Mercurial > lxmppd-hg-xmllex / changeset

changeset

Fized: Added check to ensure that resource binding is done after auth.

Wed, 08 Oct 2008 20:37:16 +0500

author
Waqas Hussain <waqas20@gmail.com>
date
Wed, 08 Oct 2008 20:37:16 +0500
changeset 78
972e31cc91e8
parent 77
531b981f2d17
child 79
2766e23c4d7d

Fized: Added check to ensure that resource binding is done after auth.

core/stanza_router.lua file | annotate | diff | comparison | revisions 
--- a/core/stanza_router.lua	Wed Oct 08 19:30:35 2008 +0500
+++ b/core/stanza_router.lua	Wed Oct 08 20:37:16 2008 +0500
@@ -16,6 +16,13 @@
 function core_process_stanza(origin, stanza)
 	log("debug", "Received: "..tostring(stanza))
 	-- TODO verify validity of stanza (as well as JID validity)
+
+	if origin.type == "c2s" and not origin.full_jid
+		and not(stanza.name == "iq" and stanza.tags[1] and stanza.tags[1].name == "bind"
+				and stanza.tags[1].attr.xmlns == "urn:ietf:params:xml:ns:xmpp-bind") then
+		error("Client MUST bind resource after auth");
+	end
+
 	
 	local to = stanza.attr.to;
 	stanza.attr.from = origin.full_jid -- quick fix to prevent impersonation

Mercurial Repository: lxmppd-hg-xmllex

mercurial