mirror of
https://github.com/processone/ejabberd.git
synced 2024-11-24 16:23:40 +01:00
* src/mod_configure.erl: Fix access check for vhost configuration
SVN Revision: 1787
This commit is contained in:
Badlop
parent
f0af10e600
commit
eaa1644ebd
@ -1,3 +1,7 @@
|
|||||||
|
2009-01-09 Badlop <badlop@process-one.net>
|
||||||
|
|
||||||
|
* src/mod_configure.erl: Fix access check for vhost configuration
|
||||||
|
|
||||||
2009-01-08 Mickael Remond <mremond@process-one.net>
|
2009-01-08 Mickael Remond <mremond@process-one.net>
|
||||||
|
|
||||||
* src/ejabberd_listener.erl: Define send timeout option to avoid
|
* src/ejabberd_listener.erl: Define send timeout option to avoid
|
||||||
|
|||||||
@ -307,8 +307,10 @@ adhoc_local_items(Acc, From, #jid{lserver = LServer, server = Server} = To,
|
|||||||
{result, Its} -> Its;
|
{result, Its} -> Its;
|
||||||
empty -> []
|
empty -> []
|
||||||
end,
|
end,
|
||||||
|
PermLev = get_permission_level(From),
|
||||||
%% Recursively get all configure commands
|
%% Recursively get all configure commands
|
||||||
Nodes = recursively_get_local_items(LServer, "", Server, Lang),
|
Nodes = recursively_get_local_items(PermLev, LServer, "", Server,
|
||||||
|
Lang),
|
||||||
Nodes1 = lists:filter(
|
Nodes1 = lists:filter(
|
||||||
fun(N) ->
|
fun(N) ->
|
||||||
Nd = xml:get_tag_attr_s("node", N),
|
Nd = xml:get_tag_attr_s("node", N),
|
||||||
@ -325,15 +327,15 @@ adhoc_local_items(Acc, From, #jid{lserver = LServer, server = Server} = To,
|
|||||||
Acc
|
Acc
|
||||||
end.
|
end.
|
||||||
|
|
||||||
recursively_get_local_items(_LServer, "online users", _Server, _Lang) ->
|
recursively_get_local_items(_PermLev, _LServer, "online users", _Server, _Lang) ->
|
||||||
[];
|
[];
|
||||||
|
|
||||||
recursively_get_local_items(_LServer, "all users", _Server, _Lang) ->
|
recursively_get_local_items(_PermLev, _LServer, "all users", _Server, _Lang) ->
|
||||||
[];
|
[];
|
||||||
|
|
||||||
recursively_get_local_items(LServer, Node, Server, Lang) ->
|
recursively_get_local_items(PermLev, LServer, Node, Server, Lang) ->
|
||||||
LNode = tokenize(Node),
|
LNode = tokenize(Node),
|
||||||
Items = case get_local_items(LServer, LNode, Server, Lang) of
|
Items = case get_local_items({PermLev, LServer}, LNode, Server, Lang) of
|
||||||
{result, Res} ->
|
{result, Res} ->
|
||||||
Res;
|
Res;
|
||||||
{error, _Error} ->
|
{error, _Error} ->
|
||||||
@ -348,11 +350,17 @@ recursively_get_local_items(LServer, Node, Server, Lang) ->
|
|||||||
[];
|
[];
|
||||||
true ->
|
true ->
|
||||||
[N, recursively_get_local_items(
|
[N, recursively_get_local_items(
|
||||||
LServer, Nd, Server, Lang)]
|
PermLev, LServer, Nd, Server, Lang)]
|
||||||
end
|
end
|
||||||
end, Items)),
|
end, Items)),
|
||||||
Nodes.
|
Nodes.
|
||||||
|
|
||||||
|
get_permission_level(JID) ->
|
||||||
|
case acl:match_rule(global, configure, JID) of
|
||||||
|
allow -> global;
|
||||||
|
deny -> vhost
|
||||||
|
end.
