diff options
| author | Alexey Shchepin <alexey@process-one.net> | 2003-10-11 17:39:36 +0000 |
|---|---|---|
| committer | Alexey Shchepin <alexey@process-one.net> | 2003-10-11 17:39:36 +0000 |
| commit | 146d464f96228db6e61c3ca9bdff4990fea25343 (patch) | |
| tree | 50575683e24d735c40a25a72dc99d89c35f82dea | |
| parent | * src/stringprep/stringprep_drv.c: Removed needless iconv.h (diff) | |
* doc/guide.tex: Updated
* src/ejabberd.cfg: Added "register" rule, added some comments,
this file renamed to ejabberd.cfg.example
* src/mod_register.erl (try_register): Fixed error reply, added
check for "register" access rule
* src/stringprep/Makefile.win32: Added Makefile for Win32 (thanks
to Sergei Golovan)
SVN Revision: 148
| -rw-r--r-- | ChangeLog | 13 | ||||
| -rw-r--r-- | doc/guide.html | 39 | ||||
| -rw-r--r-- | doc/guide.tex | 42 | ||||
| -rw-r--r-- | src/ejabberd.cfg.example (renamed from src/ejabberd.cfg) | 48 | ||||
| -rw-r--r-- | src/ejabberd_listener.erl | 3 | ||||
| -rw-r--r-- | src/jlib.erl | 34 | ||||
| -rw-r--r-- | src/mod_register.erl | 20 | ||||
| -rw-r--r-- | src/stringprep/Makefile.win32 | 40 |
8 files changed, 180 insertions, 59 deletions
@@ -1,5 +1,18 @@ +2003-10-11 Alexey Shchepin <alexey@sevcom.net> + + * doc/guide.tex: Updated + + * src/ejabberd.cfg: Added "register" rule, added some comments, + this file renamed to ejabberd.cfg.example + + * src/mod_register.erl (try_register): Fixed error reply, added + check for "register" access rule + 2003-10-10 Alexey Shchepin <alexey@sevcom.net> + * src/stringprep/Makefile.win32: Added Makefile for Win32 (thanks + to Sergei Golovan) + * src/stringprep/stringprep_drv.c: Removed needless iconv.h include diff --git a/doc/guide.html b/doc/guide.html index b67031a2..1cd15fec 100644 --- a/doc/guide.html +++ b/doc/guide.html @@ -695,13 +695,14 @@ these queries. Possible values are: be processed until finished this. Hence this discipline is not recommended if processing of query can take relative many time. <DT><B><TT>one_queue</TT></B><DD> In this case created separate queue for processing - IQ queries of namespace with this discipline, and processing of this queue - done in parallel with processing of other packets. This discipline is most + of IQ queries of namespace with this discipline, and processing of this queue + is done in parallel with processing of other packets. This discipline is most recommended. <DT><B><TT>parallel</TT></B><DD> In this case for all packets with this discipline spawned separate Erlang process, so all these packets processed in parallel. - Although spawning of Erlang process have relative low cost, this can broke - server normal work, because Erlang have limit of 32000 processes. + Although spawning of Erlang process have relatively low cost, this can broke + server normal work, because Erlang emulator have limit on number of processes + (32000 by default). </DL> Example: <PRE> @@ -731,6 +732,33 @@ Example: <H3><A NAME="htoc35">A.2</A> <TT>mod_register</TT></H3><!--SEC END --> <A NAME="sec:modregister"></A> +This module adds support for +<A HREF="http://www.jabber.org/jeps/jep-0077.html">JEP-0077</A> (In-Band +Registration). There is possible to restrict registration via ``register'' +access rule. If this rule returns ``deny'' on requested user name, then +registration is not allowed for it.<BR> +<BR> +Options: +<DL COMPACT=compact><DT> +<B><TT>iqdisc</TT></B><DD> <TT>jabber:iq:register</TT> IQ queries processing + discipline. +</DL> +Example: +<PRE> +% Deny registration for users with too short name +{acl, shortname, {user_glob, "?"}}. +{acl, shortname, {user_glob, "??"}}. +% Another variant: {acl, shortname, {user_regexp, "^..?$"}}. + +{access, register, [{deny, shortname}, + {allow, all}]}. + +{modules, [ + ... + {mod_register, []}, + ... + ]}. +</PRE> <!--TOC subsection <TT>mod_roster</TT>--> <H3><A NAME="htoc36">A.3</A> <TT>mod_roster</TT></H3><!--SEC END --> @@ -772,7 +800,8 @@ Example: <A NAME="sec:modstats"></A> This module adds support for -<A HREF="http://www.jabber.org/jeps/jep-0039.html">JEP-0039</A> (Statistics Gathering).<BR> +<A HREF="http://www.jabber.org/jeps/jep-0039.html">JEP-0039</A> (Statistics +Gathering).