24
1
mirror of https://github.com/processone/ejabberd.git synced 2024-06-16 22:05:29 +02:00

* src/ejabberd_service.erl: Added an option to disable from attribute checks in packets coming from an external component (EJAB-275)

* doc/guide.tex: Likewise

SVN Revision: 804
This commit is contained in:
Mickaël Rémond 2007-06-28 14:32:48 +00:00
parent 12ab036236
commit 525b8e9374
4 changed files with 57 additions and 17 deletions

View File

@ -1,5 +1,9 @@
2007-06-28 Mickael Remond <mickael.remond@process-one.net> 2007-06-28 Mickael Remond <mickael.remond@process-one.net>
* src/ejabberd_service.erl: Added an option to disable from attribute
checks in packets coming from an external component (EJAB-275)
* doc/guide.tex: Likewise
* doc/guide.tex: Documentation rework started (EJAB-272) * doc/guide.tex: Documentation rework started (EJAB-272)
* doc/introduction.tex: Likewise * doc/introduction.tex: Likewise

View File

@ -348,7 +348,8 @@ The latest development version can be retrieved from the Subversion repository.
install <TT>ejabberd</TT> into the directory <CODE>/var/lib/ejabberd</CODE>, install <TT>ejabberd</TT> into the directory <CODE>/var/lib/ejabberd</CODE>,
</LI><LI CLASS="li-itemize">install the configuration file into <CODE>/etc/ejabberd</CODE>, </LI><LI CLASS="li-itemize">install the configuration file into <CODE>/etc/ejabberd</CODE>,
</LI><LI CLASS="li-itemize">create a directory called <CODE>/var/log/ejabberd</CODE> to store log files. </LI><LI CLASS="li-itemize">create a directory called <CODE>/var/log/ejabberd</CODE> to store log files.
</LI></UL><P>Note: if you want to use an external database, you need to execute the configure </LI></UL><!--TOC subsubsection Compilation options-->
<H4 CLASS="subsubsection"><!--SEC ANCHOR -->Compilation options</H4><!--SEC END --><P>If you want to use an external database, you need to execute the configure
script with the option(s) <TT>&#X2013;enable-odbc</TT> or <TT>&#X2013;enable-odbc script with the option(s) <TT>&#X2013;enable-odbc</TT> or <TT>&#X2013;enable-odbc
&#X2013;enable-mssql</TT>. See section&#XA0;<A HREF="#database">3.2</A> for more information.</P><!--TOC subsubsection Windows--> &#X2013;enable-mssql</TT>. See section&#XA0;<A HREF="#database">3.2</A> for more information.</P><!--TOC subsubsection Windows-->
<H4 CLASS="subsubsection"><!--SEC ANCHOR -->Windows</H4><!--SEC END --><P> <H4 CLASS="subsubsection"><!--SEC ANCHOR -->Windows</H4><!--SEC END --><P>
@ -573,6 +574,11 @@ enables the web interface for <TT>ejabberd</TT> administration which is availabl
at <CODE>http://server:port/admin/</CODE>. Login and password are the username and at <CODE>http://server:port/admin/</CODE>. Login and password are the username and
password of one of the registered users who are granted access by the password of one of the registered users who are granted access by the
`configure' access rule. `configure' access rule.
</DD><DT CLASS="dt-description"><B><TT>component_check_from</TT></B></DT><DD CLASS="dd-description">
This option can be used with <TT>ejabberd_service</TT> only. It is
used to disable control on the from field on packets send by an
external components. The option can be either <TT>true</TT> or
<TT>false</TT>. The default value is <TT>true</TT> which conforms to <A HREF="http://www.xmpp.org/extensions/xep-0114.html">XEP-0114</A>.
</DD></DL><P>In addition, the following options are available for s2s connections: </DD></DL><P>In addition, the following options are available for s2s connections:
</P><DL CLASS="description"><DT CLASS="dt-description"> </P><DL CLASS="description"><DT CLASS="dt-description">
<B><TT>{s2s_use_starttls, true|false}</TT></B></DT><DD CLASS="dd-description"> <B><TT>{s2s_use_starttls, true|false}</TT></B></DT><DD CLASS="dd-description">
@ -614,6 +620,7 @@ connected to port 5237 with password `<TT>ggsecret</TT>'.
<A HREF="http://ejabberd.jabber.ru/jmc">Jabber Mail Component</A> <A HREF="http://ejabberd.jabber.ru/jmc">Jabber Mail Component</A>
<TT>jmc.example.org</TT> is connected to port 5238 with password <TT>jmc.example.org</TT> is connected to port 5238 with password
`<TT>jmcsecret</TT>'. `<TT>jmcsecret</TT>'.
</LI><LI CLASS="li-itemize">The service custom has enabled the special option to avoiding checking the <TT>from</TT> attribute in the packets send by this component. The component can send packets in behalf of any users from the server, or even on behalf of any server.
</LI></UL><PRE CLASS="verbatim"> {acl, blocked, {user, "bad"}}. </LI></UL><PRE CLASS="verbatim"> {acl, blocked, {user, "bad"}}.
{access, c2s, [{deny, blocked}, {access, c2s, [{deny, blocked},
{allow, all}]}. {allow, all}]}.
@ -637,10 +644,13 @@ connected to port 5237 with password `<TT>ggsecret</TT>'.
{5237, ejabberd_service, [{host, "gg.example.org", {5237, ejabberd_service, [{host, "gg.example.org",
[{password, "ggsecret"}]}]}, [{password, "ggsecret"}]}]},
{5238, ejabberd_service, [{host, "jmc.example.org", {5238, ejabberd_service, [{host, "jmc.example.org",
[{password, "jmcsecret"}]}]} [{password, "jmcsecret"}]}]},
{5239, ejabberd_service, [{host, "custom.example.org",
[{password, "customsecret"}]},
{service_check_from, false}]}
] ]
}. }.
{s2s_use_starttls, true}. {S2s_use_starttls, true}.
{s2s_certfile, "/path/to/ssl.pem"}. {s2s_certfile, "/path/to/ssl.pem"}.
</PRE><P>Note, that for jabberd 1.4- or WPJabber-based </PRE><P>Note, that for jabberd 1.4- or WPJabber-based
services you have to make the transports log and do XDB by themselves: services you have to make the transports log and do XDB by themselves:

