Mercurial > prosody-modules

diff mod_auth_ldap/mod_auth_ldap.lua @ 3869:f2b29183ef08

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_auth_ldap, mod_auth_ldap2: Ensure is_admin() checks of remote JIDs never return positive
author Matthew Wild <mwild1@gmail.com>
date Mon, 27 Jan 2020 16:37:23 +0000
parents b50be75c8bef
children
line wrap: on
line diff
--- a/mod_auth_ldap/mod_auth_ldap.lua	Sun Jan 26 16:49:14 2020 +0100
+++ b/mod_auth_ldap/mod_auth_ldap.lua	Mon Jan 27 16:37:23 2020 +0000
@@ -135,7 +135,10 @@
 
 if ldap_admins then
 	function provider.is_admin(jid)
-		local username = jid_split(jid);
+		local username, user_host = jid_split(jid);
+		if user_host ~= module.host then
+			return false;
+		end
 		return ldap_do("search", 2, {
 			base = ldap_base;
 			scope = ldap_scope;