From 45abdd240cd3f483d9807feb9062f6c743d2373d Mon Sep 17 00:00:00 2001 From: Alexey Shchepin Date: Wed, 29 Jan 2003 20:21:14 +0000 Subject: [PATCH] *** empty log message *** SVN Revision: 54 --- doc/guide.html | 66 ++++++++++++++++++++++++++++++++++++++++------- doc/guide.tex | 67 +++++++++++++++++++++++++++++++++++++++++------- src/acl.erl | 56 +++++++++++++++++++++++++++++++++++----- src/ejabberd.cfg | 4 +++ 4 files changed, 168 insertions(+), 25 deletions(-) diff --git a/doc/guide.html b/doc/guide.html index bb18b0eab..48d0469c8 100644 --- a/doc/guide.html +++ b/doc/guide.html @@ -17,7 +17,7 @@

Alexey Shchepin
mailto:alexey@sevcom.net
xmpp:aleksey@jabber.ru

-

January 26, 2003

+

January 29, 2003



@@ -96,7 +96,10 @@ erl -name ejabberd -s ejabberd Configuration file is loaded after first start of ejabberd. It consists of sequence of Erlang terms. Parts of lines after `%' sign are ignored. Each term is tuple, where first element is name of option, and other are option -values.
+values. Note, that after first start all values from this file stored in +database, and in next time they will be APPENDED to existing values. E. g. +if this file will not contain ``host'' definition, then old value will be +used.

@@ -160,7 +163,7 @@ config file they looks like this: {acl, admin, {user, "aleksey"}}.
{user, <username>, <server>}
Matches user with JID - <username>@<server>. Example: + <username>@<server> and any resource. Example: 
 {acl, admin, {user, "aleksey", "jabber.ru"}}.
@@ -168,7 +171,49 @@ config file they looks like this: <server>. Example: 
 {acl, jabberorg, {server, "jabber.org"}}.
-
Allowing or denying of different services is like this: + +
{user_regexp, <regexp>}
Matches local user with name that + mathes <regexp>. Example: +
+{acl, tests, {user, "test.*"}}.
+
+
{user_regexp, <regexp>, <server>}
Matches user with name + that mathes <regexp> and from server <server>. Example: +
+{acl, tests, {user, "test.*", "localhost"}}.
+
+
{server_regexp, <regexp>}
Matches any JID from server that + matches <regexp>. Example: +
+{acl, icq, {server, "icq.*"}}.
+
+
{node_regexp, <user_regexp>, <server_regexp>}
Matches user + with name that mathes <user_regexp> and from server that matches + <server_regexp>. Example: +
+{acl, aleksey, {node_regexp, "aleksey.*", "jabber.(ru|org)"}}.
+
+
{user_glob, <glob>}
+ +
{user_glob, <glob>, <server>}
+ +
{server_glob, <glob>}
+ +
{node_glob, <user_glob>, <server_glob>}
This is same as + above, but use shell glob patterns instead of regexp. This patterns can have + following special characters: +
+
+ *
matches any string including the null string. + +
?
matches any single character. + +
[...]
matches any of the enclosed characters. Character + ranges are specified by a pair of characters separated by a `-'. + If the first character after `[' is a `!', then any + character not enclosed is matched. +
+Allowing or denying of different services is like this: 
 {access, <accessname>, [{allow, <aclname>},
                         {deny, <aclname>},
@@ -215,8 +260,11 @@ Example:
 To use facility of online reconfiguration of ejabberd needed to have
 mod_configure loaded (see section 5.4). Also highly
 recommended to load mod_disco (see section 5.5), because
-mod_configure highly integrates with it. Also recommended to use
-disco- and xdata-capable client.

+mod_configure highly integrates with it. Also recommended to use disco- and
+xdata-capable client
+(Tkabber
+developed synchronously with ejabberd, its CVS version use most of
+ejabberd features).

 

 TBD

 

@@ -232,7 +280,7 @@ TBD

 runned on different machines that can be connected via network. They all must
 have access to connect to port 4369 of all another nodes, and must have same
 magic cookie (see Erlang/OTP documentation, in short file
-ejabberd/.erlang.cookie must be the same on all nodes). This is
+~ejabberd/.erlang.cookie must be the same on all nodes). This is
 needed because all nodes exchange information about connected users, S2S
 connection, registered services, etc...

 

@@ -275,8 +323,8 @@ sended to session manager on it.

 
 
4.1.4   S2S Manager

 This module route packets to another Jabber servers. First, it check if
-to domain of packet destination from domain of source already opened S2S
-connection. If it opened on another node, then it routed to S2S manager on
+already exists opened S2S connection from domain of packet source to domain of
+destination. If it opened on another node, then it routed to S2S manager on
 that node, if it opened on this node, then it routed to process that serve this
 connection, and if this connection not exists, then it opened and registered.

