prosody-wiki: mod_privilege.wiki annotate

annotate mod_privilege.wiki @ 512:cfef30b64777

added page for mod_privilege

author	Goffi <goffi@goffi.org>
date	Thu, 09 Apr 2015 12:05:58 +0200
parents
children	5812db271428

rev	line source
512 cfef30b64777 added page for mod_privilege Goffi <goffi@goffi.org> parents: diff changeset	1 #summary XEP-0356 (Privileged Entity) implementation
cfef30b64777 added page for mod_privilege Goffi <goffi@goffi.org> parents: diff changeset	2 #labels Stage-Alpha
cfef30b64777 added page for mod_privilege Goffi <goffi@goffi.org> parents: diff changeset	3
cfef30b64777 added page for mod_privilege Goffi <goffi@goffi.org> parents: diff changeset	4 = Introduction =
cfef30b64777 added page for mod_privilege Goffi <goffi@goffi.org> parents: diff changeset	5
cfef30b64777 added page for mod_privilege Goffi <goffi@goffi.org> parents: diff changeset	6 Privileged Entity is an extension which allows entity/component to have privileged access to server (set/get roster, send message on behalf of server, access presence informations). It can be used to build services independenlty of server (e.g.: PEP service).
cfef30b64777 added page for mod_privilege Goffi <goffi@goffi.org> parents: diff changeset	7
cfef30b64777 added page for mod_privilege Goffi <goffi@goffi.org> parents: diff changeset	8 = Details =
cfef30b64777 added page for mod_privilege Goffi <goffi@goffi.org> parents: diff changeset	9
cfef30b64777 added page for mod_privilege Goffi <goffi@goffi.org> parents: diff changeset	10 You can have all the details by reading the [http://xmpp.org/extensions/xep-0356.html XEP-0356]. If you use if with a component, you need to patch core/mod_component.lua to fire a new signal. To do it, copy the following patch in a, for example, /tmp/component.patch file:
cfef30b64777 added page for mod_privilege Goffi <goffi@goffi.org> parents: diff changeset	11 {{{
cfef30b64777 added page for mod_privilege Goffi <goffi@goffi.org> parents: diff changeset	12 diff --git a/plugins/mod_component.lua b/plugins/mod_component.lua
cfef30b64777 added page for mod_privilege Goffi <goffi@goffi.org> parents: diff changeset	13 --- a/plugins/mod_component.lua
cfef30b64777 added page for mod_privilege Goffi <goffi@goffi.org> parents: diff changeset	14 +++ b/plugins/mod_component.lua
cfef30b64777 added page for mod_privilege Goffi <goffi@goffi.org> parents: diff changeset	15 @@ -85,6 +85,7 @@
cfef30b64777 added page for mod_privilege Goffi <goffi@goffi.org> parents: diff changeset	16 session.type = "component";
cfef30b64777 added page for mod_privilege Goffi <goffi@goffi.org> parents: diff changeset	17 module:log("info", "External component successfully authenticated");
cfef30b64777 added page for mod_privilege Goffi <goffi@goffi.org> parents: diff changeset	18 session.send(st.stanza("handshake"));
cfef30b64777 added page for mod_privilege Goffi <goffi@goffi.org> parents: diff changeset	19 + module:fire_event("component-authenticated", { session = session });
cfef30b64777 added page for mod_privilege Goffi <goffi@goffi.org> parents: diff changeset	20
cfef30b64777 added page for mod_privilege Goffi <goffi@goffi.org> parents: diff changeset	21 return true;
cfef30b64777 added page for mod_privilege Goffi <goffi@goffi.org> parents: diff changeset	22 end
cfef30b64777 added page for mod_privilege Goffi <goffi@goffi.org> parents: diff changeset	23 }}}
cfef30b64777 added page for mod_privilege Goffi <goffi@goffi.org> parents: diff changeset	24
cfef30b64777 added page for mod_privilege Goffi <goffi@goffi.org> parents: diff changeset	25 Then, at the root of prosody, enter:
cfef30b64777 added page for mod_privilege Goffi <goffi@goffi.org> parents: diff changeset	26
cfef30b64777 added page for mod_privilege Goffi <goffi@goffi.org> parents: diff changeset	27 {{{patch -p1 < /tmp/component.patch}}}
cfef30b64777 added page for mod_privilege Goffi <goffi@goffi.org> parents: diff changeset	28
cfef30b64777 added page for mod_privilege Goffi <goffi@goffi.org> parents: diff changeset	29 = Usage =
cfef30b64777 added page for mod_privilege Goffi <goffi@goffi.org> parents: diff changeset	30
cfef30b64777 added page for mod_privilege Goffi <goffi@goffi.org> parents: diff changeset	31 To use the module, like usual add "privilege" to your modules_enabled, then specify privileged entities like that:
cfef30b64777 added page for mod_privilege Goffi <goffi@goffi.org> parents: diff changeset	32
cfef30b64777 added page for mod_privilege Goffi <goffi@goffi.org> parents: diff changeset	33 {{{
cfef30b64777 added page for mod_privilege Goffi <goffi@goffi.org> parents: diff changeset	34 privileged_entities = {
cfef30b64777 added page for mod_privilege Goffi <goffi@goffi.org> parents: diff changeset	35 ["romeo@montaigu.lit"] = {
cfef30b64777 added page for mod_privilege Goffi <goffi@goffi.org> parents: diff changeset	36 roster = "get";
