25
1
mirror of https://github.com/processone/ejabberd.git synced 2024-10-11 15:08:56 +02:00

*** empty log message ***

SVN Revision: 50
This commit is contained in:
Alexey Shchepin 2003-01-25 20:13:36 +00:00
parent 2aa3c1c720
commit b88ff5f323
3 changed files with 299 additions and 25 deletions

View File

@ -116,7 +116,7 @@ runned on them. Each element of list is a tuple with following elements:
<LI> <TT>ejabberd_s2s_in</TT>: serves incoming S2S connections;
<LI> <TT>ejabberd_service</TT>: serves connections to Jabber services (i.e.
that used <TT>jabber:component:accept</TT> namespace).
that use <TT>jabber:component:accept</TT> namespace).
</UL>For example, following configuration defines that C2S connections listened on
port 5222, S2S on port 5269 and that service <TT>conference.jabber.org</TT>
must be connected to port 8888 with password ``<TT>secret</TT>''.<BR>
@ -130,7 +130,48 @@ must be connected to port 8888 with password ``<TT>secret</TT>''.<BR>
<H4>3.1.3&nbsp;&nbsp; Access Rules</H4><!--SEC END -->
<A NAME="sec:configaccess"></A>TBD<BR>
<A NAME="sec:configaccess"></A>Access control in <TT>ejabberd</TT> is done via Access Control Lists (ACL). In
config file they looks like this:
<PRE>
{acl, &lt;aclname&gt;, {&lt;acltype&gt;, ...}}.
</PRE><TT>&lt;acltype&gt;</TT> can be one of following:
<DL COMPACT=compact>
<DT>
<TT>all</TT><DD> Matches all JIDs. Example:
<PRE>
{acl, all, all}.
</PRE>
<DT><TT>{user, &lt;username&gt;}</TT><DD> Matches local user with name
<TT>&lt;username&gt;</TT>. Example:
<PRE>
{acl, admin, {user, "aleksey"}}.
</PRE>
<DT><TT>{user, &lt;username&gt;, &lt;server&gt;}</TT><DD> Matches user with JID
<TT>&lt;username&gt;@&lt;server&gt;</TT>. Example:
<PRE>
{acl, admin, {user, "aleksey", "jabber.ru"}}.
</PRE>
<DT><TT>{server, &lt;server&gt;}</TT><DD> Matches any JID from server
<TT>&lt;server&gt;</TT>. Example:
<PRE>
{acl, jabberorg, {server, "jabber.org"}}.
</PRE></DL>Allowing or denying of different services is like this:
<PRE>
{access, &lt;accessname&gt;, [{allow, &lt;aclname&gt;},
{deny, &lt;aclname&gt;},
...
]}.
</PRE>When JID is checked to have access to <TT>&lt;accessname&gt;</TT>, server
sequentially checks if this JID in one of the ACLs that are second elements in
eache tuple in list. If one of them matched, then returned first element of
matched tuple. Else returned ``<TT>deny</TT>''.<BR>
<BR>
Example:
<PRE>
{access, configure, [{allow, admin}]}.
{access, something, [{deny, badmans},
{allow, all}]}.
</PRE>TBD<BR>
<BR>
<!--TOC subsubsection Modules-->
@ -151,9 +192,9 @@ Example:
{mod_stats, []},
{mod_vcard, []},
{mod_offline, []},
{mod_echo, [{host, "echo.e.localhost"}]},
{mod_echo, [{host, "echo.localhost"}]},
{mod_private, []},
{mod_time, [{pdisc, no_queue}]},
{mod_time, [{iqdisc, no_queue}]},
{mod_version, []}
]}.
</PRE><!--TOC subsection Online Configuration-->
@ -172,7 +213,63 @@ TBD<BR>
<H2>4&nbsp;&nbsp; Distribution</H2><!--SEC END -->
<A NAME="sec:distribution"></A><!--TOC section Built-in Modules-->
<A NAME="sec:distribution"></A><!--TOC subsection How it works-->
<H3>4.1&nbsp;&nbsp; How it works</H3><!--SEC END -->
<A NAME="sec:howitworks"></A>Jabber domain is served by one or more <TT>ejabberd</TT> nodes. This nodes can be
runned on different computers that can be connected via network. They all must
have access to connect to port 4369 of all another nodes, and must have same
magic cookie (see Erlang/OTP documentation, in short file
<TT>ejabberd/.erlang.cookie</TT> must be the same on all nodes). This is
needed because all nodes exchange information about connected users, S2S
connection ,registered services, etc...<BR>
<BR>
Each <TT>ejabberd</TT> node run following modules:
<UL>
<LI>
router;
<LI> local router.
<LI> session manager;
<LI> S2S manager;
</UL><!--TOC subsubsection Router-->
<H4>4.1.1&nbsp;&nbsp; Router</H4><!--SEC END -->
This module is the main router of Jabber packets on each node. It route
them based on their destanations domains. It have two tables: local and global
