[ejabberd] Arbitrary access control of packets

Magnus Henoch mange at freemail.hu
Thu Sep 8 01:03:36 MSD 2005


I'm thinking about how to restrict message sending privileges for
certain users in ejabberd.  A common case of this is disabling s2s for
certain users (see http://www.jabber.ru/bugzilla/show_bug.cgi?id=42 ),
but I think it might be worth to implement a more flexible system.  I
imagine that the config file would look something like:

% users starting with "r" are restricted
{acl, restricted, {user_glob, "r*", "example.com"}}.
% local users
{acl, local, {user_regexp, "", "example.com"}}.
% restricted users may send messages to this user
{acl, goodguy, {user, "foo", "bar.com"}}.
% evil servers - avoid
{acl, evilservers, {server_regexp, "evil"}}.

% new syntax; ideas welcome
{packet_access, restricted, [{allow, local},
                             {allow, goodguy},
                             {deny, all}]}.
{packet_access, local, [{deny, evilservers},
                        {allow, all}]}.

Maybe this could be implemented using the filter_packet hook (called
from ejabberd_router:do_route), but it seems that in the current code
you'd have to add a separate hook for every imaginable destination
server, which is inconvenient/impossible if you want to deny
everything not explicitly allowed.

Thoughts, ideas?

Magnus
-- 
JID: legoscia at jabber.cd.chalmers.se



More information about the ejabberd mailing list