1786
|
1 |
#summary XEP-0356 (Privileged Entity) implementation |
|
2 |
#labels Stage-Alpha |
|
3 |
|
|
4 |
= Introduction = |
|
5 |
|
|
6 |
Privileged Entity is an extension which allows entity/component to have privileged access to server (set/get roster, send message on behalf of server, access presence informations). It can be used to build services independently of server (e.g.: PEP service). |
|
7 |
|
|
8 |
= Details = |
|
9 |
|
|
10 |
You can have all the details by reading the [http://xmpp.org/extensions/xep-0356.html XEP-0356]. |
|
11 |
|
|
12 |
If you use it with a component, you need to patch core/mod_component.lua to fire a new signal. To do it, copy the following patch in a, for example, /tmp/component.patch file: |
|
13 |
{{{ |
|
14 |
diff --git a/plugins/mod_component.lua b/plugins/mod_component.lua |
|
15 |
--- a/plugins/mod_component.lua |
|
16 |
+++ b/plugins/mod_component.lua |
|
17 |
@@ -85,6 +85,7 @@ |
|
18 |
session.type = "component"; |
|
19 |
module:log("info", "External component successfully authenticated"); |
|
20 |
session.send(st.stanza("handshake")); |
|
21 |
+ module:fire_event("component-authenticated", { session = session }); |
|
22 |
|
|
23 |
return true; |
|
24 |
end |
|
25 |
}}} |
|
26 |
|
|
27 |
Then, at the root of prosody, enter: |
|
28 |
|
|
29 |
{{{patch -p1 < /tmp/component.patch}}} |
|
30 |
|
|
31 |
= Usage = |
|
32 |
|
|
33 |
To use the module, like usual add *"privilege"* to your modules_enabled. Note that if you use it with a local component, you also need to activate the module in your component section: |
|
34 |
|
|
35 |
{{{ |
|
36 |
modules_enabled = { |
|
37 |
[...] |
|
38 |
|
|
39 |
"privilege"; |
|
40 |
} |
|
41 |
|
|
42 |
[...] |
|
43 |
|
|
44 |
Component "youcomponent.yourdomain.tld" |
|
45 |
component_secret = "yourpassword" |
|
46 |
modules_enabled = {"privilege"} |
|
47 |
}}} |
|
48 |
|
|
49 |
then specify privileged entities *in your host section* like that: |
|
50 |
|
|
51 |
{{{ |
|
52 |
VirtualHost "yourdomain.tld" |
|
53 |
|
|
54 |
privileged_entities = { |
|
55 |
["romeo@montaigu.lit"] = { |
|
56 |
roster = "get"; |
|
57 |
presence = "managed_entity"; |
|
58 |
}, |
|
59 |
["juliet@capulet.lit"] = { |
|
60 |
roster = "both"; |
|
61 |
message = "outgoing"; |
|
62 |
presence = "roster"; |
|
63 |
}, |
|
64 |
} |
|
65 |
}}} |
|
66 |
|
|
67 |
Here _romeo@montaigu.lit_ can *get* roster of anybody on the host, and will *have presence for any user* of the host, while _juliet@capulet.lit_ can *get* and *set* a roster, *send messages* on the behalf of the server, and *access presence of anybody linked to the host* (not only people on the server, but also people in rosters of users of the server). |
|
68 |
|
|
69 |
*/!\ Be extra careful when you give a permission to an entity/component, it's a powerful access, only do it if you absoly trust the component/entity, and you know where the software is coming from* |
|
70 |
|
|
71 |
= Configuration = |
|
72 |
All the permissions give access to all accounts of the virtual host. |
|
73 |
== roster == |
|
74 |
||none _(default)_||No access to rosters|| |
|
75 |
||get||Allow *read* access to rosters|| |
|
76 |
||set||Allow *write* access to rosters|| |
|
77 |
||both||Allow *read* and *write* access to rosters|| |
|
78 |
|
|
79 |
== message == |
|
80 |
||none _(default)_||Can't send message from server|| |
|
81 |
||outgoing||Allow to send message on behalf of server (from bare jids)|| |
|
82 |
|
|
83 |
== presence == |
|
84 |
||none _(default)_||Do not have extra presence information|| |
|
85 |
||managed_entity||Receive presence stanzas (except subscriptions) from host users|| |
|
86 |
||roster||Receive all presence stanzas (except subsciptions) from host users and people in their rosters|| |
|
87 |
|
|
88 |
= Compatibility = |
|
89 |
||dev||Need a patched core/mod_component.lua (see above)|| |
|
90 |
||0.9||Need a patched core/mod_component.lua (see above)|| |
|
91 |
|
|
92 |
= Note = |
|
93 |
This module is often used with mod_delegation (c.f. XEP for more details) |