Mercurial > prosody-modules
changeset 3869:f2b29183ef08
mod_auth_ldap, mod_auth_ldap2: Ensure is_admin() checks of remote JIDs never return positive
author | Matthew Wild <mwild1@gmail.com> |
---|---|
date | Mon, 27 Jan 2020 16:37:23 +0000 (2020-01-27) |
parents | 09e7e880e056 |
children | 3261a82884bb |
files | mod_auth_ldap/mod_auth_ldap.lua mod_auth_ldap2/mod_auth_ldap2.lua |
diffstat | 2 files changed, 8 insertions(+), 2 deletions(-) [+] |
line wrap: on
line diff
--- a/mod_auth_ldap/mod_auth_ldap.lua Sun Jan 26 16:49:14 2020 +0100 +++ b/mod_auth_ldap/mod_auth_ldap.lua Mon Jan 27 16:37:23 2020 +0000 @@ -135,7 +135,10 @@ if ldap_admins then function provider.is_admin(jid) - local username = jid_split(jid); + local username, user_host = jid_split(jid); + if user_host ~= module.host then + return false; + end return ldap_do("search", 2, { base = ldap_base; scope = ldap_scope;
--- a/mod_auth_ldap2/mod_auth_ldap2.lua Sun Jan 26 16:49:14 2020 +0100 +++ b/mod_auth_ldap2/mod_auth_ldap2.lua Mon Jan 27 16:37:23 2020 +0000 @@ -59,6 +59,10 @@ end function provider.is_admin(jid) + local username, userhost = jsplit(jid); + if userhost ~= module.host then + return false; + end local admin_config = ldap.getparams().admin; if not admin_config then @@ -66,7 +70,6 @@ end local ld = ldap:getconnection(); - local username = jsplit(jid); local filter = ldap.filter.combine_and(admin_config.filter, admin_config.namefield .. '=' .. username); return ldap.singlematch {