diff options
| author | Alexey Shchepin <alexey@process-one.net> | 2003-01-29 20:21:14 +0000 |
|---|---|---|
| committer | Alexey Shchepin <alexey@process-one.net> | 2003-01-29 20:21:14 +0000 |
| commit | 45abdd240cd3f483d9807feb9062f6c743d2373d (patch) | |
| tree | eb44897df3bb6907514db4f7751d6c49a3799cc9 | |
| parent | *** empty log message *** (diff) | |
*** empty log message ***
SVN Revision: 54
Diffstat (limited to '')
| -rw-r--r-- | doc/guide.html | 66 | ||||
| -rw-r--r-- | doc/guide.tex | 67 | ||||
| -rw-r--r-- | src/acl.erl | 56 | ||||
| -rw-r--r-- | src/ejabberd.cfg | 4 |
4 files changed, 168 insertions, 25 deletions
diff --git a/doc/guide.html b/doc/guide.html index bb18b0eab..48d0469c8 100644 --- a/doc/guide.html +++ b/doc/guide.html @@ -17,7 +17,7 @@ <H3 ALIGN=center>Alexey Shchepin<BR><A HREF="mailto:alexey@sevcom.net"><TT>mailto:alexey@sevcom.net</TT></A><BR><A HREF="xmpp:aleksey@jabber.ru"><TT>xmpp:aleksey@jabber.ru</TT></A></H3> -<H3 ALIGN=center>January 26, 2003</H3> <DIV ALIGN=center><IMG SRC="logo.png"> +<H3 ALIGN=center>January 29, 2003</H3> <DIV ALIGN=center><IMG SRC="logo.png"> </DIV><BR> <BR> @@ -96,7 +96,10 @@ erl -name ejabberd -s ejabberd <A NAME="sec:initconfig"></A>Configuration file is loaded after first start of <TT>ejabberd</TT>. It consists of sequence of Erlang terms. Parts of lines after <TT>`%'</TT> sign are ignored. Each term is tuple, where first element is name of option, and other are option -values.<BR> +values. Note, that after first start all values from this file stored in +database, and in next time they will be APPENDED to existing values. E. g. +if this file will not contain ``host'' definition, then old value will be +used.<BR> <BR> <!--TOC subsubsection Host Name--> @@ -160,7 +163,7 @@ config file they looks like this: {acl, admin, {user, "aleksey"}}. </PRE> <DT><TT>{user, <username>, <server>}</TT><DD> Matches user with JID - <TT><username>@<server></TT>. Example: + <TT><username>@<server></TT> and any resource. Example: <PRE> {acl, admin, {user, "aleksey", "jabber.ru"}}. </PRE> @@ -168,7 +171,49 @@ config file they looks like this: <TT><server></TT>. Example: <PRE> {acl, jabberorg, {server, "jabber.org"}}. -</PRE></DL>Allowing or denying of different services is like this: +</PRE> +<DT><TT>{user_regexp, <regexp>}</TT><DD> Matches local user with name that + mathes <TT><regexp></TT>. Example: +<PRE> +{acl, tests, {user, "test.*"}}. +</PRE> +<DT><TT>{user_regexp, <regexp>, <server>}</TT><DD> Matches user with name + that mathes <TT><regexp></TT> and from server <TT><server></TT>. Example: +<PRE> +{acl, tests, {user, "test.*", "localhost"}}. +</PRE> +<DT><TT>{server_regexp, <regexp>}</TT><DD> Matches any JID from server that + matches <TT><regexp></TT>. Example: +<PRE> +{acl, icq, {server, "icq.*"}}. +</PRE> +<DT><TT>{node_regexp, <user_regexp>, <server_regexp>}</TT><DD> Matches user + with name that mathes <TT><user_regexp></TT> and from server that matches + <TT><server_regexp></TT>. Example: +<PRE> +{acl, aleksey, {node_regexp, "aleksey.*", "jabber.(ru|org)"}}. +</PRE> +<DT><TT>{user_glob, <glob>}</TT><DD> + +<DT><TT>{user_glob, <glob>, <server>}</TT><DD> + +<DT><TT>{server_glob, <glob>}</TT><DD> + +<DT><TT>{node_glob, <user_glob>, <server_glob>}</TT><DD> This is same as + above, but use shell glob patterns instead of regexp. This patterns can have + following special characters: + <DL COMPACT=compact> +<DT> + <TT>*</TT><DD> matches any string including the null string. + +<DT><TT>?