Mercurial > prosody-modules
comparison mod_privilege/README.markdown @ 4913:3ddab718f717
mod_privilege: update to v0.4:
- now the namespace "urn:xmpp:privilege:2" is exclusively used
- IQ permission implementation
- README update
roster pushes are not implemented yet
author | Goffi <goffi@goffi.org> |
---|---|
date | Wed, 11 May 2022 12:43:26 +0200 |
parents | 8dda3d7d616f |
children |
comparison
equal
deleted
inserted
replaced
4912:b45c23ce24ba | 4913:3ddab718f717 |
---|---|
1 --- | 1 --- |
2 labels: | 2 labels: |
3 - 'Stage-Alpha' | 3 - 'Stage-Beta' |
4 summary: 'XEP-0356 (Privileged Entity) implementation' | 4 summary: 'XEP-0356 (Privileged Entity) implementation' |
5 ... | 5 ... |
6 | 6 |
7 Introduction | 7 Introduction |
8 ============ | 8 ============ |
9 | 9 |
10 Privileged Entity is an extension which allows entity/component to have | 10 Privileged Entity is an extension which allows entity/component to have |
11 privileged access to server (set/get roster, send message on behalf of | 11 privileged access to server (set/get roster, send message on behalf of server, |
12 server, access presence informations). It can be used to build services | 12 send IQ stanza on behalf of user, access presence information). It can be used |
13 independently of server (e.g.: PEP service). | 13 to build services independently of server (e.g.: PEP service). |
14 | 14 |
15 Details | 15 Details |
16 ======= | 16 ======= |
17 | 17 |
18 You can have all the details by reading the | 18 You can have all the details by reading the |
19 [XEP-0356](http://xmpp.org/extensions/xep-0356.html). | 19 [XEP-0356](http://xmpp.org/extensions/xep-0356.html). |
20 | |
21 Only the latest version of the XEP is implemented (using namespace | |
22 `urn:xmpp:privilege:2`), if your component use an older version, please update. | |
23 | |
24 Note that roster permission is not fully implemented yet, roster pushes are not yet sent | |
25 to privileged entity. | |
20 | 26 |
21 Usage | 27 Usage |
22 ===== | 28 ===== |
23 | 29 |
24 To use the module, like usual add **"privilege"** to your | 30 To use the module, like usual add **"privilege"** to your |
31 "privilege"; | 37 "privilege"; |
32 } | 38 } |
33 | 39 |
34 [...] | 40 [...] |
35 | 41 |
36 Component "youcomponent.yourdomain.tld" | 42 Component "pubsub.yourdomain.tld" |
37 component_secret = "yourpassword" | 43 component_secret = "yourpassword" |
38 modules_enabled = {"privilege"} | 44 modules_enabled = {"privilege"} |
39 | 45 |
40 then specify privileged entities **in your host section** like that: | 46 then specify privileged entities **in your host section** like that: |
41 | 47 |
49 ["juliet@capulet.lit"] = { | 55 ["juliet@capulet.lit"] = { |
50 roster = "both"; | 56 roster = "both"; |
51 message = "outgoing"; | 57 message = "outgoing"; |
52 presence = "roster"; | 58 presence = "roster"; |
53 }, | 59 }, |
60 ["pubsub.yourdomain.tld"] = { | |
61 roster = "get"; | |
62 message = "outgoing"; | |
63 presence = "roster"; | |
64 iq = { | |
65 ["http://jabber.org/protocol/pubsub"] = "set"; | |
66 }; | |
67 }, | |
54 } | 68 } |
55 | 69 |
56 Here *romeo@montaigu.lit* can **get** roster of anybody on the host, and | 70 Here *romeo@montaigu.lit* can **get** roster of anybody on the host, and will |
57 will **have presence for any user** of the host, while | 71 **have presence for any user** of the host, while *juliet@capulet.lit* can |
58 *juliet@capulet.lit* can **get** and **set** a roster, **send messages** | 72 **get** and **set** a roster, **send messages** on behalf of the server, and |
59 on the behalf of the server, and **access presence of anybody linked to | 73 **access presence of anybody linked to the host** (not only people on the |
60 the host** (not only people on the server, but also people in rosters of | 74 server, but also people in rosters of users of the server). |
61 users of the server). | |
62 | 75 |
63 **/! Be extra careful when you give a permission to an entity/component, | 76 *pubsub.yourdomain.tld* is a Pubsub/PEP component which can **get** roster of |
64 it's a powerful access, only do it if you absoly trust the | 77 anybody on the host, **send messages** on the behalf of the server, **access |
65 component/entity, and you know where the software is coming from** | 78 presence of anybody linked to the host**, and **send IQ stanza of type "set" for |
79 the namespace "http://jabber.org/protocol/pubsub"** (this can be used to | |
80 implement XEP-0376 "Pubsub Account Management"). | |
