+2003-10-11 Alexey Shchepin <alexey@sevcom.net>
+
+ * doc/guide.tex: Updated
+
+ * src/ejabberd.cfg: Added "register" rule, added some comments,
+ this file renamed to ejabberd.cfg.example
+
+ * src/mod_register.erl (try_register): Fixed error reply, added
+ check for "register" access rule
+
2003-10-10 Alexey Shchepin <alexey@sevcom.net>
+ * src/stringprep/Makefile.win32: Added Makefile for Win32 (thanks
+ to Sergei Golovan)
+
* src/stringprep/stringprep_drv.c: Removed needless iconv.h
include
be processed until finished this. Hence this discipline is not recommended
if processing of query can take relative many time.
<DT><B><TT>one_queue</TT></B><DD> In this case created separate queue for processing
- IQ queries of namespace with this discipline, and processing of this queue
- done in parallel with processing of other packets. This discipline is most
+ of IQ queries of namespace with this discipline, and processing of this queue
+ is done in parallel with processing of other packets. This discipline is most
recommended.
<DT><B><TT>parallel</TT></B><DD> In this case for all packets with this discipline
spawned separate Erlang process, so all these packets processed in parallel.
- Although spawning of Erlang process have relative low cost, this can broke
- server normal work, because Erlang have limit of 32000 processes.
+ Although spawning of Erlang process have relatively low cost, this can broke
+ server normal work, because Erlang emulator have limit on number of processes
+ (32000 by default).
</DL>
Example:
<PRE>
<H3><A NAME="htoc35">A.2</A> <TT>mod_register</TT></H3><!--SEC END -->
<A NAME="sec:modregister"></A>
+This module adds support for
+<A HREF="http://www.jabber.org/jeps/jep-0077.html">JEP-0077</A> (In-Band
+Registration). There is possible to restrict registration via ``register''
+access rule. If this rule returns ``deny'' on requested user name, then
+registration is not allowed for it.<BR>
+<BR>
+Options:
+<DL COMPACT=compact><DT>
+<B><TT>iqdisc</TT></B><DD> <TT>jabber:iq:register</TT> IQ queries processing
+ discipline.
+</DL>
+Example:
+<PRE>
+% Deny registration for users with too short name
+{acl, shortname, {user_glob, "?"}}.
+{acl, shortname, {user_glob, "??"}}.
+% Another variant: {acl, shortname, {user_regexp, "^..?$"}}.
+
+{access, register, [{deny, shortname},
+ {allow, all}]}.
+
+{modules, [
+ ...
+ {mod_register, []},
+ ...
+ ]}.
+</PRE>
<!--TOC subsection <TT>mod_roster</TT>-->
<H3><A NAME="htoc36">A.3</A> <TT>mod_roster</TT></H3><!--SEC END -->
<A NAME="sec:modstats"></A>
This module adds support for
-<A HREF="http://www.jabber.org/jeps/jep-0039.html">JEP-0039</A> (Statistics Gathering).<BR>
+<A HREF="http://www.jabber.org/jeps/jep-0039.html">JEP-0039</A> (Statistics
+Gathering).<BR>
<BR>
Options:
<DL COMPACT=compact><DT>
be processed until finished this. Hence this discipline is not recommended
if processing of query can take relative many time.
\item[\texttt{one\_queue}] In this case created separate queue for processing
- IQ queries of namespace with this discipline, and processing of this queue
- done in parallel with processing of other packets. This discipline is most
+ of IQ queries of namespace with this discipline, and processing of this queue
+ is done in parallel with processing of other packets. This discipline is most
recommended.
\item[\texttt{parallel}] In this case for all packets with this discipline
spawned separate Erlang process, so all these packets processed in parallel.
- Although spawning of Erlang process have relative low cost, this can broke
- server normal work, because Erlang have limit of 32000 processes.
+ Although spawning of Erlang process have relatively low cost, this can broke
+ server normal work, because Erlang emulator have limit on number of processes
+ (32000 by default).
\end{description}
Example:
\subsection{\modregister{}}
\label{sec:modregister}
+This module adds support for
+\footahref{http://www.jabber.org/jeps/jep-0077.html}{JEP-0077} (In-Band
+Registration). There is possible to restrict registration via ``register''
+access rule. If this rule returns ``deny'' on requested user name, then
+registration is not allowed for it.