cfef30b64777 added page for mod_privilege Goffi <goffi@goffi.org> parents: diff changeset	37 presence = "managed_entity";
cfef30b64777 added page for mod_privilege Goffi <goffi@goffi.org> parents: diff changeset	38 },
cfef30b64777 added page for mod_privilege Goffi <goffi@goffi.org> parents: diff changeset	39 ["juliet@capulet.lit"] = {
cfef30b64777 added page for mod_privilege Goffi <goffi@goffi.org> parents: diff changeset	40 roster = "both";
cfef30b64777 added page for mod_privilege Goffi <goffi@goffi.org> parents: diff changeset	41 message = "outgoing";
cfef30b64777 added page for mod_privilege Goffi <goffi@goffi.org> parents: diff changeset	42 presence = "roster";
cfef30b64777 added page for mod_privilege Goffi <goffi@goffi.org> parents: diff changeset	43 },
cfef30b64777 added page for mod_privilege Goffi <goffi@goffi.org> parents: diff changeset	44 }
cfef30b64777 added page for mod_privilege Goffi <goffi@goffi.org> parents: diff changeset	45 }}}
cfef30b64777 added page for mod_privilege Goffi <goffi@goffi.org> parents: diff changeset	46
cfef30b64777 added page for mod_privilege Goffi <goffi@goffi.org> parents: diff changeset	47 Here _romeo@montaigu.lit_ can get roster of anybody on the server, and will have presence for any user of the server, while _juliet@capulet.lit_ can get and set a roster, send messages on the behalf of the server, and access presence of anybody (not only people on the server, but also people in rosters of users of the server).
cfef30b64777 added page for mod_privilege Goffi <goffi@goffi.org> parents: diff changeset	48
cfef30b64777 added page for mod_privilege Goffi <goffi@goffi.org> parents: diff changeset	49 /!\ Be extra careful when you give a permission to an entity/component, it's a powerful access, only do it if you absoly trust the component/entity, and you know where the software is coming from
cfef30b64777 added page for mod_privilege Goffi <goffi@goffi.org> parents: diff changeset	50
cfef30b64777 added page for mod_privilege Goffi <goffi@goffi.org> parents: diff changeset	51 = Configuration =
cfef30b64777 added page for mod_privilege Goffi <goffi@goffi.org> parents: diff changeset	52 All the permissions give access to all accounts of the servers.
cfef30b64777 added page for mod_privilege Goffi <goffi@goffi.org> parents: diff changeset	53 == roster ==
cfef30b64777 added page for mod_privilege Goffi <goffi@goffi.org> parents: diff changeset	54 \|\|none _(default)_\|\|No access to rosters\|\|
cfef30b64777 added page for mod_privilege Goffi <goffi@goffi.org> parents: diff changeset	55 \|\|get\|\|Allow read access to rosters\|\|
cfef30b64777 added page for mod_privilege Goffi <goffi@goffi.org> parents: diff changeset	56 \|\|set\|\|Allow write access to rosters\|\|
cfef30b64777 added page for mod_privilege Goffi <goffi@goffi.org> parents: diff changeset	57 \|\|both\|\|Allow "read and write access to rosters\|\|
cfef30b64777 added page for mod_privilege Goffi <goffi@goffi.org> parents: diff changeset	58
cfef30b64777 added page for mod_privilege Goffi <goffi@goffi.org> parents: diff changeset	59 == message ==
cfef30b64777 added page for mod_privilege Goffi <goffi@goffi.org> parents: diff changeset	60 \|\|none _(default)_\|\|Can't send message from server\|\|
cfef30b64777 added page for mod_privilege Goffi <goffi@goffi.org> parents: diff changeset	61 \|\|outgoing\|\|Allow to send message on behalf of server (from bare jids)\|\|
cfef30b64777 added page for mod_privilege Goffi <goffi@goffi.org> parents: diff changeset	62
cfef30b64777 added page for mod_privilege Goffi <goffi@goffi.org> parents: diff changeset	63 == presence ==
cfef30b64777 added page for mod_privilege Goffi <goffi@goffi.org> parents: diff changeset	64 \|\|none _(default)_\|\|Do not have extra presence information\|\|
cfef30b64777 added page for mod_privilege Goffi <goffi@goffi.org> parents: diff changeset	65 \|\|managed_entity\|\|Receive presence stanzas (except subscriptions) from server users\|\|
cfef30b64777 added page for mod_privilege Goffi <goffi@goffi.org> parents: diff changeset	66 \|\|roster\|\|Receive all presence stanzas (except subsciptions) from server users and people in their rosters\|\|
cfef30b64777 added page for mod_privilege Goffi <goffi@goffi.org> parents: diff changeset	67
cfef30b64777 added page for mod_privilege Goffi <goffi@goffi.org> parents: diff changeset	68 = Compatibility =
cfef30b64777 added page for mod_privilege Goffi <goffi@goffi.org> parents: diff changeset	69 \|\|0.9\|\|Need a patched core/mod_component.lua (see above)\|\|
cfef30b64777 added page for mod_privilege Goffi <goffi@goffi.org> parents: diff changeset	70
cfef30b64777 added page for mod_privilege Goffi <goffi@goffi.org> parents: diff changeset	71 = Note =
cfef30b64777 added page for mod_privilege Goffi <goffi@goffi.org> parents: diff changeset	72 This module is often used with (TODO) mod_delegation (c.f. XEP for more details)

Mercurial > prosody-wiki

annotate mod_privilege.wiki @ 512:cfef30b64777