texttt{<regexp>} and from server \texttt{<server>}. Example:
\begin{verbatim}
{acl, tests, {user, "test.*", "localhost"}}.
\end{verbatim}
\item[\texttt{\{server\_regexp, <regexp>\}}] Matches any JID from server that
matches \texttt{<regexp>}. Example:
\begin{verbatim}
{acl, icq, {server, "icq.*"}}.
\end{verbatim}
\item[\texttt{\{node\_regexp, <user\_regexp>, <server\_regexp>\}}] Matches user
with name that mathes \texttt{<user\_regexp>} and from server that matches
\texttt{<server\_regexp>}. Example:
\begin{verbatim}
{acl, aleksey, {node_regexp, "aleksey.*", "jabber.(ru|org)"}}.
\end{verbatim}
\item[\texttt{\{user\_glob, <glob>\}}]
\item[\texttt{\{user\_glob, <glob>, <server>\}}]
\item[\texttt{\{server\_glob, <glob>\}}]
\item[\texttt{\{node\_glob, <user\_glob>, <server\_glob>\}}] This is same as
above, but use shell glob patterns instead of regexp. This patterns can have
following special characters:
\begin{description}
\item[\texttt{*}] matches any string including the null string.
\item[\texttt{?}] matches any single character.
\item[\texttt{[\ldots{}]}] matches any of the enclosed characters. Character
ranges are specified by a pair of characters separated by a \texttt{`-'}.
If the first character after \texttt{`['} is a \texttt{`!'}, then any
character not enclosed is matched.
\end{description}
\end{description}
Allowing or denying of different services is like this:
@ -260,8 +306,11 @@ Example:
To use facility of online reconfiguration of \ejabberd{} needed to have
\modconfigure{} loaded (see section~\ref{sec:modconfigure}). Also highly
recommended to load \moddisco{} (see section~\ref{sec:moddisco}), because
\modconfigure{} highly integrates with it. Also recommended to use
disco- and xdata-capable client.
\modconfigure{} highly integrates with it. Also recommended to use disco- and
xdata-capable client
(\footahref{http://www.jabber.ru/projects/tkabber/index\_en.html}{Tkabber}
developed synchronously with \ejabberd{}, its CVS version use most of
\ejabberd{} features).
TBD
@ -276,9 +325,9 @@ TBD
runned on different machines that can be connected via network. They all must
have access to connect to port 4369 of all another nodes, and must have same
magic cookie (see Erlang/OTP documentation, in short file
\texttt{\~ejabberd/.erlang.cookie} must be the same on all nodes). This is
\texttt{\~{}ejabberd/.erlang.cookie} must be the same on all nodes). This is
needed because all nodes exchange information about connected users, S2S
connection, registered services, etc\ldots
connections, registered services, etc\ldots
Each \ejabberd{} node run following modules:
\begin{itemize}
@ -317,8 +366,8 @@ sended to session manager on it.
\subsubsection{S2S Manager}
This module route packets to another \Jabber{} servers. First, it check if
to domain of packet destination from domain of source already opened S2S
connection. If it opened on another node, then it routed to S2S manager on
already exists opened S2S connection from domain of packet source to domain of
destination. If it opened on another node, then it routed to S2S manager on
that node, if it opened on this node, then it routed to process that serve this
connection, and if this connection not exists, then it opened and registered.

View File

@ -1,7 +1,7 @@
%%%----------------------------------------------------------------------
%%% File : acl.erl
%%% Author : Alexey Shchepin <alexey@sevcom.net>
%%% Purpose :
%%% Purpose : ACL support
%%% Created : 18 Jan 2003 by Alexey Shchepin <alexey@sevcom.net>
%%% Id : $Id$
%%%----------------------------------------------------------------------
@ -10,14 +10,17 @@
-author('alexey@sevcom.net').
-vsn('$Revision$ ').
-export([start/0, add/2, match_rule/2, match_acl/2]).
-export([start/0,
add/2,
match_rule/2,
% for debugging only
match_acl/2]).
-include("ejabberd.hrl").
-record(acl, {aclname, aclspec}).
start() ->
%ets:new(acls, [bag, named_table, public]),
mnesia:create_table(acl,
[{disc_copies, [node()]},
{type, bag},
@ -31,7 +34,6 @@ add(ACLName, ACLSpec) ->
mnesia:write(#acl{aclname = ACLName, aclspec = ACLSpec})
end,
mnesia:transaction(F).
%ets:insert(acls, {ACLName, ACLData}).
match_rule(Rule, JID) ->
case ejabberd_config:get_global_option({access, Rule}) of
@ -58,10 +60,50 @@ match_acl(ACL, JID) ->
all ->
true;
{user, U} ->
(U == User) and (?MYNAME == Server);
(U == User) andalso (?MYNAME == Server);
{user, U, S} ->
(U == User) and (S == Server);
(U == User) andalso (S == Server);
{server, S} ->
S == Server
S == Server;
{user_regexp, UR} ->
(?MYNAME == Server) andalso
is_regexp_match(User, UR);
{user_regexp, UR, S} ->
(S == Server) andalso
is_regexp_match(User, UR);
{server_regexp, SR} ->
is_regexp_match(Server, SR);
{node_regexp, UR, SR} ->
is_regexp_match(Server, SR) andalso
is_regexp_match(User, UR);
{user_glob, UR} ->
(?MYNAME == Server) andalso
is_glob_match(User, UR);
{user_glob, UR, S} ->
(S == Server) andalso
is_glob_match(User, UR);
{server_glob, SR} ->
is_glob_match(Server, SR);
{node_glob, UR, SR} ->
is_glob_match(Server, SR) andalso
is_glob_match(User, UR)
end
end, ets:lookup(acl, ACL)).
is_regexp_match(String, RegExp) ->
case regexp:first_match(String, RegExp) of
nomatch ->
false;
{match, _, _} ->
true;
{error, ErrDesc} ->
?ERROR_MSG(
"Wrong regexp ~p in ACL: ~p",
[RegExp, lists:flatten(regexp:format_error(ErrDesc))]),
false
end.
is_glob_match(String, Glob) ->
is_regexp_match(String, regexp:sh_to_awk(Glob)).

View File

@ -9,6 +9,10 @@
{acl, jabberorg, {server, "jabber.org"}}.
{acl, aleksey, {user, "aleksey", "jabber.ru"}}.
{acl, test, {user_glob, "test.*"}}.
%{acl, test2, {user_glob, "test*"}}.
{access, disco_admin, [{allow, admin},
{deny, all}]}.