ejabberd_service: serves connections to Jabber services (i.e.
- that used jabber:component:accept namespace).
+ that use jabber:component:accept namespace).
For example, following configuration defines that C2S connections listened on
port 5222, S2S on port 5269 and that service conference.jabber.org
must be connected to port 8888 with password ``secret''.
@@ -130,7 +130,48 @@ must be connected to port 8888 with password ``secret''.
3.1.3 Access Rules
-TBD
+Access control in ejabberd is done via Access Control Lists (ACL). In
+config file they looks like this:
+
+{acl, <aclname>, {<acltype>, ...}}.
+<acltype> can be one of following:
+
+-
+all
- Matches all JIDs. Example:
+
+{acl, all, all}.
+
+ - {user, <username>}
- Matches local user with name
+ <username>. Example:
+
+{acl, admin, {user, "aleksey"}}.
+
+ - {user, <username>, <server>}
- Matches user with JID
+ <username>@<server>. Example:
+
+{acl, admin, {user, "aleksey", "jabber.ru"}}.
+
+ - {server, <server>}
- Matches any JID from server
+ <server>. Example:
+
+{acl, jabberorg, {server, "jabber.org"}}.
+
Allowing or denying of different services is like this:
+
+{access, <accessname>, [{allow, <aclname>},
+ {deny, <aclname>},
+ ...
+ ]}.
+When JID is checked to have access to <accessname>, server
+sequentially checks if this JID in one of the ACLs that are second elements in
+eache tuple in list. If one of them matched, then returned first element of
+matched tuple. Else returned ``deny''.
+
+Example:
+
+{access, configure, [{allow, admin}]}.
+{access, something, [{deny, badmans},
+ {allow, all}]}.
+TBD
@@ -151,9 +192,9 @@ Example:
{mod_stats, []},
{mod_vcard, []},
{mod_offline, []},
- {mod_echo, [{host, "echo.e.localhost"}]},
+ {mod_echo, [{host, "echo.localhost"}]},
{mod_private, []},
- {mod_time, [{pdisc, no_queue}]},
+ {mod_time, [{iqdisc, no_queue}]},
{mod_version, []}
]}.
@@ -172,7 +213,63 @@ TBD
4 Distribution
-
+
+
+4.1 How it works
+
+Jabber domain is served by one or more ejabberd nodes. This nodes can be
+runned on different computers that can be connected via network. They all must
+have access to connect to port 4369 of all another nodes, and must have same
+magic cookie (see Erlang/OTP documentation, in short file
+ejabberd/.erlang.cookie must be the same on all nodes). This is
+needed because all nodes exchange information about connected users, S2S
+connection ,registered services, etc...
+
+Each ejabberd node run following modules:
+
+-
+ router;
+
+
- local router.
+
+
- session manager;
+
+
- S2S manager;
+
+
+4.1.1 Router
+This module is the main router of Jabber packets on each node. It route
+them based on their destanations domains. It have two tables: local and global
+routes. First, domain of packet destination searched in local table, and if it
+finded, then packet routed to appropriate process. If no, then it searched in
+global table, and routed to appropriate ejabberd node or process. If it not
+exists in both tables, then it sended to S2S manager.
+
+
+
+4.1.2 Local Router
+This module route packets which have destination domain equal to this server
+name. If destination JID have node, then it routed to session manager, else it
+processed depending on it content.
+
+
+
+4.1.3 Session Manager
+This module route packets to local users. It search to what user resource
+packet must be sended via presence table. If this reseouce connected to this
+node, it routed to C2S process, if it connected via another node, then packet
+sended to session manager on it.
+
+
+
+4.1.4 S2S Manager
+This module route packets to another Jabber servers. First, it check if
+to domain of packet destination from domain of source already opened S2S
+connection. If it opened on another node, then it routed to S2S manager on
+that node, if it opened on this node, then it routed to process that serve this
+connection, and if this connection not exists, then it opened and registered.
+
+
5 Built-in Modules
@@ -209,7 +306,20 @@ queries. Possible values are:
{modules, [
...
- {mod_time, [{pdisc, no_queue}]},
+ {mod_time, [{iqdisc, no_queue}]},
+ ...
+ ]}.
+
+
+5.1.2 Option host
+Some modules may act as services, and wants to have different domain name.
+This option explicitly defines this name.
+
+Example:
+
+{modules, [
+ ...
+ {mod_echo, [{host, "echo.myjabber.org"}]},
...
]}.