View File

@ -255,7 +255,9 @@ These commands will:
\item create a directory called \verb|/var/log/ejabberd| to store log files. \item create a directory called \verb|/var/log/ejabberd| to store log files.
\end{itemize} \end{itemize}
Note: if you want to use an external database, you need to execute the configure \subsubsection{Compilation options}
If you want to use an external database, you need to execute the configure
script with the option(s) \term{--enable-odbc} or \term{--enable-odbc script with the option(s) \term{--enable-odbc} or \term{--enable-odbc
--enable-mssql}. See section~\ref{database} for more information. --enable-mssql}. See section~\ref{database} for more information.
@ -570,6 +572,11 @@ The following options are available:
at \verb|http://server:port/admin/|. Login and password are the username and at \verb|http://server:port/admin/|. Login and password are the username and
password of one of the registered users who are granted access by the password of one of the registered users who are granted access by the
`configure' access rule. `configure' access rule.
\titem{component\_check\_from} \ind{options!service\_check\_from}
This option can be used with \term{ejabberd\_service} only. It is
used to disable control on the from field on packets send by an
external components. The option can be either \term{true} or
\term{false}. The default value is \term{true} which conforms to \xepref{0114}.
\end{description} \end{description}
In addition, the following options are available for s2s connections: In addition, the following options are available for s2s connections:
@ -615,6 +622,7 @@ For instance, the following configuration defines that:
\footahref{http://ejabberd.jabber.ru/jmc}{Jabber Mail Component} \footahref{http://ejabberd.jabber.ru/jmc}{Jabber Mail Component}
\jid{jmc.example.org} is connected to port 5238 with password \jid{jmc.example.org} is connected to port 5238 with password
`\term{jmcsecret}'. `\term{jmcsecret}'.
\item The service custom has enabled the special option to avoiding checking the \term{from} attribute in the packets send by this component. The component can send packets in behalf of any users from the server, or even on behalf of any server.
\end{itemize} \end{itemize}
\begin{verbatim} \begin{verbatim}
{acl, blocked, {user, "bad"}}. {acl, blocked, {user, "bad"}}.
@ -640,10 +648,13 @@ For instance, the following configuration defines that:
{5237, ejabberd_service, [{host, "gg.example.org", {5237, ejabberd_service, [{host, "gg.example.org",
[{password, "ggsecret"}]}]}, [{password, "ggsecret"}]}]},
{5238, ejabberd_service, [{host, "jmc.example.org", {5238, ejabberd_service, [{host, "jmc.example.org",
[{password, "jmcsecret"}]}]} [{password, "jmcsecret"}]}]},
{5239, ejabberd_service, [{host, "custom.example.org",
[{password, "customsecret"}]},
{service_check_from, false}]}
] ]
}. }.
{s2s_use_starttls, true}. {S2s_use_starttls, true}.
{s2s_certfile, "/path/to/ssl.pem"}. {s2s_certfile, "/path/to/ssl.pem"}.
\end{verbatim} \end{verbatim}
Note, that for \ind{jabberd 1.4}jabberd 1.4- or \ind{WPJabber}WPJabber-based Note, that for \ind{jabberd 1.4}jabberd 1.4- or \ind{WPJabber}WPJabber-based

