Check account auth provided in WebAdmin is a local host (#3000)

author Badlop <badlop@process-one.net>

Thu, 22 Aug 2019 15:11:48 +0000 (17:11 +0200)

committer Badlop <badlop@process-one.net>

Thu, 22 Aug 2019 15:13:13 +0000 (17:13 +0200)
author Badlop <badlop@process-one.net>
Thu, 22 Aug 2019 15:11:48 +0000 (17:11 +0200)
committer Badlop <badlop@process-one.net>
Thu, 22 Aug 2019 15:13:13 +0000 (17:13 +0200)
diff --git a/src/ejabberd_web_admin.erl b/src/ejabberd_web_admin.erl

index 9bd278889c734c94d283ca4c000c6c839d49f1e9..7eb10cdc63d1b85cdd167e2abc48ec53450372af 100644 (file)
--- a/src/ejabberd_web_admin.erl
+++ b/src/ejabberd_web_admin.erl
@@ -265,6 +265,13 @@ get_auth_admin(Auth, HostHTTP, RPath, Method) ->
  
  get_auth_account(HostOfRule, AccessRule, User, Server,
                  Pass) ->
+    case lists:member(Server, ejabberd_config:get_myhosts()) of
+       true -> get_auth_account2(HostOfRule, AccessRule, User, Server, Pass);
+       false -> {unauthorized, <<"inexistent-host">>}
+    end.
+
+get_auth_account2(HostOfRule, AccessRule, User, Server,
+                Pass) ->
      case ejabberd_auth:check_password(User, <<"">>, Server, Pass) of
        true ->
           case any_rules_allowed(HostOfRule, AccessRule,
author	Badlop <badlop@process-one.net>
	Thu, 22 Aug 2019 15:11:48 +0000 (17:11 +0200)
committer	Badlop <badlop@process-one.net>
	Thu, 22 Aug 2019 15:13:13 +0000 (17:13 +0200)