From f289e27cdf79ed27add9707b7645f53cdbedf96d Mon Sep 17 00:00:00 2001
From: Alexey Shchepin <alexey@process-one.net>
Date: Tue, 20 Oct 2015 17:19:31 +0300
Subject: [PATCH] Remove access_commands 'unrestricted' option, use [] instead.
  Fix unauthenticated calls to commands with policy=user.

---
 src/ejabberd_commands.erl | 12 ++++++++----
 src/ejabberd_xmlrpc.erl   |  7 +------
 2 files changed, 9 insertions(+), 10 deletions(-)

diff --git a/src/ejabberd_commands.erl b/src/ejabberd_commands.erl
index 2611f2c8d..6147dc140 100644
--- a/src/ejabberd_commands.erl
+++ b/src/ejabberd_commands.erl
@@ -314,7 +314,8 @@ get_command_format(Name, Auth) ->
     case Matched of
 	[] ->
 	    {error, command_unknown};
-	[[Args, Result, user]] when Admin ->
+	[[Args, Result, user]] when Admin;
+                                    Auth == noauth ->
 	    {[{user, binary}, {server, binary} | Args], Result};
 	[[Args, Result, _]] ->
 	    {Args, Result}
@@ -378,6 +379,9 @@ execute_command2(
 execute_command2(
   admin, #ejabberd_commands{policy = user} = Command, Arguments) ->
     execute_command2(Command, Arguments);
+execute_command2(
+  noauth, #ejabberd_commands{policy = user} = Command, Arguments) ->
+    execute_command2(Command, Arguments);
 execute_command2(
   {User, Server, _, _}, #ejabberd_commands{policy = user} = Command, Arguments) ->
     execute_command2(Command, [User, Server | Arguments]).
@@ -444,7 +448,9 @@ check_access_commands([], _Auth, _Method, _Command, _Arguments) ->
 check_access_commands(AccessCommands, Auth, Method, Command1, Arguments) ->
     Command =
         case {Command1#ejabberd_commands.policy, Auth} of
-            {user, admin} ->
+            {user, {_, _, _}} ->
+                Command1;
+            {user, _} ->
                 Command1#ejabberd_commands{
                   args = [{user, binary}, {server, binary} |
                           Command1#ejabberd_commands.args]};
@@ -568,8 +574,6 @@ tag_arguments(ArgsDefs, Args) ->
       Args).
 
 
-get_access_commands(unrestricted) ->
-    [];
 get_access_commands(undefined) ->
     Cmds = get_commands(),
     [{?POLICY_ACCESS, Cmds, []}];
diff --git a/src/ejabberd_xmlrpc.erl b/src/ejabberd_xmlrpc.erl
index 59a20d92c..db109920c 100644
--- a/src/ejabberd_xmlrpc.erl
+++ b/src/ejabberd_xmlrpc.erl
@@ -197,14 +197,11 @@ socket_type() -> raw.
 %% -----------------------------
 process(_, #request{method = 'POST', data = Data, opts = Opts}) ->
     AccessCommandsOpts = gen_mod:get_opt(access_commands, Opts,
-                                         fun(L) when is_list(L) -> L;
-                                            (unrestricted) -> unrestricted
-                                         end,
+                                         fun(L) when is_list(L) -> L end,
                                          undefined),
     AccessCommands =
         case AccessCommandsOpts of
             undefined -> undefined;
-            unrestricted -> unrestricted;
             _ ->
                 lists:flatmap(
                   fun({Ac, AcOpts}) ->
@@ -540,8 +537,6 @@ make_status(false) -> 1;
 make_status(error) -> 1;
 make_status(_) -> 1.
 
-transform_listen_option({access_commands, unrestricted} = Opt, Opts) ->
-    [Opt | Opts];
 transform_listen_option({access_commands, ACOpts}, Opts) ->
     NewACOpts = lists:map(
                   fun({AName, ACmds, AOpts}) ->