From 2cf49c8f3765ef4e1cfc4824d9f7e25238b2172f Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Sat, 12 May 2012 00:33:04 +0100 Subject: stanza_router: Remove FIXME comment and close stream with not-authorized for s2s stanzas from unauthed domains --- core/stanza_router.lua | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/core/stanza_router.lua b/core/stanza_router.lua index cea38166..4c241c27 100644 --- a/core/stanza_router.lua +++ b/core/stanza_router.lua @@ -109,7 +109,8 @@ function core_process_stanza(origin, stanza) local host_status = origin.hosts[from_host]; if not host_status or not host_status.authed then -- remote server trying to impersonate some other server? log("warn", "Received a stanza claiming to be from %s, over a stream authed for %s!", from_host, origin.from_host); - return; -- FIXME what should we do here? does this work with subdomains? + origin:close("not-authorized"); + return; elseif not hosts[to_host] then log("warn", "Remote server %s sent us a stanza for %s, closing stream", origin.from_host, to_host); origin:close("host-unknown"); -- cgit v1.2.3