Remove access_commands 'unrestricted' option, use [] instead. Fix unauthenticated calls to commands with policy=user.
This commit is contained in:
parent
2d22d6061e
commit
8a2fa62cac
|
@ -299,7 +299,8 @@ get_command_format(Name, Auth) ->
|
||||||
case Matched of
|
case Matched of
|
||||||
[] ->
|
[] ->
|
||||||
{error, command_unknown};
|
{error, command_unknown};
|
||||||
[[Args, Result, user]] when Admin ->
|
[[Args, Result, user]] when Admin;
|
||||||
|
Auth == noauth ->
|
||||||
{[{user, binary}, {server, binary} | Args], Result};
|
{[{user, binary}, {server, binary} | Args], Result};
|
||||||
[[Args, Result, _]] ->
|
[[Args, Result, _]] ->
|
||||||
{Args, Result}
|
{Args, Result}
|
||||||
|
@ -363,6 +364,9 @@ execute_command2(
|
||||||
execute_command2(
|
execute_command2(
|
||||||
admin, #ejabberd_commands{policy = user} = Command, Arguments) ->
|
admin, #ejabberd_commands{policy = user} = Command, Arguments) ->
|
||||||
execute_command2(Command, Arguments);
|
execute_command2(Command, Arguments);
|
||||||
|
execute_command2(
|
||||||
|
noauth, #ejabberd_commands{policy = user} = Command, Arguments) ->
|
||||||
|
execute_command2(Command, Arguments);
|
||||||
execute_command2(
|
execute_command2(
|
||||||
{User, Server, _, _}, #ejabberd_commands{policy = user} = Command, Arguments) ->
|
{User, Server, _, _}, #ejabberd_commands{policy = user} = Command, Arguments) ->
|
||||||
execute_command2(Command, [User, Server | Arguments]).
|
execute_command2(Command, [User, Server | Arguments]).
|
||||||
|
@ -429,7 +433,9 @@ check_access_commands([], _Auth, _Method, _Command, _Arguments) ->
|
||||||
check_access_commands(AccessCommands, Auth, Method, Command1, Arguments) ->
|
check_access_commands(AccessCommands, Auth, Method, Command1, Arguments) ->
|
||||||
Command =
|
Command =
|
||||||
case {Command1#ejabberd_commands.policy, Auth} of
|
case {Command1#ejabberd_commands.policy, Auth} of
|
||||||
{user, admin} ->
|
{user, {_, _, _}} ->
|
||||||
|
Command1;
|
||||||
|
{user, _} ->
|
||||||
Command1#ejabberd_commands{
|
Command1#ejabberd_commands{
|
||||||
args = [{user, binary}, {server, binary} |
|
args = [{user, binary}, {server, binary} |
|
||||||
Command1#ejabberd_commands.args]};
|
Command1#ejabberd_commands.args]};
|
||||||
|
@ -539,8 +545,6 @@ tag_arguments(ArgsDefs, Args) ->
|
||||||
Args).
|
Args).
|
||||||
|
|
||||||
|
|
||||||
get_access_commands(unrestricted) ->
|
|
||||||
[];
|
|
||||||
get_access_commands(undefined) ->
|
get_access_commands(undefined) ->
|
||||||
Cmds = get_commands(),
|
Cmds = get_commands(),
|
||||||
[{?POLICY_ACCESS, Cmds, []}];
|
[{?POLICY_ACCESS, Cmds, []}];
|
||||||
|
|
|
@ -197,14 +197,11 @@ socket_type() -> raw.
|
||||||
%% -----------------------------
|
%% -----------------------------
|
||||||
process(_, #request{method = 'POST', data = Data, opts = Opts}) ->
|
process(_, #request{method = 'POST', data = Data, opts = Opts}) ->
|
||||||
AccessCommandsOpts = gen_mod:get_opt(access_commands, Opts,
|
AccessCommandsOpts = gen_mod:get_opt(access_commands, Opts,
|
||||||
fun(L) when is_list(L) -> L;
|
fun(L) when is_list(L) -> L end,
|
||||||
(unrestricted) -> unrestricted
|
|
||||||
end,
|
|
||||||
undefined),
|
undefined),
|
||||||
AccessCommands =
|
AccessCommands =
|
||||||
case AccessCommandsOpts of
|
case AccessCommandsOpts of
|
||||||
undefined -> undefined;
|
undefined -> undefined;
|
||||||
unrestricted -> unrestricted;
|
|
||||||
_ ->
|
_ ->
|
||||||
lists:flatmap(
|
lists:flatmap(
|
||||||
fun({Ac, AcOpts}) ->
|
fun({Ac, AcOpts}) ->
|
||||||
|
@ -540,8 +537,6 @@ make_status(false) -> 1;
|
||||||
make_status(error) -> 1;
|
make_status(error) -> 1;
|
||||||
make_status(_) -> 1.
|
make_status(_) -> 1.
|
||||||
|
|
||||||
transform_listen_option({access_commands, unrestricted} = Opt, Opts) ->
|
|
||||||
[Opt | Opts];
|
|
||||||
transform_listen_option({access_commands, ACOpts}, Opts) ->
|
transform_listen_option({access_commands, ACOpts}, Opts) ->
|
||||||
NewACOpts = lists:map(
|
NewACOpts = lists:map(
|
||||||
fun({AName, ACmds, AOpts}) ->
|
fun({AName, ACmds, AOpts}) ->
|
||||||
|
|
Loading…
Reference in New Issue