Mercurial > prosody-modules
comparison mod_auth_ldap2/mod_auth_ldap2.lua @ 3869:f2b29183ef08
mod_auth_ldap, mod_auth_ldap2: Ensure is_admin() checks of remote JIDs never return positive
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Mon, 27 Jan 2020 16:37:23 +0000 |
| parents | 490cb9161c81 |
| children |
comparison
equal
deleted
inserted
replaced
| 3868:09e7e880e056 | 3869:f2b29183ef08 |
|---|---|
| 57 }; | 57 }; |
| 58 return new_sasl(module.host, testpass_authentication_profile); | 58 return new_sasl(module.host, testpass_authentication_profile); |
| 59 end | 59 end |
| 60 | 60 |
| 61 function provider.is_admin(jid) | 61 function provider.is_admin(jid) |
| 62 local username, userhost = jsplit(jid); | |
| 63 if userhost ~= module.host then | |
| 64 return false; | |
| 65 end | |
| 62 local admin_config = ldap.getparams().admin; | 66 local admin_config = ldap.getparams().admin; |
| 63 | 67 |
| 64 if not admin_config then | 68 if not admin_config then |
| 65 return; | 69 return; |
| 66 end | 70 end |
| 67 | 71 |
| 68 local ld = ldap:getconnection(); | 72 local ld = ldap:getconnection(); |
| 69 local username = jsplit(jid); | |
| 70 local filter = ldap.filter.combine_and(admin_config.filter, admin_config.namefield .. '=' .. username); | 73 local filter = ldap.filter.combine_and(admin_config.filter, admin_config.namefield .. '=' .. username); |
| 71 | 74 |
| 72 return ldap.singlematch { | 75 return ldap.singlematch { |
| 73 base = admin_config.basedn, | 76 base = admin_config.basedn, |
| 74 filter = filter, | 77 filter = filter, |