<BR> <BR> Options: <DL COMPACT=compact><DT> diff --git a/doc/guide.tex b/doc/guide.tex index e07f9340..53bbdd03 100644 --- a/doc/guide.tex +++ b/doc/guide.tex @@ -658,13 +658,14 @@ these queries. Possible values are: be processed until finished this. Hence this discipline is not recommended if processing of query can take relative many time. \item[\texttt{one\_queue}] In this case created separate queue for processing - IQ queries of namespace with this discipline, and processing of this queue - done in parallel with processing of other packets. This discipline is most + of IQ queries of namespace with this discipline, and processing of this queue + is done in parallel with processing of other packets. This discipline is most recommended. \item[\texttt{parallel}] In this case for all packets with this discipline spawned separate Erlang process, so all these packets processed in parallel. - Although spawning of Erlang process have relative low cost, this can broke - server normal work, because Erlang have limit of 32000 processes. + Although spawning of Erlang process have relatively low cost, this can broke + server normal work, because Erlang emulator have limit on number of processes + (32000 by default). \end{description} Example: @@ -696,6 +697,36 @@ Example: \subsection{\modregister{}} \label{sec:modregister} +This module adds support for +\footahref{http://www.jabber.org/jeps/jep-0077.html}{JEP-0077} (In-Band +Registration). There is possible to restrict registration via ``register'' +access rule. If this rule returns ``deny'' on requested user name, then +registration is not allowed for it. + +Options: +\begin{description} +\item[\texttt{iqdisc}] \ns{jabber:iq:register} IQ queries processing + discipline. +\end{description} + +Example: +\begin{verbatim} +% Deny registration for users with too short name +{acl, shortname, {user_glob, "?"}}. +{acl, shortname, {user_glob, "??"}}. +% Another variant: {acl, shortname, {user_regexp, "^..?$"}}. + +{access, register, [{deny, shortname}, + {allow, all}]}. + +{modules, [ + ... + {mod_register, []}, + ... + ]}. +\end{verbatim} + + \subsection{\modroster{}} @@ -738,7 +769,8 @@ Example: \label{sec:modstats} This module adds support for -\footahref{http://www.jabber.org/jeps/jep-0039.html}{JEP-0039} (Statistics Gathering). +\footahref{http://www.jabber.org/jeps/jep-0039.html}{JEP-0039} (Statistics +Gathering). Options: \begin{description} diff --git a/src/ejabberd.cfg b/src/ejabberd.cfg.example index 7c4bf9cd..2cc561b6 100644 --- a/src/ejabberd.cfg +++ b/src/ejabberd.cfg.example @@ -2,45 +2,51 @@ %override_acls. -{acl, admin, {user, "aleksey"}}. -{acl, admin, {user, "ermine"}}. -{acl, admin, {user, "test"}}. -{acl, admin, {user, "aleksey", "jabber.ru"}}. -{acl, admin, {user, "ermine", "jabber.ru"}}. +% Users that have admin access. Add line like one of the following after you +% will be successfully registered on server to get admin access: +%{acl, admin, {user, "aleksey"}}. +%{acl, admin, {user, "ermine"}}. -{acl, blocked, {user, "test2"}}. - -{acl, jabberorg, {server, "jabber.org"}}. -{acl, aleksey, {user, "aleksey", "jabber.ru"}}. +% Blocked users: +%{acl, blocked, {user, "test"}}. +% Another examples of ACLs: +%{acl, jabberorg, {server, "jabber.org"}}. +%{acl, aleksey, {user, "aleksey", "jabber.ru"}}. %{acl, test, {user_regexp, "^test"}}. -%{acl, test2, {user_glob, "test*"}}. +%{acl, test, {user_glob, "test*"}}. -{shaper, normal, {maxrate, 1000}}. +% Only admins can use configuration interface: +{access, configure, [{allow, admin}]}. +% Every username can be registered via in-band registration: +{access, register, [{allow, all}]}. -{access, disco_admin, [{allow, admin}, - {deny, all}]}. - -{access, configure, [{allow, admin}]}. +% Only non-blocked users can use c2s connections: {access, c2s, [{deny, blocked}, {allow, all}]}. +% Set shaper with name "normal" to limit traffic speed to 1000B/s +{shaper, normal, {maxrate, 1000}}. +% For all users except admins used "normal" shaper {access, c2s_shaper, [{none, admin}, {normal, all}]}. +% Admins of this server are also admins of MUC service: {access, muc_admin, [{allow, admin}]}. +% Host name: +{host, "localhost"}. -{host, "e.localhost"}. -{listen, [{5522, ejabberd_c2s, [{access, c2s}, +% Listened ports: +{listen, [{5222, ejabberd_c2s, [{access, c2s}, {shaper, c2s_shaper}]}, - {5523, ejabberd_c2s, [{access, c2s}, + {5223, ejabberd_c2s, [{access, c2s}, {ssl, [{certfile, "./ssl.pem"}]}]}, {5269, ejabberd_s2s_in, []}, {8888, ejabberd_service, [{host, @@ -48,9 +54,11 @@ [{password, "asdqwe"}]}]} ]}. -% This value (5569) is only for debugging, must be 5269 -{outgoing_s2s_port, 5569}. +% If SRV lookup fails, then port 5269 used to communicate with other servers +{outgoing_s2s_port, 5269}. + +% Used modules: {modules, [ {mod_register, []}, {mod_roster, []}, diff --git a/src/ejabberd_listener.erl b/src/ejabberd_listener.erl index 9de102be..36dad2e1 100644 --- a/src/ejabberd_listener.erl +++ b/src/ejabberd_listener.erl @@ -52,7 +52,8 @@ init(Port, Module, Opts) -> {ok, ListenSocket} = gen_tcp:listen(Port, [binary, {packet, 0}, {active, false}, - {reuseaddr, true}]), + {reuseaddr, true}, + {nodelay, true}]), accept(ListenSocket, Module, Opts). accept(ListenSocket, Module, Opts) -> diff --git a/src/jlib.erl b/src/jlib.erl index ced40894..839d6739 100644 --- a/src/jlib.erl +++ b/src/jlib.erl @@ -227,25 +227,7 @@ jid_to_string({Node, Server, Resource}) -> is_nodename([]) -> false; is_nodename(J) -> - is_nodename1(J). - -is_nodename1([C | J]) - when (C =< 32) or - (C == $") or - (C == $&) or - (C == $') or - (C == $:) or - (C == $<) or - (C == $>) or - (C == $@) or - (C == $/) or - (C == 127) - -> - false; -is_nodename1([C | J]) -> - is_nodename1(J); -is_nodename1([]) -> - true. + nodeprep(J). @@ -301,7 +283,19 @@ resourceprep(S) -> jid_tolower(#jid{luser = U, lserver = S, lresource = R}) -> {U, S, R}; jid_tolower({U, S, R}) -> - {tolower(U), tolower(S), R}. + case stringprep:nodeprep(U) of + error -> error; + LUser -> + case stringprep:nameprep(S) of + error -> error; + LServer -> + case stringprep:resourceprep(R) of + error -> error; + LResource -> + {LUser, LServer, LResource} + end + end + end. jid_remove_resource(#jid{} = JID) -> JID#jid{resource = "", lresource = ""}; diff --git a/src/mod_register.erl b/src/mod_register.erl index b480dace..9bf89f05 100644 --- a/src/mod_register.erl +++ b/src/mod_register.erl @@ -116,14 +116,18 @@ try_register(User, Password) -> false -> {error, ?ERR_BAD_REQUEST}; _ -> - case ejabberd_auth:try_register(User, Password) of - {atomic, ok} -> - ok; - {atomic, exists} -> - % TODO: replace to "username unavailable" - {error, ?ERR_NOT_ALLOWED}; - {error, Reason} -> - {error, ?ERR_INTERNAL_SERVER_ERROR} + case acl:match_rule(register, jlib:make_jid(User, ?MYNAME, "")) of + deny -> + {error, ?ERR_CONFLICT}; + allow -> + case ejabberd_auth:try_register(User, Password) of + {atomic, ok} -> + ok; + {atomic, exists} -> + {error, ?ERR_CONFLICT}; + {error, _Reason} -> + {error, ?ERR_INTERNAL_SERVER_ERROR} + end end end. diff --git a/src/stringprep/Makefile.win32 b/src/stringprep/Makefile.win32 new file mode 100644 index 00000000..5339e3d2 --- /dev/null +++ b/src/stringprep/Makefile.win32 @@ -0,0 +1,40 @@ + +include ..\Makefile.inc + +OUTDIR = .. +EFLAGS = -I .. -pz .. + +ALL : $(OUTDIR)\stringprep_drv.dll $(OUTDIR)\stringprep.beam + +CLEAN : + -@erase $(OUTDIR)\stringprep_drv.dll + -@erase $(OUTDIR)\stringprep_drv.exp + -@erase $(OUTDIR)\stringprep_drv.lib + -@erase stringprep_drv.obj + -@erase stringprep_drv.pch + -@erase vc60.idb + -@erase $(OUTDIR)\stringprep.beam + +$(OUTDIR)\stringprep.beam : stringprep.erl + erlc -W $(EFLAGS) -o $(OUTDIR) stringprep.erl + +CPP=cl.exe +CPP_PROJ=/nologo /ML /W3 /GX /O2 /I "$(ERLANG_DIR)\usr\include" /I "$(EI_DIR)\include" /D "WIN32" /D "NDEBUG" /D "_USRDLL" /D "_MBCS" /Fpstringprep_drv.pch /YX /FD /c + +.c.obj:: + $(CPP) @<< + $(CPP_PROJ) $< +<< + +LINK32=link.exe +LINK32_FLAGS=kernel32.lib "$(ERLANG_DIR)\usr\lib\erl_dll.lib" "$(EI_DIR)\lib\ei.lib" "$(EI_DIR)\lib\erl_interface.lib" /nologo /subsystem:console /dll /pdb:none /machine:I386 /out:$(OUTDIR)\stringprep_drv.dll + +LINK32_OBJS=stringprep_drv.obj + +$(OUTDIR)\stringprep_drv.dll : $(LINK32_OBJS) + $(LINK32) @<< + $(LINK32_FLAGS) $(LINK32_OBJS) +<< + +stringprep_drv.obj : stringprep_drv.c + |