*** empty log message ***

SVN Revision: 54
2003-01-29 20:21:14 +00:00 · 2003-01-29 20:21:14 +00:00 · 45abdd240c
parent 9a3a723f1b
commit 45abdd240c
4 changed files with 168 additions and 25 deletions
--- a/doc/guide.html
+++ b/doc/guide.html
@ -17,7 +17,7 @@
 <H3 ALIGN=center>Alexey Shchepin<BR><A HREF="mailto:alexey@sevcom.net"><TT>mailto:alexey@sevcom.net</TT></A><BR><A HREF="xmpp:aleksey@jabber.ru"><TT>xmpp:aleksey@jabber.ru</TT></A></H3>
-<H3 ALIGN=center>January 26, 2003</H3> <DIV ALIGN=center><IMG SRC="logo.png">
+<H3 ALIGN=center>January 29, 2003</H3> <DIV ALIGN=center><IMG SRC="logo.png">
 </DIV><BR>
 <BR>
@ -96,7 +96,10 @@ erl -name ejabberd -s ejabberd
 <A NAME="sec:initconfig"></A>Configuration file is loaded after first start of <TT>ejabberd</TT>. It consists of
 sequence of Erlang terms. Parts of lines after <TT>`%'</TT> sign are ignored.
 Each term is tuple, where first element is name of option, and other are option
-values.<BR>
+values. Note, that after first start all values from this file stored in
 database, and in next time they will be APPENDED to existing values. E.&nbsp;g.
 if this file will not contain ``host'' definition, then old value will be
 used.<BR>
 <BR>
 <!--TOC subsubsection Host Name-->
@ -160,7 +163,7 @@ config file they looks like this:
 {acl, admin, {user, "aleksey"}}.
 </PRE>
 <DT><TT>{user, &lt;username&gt;, &lt;server&gt;}</TT><DD> Matches user with JID
- <TT>&lt;username&gt;@&lt;server&gt;</TT>. Example:
+ <TT>&lt;username&gt;@&lt;server&gt;</TT> and any resource. Example:
 <PRE>
 {acl, admin, {user, "aleksey", "jabber.ru"}}.
 </PRE>
@ -168,7 +171,49 @@ config file they looks like this:
 <TT>&lt;server&gt;</TT>. Example:
 <PRE>
 {acl, jabberorg, {server, "jabber.org"}}.
-</PRE></DL>Allowing or denying of different services is like this:
+</PRE>
 <DT><TT>{user_regexp, &lt;regexp&gt;}</TT><DD> Matches local user with name that
 mathes <TT>&lt;regexp&gt;</TT>. Example:
 <PRE>
 {acl, tests, {user, "test.*"}}.
 </PRE>
 <DT><TT>{user_regexp, &lt;regexp&gt;, &lt;server&gt;}</TT><DD> Matches user with name
 that mathes <TT>&lt;regexp&gt;</TT> and from server <TT>&lt;server&gt;</TT>. Example:
 <PRE>
 {acl, tests, {user, "test.*", "localhost"}}.
 </PRE>
 <DT><TT>{server_regexp, &lt;regexp&gt;}</TT><DD> Matches any JID from server that
 matches <TT>&lt;regexp&gt;</TT>. Example:
 <PRE>
 {acl, icq, {server, "icq.*"}}.
 </PRE>
 <DT><TT>{node_regexp, &lt;user_regexp&gt;, &lt;server_regexp&gt;}</TT><DD> Matches user
 with name that mathes <TT>&lt;user_regexp&gt;</TT> and from server that matches
 <TT>&lt;server_regexp&gt;</TT>. Example:
 <PRE>
 {acl, aleksey, {node_regexp, "aleksey.*", "jabber.(ru|org)"}}.
 </PRE>
 <DT><TT>{user_glob, &lt;glob&gt;}</TT><DD>
 <DT><TT>{user_glob, &lt;glob&gt;, &lt;server&gt;}</TT><DD>
 <DT><TT>{server_glob, &lt;glob&gt;}</TT><DD>
 <DT><TT>{node_glob, &lt;user_glob&gt;, &lt;server_glob&gt;}</TT><DD> This is same as
 above, but use shell glob patterns instead of regexp. This patterns can have
 following special characters:
 <DL COMPACT=compact>
 <DT>
 <TT>*</TT><DD> matches any string including the null string.
