Alexey Shchepin
parent
9a3a723f1b
commit
45abdd240c
|
|
@ -17,7 +17,7 @@
|
|||
|
||||
<H3 ALIGN=center>Alexey Shchepin<BR><A HREF="mailto:alexey@sevcom.net"><TT>mailto:alexey@sevcom.net</TT></A><BR><A HREF="xmpp:aleksey@jabber.ru"><TT>xmpp:aleksey@jabber.ru</TT></A></H3>
|
||||
|
||||
<H3 ALIGN=center>January 26, 2003</H3> <DIV ALIGN=center><IMG SRC="logo.png">
|
||||
<H3 ALIGN=center>January 29, 2003</H3> <DIV ALIGN=center><IMG SRC="logo.png">
|
||||
|
||||
</DIV><BR>
|
||||
<BR>
|
||||
|
|
@ -96,7 +96,10 @@ erl -name ejabberd -s ejabberd
|
|||
<A NAME="sec:initconfig"></A>Configuration file is loaded after first start of <TT>ejabberd</TT>. It consists of
|
||||
sequence of Erlang terms. Parts of lines after <TT>`%'</TT> sign are ignored.
|
||||
Each term is tuple, where first element is name of option, and other are option
|
||||
values.<BR>
|
||||
values. Note, that after first start all values from this file stored in
|
||||
database, and in next time they will be APPENDED to existing values. E. g.
|
||||
if this file will not contain ``host'' definition, then old value will be
|
||||
used.<BR>
|
||||
<BR>
|
||||
<!--TOC subsubsection Host Name-->
|
||||
|
||||
|
|
@ -160,7 +163,7 @@ config file they looks like this:
|
|||
{acl, admin, {user, "aleksey"}}.
|
||||
</PRE>
|
||||
<DT><TT>{user, <username>, <server>}</TT><DD> Matches user with JID
|
||||
<TT><username>@<server></TT>. Example:
|
||||
<TT><username>@<server></TT> and any resource. Example:
|
||||
<PRE>
|
||||
{acl, admin, {user, "aleksey", "jabber.ru"}}.
|
||||
</PRE>
|
||||
|
|
@ -168,7 +171,49 @@ config file they looks like this:
|
|||
<TT><server></TT>. Example:
|
||||
<PRE>
|
||||
{acl, jabberorg, {server, "jabber.org"}}.
|
||||
</PRE></DL>Allowing or denying of different services is like this:
|
||||
</PRE>
|
||||
<DT><TT>{user_regexp, <regexp>}</TT><DD> Matches local user with name that
|
||||
mathes <TT><regexp></TT>. Example:
|
||||
<PRE>
|
||||
{acl, tests, {user, "test.*"}}.
|
||||
</PRE>
|
||||
<DT><TT>{user_regexp, <regexp>, <server>}</TT><DD> Matches user with name
|
||||
that mathes <TT><regexp></TT> and from server <TT><server></TT>. Example:
|
||||
<PRE>
|
||||
{acl, tests, {user, "test.*", "localhost"}}.
|
||||
</PRE>
|
||||
<DT><TT>{server_regexp, <regexp>}</TT><DD> Matches any JID from server that
|
||||
matches <TT><regexp></TT>. Example:
|
||||
<PRE>
|
||||
{acl, icq, {server, "icq.*"}}.
|
||||
</PRE>
|
||||
<DT><TT>{node_regexp, <user_regexp>, <server_regexp>}</TT><DD> Matches user
|
||||
with name that mathes <TT><user_regexp></TT> and from server that matches
|
||||
<TT><server_regexp></TT>. Example:
|
||||
<PRE>
|
||||
{acl, aleksey, {node_regexp, "aleksey.*", "jabber.(ru|org)"}}.
|
||||
</PRE>
|
||||
<DT><TT>{user_glob, <glob>}</TT><DD>
|
||||
|
||||
<DT><TT>{user_glob, <glob>, <server>}</TT><DD>
|
||||
|
||||
<DT><TT>{server_glob, <glob>}</TT><DD>
|
||||
|
||||
<DT><TT>{node_glob, <user_glob>, <server_glob>}</TT><DD> This is same as
|
||||
above, but use shell glob patterns instead of regexp. This patterns can have
|
||||
following special characters:
|
||||
<DL COMPACT=compact>
|
||||
<DT>
|
||||
<TT>*</TT><DD> matches any string including the null string.
|
||||
|
||||
<DT><TT>?</TT><DD> matches any single character.
|
||||
|
||||
<DT><TT>[...]</TT><DD> matches any of the enclosed characters. Character
|
||||
ranges are specified by a pair of characters separated by a <TT>`-'</TT>.
|
||||
If the first character after <TT>`['</TT> is a <TT>`!'</TT>, then any
|
||||
character not enclosed is matched.
