mirror of
https://github.com/processone/ejabberd.git
synced 2024-12-08 16:52:59 +01:00
* src/ejabberd_service.erl: Added an option to disable from attribute checks in packets coming from an external component (EJAB-275)
* doc/guide.tex: Likewise SVN Revision: 804
This commit is contained in:
parent
12ab036236
commit
525b8e9374
@ -1,5 +1,9 @@
|
||||
2007-06-28 Mickael Remond <mickael.remond@process-one.net>
|
||||
|
||||
* src/ejabberd_service.erl: Added an option to disable from attribute
|
||||
checks in packets coming from an external component (EJAB-275)
|
||||
* doc/guide.tex: Likewise
|
||||
|
||||
* doc/guide.tex: Documentation rework started (EJAB-272)
|
||||
* doc/introduction.tex: Likewise
|
||||
|
||||
|
@ -348,7 +348,8 @@ The latest development version can be retrieved from the Subversion repository.
|
||||
install <TT>ejabberd</TT> into the directory <CODE>/var/lib/ejabberd</CODE>,
|
||||
</LI><LI CLASS="li-itemize">install the configuration file into <CODE>/etc/ejabberd</CODE>,
|
||||
</LI><LI CLASS="li-itemize">create a directory called <CODE>/var/log/ejabberd</CODE> to store log files.
|
||||
</LI></UL><P>Note: if you want to use an external database, you need to execute the configure
|
||||
</LI></UL><!--TOC subsubsection Compilation options-->
|
||||
<H4 CLASS="subsubsection"><!--SEC ANCHOR -->Compilation options</H4><!--SEC END --><P>If you want to use an external database, you need to execute the configure
|
||||
script with the option(s) <TT>–enable-odbc</TT> or <TT>–enable-odbc
|
||||
–enable-mssql</TT>. See section <A HREF="#database">3.2</A> for more information.</P><!--TOC subsubsection Windows-->
|
||||
<H4 CLASS="subsubsection"><!--SEC ANCHOR -->Windows</H4><!--SEC END --><P>
|
||||
@ -573,6 +574,11 @@ enables the web interface for <TT>ejabberd</TT> administration which is availabl
|
||||
at <CODE>http://server:port/admin/</CODE>. Login and password are the username and
|
||||
password of one of the registered users who are granted access by the
|
||||
`configure' access rule.
|
||||
</DD><DT CLASS="dt-description"><B><TT>component_check_from</TT></B></DT><DD CLASS="dd-description">
|
||||
This option can be used with <TT>ejabberd_service</TT> only. It is
|
||||
used to disable control on the from field on packets send by an
|
||||
external components. The option can be either <TT>true</TT> or
|
||||
<TT>false</TT>. The default value is <TT>true</TT> which conforms to <A HREF="http://www.xmpp.org/extensions/xep-0114.html">XEP-0114</A>.
|
||||
</DD></DL><P>In addition, the following options are available for s2s connections:
|
||||
</P><DL CLASS="description"><DT CLASS="dt-description">
|
||||
<B><TT>{s2s_use_starttls, true|false}</TT></B></DT><DD CLASS="dd-description">
|
||||
@ -614,6 +620,7 @@ connected to port 5237 with password `<TT>ggsecret</TT>'.
|
||||
<A HREF="http://ejabberd.jabber.ru/jmc">Jabber Mail Component</A>
|
||||
<TT>jmc.example.org</TT> is connected to port 5238 with password
|
||||
`<TT>jmcsecret</TT>'.
|
||||
</LI><LI CLASS="li-itemize">The service custom has enabled the special option to avoiding checking the <TT>from</TT> attribute in the packets send by this component. The component can send packets in behalf of any users from the server, or even on behalf of any server.
|
||||
</LI></UL><PRE CLASS="verbatim"> {acl, blocked, {user, "bad"}}.
|
||||
{access, c2s, [{deny, blocked},
|
||||
{allow, all}]}.
|
||||
@ -637,10 +644,13 @@ connected to port 5237 with password `<TT>ggsecret</TT>'.
|
||||
{5237, ejabberd_service, [{host, "gg.example.org",
|
||||
[{password, "ggsecret"}]}]},
|
||||
{5238, ejabberd_service, [{host, "jmc.example.org",
|
||||
[{password, "jmcsecret"}]}]}
|
||||
[{password, "jmcsecret"}]}]},
|
||||
{5239, ejabberd_service, [{host, "custom.example.org",
|
||||
[{password, "customsecret"}]},
|
||||
{service_check_from, false}]}
|
||||
]
|
||||
}.
|
||||
{s2s_use_starttls, true}.
|
||||
{S2s_use_starttls, true}.
|
||||
{s2s_certfile, "/path/to/ssl.pem"}.
|
||||
</PRE><P>Note, that for jabberd 1.4- or WPJabber-based
|
||||
services you have to make the transports log and do XDB by themselves:
|
||||
|
@ -255,7 +255,9 @@ These commands will:
|
||||
\item create a directory called \verb|/var/log/ejabberd| to store log files.
|
||||
\end{itemize}
|
||||
|
||||
Note: if you want to use an external database, you need to execute the configure
|
||||
\subsubsection{Compilation options}
|
||||
|
||||
If you want to use an external database, you need to execute the configure
|
||||
script with the option(s) \term{--enable-odbc} or \term{--enable-odbc
|
||||
--enable-mssql}. See section~\ref{database} for more information.
