diff options
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/guide.html | 102 | ||||
| -rw-r--r-- | doc/guide.tex | 98 |
2 files changed, 133 insertions, 67 deletions
diff --git a/doc/guide.html b/doc/guide.html index 48d0469c8..6d95e6e73 100644 --- a/doc/guide.html +++ b/doc/guide.html @@ -101,6 +101,14 @@ database, and in next time they will be APPENDED to existing values. E. g. if this file will not contain ``host'' definition, then old value will be used.<BR> <BR> +To override old values following lines can be added in config: +<PRE> +override_global. +override_local. +override_acls. +</PRE>With this lines old global or local options or ACLs will be removed before +adding new ones.<BR> +<BR> <!--TOC subsubsection Host Name--> <H4>3.1.1 Host Name</H4><!--SEC END --> @@ -109,42 +117,9 @@ used.<BR> serves. E. g. to use <TT>jabber.org</TT> domain add following line in config: <PRE> {host, "jabber.org"}. -</PRE><!--TOC subsubsection Listened Sockets--> - -<H4>3.1.2 Listened Sockets</H4><!--SEC END --> - -<A NAME="sec:configlistened"></A>Option <TT>listen</TT> defines list of listened sockets and what services -runned on them. Each element of list is a tuple with following elements: -<UL> -<LI> - Port number; - -<LI> Module that serves this port; - -<LI> Function in this module that starts connection (likely will be removed); - -<LI> Options to this module. -</UL>Currently three modules implemented: -<UL> -<LI> - <TT>ejabberd_c2s</TT>: serves C2S connections; - -<LI> <TT>ejabberd_s2s_in</TT>: serves incoming S2S connections; - -<LI> <TT>ejabberd_service</TT>: serves connections to Jabber services - (i. e. that use <TT>jabber:component:accept</TT> namespace). -</UL>For example, following configuration defines that C2S connections listened on -port 5222, S2S on port 5269 and that service <TT>conference.jabber.org</TT> -must be connected to port 8888 with password ``<TT>secret</TT>''.<BR> -<BR> -<PRE> -{listen, [{5222, ejabberd_c2s, start, []}, - {5269, ejabberd_s2s_in, start, []}, - {8888, ejabberd_service, start, ["conference.jabber.org", "secret"]} - ]}. </PRE><!--TOC subsubsection Access Rules--> -<H4>3.1.3 Access Rules</H4><!--SEC END --> +<H4>3.1.2 Access Rules</H4><!--SEC END --> <A NAME="sec:configaccess"></A>Access control in <TT>ejabberd</TT> is done via Access Control Lists (ACL). In config file they looks like this: @@ -213,6 +188,12 @@ config file they looks like this: If the first character after <TT>`['</TT> is a <TT>`!'</TT>, then any character not enclosed is matched. </DL> +</DL>Following ACLs pre-defined: +<DL COMPACT=compact> +<DT> +<TT>all</TT><DD> Matches all JIDs. + +<DT><TT>none</TT><DD> Matches none JIDs. </DL>Allowing or denying of different services is like this: <PRE> {access, <accessname>, [{allow, <aclname>}, @@ -229,6 +210,57 @@ Example: {access, configure, [{allow, admin}]}. {access, something, [{deny, badmans}, {allow, all}]}. +</PRE>Following access rules pre-defined: +<DL COMPACT=compact> +<DT> +<TT>all</TT><DD> Always return ``<TT>allow</TT>'' + +<DT><TT>none</TT><DD> Always return ``<TT>deny</TT>'' +</DL><!--TOC subsubsection Listened Sockets--> + +<H4>3.1.3 Listened Sockets</H4><!--SEC END --> + +<A NAME="sec:configlistened"></A>Option <TT>listen</TT> defines list of listened sockets and what services +runned on them. Each element of list is a tuple with following elements: +<UL> +<LI> + Port number; + +<LI> Module that serves this port; + +<LI> Function in this module that starts connection (likely will be removed); + +<LI> Options to this module. +</UL>Currently three modules implemented: +<DL COMPACT=compact> +<DT> +<TT>ejabberd_c2s</TT><DD> This module serves C2S connections.<BR> +<BR> + Following options defined: + <DL COMPACT=compact> +<DT> + <TT>{access, <access rule>}</TT><DD> This option defines access of users + to this C2S port. Default value is ``<TT>all</TT>''. + </DL> + +<DT><TT>ejabberd_s2s_in</TT><DD> This module serves incoming S2S connections. + +<DT><TT>ejabberd_service</TT><DD> This module serves connections to Jabber + services (i. e. that use <TT>jabber:component:accept</TT> namespace). +</DL>For example, following configuration defines that C2S connections listened on +port 5222 and denied for user ``<TT>bad</TT>'', S2S on port 5269 and that +service <TT>conference.jabber.org</TT> must be connected to port 8888 with +password ``<TT>secret</TT>''.<BR> +<BR> +<PRE> +{acl, blocked, {user, "bad"}}. +{access, c2s, [{deny, blocked}, + {allow, all}]}. +{listen, [{5222, ejabberd_c2s, start, [{access, c2s}]}, + {5269, ejabberd_s2s_in, start, []}, + {8888, ejabberd_service, start, + [{host, "conference.jabber.org", [{password, "secret"}]}]} + ]}. </PRE><!