From 2afc5cdef025c308f74adf824e3fe033ae731587 Mon Sep 17 00:00:00 2001
From: Waqas Hussain <waqas20@gmail.com>
Date: Wed, 8 Oct 2008 20:37:16 +0500
Subject: Fized: Added check to ensure that resource binding is done after
 auth.

---
 core/stanza_router.lua | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/core/stanza_router.lua b/core/stanza_router.lua
index e5603cae..02e0871f 100644
--- a/core/stanza_router.lua
+++ b/core/stanza_router.lua
@@ -16,6 +16,13 @@ local jid_split = jid.split;
 function core_process_stanza(origin, stanza)
 	log("debug", "Received: "..tostring(stanza))
 	-- TODO verify validity of stanza (as well as JID validity)
+
+	if origin.type == "c2s" and not origin.full_jid
+		and not(stanza.name == "iq" and stanza.tags[1] and stanza.tags[1].name == "bind"
+				and stanza.tags[1].attr.xmlns == "urn:ietf:params:xml:ns:xmpp-bind") then
+		error("Client MUST bind resource after auth");
+	end
+
 	
 	local to = stanza.attr.to;
 	stanza.attr.from = origin.full_jid -- quick fix to prevent impersonation
-- 
cgit v1.2.3