# HG changeset patch
# User Kim Alvefur <zash@zash.se>
# Date 1363092576 -3600
# Node ID 4584c3303bb42bd88725ea03df4e8c17e587f923
# Parent  a9dfa7232d8821e0930c8c038eaeda08c4fd19a5
mod_dwd: Initial commit.

diff -r a9dfa7232d88 -r 4584c3303bb4 mod_dwd/mod_dwd.lua
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mod_dwd/mod_dwd.lua	Tue Mar 12 13:49:36 2013 +0100
@@ -0,0 +1,41 @@
+local hosts = _G.hosts;
+local st = require "util.stanza";
+local s2s_make_authenticated = require "core.s2smanager".make_authenticated;
+local nameprep = require "util.encodings".stringprep.nameprep;
+local cert_verify_identity = require "util.x509".verify_identity;
+
+module:hook("stanza/jabber:server:dialback:result", function(event)
+	local origin, stanza = event.origin, event.stanza;
+
+	if origin.cert_chain_status == "valid" and origin.type == "s2sin_unauthed" or origin.type == "s2sin" then
+		local attr = stanza.attr;
+		local to, from = nameprep(attr.to), nameprep(attr.from);
+
+		local conn = origin.conn:socket()
+		local cert;
+		if conn.getpeercertificate then
+			cert = conn:getpeercertificate()
+		end
+
+		if cert and hosts[to] and cert_verify_identity(from, "xmpp-server", cert) then
+
+			-- COMPAT: ejabberd, gmail and perhaps others do not always set 'to' and 'from'
+			-- on streams. We fill in the session's to/from here instead.
+			if not origin.from_host then
+				origin.from_host = from;
+			end
+			if not origin.to_host then
+				origin.to_host = to;
+			end
+
+			module:log("info", "Accepting Dialback without Dialback for %s", from);
+			s2s_make_authenticated(origin, from);
+			origin.sends2s(
+				st.stanza("db:result", { from = attr.to, to = attr.from, id = attr.id, type = "valid" }));
+
+			return true;
+		end
+	end
+end, 100);
+
+