From e2772919dd1b2f0f0396f1f5437629ec81c0c4e8 Mon Sep 17 00:00:00 2001
From: Matthew Wild <mwild1@gmail.com>
Date: Fri, 16 Jul 2010 22:47:26 +0100
Subject: s2smanager: Handle disallow_s2s for incoming streams as well as
 outgoing

---
 core/s2smanager.lua | 20 ++++++++++++++++----
 1 file changed, 16 insertions(+), 4 deletions(-)

(limited to 'core')

diff --git a/core/s2smanager.lua b/core/s2smanager.lua
index f3cde4b7..e5fb699b 100644
--- a/core/s2smanager.lua
+++ b/core/s2smanager.lua
@@ -390,10 +390,22 @@ function streamopened(session, attr)
 	
 		session.streamid = uuid_gen();
 		(session.log or log)("debug", "incoming s2s received <stream:stream>");
-		if session.to_host and not hosts[session.to_host] then
-			-- Attempting to connect to a host we don't serve
-			session:close({ condition = "host-unknown"; text = "This host does not serve "..session.to_host });
-			return;
+		if session.to_host then
+			if not hosts[session.to_host] then
+				-- Attempting to connect to a host we don't serve
+				session:close({
+					condition = "host-unknown";
+					text = "This host does not serve "..session.to_host
+				});
+				return;
+			elseif hosts[session.to_host].disallow_s2s then
+				-- Attempting to connect to a host that disallows s2s
+				session:close({
+					condition = "policy-violation";
+					text = "Server-to-server communication is not allowed to this host";
+				});
+				return;
+			end
 		end
 		send("<?xml version='1.0'?>");
 		send(stanza("stream:stream", { xmlns='jabber:server', ["xmlns:db"]='jabber:server:dialback',
-- 
cgit v1.2.3