prosody
972e31cc91e8
core/stanza_router.lua
Software / code / prosody
Comparison
core/stanza_router.lua @ 78:972e31cc91e8
Fized: Added check to ensure that resource binding is done after auth.
| author | Waqas Hussain <waqas20@gmail.com> |
|---|---|
| date | Wed, 08 Oct 2008 20:37:16 +0500 |
| parent | 73:937448005121 |
| child | 83:79608fc8f98d |
comparison
equal
deleted
inserted
replaced
| 77:531b981f2d17 | 78:972e31cc91e8 |
|---|---|
| 14 local jid_split = jid.split; | 14 local jid_split = jid.split; |
| 15 | 15 |
| 16 function core_process_stanza(origin, stanza) | 16 function core_process_stanza(origin, stanza) |
| 17 log("debug", "Received: "..tostring(stanza)) | 17 log("debug", "Received: "..tostring(stanza)) |
| 18 -- TODO verify validity of stanza (as well as JID validity) | 18 -- TODO verify validity of stanza (as well as JID validity) |
| 19 | |
| 20 if origin.type == "c2s" and not origin.full_jid | |
| 21 and not(stanza.name == "iq" and stanza.tags[1] and stanza.tags[1].name == "bind" | |
| 22 and stanza.tags[1].attr.xmlns == "urn:ietf:params:xml:ns:xmpp-bind") then | |
| 23 error("Client MUST bind resource after auth"); | |
| 24 end | |
| 25 | |
| 19 | 26 |
| 20 local to = stanza.attr.to; | 27 local to = stanza.attr.to; |
| 21 stanza.attr.from = origin.full_jid -- quick fix to prevent impersonation | 28 stanza.attr.from = origin.full_jid -- quick fix to prevent impersonation |
| 22 | 29 |
| 23 if not to or (hosts[to] and hosts[to].type == "local") then | 30 if not to or (hosts[to] and hosts[to].type == "local") then |