|
||||
|
||||
@ -570,6 +572,11 @@ The following options are available:
|
||||
at \verb|http://server:port/admin/|. Login and password are the username and
|
||||
password of one of the registered users who are granted access by the
|
||||
`configure' access rule.
|
||||
\titem{component\_check\_from} \ind{options!service\_check\_from}
|
||||
This option can be used with \term{ejabberd\_service} only. It is
|
||||
used to disable control on the from field on packets send by an
|
||||
external components. The option can be either \term{true} or
|
||||
\term{false}. The default value is \term{true} which conforms to \xepref{0114}.
|
||||
\end{description}
|
||||
|
||||
In addition, the following options are available for s2s connections:
|
||||
@ -615,6 +622,7 @@ For instance, the following configuration defines that:
|
||||
\footahref{http://ejabberd.jabber.ru/jmc}{Jabber Mail Component}
|
||||
\jid{jmc.example.org} is connected to port 5238 with password
|
||||
`\term{jmcsecret}'.
|
||||
\item The service custom has enabled the special option to avoiding checking the \term{from} attribute in the packets send by this component. The component can send packets in behalf of any users from the server, or even on behalf of any server.
|
||||
\end{itemize}
|
||||
\begin{verbatim}
|
||||
{acl, blocked, {user, "bad"}}.
|
||||
@ -640,10 +648,13 @@ For instance, the following configuration defines that:
|
||||
{5237, ejabberd_service, [{host, "gg.example.org",
|
||||
[{password, "ggsecret"}]}]},
|
||||
{5238, ejabberd_service, [{host, "jmc.example.org",
|
||||
[{password, "jmcsecret"}]}]}
|
||||
[{password, "jmcsecret"}]}]},
|
||||
{5239, ejabberd_service, [{host, "custom.example.org",
|
||||
[{password, "customsecret"}]},
|
||||
{service_check_from, false}]}
|
||||
]
|
||||
}.
|
||||
{s2s_use_starttls, true}.
|
||||
{S2s_use_starttls, true}.
|
||||
{s2s_certfile, "/path/to/ssl.pem"}.
|
||||
\end{verbatim}
|
||||
Note, that for \ind{jabberd 1.4}jabberd 1.4- or \ind{WPJabber}WPJabber-based
|
||||
|
@ -34,9 +34,10 @@
|
||||
-include("jlib.hrl").
|
||||
|
||||
-record(state, {socket, sockmod, streamid,
|
||||
hosts, password, access}).
|
||||
hosts, password, access,
|
||||
check_from}).
|
||||
|
||||
%-define(DBGFSM, true).
|
||||
%-Define(DBGFSM, true).
|
||||
|
||||
-ifdef(DBGFSM).
|
||||
-define(FSMOPTS, [{debug, [trace]}]).
|
||||
@ -128,13 +129,18 @@ init([{SockMod, Socket}, Opts]) ->
|
||||
{value, {_, S}} -> S;
|
||||
_ -> none
|
||||
end,
|
||||
CheckFrom = case lists:keysearch(service_check_from, 1, Opts) of
|
||||
{value, {_, CF}} -> CF;
|
||||
_ -> true
|
||||
end,
|
||||
SockMod:change_shaper(Socket, Shaper),
|
||||
{ok, wait_for_stream, #state{socket = Socket,
|
||||
sockmod = SockMod,
|
||||
streamid = new_id(),
|
||||
hosts = Hosts,
|
||||
password = Password,
|
||||
access = Access
|
||||
access = Access,
|
||||
check_from = CheckFrom
|
||||
}}.
|
||||
|
||||
%%----------------------------------------------------------------------
|
||||
@ -205,14 +211,23 @@ stream_established({xmlstreamelement, El}, StateData) ->
|
||||
NewEl = jlib:remove_attr("xmlns", El),
|
||||
{xmlelement, Name, Attrs, _Els} = NewEl,
|
||||
From = xml:get_attr_s("from", Attrs),
|
||||
FromJID1 = jlib:string_to_jid(From),
|
||||
FromJID = case FromJID1 of
|
||||
#jid{lserver = Server} ->
|
||||
case lists:member(Server, StateData#state.hosts) of
|
||||
true -> FromJID1;
|
||||
false -> error
|
||||
end;
|
||||
_ -> error
|
||||
FromJID = case StateData#state.check_from of
|
||||
%% If the admin does not want to check the from field
|
||||
%% when accept packets from any address.
|
||||
%% In this case, the component can send packet of
|
||||
%% behalf of the server users.
|
||||
false -> jlib:string_to_jid(From);
|
||||
%% The default is the standard behaviour in XEP-0114
|
||||
_ ->
|
||||
FromJID1 = jlib:string_to_jid(From),
|
||||
case FromJID1 of
|
||||
#jid{lserver = Server} ->
|
||||
case lists:member(Server, StateData#state.hosts) of
|
||||
true -> FromJID1;
|
||||
false -> error
|
||||
end;
|
||||
_ -> error
|
||||
end
|
||||
end,
|
||||
To = xml:get_attr_s("to", Attrs),
|
||||
ToJID = case To of
|
||||
|
Loading…
Reference in New Issue
Block a user