Mercurial > prosody-wiki
annotate mod_privilege.wiki @ 514:9427318ae72d default tip
added page for mod_delegation
author | Goffi <goffi@goffi.org> |
---|---|
date | Thu, 07 May 2015 23:31:20 +0200 |
parents | 5812db271428 |
children |
rev | line source |
---|---|
512 | 1 #summary XEP-0356 (Privileged Entity) implementation |
2 #labels Stage-Alpha | |
3 | |
4 = Introduction = | |
5 | |
513
5812db271428
mod_privilege: better explanations of configuration, typos fixes
Goffi <goffi@goffi.org>
parents:
512
diff
changeset
|
6 Privileged Entity is an extension which allows entity/component to have privileged access to server (set/get roster, send message on behalf of server, access presence informations). It can be used to build services independently of server (e.g.: PEP service). |
512 | 7 |
8 = Details = | |
9 | |
513
5812db271428
mod_privilege: better explanations of configuration, typos fixes
Goffi <goffi@goffi.org>
parents:
512
diff
changeset
|
10 You can have all the details by reading the [http://xmpp.org/extensions/xep-0356.html XEP-0356]. |
5812db271428
mod_privilege: better explanations of configuration, typos fixes
Goffi <goffi@goffi.org>
parents:
512
diff
changeset
|
11 |
5812db271428
mod_privilege: better explanations of configuration, typos fixes
Goffi <goffi@goffi.org>
parents:
512
diff
changeset
|
12 If you use it with a component, you need to patch core/mod_component.lua to fire a new signal. To do it, copy the following patch in a, for example, /tmp/component.patch file: |
512 | 13 {{{ |
14 diff --git a/plugins/mod_component.lua b/plugins/mod_component.lua | |
15 --- a/plugins/mod_component.lua | |
16 +++ b/plugins/mod_component.lua | |
17 @@ -85,6 +85,7 @@ | |
18 session.type = "component"; | |
19 module:log("info", "External component successfully authenticated"); | |
20 session.send(st.stanza("handshake")); | |
21 + module:fire_event("component-authenticated", { session = session }); | |
22 | |
23 return true; | |
24 end | |
25 }}} | |
26 | |
27 Then, at the root of prosody, enter: | |
28 | |
29 {{{patch -p1 < /tmp/component.patch}}} | |
30 | |
31 = Usage = | |
32 | |
513
5812db271428
mod_privilege: better explanations of configuration, typos fixes
Goffi <goffi@goffi.org>
parents:
512
diff
changeset
|
33 To use the module, like usual add *"privilege"* to your modules_enabled. Note that if you use it with a local component, you also need to activate the module in your component section: |
512 | 34 |
35 {{{ | |
513
5812db271428
mod_privilege: better explanations of configuration, typos fixes
Goffi <goffi@goffi.org>
parents:
512
diff
changeset
|
36 modules_enabled = { |
5812db271428
mod_privilege: better explanations of configuration, typos fixes
Goffi <goffi@goffi.org>
parents:
512
diff
changeset
|
37 [...] |
5812db271428
mod_privilege: better explanations of configuration, typos fixes
Goffi <goffi@goffi.org>
parents:
512
diff
changeset
|
38 |
5812db271428
mod_privilege: better explanations of configuration, typos fixes
Goffi <goffi@goffi.org>
parents:
512
diff
changeset
|
39 "privilege"; |
512 | 40 } |
513
5812db271428
mod_privilege: better explanations of configuration, typos fixes
Goffi <goffi@goffi.org>
parents:
512
diff
changeset
|
41 |
5812db271428
mod_privilege: better explanations of configuration, typos fixes
Goffi <goffi@goffi.org>
parents:
512
diff
changeset
|
42 [...] |
5812db271428
mod_privilege: better explanations of configuration, typos fixes
Goffi <goffi@goffi.org>
parents:
512
diff
changeset
|
43 |
5812db271428
mod_privilege: better explanations of configuration, typos fixes
Goffi <goffi@goffi.org>
parents:
512
diff
changeset
|
44 Component "youcomponent.yourdomain.tld" |
5812db271428
mod_privilege: better explanations of configuration, typos fixes
Goffi <goffi@goffi.org>
parents:
512
diff
changeset
|
45 component_secret = "yourpassword" |
5812db271428
mod_privilege: better explanations of configuration, typos fixes
Goffi <goffi@goffi.org>
parents:
512
diff
changeset
|
46 modules_enabled = {"privilege"} |
512 | 47 }}} |
48 | |
513
5812db271428
mod_privilege: better explanations of configuration, typos fixes
Goffi <goffi@goffi.org>
parents:
512
diff
changeset
|
49 then specify privileged entities *in your host section* like that: |
5812db271428
mod_privilege: better explanations of configuration, typos fixes
Goffi <goffi@goffi.org>
parents:
512
diff
changeset
|
50 |
5812db271428
mod_privilege: better explanations of configuration, typos fixes
Goffi <goffi@goffi.org>
parents:
512
diff
changeset
|
51 {{{ |
5812db271428
mod_privilege: better explanations of configuration, typos fixes
Goffi <goffi@goffi.org>
parents:
512
diff
changeset
|
52 VirtualHost "yourdomain.tld" |
5812db271428