@@ -232,7 +342,17 @@ queries. Possible values are:
5.6 mod_stats
-
+This module adds support of
+JEP-0039 (Statistics Gathering).
+
+Options:
+
+-
+iqdisc
- http://jabber.org/protocol/stats IQ queries
+ processing discipline.
+
TBD about access.
+
+
5.7 mod_vcard
@@ -248,15 +368,35 @@ queries. Possible values are:
5.10 mod_private
-
+This module adds support of
+JEP-0049 (Private XML
+Storage).
+
+Options:
+
+-
+iqdisc
- jabber:iq:private IQ queries processing discipline.
+
5.11 mod_time
-
+This module answers UTC time on jabber:iq:time queries.
+
+Options:
+
+-
+iqdisc
- jabber:iq:time IQ queries processing discipline.
+
5.12 mod_version
-
+This module answers ejabberd version on jabber:iq:version queries.
+
+Options:
+
+-
+iqdisc
- jabber:iq:version IQ queries processing discipline.
+
diff --git a/doc/guide.tex b/doc/guide.tex
index 926bc5524..1559cc9f3 100644
--- a/doc/guide.tex
+++ b/doc/guide.tex
@@ -1,4 +1,4 @@
-\documentclass[12pt]{article}
+\documentclass[10pt]{article}
\usepackage{graphics}
\usepackage{hevea}
@@ -8,6 +8,7 @@
\newcommand{\imgscale}{0.7}
+\newcommand{\ns}[1]{\texttt{#1}}
\newcommand{\ejabberd}{\texttt{ejabberd}}
\newcommand{\Jabber}{Jabber}
@@ -144,7 +145,7 @@ Currently three modules implemented:
\item \texttt{ejabberd\_c2s}: serves C2S connections;
\item \texttt{ejabberd\_s2s\_in}: serves incoming S2S connections;
\item \texttt{ejabberd\_service}: serves connections to \Jabber{} services (i.e.
- that used \texttt{jabber:component:accept} namespace).
+ that use \texttt{jabber:component:accept} namespace).
\end{itemize}
For example, following configuration defines that C2S connections listened on
@@ -162,7 +163,54 @@ must be connected to port 8888 with password ``\texttt{secret}''.
\subsubsection{Access Rules}
\label{sec:configaccess}
-TBD
+Access control in \ejabberd{} is done via Access Control Lists (ACL). In
+config file they looks like this:
+\begin{verbatim}
+{acl, , {, ...}}.
+\end{verbatim}
+
+\texttt{} can be one of following:
+\begin{description}
+\item[\texttt{all}] Matches all JIDs. Example:
+\begin{verbatim}
+{acl, all, all}.
+\end{verbatim}
+\item[\texttt{\{user, \}}] Matches local user with name
+ \texttt{}. Example:
+\begin{verbatim}
+{acl, admin, {user, "aleksey"}}.
+\end{verbatim}
+\item[\texttt{\{user, , \}}] Matches user with JID
+ \texttt{@}. Example:
+\begin{verbatim}
+{acl, admin, {user, "aleksey", "jabber.ru"}}.
+\end{verbatim}
+\item[\texttt{\{server, \}}] Matches any JID from server
+ \texttt{}. Example:
+\begin{verbatim}
+{acl, jabberorg, {server, "jabber.org"}}.
+\end{verbatim}
+\end{description}
+
+Allowing or denying of different services is like this:
+\begin{verbatim}
+{access, , [{allow, },
+ {deny, },
+ ...
+ ]}.
+\end{verbatim}
+When JID is checked to have access to \texttt{}, server
+sequentially checks if this JID in one of the ACLs that are second elements in
+eache tuple in list. If one of them matched, then returned first element of
+matched tuple. Else returned ``\texttt{deny}''.
+
+Example:
+\begin{verbatim}
+{access, configure, [{allow, admin}]}.
+{access, something, [{deny, badmans},
+ {allow, all}]}.
+\end{verbatim}
+
\subsubsection{Modules}
@@ -183,7 +231,7 @@ Example:
{mod_stats, []},
{mod_vcard, []},
{mod_offline, []},
- {mod_echo, [{host, "echo.e.localhost"}]},
+ {mod_echo, [{host, "echo.localhost"}]},
{mod_private, []},
{mod_time, [{iqdisc, no_queue}]},
{mod_version, []}
@@ -206,7 +254,58 @@ TBD
\label{sec:distribution}
+\subsection{How it works}
+\label{sec:howitworks}
+\Jabber{} domain is served by one or more \ejabberd{} nodes. This nodes can be
+runned on different computers that can be connected via network. They all must
+have access to connect to port 4369 of all another nodes, and must have same
+magic cookie (see Erlang/OTP documentation, in short file
+\texttt{\~ejabberd/.erlang.cookie} must be the same on all nodes). This is
+needed because all nodes exchange information about connected users, S2S
+connection ,registered services, etc...
