25
1
mirror of https://github.com/processone/ejabberd.git synced 2024-11-24 16:23:40 +01:00

* src/ejabberd_service.erl: Added an option to disable from attribute checks in packets coming from an external component (EJAB-275)

* doc/guide.tex: Likewise

SVN Revision: 804
This commit is contained in:
Mickaël Rémond 2007-06-28 14:32:48 +00:00
parent 12ab036236
commit 525b8e9374
4 changed files with 57 additions and 17 deletions

View File

@ -1,5 +1,9 @@
2007-06-28 Mickael Remond <mickael.remond@process-one.net>
* src/ejabberd_service.erl: Added an option to disable from attribute
checks in packets coming from an external component (EJAB-275)
* doc/guide.tex: Likewise
* doc/guide.tex: Documentation rework started (EJAB-272)
* doc/introduction.tex: Likewise

View File

@ -348,7 +348,8 @@ The latest development version can be retrieved from the Subversion repository.
install <TT>ejabberd</TT> into the directory <CODE>/var/lib/ejabberd</CODE>,
</LI><LI CLASS="li-itemize">install the configuration file into <CODE>/etc/ejabberd</CODE>,
</LI><LI CLASS="li-itemize">create a directory called <CODE>/var/log/ejabberd</CODE> to store log files.
</LI></UL><P>Note: if you want to use an external database, you need to execute the configure
</LI></UL><!--TOC subsubsection Compilation options-->
<H4 CLASS="subsubsection"><!--SEC ANCHOR -->Compilation options</H4><!--SEC END --><P>If you want to use an external database, you need to execute the configure
script with the option(s) <TT>&#X2013;enable-odbc</TT> or <TT>&#X2013;enable-odbc
&#X2013;enable-mssql</TT>. See section&#XA0;<A HREF="#database">3.2</A> for more information.</P><!--TOC subsubsection Windows-->
<H4 CLASS="subsubsection"><!--SEC ANCHOR -->Windows</H4><!--SEC END --><P>
@ -573,6 +574,11 @@ enables the web interface for <TT>ejabberd</TT> administration which is availabl
at <CODE>http://server:port/admin/</CODE>. Login and password are the username and
password of one of the registered users who are granted access by the
`configure' access rule.
</DD><DT CLASS="dt-description"><B><TT>component_check_from</TT></B></DT><DD CLASS="dd-description">
This option can be used with <TT>ejabberd_service</TT> only. It is
used to disable control on the from field on packets send by an
external components. The option can be either <TT>true</TT> or
<TT>false</TT>. The default value is <TT>true</TT> which conforms to <A HREF="http://www.xmpp.org/extensions/xep-0114.html">XEP-0114</A>.
</DD></DL><P>In addition, the following options are available for s2s connections:
</P><DL CLASS="description"><DT CLASS="dt-description">
<B><TT>{s2s_use_starttls, true|false}</TT></B></DT><DD CLASS="dd-description">
@ -614,6 +620,7 @@ connected to port 5237 with password `<TT>ggsecret</TT>'.
<A HREF="http://ejabberd.jabber.ru/jmc">Jabber Mail Component</A>
<TT>jmc.example.org</TT> is connected to port 5238 with password
`<TT>jmcsecret</TT>'.
</LI><LI CLASS="li-itemize">The service custom has enabled the special option to avoiding checking the <TT>from</TT> attribute in the packets send by this component. The component can send packets in behalf of any users from the server, or even on behalf of any server.
</LI></UL><PRE CLASS="verbatim"> {acl, blocked, {user, "bad"}}.
{access, c2s, [{deny, blocked},
{allow, all}]}.
@ -637,10 +644,13 @@ connected to port 5237 with password `<TT>ggsecret</TT>'.
{5237, ejabberd_service, [{host, "gg.example.org",
[{password, "ggsecret"}]}]},
{5238, ejabberd_service, [{host, "jmc.example.org",
[{password, "jmcsecret"}]}]}
[{password, "jmcsecret"}]}]},
{5239, ejabberd_service, [{host, "custom.example.org",
[{password, "customsecret"}]},
{service_check_from, false}]}
]
}.
{s2s_use_starttls, true}.
{S2s_use_starttls, true}.
{s2s_certfile, "/path/to/ssl.pem"}.
</PRE><P>Note, that for jabberd 1.4- or WPJabber-based
services you have to make the transports log and do XDB by themselves:

