ejabberd - Comments for "Restrict users' write access to their own vcards"

You are right, most ejabberd

mfoss — Wed, 21 May 2014 14:29:19 +0000

You are right, most ejabberd internal information is now stored as binaries like <<"this">>, not as string like "this".

Sorry, for taking to long to

nyerup — Wed, 21 May 2014 11:03:06 +0000

Sorry, for taking to long to respond. But thanks for this!

I tried applying this to 14.05, but it required a minor change to work as intended. I don't know if this was just a typo in the original patch, or if the data structure actually changed since then.

This is the patch I ended up applying:

diff --git a/src/mod_vcard.erl b/src/mod_vcard.erl
index 3b70fe2..c951ff2 100644
--- a/src/mod_vcard.erl
+++ b/src/mod_vcard.erl
@@ -181,7 +181,8 @@ process_sm_iq(From, To, #iq{type = Type, sub_el = SubEl} = IQ) ->
     case Type of
        set ->
            #jid{user = User, lserver = LServer} = From,
-           case lists:member(LServer, ?MYHOSTS) of
+           case (From#jid.resource == <<"mod_admin_extra">>)
+               andalso (lists:member(LServer, ?MYHOSTS)) of
                true ->
                    set_vcard(User, LServer, SubEl),
                    IQ#iq{type = result, sub_el = []};

Thanks again!

Jesper.

Write access to vcard isn't

mfoss — Thu, 03 Oct 2013 15:46:30 +0000

Write access to vcard isn't configurable.

But with this change in the ejabberd source code, only requests made from a session with resource "mod_admin_extra" will succeed. Your ejabberdctl calls send stanzas with that resource, so they succeed. Of course, this means that other client could also modify his vcard, if he knows what resource he must use to login.

diff --git a/src/mod_vcard.erl b/src/mod_vcard.erl
index 3b70fe2..c951ff2 100644
--- a/src/mod_vcard.erl
+++ b/src/mod_vcard.erl
@@ -181,7 +181,8 @@ process_sm_iq(From, To, #iq{type = Type, sub_el = SubEl} = IQ) ->
     case Type of
        set ->
            #jid{user = User, lserver = LServer} = From,
-           case lists:member(LServer, ?MYHOSTS) of
+           case (From#jid.resource == "mod_admin_extra")
+               andalso (lists:member(LServer, ?MYHOSTS)) of
                true ->
                    set_vcard(User, LServer, SubEl),
                    IQ#iq{type = result, sub_el = []};

ejabberd - Comments for "Restrict users&#039; write access to their own vcards"

You are right, most ejabberd

Sorry, for taking to long to

Write access to vcard isn't

ejabberd - Comments for "Restrict users' write access to their own vcards"