Verify http host in web admin only if authentication is missing host

This should allow access to web admin through ip address or just served
from domain not defined in ejabberd hosts

diff --git a/src/ejabberd_web_admin.erl b/src/ejabberd_web_admin.erl
index fc9ecc865c1d2e2404d6f6089c31f5c1f7eaf99b..9dc96eedda5d75c90e439be786028e1d5a594efc 100644 (file)
--- a/src/ejabberd_web_admin.erl
+++ b/src/ejabberd_web_admin.erl
@@ -189,36 +189,31 @@ process(RPath,
        #request{auth = Auth, lang = Lang, host = HostHTTP,
                 method = Method} =
            Request) ->
-    case ejabberd_router:is_my_host(HostHTTP) of
-       true ->
-           case get_auth_admin(Auth, HostHTTP, RPath, Method) of
-               {ok, {User, Server}} ->
-                   AJID = get_jid(Auth, HostHTTP, Method),
-                   process_admin(global,
-                                 Request#request{path = RPath,
-                                                 us = {User, Server}},
-                                 AJID);
-               {unauthorized, <<"no-auth-provided">>} ->
-                   {401,
-                    [{<<"WWW-Authenticate">>,
-                      <<"basic realm=\"ejabberd\"">>}],
-                    ejabberd_web:make_xhtml([?XCT(<<"h1">>,
-                                                  ?T("Unauthorized"))])};
-               {unauthorized, Error} ->
-                   {BadUser, _BadPass} = Auth,
-                   {IPT, _Port} = Request#request.ip,
-                   IPS = ejabberd_config:may_hide_data(misc:ip_to_list(IPT)),
-                   ?WARNING_MSG("Access of ~p from ~p failed with error: ~p",
-                                [BadUser, IPS, Error]),
-                   {401,
-                    [{<<"WWW-Authenticate">>,
-                      <<"basic realm=\"auth error, retry login "
-                        "to ejabberd\"">>}],
-                    ejabberd_web:make_xhtml([?XCT(<<"h1">>,
-                                                  ?T("Unauthorized"))])}
-           end;
-       false ->
-           ejabberd_web:error(not_found)
+    case get_auth_admin(Auth, HostHTTP, RPath, Method) of
+       {ok, {User, Server}} ->
+           AJID = get_jid(Auth, HostHTTP, Method),
+           process_admin(global,
+                         Request#request{path = RPath,
+                                         us = {User, Server}},
+                         AJID);
+       {unauthorized, <<"no-auth-provided">>} ->
+           {401,
+            [{<<"WWW-Authenticate">>,
+              <<"basic realm=\"ejabberd\"">>}],
+            ejabberd_web:make_xhtml([?XCT(<<"h1">>,
+                                          ?T("Unauthorized"))])};
+       {unauthorized, Error} ->
+           {BadUser, _BadPass} = Auth,
+           {IPT, _Port} = Request#request.ip,
+           IPS = ejabberd_config:may_hide_data(misc:ip_to_list(IPT)),
+           ?WARNING_MSG("Access of ~p from ~p failed with error: ~p",
+                        [BadUser, IPS, Error]),
+           {401,
+            [{<<"WWW-Authenticate">>,
+              <<"basic realm=\"auth error, retry login "
+                "to ejabberd\"">>}],
+            ejabberd_web:make_xhtml([?XCT(<<"h1">>,
+                                          ?T("Unauthorized"))])}
     end.
 
 get_auth_admin(Auth, HostHTTP, RPath, Method) ->
@@ -227,8 +222,13 @@ get_auth_admin(Auth, HostHTTP, RPath, Method) ->
          {HostOfRule, AccessRule} = get_acl_rule(RPath, Method),
            try jid:decode(SJID) of
                #jid{user = <<"">>, server = User} ->
-                   get_auth_account(HostOfRule, AccessRule, User, HostHTTP,
-                                    Pass);
+                   case ejabberd_router:is_my_host(HostHTTP) of
+                       true ->
+                           get_auth_account(HostOfRule, AccessRule, User, HostHTTP,
+                                            Pass);
+                       _ ->
+                           {unauthorized, <<"missing-server">>}
+                   end;
                #jid{user = User, server = Server} ->
                    get_auth_account(HostOfRule, AccessRule, User, Server,
                                     Pass)