diff options
| author | Badlop <badlop@process-one.net> | 2019-08-22 17:11:48 +0200 |
|---|---|---|
| committer | Badlop <badlop@process-one.net> | 2019-08-22 17:13:13 +0200 |
| commit | a51aa2bc44c9bf712c8513a0b2b8d625a646cb7e (patch) | |
| tree | 1462232f996d2aad65a628e0f4fa43f25db79df5 /src | |
| parent | Add another variant of transformation of offline_msg in mod_offline_mnesia (diff) | |
Check account auth provided in WebAdmin is a local host (#3000)
Diffstat (limited to 'src')
| -rw-r--r-- | src/ejabberd_web_admin.erl | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/src/ejabberd_web_admin.erl b/src/ejabberd_web_admin.erl index 9bd278889..7eb10cdc6 100644 --- a/src/ejabberd_web_admin.erl +++ b/src/ejabberd_web_admin.erl @@ -265,6 +265,13 @@ get_auth_admin(Auth, HostHTTP, RPath, Method) -> get_auth_account(HostOfRule, AccessRule, User, Server, Pass) -> + case lists:member(Server, ejabberd_config:get_myhosts()) of + true -> get_auth_account2(HostOfRule, AccessRule, User, Server, Pass); + false -> {unauthorized, <<"inexistent-host">>} + end. + +get_auth_account2(HostOfRule, AccessRule, User, Server, + Pass) -> case ejabberd_auth:check_password(User, <<"">>, Server, Pass) of true -> case any_rules_allowed(HostOfRule, AccessRule, |