 

diff --git a/doc/guide.tex b/doc/guide.tex
index 6a42eb947..47061fada 100644
--- a/doc/guide.tex
+++ b/doc/guide.tex
@@ -30,7 +30,7 @@
 \author{Alexey Shchepin \\
   \ahrefurl{mailto:alexey@sevcom.net} \\
   \ahrefurl{xmpp:aleksey@jabber.ru}}
-\date{January 26, 2003}
+\date{January 29, 2003}
 
 \begin{document}
 \begin{titlepage}
@@ -127,7 +127,10 @@ TBD
 Configuration file is loaded after first start of \ejabberd{}.  It consists of
 sequence of Erlang terms.  Parts of lines after \texttt{`\%'} sign are ignored.
 Each term is tuple, where first element is name of option, and other are option
-values.
+values.  Note, that after first start all values from this file stored in
+database, and in next time they will be APPENDED to existing values.  E.\,g.\
+if this file will not contain ``host'' definition, then old value will be
+used.
 
 
 \subsubsection{Host Name}
@@ -190,21 +193,64 @@ config file they looks like this:
 \begin{verbatim}
 {acl, all, all}.
 \end{verbatim}
+
 \item[\texttt{\{user, \}}] Matches local user with name
   \texttt{}.  Example:
 \begin{verbatim}
 {acl, admin, {user, "aleksey"}}.
 \end{verbatim}
+
 \item[\texttt{\{user, , \}}] Matches user with JID
-  \texttt{@}.  Example:
+  \texttt{@} and any resource.  Example:
 \begin{verbatim}
 {acl, admin, {user, "aleksey", "jabber.ru"}}.
 \end{verbatim}
+
 \item[\texttt{\{server, \}}] Matches any JID from server
   \texttt{}.  Example:
 \begin{verbatim}
 {acl, jabberorg, {server, "jabber.org"}}.
 \end{verbatim}
+
+\item[\texttt{\{user\_regexp, \}}] Matches local user with name that
+  mathes \texttt{}.  Example:
+\begin{verbatim}
+{acl, tests, {user, "test.*"}}.
+\end{verbatim}
+
+\item[\texttt{\{user\_regexp, , \}}] Matches user with name
+  that mathes \texttt{} and from server \texttt{}.  Example:
+\begin{verbatim}
+{acl, tests, {user, "test.*", "localhost"}}.
+\end{verbatim}
+
+\item[\texttt{\{server\_regexp, \}}] Matches any JID from server that
+  matches \texttt{}.  Example:
+\begin{verbatim}
+{acl, icq, {server, "icq.*"}}.
+\end{verbatim}
+
+\item[\texttt{\{node\_regexp, , \}}] Matches user
+  with name that mathes \texttt{} and from server that matches
+  \texttt{}.  Example:
+\begin{verbatim}
+{acl, aleksey, {node_regexp, "aleksey.*", "jabber.(ru|org)"}}.
+\end{verbatim}
+
+\item[\texttt{\{user\_glob, \}}]
+\item[\texttt{\{user\_glob, , \}}]
+\item[\texttt{\{server\_glob, \}}]
+\item[\texttt{\{node\_glob, , \}}] This is same as
+  above, but use shell glob patterns instead of regexp.  This patterns can have
+  following special characters:
+  \begin{description}
+  \item[\texttt{*}] matches any string including the null string.
+  \item[\texttt{?}] matches any single character.
+  \item[\texttt{[\ldots{}]}] matches any of the enclosed characters.  Character
+    ranges are specified by a pair of characters separated by a \texttt{`-'}.
+    If the first character after \texttt{`['} is a \texttt{`!'}, then any
+    character not enclosed is matched.
+  \end{description}
 \end{description}
 
 Allowing or denying of different services is like this:
@@ -260,8 +306,11 @@ Example:
 To use facility of online reconfiguration of \ejabberd{} needed to have
 \modconfigure{} loaded (see section~\ref{sec:modconfigure}).  Also highly
 recommended to load \moddisco{} (see section~\ref{sec:moddisco}), because
-\modconfigure{} highly integrates with it.  Also recommended to use
-disco- and xdata-capable client.
+\modconfigure{} highly integrates with it.  Also recommended to use disco- and
+xdata-capable client
+(\footahref{http://www.jabber.ru/projects/tkabber/index\_en.html}{Tkabber}
+developed synchronously with \ejabberd{}, its CVS version use most of
+\ejabberd{} features).
 
