mirror of
https://github.com/processone/ejabberd
synced 2025-10-03 01:39:35 +02:00
mod_configure: Add option 'access' to let configure the access name
This commit is contained in:
Badlop
parent
6151674e64
commit
aa78362c7f
2 changed files with 73 additions and 25 deletions
|
|
@ -1,7 +1,7 @@
|
|||
%%%----------------------------------------------------------------------
|
||||
%%% File : mod_configure.erl
|
||||
%%% Author : Alexey Shchepin <alexey@process-one.net>
|
||||
%%% Purpose : Support for online configuration of ejabberd
|
||||
%%% Purpose : Support for online configuration of ejabberd using XEP-0050
|
||||
%%% Created : 19 Jan 2003 by Alexey Shchepin <alexey@process-one.net>
|
||||
%%%
|
||||
%%%
|
||||
|
|
@ -36,6 +36,7 @@
|
|||
adhoc_local_items/4, adhoc_local_commands/4,
|
||||
get_sm_identity/5, get_sm_features/5, get_sm_items/5,
|
||||
adhoc_sm_items/4, adhoc_sm_commands/4, mod_options/1,
|
||||
mod_opt_type/1,
|
||||
depends/2, mod_doc/0]).
|
||||
|
||||
-include("logger.hrl").
|
||||
|
|
@ -92,6 +93,10 @@ depends(_Host, _Opts) ->
|
|||
-spec tokenize(binary()) -> [binary()].
|
||||
tokenize(Node) -> str:tokens(Node, <<"/#">>).
|
||||
|
||||
acl_match_rule(Host, From) ->
|
||||
Access = mod_configure_opt:access(Host),
|
||||
acl:match_rule(Host, Access, From).
|
||||
|
||||
-spec get_sm_identity([identity()], jid(), jid(), binary(), binary()) -> [identity()].
|
||||
get_sm_identity(Acc, _From, _To, Node, Lang) ->
|
||||
case Node of
|
||||
|
|
@ -167,7 +172,7 @@ get_sm_features(Acc, From,
|
|||
case gen_mod:is_loaded(LServer, mod_adhoc) of
|
||||
false -> Acc;
|
||||
_ ->
|
||||
Allow = acl:match_rule(LServer, configure, From),
|
||||
Allow = acl_match_rule(LServer, From),
|
||||
case Node of
|
||||
<<"config">> -> ?INFO_RESULT(Allow, [?NS_COMMANDS], Lang);
|
||||
_ -> Acc
|
||||
|
|
@ -182,7 +187,7 @@ get_local_features(Acc, From,
|
|||
false -> Acc;
|
||||
_ ->
|
||||
LNode = tokenize(Node),
|
||||
Allow = acl:match_rule(LServer, configure, From),
|
||||
Allow = acl_match_rule(LServer, From),
|
||||
case LNode of
|
||||
[<<"config">>] -> ?INFO_RESULT(Allow, [], Lang);
|
||||
[<<"user">>] -> ?INFO_RESULT(Allow, [], Lang);
|
||||
|
|
@ -240,7 +245,7 @@ get_local_features(Acc, From,
|
|||
jid(), jid(), binary()) -> mod_disco:items_acc().
|
||||
adhoc_sm_items(Acc, From, #jid{lserver = LServer} = To,
|
||||
Lang) ->
|
||||
case acl:match_rule(LServer, configure, From) of
|
||||
case acl_match_rule(LServer, From) of
|
||||
allow ->
|
||||
Items = case Acc of
|
||||
{result, Its} -> Its;
|
||||
|
|
@ -266,7 +271,7 @@ get_sm_items(Acc, From,
|
|||
{result, Its} -> Its;
|
||||
empty -> []
|
||||
end,
|
||||
case {acl:match_rule(LServer, configure, From), Node} of
|
||||
case {acl_match_rule(LServer, From), Node} of
|
||||
{allow, <<"">>} ->
|
||||
Nodes = [?NODEJID(To, ?T("Configuration"),
|
||||
<<"config">>),
|
||||
|
|
@ -295,13 +300,13 @@ get_user_resources(User, Server) ->
|
|||
jid(), jid(), binary()) -> mod_disco:items_acc().
|
||||
adhoc_local_items(Acc, From,
|
||||
#jid{lserver = LServer, server = Server} = To, Lang) ->
|
||||
case acl:match_rule(LServer, configure, From) of
|
||||
case acl_match_rule(LServer, From) of
|
||||
allow ->
|
||||
Items = case Acc of
|
||||
{result, Its} -> Its;
|
||||
empty -> []
|
||||
end,
|
||||
PermLev = get_permission_level(From),
|
||||
PermLev = get_permission_level(From, LServer),
|
||||
Nodes = recursively_get_local_items(PermLev, LServer,
|
||||
<<"">>, Server, Lang),
|
||||
Nodes1 = lists:filter(
|
||||
|
|
@ -348,9 +353,10 @@ recursively_get_local_items(PermLev, LServer, Node,
|
|||
end,
|
||||
Items)).