mod_privilege: better explanations of configuration, typos fixes
Goffi <goffi@goffi.org>
parents:
512
diff
changeset
|
53 |
5812db271428
mod_privilege: better explanations of configuration, typos fixes
Goffi <goffi@goffi.org>
parents:
512
diff
changeset
|
54 privileged_entities = { |
5812db271428
mod_privilege: better explanations of configuration, typos fixes
Goffi <goffi@goffi.org>
parents:
512
diff
changeset
|
55 ["romeo@montaigu.lit"] = { |
5812db271428
mod_privilege: better explanations of configuration, typos fixes
Goffi <goffi@goffi.org>
parents:
512
diff
changeset
|
56 roster = "get"; |
5812db271428
mod_privilege: better explanations of configuration, typos fixes
Goffi <goffi@goffi.org>
parents:
512
diff
changeset
|
57 presence = "managed_entity"; |
5812db271428
mod_privilege: better explanations of configuration, typos fixes
Goffi <goffi@goffi.org>
parents:
512
diff
changeset
|
58 }, |
5812db271428
mod_privilege: better explanations of configuration, typos fixes
Goffi <goffi@goffi.org>
parents:
512
diff
changeset
|
59 ["juliet@capulet.lit"] = { |
5812db271428
mod_privilege: better explanations of configuration, typos fixes
Goffi <goffi@goffi.org>
parents:
512
diff
changeset
|
60 roster = "both"; |
5812db271428
mod_privilege: better explanations of configuration, typos fixes
Goffi <goffi@goffi.org>
parents:
512
diff
changeset
|
61 message = "outgoing"; |
5812db271428
mod_privilege: better explanations of configuration, typos fixes
Goffi <goffi@goffi.org>
parents:
512
diff
changeset
|
62 presence = "roster"; |
5812db271428
mod_privilege: better explanations of configuration, typos fixes
Goffi <goffi@goffi.org>
parents:
512
diff
changeset
|
63 }, |
5812db271428
mod_privilege: better explanations of configuration, typos fixes
Goffi <goffi@goffi.org>
parents:
512
diff
changeset
|
64 } |
5812db271428
mod_privilege: better explanations of configuration, typos fixes
Goffi <goffi@goffi.org>
parents:
512
diff
changeset
|
65 }}} |
5812db271428
mod_privilege: better explanations of configuration, typos fixes
Goffi <goffi@goffi.org>
parents:
512
diff
changeset
|
66 |
5812db271428
mod_privilege: better explanations of configuration, typos fixes
Goffi <goffi@goffi.org>
parents:
512
diff
changeset
|
67 Here _romeo@montaigu.lit_ can *get* roster of anybody on the host, and will *have presence for any user* of the host, while _juliet@capulet.lit_ can *get* and *set* a roster, *send messages* on the behalf of the server, and *access presence of anybody linked to the host* (not only people on the server, but also people in rosters of users of the server). |
512 | 68 |
69 */!\ Be extra careful when you give a permission to an entity/component, it's a powerful access, only do it if you absoly trust the component/entity, and you know where the software is coming from* | |
70 | |
71 = Configuration = | |
513
5812db271428
mod_privilege: better explanations of configuration, typos fixes
Goffi <goffi@goffi.org>
parents:
512
diff
changeset
|
72 All the permissions give access to all accounts of the virtual host. |
512 | 73 == roster == |
74 ||none _(default)_||No access to rosters|| | |
75 ||get||Allow *read* access to rosters|| | |
76 ||set||Allow *write* access to rosters|| | |
513
5812db271428
mod_privilege: better explanations of configuration, typos fixes
Goffi <goffi@goffi.org>
parents:
512
diff
changeset
|
77 ||both||Allow *read* and *write* access to rosters|| |
512 | 78 |
79 == message == | |
80 ||none _(default)_||Can't send message from server|| | |
81 ||outgoing||Allow to send message on behalf of server (from bare jids)|| | |
82 | |
83 == presence == | |
84 ||none _(default)_||Do not have extra presence information|| | |
513
5812db271428
mod_privilege: better explanations of configuration, typos fixes
Goffi <goffi@goffi.org>
parents:
512
diff
changeset
|
85 ||managed_entity||Receive presence stanzas (except subscriptions) from host users|| |
5812db271428
mod_privilege: better explanations of configuration, typos fixes
Goffi <goffi@goffi.org>
parents:
512
diff
changeset
|
86 ||roster||Receive all presence stanzas (except subsciptions) from host users and people in their rosters|| |
512 | 87 |
88 = Compatibility = | |
513
5812db271428
mod_privilege: better explanations of configuration, typos fixes
Goffi <goffi@goffi.org>
parents:
512
diff
changeset
|
89 ||dev||Need a patched core/mod_component.lua (see above)|| |
512 | 90 ||0.9||Need a patched core/mod_component.lua (see above)|| |
91 | |
92 = Note = | |
513
5812db271428
mod_privilege: better explanations of configuration, typos fixes
Goffi <goffi@goffi.org>
parents:
512
diff
changeset
|
93 This module is often used with mod_delegation (c.f. XEP for more details) |