--- /tmp/jabberd-2.2.13/c2s/c2s.c 2011-02-23 08:24:34.000000000 -0800
+++ ./jabberd2/c2s/c2s.c 2011-02-24 16:25:21.000000000 -0800
@@ -29,6 +29,7 @@ static int _c2s_client_sx_callback(sx_t
nad_t nad;
char root[9];
bres_t bres, ires;
+ stream_redirect_t redirect;
switch(e) {
case event_WANT_READ:
@@ -178,6 +179,20 @@ static int _c2s_client_sx_callback(sx_t
return 0;
}
+ /* send a see-other-host error if we're configured to do so */
+ redirect = (stream_redirect_t) xhash_get(sess->c2s->stream_redirects, s->req_to);
+ if (redirect != NULL) {
+ log_debug(ZONE, "redirecting client's stream using see-other-host for domain: '%s'", s->req_to);
+ len = strlen(redirect->to_address) + strlen(redirect->to_port) + 1;
+ char *other_host = (char *) malloc(len+1);
+ snprintf(other_host, len+1, "%s:%s", redirect->to_address, redirect->to_port);
+ sx_error_extended(s, stream_err_SEE_OTHER_HOST, other_host);
+ free(other_host);
+ sx_close(s);
+
+ return 0;
+ }
+
/* setup the host */
sess->host = xhash_get(sess->c2s->hosts, s->req_to);
@@ -472,6 +487,35 @@ static int _c2s_client_sx_callback(sx_t
/* they sasl auth'd, so we only want the new-style session start */
else {
+ /* Apple SACL check */
+#ifdef APPLE_ENABLE_OD_AUTH
+ int iResult = 0;
+ if (NULL != sess->c2s->ar_authorization_sacl_name) {
+ jid_t jid;
+ jid = jid_new(sess->s->auth_id, -1);
+ if (NULL == jid) {
+ log_debug(ZONE, "jid_new returned NULL for userid %s", sess->s->auth_id);
+ sx_error(s, stream_err_INTERNAL_SERVER_ERROR, "failure during authorization");
+ sx_close(s);
+ jid_free(jid);
+ iResult = -1;
+ goto authz_done;
+ }
+ int iErr = od_auth_check_service_membership(jid->node, sess->c2s->ar_authorization_sacl_name);
+ log_debug(ZONE, "_ar_od_check_password(): od_auth_check_service_membership returned %d for %s", iErr, jid->node);
+ if (iErr != 1) {
+ sx_error(s, stream_err_NOT_AUTHORIZED, "Authorization failed");
+ sx_close(s);
+ jid_free(jid);
+ iResult = -1;
+ goto authz_done;
+ }
+ jid_free(jid);
+ }
+authz_done:
+ if (0 != iResult)
+ break;
+#endif
log_write(sess->c2s->log, LOG_NOTICE, "[%d] SASL authentication succeeded: mechanism=%s; authzid=%s%s%s", sess->s->tag, &sess->s->auth_method[5], sess->s->auth_id, sess->s->ssf ? ", TLS negotiated" : "", sess->s->compressed ? ", ZLIB compression enabled" : "");
sess->sasl_authd = 1;
}
@@ -480,6 +524,7 @@ static int _c2s_client_sx_callback(sx_t
case event_CLOSED:
mio_close(sess->c2s->mio, sess->fd);
+ sess->fd = NULL;
return -1;
}
@@ -595,6 +640,7 @@ static int _c2s_client_mio_callback(mio_
/* give IP to SX */
sess->s->ip = sess->ip;
+ sess->s->port = sess->port;
/* find out which port this is */
getsockname(fd->fd, (struct sockaddr *) &sa, &namelen);
@@ -798,7 +844,7 @@ int c2s_router_sx_callback(sx_t s, sx_ev
if(ns >= 0) {
elem = nad_find_elem(nad, 0, ns, "starttls", 1);
if(elem >= 0) {
- if(sx_ssl_client_starttls(c2s->sx_ssl, s, c2s->router_pemfile) == 0) {
+ if(sx_ssl_client_starttls(c2s->sx_ssl, s, c2s->router_pemfile, c2s->router_private_key_password) == 0) {
nad_free(nad);
return 0;
}
@@ -1299,6 +1345,7 @@ int c2s_router_sx_callback(sx_t s, sx_ev
case event_CLOSED:
mio_close(c2s->mio, c2s->fd);
+ c2s->fd = NULL;
return -1;
}