From 089331caf0624c98aae990f51150027bf6c57a99 Mon Sep 17 00:00:00 2001
From: Pablo Polvorin <pablo.polvorin@process-one.net>
Date: Thu, 1 Dec 2011 12:55:20 -0300
Subject: [PATCH] Fix bug on s2s shaper when TLS is used

The shaper was not enabled if the remote server authenticates
using a certificate instead of dialback.
---
 src/ejabberd_s2s_in.erl | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/ejabberd_s2s_in.erl b/src/ejabberd_s2s_in.erl
index 7389f5958..367bce502 100644
--- a/src/ejabberd_s2s_in.erl
+++ b/src/ejabberd_s2s_in.erl
@@ -330,6 +330,11 @@ wait_for_feature_request({xmlstreamelement, El}, StateData) ->
 			      exmpp_server_sasl:success()),
 			    ?DEBUG("(~w) Accepted s2s authentication for ~s",
 				      [StateData#state.socket, AuthDomain]),
+			  %% acess rules are first checked against the globally defined ones, that have precedence over 
+			  %% domain-specific ones.. http://www.process-one.net/docs/ejabberd/guide_en.html#AccessRights
+			  %% since there is allways a shaper defined globally for s2s, it doesn't matter the actual
+			 %% local host, since the globall one will be used, even if this domain has a special rule
+			    change_shaper(StateData, "", exmpp_jid:make(AuthDomain)),
 			    {next_state, wait_for_stream,
 			     StateData#state{streamid = new_id(),
 					     authenticated = true,