--TOC subsubsection Modules--> <H4>3.1.4 Modules</H4><!--SEC END --> @@ -282,7 +314,7 @@ have access to connect to port 4369 of all another nodes, and must have same magic cookie (see Erlang/OTP documentation, in short file <TT>~ejabberd/.erlang.cookie</TT> must be the same on all nodes). This is needed because all nodes exchange information about connected users, S2S -connection, registered services, etc...<BR> +connections, registered services, etc...<BR> <BR> Each <TT>ejabberd</TT> node run following modules: <UL> diff --git a/doc/guide.tex b/doc/guide.tex index 47061fada..7f516a8e2 100644 --- a/doc/guide.tex +++ b/doc/guide.tex @@ -132,6 +132,15 @@ database, and in next time they will be APPENDED to existing values. E.\,g.\ if this file will not contain ``host'' definition, then old value will be used. +To override old values following lines can be added in config: +\begin{verbatim} +override_global. +override_local. +override_acls. +\end{verbatim} +With this lines old global or local options or ACLs will be removed before +adding new ones. + \subsubsection{Host Name} \label{sec:confighostname} @@ -146,38 +155,6 @@ serves. E.\,g.\ to use \texttt{jabber.org} domain add following line in config: -\subsubsection{Listened Sockets} -\label{sec:configlistened} - -Option \texttt{listen} defines list of listened sockets and what services -runned on them. Each element of list is a tuple with following elements: -\begin{itemize} -\item Port number; -\item Module that serves this port; -\item Function in this module that starts connection (likely will be removed); -\item Options to this module. -\end{itemize} - -Currently three modules implemented: -\begin{itemize} -\item \texttt{ejabberd\_c2s}: serves C2S connections; -\item \texttt{ejabberd\_s2s\_in}: serves incoming S2S connections; -\item \texttt{ejabberd\_service}: serves connections to \Jabber{} services - (i.\,e.\ that use \texttt{jabber:component:accept} namespace). -\end{itemize} - -For example, following configuration defines that C2S connections listened on -port 5222, S2S on port 5269 and that service \texttt{conference.jabber.org} -must be connected to port 8888 with password ``\texttt{secret}''. - -\begin{verbatim} -{listen, [{5222, ejabberd_c2s, start, []}, - {5269, ejabberd_s2s_in, start, []}, - {8888, ejabberd_service, start, ["conference.jabber.org", "secret"]} - ]}. -\end{verbatim} - - \subsubsection{Access Rules} \label{sec:configaccess} @@ -253,6 +230,12 @@ config file they looks like this: \end{description} \end{description} +Following ACLs pre-defined: +\begin{description} +\item[\texttt{all}] Matches all JIDs. +\item[\texttt{none}] Matches none JIDs. +\end{description} + Allowing or denying of different services is like this: \begin{verbatim} {access, <accessname>, [{allow, <aclname>}, @@ -272,6 +255,57 @@ Example: {allow, all}]}. \end{verbatim} +Following access rules pre-defined: +\begin{description} +\item[\texttt{all}] Always return ``\texttt{allow}'' +\item[\texttt{none}] Always return ``\texttt{deny}'' +\end{description} + + +\subsubsection{Listened Sockets} +\label{sec:configlistened} + +Option \texttt{listen} defines list of listened sockets and what services +runned on them. Each element of list is a tuple with following elements: +\begin{itemize} +\item Port number; +\item Module that serves this port; +\item Function in this module that starts connection (likely will be removed); +\item Options to this module. +\end{itemize} + +Currently three modules implemented: +\begin{description} +\item[\texttt{ejabberd\_c2s}] This module serves C2S connections. + + Following options defined: + \begin{description} + \item[\texttt{\{access, <access rule>\}}] This option defines access of users + to this C2S port. Default value is ``\texttt{all}''. + \end{description} +\item[\texttt{ejabberd\_s2s\_in}] This module serves incoming S2S connections. +\item[\texttt{ejabberd\_service}] This module serves connections to \Jabber{} + services (i.\,e.\ that use \texttt{jabber:component:accept} namespace). +\end{description} + +For example, following configuration defines that C2S connections listened on +port 5222 and denied for user ``\texttt{bad}'', S2S on port 5269 and that +service \texttt{conference.jabber.org} must be connected to port 8888 with +password ``\texttt{secret}''. + +\begin{verbatim} +{acl, blocked, {user, "bad"}}. +{access, c2s, [{deny, blocked}, + {allow, all}]}. +{listen, [{5222, ejabberd_c2s, start, [{access, c2s}]}, + {5269, ejabberd_s2s_in, start, []}, + {8888, ejabberd_service, start, + [{host, "conference.jabber.org", [{password, "secret"}]}]} + ]}. +\end{verbatim} + + + \subsubsection{Modules} |