I was under the assumption that an anonymous user cannot send a presence stanza to a registered user without a roster subscription. But using Ejabberd 2.1.2 this is happening.
How do i stop anonymous users from sending presence stanzas to registered users?
Help Please
Can somebody take a look at this question please.
adil wrote: I was under the
I was under the assumption that an anonymous user cannot send a presence stanza to a registered user without a roster subscription. But using Ejabberd 2.1.2 this is happening.
First a user logins to an account in the XMPP server, for example testuser1@myserver. Then he can send stanzas (presence, message, iq).
The server usually requires the user to provide a password to verify he owns the account testuser1. Alternatively, the server can be configured to relax this requirement: do not require any password at all, or accept any password as valid. In any case, once the user is authenticated in the server, why shouldn't he be able to use all the possibilities already offered by the server to password-verified accounts?
In other words: where did you read/infer that anonymous-authenticated accounts must not be able to send presence to another password-authenticated users?
How do i stop anonymous users from sending presence stanzas to registered users?
I think such restriction isn't configurable.
There is a workaround. I assume you have now one vhost that uses mixed auth: internal+anonymous. You could split it in two vhosts: one for internal auth users, and other for anonymous users. And then, configure somehow that presence stanzas from vhost2 to vhost1 to be dropped. Maybe mod_filter or other small module can be configured or modified to do this.
Anonymous Vhost and Member Vhost is different
In other words: where did you read/infer that anonymous-authenticated accounts must not be able to send presence to another password-authenticated users?
.
and
(Section 6)
What i meant to emphasize is that users outside the roster of a member cannot send them a presence. That seems correct and isn't that the point of the roster anyway?
Now, my site is setup to use two separate vhosts for chat. Their setup is as follows :
{hosts, ["socialnetwork.com","public.socialnetwork.com"]}.{host_config, "public.socialnetwork.com", [{auth_method, anonymous},
{allow_multiple_connections, false},
{anonymous_protocol, sasl_anon}]}.
It used to be in 2.0.0 that a logged-in anon user(user1234@public.socialnetwork.com/webchat) cannot send presence stanzas to the social network user (member1234@socialnetwork.com/webchat). We allow anon guys to chat, and exchange presence, with social network users using MUC. Once the SN user has left the MUC, the anon chat user should not be able to send a presence stanza. This used to work as expected in v2.0.0 without any mods. Is this possible now?
Are you sure the restriction was implemented in 2.0.0?
The first is a forum link. It can be indicative, but not authoritative.
The second link is the authoritative RFC, that ejabberd must obey. As it has hundreds of pages, can you mark in what paragraph you read that "an anonymous user can't send a presence stanza to an internally-registered user"? In the whole RFC, the word 'anonymous' is never mentioned.
What i meant to emphasize is that users outside the roster of a member cannot send them a presence.
False. The RFC 3921 says: "a client MAY send directed presence information to another entity by including a 'to' address".
I've verified this works both in ejabberd 2.1.3 and 2.0.1. That's the oldest version I can get to run, and I don't see any relevant change between 2.0.0 and 2.0.1.
I configured similar to you. someone@anon.localhost/work logins, has an empty roster, and sends:
badlop@localhost/work receives the stanza, as described in RFC:
That seems correct and isn't that the point of the roster anyway?
Each concept has a purpose: a presence stanza carries presence information. A presence subscription indicates that a contact wants to get the user presence information and the user granted permission to do so. A roster is a list of roster items, which can have different presence subscriptions each.
It used to be in 2.0.0 that a logged-in anon user(user1234@public.socialnetwork.com/webchat) cannot send presence stanzas to the social network user (member1234@socialnetwork.com/webchat).
Are you sure it was ejabberd 2.0.0 code who was blocking delivery of such stanzas? Maybe it was the client itself who implemented that restriction: Don't accepts incoming presence stanzas from users that aren't in my roster.
We allow anon guys to chat, and exchange presence, with social network users using MUC. Once the SN user has left the MUC, the anon chat user should not be able to send a presence stanza. This used to work as expected in v2.0.0 without any mods. Is this possible now?
As I said, maybe mod_filter can be configured or customized to implement such restriction.
I see
The second link is the authoritative RFC, that ejabberd must obey. As it has hundreds of pages, can you mark in what paragraph you read that "an anonymous user can't send a presence stanza to an internally-registered user"? In the whole RFC, the word 'anonymous' is never mentioned.
Actually its the first para that got me confused "In order to protect the privacy of instant messaging users and any other entities, presence and availability information is disclosed only to other entities that the user has approved."
You're right, it doesn't mean anon cannot send a presence to another user.
Ok, can you give me an idea of how to make this mod_filter. My criteria is to exchange presence on MUC but not outside. How can i enforce that?
Check mod_filter example 4
Ok, can you give me an idea of how to make this mod_filter. My criteria is to exchange presence on MUC but not outside. How can i enforce that?
Check the , specially the example 4 which I wrote specifically for your case. Download the module, install, configure.