Mercurial > prosody-modules
comparison mod_auth_ldap/mod_auth_ldap.lua @ 3869:f2b29183ef08
mod_auth_ldap, mod_auth_ldap2: Ensure is_admin() checks of remote JIDs never return positive
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Mon, 27 Jan 2020 16:37:23 +0000 |
| parents | b50be75c8bef |
| children |
comparison
equal
deleted
inserted
replaced
| 3868:09e7e880e056 | 3869:f2b29183ef08 |
|---|---|
| 133 module:log("error", "Unsupported ldap_mode %s", tostring(ldap_mode)); | 133 module:log("error", "Unsupported ldap_mode %s", tostring(ldap_mode)); |
| 134 end | 134 end |
| 135 | 135 |
| 136 if ldap_admins then | 136 if ldap_admins then |
| 137 function provider.is_admin(jid) | 137 function provider.is_admin(jid) |
| 138 local username = jid_split(jid); | 138 local username, user_host = jid_split(jid); |
| 139 if user_host ~= module.host then | |
| 140 return false; | |
| 141 end | |
| 139 return ldap_do("search", 2, { | 142 return ldap_do("search", 2, { |
| 140 base = ldap_base; | 143 base = ldap_base; |
| 141 scope = ldap_scope; | 144 scope = ldap_scope; |
| 142 sizelimit = 1; | 145 sizelimit = 1; |
| 143 filter = ldap_admins:gsub("%$(%a+)", { | 146 filter = ldap_admins:gsub("%$(%a+)", { |