+
+Each \ejabberd{} node run following modules:
+\begin{itemize}
+\item router;
+\item local router.
+\item session manager;
+\item S2S manager;
+\end{itemize}
+
+
+\subsubsection{Router}
+
+This module is the main router of \Jabber{} packets on each node. It route
+them based on their destanations domains. It have two tables: local and global
+routes. First, domain of packet destination searched in local table, and if it
+finded, then packet routed to appropriate process. If no, then it searched in
+global table, and routed to appropriate \ejabberd{} node or process. If it not
+exists in both tables, then it sended to S2S manager.
+
+
+\subsubsection{Local Router}
+
+This module route packets which have destination domain equal to this server
+name. If destination JID have node, then it routed to session manager, else it
+processed depending on it content.
+
+
+\subsubsection{Session Manager}
+
+This module route packets to local users. It search to what user resource
+packet must be sended via presence table. If this reseouce connected to this
+node, it routed to C2S process, if it connected via another node, then packet
+sended to session manager on it.
+
+
+\subsubsection{S2S Manager}
+
+This module route packets to another \Jabber{} servers. First, it check if
+to domain of packet destination from domain of source already opened S2S
+connection. If it opened on another node, then it routed to S2S manager on
+that node, if it opened on this node, then it routed to process that serve this
+connection, and if this connection not exists, then it opened and registered.
\section{Built-in Modules}
@@ -250,6 +349,23 @@ Example:
]}.
\end{verbatim}
+
+\subsubsection{Option \texttt{host}}
+
+Some modules may act as services, and wants to have different domain name.
+This option explicitly defines this name.
+
+Example:
+\begin{verbatim}
+{modules, [
+ ...
+ {mod_echo, [{host, "echo.myjabber.org"}]},
+ ...
+ ]}.
+\end{verbatim}
+
+
+
\subsection{\modregister{}}
\label{sec:modregister}
@@ -273,7 +389,16 @@ Example:
\subsection{\modstats{}}
\label{sec:modstats}
+This module adds support of
+\footahref{http://www.jabber.org/jeps/jep-0039.html}{JEP-0039} (Statistics Gathering).
+Options:
+\begin{description}
+\item[\texttt{iqdisc}] \ns{http://jabber.org/protocol/stats} IQ queries
+ processing discipline.
+\end{description}
+
+TBD about access.
\subsection{\modvcard{}}
\label{sec:modvcard}
@@ -293,16 +418,36 @@ Example:
\subsection{\modprivate{}}
\label{sec:modprivate}
+This module adds support of
+\footahref{http://www.jabber.org/jeps/jep-0049.html}{JEP-0049} (Private XML
+Storage).
+Options:
+\begin{description}
+\item[\texttt{iqdisc}] \ns{jabber:iq:private} IQ queries processing discipline.
+\end{description}
\subsection{\modtime{}}
\label{sec:modtime}
+This module answers UTC time on \ns{jabber:iq:time} queries.
+
+Options:
+\begin{description}
+\item[\texttt{iqdisc}] \ns{jabber:iq:time} IQ queries processing discipline.
+\end{description}
\subsection{\modversion{}}
\label{sec:modversion}
+This module answers \ejabberd{} version on \ns{jabber:iq:version} queries.
+
+Options:
+\begin{description}
+\item[\texttt{iqdisc}] \ns{jabber:iq:version} IQ queries processing discipline.
+\end{description}
+
diff --git a/src/ejabberd_local.erl b/src/ejabberd_local.erl
index 88cea3354..c567cbfa6 100644
--- a/src/ejabberd_local.erl
+++ b/src/ejabberd_local.erl
@@ -21,17 +21,6 @@
start() ->
register(ejabberd_local, spawn(ejabberd_local, init, [])),
- %mod_register:start(one_queue),
- %mod_roster:start(one_queue),
- %mod_configure:start(one_queue),
- %mod_disco:start(one_queue),
- %mod_stats:start(one_queue),
- %mod_vcard:start(one_queue),
- %mod_offline:start(),
- %mod_echo:start(),
- %mod_private:start(one_queue),
- %mod_time:start(one_queue),
- %mod_version:start(one_queue),
ok.
init() ->