View File

@ -34,9 +34,10 @@
-include("jlib.hrl"). -include("jlib.hrl").
-record(state, {socket, sockmod, streamid, -record(state, {socket, sockmod, streamid,
hosts, password, access}). hosts, password, access,
check_from}).
%-define(DBGFSM, true). %-Define(DBGFSM, true).
-ifdef(DBGFSM). -ifdef(DBGFSM).
-define(FSMOPTS, [{debug, [trace]}]). -define(FSMOPTS, [{debug, [trace]}]).
@ -128,13 +129,18 @@ init([{SockMod, Socket}, Opts]) ->
{value, {_, S}} -> S; {value, {_, S}} -> S;
_ -> none _ -> none
end, end,
CheckFrom = case lists:keysearch(service_check_from, 1, Opts) of
{value, {_, CF}} -> CF;
_ -> true
end,
SockMod:change_shaper(Socket, Shaper), SockMod:change_shaper(Socket, Shaper),
{ok, wait_for_stream, #state{socket = Socket, {ok, wait_for_stream, #state{socket = Socket,
sockmod = SockMod, sockmod = SockMod,
streamid = new_id(), streamid = new_id(),
hosts = Hosts, hosts = Hosts,
password = Password, password = Password,
access = Access access = Access,
check_from = CheckFrom
}}. }}.
%%---------------------------------------------------------------------- %%----------------------------------------------------------------------
@ -205,14 +211,23 @@ stream_established({xmlstreamelement, El}, StateData) ->
NewEl = jlib:remove_attr("xmlns", El), NewEl = jlib:remove_attr("xmlns", El),
{xmlelement, Name, Attrs, _Els} = NewEl, {xmlelement, Name, Attrs, _Els} = NewEl,
From = xml:get_attr_s("from", Attrs), From = xml:get_attr_s("from", Attrs),
FromJID1 = jlib:string_to_jid(From), FromJID = case StateData#state.check_from of
FromJID = case FromJID1 of %% If the admin does not want to check the from field
#jid{lserver = Server} -> %% when accept packets from any address.
case lists:member(Server, StateData#state.hosts) of %% In this case, the component can send packet of
true -> FromJID1; %% behalf of the server users.
false -> error false -> jlib:string_to_jid(From);
end; %% The default is the standard behaviour in XEP-0114
_ -> error _ ->
FromJID1 = jlib:string_to_jid(From),
case FromJID1 of
#jid{lserver = Server} ->
case lists:member(Server, StateData#state.hosts) of
true -> FromJID1;
false -> error
end;
_ -> error
end
end, end,
To = xml:get_attr_s("to", Attrs), To = xml:get_attr_s("to", Attrs),
ToJID = case To of ToJID = case To of