Software /
code /
prosody-modules
Diff
mod_privilege/README.markdown @ 4937:3ddab718f717
mod_privilege: update to v0.4:
- now the namespace "urn:xmpp:privilege:2" is exclusively used
- IQ permission implementation
- README update
roster pushes are not implemented yet
author | Goffi <goffi@goffi.org> |
---|---|
date | Wed, 11 May 2022 12:43:26 +0200 |
parent | 1992:8dda3d7d616f |
line wrap: on
line diff
--- a/mod_privilege/README.markdown Wed Mar 30 17:52:41 2022 +0200 +++ b/mod_privilege/README.markdown Wed May 11 12:43:26 2022 +0200 @@ -1,6 +1,6 @@ --- labels: -- 'Stage-Alpha' +- 'Stage-Beta' summary: 'XEP-0356 (Privileged Entity) implementation' ... @@ -8,9 +8,9 @@ ============ Privileged Entity is an extension which allows entity/component to have -privileged access to server (set/get roster, send message on behalf of -server, access presence informations). It can be used to build services -independently of server (e.g.: PEP service). +privileged access to server (set/get roster, send message on behalf of server, +send IQ stanza on behalf of user, access presence information). It can be used +to build services independently of server (e.g.: PEP service). Details ======= @@ -18,6 +18,12 @@ You can have all the details by reading the [XEP-0356](http://xmpp.org/extensions/xep-0356.html). +Only the latest version of the XEP is implemented (using namespace +`urn:xmpp:privilege:2`), if your component use an older version, please update. + +Note that roster permission is not fully implemented yet, roster pushes are not yet sent +to privileged entity. + Usage ===== @@ -33,7 +39,7 @@ [...] - Component "youcomponent.yourdomain.tld" + Component "pubsub.yourdomain.tld" component_secret = "yourpassword" modules_enabled = {"privilege"} @@ -51,22 +57,38 @@ message = "outgoing"; presence = "roster"; }, + ["pubsub.yourdomain.tld"] = { + roster = "get"; + message = "outgoing"; + presence = "roster"; + iq = { + ["http://jabber.org/protocol/pubsub"] = "set"; + }; + }, } -Here *romeo@montaigu.lit* can **get** roster of anybody on the host, and -will **have presence for any user** of the host, while -*juliet@capulet.lit* can **get** and **set** a roster, **send messages** -on the behalf of the server, and **access presence of anybody linked to -the host** (not only people on the server, but also people in rosters of -users of the server). +Here *romeo@montaigu.lit* can **get** roster of anybody on the host, and will +**have presence for any user** of the host, while *juliet@capulet.lit* can +**get** and **set** a roster, **send messages** on behalf of the server, and +**access presence of anybody linked to the host** (not only people on the +server, but also people in rosters of users of the server). -**/! Be extra careful when you give a permission to an entity/component, -it's a powerful access, only do it if you absoly trust the -component/entity, and you know where the software is coming from** +*pubsub.yourdomain.tld* is a Pubsub/PEP component which can **get** roster of +anybody on the host, **send messages** on the behalf of the server, **access +presence of anybody linked to the host**, and **send IQ stanza of type "set" for +the namespace "http://jabber.org/protocol/pubsub"** (this can be used to +implement XEP-0376 "Pubsub Account Management"). + +**/!\\ Be extra careful when you give a permission to an entity/component, it's +a powerful access, only do it if you absolutely trust the component/entity, and +you know where the software is coming from** Configuration ============= +roster +------ + All the permissions give access to all accounts of the virtual host. -------- ------------------------------------------------ ---------------------- @@ -76,6 +98,9 @@ both Allow **read** and **write** access to rosters -------- ------------------------------------------------ ---------------------- +Note that roster implementation is incomplete at the moment, roster pushes are not yet +send to privileged entity. + message ------- @@ -93,6 +118,22 @@ roster Receive all presence stanzas (except subsciptions) from host users and people in their rosters ------------------ ------------------------------------------------------------------------------------------------ +iq +-- + +IQ permission is a table mapping allowed namespaces to allowed stanza type. When +a namespace is specified, IQ stanza of the specified type (see below) can be +sent if and only if the first child element of the IQ stanza has the specified +namespace. See https://xmpp.org/extensions/xep-0356.html#iq for details. + +Allowed stanza type: + + -------- ------------------------------------------- + get Allow IQ stanza of type **get** + set Allow IQ stanza of type **set** + both Allow IQ stanza of type **get** and **set** + -------- ------------------------------------------- + Compatibility ============= @@ -118,13 +159,15 @@ `patch -p1 < /tmp/component.patch` - ----- ---------------------------------------------------- + ----- -------------------------------------------------- + trunk Works + 0.12 Works + 0.11 Works 0.10 Works 0.9 Need a patched core/mod\_component.lua (see above) - ----- ---------------------------------------------------- + ----- -------------------------------------------------- Note ==== -This module is often used with mod\_delegation (c.f. XEP for more -details) +This module is often used with mod\_delegation (c.f. XEP for more details)