 <DT><TT>?</TT><DD> matches any single character.
 <DT><TT>[...]</TT><DD> matches any of the enclosed characters. Character
 ranges are specified by a pair of characters separated by a <TT>`-'</TT>.
 If the first character after <TT>`['</TT> is a <TT>`!'</TT>, then any
 character not enclosed is matched.
 </DL>
 </DL>Allowing or denying of different services is like this:
 <PRE>
 {access, &lt;accessname&gt;, [{allow, &lt;aclname&gt;},
                        {deny, &lt;aclname&gt;},
@ -215,8 +260,11 @@ Example:
 <A NAME="sec:onlineconfig"></A>To use facility of online reconfiguration of <TT>ejabberd</TT> needed to have
 <TT>mod_configure</TT> loaded (see section&nbsp;<A HREF="#sec:modconfigure">5.4</A>). Also highly
 recommended to load <TT>mod_disco</TT> (see section&nbsp;<A HREF="#sec:moddisco">5.5</A>), because
-<TT>mod_configure</TT> highly integrates with it. Also recommended to use
+<TT>mod_configure</TT> highly integrates with it. Also recommended to use disco- and
-disco- and xdata-capable client.<BR>
+xdata-capable client
 (<A HREF="http://www.jabber.ru/projects/tkabber/index_en.html">Tkabber</A>
 developed synchronously with <TT>ejabberd</TT>, its CVS version use most of
 <TT>ejabberd</TT> features).<BR>
 <BR>
 TBD<BR>
 <BR>
@ -232,7 +280,7 @@ TBD<BR>
 runned on different machines that can be connected via network. They all must
 have access to connect to port 4369 of all another nodes, and must have same
 magic cookie (see Erlang/OTP documentation, in short file
-<TT>ejabberd/.erlang.cookie</TT> must be the same on all nodes). This is
+<TT>~ejabberd/.erlang.cookie</TT> must be the same on all nodes). This is
 needed because all nodes exchange information about connected users, S2S
 connection, registered services, etc...<BR>
 <BR>
@ -275,8 +323,8 @@ sended to session manager on it.<BR>
 <H4>4.1.4&nbsp;&nbsp; S2S Manager</H4><!--SEC END -->
 This module route packets to another Jabber servers. First, it check if
-to domain of packet destination from domain of source already opened S2S
+already exists opened S2S connection from domain of packet source to domain of
-connection. If it opened on another node, then it routed to S2S manager on
+destination. If it opened on another node, then it routed to S2S manager on
 that node, if it opened on this node, then it routed to process that serve this
 connection, and if this connection not exists, then it opened and registered.<BR>
 <BR>
--- a/doc/guide.tex
+++ b/doc/guide.tex
@ -30,7 +30,7 @@
 \author{Alexey Shchepin \\
  \ahrefurl{mailto:alexey@sevcom.net} \\
  \ahrefurl{xmpp:aleksey@jabber.ru}}
-\date{January 26, 2003}
+\date{January 29, 2003}
 \begin{document}
 \begin{titlepage}
@ -127,7 +127,10 @@ TBD
 Configuration file is loaded after first start of \ejabberd{}.  It consists of
 sequence of Erlang terms.  Parts of lines after \texttt{`\%'} sign are ignored.
 Each term is tuple, where first element is name of option, and other are option
-values.
+values.  Note, that after first start all values from this file stored in
 database, and in next time they will be APPENDED to existing values.  E.\,g.\
 if this file will not contain ``host'' definition, then old value will be
 used.
 \subsubsection{Host Name}
@ -190,21 +193,64 @@ config file they looks like this:
 \begin{verbatim}
 {acl, all, all}.
 \end{verbatim}
 \item[\texttt{\{user, <username>\}}] Matches local user with name
  \texttt{<username>}.  Example:
 \begin{verbatim}
 {acl, admin, {user, "aleksey"}}.