</TT><DD> matches any single character. + +<DT><TT>[...]</TT><DD> matches any of the enclosed characters. Character + ranges are specified by a pair of characters separated by a <TT>`-'</TT>. + If the first character after <TT>`['</TT> is a <TT>`!'</TT>, then any + character not enclosed is matched. + </DL> +</DL>Allowing or denying of different services is like this: <PRE> {access, <accessname>, [{allow, <aclname>}, {deny, <aclname>}, @@ -215,8 +260,11 @@ Example: <A NAME="sec:onlineconfig"></A>To use facility of online reconfiguration of <TT>ejabberd</TT> needed to have <TT>mod_configure</TT> loaded (see section <A HREF="#sec:modconfigure">5.4</A>). Also highly recommended to load <TT>mod_disco</TT> (see section <A HREF="#sec:moddisco">5.5</A>), because -<TT>mod_configure</TT> highly integrates with it. Also recommended to use -disco- and xdata-capable client.<BR> +<TT>mod_configure</TT> highly integrates with it. Also recommended to use disco- and +xdata-capable client +(<A HREF="http://www.jabber.ru/projects/tkabber/index_en.html">Tkabber</A> +developed synchronously with <TT>ejabberd</TT>, its CVS version use most of +<TT>ejabberd</TT> features).<BR> <BR> TBD<BR> <BR> @@ -232,7 +280,7 @@ TBD<BR> runned on different machines that can be connected via network. They all must have access to connect to port 4369 of all another nodes, and must have same magic cookie (see Erlang/OTP documentation, in short file -<TT>ejabberd/.erlang.cookie</TT> must be the same on all nodes). This is +<TT>~ejabberd/.erlang.cookie</TT> must be the same on all nodes). This is needed because all nodes exchange information about connected users, S2S connection, registered services, etc...<BR> <BR> @@ -275,8 +323,8 @@ sended to session manager on it.<BR> <H4>4.1.4 S2S Manager</H4><!--SEC END --> This module route packets to another Jabber servers. First, it check if -to domain of packet destination from domain of source already opened S2S -connection. If it opened on another node, then it routed to S2S manager on +already exists opened S2S connection from domain of packet source to domain of +destination. If it opened on another node, then it routed to S2S manager on that node, if it opened on this node, then it routed to process that serve this connection, and if this connection not exists, then it opened and registered.<BR> <BR> diff --git a/doc/guide.tex b/doc/guide.tex index 6a42eb947..47061fada 100644 --- a/doc/guide.tex +++ b/doc/guide.tex @@ -30,7 +30,7 @@ \author{Alexey Shchepin \\ \ahrefurl{mailto:alexey@sevcom.net} \\ \ahrefurl{xmpp:aleksey@jabber.ru}} -\date{January 26, 2003} +\date{January 29, 2003} \begin{document} \begin{titlepage} @@ -127,7 +127,10 @@ TBD Configuration file is loaded after first start of \ejabberd{}. It consists of sequence of Erlang terms. Parts of lines after \texttt{`\%'} sign are ignored. Each term is tuple, where first element is name of option, and other are option -values. +values. Note, that after first start all values from this file stored in +database, and in next time they will be APPENDED to existing values. E.\,g.