routes. First, domain of packet destination searched in local table, and if it
finded, then packet routed to appropriate process. If no, then it searched in
global table, and routed to appropriate <TT>ejabberd</TT> node or process. If it not
exists in both tables, then it sended to S2S manager.<BR>
<BR>
<!--TOC subsubsection Local Router-->
<H4>4.1.2&nbsp;&nbsp; Local Router</H4><!--SEC END -->
This module route packets which have destination domain equal to this server
name. If destination JID have node, then it routed to session manager, else it
processed depending on it content.<BR>
<BR>
<!--TOC subsubsection Session Manager-->
<H4>4.1.3&nbsp;&nbsp; Session Manager</H4><!--SEC END -->
This module route packets to local users. It search to what user resource
packet must be sended via presence table. If this reseouce connected to this
node, it routed to C2S process, if it connected via another node, then packet
sended to session manager on it.<BR>
<BR>
<!--TOC subsubsection S2S Manager-->
<H4>4.1.4&nbsp;&nbsp; S2S Manager</H4><!--SEC END -->
This module route packets to another Jabber servers. First, it check if
to domain of packet destination from domain of source already opened S2S
connection. If it opened on another node, then it routed to S2S manager on
that node, if it opened on this node, then it routed to process that serve this
connection, and if this connection not exists, then it opened and registered.<BR>
<BR>
<!--TOC section Built-in Modules-->
<H2>5&nbsp;&nbsp; Built-in Modules</H2><!--SEC END -->
@ -209,7 +306,20 @@ queries. Possible values are:
<PRE>
{modules, [
...
{mod_time, [{pdisc, no_queue}]},
{mod_time, [{iqdisc, no_queue}]},
...
]}.
</PRE><!--TOC subsubsection Option <TT>host</TT>-->
<H4>5.1.2&nbsp;&nbsp; Option <TT>host</TT></H4><!--SEC END -->
Some modules may act as services, and wants to have different domain name.
This option explicitly defines this name.<BR>
<BR>
Example:
<PRE>
{modules, [
...
{mod_echo, [{host, "echo.myjabber.org"}]},
...
]}.
</PRE><!--TOC subsection <TT>mod_register</TT>-->
@ -232,7 +342,17 @@ queries. Possible values are:
<H3>5.6&nbsp;&nbsp; <TT>mod_stats</TT></H3><!--SEC END -->
<A NAME="sec:modstats"></A><!--TOC subsection <TT>mod_vcard</TT>-->
<A NAME="sec:modstats"></A>This module adds support of
<A HREF="http://www.jabber.org/jeps/jep-0039.html">JEP-0039</A> (Statistics Gathering).<BR>
<BR>
Options:
<DL COMPACT=compact>
<DT>
<TT>iqdisc</TT><DD> <TT>http://jabber.org/protocol/stats</TT> IQ queries
processing discipline.
</DL>TBD about access.<BR>
<BR>
<!--TOC subsection <TT>mod_vcard</TT>-->
<H3>5.7&nbsp;&nbsp; <TT>mod_vcard</TT></H3><!--SEC END -->
@ -248,15 +368,35 @@ queries. Possible values are:
<H3>5.10&nbsp;&nbsp; <TT>mod_private</TT></H3><!--SEC END -->
<A NAME="sec:modprivate"></A><!--TOC subsection <TT>mod_time</TT>-->
<A NAME="sec:modprivate"></A>This module adds support of
<A HREF="http://www.jabber.org/jeps/jep-0049.html">JEP-0049</A> (Private XML
Storage).<BR>
<BR>
Options:
<DL COMPACT=compact>
<DT>
<TT>iqdisc</TT><DD> <TT>jabber:iq:private</TT> IQ queries processing discipline.
</DL><!--TOC subsection <TT>mod_time</TT>-->
<H3>5.11&nbsp;&nbsp; <TT>mod_time</TT></H3><!--SEC END -->
<A NAME="sec:modtime"></A><!--TOC subsection <TT>mod_version</TT>-->
<A NAME="sec:modtime"></A>This module answers UTC time on <TT>jabber:iq:time</TT> queries.<BR>
<BR>
Options:
<DL COMPACT=compact>
<DT>
<TT>iqdisc</TT><DD> <TT>jabber:iq:time</TT> IQ queries processing discipline.
</DL><!--TOC subsection <TT>mod_version</TT>-->
<H3>5.12&nbsp;&nbsp; <TT>mod_version</TT></H3><!--SEC END -->
<A NAME="sec:modversion"></A><!--HTMLFOOT-->
<A NAME="sec:modversion"></A>This module answers <TT>ejabberd</TT> version on <TT>jabber:iq:version</TT> queries.<BR>
<BR>
Options:
<DL COMPACT=compact>
<DT>
<TT>iqdisc</TT><DD> <TT>jabber:iq:version</TT> IQ queries processing discipline.
</DL><!--HTMLFOOT-->
<!--ENDHTML-->
<!--FOOTER-->