|
||||||
|
|
||||||
%%%-----------------------------------------------------------------------
|
%%%-----------------------------------------------------------------------
|
||||||
|
|
||||||
-define(ITEMS_RESULT(Allow, LNode, Fallback),
|
-define(ITEMS_RESULT(Allow, LNode, Fallback),
|
||||||
@ -360,7 +368,8 @@ recursively_get_local_items(LServer, Node, Server, Lang) ->
|
|||||||
deny ->
|
deny ->
|
||||||
Fallback;
|
Fallback;
|
||||||
allow ->
|
allow ->
|
||||||
case get_local_items(LServer, LNode,
|
PermLev = get_permission_level(From),
|
||||||
|
case get_local_items({PermLev, LServer}, LNode,
|
||||||
jlib:jid_to_string(To), Lang) of
|
jlib:jid_to_string(To), Lang) of
|
||||||
{result, Res} ->
|
{result, Res} ->
|
||||||
{result, Res};
|
{result, Res};
|
||||||
@ -383,7 +392,8 @@ get_local_items(Acc, From, #jid{lserver = LServer} = To, "", Lang) ->
|
|||||||
deny ->
|
deny ->
|
||||||
{result, Items};
|
{result, Items};
|
||||||
allow ->
|
allow ->
|
||||||
case get_local_items(LServer, [],
|
PermLev = get_permission_level(From),
|
||||||
|
case get_local_items({PermLev, LServer}, [],
|
||||||
jlib:jid_to_string(To), Lang) of
|
jlib:jid_to_string(To), Lang) of
|
||||||
{result, Res} ->
|
{result, Res} ->
|
||||||
{result, Items ++ Res};
|
{result, Items ++ Res};
|
||||||
@ -448,6 +458,9 @@ get_local_items(Acc, From, #jid{lserver = LServer} = To, Node, Lang) ->
|
|||||||
|
|
||||||
%%%-----------------------------------------------------------------------
|
%%%-----------------------------------------------------------------------
|
||||||
|
|
||||||
|
%% @spec ({PermissionLevel, Host}, [string()], Server::string(), Lang)
|
||||||
|
%% -> {result, [xmlelement()]}
|
||||||
|
%% PermissionLevel = global | vhost
|
||||||
get_local_items(_Host, [], Server, Lang) ->
|
get_local_items(_Host, [], Server, Lang) ->
|
||||||
{result,
|
{result,
|
||||||
[?NODE("Configuration", "config"),
|
[?NODE("Configuration", "config"),
|
||||||
@ -484,13 +497,13 @@ get_local_items(_Host, ["user"], Server, Lang) ->
|
|||||||
get_local_items(_Host, ["http:" | _], _Server, _Lang) ->
|
get_local_items(_Host, ["http:" | _], _Server, _Lang) ->
|
||||||
{result, []};
|
{result, []};
|
||||||
|
|
||||||
get_local_items(Host, ["online users"], _Server, _Lang) ->
|
get_local_items({_, Host}, ["online users"], _Server, _Lang) ->
|
||||||
{result, get_online_vh_users(Host)};
|
{result, get_online_vh_users(Host)};
|
||||||
|
|
||||||
get_local_items(Host, ["all users"], _Server, _Lang) ->
|
get_local_items({_, Host}, ["all users"], _Server, _Lang) ->
|
||||||
{result, get_all_vh_users(Host)};
|
{result, get_all_vh_users(Host)};
|
||||||
|
|
||||||
get_local_items(Host, ["all users", [$@ | Diap]], _Server, _Lang) ->
|
get_local_items({_, Host}, ["all users", [$@ | Diap]], _Server, _Lang) ->
|
||||||
case catch ejabberd_auth:get_vh_registered_users(Host) of
|
case catch ejabberd_auth:get_vh_registered_users(Host) of
|
||||||
{'EXIT', _Reason} ->
|
{'EXIT', _Reason} ->
|
||||||
?ERR_INTERNAL_SERVER_ERROR;
|
?ERR_INTERNAL_SERVER_ERROR;
|
||||||
