mod_auth_ldap, mod_auth_ldap2: Ensure is_admin() checks of remote JIDs never return positive
--- a/mod_auth_ldap/mod_auth_ldap.lua Sun Jan 26 16:49:14 2020 +0100
+++ b/mod_auth_ldap/mod_auth_ldap.lua Mon Jan 27 16:37:23 2020 +0000
@@ -135,7 +135,10 @@
if ldap_admins then
function provider.is_admin(jid)
- local username = jid_split(jid);
+ local username, user_host = jid_split(jid);
+ if user_host ~= module.host then
+ return false;
+ end
return ldap_do("search", 2, {
base = ldap_base;
scope = ldap_scope;
--- a/mod_auth_ldap2/mod_auth_ldap2.lua Sun Jan 26 16:49:14 2020 +0100
+++ b/mod_auth_ldap2/mod_auth_ldap2.lua Mon Jan 27 16:37:23 2020 +0000
@@ -59,6 +59,10 @@
end
function provider.is_admin(jid)
+ local username, userhost = jsplit(jid);
+ if userhost ~= module.host then
+ return false;
+ end
local admin_config = ldap.getparams().admin;
if not admin_config then
@@ -66,7 +70,6 @@
end
local ld = ldap:getconnection();
- local username = jsplit(jid);
local filter = ldap.filter.combine_and(admin_config.filter, admin_config.namefield .. '=' .. username);
return ldap.singlematch {