mirror of
https://github.com/processone/ejabberd.git
synced 2024-11-22 16:20:52 +01:00
An AccessCommand with Access 'all', don't require auth to execute it.
SVN Revision: 2866
This commit is contained in:
parent
bb926f8f87
commit
cfc9089e51
@ -3462,9 +3462,8 @@ Arguments = [ {ArgumentName, ArgumentValue}, ...]
|
||||
ArgumentName = atom()
|
||||
ArgumentValue = any()
|
||||
</PRE><P>The default value is to not define any restriction: <TT>[]</TT>.
|
||||
If at least one restriction is defined, then the frontend expects
|
||||
that authentication information is provided when executing a command.
|
||||
The authentication information is Username, Hostname and Password of a local XMPP account
|
||||
The authentication information is provided when executing a command,
|
||||
and is Username, Hostname and Password of a local XMPP account
|
||||
that has permission to execute the corresponding command.
|
||||
This means that the account must be registered in the local ejabberd,
|
||||
because the information will be verified.
|
||||
|
@ -4417,9 +4417,8 @@ ArgumentValue = any()
|
||||
\end{verbatim}
|
||||
|
||||
The default value is to not define any restriction: \term{[]}.
|
||||
If at least one restriction is defined, then the frontend expects
|
||||
that authentication information is provided when executing a command.
|
||||
The authentication information is Username, Hostname and Password of a local XMPP account
|
||||
The authentication information is provided when executing a command,
|
||||
and is Username, Hostname and Password of a local XMPP account
|
||||
that has permission to execute the corresponding command.
|
||||
This means that the account must be registered in the local ejabberd,
|
||||
because the information will be verified.
|
||||
|
@ -356,15 +356,14 @@ get_tags_commands() ->
|
||||
%% @doc Check access is allowed to that command.
|
||||
%% At least one AccessCommand must be satisfied.
|
||||
%% It may throw {error, Error} where:
|
||||
%% Error = account_unprivileged | invalid_account_data | no_auth_provided
|
||||
%% Error = account_unprivileged | invalid_account_data
|
||||
check_access_commands([], _Auth, _Method, _Command, _Arguments) ->
|
||||
ok;
|
||||
check_access_commands(AccessCommands, Auth, Method, Command, Arguments) ->
|
||||
{ok, User, Server} = check_auth(Auth),
|
||||
AccessCommandsAllowed =
|
||||
lists:filter(
|
||||
fun({Access, Commands, ArgumentRestrictions}) ->
|
||||
case check_access(Access, User, Server) of
|
||||
case check_access(Access, Auth) of
|
||||
true ->
|
||||
check_access_command(Commands, Command, ArgumentRestrictions,
|
||||
Method, Arguments);
|
||||
@ -379,7 +378,7 @@ check_access_commands(AccessCommands, Auth, Method, Command, Arguments) ->
|
||||
end.
|
||||
|
||||
check_auth(noauth) ->
|
||||
throw({error, no_auth_provided});
|
||||
no_auth_provided;
|
||||
check_auth({User, Server, Password}) ->
|
||||
%% Check the account exists and password is valid
|
||||
AccountPass = ejabberd_auth:get_password_s(User, Server),
|
||||
@ -394,7 +393,10 @@ get_md5(AccountPass) ->
|
||||
lists:flatten([io_lib:format("~.16B", [X])
|
||||
|| X <- binary_to_list(crypto:md5(AccountPass))]).
|
||||
|
||||
check_access(Access, User, Server) ->
|
||||
check_access(all, _) ->
|
||||
true;
|
||||
check_access(Access, Auth) ->
|
||||
{ok, User, Server} = check_auth(Auth),
|
||||
%% Check this user has access permission
|
||||
case acl:match_rule(Server, Access, exmpp_jid:make(User, Server, "")) of
|
||||
allow -> true;
|
||||
|
Loading…
Reference in New Issue
Block a user