@ -514,10 +527,10 @@ get_local_items(Host, ["all users", [$@ | Diap]], _Server, _Lang) ->
|
|||||||
end
|
end
|
||||||
end;
|
end;
|
||||||
|
|
||||||
get_local_items(Host, ["outgoing s2s"], _Server, Lang) ->
|
get_local_items({_, Host}, ["outgoing s2s"], _Server, Lang) ->
|
||||||
{result, get_outgoing_s2s(Host, Lang)};
|
{result, get_outgoing_s2s(Host, Lang)};
|
||||||
|
|
||||||
get_local_items(Host, ["outgoing s2s", To], _Server, Lang) ->
|
get_local_items({_, Host}, ["outgoing s2s", To], _Server, Lang) ->
|
||||||
{result, get_outgoing_s2s(Host, Lang, To)};
|
{result, get_outgoing_s2s(Host, Lang, To)};
|
||||||
|
|
||||||
get_local_items(_Host, ["running nodes"], Server, Lang) ->
|
get_local_items(_Host, ["running nodes"], Server, Lang) ->
|
||||||
@ -526,7 +539,7 @@ get_local_items(_Host, ["running nodes"], Server, Lang) ->
|
|||||||
get_local_items(_Host, ["stopped nodes"], _Server, Lang) ->
|
get_local_items(_Host, ["stopped nodes"], _Server, Lang) ->
|
||||||
{result, get_stopped_nodes(Lang)};
|
{result, get_stopped_nodes(Lang)};
|
||||||
|
|
||||||
get_local_items(_Host, ["running nodes", ENode], Server, Lang) ->
|
get_local_items({global, _Host}, ["running nodes", ENode], Server, Lang) ->
|
||||||
{result,
|
{result,
|
||||||
[?NODE("Database", "running nodes/" ++ ENode ++ "/DB"),
|
[?NODE("Database", "running nodes/" ++ ENode ++ "/DB"),
|
||||||
?NODE("Modules", "running nodes/" ++ ENode ++ "/modules"),
|
?NODE("Modules", "running nodes/" ++ ENode ++ "/modules"),
|
||||||
@ -537,6 +550,11 @@ get_local_items(_Host, ["running nodes", ENode], Server, Lang) ->
|
|||||||
?NODE("Shut Down Service", "running nodes/" ++ ENode ++ "/shutdown")
|
?NODE("Shut Down Service", "running nodes/" ++ ENode ++ "/shutdown")
|
||||||
]};
|
]};
|
||||||
|
|
||||||
|
get_local_items({vhost, _Host}, ["running nodes", ENode], Server, Lang) ->
|
||||||
|
{result,
|
||||||
|
[?NODE("Modules", "running nodes/" ++ ENode ++ "/modules")
|
||||||
|
]};
|
||||||
|
|
||||||
get_local_items(_Host, ["running nodes", _ENode, "DB"], _Server, _Lang) ->
|
get_local_items(_Host, ["running nodes", _ENode, "DB"], _Server, _Lang) ->
|
||||||
{result, []};
|
{result, []};
|
||||||
|
|
||||||
@ -708,8 +726,8 @@ get_stopped_nodes(_Lang) ->
|
|||||||
|
|
||||||
%%-------------------------------------------------------------------------
|
%%-------------------------------------------------------------------------
|
||||||
|
|
||||||
-define(COMMANDS_RESULT(Allow, From, To, Request),
|
-define(COMMANDS_RESULT(LServerOrGlobal, From, To, Request),
|
||||||
case Allow of
|
case acl:match_rule(LServerOrGlobal, configure, From) of
|
||||||
deny ->
|
deny ->
|
||||||
{error, ?ERR_FORBIDDEN};
|
{error, ?ERR_FORBIDDEN};
|
||||||
allow ->
|
allow ->
|
||||||
@ -719,24 +737,23 @@ get_stopped_nodes(_Lang) ->
|
|||||||
adhoc_local_commands(Acc, From, #jid{lserver = LServer} = To,
|
adhoc_local_commands(Acc, From, #jid{lserver = LServer} = To,
|
||||||
#adhoc_request{node = Node} = Request) ->
|
#adhoc_request{node = Node} = Request) ->
|
||||||
LNode = tokenize(Node),
|
LNode = tokenize(Node),
|
||||||