|
||||
</DL>
|
||||
</DL>Allowing or denying of different services is like this:
|
||||
<PRE>
|
||||
{access, <accessname>, [{allow, <aclname>},
|
||||
{deny, <aclname>},
|
||||
|
|
@ -215,8 +260,11 @@ Example:
|
|||
<A NAME="sec:onlineconfig"></A>To use facility of online reconfiguration of <TT>ejabberd</TT> needed to have
|
||||
<TT>mod_configure</TT> loaded (see section <A HREF="#sec:modconfigure">5.4</A>). Also highly
|
||||
recommended to load <TT>mod_disco</TT> (see section <A HREF="#sec:moddisco">5.5</A>), because
|
||||
<TT>mod_configure</TT> highly integrates with it. Also recommended to use
|
||||
disco- and xdata-capable client.<BR>
|
||||
<TT>mod_configure</TT> highly integrates with it. Also recommended to use disco- and
|
||||
xdata-capable client
|
||||
(<A HREF="http://www.jabber.ru/projects/tkabber/index_en.html">Tkabber</A>
|
||||
developed synchronously with <TT>ejabberd</TT>, its CVS version use most of
|
||||
<TT>ejabberd</TT> features).<BR>
|
||||
<BR>
|
||||
TBD<BR>
|
||||
<BR>
|
||||
|
|
@ -232,7 +280,7 @@ TBD<BR>
|
|||
runned on different machines that can be connected via network. They all must
|
||||
have access to connect to port 4369 of all another nodes, and must have same
|
||||
magic cookie (see Erlang/OTP documentation, in short file
|
||||
<TT>ejabberd/.erlang.cookie</TT> must be the same on all nodes). This is
|
||||
<TT>~ejabberd/.erlang.cookie</TT> must be the same on all nodes). This is
|
||||
needed because all nodes exchange information about connected users, S2S
|
||||
connection, registered services, etc...<BR>
|
||||
<BR>
|
||||
|
|
@ -275,8 +323,8 @@ sended to session manager on it.<BR>
|
|||
|
||||
<H4>4.1.4 S2S Manager</H4><!--SEC END -->
|
||||
This module route packets to another Jabber servers. First, it check if
|
||||
to domain of packet destination from domain of source already opened S2S
|
||||
connection. If it opened on another node, then it routed to S2S manager on
|
||||
already exists opened S2S connection from domain of packet source to domain of
|
||||
destination. If it opened on another node, then it routed to S2S manager on
|
||||
that node, if it opened on this node, then it routed to process that serve this
|
||||
connection, and if this connection not exists, then it opened and registered.<BR>
|
||||
<BR>
|
||||
|
|
|
|||
|
|
@ -30,7 +30,7 @@
|
|||
\author{Alexey Shchepin \\
|
||||
\ahrefurl{mailto:alexey@sevcom.net} \\
|
||||
\ahrefurl{xmpp:aleksey@jabber.ru}}
|
||||
\date{January 26, 2003}
|
||||
\date{January 29, 2003}
|
||||
|
||||
\begin{document}
|
||||
\begin{titlepage}
|
||||
|
|
@ -127,7 +127,10 @@ TBD
|
|||
Configuration file is loaded after first start of \ejabberd{}. It consists of
|
||||
sequence of Erlang terms. Parts of lines after \texttt{`\%'} sign are ignored.
|
||||
Each term is tuple, where first element is name of option, and other are option
|
||||
values.
|
||||
values. Note, that after first start all values from this file stored in
|
||||
database, and in next time they will be APPENDED to existing values. E.\,g.\
|
||||
if this file will not contain ``host'' definition, then old value will be
|
||||
used.
|
||||
|
||||
|
||||
\subsubsection{Host Name}
|
||||
|
|
@ -190,21 +193,64 @@ config file they looks like this:
|
|||
\begin{verbatim}
|
||||
{acl, all, all}.
|
||||
\end{verbatim}
|
||||
|
||||
\item[\texttt{\{user, <username>\}}] Matches local user with name
|
||||
\texttt{<username>}. Example:
|
||||
\begin{verbatim}
|
||||
{acl, admin, {user, "aleksey"}}.
|
||||
\end{verbatim}
|
||||
|
||||
\item[\texttt{\{user, <username>, <server>\}}] Matches user with JID
|
||||
\texttt{<username>@<server>}. Example:
|
||||
\texttt{<username>@<server>} and any resource. Example:
|
||||
\begin{verbatim}
|
||||
{acl, admin, {user, "aleksey", "jabber.ru"}}.
