3 files changed, 12 insertions, 0 deletions

diff --git a/core/rostermanager.lua b/core/rostermanager.lua
index b31ca21b..5f06a308 100644
--- a/core/rostermanager.lua
+++ b/core/rostermanager.lua
@@ -24,3 +24,5 @@ function getroster(username, host)
 		}
 --	return datamanager.load(username, host, "roster") or {};
 end
+
+return _M;
\ No newline at end of file
diff --git a/core/sessionmanager.lua b/core/sessionmanager.lua
index a7a9ff10..4f8b1913 100644
--- a/core/sessionmanager.lua
+++ b/core/sessionmanager.lua
@@ -12,6 +12,7 @@ local modulemanager = require "core.modulemanager";
 local log = require "util.logger".init("sessionmanager");
 local error = error;
 local uuid_generate = require "util.uuid".uuid_generate;
+local rm_getroster = require "core.rostermanager".getroster
 
 local newproxy = newproxy;
 local getmetatable = getmetatable;
@@ -91,6 +92,8 @@ function bind_resource(session, resource)
 	session.full_jid = session.username .. '@' .. session.host .. '/' .. resource;
 	hosts[session.host].sessions[session.username].sessions[resource] = session;
 	
+	session.roster = rm_getroster(session.username, session.host);
+	
 	return true;
 end
 
diff --git a/core/stanza_router.lua b/core/stanza_router.lua
index e5603cae..02e0871f 100644
--- a/core/stanza_router.lua
+++ b/core/stanza_router.lua
@@ -16,6 +16,13 @@ local jid_split = jid.split;
 function core_process_stanza(origin, stanza)
 	log("debug", "Received: "..tostring(stanza))
 	-- TODO verify validity of stanza (as well as JID validity)
+
+	if origin.type == "c2s" and not origin.full_jid
+		and not(stanza.name == "iq" and stanza.tags[1] and stanza.tags[1].name == "bind"
+				and stanza.tags[1].attr.xmlns == "urn:ietf:params:xml:ns:xmpp-bind") then
+		error("Client MUST bind resource after auth");
+	end
+
 	
 	local to = stanza.attr.to;
 	stanza.attr.from = origin.full_jid -- quick fix to prevent impersonation