|
||||
|
||||
-spec get_permission_level(jid()) -> global | vhost.
|
||||
get_permission_level(JID) ->
|
||||
case acl:match_rule(global, configure, JID) of
|
||||
-spec get_permission_level(jid(), binary()) -> global | vhost.
|
||||
get_permission_level(JID, Host) ->
|
||||
Access = mod_configure_opt:access(Host),
|
||||
case acl:match_rule(global, Access, JID) of
|
||||
allow -> global;
|
||||
deny -> vhost
|
||||
end.
|
||||
|
|
@ -361,7 +367,7 @@ get_permission_level(JID) ->
|
|||
case Allow of
|
||||
deny -> Fallback;
|
||||
allow ->
|
||||
PermLev = get_permission_level(From),
|
||||
PermLev = get_permission_level(From, LServer),
|
||||
case get_local_items({PermLev, LServer}, LNode,
|
||||
jid:encode(To), Lang)
|
||||
of
|
||||
|
|
@ -381,11 +387,11 @@ get_local_items(Acc, From, #jid{lserver = LServer} = To,
|
|||
{result, Its} -> Its;
|
||||
empty -> []
|
||||
end,
|
||||
Allow = acl:match_rule(LServer, configure, From),
|
||||
Allow = acl_match_rule(LServer, From),
|
||||
case Allow of
|
||||
deny -> {result, Items};
|
||||
allow ->
|
||||
PermLev = get_permission_level(From),
|
||||
PermLev = get_permission_level(From, LServer),
|
||||
case get_local_items({PermLev, LServer}, [],
|
||||
jid:encode(To), Lang)
|
||||
of
|
||||
|
|
@ -400,7 +406,7 @@ get_local_items(Acc, From, #jid{lserver = LServer} = To,
|
|||
false -> Acc;
|
||||
_ ->
|
||||
LNode = tokenize(Node),
|
||||
Allow = acl:match_rule(LServer, configure, From),
|
||||
Allow = acl_match_rule(LServer, From),
|
||||
Err = xmpp:err_forbidden(?T("Access denied by service policy"), Lang),
|
||||
case LNode of
|
||||
[<<"config">>] ->
|
||||
|
|
@ -690,7 +696,7 @@ get_stopped_nodes(_Lang) ->
|
|||
|
||||
-define(COMMANDS_RESULT(LServerOrGlobal, From, To,
|
||||
Request, Lang),
|
||||
case acl:match_rule(LServerOrGlobal, configure, From) of
|
||||
case acl_match_rule(LServerOrGlobal, From) of
|
||||
deny -> {error, xmpp:err_forbidden(?T("Access denied by service policy"), Lang)};
|
||||
allow -> adhoc_local_commands(From, To, Request)
|
||||
end).
|
||||
|
|
@ -1268,7 +1274,7 @@ set_form(From, Host, ?NS_ADMINL(<<"add-user">>), _Lang,
|
|||
Server = AccountJID#jid.lserver,
|
||||
true = lists:member(Server, ejabberd_option:hosts()),
|
||||
true = Server == Host orelse
|
||||
get_permission_level(From) == global,
|
||||
get_permission_level(From, Host) == global,
|
||||
case ejabberd_auth:try_register(User, Server, Password) of
|
||||
ok -> {result, undefined};
|
||||
{error, exists} -> {error, xmpp:err_conflict()};
|
||||
|
|
@ -1284,7 +1290,7 @@ set_form(From, Host, ?NS_ADMINL(<<"delete-user">>),
|
|||
User = JID#jid.luser,
|
||||
Server = JID#jid.lserver,
|
||||
true = Server == Host orelse
|
||||
get_permission_level(From) == global,
|
||||
get_permission_level(From, Host) == global,
|
||||
true = ejabberd_auth:user_exists(User, Server),
|
||||
{User, Server}
|
||||
end,
|
||||
|
|
@ -1298,7 +1304,7 @@ set_form(From, Host, ?NS_ADMINL(<<"end-user-session">>),
|
|||
JID = jid:decode(AccountString),
|
||||
LServer = JID#jid.lserver,
|
||||
true = LServer == Host orelse
|
||||
get_permission_level(From) == global,
|
||||
get_permission_level(From, Host) == global,
|
||||
case JID#jid.lresource of
|
||||
<<>> ->
|
||||
ejabberd_sm:kick_user(JID#jid.luser, JID#jid.lserver);
|
||||
|
|
@ -1314,7 +1320,7 @@ set_form(From, Host,
|
|||
User = JID#jid.luser,
|
||||
Server = JID#jid.lserver,
|
||||
true = Server == Host orelse
|
||||
get_permission_level(From) == global,
|
||||
get_permission_level(From, Host) == global,
|
||||