 \end{verbatim}
 \item[\texttt{\{user, <username>, <server>\}}] Matches user with JID
-  \texttt{<username>@<server>}.  Example:
+  \texttt{<username>@<server>} and any resource.  Example:
 \begin{verbatim}
 {acl, admin, {user, "aleksey", "jabber.ru"}}.
 \end{verbatim}
 \item[\texttt{\{server, <server>\}}] Matches any JID from server
  \texttt{<server>}.  Example:
 \begin{verbatim}
 {acl, jabberorg, {server, "jabber.org"}}.
 \end{verbatim}
 \item[\texttt{\{user\_regexp, <regexp>\}}] Matches local user with name that
  mathes \texttt{<regexp>}.  Example:
 \begin{verbatim}
 {acl, tests, {user, "test.*"}}.
 \end{verbatim}
 \item[\texttt{\{user\_regexp, <regexp>, <server>\}}] Matches user with name
  that mathes \texttt{<regexp>} and from server \texttt{<server>}.  Example:
 \begin{verbatim}
 {acl, tests, {user, "test.*", "localhost"}}.
 \end{verbatim}
 \item[\texttt{\{server\_regexp, <regexp>\}}] Matches any JID from server that
  matches \texttt{<regexp>}.  Example:
 \begin{verbatim}
 {acl, icq, {server, "icq.*"}}.
 \end{verbatim}
 \item[\texttt{\{node\_regexp, <user\_regexp>, <server\_regexp>\}}] Matches user
  with name that mathes \texttt{<user\_regexp>} and from server that matches
  \texttt{<server\_regexp>}.  Example:
 \begin{verbatim}
 {acl, aleksey, {node_regexp, "aleksey.*", "jabber.(ru|org)"}}.
 \end{verbatim}
 \item[\texttt{\{user\_glob, <glob>\}}]
 \item[\texttt{\{user\_glob, <glob>, <server>\}}]
 \item[\texttt{\{server\_glob, <glob>\}}]
 \item[\texttt{\{node\_glob, <user\_glob>, <server\_glob>\}}] This is same as
  above, but use shell glob patterns instead of regexp.  This patterns can have
  following special characters:
  \begin{description}
  \item[\texttt{*}] matches any string including the null string.
  \item[\texttt{?}] matches any single character.
  \item[\texttt{[\ldots{}]}] matches any of the enclosed characters.  Character
    ranges are specified by a pair of characters separated by a \texttt{`-'}.
    If the first character after \texttt{`['} is a \texttt{`!'}, then any
    character not enclosed is matched.
  \end{description}
 \end{description}
 Allowing or denying of different services is like this:
@ -260,8 +306,11 @@ Example:
 To use facility of online reconfiguration of \ejabberd{} needed to have
 \modconfigure{} loaded (see section~\ref{sec:modconfigure}).  Also highly
 recommended to load \moddisco{} (see section~\ref{sec:moddisco}), because
-\modconfigure{} highly integrates with it.  Also recommended to use
+\modconfigure{} highly integrates with it.  Also recommended to use disco- and
-disco- and xdata-capable client.
+xdata-capable client
 (\footahref{http://www.jabber.ru/projects/tkabber/index\_en.html}{Tkabber}
 developed synchronously with \ejabberd{}, its CVS version use most of
 \ejabberd{} features).
 TBD
@ -276,9 +325,9 @@ TBD
 runned on different machines that can be connected via network.  They all must
 have access to connect to port 4369 of all another nodes, and must have same
 magic cookie (see Erlang/OTP documentation, in short file
-\texttt{\~ejabberd/.erlang.cookie} must be the same on all nodes).  This is
+\texttt{\~{}ejabberd/.erlang.cookie} must be the same on all nodes).  This is
 needed because all nodes exchange information about connected users, S2S
-connection, registered services, etc\ldots
+connections, registered services, etc\ldots
 Each \ejabberd{} node run following modules:
 \begin{itemize}
@ -317,8 +366,8 @@ sended to session manager on it.