Allow = acl:match_rule(LServer, configure, From),
|
|
||||||
case LNode of
|
case LNode of
|
||||||
["running nodes", _ENode, "DB"] ->
|
["running nodes", _ENode, "DB"] ->
|
||||||
?COMMANDS_RESULT(Allow, From, To, Request);
|
?COMMANDS_RESULT(global, From, To, Request);
|
||||||
["running nodes", _ENode, "modules", _] ->
|
["running nodes", _ENode, "modules", _] ->
|
||||||
?COMMANDS_RESULT(Allow, From, To, Request);
|
?COMMANDS_RESULT(LServer, From, To, Request);
|
||||||
["running nodes", _ENode, "backup", _] ->
|
["running nodes", _ENode, "backup", _] ->
|
||||||
?COMMANDS_RESULT(Allow, From, To, Request);
|
?COMMANDS_RESULT(global, From, To, Request);
|
||||||
["running nodes", _ENode, "import", _] ->
|
["running nodes", _ENode, "import", _] ->
|
||||||
?COMMANDS_RESULT(Allow, From, To, Request);
|
?COMMANDS_RESULT(global, From, To, Request);
|
||||||
["running nodes", _ENode, "restart"] ->
|
["running nodes", _ENode, "restart"] ->
|
||||||
?COMMANDS_RESULT(Allow, From, To, Request);
|
?COMMANDS_RESULT(global, From, To, Request);
|
||||||
["running nodes", _ENode, "shutdown"] ->
|
["running nodes", _ENode, "shutdown"] ->
|
||||||
?COMMANDS_RESULT(Allow, From, To, Request);
|
?COMMANDS_RESULT(global, From, To, Request);
|
||||||
["config", _] ->
|
["config", _] ->
|
||||||
?COMMANDS_RESULT(Allow, From, To, Request);
|
?COMMANDS_RESULT(LServer, From, To, Request);
|
||||||
?NS_ADMINL(_) ->
|
?NS_ADMINL(_) ->
|
||||||
?COMMANDS_RESULT(Allow, From, To, Request);
|
?COMMANDS_RESULT(LServer, From, To, Request);
|
||||||
_ ->
|
_ ->
|
||||||
Acc
|
Acc
|
||||||
end.
|
end.
|
||||||
@ -1540,7 +1557,7 @@ set_form(_From, Host, ["config", "access"], _Lang, XData) ->
|
|||||||
{error, ?ERR_BAD_REQUEST}
|
{error, ?ERR_BAD_REQUEST}
|
||||||
end;
|
end;
|
||||||
|
|
||||||
set_form(_From, _Host, ?NS_ADMINL("add-user"), _Lang, XData) ->
|
set_form(From, Host, ?NS_ADMINL("add-user"), _Lang, XData) ->
|
||||||
AccountString = get_value("accountjid", XData),
|
AccountString = get_value("accountjid", XData),
|
||||||
Password = get_value("password", XData),
|
Password = get_value("password", XData),
|
||||||
Password = get_value("password-verify", XData),
|
Password = get_value("password-verify", XData),
|
||||||
@ -1548,10 +1565,11 @@ set_form(_From, _Host, ?NS_ADMINL("add-user"), _Lang, XData) ->
|
|||||||
User = AccountJID#jid.luser,
|
User = AccountJID#jid.luser,
|
||||||
Server = AccountJID#jid.lserver,
|
Server = AccountJID#jid.lserver,
|
||||||
true = lists:member(Server, ?MYHOSTS),
|
true = lists:member(Server, ?MYHOSTS),
|
||||||
|
true = (Server == Host) orelse (get_permission_level(From) == global),
|
||||||
ejabberd_auth:try_register(User, Server, Password),
|
ejabberd_auth:try_register(User, Server, Password),
|
||||||
{result, []};
|
{result, []};
|
||||||
|
|
||||||
set_form(_From, _Host, ?NS_ADMINL("delete-user"), _Lang, XData) ->
|
set_form(From, Host, ?NS_ADMINL("delete-user"), _Lang, XData) ->
|
||||||
AccountStringList = get_values("accountjids", XData),
|
AccountStringList = get_values("accountjids", XData),
|
||||||
[_|_] = AccountStringList,
|
