diff options
| author | Matthew Wild <mwild1@gmail.com> | 2023-03-25 19:38:41 +0000 |
|---|---|---|
| committer | Matthew Wild <mwild1@gmail.com> | 2023-03-25 19:38:41 +0000 |
| commit | 6b2d191b939099b598e7edaf972994c94a24ff0e (patch) | |
| tree | 5b79bd87f2885f301bde92d85928ee99ec9a8c02 /core | |
| parent | e53ef27a1c6e620cc79bb8a4ef0a12dbe9cd0eb7 (diff) | |
| download | prosody-6b2d191b939099b598e7edaf972994c94a24ff0e.tar.gz prosody-6b2d191b939099b598e7edaf972994c94a24ff0e.zip | |
moduleapi: may: Fail early if a local session has no role assigned
We expect every session to explicitly have a role assigned. Falling back to
any kind of "default" role (even the user's default role) in the absence of
an explicit role could open up the possibility of accidental privilege
escalation.
Diffstat (limited to 'core')
| -rw-r--r-- | core/moduleapi.lua | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/core/moduleapi.lua b/core/moduleapi.lua index aba052ab..18452e2b 100644 --- a/core/moduleapi.lua +++ b/core/moduleapi.lua @@ -653,11 +653,16 @@ function api:may(action, context) if type(session) ~= "table" then error("Unable to identify actor session from context"); end - if session.role and session.type == "c2s" and session.host == self.host then - local permit = session.role:may(action, context); + if session.type == "c2s" and session.host == self.host then + local role = session.role; + if not role then + self:log("warn", "Access denied: session %s has no role assigned"); + return false; + end + local permit = role:may(action, context); if not permit then self:log("debug", "Access denied: session %s (%s) may not %s (not permitted by role %s)", - session.id, session.full_jid, action, session.role.name + session.id, session.full_jid, action, role.name ); end return permit; |