Chapril
/
xmpp.chapril.org-ejabberd
mirror of https://github.com/processone/ejabberd.git
24
1
Fork 0
Code Releases Activity

Remove access_commands 'unrestricted' option, use [] instead. Fix unauthenticated calls to commands with policy=user.

This commit is contained in:
Alexey Shchepin 2015-10-20 17:19:31 +03:00
parent 2d22d6061e
commit 8a2fa62cac
2 changed files with 9 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/ejabberd_commands.erl
View File

@ -299,7 +299,8 @@ get_command_format(Name, Auth) ->
case Matched of case Matched of
[] -> [] ->
{error, command_unknown}; {error, command_unknown};
[[Args, Result, user]] when Admin -> [[Args, Result, user]] when Admin;
Auth == noauth ->
{[{user, binary}, {server, binary} | Args], Result}; {[{user, binary}, {server, binary} | Args], Result};
[[Args, Result, _]] -> [[Args, Result, _]] ->
{Args, Result} {Args, Result}
@ -363,6 +364,9 @@ execute_command2(
execute_command2( execute_command2(
admin, #ejabberd_commands{policy = user} = Command, Arguments) -> admin, #ejabberd_commands{policy = user} = Command, Arguments) ->
execute_command2(Command, Arguments); execute_command2(Command, Arguments);
execute_command2(
noauth, #ejabberd_commands{policy = user} = Command, Arguments) ->
execute_command2(Command, Arguments);
execute_command2( execute_command2(
{User, Server, _, _}, #ejabberd_commands{policy = user} = Command, Arguments) -> {User, Server, _, _}, #ejabberd_commands{policy = user} = Command, Arguments) ->
execute_command2(Command, [User, Server | Arguments]). execute_command2(Command, [User, Server | Arguments]).
@ -429,7 +433,9 @@ check_access_commands([], _Auth, _Method, _Command, _Arguments) ->
check_access_commands(AccessCommands, Auth, Method, Command1, Arguments) -> check_access_commands(AccessCommands, Auth, Method, Command1, Arguments) ->
Command = Command =
case {Command1#ejabberd_commands.policy, Auth} of case {Command1#ejabberd_commands.policy, Auth} of
{user, admin} -> {user, {_, _, _}} ->
Command1;
{user, _} ->
Command1#ejabberd_commands{ Command1#ejabberd_commands{
args = [{user, binary}, {server, binary} | args = [{user, binary}, {server, binary} |
Command1#ejabberd_commands.args]}; Command1#ejabberd_commands.args]};
@ -539,8 +545,6 @@ tag_arguments(ArgsDefs, Args) ->
Args). Args).
get_access_commands(unrestricted) ->
[];
get_access_commands(undefined) -> get_access_commands(undefined) ->
Cmds = get_commands(), Cmds = get_commands(),
[{?POLICY_ACCESS, Cmds, []}]; [{?POLICY_ACCESS, Cmds, []}];

7
src/ejabberd_xmlrpc.erl
View File

@ -197,14 +197,11 @@ socket_type() -> raw.
%% ----------------------------- %% -----------------------------
process(_, #request{method = 'POST', data = Data, opts = Opts}) -> process(_, #request{method = 'POST', data = Data, opts = Opts}) ->
AccessCommandsOpts = gen_mod:get_opt(access_commands, Opts, AccessCommandsOpts = gen_mod:get_opt(access_commands, Opts,
fun(L) when is_list(L) -> L; fun(L) when is_list(L) -> L end,
(unrestricted) -> unrestricted
end,
undefined), undefined),
AccessCommands = AccessCommands =
case AccessCommandsOpts of case AccessCommandsOpts of
undefined -> undefined; undefined -> undefined;
unrestricted -> unrestricted;
_ -> _ ->
lists:flatmap( lists:flatmap(
fun({Ac, AcOpts}) -> fun({Ac, AcOpts}) ->
@ -540,8 +537,6 @@ make_status(false) -> 1;
make_status(error) -> 1; make_status(error) -> 1;
make_status(_) -> 1. make_status(_) -> 1.
transform_listen_option({access_commands, unrestricted} = Opt, Opts) ->
[Opt | Opts];
transform_listen_option({access_commands, ACOpts}, Opts) -> transform_listen_option({access_commands, ACOpts}, Opts) ->
NewACOpts = lists:map( NewACOpts = lists:map(
fun({AName, ACmds, AOpts}) -> fun({AName, ACmds, AOpts}) ->