Mercurial > prosody-modules

comparison mod_privilege/README.wiki @ 1782:29f3d6b7ad16

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Import wiki pages
author Kim Alvefur <zash@zash.se>
date Mon, 24 Aug 2015 16:43:56 +0200
parents
children
comparison
equal deleted inserted replaced
1781:12ac88940fe3 1782:29f3d6b7ad16
1 #summary XEP-0356 (Privileged Entity) implementation
2 #labels Stage-Alpha
3
4 = Introduction =
5
6 Privileged Entity is an extension which allows entity/component to have privileged access to server (set/get roster, send message on behalf of server, access presence informations). It can be used to build services independently of server (e.g.: PEP service).
7
8 = Details =
9
10 You can have all the details by reading the [http://xmpp.org/extensions/xep-0356.html XEP-0356].
11
12 If you use it with a component, you need to patch core/mod_component.lua to fire a new signal. To do it, copy the following patch in a, for example, /tmp/component.patch file:
13 {{{
14 diff --git a/plugins/mod_component.lua b/plugins/mod_component.lua
15 --- a/plugins/mod_component.lua
16 +++ b/plugins/mod_component.lua
17 @@ -85,6 +85,7 @@
18 session.type = "component";
19 module:log("info", "External component successfully authenticated");
20 session.send(st.stanza("handshake"));
21 + module:fire_event("component-authenticated", { session = session });
22
23 return true;
24 end
25 }}}
26
27 Then, at the root of prosody, enter:
28
29 {{{patch -p1 < /tmp/component.patch}}}
30
31 = Usage =
32
33 To use the module, like usual add *"privilege"* to your modules_enabled. Note that if you use it with a local component, you also need to activate the module in your component section:
34
35 {{{
36 modules_enabled = {
37 [...]
38
39 "privilege";
40 }
41
42 [...]
43
44 Component "youcomponent.yourdomain.tld"
45 component_secret = "yourpassword"
46 modules_enabled = {"privilege"}
47 }}}
48
49 then specify privileged entities *in your host section* like that:
50
51 {{{
52 VirtualHost "yourdomain.tld"
53
54 privileged_entities = {
55 ["romeo@montaigu.lit"] = {
56 roster = "get";
57 presence = "managed_entity";
58 },
59 ["juliet@capulet.lit"] = {
60 roster = "both";
61 message = "outgoing";
62 presence = "roster";
63 },
64 }
65 }}}
66
67 Here _romeo@montaigu.lit_ can *get* roster of anybody on the host, and will *have presence for any user* of the host, while _juliet@capulet.lit_ can *get* and *set* a roster, *send messages* on the behalf of the server, and *access presence of anybody linked to the host* (not only people on the server, but also people in rosters of users of the server).
68
69 */!\ Be extra careful when you give a permission to an entity/component, it's a powerful access, only do it if you absoly trust the component/entity, and you know where the software is coming from*
70
71 = Configuration =
72 All the permissions give access to all accounts of the virtual host.
73 == roster ==
74 ||none _(default)_||No access to rosters||
75 ||get||Allow *read* access to rosters||
76 ||set||Allow *write* access to rosters||
77 ||both||Allow *read* and *write* access to rosters||
78
79 == message ==
80 ||none _(default)_||Can't send message from server||
81 ||outgoing||Allow to send message on behalf of server (from bare jids)||
82
83 == presence ==
84 ||none _(default)_||Do not have extra presence information||
85 ||managed_entity||Receive presence stanzas (except subscriptions) from host users||
86 ||roster||Receive all presence stanzas (except subsciptions) from host users and people in their rosters||
87
88 = Compatibility =
89 ||dev||Need a patched core/mod_component.lua (see above)||
90 ||0.9||Need a patched core/mod_component.lua (see above)||
91
92 = Note =
93 This module is often used with mod_delegation (c.f. XEP for more details)