|
||||
\end{verbatim}
|
||||
|
||||
\item[\texttt{\{server, <server>\}}] Matches any JID from server
|
||||
\texttt{<server>}. Example:
|
||||
\begin{verbatim}
|
||||
{acl, jabberorg, {server, "jabber.org"}}.
|
||||
\end{verbatim}
|
||||
|
||||
\item[\texttt{\{user\_regexp, <regexp>\}}] Matches local user with name that
|
||||
mathes \texttt{<regexp>}. Example:
|
||||
\begin{verbatim}
|
||||
{acl, tests, {user, "test.*"}}.
|
||||
\end{verbatim}
|
||||
|
||||
\item[\texttt{\{user\_regexp, <regexp>, <server>\}}] Matches user with name
|
||||
that mathes \texttt{<regexp>} and from server \texttt{<server>}. Example:
|
||||
\begin{verbatim}
|
||||
{acl, tests, {user, "test.*", "localhost"}}.
|
||||
\end{verbatim}
|
||||
|
||||
\item[\texttt{\{server\_regexp, <regexp>\}}] Matches any JID from server that
|
||||
matches \texttt{<regexp>}. Example:
|
||||
\begin{verbatim}
|
||||
{acl, icq, {server, "icq.*"}}.
|
||||
\end{verbatim}
|
||||
|
||||
\item[\texttt{\{node\_regexp, <user\_regexp>, <server\_regexp>\}}] Matches user
|
||||
with name that mathes \texttt{<user\_regexp>} and from server that matches
|
||||
\texttt{<server\_regexp>}. Example:
|
||||
\begin{verbatim}
|
||||
{acl, aleksey, {node_regexp, "aleksey.*", "jabber.(ru|org)"}}.
|
||||
\end{verbatim}
|
||||
|
||||
\item[\texttt{\{user\_glob, <glob>\}}]
|
||||
\item[\texttt{\{user\_glob, <glob>, <server>\}}]
|
||||
\item[\texttt{\{server\_glob, <glob>\}}]
|
||||
\item[\texttt{\{node\_glob, <user\_glob>, <server\_glob>\}}] This is same as
|
||||
above, but use shell glob patterns instead of regexp. This patterns can have
|
||||
following special characters:
|
||||
\begin{description}
|
||||
\item[\texttt{*}] matches any string including the null string.
|
||||
\item[\texttt{?}] matches any single character.
|
||||
\item[\texttt{[\ldots{}]}] matches any of the enclosed characters. Character
|
||||
ranges are specified by a pair of characters separated by a \texttt{`-'}.
|
||||
If the first character after \texttt{`['} is a \texttt{`!'}, then any
|
||||
character not enclosed is matched.
|
||||
\end{description}
|
||||
\end{description}
|
||||
|
||||
Allowing or denying of different services is like this:
|
||||
|
|
@ -260,8 +306,11 @@ Example:
|
|||
To use facility of online reconfiguration of \ejabberd{} needed to have
|
||||
\modconfigure{} loaded (see section~\ref{sec:modconfigure}). Also highly
|
||||
recommended to load \moddisco{} (see section~\ref{sec:moddisco}), because
|
||||
\modconfigure{} highly integrates with it. Also recommended to use
|
||||
disco- and xdata-capable client.
|
||||
\modconfigure{} highly integrates with it. Also recommended to use disco- and
|
||||
xdata-capable client
|
||||
(\footahref{http://www.jabber.ru/projects/tkabber/index\_en.html}{Tkabber}
|
||||
developed synchronously with \ejabberd{}, its CVS version use most of
|
||||
\ejabberd{} features).
|
||||
|
||||
TBD
|
||||
|
||||
|
|
@ -276,9 +325,9 @@ TBD
|
|||
runned on different machines that can be connected via network. They all must
|
||||
have access to connect to port 4369 of all another nodes, and must have same
|
||||
magic cookie (see Erlang/OTP documentation, in short file
|
||||
\texttt{\~ejabberd/.erlang.cookie} must be the same on all nodes). This is
|
||||
\texttt{\~{}ejabberd/.erlang.cookie} must be the same on all nodes). This is
|
||||
needed because all nodes exchange information about connected users, S2S
|
||||
connection, registered services, etc\ldots
|
||||
connections, registered services, etc\ldots
|
||||
|
||||
Each \ejabberd{} node run following modules:
|
||||
\begin{itemize}
|
||||
|
|
@ -317,8 +366,8 @@ sended to session manager on it.
|
|||
\subsubsection{S2S Manager}
|
||||
|
||||
This module route packets to another \Jabber{} servers. First, it check if
|
||||
to domain of packet destination from domain of source already opened S2S
|
||||
connection. If it opened on another node, then it routed to S2S manager on
|
||||
already exists opened S2S connection from domain of packet source to domain of
|
||||
destination. If it opened on another node, then it routed to S2S manager on
|
||||
that node, if it opened on this node, then it routed to process that serve this
|
||||
connection, and if this connection not exists, then it opened and registered.