View File

@ -255,7 +255,9 @@ These commands will:
\item create a directory called \verb|/var/log/ejabberd| to store log files.
\end{itemize}
Note: if you want to use an external database, you need to execute the configure
\subsubsection{Compilation options}
If you want to use an external database, you need to execute the configure
script with the option(s) \term{--enable-odbc} or \term{--enable-odbc
--enable-mssql}. See section~\ref{database} for more information.
@ -570,6 +572,11 @@ The following options are available:
at \verb|http://server:port/admin/|. Login and password are the username and
password of one of the registered users who are granted access by the
`configure' access rule.
\titem{component\_check\_from} \ind{options!service\_check\_from}
This option can be used with \term{ejabberd\_service} only. It is
used to disable control on the from field on packets send by an
external components. The option can be either \term{true} or
\term{false}. The default value is \term{true} which conforms to \xepref{0114}.
\end{description}
In addition, the following options are available for s2s connections:
@ -615,6 +622,7 @@ For instance, the following configuration defines that:
\footahref{http://ejabberd.jabber.ru/jmc}{Jabber Mail Component}
\jid{jmc.example.org} is connected to port 5238 with password
`\term{jmcsecret}'.
\item The service custom has enabled the special option to avoiding checking the \term{from} attribute in the packets send by this component. The component can send packets in behalf of any users from the server, or even on behalf of any server.
\end{itemize}
\begin{verbatim}
{acl, blocked, {user, "bad"}}.
@ -640,10 +648,13 @@ For instance, the following configuration defines that:
{5237, ejabberd_service, [{host, "gg.example.org",
[{password, "ggsecret"}]}]},
{5238, ejabberd_service, [{host, "jmc.example.org",
[{password, "jmcsecret"}]}]}
[{password, "jmcsecret"}]}]},
{5239, ejabberd_service, [{host, "custom.example.org",
[{password, "customsecret"}]},
{service_check_from, false}]}
]
}.
{s2s_use_starttls, true}.
{S2s_use_starttls, true}.
{s2s_certfile, "/path/to/ssl.pem"}.
\end{verbatim}
Note, that for \ind{jabberd 1.4}jabberd 1.4- or \ind{WPJabber}WPJabber-based

View File

@ -34,9 +34,10 @@
-include("jlib.hrl").
-record(state, {socket, sockmod, streamid,
hosts, password, access}).
hosts, password, access,
check_from}).
%-define(DBGFSM, true).
%-Define(DBGFSM, true).
-ifdef(DBGFSM).
-define(FSMOPTS, [{debug, [trace]}]).
@ -128,13 +129,18 @@ init([{SockMod, Socket}, Opts]) ->
{value, {_, S}} -> S;
_ -> none
end,
CheckFrom = case lists:keysearch(service_check_from, 1, Opts) of
{value, {_, CF}} -> CF;
_ -> true
end,
SockMod:change_shaper(Socket, Shaper),
{ok, wait_for_stream, #state{socket = Socket,
sockmod = SockMod,
streamid = new_id(),
hosts = Hosts,
password = Password,
access = Access
access = Access,
check_from = CheckFrom
}}.
%%----------------------------------------------------------------------
@ -205,14 +211,23 @@ stream_established({xmlstreamelement, El}, StateData) ->
NewEl = jlib:remove_attr("xmlns", El),
{xmlelement, Name, Attrs, _Els} = NewEl,
From = xml:get_attr_s("from", Attrs),
FromJID1 = jlib:string_to_jid(From),
FromJID = case FromJID1 of
#jid{lserver = Server} ->
case lists:member(Server, StateData#state.hosts) of
true -> FromJID1;
false -> error
end;
_ -> error
FromJID = case StateData#state.check_from of
%% If the admin does not want to check the from field
%% when accept packets from any address.
%% In this case, the component can send packet of
%% behalf of the server users.
false -> jlib:string_to_jid(From);
%% The default is the standard behaviour in XEP-0114
_ ->
FromJID1 = jlib:string_to_jid(From),
case FromJID1 of
#jid{lserver = Server} ->
case lists:member(Server, StateData#state.hosts) of
true -> FromJID1;
false -> error
end;
_ -> error
end
end,
To = xml:get_attr_s("to", Attrs),
ToJID = case To of