true = ejabberd_auth:user_exists(User, Server),
|
||||
ejabberd_auth:set_password(User, Server, Password),
|
||||
{result, undefined};
|
||||
|
|
@ -1325,7 +1331,7 @@ set_form(From, Host,
|
|||
User = JID#jid.luser,
|
||||
Server = JID#jid.lserver,
|
||||
true = Server == Host orelse
|
||||
get_permission_level(From) == global,
|
||||
get_permission_level(From, Host) == global,
|
||||
FLast = case ejabberd_sm:get_user_resources(User,
|
||||
Server)
|
||||
of
|
||||
|
|
@ -1357,7 +1363,7 @@ set_form(From, Host, ?NS_ADMINL(<<"user-stats">>), Lang,
|
|||
User = JID#jid.luser,
|
||||
Server = JID#jid.lserver,
|
||||
true = Server == Host orelse
|
||||
get_permission_level(From) == global,
|
||||
get_permission_level(From, Host) == global,
|
||||
Resources = ejabberd_sm:get_user_resources(User,
|
||||
Server),
|
||||
IPs1 = [ejabberd_sm:get_user_ip(User, Server, Resource)
|
||||
|
|
@ -1448,7 +1454,7 @@ adhoc_sm_commands(_Acc, From,
|
|||
#jid{user = User, server = Server, lserver = LServer},
|
||||
#adhoc_command{lang = Lang, node = <<"config">>,
|
||||
action = Action, xdata = XData} = Request) ->
|
||||
case acl:match_rule(LServer, configure, From) of
|
||||
case acl_match_rule(LServer, From) of
|
||||
deny ->
|
||||
{error, xmpp:err_forbidden(?T("Access denied by service policy"), Lang)};
|
||||
allow ->
|
||||
|
|
@ -1530,12 +1536,41 @@ set_sm_form(_User, _Server, _Node, _Request) ->
|
|||
tr(Lang, Text) ->
|
||||
translate:translate(Lang, Text).
|
||||
|
||||
mod_options(_) -> [].
|
||||
-spec mod_opt_type(atom()) -> econf:validator().
|
||||
mod_opt_type(access) ->
|
||||
econf:acl().
|
||||
|
||||
-spec mod_options(binary()) -> [{services, [tuple()]} | {atom(), any()}].
|
||||
mod_options(_Host) ->
|
||||
[{access, configure}].
|
||||
|
||||
%% @format-begin
|
||||
|
||||
mod_doc() ->
|
||||
#{desc =>
|
||||
?T("The module provides server configuration functionality via "
|
||||
"https://xmpp.org/extensions/xep-0050.html[XEP-0050: Ad-Hoc Commands]. "
|
||||
"Implements many commands as defined in "
|
||||
"It also implements many commands as defined in "
|
||||
"https://xmpp.org/extensions/xep-0133.html[XEP-0133: Service Administration]. "
|
||||
"This module requires _`mod_adhoc`_ to be loaded.")}.
|
||||
"This module requires _`mod_adhoc`_ (to execute the commands), "
|
||||
"and recommends _`mod_disco`_ (to discover the commands). "),
|
||||
opts =>
|
||||
[{access,
|
||||
#{value => ?T("AccessName"),
|
||||
note => "added in 25.xx",
|
||||
desc =>
|
||||
?T("This option defines which access rule will be used to "
|
||||
"control who is allowed to access the features provided by this module. "
|
||||
"The default value is 'configure'.")}}],
|
||||
example =>
|
||||
["acl:",
|
||||
" admin:",
|
||||
" user: sun@localhost",
|
||||
"",
|
||||
"access_rules:",
|
||||
" configure:",
|
||||
" allow: admin",
|
||||
"",
|
||||
"modules:",
|
||||
" mod_configure:",
|
||||
" access: configure"]}.
|
||||
|
|
|
|||
13
src/mod_configure_opt.erl
Normal file
13
src/mod_configure_opt.erl
Normal file
|
|
@ -0,0 +1,13 @@
|
|||
%% Generated automatically
|
||||
%% DO NOT EDIT: run `make options` instead
|
||||
|
||||
-module(mod_configure_opt).
|
||||
|
||||
-export([access/1]).
|
||||
|
||||
-spec access(gen_mod:opts() | global | binary()) -> 'configure' | acl:acl().
|
||||
access(Opts) when is_map(Opts) ->
|
||||
gen_mod:get_opt(access, Opts);
|
||||
access(Host) ->
|
||||
gen_mod:get_module_opt(Host, mod_configure, access).
|
||||
|
||||
Loading…
Add table
Add a link
Reference in a new issue