mod_s2s, mod_auth_anonymous, hostmanager: Remove disallow_s2s flag, deprecate the config option of the same name (disable mod_s2s instead), and add 'allow_anonymous_s2s' to separately control s2s for anonymous users

2 files changed, 4 insertions, 3 deletions

diff --git a/plugins/mod_auth_anonymous.lua b/plugins/mod_auth_anonymous.lua
index 55398d8a..c080177d 100644
--- a/plugins/mod_auth_anonymous.lua
+++ b/plugins/mod_auth_anonymous.lua
@@ -51,7 +51,7 @@ local function dm_callback(username, host, datastore, data)
 	return username, host, datastore, data;
 end
 
-if module:get_option_boolean("disallow_s2s", true) then
+if not module:get_option_boolean("allow_anonymous_s2s", false) then
 	module:hook("route/remote", function (event)
 		return false; -- Block outgoing s2s from anonymous users
 	end, 300);
diff --git a/plugins/mod_s2s/mod_s2s.lua b/plugins/mod_s2s/mod_s2s.lua
index 61812a1e..e2a22738 100644
--- a/plugins/mod_s2s/mod_s2s.lua
+++ b/plugins/mod_s2s/mod_s2s.lua
@@ -125,6 +125,7 @@ end
 
 function module.add_host(module)
 	if module:get_option_boolean("disallow_s2s", false) then
+		module:log("warn", "The 'disallow_s2s' config option is deprecated, please see http://prosody.im/doc/s2s#disabling");
 		return nil, "This host has disallow_s2s set";
 	end
 	module:hook("route/remote", route_to_existing_session, 200);
@@ -226,11 +227,11 @@ function stream_callbacks.streamopened(session, attr)
 					text = "This host does not serve "..to
 				});
 				return;
-			elseif hosts[to].disallow_s2s then
+			elseif not hosts[to].modules.s2s then
 				-- Attempting to connect to a host that disallows s2s
 				session:close({
 					condition = "policy-violation";
-					text = "Server-to-server communication is not allowed to this host";
+					text = "Server-to-server communication is disabled for this host";
 				});
 				return;
 			end