+
+Options:
+\begin{description}
+\item[\texttt{iqdisc}] \ns{jabber:iq:register} IQ queries processing
+ discipline.
+\end{description}
+
+Example:
+\begin{verbatim}
+% Deny registration for users with too short name
+{acl, shortname, {user_glob, "?"}}.
+{acl, shortname, {user_glob, "??"}}.
+% Another variant: {acl, shortname, {user_regexp, "^..?$"}}.
+
+{access, register, [{deny, shortname},
+ {allow, all}]}.
+
+{modules, [
+ ...
+ {mod_register, []},
+ ...
+ ]}.
+\end{verbatim}
+
+
\subsection{\modroster{}}
\label{sec:modstats}
This module adds support for
-\footahref{http://www.jabber.org/jeps/jep-0039.html}{JEP-0039} (Statistics Gathering).
+\footahref{http://www.jabber.org/jeps/jep-0039.html}{JEP-0039} (Statistics
+Gathering).
Options:
\begin{description}
%override_acls.
-{acl, admin, {user, "aleksey"}}.
-{acl, admin, {user, "ermine"}}.
-{acl, admin, {user, "test"}}.
-{acl, admin, {user, "aleksey", "jabber.ru"}}.
-{acl, admin, {user, "ermine", "jabber.ru"}}.
+% Users that have admin access. Add line like one of the following after you
+% will be successfully registered on server to get admin access:
+%{acl, admin, {user, "aleksey"}}.
+%{acl, admin, {user, "ermine"}}.
-{acl, blocked, {user, "test2"}}.
-
-{acl, jabberorg, {server, "jabber.org"}}.
-{acl, aleksey, {user, "aleksey", "jabber.ru"}}.
+% Blocked users:
+%{acl, blocked, {user, "test"}}.
+% Another examples of ACLs:
+%{acl, jabberorg, {server, "jabber.org"}}.
+%{acl, aleksey, {user, "aleksey", "jabber.ru"}}.
%{acl, test, {user_regexp, "^test"}}.
-%{acl, test2, {user_glob, "test*"}}.
+%{acl, test, {user_glob, "test*"}}.
-{shaper, normal, {maxrate, 1000}}.
+% Only admins can use configuration interface:
+{access, configure, [{allow, admin}]}.
+% Every username can be registered via in-band registration:
+{access, register, [{allow, all}]}.
-{access, disco_admin, [{allow, admin},
- {deny, all}]}.
-
-{access, configure, [{allow, admin}]}.
+% Only non-blocked users can use c2s connections:
{access, c2s, [{deny, blocked},
{allow, all}]}.
+% Set shaper with name "normal" to limit traffic speed to 1000B/s
+{shaper, normal, {maxrate, 1000}}.
+% For all users except admins used "normal" shaper
{access, c2s_shaper, [{none, admin},
{normal, all}]}.
+% Admins of this server are also admins of MUC service:
{access, muc_admin, [{allow, admin}]}.
+% Host name:
+{host, "localhost"}.
-{host, "e.localhost"}.
-{listen, [{5522, ejabberd_c2s, [{access, c2s},
+% Listened ports:
+{listen, [{5222, ejabberd_c2s, [{access, c2s},
{shaper, c2s_shaper}]},
- {5523, ejabberd_c2s, [{access, c2s},
+ {5223, ejabberd_c2s, [{access, c2s},
{ssl, [{certfile, "./ssl.pem"}]}]},
{5269, ejabberd_s2s_in, []},
{8888, ejabberd_service, [{host,
[{password, "asdqwe"}]}]}
]}.
-% This value (5569) is only for debugging, must be 5269
-{outgoing_s2s_port, 5569}.
+% If SRV lookup fails, then port 5269 used to communicate with other servers
+{outgoing_s2s_port, 5269}.