View File

@ -1,4 +1,4 @@
\documentclass[12pt]{article}
\documentclass[10pt]{article}
\usepackage{graphics}
\usepackage{hevea}
@ -8,6 +8,7 @@
\newcommand{\imgscale}{0.7}
\newcommand{\ns}[1]{\texttt{#1}}
\newcommand{\ejabberd}{\texttt{ejabberd}}
\newcommand{\Jabber}{Jabber}
@ -144,7 +145,7 @@ Currently three modules implemented:
\item \texttt{ejabberd\_c2s}: serves C2S connections;
\item \texttt{ejabberd\_s2s\_in}: serves incoming S2S connections;
\item \texttt{ejabberd\_service}: serves connections to \Jabber{} services (i.e.
that used \texttt{jabber:component:accept} namespace).
that use \texttt{jabber:component:accept} namespace).
\end{itemize}
For example, following configuration defines that C2S connections listened on
@ -162,7 +163,54 @@ must be connected to port 8888 with password ``\texttt{secret}''.
\subsubsection{Access Rules}
\label{sec:configaccess}
TBD
Access control in \ejabberd{} is done via Access Control Lists (ACL). In
config file they looks like this:
\begin{verbatim}
{acl, <aclname>, {<acltype>, ...}}.
\end{verbatim}
\texttt{<acltype>} can be one of following:
\begin{description}
\item[\texttt{all}] Matches all JIDs. Example:
\begin{verbatim}
{acl, all, all}.
\end{verbatim}
\item[\texttt{\{user, <username>\}}] Matches local user with name
\texttt{<username>}. Example:
\begin{verbatim}
{acl, admin, {user, "aleksey"}}.
\end{verbatim}
\item[\texttt{\{user, <username>, <server>\}}] Matches user with JID
\texttt{<username>@<server>}. Example:
\begin{verbatim}
{acl, admin, {user, "aleksey", "jabber.ru"}}.
\end{verbatim}
\item[\texttt{\{server, <server>\}}] Matches any JID from server
\texttt{<server>}. Example:
\begin{verbatim}
{acl, jabberorg, {server, "jabber.org"}}.
\end{verbatim}
\end{description}
Allowing or denying of different services is like this:
\begin{verbatim}
{access, <accessname>, [{allow, <aclname>},
{deny, <aclname>},
...
]}.
\end{verbatim}
When JID is checked to have access to \texttt{<accessname>}, server
sequentially checks if this JID in one of the ACLs that are second elements in
eache tuple in list. If one of them matched, then returned first element of
matched tuple. Else returned ``\texttt{deny}''.
Example:
\begin{verbatim}
{access, configure, [{allow, admin}]}.
{access, something, [{deny, badmans},
{allow, all}]}.
\end{verbatim}
\subsubsection{Modules}
@ -183,7 +231,7 @@ Example:
{mod_stats, []},
{mod_vcard, []},
{mod_offline, []},
{mod_echo, [{host, "echo.e.localhost"}]},
{mod_echo, [{host, "echo.localhost"}]},
{mod_private, []},
{mod_time, [{iqdisc, no_queue}]},
{mod_version, []}
@ -206,7 +254,58 @@ TBD
\label{sec:distribution}
\subsection{How it works}
\label{sec:howitworks}
\Jabber{} domain is served by one or more \ejabberd{} nodes. This nodes can be
runned on different computers that can be connected via network. They all must
have access to connect to port 4369 of all another nodes, and must have same
magic cookie (see Erlang/OTP documentation, in short file
\texttt{\~ejabberd/.erlang.cookie} must be the same on all nodes). This is
needed because all nodes exchange information about connected users, S2S
connection ,registered services, etc...
Each \ejabberd{} node run following modules:
\begin{itemize}
\item router;
\item local router.
\item session manager;
\item S2S manager;
\end{itemize}
\subsubsection{Router}