[_|_] = AccountStringList,
|
||||||
ASL2 = lists:map(
|
ASL2 = lists:map(
|
||||||
@ -1559,7 +1577,8 @@ set_form(_From, _Host, ?NS_ADMINL("delete-user"), _Lang, XData) ->
|
|||||||
JID = jlib:string_to_jid(AccountString),
|
JID = jlib:string_to_jid(AccountString),
|
||||||
[_|_] = JID#jid.luser,
|
[_|_] = JID#jid.luser,
|
||||||
User = JID#jid.luser,
|
User = JID#jid.luser,
|
||||||
Server = JID#jid.lserver,
|
Server = JID#jid.lserver,
|
||||||
|
true = (Server == Host) orelse (get_permission_level(From) == global),
|
||||||
true = ejabberd_auth:is_user_exists(User, Server),
|
true = ejabberd_auth:is_user_exists(User, Server),
|
||||||
{User, Server}
|
{User, Server}
|
||||||
end,
|
end,
|
||||||
@ -1567,12 +1586,13 @@ set_form(_From, _Host, ?NS_ADMINL("delete-user"), _Lang, XData) ->
|
|||||||
[ejabberd_auth:remove_user(User, Server) || {User, Server} <- ASL2],
|
[ejabberd_auth:remove_user(User, Server) || {User, Server} <- ASL2],
|
||||||
{result, []};
|
{result, []};
|
||||||
|
|
||||||
set_form(_From, _Host, ?NS_ADMINL("end-user-session"), _Lang, XData) ->
|
set_form(From, Host, ?NS_ADMINL("end-user-session"), _Lang, XData) ->
|
||||||
AccountString = get_value("accountjid", XData),
|
AccountString = get_value("accountjid", XData),
|
||||||
JID = jlib:string_to_jid(AccountString),
|
JID = jlib:string_to_jid(AccountString),
|
||||||
[_|_] = JID#jid.luser,
|
[_|_] = JID#jid.luser,
|
||||||
LUser = JID#jid.luser,
|
LUser = JID#jid.luser,
|
||||||
LServer = JID#jid.lserver,
|
LServer = JID#jid.lserver,
|
||||||
|
true = (LServer == Host) orelse (get_permission_level(From) == global),
|
||||||
%% Code copied from ejabberd_sm.erl
|
%% Code copied from ejabberd_sm.erl
|
||||||
case JID#jid.lresource of
|
case JID#jid.lresource of
|
||||||
[] ->
|
[] ->
|
||||||
@ -1586,12 +1606,13 @@ set_form(_From, _Host, ?NS_ADMINL("end-user-session"), _Lang, XData) ->
|
|||||||
end,
|
end,
|
||||||
{result, []};
|
{result, []};
|
||||||
|
|
||||||
set_form(_From, _Host, ?NS_ADMINL("get-user-password"), Lang, XData) ->
|
set_form(From, Host, ?NS_ADMINL("get-user-password"), Lang, XData) ->
|
||||||
AccountString = get_value("accountjid", XData),
|
AccountString = get_value("accountjid", XData),
|
||||||
JID = jlib:string_to_jid(AccountString),
|
JID = jlib:string_to_jid(AccountString),
|
||||||
[_|_] = JID#jid.luser,
|
[_|_] = JID#jid.luser,
|
||||||
User = JID#jid.luser,
|
User = JID#jid.luser,
|
||||||
Server = JID#jid.lserver,
|
Server = JID#jid.lserver,
|
||||||
|
true = (Server == Host) orelse (get_permission_level(From) == global),
|
||||||
Password = ejabberd_auth:get_password(User, Server),
|
Password = ejabberd_auth:get_password(User, Server),
|
||||||
true = is_list(Password),
|
true = is_list(Password),
|
||||||
{result, [{xmlelement, "x", [{"xmlns", ?NS_XDATA}],
|
{result, [{xmlelement, "x", [{"xmlns", ?NS_XDATA}],
|
||||||
@ -1600,23 +1621,25 @@ set_form(_From, _Host, ?NS_ADMINL("get-user-password"), Lang, XData) ->
|
|||||||
?XFIELD("text-single", "Password", "password", Password)
|
?XFIELD("text-single", "Password", "password", Password)
|
||||||