 TBD
 
@@ -276,9 +325,9 @@ TBD
 runned on different machines that can be connected via network.  They all must
 have access to connect to port 4369 of all another nodes, and must have same
 magic cookie (see Erlang/OTP documentation, in short file
-\texttt{\~ejabberd/.erlang.cookie} must be the same on all nodes).  This is
+\texttt{\~{}ejabberd/.erlang.cookie} must be the same on all nodes).  This is
 needed because all nodes exchange information about connected users, S2S
-connection, registered services, etc\ldots
+connections, registered services, etc\ldots
 
 Each \ejabberd{} node run following modules:
 \begin{itemize}
@@ -317,8 +366,8 @@ sended to session manager on it.
 \subsubsection{S2S Manager}
 
 This module route packets to another \Jabber{} servers.  First, it check if
-to domain of packet destination from domain of source already opened S2S
-connection.  If it opened on another node, then it routed to S2S manager on
+already exists opened S2S connection from domain of packet source to domain of
+destination.  If it opened on another node, then it routed to S2S manager on
 that node, if it opened on this node, then it routed to process that serve this
 connection, and if this connection not exists, then it opened and registered.
 
diff --git a/src/acl.erl b/src/acl.erl
index 2c8a8e7ca..10bd11fdb 100644
--- a/src/acl.erl
+++ b/src/acl.erl
@@ -1,7 +1,7 @@
 %%%----------------------------------------------------------------------
 %%% File    : acl.erl
 %%% Author  : Alexey Shchepin 
-%%% Purpose : 
+%%% Purpose : ACL support
 %%% Created : 18 Jan 2003 by Alexey Shchepin 
 %%% Id      : $Id$
 %%%----------------------------------------------------------------------
@@ -10,14 +10,17 @@
 -author('alexey@sevcom.net').
 -vsn('$Revision$ ').
 
--export([start/0, add/2, match_rule/2, match_acl/2]).
+-export([start/0,
+	 add/2,
+	 match_rule/2,
+	 % for debugging only
+	 match_acl/2]).
 
 -include("ejabberd.hrl").
 
 -record(acl, {aclname, aclspec}).
 
 start() ->
-    %ets:new(acls, [bag, named_table, public]),
     mnesia:create_table(acl,
 			[{disc_copies, [node()]},
 			 {type, bag},
@@ -31,7 +34,6 @@ add(ACLName, ACLSpec) ->
 		mnesia:write(#acl{aclname = ACLName, aclspec = ACLSpec})
 	end,
     mnesia:transaction(F).
-    %ets:insert(acls, {ACLName, ACLData}).
 
 match_rule(Rule, JID) ->
     case ejabberd_config:get_global_option({access, Rule}) of
@@ -58,10 +60,50 @@ match_acl(ACL, JID) ->
 			  all ->
 			      true;
 			  {user, U} ->
-			      (U == User) and (?MYNAME == Server);
+			      (U == User) andalso (?MYNAME == Server);
 			  {user, U, S} ->
-			      (U == User) and (S == Server);
+			      (U == User) andalso (S == Server);
 			  {server, S} ->
-			      S == Server
+			      S == Server;
+			  {user_regexp, UR} ->
+			      (?MYNAME == Server) andalso
+				  is_regexp_match(User, UR);
+			  {user_regexp, UR, S} ->
+			      (S == Server) andalso
+				  is_regexp_match(User, UR);
+			  {server_regexp, SR} ->
+			      is_regexp_match(Server, SR);
+			  {node_regexp, UR, SR} ->
+			      is_regexp_match(Server, SR) andalso
+				  is_regexp_match(User, UR);
+			  {user_glob, UR} ->
+			      (?MYNAME == Server) andalso
+				  is_glob_match(User, UR);
+			  {user_glob, UR, S} ->
+			      (S == Server) andalso
+				  is_glob_match(User, UR);
+			  {server_glob, SR} ->
+			      is_glob_match(Server, SR);
+			  {node_glob, UR, SR} ->
+			      is_glob_match(Server, SR) andalso
+				  is_glob_match(User, UR)
 		      end
 	      end, ets:lookup(acl, ACL)).
+
+is_regexp_match(String, RegExp) ->
+    case regexp:first_match(String, RegExp) of
+	nomatch ->
+	    false;
+	{match, _, _} ->
+	    true;
+	{error, ErrDesc} ->
+	    ?ERROR_MSG(
+	       "Wrong regexp ~p in ACL: ~p",
+	       [RegExp, lists:flatten(regexp:format_error(ErrDesc))]),
+	    false
+    end.
+
+is_glob_match(String, Glob) ->
+    is_regexp_match(String, regexp:sh_to_awk(Glob)).
+
+
diff --git a/src/ejabberd.cfg b/src/ejabberd.cfg
index 6d4f3551b..00992fed2 100644
--- a/src/ejabberd.cfg
+++ b/src/ejabberd.cfg
@@ -9,6 +9,10 @@
 {acl, jabberorg, {server, "jabber.org"}}.
 {acl, aleksey, {user, "aleksey", "jabber.ru"}}.
 
+{acl, test,  {user_glob, "test.*"}}.
+%{acl, test2, {user_glob, "test*"}}.
+
+
 {access, disco_admin, [{allow, admin},
                        {deny, all}]}.