This module is the main router of \Jabber{} packets on each node. It route
them based on their destanations domains. It have two tables: local and global
routes. First, domain of packet destination searched in local table, and if it
finded, then packet routed to appropriate process. If no, then it searched in
global table, and routed to appropriate \ejabberd{} node or process. If it not
exists in both tables, then it sended to S2S manager.
\subsubsection{Local Router}
This module route packets which have destination domain equal to this server
name. If destination JID have node, then it routed to session manager, else it
processed depending on it content.
\subsubsection{Session Manager}
This module route packets to local users. It search to what user resource
packet must be sended via presence table. If this reseouce connected to this
node, it routed to C2S process, if it connected via another node, then packet
sended to session manager on it.
\subsubsection{S2S Manager}
This module route packets to another \Jabber{} servers. First, it check if
to domain of packet destination from domain of source already opened S2S
connection. If it opened on another node, then it routed to S2S manager on
that node, if it opened on this node, then it routed to process that serve this
connection, and if this connection not exists, then it opened and registered.
\section{Built-in Modules}
@ -250,6 +349,23 @@ Example:
]}.
\end{verbatim}
\subsubsection{Option \texttt{host}}
Some modules may act as services, and wants to have different domain name.
This option explicitly defines this name.
Example:
\begin{verbatim}
{modules, [
...
{mod_echo, [{host, "echo.myjabber.org"}]},
...
]}.
\end{verbatim}
\subsection{\modregister{}}
\label{sec:modregister}
@ -273,7 +389,16 @@ Example:
\subsection{\modstats{}}
\label{sec:modstats}
This module adds support of
\footahref{http://www.jabber.org/jeps/jep-0039.html}{JEP-0039} (Statistics Gathering).
Options:
\begin{description}
\item[\texttt{iqdisc}] \ns{http://jabber.org/protocol/stats} IQ queries
processing discipline.
\end{description}
TBD about access.
\subsection{\modvcard{}}
\label{sec:modvcard}
@ -293,16 +418,36 @@ Example:
\subsection{\modprivate{}}
\label{sec:modprivate}
This module adds support of
\footahref{http://www.jabber.org/jeps/jep-0049.html}{JEP-0049} (Private XML
Storage).
Options:
\begin{description}
\item[\texttt{iqdisc}] \ns{jabber:iq:private} IQ queries processing discipline.
\end{description}
\subsection{\modtime{}}
\label{sec:modtime}
This module answers UTC time on \ns{jabber:iq:time} queries.
Options:
\begin{description}
\item[\texttt{iqdisc}] \ns{jabber:iq:time} IQ queries processing discipline.
\end{description}
\subsection{\modversion{}}
\label{sec:modversion}
This module answers \ejabberd{} version on \ns{jabber:iq:version} queries.
Options:
\begin{description}
\item[\texttt{iqdisc}] \ns{jabber:iq:version} IQ queries processing discipline.
\end{description}

View File

@ -21,17 +21,6 @@
start() ->
register(ejabberd_local, spawn(ejabberd_local, init, [])),
%mod_register:start(one_queue),
%mod_roster:start(one_queue),
%mod_configure:start(one_queue),
%mod_disco:start(one_queue),
%mod_stats:start(one_queue),
%mod_vcard:start(one_queue),
%mod_offline:start(),
%mod_echo:start(),
%mod_private:start(one_queue),
%mod_time:start(one_queue),
%mod_version:start(one_queue),
ok.
init() ->