--- a/core/rostermanager.lua Wed Oct 08 17:20:11 2008 +0100
+++ b/core/rostermanager.lua Wed Oct 08 17:27:20 2008 +0100
@@ -24,3 +24,5 @@
}
-- return datamanager.load(username, host, "roster") or {};
end
+
+return _M;
\ No newline at end of file
--- a/core/sessionmanager.lua Wed Oct 08 17:20:11 2008 +0100
+++ b/core/sessionmanager.lua Wed Oct 08 17:27:20 2008 +0100
@@ -12,6 +12,7 @@
local log = require "util.logger".init("sessionmanager");
local error = error;
local uuid_generate = require "util.uuid".uuid_generate;
+local rm_getroster = require "core.rostermanager".getroster
local newproxy = newproxy;
local getmetatable = getmetatable;
@@ -91,6 +92,8 @@
session.full_jid = session.username .. '@' .. session.host .. '/' .. resource;
hosts[session.host].sessions[session.username].sessions[resource] = session;
+ session.roster = rm_getroster(session.username, session.host);
+
return true;
end
--- a/core/stanza_router.lua Wed Oct 08 17:20:11 2008 +0100
+++ b/core/stanza_router.lua Wed Oct 08 17:27:20 2008 +0100
@@ -16,6 +16,13 @@
function core_process_stanza(origin, stanza)
log("debug", "Received: "..tostring(stanza))
-- TODO verify validity of stanza (as well as JID validity)
+
+ if origin.type == "c2s" and not origin.full_jid
+ and not(stanza.name == "iq" and stanza.tags[1] and stanza.tags[1].name == "bind"
+ and stanza.tags[1].attr.xmlns == "urn:ietf:params:xml:ns:xmpp-bind") then
+ error("Client MUST bind resource after auth");
+ end
+
local to = stanza.attr.to;
stanza.attr.from = origin.full_jid -- quick fix to prevent impersonation
--- a/plugins/mod_roster.lua Wed Oct 08 17:20:11 2008 +0100
+++ b/plugins/mod_roster.lua Wed Oct 08 17:27:20 2008 +0100
@@ -5,14 +5,6 @@
add_iq_handler("c2s", "jabber:iq:roster",
function (session, stanza)
if stanza.attr.type == "get" then
- session.roster = session.roster or rostermanager.getroster(session.username, session.host);
- if session.roster == false then
- send(session, st.reply(stanza)
- :tag("error", { type = "wait" })
- :tag("internal-server-error", { xmlns = "urn:ietf:params:xml:ns:xmpp-stanzas"}));
- return true;
- else session.roster = session.roster or {};
- end
local roster = st.reply(stanza)
:query("jabber:iq:roster");
for jid in pairs(session.roster) do