]}]};
|
]}]};
|
||||||
|
|
||||||
set_form(_From, _Host, ?NS_ADMINL("change-user-password"), _Lang, XData) ->
|
set_form(From, Host, ?NS_ADMINL("change-user-password"), _Lang, XData) ->
|
||||||
AccountString = get_value("accountjid", XData),
|
AccountString = get_value("accountjid", XData),
|
||||||
Password = get_value("password", XData),
|
Password = get_value("password", XData),
|
||||||
JID = jlib:string_to_jid(AccountString),
|
JID = jlib:string_to_jid(AccountString),
|
||||||
[_|_] = JID#jid.luser,
|
[_|_] = JID#jid.luser,
|
||||||
User = JID#jid.luser,
|
User = JID#jid.luser,
|
||||||
Server = JID#jid.lserver,
|
Server = JID#jid.lserver,
|
||||||
|
true = (Server == Host) orelse (get_permission_level(From) == global),
|
||||||
true = ejabberd_auth:is_user_exists(User, Server),
|
true = ejabberd_auth:is_user_exists(User, Server),
|
||||||
ejabberd_auth:set_password(User, Server, Password),
|
ejabberd_auth:set_password(User, Server, Password),
|
||||||
{result, []};
|
{result, []};
|
||||||
|
|
||||||
set_form(_From, _Host, ?NS_ADMINL("get-user-lastlogin"), Lang, XData) ->
|
set_form(From, Host, ?NS_ADMINL("get-user-lastlogin"), Lang, XData) ->
|
||||||
AccountString = get_value("accountjid", XData),
|
AccountString = get_value("accountjid", XData),
|
||||||
JID = jlib:string_to_jid(AccountString),
|
JID = jlib:string_to_jid(AccountString),
|
||||||
[_|_] = JID#jid.luser,
|
[_|_] = JID#jid.luser,
|
||||||
User = JID#jid.luser,
|
User = JID#jid.luser,
|
||||||
Server = JID#jid.lserver,
|
Server = JID#jid.lserver,
|
||||||
|
true = (Server == Host) orelse (get_permission_level(From) == global),
|
||||||
|
|
||||||
%% Code copied from web/ejabberd_web_admin.erl
|
%% Code copied from web/ejabberd_web_admin.erl
|
||||||
%% TODO: Update time format to XEP-0202: Entity Time
|
%% TODO: Update time format to XEP-0202: Entity Time
|
||||||
@ -1648,12 +1671,13 @@ set_form(_From, _Host, ?NS_ADMINL("get-user-lastlogin"), Lang, XData) ->
|
|||||||
?XFIELD("text-single", "Last login", "lastlogin", FLast)
|
?XFIELD("text-single", "Last login", "lastlogin", FLast)
|
||||||
]}]};
|
]}]};
|
||||||
|
|
||||||
set_form(_From, _Host, ?NS_ADMINL("user-stats"), Lang, XData) ->
|
set_form(From, Host, ?NS_ADMINL("user-stats"), Lang, XData) ->
|
||||||
AccountString = get_value("accountjid", XData),
|
AccountString = get_value("accountjid", XData),
|
||||||
JID = jlib:string_to_jid(AccountString),
|
JID = jlib:string_to_jid(AccountString),
|
||||||
[_|_] = JID#jid.luser,
|
[_|_] = JID#jid.luser,
|
||||||
User = JID#jid.luser,
|
User = JID#jid.luser,
|
||||||
Server = JID#jid.lserver,
|
Server = JID#jid.lserver,
|
||||||
|
true = (Server == Host) orelse (get_permission_level(From) == global),
|
||||||
|
|
||||||
Resources = ejabberd_sm:get_user_resources(User, Server),
|
Resources = ejabberd_sm:get_user_resources(User, Server),
|
||||||
IPs1 = [ejabberd_sm:get_user_ip(User, Server, Resource) || Resource <- Resources],
|
IPs1 = [ejabberd_sm:get_user_ip(User, Server, Resource) || Resource <- Resources],
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user