\ +if this file will not contain ``host'' definition, then old value will be +used. \subsubsection{Host Name} @@ -190,21 +193,64 @@ config file they looks like this: \begin{verbatim} {acl, all, all}. \end{verbatim} + \item[\texttt{\{user, <username>\}}] Matches local user with name \texttt{<username>}. Example: \begin{verbatim} {acl, admin, {user, "aleksey"}}. \end{verbatim} + \item[\texttt{\{user, <username>, <server>\}}] Matches user with JID - \texttt{<username>@<server>}. Example: + \texttt{<username>@<server>} and any resource. Example: \begin{verbatim} {acl, admin, {user, "aleksey", "jabber.ru"}}. \end{verbatim} + \item[\texttt{\{server, <server>\}}] Matches any JID from server \texttt{<server>}. Example: \begin{verbatim} {acl, jabberorg, {server, "jabber.org"}}. \end{verbatim} + +\item[\texttt{\{user\_regexp, <regexp>\}}] Matches local user with name that + mathes \texttt{<regexp>}. Example: +\begin{verbatim} +{acl, tests, {user, "test.*"}}. +\end{verbatim} + +\item[\texttt{\{user\_regexp, <regexp>, <server>\}}] Matches user with name + that mathes \texttt{<regexp>} and from server \texttt{<server>}. Example: +\begin{verbatim} +{acl, tests, {user, "test.*", "localhost"}}. +\end{verbatim} + +\item[\texttt{\{server\_regexp, <regexp>\}}] Matches any JID from server that + matches \texttt{<regexp>}. Example: +\begin{verbatim} +{acl, icq, {server, "icq.*"}}. +\end{verbatim} + +\item[\texttt{\{node\_regexp, <user\_regexp>, <server\_regexp>\}}] Matches user + with name that mathes \texttt{<user\_regexp>} and from server that matches + \texttt{<server\_regexp>}. Example: +\begin{verbatim} +{acl, aleksey, {node_regexp, "aleksey.*", "jabber.(ru|org)"}}. +\end{verbatim} + +\item[\texttt{\{user\_glob, <glob>\}}] +\item[\texttt{\{user\_glob, <glob>, <server>\}}] +\item[\texttt{\{server\_glob, <glob>\}}] +\item[\texttt{\{node\_glob, <user\_glob>, <server\_glob>\}}] This is same as + above, but use shell glob patterns instead of regexp. This patterns can have + following special characters: + \begin{description} + \item[\texttt{*}] matches any string including the null string. + \item[\texttt{?}] matches any single character. + \item[\texttt{[\ldots{}]}] matches any of the enclosed characters. Character + ranges are specified by a pair of characters separated by a \texttt{`-'}. + If the first character after \texttt{`['} is a \texttt{`!'}, then any + character not enclosed is matched. + \end{description} \end{description} Allowing or denying of different services is like this: @@ -260,8 +306,11 @@ Example: To use facility of online reconfiguration of \ejabberd{} needed to have \modconfigure{} loaded (see section~\ref{sec:modconfigure}). Also highly recommended to load \moddisco{} (see section~\ref{sec:moddisco}), because -\modconfigure{} highly integrates with it. Also recommended to use -disco- and xdata-capable client. +\modconfigure{} highly integrates with it. Also recommended to use disco- and +xdata-capable client +(\footahref{http://www.jabber.ru/projects/tkabber/index\_en.html}{Tkabber} +developed synchronously with \ejabberd{}, its CVS version use most of +\ejabberd{} features). TBD @@ -276,9 +325,9 @@ TBD runned on different machines that can be connected via network. They all must have access to connect to port 4369 of all another nodes, and must have same magic cookie (see Erlang/OTP documentation, in short file -\texttt{\~ejabberd/.erlang.cookie} must be the same on all nodes). This is +\texttt{\~{}ejabberd/.erlang.cookie} must be the same on all nodes). This is needed because all nodes exchange information about connected users, S2S -connection, registered services, etc\ldots +connections, registered services, etc\ldots Each \ejabberd{} node run following modules: \begin{itemize} @@ -317,8 +366,8 @@ sended to session manager on it. \subsubsection{S2S Manager} This module route packets to another \Jabber{} servers. First, it check if -to domain of packet destination from domain of source already opened S2S -connection. If it opened on another node, then it routed to S2S manager on +already exists opened S2S connection from domain of packet source to domain of +destination. If it opened on another node, then it routed to S2S manager on that node, if it opened on this node, then it routed to process that serve this connection, and if this connection not exists, then it opened and registered. diff --git a/src/acl.erl b/src/acl.erl index 2c8a8e7ca..10bd11fdb 100644 --- a/src/acl.erl +++ b/src/acl.erl @@ -1,7 +1,7 @@ %%%---------------------------------------------------------------------- %%% File : acl.erl %%% Author : Alexey Shchepin <alexey@sevcom.net> -%%% Purpose : +%%% Purpose : ACL support %%% Created : 18 Jan 2003 by Alexey Shchepin <alexey@sevcom.net> %%% Id : $Id$ %%%---------------------------------------------------------------------- @@ -10,14 +10,17 @@ -author('alexey@sevcom.net'). -vsn('$Revision$ '). --export([start/0, add/2, match_rule/2, match_acl/2]). +-export([start/0, + add/2, + match_rule/2, + % for debugging only + match_acl/2]). -include("ejabberd.hrl"). -record(acl, {aclname, aclspec}). start() -> - %ets:new(acls, [bag, named_table, public]), mnesia:create_table(acl, [{disc_copies, [node()]}, {type, bag}, @@ -31,7 +34,6 @@ add(ACLName, ACLSpec) -> mnesia:write(#acl{aclname = ACLName, aclspec = ACLSpec}) end, mnesia:transaction(F). - %ets:insert(acls, {ACLName, ACLData}). match_rule(Rule, JID) -> case ejabberd_config:get_global_option({access, Rule}) of @@ -58,10 +60,50 @@ match_acl(ACL, JID) -> all -> true; {user, U} -> - (U == User) and (?MYNAME == Server); + (U == User) andalso (?MYNAME == Server); {user, U, S} -> - (U == User) and (S == Server); + (U == User) andalso (S == Server); {server, S} -> - S == Server + S == Server; + {user_regexp, UR} -> + (?MYNAME == Server) andalso + is_regexp_match(User, UR); + {user_regexp, UR, S} -> + (S == Server) andalso + is_regexp_match(User, UR); + {server_regexp, SR} -> + is_regexp_match(Server, SR); + {node_regexp, UR, SR} -> + is_regexp_match(Server, SR) andalso + is_regexp_match(User, UR); + {user_glob, UR} -> + (?MYNAME == Server) andalso + is_glob_match(User, UR); + {user_glob, UR, S} -> + (S == Server) andalso + is_glob_match(User, UR); + {server_glob, SR} -> + is_glob_match(Server, SR); + {node_glob, UR, SR} -> + is_glob_match(Server, SR) andalso + is_glob_match(User, UR) end end, ets:lookup(acl, ACL)). + +is_regexp_match(String, RegExp) -> + case regexp:first_match(String, RegExp) of + nomatch -> + false; + {match, _, _} -> + true; + {error, ErrDesc} -> + ?ERROR_MSG( + "Wrong regexp ~p in ACL: ~p", + [RegExp, lists:flatten(regexp:format_error(ErrDesc))]), + false + end. + +is_glob_match(String, Glob) -> + is_regexp_match(String, regexp:sh_to_awk(Glob)). + + diff --git a/src/ejabberd.cfg b/src/ejabberd.cfg index 6d4f3551b..00992fed2 100644 --- a/src/ejabberd.cfg +++ b/src/ejabberd.cfg @@ -9,6 +9,10 @@ {acl, jabberorg, {server, "jabber.org"}}. {acl, aleksey, {user, "aleksey", "jabber.ru"}}. +{acl, test, {user_glob, "test.*"}}. +%{acl, test2, {user_glob, "test*"}}. + + {access, disco_admin, [{allow, admin}, {deny, all}]}. |