 \subsubsection{S2S Manager}
 This module route packets to another \Jabber{} servers.  First, it check if
-to domain of packet destination from domain of source already opened S2S
+already exists opened S2S connection from domain of packet source to domain of
-connection.  If it opened on another node, then it routed to S2S manager on
+destination.  If it opened on another node, then it routed to S2S manager on
 that node, if it opened on this node, then it routed to process that serve this
 connection, and if this connection not exists, then it opened and registered.
--- a/src/acl.erl
+++ b/src/acl.erl
@ -1,7 +1,7 @@
 %%%----------------------------------------------------------------------
 %%% File    : acl.erl
 %%% Author  : Alexey Shchepin <alexey@sevcom.net>
-%%% Purpose : 
+%%% Purpose : ACL support
 %%% Created : 18 Jan 2003 by Alexey Shchepin <alexey@sevcom.net>
 %%% Id      : $Id$
 %%%----------------------------------------------------------------------
@ -10,14 +10,17 @@
 -author('alexey@sevcom.net').
 -vsn('$Revision$ ').
-export([start/0, add/2, match_rule/2, match_acl/2]).
+-export([start/0,
 	 add/2,
 	 match_rule/2,
 	 % for debugging only
 	 match_acl/2]).
 -include("ejabberd.hrl").
 -record(acl, {aclname, aclspec}).
 start() ->
    %ets:new(acls, [bag, named_table, public]),
    mnesia:create_table(acl,
 			[{disc_copies, [node()]},
 			 {type, bag},
@ -31,7 +34,6 @@ add(ACLName, ACLSpec) ->
 		mnesia:write(#acl{aclname = ACLName, aclspec = ACLSpec})
 	end,
    mnesia:transaction(F).
    %ets:insert(acls, {ACLName, ACLData}).
 match_rule(Rule, JID) ->
    case ejabberd_config:get_global_option({access, Rule}) of
@ -58,10 +60,50 @@ match_acl(ACL, JID) ->
 			  all ->
 			      true;
 			  {user, U} ->
-			      (U == User) and (?MYNAME == Server);
+			      (U == User) andalso (?MYNAME == Server);
 			  {user, U, S} ->
-			      (U == User) and (S == Server);
+			      (U == User) andalso (S == Server);
 			  {server, S} ->
-			      S == Server
+			      S == Server;
 			  {user_regexp, UR} ->
 			      (?MYNAME == Server) andalso
 				  is_regexp_match(User, UR);
 			  {user_regexp, UR, S} ->
 			      (S == Server) andalso
 				  is_regexp_match(User, UR);
 			  {server_regexp, SR} ->
 			      is_regexp_match(Server, SR);
 			  {node_regexp, UR, SR} ->
 			      is_regexp_match(Server, SR) andalso
 				  is_regexp_match(User, UR);
 			  {user_glob, UR} ->
 			      (?MYNAME == Server) andalso
 				  is_glob_match(User, UR);
 			  {user_glob, UR, S} ->
 			      (S == Server) andalso
 				  is_glob_match(User, UR);
 			  {server_glob, SR} ->
 			      is_glob_match(Server, SR);
 			  {node_glob, UR, SR} ->
 			      is_glob_match(Server, SR) andalso
 				  is_glob_match(User, UR)
 		      end
 	      end, ets:lookup(acl, ACL)).
 is_regexp_match(String, RegExp) ->
    case regexp:first_match(String, RegExp) of
 	nomatch ->
 	    false;
 	{match, _, _} ->
 	    true;
 	{error, ErrDesc} ->
 	    ?ERROR_MSG(
 	       "Wrong regexp ~p in ACL: ~p",
 	       [RegExp, lists:flatten(regexp:format_error(ErrDesc))]),
 	    false
    end.
 is_glob_match(String, Glob) ->
    is_regexp_match(String, regexp:sh_to_awk(Glob)).
--- a/src/ejabberd.cfg
+++ b/src/ejabberd.cfg
@ -9,6 +9,10 @@
 {acl, jabberorg, {server, "jabber.org"}}.
 {acl, aleksey, {user, "aleksey", "jabber.ru"}}.
 {acl, test,  {user_glob, "test.*"}}.
 %{acl, test2, {user_glob, "test*"}}.
 {access, disco_admin, [{allow, admin},
                       {deny, all}]}.