# HG changeset patch
# User Matthew Wild <mwild1@gmail.com>
# Date 1580143043 0
# Node ID f2b29183ef08a0682fe065628a5f84525299911f
# Parent  09e7e880e056dc3333a246425ea8ad9c44f4b5db
mod_auth_ldap, mod_auth_ldap2: Ensure is_admin() checks of remote JIDs never return positive

diff -r 09e7e880e056 -r f2b29183ef08 mod_auth_ldap/mod_auth_ldap.lua
--- a/mod_auth_ldap/mod_auth_ldap.lua	Sun Jan 26 16:49:14 2020 +0100
+++ b/mod_auth_ldap/mod_auth_ldap.lua	Mon Jan 27 16:37:23 2020 +0000
@@ -135,7 +135,10 @@
 
 if ldap_admins then
 	function provider.is_admin(jid)
-		local username = jid_split(jid);
+		local username, user_host = jid_split(jid);
+		if user_host ~= module.host then
+			return false;
+		end
 		return ldap_do("search", 2, {
 			base = ldap_base;
 			scope = ldap_scope;
diff -r 09e7e880e056 -r f2b29183ef08 mod_auth_ldap2/mod_auth_ldap2.lua
--- a/mod_auth_ldap2/mod_auth_ldap2.lua	Sun Jan 26 16:49:14 2020 +0100
+++ b/mod_auth_ldap2/mod_auth_ldap2.lua	Mon Jan 27 16:37:23 2020 +0000
@@ -59,6 +59,10 @@
 end
 
 function provider.is_admin(jid)
+    local username, userhost = jsplit(jid);
+    if userhost ~= module.host then
+        return false;
+    end
     local admin_config = ldap.getparams().admin;
 
     if not admin_config then
@@ -66,7 +70,6 @@
     end
 
     local ld       = ldap:getconnection();
-    local username = jsplit(jid);
     local filter   = ldap.filter.combine_and(admin_config.filter, admin_config.namefield .. '=' .. username);
 
     return ldap.singlematch {