25
1
mirror of https://github.com/processone/ejabberd.git synced 2024-12-20 17:27:00 +01:00

Check account auth provided in WebAdmin is a local host (#3000)

This commit is contained in:
Badlop 2019-08-22 17:11:48 +02:00
parent 07ef1775cd
commit a51aa2bc44

View File

@ -265,6 +265,13 @@ get_auth_admin(Auth, HostHTTP, RPath, Method) ->
get_auth_account(HostOfRule, AccessRule, User, Server,
Pass) ->
case lists:member(Server, ejabberd_config:get_myhosts()) of
true -> get_auth_account2(HostOfRule, AccessRule, User, Server, Pass);
false -> {unauthorized, <<"inexistent-host">>}
end.
get_auth_account2(HostOfRule, AccessRule, User, Server,
Pass) ->
case ejabberd_auth:check_password(User, <<"">>, Server, Pass) of
true ->
case any_rules_allowed(HostOfRule, AccessRule,