81 | |
82 **/!\\ Be extra careful when you give a permission to an entity/component, it's | |
83 a powerful access, only do it if you absolutely trust the component/entity, and | |
84 you know where the software is coming from** | |
66 | 85 |
67 Configuration | 86 Configuration |
68 ============= | 87 ============= |
88 | |
89 roster | |
90 ------ | |
69 | 91 |
70 All the permissions give access to all accounts of the virtual host. | 92 All the permissions give access to all accounts of the virtual host. |
71 | 93 |
72 -------- ------------------------------------------------ ---------------------- | 94 -------- ------------------------------------------------ ---------------------- |
73 roster none *(default)* No access to rosters | 95 roster none *(default)* No access to rosters |
74 get Allow **read** access to rosters | 96 get Allow **read** access to rosters |
75 set Allow **write** access to rosters | 97 set Allow **write** access to rosters |
76 both Allow **read** and **write** access to rosters | 98 both Allow **read** and **write** access to rosters |
77 -------- ------------------------------------------------ ---------------------- | 99 -------- ------------------------------------------------ ---------------------- |
100 | |
101 Note that roster implementation is incomplete at the moment, roster pushes are not yet | |
102 send to privileged entity. | |
78 | 103 |
79 message | 104 message |
80 ------- | 105 ------- |
81 | 106 |
82 ------------------ ------------------------------------------------------------ | 107 ------------------ ------------------------------------------------------------ |
90 ------------------ ------------------------------------------------------------------------------------------------ | 115 ------------------ ------------------------------------------------------------------------------------------------ |
91 none *(default)* Do not have extra presence information | 116 none *(default)* Do not have extra presence information |
92 managed\_entity Receive presence stanzas (except subscriptions) from host users | 117 managed\_entity Receive presence stanzas (except subscriptions) from host users |
93 roster Receive all presence stanzas (except subsciptions) from host users and people in their rosters | 118 roster Receive all presence stanzas (except subsciptions) from host users and people in their rosters |
94 ------------------ ------------------------------------------------------------------------------------------------ | 119 ------------------ ------------------------------------------------------------------------------------------------ |
120 | |
121 iq | |
122 -- | |
123 | |
124 IQ permission is a table mapping allowed namespaces to allowed stanza type. When | |
125 a namespace is specified, IQ stanza of the specified type (see below) can be | |
126 sent if and only if the first child element of the IQ stanza has the specified | |
127 namespace. See https://xmpp.org/extensions/xep-0356.html#iq for details. | |
128 | |
129 Allowed stanza type: | |
130 | |
131 -------- ------------------------------------------- | |
132 get Allow IQ stanza of type **get** | |
133 set Allow IQ stanza of type **set** | |
134 both Allow IQ stanza of type **get** and **set** | |
135 -------- ------------------------------------------- | |
95 | 136 |
96 Compatibility | 137 Compatibility |
97 ============= | 138 ============= |
98 | 139 |
99 If you use it with Prosody 0.9 and with a component, you need to patch | 140 If you use it with Prosody 0.9 and with a component, you need to patch |
116 | 157 |
117 Then, at the root of prosody, enter: | 158 Then, at the root of prosody, enter: |
118 | 159 |
119 `patch -p1 < /tmp/component.patch` | 160 `patch -p1 < /tmp/component.patch` |
120 | 161 |
121 ----- ---------------------------------------------------- | 162 ----- -------------------------------------------------- |
163 trunk Works | |
164 0.12 Works | |
165 0.11 Works | |
122 0.10 Works | 166 0.10 Works |
123 0.9 Need a patched core/mod\_component.lua (see above) | 167 0.9 Need a patched core/mod\_component.lua (see above) |
124 ----- ---------------------------------------------------- | 168 ----- -------------------------------------------------- |
125 | 169 |
126 Note | 170 Note |
127 ==== | 171 ==== |
128 | 172 |
129 This module is often used with mod\_delegation (c.f. XEP for more | 173 This module is often used with mod\_delegation (c.f. XEP for more details) |
130 details) |