From f0c65ce0d7fd953471dd966cc0979ab09c439082 Mon Sep 17 00:00:00 2001
From: Waqas Hussain <waqas20@gmail.com>
Date: Mon, 10 Jan 2011 21:11:06 +0500
Subject: [PATCH] s2smanager: Don't bounce error replies for error and result
 stanzas.

---
 core/s2smanager.lua | 50 ++++++---------------------------------------
 1 file changed, 6 insertions(+), 44 deletions(-)

diff --git a/core/s2smanager.lua b/core/s2smanager.lua
index 7e6f8135..1d038433 100644
--- a/core/s2smanager.lua
+++ b/core/s2smanager.lua
@@ -27,7 +27,6 @@ local modulemanager = require "core.modulemanager";
 local st = require "stanza";
 local stanza = st.stanza;
 local nameprep = require "util.encodings".stringprep.nameprep;
-local cert_verify_identity = require "util.x509".verify_identity;
 
 local fire_event = prosody.events.fire_event;
 local uuid_gen = require "util.uuid".generate;
@@ -71,8 +70,7 @@ local function bounce_sendq(session, reason)
 		};
 		for i, data in ipairs(sendq) do
 			local reply = data[2];
-			local xmlns = reply.attr.xmlns;
-			if not(xmlns) and bouncy_stanzas[reply.name] then
+			if reply and not(reply.attr.xmlns) and bouncy_stanzas[reply.name] then
 				reply.attr.type = "error";
 				reply:tag("error", {type = "cancel"})
 					:tag("remote-server-not-found", {xmlns = "urn:ietf:params:xml:ns:xmpp-stanzas"}):up();
@@ -99,8 +97,8 @@ function send_to_host(from_host, to_host, data)
 			(host.log or log)("debug", "trying to send over unauthed s2sout to "..to_host);
 			
 			-- Queue stanza until we are able to send it
-			if host.sendq then t_insert(host.sendq, {tostring(data), st.reply(data)});
-			else host.sendq = { {tostring(data), st.reply(data)} }; end
+			if host.sendq then t_insert(host.sendq, {tostring(data), data.attr.type ~= "error" and data.attr.type ~= "result" and st.reply(data)});
+			else host.sendq = { {tostring(data), data.attr.type ~= "error" and data.attr.type ~= "result" and st.reply(data)} }; end
 			host.log("debug", "stanza [%s] queued ", data.name);
 		elseif host.type == "local" or host.type == "component" then
 			log("error", "Trying to send a stanza to ourselves??")
@@ -122,7 +120,7 @@ function send_to_host(from_host, to_host, data)
 		local host_session = new_outgoing(from_host, to_host);
 
 		-- Store in buffer
-		host_session.sendq = { {tostring(data), st.reply(data)} };
+		host_session.sendq = { {tostring(data), data.attr.type ~= "error" and data.attr.type ~= "result" and st.reply(data)} };
 		log("debug", "stanza [%s] queued until connection complete", tostring(data.name));
 		if (not host_session.connecting) and (not host_session.conn) then
 			log("warn", "Connection to %s failed already, destroying session...", to_host);
@@ -393,47 +391,16 @@ function session_open_stream(session, from, to)
 		from=from, to=to, version='1.0', ["xml:lang"]='en'}):top_tag());
 end
 
-local function check_cert_status(session)
-	local conn = session.conn:socket()
-	local cert
-	if conn.getpeercertificate then
-		cert = conn:getpeercertificate()
-	end
-
-	if cert then
-		local chain_valid, err = conn:getpeerchainvalid()
-		if not chain_valid then
-			session.cert_chain_status = "invalid";
-			(session.log or log)("debug", "certificate chain validation result: %s", err);
-		else
-			session.cert_chain_status = "valid";
-
-			local host = session.direction == "incoming" and session.from_host or session.to_host
-
-			-- We'll go ahead and verify the asserted identity if the
-			-- connecting server specified one.
-			if host then
-				if cert_verify_identity(host, "xmpp-server", cert) then
-					session.cert_identity_status = "valid"
-				else
-					session.cert_identity_status = "invalid"
-				end
-			end
-		end
-	end
-end
-
 function streamopened(session, attr)
 	local send = session.sends2s;
 	
 	-- TODO: #29: SASL/TLS on s2s streams
 	session.version = tonumber(attr.version) or 0;
 	
-	-- TODO: Rename session.secure to session.encrypted
 	if session.secure == false then
 		session.secure = true;
 	end
-
+	
 	if session.direction == "incoming" then
 		-- Send a reply stream header
 		session.to_host = attr.to and nameprep(attr.to);
@@ -458,9 +425,6 @@ function streamopened(session, attr)
 				return;
 			end
 		end
-
-		if session.secure and not session.cert_chain_status then check_cert_status(session); end
-
 		send("<?xml version='1.0'?>");
 		send(stanza("stream:stream", { xmlns='jabber:server', ["xmlns:db"]='jabber:server:dialback',
 				["xmlns:stream"]='http://etherx.jabber.org/streams', id=session.streamid, from=session.to_host, to=session.from_host, version=(session.version > 0 and "1.0" or nil) }):top_tag());
@@ -480,9 +444,7 @@ function streamopened(session, attr)
 		-- If we are just using the connection for verifying dialback keys, we won't try and auth it
 		if not attr.id then error("stream response did not give us a streamid!!!"); end
 		session.streamid = attr.id;
-
-		if session.secure and not session.cert_chain_status then check_cert_status(session); end
-
+	
 		-- Send unauthed buffer
 		-- (stanzas which are fine to send before dialback)
 		-- Note that this is *not* the stanza queue (which
-- 
2.30.2