Remove access_commands 'unrestricted' option, use [] instead. Fix unauthenticated calls to commands with policy=user.

2024-12-22 17:28:25 +01:00 · 2015-10-20 17:19:31 +03:00 · 2015-10-20 17:19:31 +03:00 · 8a2fa62cac
commit 8a2fa62cac
parent 2d22d6061e
2 changed files with 9 additions and 10 deletions
--- a/src/ejabberd_commands.erl
+++ b/src/ejabberd_commands.erl
@ -299,7 +299,8 @@ get_command_format(Name, Auth) ->
    case Matched of
 	[] ->
 	    {error, command_unknown};
-	[[Args, Result, user]] when Admin ->
+	[[Args, Result, user]] when Admin;
+                                    Auth == noauth ->
 	    {[{user, binary}, {server, binary} | Args], Result};
 	[[Args, Result, _]] ->
 	    {Args, Result}
@ -363,6 +364,9 @@ execute_command2(
 execute_command2(
  admin, #ejabberd_commands{policy = user} = Command, Arguments) ->
    execute_command2(Command, Arguments);
+execute_command2(
+  noauth, #ejabberd_commands{policy = user} = Command, Arguments) ->
+    execute_command2(Command, Arguments);
 execute_command2(
  {User, Server, _, _}, #ejabberd_commands{policy = user} = Command, Arguments) ->
    execute_command2(Command, [User, Server | Arguments]).
@ -429,7 +433,9 @@ check_access_commands([], _Auth, _Method, _Command, _Arguments) ->
 check_access_commands(AccessCommands, Auth, Method, Command1, Arguments) ->
    Command =
        case {Command1#ejabberd_commands.policy, Auth} of
-            {user, admin} ->
+            {user, {_, _, _}} ->
+                Command1;
+            {user, _} ->
                Command1#ejabberd_commands{
                  args = [{user, binary}, {server, binary} |
                          Command1#ejabberd_commands.args]};
@ -539,8 +545,6 @@ tag_arguments(ArgsDefs, Args) ->
      Args).


-get_access_commands(unrestricted) ->
-    [];
 get_access_commands(undefined) ->
    Cmds = get_commands(),
    [{?POLICY_ACCESS, Cmds, []}];
--- a/src/ejabberd_xmlrpc.erl
+++ b/src/ejabberd_xmlrpc.erl
@ -197,14 +197,11 @@ socket_type() -> raw.
 %% -----------------------------
 process(_, #request{method = 'POST', data = Data, opts = Opts}) ->
    AccessCommandsOpts = gen_mod:get_opt(access_commands, Opts,
-                                         fun(L) when is_list(L) -> L;
-                                            (unrestricted) -> unrestricted
-                                         end,
+                                         fun(L) when is_list(L) -> L end,
                                         undefined),
    AccessCommands =
        case AccessCommandsOpts of
            undefined -> undefined;
-            unrestricted -> unrestricted;
            _ ->
                lists:flatmap(
                  fun({Ac, AcOpts}) ->
@ -540,8 +537,6 @@ make_status(false) -> 1;
 make_status(error) -> 1;
 make_status(_) -> 1.

-transform_listen_option({access_commands, unrestricted} = Opt, Opts) ->
-    [Opt | Opts];
 transform_listen_option({access_commands, ACOpts}, Opts) ->
    NewACOpts = lists:map(
                  fun({AName, ACmds, AOpts}) ->