|
||||
|
||||
|
|
|
|||
56
src/acl.erl
56
src/acl.erl
|
|
@ -1,7 +1,7 @@
|
|||
%%%----------------------------------------------------------------------
|
||||
%%% File : acl.erl
|
||||
%%% Author : Alexey Shchepin <alexey@sevcom.net>
|
||||
%%% Purpose :
|
||||
%%% Purpose : ACL support
|
||||
%%% Created : 18 Jan 2003 by Alexey Shchepin <alexey@sevcom.net>
|
||||
%%% Id : $Id$
|
||||
%%%----------------------------------------------------------------------
|
||||
|
|
@ -10,14 +10,17 @@
|
|||
-author('alexey@sevcom.net').
|
||||
-vsn('$Revision$ ').
|
||||
|
||||
-export([start/0, add/2, match_rule/2, match_acl/2]).
|
||||
-export([start/0,
|
||||
add/2,
|
||||
match_rule/2,
|
||||
% for debugging only
|
||||
match_acl/2]).
|
||||
|
||||
-include("ejabberd.hrl").
|
||||
|
||||
-record(acl, {aclname, aclspec}).
|
||||
|
||||
start() ->
|
||||
%ets:new(acls, [bag, named_table, public]),
|
||||
mnesia:create_table(acl,
|
||||
[{disc_copies, [node()]},
|
||||
{type, bag},
|
||||
|
|
@ -31,7 +34,6 @@ add(ACLName, ACLSpec) ->
|
|||
mnesia:write(#acl{aclname = ACLName, aclspec = ACLSpec})
|
||||
end,
|
||||
mnesia:transaction(F).
|
||||
%ets:insert(acls, {ACLName, ACLData}).
|
||||
|
||||
match_rule(Rule, JID) ->
|
||||
case ejabberd_config:get_global_option({access, Rule}) of
|
||||
|
|
@ -58,10 +60,50 @@ match_acl(ACL, JID) ->
|
|||
all ->
|
||||
true;
|
||||
{user, U} ->
|
||||
(U == User) and (?MYNAME == Server);
|
||||
(U == User) andalso (?MYNAME == Server);
|
||||
{user, U, S} ->
|
||||
(U == User) and (S == Server);
|
||||
(U == User) andalso (S == Server);
|
||||
{server, S} ->
|
||||
S == Server
|
||||
S == Server;
|
||||
{user_regexp, UR} ->
|
||||
(?MYNAME == Server) andalso
|
||||
is_regexp_match(User, UR);
|
||||
{user_regexp, UR, S} ->
|
||||
(S == Server) andalso
|
||||
is_regexp_match(User, UR);
|
||||
{server_regexp, SR} ->
|
||||
is_regexp_match(Server, SR);
|
||||
{node_regexp, UR, SR} ->
|
||||
is_regexp_match(Server, SR) andalso
|
||||
is_regexp_match(User, UR);
|
||||
{user_glob, UR} ->
|
||||
(?MYNAME == Server) andalso
|
||||
is_glob_match(User, UR);
|
||||
{user_glob, UR, S} ->
|
||||
(S == Server) andalso
|
||||
is_glob_match(User, UR);
|
||||
{server_glob, SR} ->
|
||||
is_glob_match(Server, SR);
|
||||
{node_glob, UR, SR} ->
|
||||
is_glob_match(Server, SR) andalso
|
||||
is_glob_match(User, UR)
|
||||
end
|
||||
end, ets:lookup(acl, ACL)).
|
||||
|
||||
is_regexp_match(String, RegExp) ->
|
||||
case regexp:first_match(String, RegExp) of
|
||||
nomatch ->
|
||||
false;
|
||||
{match, _, _} ->
|
||||
true;
|
||||
{error, ErrDesc} ->
|
||||
?ERROR_MSG(
|
||||
"Wrong regexp ~p in ACL: ~p",
|
||||
[RegExp, lists:flatten(regexp:format_error(ErrDesc))]),
|
||||
false
|
||||
end.
|
||||
|
||||
is_glob_match(String, Glob) ->
|
||||
is_regexp_match(String, regexp:sh_to_awk(Glob)).
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -9,6 +9,10 @@
|
|||
{acl, jabberorg, {server, "jabber.org"}}.
|
||||
{acl, aleksey, {user, "aleksey", "jabber.ru"}}.
|
||||
|
||||
{acl, test, {user_glob, "test.*"}}.
|
||||
%{acl, test2, {user_glob, "test*"}}.
|
||||
|
||||
|
||||
{access, disco_admin, [{allow, admin},
|
||||
{deny, all}]}.
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue