diff options
| author | Badlop <badlop@process-one.net> | 2008-04-25 09:25:31 +0000 |
|---|---|---|
| committer | Badlop <badlop@process-one.net> | 2008-04-25 09:25:31 +0000 |
| commit | c88a4650ba08028d6d8d545de8888dcdd4f11d37 (patch) | |
| tree | a06ef7014d846d897ff29e309b99d56793c6b5fb | |
| parent | * src/treap.erl: Bugfix (diff) | |
* src/ejabberd_c2s.erl: Added forbidden_session_hook
* src/acl.erl: New access types: resource, resource_regexp and
resource_glob
* doc/guide.tex: Likewise
SVN Revision: 1301
| -rw-r--r-- | ChangeLog | 8 | ||||
| -rw-r--r-- | doc/guide.tex | 11 | ||||
| -rw-r--r-- | src/acl.erl | 8 | ||||
| -rw-r--r-- | src/ejabberd_c2s.erl | 2 |
4 files changed, 28 insertions, 1 deletions
@@ -1,3 +1,11 @@ +2008-04-25 Badlop <badlop@process-one.net> + + * src/ejabberd_c2s.erl: Added forbidden_session_hook + + * src/acl.erl: New access types: resource, resource_regexp and + resource_glob + * doc/guide.tex: Likewise + 2008-04-23 Alexey Shchepin <alexey@process-one.net> * src/treap.erl: Bugfix diff --git a/doc/guide.tex b/doc/guide.tex index 293a1107f..b8b9fd1db 100644 --- a/doc/guide.tex +++ b/doc/guide.tex @@ -1142,6 +1142,11 @@ declarations of ACLs in the configuration file have the following syntax: \begin{verbatim} {acl, exampleorg, {server, "example.org"}}. \end{verbatim} +\titem{\{resource, <resource>\}} Matches any JID with a resource + \term{<resource>}. Example: +\begin{verbatim} +{acl, mucklres, {resource, "muckl"}}. +\end{verbatim} \titem{\{user\_regexp, <regexp>\}} Matches any local user with a name that matches \term{<regexp>} on local virtual hosts. Example: \begin{verbatim} @@ -1158,6 +1163,11 @@ declarations of ACLs in the configuration file have the following syntax: \begin{verbatim} {acl, icq, {server_regexp, "^icq\\."}}. \end{verbatim} +\titem{\{resource\_regexp, <regexp>\}} Matches any JID with a resource that + matches \term{<regexp>}. Example: +\begin{verbatim} +{acl, icq, {resource_regexp, "^laptop\\."}}. +\end{verbatim} \titem{\{node\_regexp, <user\_regexp>, <server\_regexp>\}} Matches any user with a name that matches \term{<user\_regexp>} at any server that matches \term{<server\_regexp>}. Example: @@ -1167,6 +1177,7 @@ declarations of ACLs in the configuration file have the following syntax: \titem{\{user\_glob, <glob>\}} \titem{\{user\_glob, <glob>, <server>\}} \titem{\{server\_glob, <glob>\}} +\titem{\{resource\_glob, <glob>\}} \titem{\{node\_glob, <user\_glob>, <server\_glob>\}} This is the same as above. However, it uses shell glob patterns instead of regexp. These patterns can have the following special characters: diff --git a/src/acl.erl b/src/acl.erl index c3fcebba4..eed295cb8 100644 --- a/src/acl.erl +++ b/src/acl.erl @@ -158,7 +158,7 @@ match_acl(ACL, JID, Host) -> all -> true; none -> false; _ -> - {User, Server, _Resource} = jlib:jid_tolower(JID), + {User, Server, Resource} = jlib:jid_tolower(JID), lists:any(fun(#acl{aclspec = Spec}) -> case Spec of all -> @@ -173,6 +173,8 @@ match_acl(ACL, JID, Host) -> (U == User) andalso (S == Server); {server, S} -> S == Server; + {resource, R} -> + R == Resource; {user_regexp, UR} -> ((Host == Server) orelse ((Host == global) andalso @@ -183,6 +185,8 @@ match_acl(ACL, JID, Host) -> is_regexp_match(User, UR); {server_regexp, SR} -> is_regexp_match(Server, SR); + {resource_regexp, RR} -> + is_regexp_match(Resource, RR); {node_regexp, UR, SR} -> is_regexp_match(Server, SR) andalso is_regexp_match(User, UR); @@ -197,6 +201,8 @@ match_acl(ACL, JID, Host) -> is_glob_match(User, UR); {server_glob, SR} -> is_glob_match(Server, SR); + {resource_glob, RR} -> + is_glob_match(Resource, RR); {node_glob, UR, SR} -> is_glob_match(Server, SR) andalso is_glob_match(User, UR); diff --git a/src/ejabberd_c2s.erl b/src/ejabberd_c2s.erl index 567cd6b6e..225bce8eb 100644 --- a/src/ejabberd_c2s.erl +++ b/src/ejabberd_c2s.erl @@ -823,6 +823,8 @@ wait_for_session({xmlstreamelement, El}, StateData) -> pres_t = ?SETS:from_list(Ts1), privacy_list = PrivList}); _ -> + ejabberd_hooks:run(forbidden_session_hook, + StateData#state.server, [JID]), ?INFO_MSG("(~w) Forbidden session for ~s", [StateData#state.socket, jlib:jid_to_string(JID)]), |