+
+% Used modules:
{modules, [
{mod_register, []},
{mod_roster, []},
{ok, ListenSocket} = gen_tcp:listen(Port, [binary,
{packet, 0},
{active, false},
- {reuseaddr, true}]),
+ {reuseaddr, true},
+ {nodelay, true}]),
accept(ListenSocket, Module, Opts).
accept(ListenSocket, Module, Opts) ->
is_nodename([]) ->
false;
is_nodename(J) ->
- is_nodename1(J).
-
-is_nodename1([C | J])
- when (C =< 32) or
- (C == $") or
- (C == $&) or
- (C == $') or
- (C == $:) or
- (C == $<) or
- (C == $>) or
- (C == $@) or
- (C == $/) or
- (C == 127)
- ->
- false;
-is_nodename1([C | J]) ->
- is_nodename1(J);
-is_nodename1([]) ->
- true.
+ nodeprep(J).
jid_tolower(#jid{luser = U, lserver = S, lresource = R}) ->
{U, S, R};
jid_tolower({U, S, R}) ->
- {tolower(U), tolower(S), R}.
+ case stringprep:nodeprep(U) of
+ error -> error;
+ LUser ->
+ case stringprep:nameprep(S) of
+ error -> error;
+ LServer ->
+ case stringprep:resourceprep(R) of
+ error -> error;
+ LResource ->
+ {LUser, LServer, LResource}
+ end
+ end
+ end.
jid_remove_resource(#jid{} = JID) ->
JID#jid{resource = "", lresource = ""};
false ->
{error, ?ERR_BAD_REQUEST};
_ ->
- case ejabberd_auth:try_register(User, Password) of
- {atomic, ok} ->
- ok;
- {atomic, exists} ->
- % TODO: replace to "username unavailable"
- {error, ?ERR_NOT_ALLOWED};
- {error, Reason} ->
- {error, ?ERR_INTERNAL_SERVER_ERROR}
+ case acl:match_rule(register, jlib:make_jid(User, ?MYNAME, "")) of
+ deny ->
+ {error, ?ERR_CONFLICT};
+ allow ->
+ case ejabberd_auth:try_register(User, Password) of
+ {atomic, ok} ->
+ ok;
+ {atomic, exists} ->
+ {error, ?ERR_CONFLICT};
+ {error, _Reason} ->
+ {error, ?ERR_INTERNAL_SERVER_ERROR}
+ end
end
end.
--- /dev/null
+
+include ..\Makefile.inc
+
+OUTDIR = ..
+EFLAGS = -I .. -pz ..
+
+ALL : $(OUTDIR)\stringprep_drv.dll $(OUTDIR)\stringprep.beam
+
+CLEAN :
+ -@erase $(OUTDIR)\stringprep_drv.dll
+ -@erase $(OUTDIR)\stringprep_drv.exp
+ -@erase $(OUTDIR)\stringprep_drv.lib
+ -@erase stringprep_drv.obj
+ -@erase stringprep_drv.pch
+ -@erase vc60.idb
+ -@erase $(OUTDIR)\stringprep.beam
+
+$(OUTDIR)\stringprep.beam : stringprep.erl
+ erlc -W $(EFLAGS) -o $(OUTDIR) stringprep.erl
+
+CPP=cl.exe
+CPP_PROJ=/nologo /ML /W3 /GX /O2 /I "$(ERLANG_DIR)\usr\include" /I "$(EI_DIR)\include" /D "WIN32" /D "NDEBUG" /D "_USRDLL" /D "_MBCS" /Fpstringprep_drv.pch /YX /FD /c
+
+.c.obj::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+LINK32=link.exe
+LINK32_FLAGS=kernel32.lib "$(ERLANG_DIR)\usr\lib\erl_dll.lib" "$(EI_DIR)\lib\ei.lib" "$(EI_DIR)\lib\erl_interface.lib" /nologo /subsystem:console /dll /pdb:none /machine:I386 /out:$(OUTDIR)\stringprep_drv.dll
+
+LINK32_OBJS=stringprep_drv.obj
+
+$(OUTDIR)\stringprep_drv.dll : $(LINK32_OBJS)
+ $(LINK32) @<<
+ $(LINK32_FLAGS) $(LINK32_OBJS)
+<<
+
+stringprep_drv.obj : stringprep_drv.c
+
projects / ejabberd / commitdiff