* src/ejabberd_c2s.erl: Added forbidden_session_hook

* src/acl.erl: New access types: resource, resource_regexp and
resource_glob
* doc/guide.tex: Likewise

SVN Revision: 1301

diff --git a/ChangeLog b/ChangeLog
index cbd370e02bea22ee7345e534de6a76c72962c5f1..d712b3a7f3780d714c3d70d89e556c05ed8f5c14 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+2008-04-25  Badlop  <badlop@process-one.net>
+       
+       * src/ejabberd_c2s.erl: Added forbidden_session_hook
+
+       * src/acl.erl: New access types: resource, resource_regexp and
+       resource_glob
+       * doc/guide.tex: Likewise
+
 2008-04-23  Alexey Shchepin  <alexey@process-one.net>
 
        * src/treap.erl: Bugfix

diff --git a/doc/guide.tex b/doc/guide.tex
index 293a1107f0239d0ee056ddda16a53dd8d753098a..b8b9fd1db3c3fb1b25b80cb8ab76e145599acb0f 100644 (file)
--- a/doc/guide.tex
+++ b/doc/guide.tex
@@ -1142,6 +1142,11 @@ declarations of ACLs in the configuration file have the following syntax:
 \begin{verbatim}
 {acl, exampleorg, {server, "example.org"}}.
 \end{verbatim}
+\titem{\{resource, <resource>\}} Matches any JID with a resource
+  \term{<resource>}. Example:
+\begin{verbatim}
+{acl, mucklres, {resource, "muckl"}}.
+\end{verbatim}
 \titem{\{user\_regexp, <regexp>\}} Matches any local user with a name that
   matches \term{<regexp>} on local virtual hosts. Example:
 \begin{verbatim}
@@ -1158,6 +1163,11 @@ declarations of ACLs in the configuration file have the following syntax:
 \begin{verbatim}
 {acl, icq, {server_regexp, "^icq\\."}}.
 \end{verbatim}
+\titem{\{resource\_regexp, <regexp>\}} Matches any JID with a resource that
+  matches \term{<regexp>}. Example:
+\begin{verbatim}
+{acl, icq, {resource_regexp, "^laptop\\."}}.
+\end{verbatim}
 \titem{\{node\_regexp, <user\_regexp>, <server\_regexp>\}} Matches any user
   with a name that matches \term{<user\_regexp>} at any server that matches
   \term{<server\_regexp>}. Example:
@@ -1167,6 +1177,7 @@ declarations of ACLs in the configuration file have the following syntax:
 \titem{\{user\_glob, <glob>\}}
 \titem{\{user\_glob, <glob>, <server>\}}
 \titem{\{server\_glob, <glob>\}}
+\titem{\{resource\_glob, <glob>\}}
 \titem{\{node\_glob, <user\_glob>, <server\_glob>\}} This is the same as
   above. However, it uses shell glob patterns instead of regexp. These patterns
   can have the following special characters:

diff --git a/src/acl.erl b/src/acl.erl
index c3fcebba4d955526e0ca2c27680c7f806f8e12df..eed295cb8cd40bfc61a4a366b18405760212b29e 100644 (file)
--- a/src/acl.erl
+++ b/src/acl.erl
@@ -158,7 +158,7 @@ match_acl(ACL, JID, Host) ->
        all -> true;
        none -> false;
        _ ->
-           {User, Server, _Resource} = jlib:jid_tolower(JID),
+           {User, Server, Resource} = jlib:jid_tolower(JID),
            lists:any(fun(#acl{aclspec = Spec}) ->
                              case Spec of
                                  all ->
@@ -173,6 +173,8 @@ match_acl(ACL, JID, Host) ->
                                      (U == User) andalso (S == Server);
                                  {server, S} ->
                                      S == Server;
+                                 {resource, R} ->
+                                     R == Resource;
                                  {user_regexp, UR} ->
                                      ((Host == Server) orelse
                                       ((Host == global) andalso
@@ -183,6 +185,8 @@ match_acl(ACL, JID, Host) ->
                                          is_regexp_match(User, UR);
                                  {server_regexp, SR} ->
                                      is_regexp_match(Server, SR);
+                                 {resource_regexp, RR} ->
+                                     is_regexp_match(Resource, RR);
                                  {node_regexp, UR, SR} ->
                                      is_regexp_match(Server, SR) andalso
                                          is_regexp_match(User, UR);
@@ -197,6 +201,8 @@ match_acl(ACL, JID, Host) ->
                                          is_glob_match(User, UR);
                                  {server_glob, SR} ->
                                      is_glob_match(Server, SR);
+                                 {resource_glob, RR} ->
+                                     is_glob_match(Resource, RR);
                                  {node_glob, UR, SR} ->
                                      is_glob_match(Server, SR) andalso
                                          is_glob_match(User, UR);

diff --git a/src/ejabberd_c2s.erl b/src/ejabberd_c2s.erl
index 567cd6b6e2b71ee170759f05a0fbde002445e35c..225bce8ebf5681ea1ff333d4f28e7152c7a513c0 100644 (file)
--- a/src/ejabberd_c2s.erl
+++ b/src/ejabberd_c2s.erl
@@ -823,6 +823,8 @@ wait_for_session({xmlstreamelement, El}, StateData) ->
                                     pres_t = ?SETS:from_list(Ts1),
                                     privacy_list = PrivList});
                _ ->
+                   ejabberd_hooks:run(forbidden_session_hook, 
+                                      StateData#state.server, [JID]),
                    ?INFO_MSG("(~w) Forbidden session for ~s",
                              [StateData#state.socket,
                               jlib:jid_to_string(JID)]),