X-Git-Url: http://git.pld-linux.org/?p=packages%2Fejabberd.git;a=blobdiff_plain;f=ejabberd-vcard-access-get.patch;h=173a196d25a0d69ac6eaeab3ada9e9f51654290a;hp=4584bd05204168ac20726bdb26198d30fb4d901f;hb=HEAD;hpb=52421ab210aa514ef6a51f6ea1def2eec25c7c80 diff --git a/ejabberd-vcard-access-get.patch b/ejabberd-vcard-access-get.patch index 4584bd0..173a196 100644 --- a/ejabberd-vcard-access-get.patch +++ b/ejabberd-vcard-access-get.patch @@ -1,11 +1,23 @@ +From b489d2017d046c305598a79e31127c26bc9a98fd Mon Sep 17 00:00:00 2001 +From: Badlop +Date: Fri, 7 Jun 2013 19:00:07 +0200 +Subject: [PATCH] New options access_get and access_set in mod_vcard, _ldap + and _odbc (EJAB-797) + +--- + doc/guide.tex | 23 +++++++++++++++++++++-- + src/mod_vcard.erl | 24 ++++++++++++++++-------- + src/mod_vcard_ldap.erl | 45 +++++++++++++++++++++++++++------------------ + 3 files changed, 64 insertions(+), 28 deletions(-) + diff --git a/doc/guide.tex b/doc/guide.tex -index 5de409d..ac3dba8 100644 +index 71f88ee..d5bcfbb 100644 --- a/doc/guide.tex +++ b/doc/guide.tex -@@ -4052,6 +4052,17 @@ Options: - \begin{description} +@@ -4616,6 +4616,17 @@ Options: \hostitem{vjud} \iqdiscitem{\ns{vcard-temp}} + \dbtype +\titem{access\_get}\ind{options!accessget} Access rule that defines + who is allowed to see vCard of local users. + If a rule returns `deny' on the requester @@ -20,7 +32,7 @@ index 5de409d..ac3dba8 100644 \titem{\{search, true|false\}}\ind{options!search}This option specifies whether the search functionality is enabled or not If disabled, the option \term{host} will be ignored and the -@@ -4087,14 +4098,17 @@ Examples: +@@ -4651,14 +4662,17 @@ Examples: ]}. \end{verbatim} \item The second situation differs in a way that search results are not limited, @@ -40,7 +52,7 @@ index 5de409d..ac3dba8 100644 ... ]}. \end{verbatim} -@@ -4128,6 +4142,11 @@ consists of the following \modvcardldap{}-specific options: +@@ -4696,6 +4710,11 @@ consists of the following \modvcardldap{}-specific options: \begin{description} \hostitem{vjud} \iqdiscitem{\ns{vcard-temp}} @@ -53,10 +65,10 @@ index 5de409d..ac3dba8 100644 functionality is enabled (value: \term{true}) or disabled (value: \term{false}). If disabled, the option \term{host} will be ignored and the diff --git a/src/mod_vcard.erl b/src/mod_vcard.erl -index 4384087..c54e8ea 100644 +index 3b70fe2..0629de6 100644 --- a/src/mod_vcard.erl +++ b/src/mod_vcard.erl -@@ -174,7 +174,9 @@ process_sm_iq(From, To, #iq{type = Type, sub_el = SubEl} = IQ) -> +@@ -181,7 +181,9 @@ process_sm_iq(From, To, #iq{type = Type, sub_el = SubEl} = IQ) -> case Type of set -> #jid{user = User, lserver = LServer} = From, @@ -67,53 +79,38 @@ index 4384087..c54e8ea 100644 true -> set_vcard(User, LServer, SubEl), IQ#iq{type = result, sub_el = []}; -@@ -183,19 +185,28 @@ process_sm_iq(From, To, #iq{type = Type, sub_el = SubEl} = IQ) -> +@@ -190,13 +192,19 @@ process_sm_iq(From, To, #iq{type = Type, sub_el = SubEl} = IQ) -> end; get -> #jid{luser = LUser, lserver = LServer} = To, -- US = {LUser, LServer}, -- F = fun() -> -- mnesia:read({vcard, US}) -- end, -- Els = case mnesia:transaction(F) of -- {atomic, Rs} -> -- lists:map(fun(R) -> -- R#vcard.vcard -- end, Rs); -- {aborted, _Reason} -> -- [] -- end, -- IQ#iq{type = result, sub_el = Els} -+ Access = gen_mod:get_module_opt(LServer, ?MODULE, access_get, all), -+ case acl:match_rule(LServer, Access, From) of -+ allow -> -+ Els = get_vcard(LUser, LServer), -+ IQ#iq{type = result, sub_el = Els}; -+ deny -> -+ IQ#iq{type = error, sub_el = [SubEl, ?ERR_NOT_ALLOWED]} -+ end -+ end. -+ -+get_vcard(LUser, LServer) -> -+ US = {LUser, LServer}, -+ F = fun() -> -+ mnesia:read({vcard, US}) -+ end, -+ case mnesia:transaction(F) of -+ {atomic, Rs} -> -+ lists:map(fun(R) -> -+ R#vcard.vcard -+ end, Rs); -+ {aborted, _Reason} -> -+ [] +- case get_vcard(LUser, LServer) of +- error -> +- IQ#iq{type = error, +- sub_el = [SubEl, ?ERR_INTERNAL_SERVER_ERROR]}; +- Els -> +- IQ#iq{type = result, sub_el = Els} +- end ++ Access = gen_mod:get_module_opt(LServer, ?MODULE, access_get, all), ++ case acl:match_rule(LServer, Access, From) of ++ allow -> ++ case get_vcard(LUser, LServer) of ++ error -> ++ IQ#iq{type = error, ++ sub_el = [SubEl, ?ERR_INTERNAL_SERVER_ERROR]}; ++ Els -> ++ IQ#iq{type = result, sub_el = Els} ++ end; ++ deny -> ++ IQ#iq{type = error, sub_el = [SubEl, ?ERR_NOT_ALLOWED]} ++ end end. - set_vcard(User, LServer, VCARD) -> + get_vcard(LUser, LServer) -> diff --git a/src/mod_vcard_ldap.erl b/src/mod_vcard_ldap.erl -index f4078df..c5c830d 100644 +index d3e6077..b17b1a3 100644 --- a/src/mod_vcard_ldap.erl +++ b/src/mod_vcard_ldap.erl -@@ -241,38 +241,47 @@ process_local_iq(_From, _To, #iq{type = Type, lang = Lang, sub_el = SubEl} = IQ) +@@ -242,38 +242,47 @@ process_local_iq(_From, _To, #iq{type = Type, lang = Lang, sub_el = SubEl} = IQ) ]}]} end. @@ -158,8 +155,8 @@ index f4078df..c5c830d 100644 + #jid{lserver = FromLServer} = From, + LServer = State#state.serverhost, + Access = gen_mod:get_module_opt(LServer, ?MODULE, access_get, all), -+ case ejabberd_auth:is_user_exists(LUser, LServer) -+ and acl:match_rule(FromLServer, Access, From) of ++ case ejabberd_auth:is_user_exists(LUser, LServer) andalso ++ (acl:match_rule(FromLServer, Access, From) == allow) of + true -> + process_vcard_ldap_get(LUser, LServer, IQ, State); + _ -> @@ -179,68 +176,6 @@ index f4078df..c5c830d 100644 handle_call(get_state, _From, State) -> {reply, {ok, State}, State}; handle_call(stop, _From, State) -> -diff --git a/src/mod_vcard_odbc.erl b/src/mod_vcard_odbc.erl -index 30c2888..d239823 100644 ---- a/src/mod_vcard_odbc.erl -+++ b/src/mod_vcard_odbc.erl -@@ -138,7 +138,9 @@ process_sm_iq(From, To, #iq{type = Type, sub_el = SubEl} = IQ) -> - case Type of - set -> - #jid{user = User, lserver = LServer} = From, -- case lists:member(LServer, ?MYHOSTS) of -+ Access = gen_mod:get_module_opt(LServer, ?MODULE, access_set, all), -+ case lists:member(LServer, ?MYHOSTS) andalso -+ (acl:match_rule(LServer, Access, From) == allow) of - true -> - set_vcard(User, LServer, SubEl), - IQ#iq{type = result, sub_el = []}; -@@ -147,24 +149,34 @@ process_sm_iq(From, To, #iq{type = Type, sub_el = SubEl} = IQ) -> - end; - get -> - #jid{luser = LUser, lserver = LServer} = To, -- Username = ejabberd_odbc:escape(LUser), -- case catch odbc_queries:get_vcard(LServer, Username) of -- {selected, ["vcard"], [{SVCARD}]} -> -- case xml_stream:parse_element(SVCARD) of -- {error, _Reason} -> -- IQ#iq{type = error, -- sub_el = [SubEl, ?ERR_SERVICE_UNAVAILABLE]}; -- VCARD -> -- IQ#iq{type = result, sub_el = [VCARD]} -- end; -- {selected, ["vcard"], []} -> -- IQ#iq{type = result, sub_el = []}; -- _ -> -- IQ#iq{type = error, -- sub_el = [SubEl, ?ERR_INTERNAL_SERVER_ERROR]} -+ Access = gen_mod:get_module_opt(LServer, ?MODULE, access_get, all), -+ case acl:match_rule(LServer, Access, From) of -+ allow -> -+ get_vcard(LUser, LServer, SubEl, IQ); -+ deny -> -+ IQ#iq{type = error, sub_el = [SubEl, ?ERR_NOT_ALLOWED]} - end - end. - -+get_vcard(LUser, LServer, SubEl, IQ) -> -+ Username = ejabberd_odbc:escape(LUser), -+ case catch odbc_queries:get_vcard(LServer, Username) of -+ {selected, ["vcard"], [{SVCARD}]} -> -+ case xml_stream:parse_element(SVCARD) of -+ {error, _Reason} -> -+ IQ#iq{type = error, -+ sub_el = [SubEl, ?ERR_SERVICE_UNAVAILABLE]}; -+ VCARD -> -+ IQ#iq{type = result, sub_el = [VCARD]} -+ end; -+ {selected, ["vcard"], []} -> -+ IQ#iq{type = result, sub_el = []}; -+ _ -> -+ IQ#iq{type = error, -+ sub_el = [SubEl, ?ERR_INTERNAL_SERVER_ERROR]} -+ end. -+ -+ - set_vcard(User, LServer, VCARD) -> - FN = xml:get_path_s(VCARD, [{elem, "FN"}, cdata]), - Family = xml:get_path_s(VCARD, [{elem, "N"}, {elem, "FAMILY"}, cdata]), +-- +1.7.10.4 +