From 32e0a88edc5be45643755284ec88fe01d48eefc6 Mon Sep 17 00:00:00 2001
From: Pablo Polvorin <pablo.polvorin@process-one.net>
Date: Thu, 1 Dec 2011 12:55:20 -0300
Subject: [PATCH] Fix bug on s2s shaper when TLS is used

The shaper was not enabled if the remote server authenticates
using a certificate instead of dialback.
---
 src/ejabberd_s2s_in.erl | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/ejabberd_s2s_in.erl b/src/ejabberd_s2s_in.erl
index 848e58c95..590b560bd 100644
--- a/src/ejabberd_s2s_in.erl
+++ b/src/ejabberd_s2s_in.erl
@@ -356,6 +356,12 @@ wait_for_feature_request({xmlstreamelement, El}, StateData) ->
 					  [{"xmlns", ?NS_SASL}], []}),
 			    ?DEBUG("(~w) Accepted s2s authentication for ~s",
 				      [StateData#state.socket, AuthDomain]),
+
+			      	%% acess rules are first checked against the globally defined ones, that have precedence over
+				%% domain-specific ones.. http://www.process-one.net/docs/ejabberd/guide_en.html#AccessRights
+				%% since there is allways a shaper defined globally for s2s, it doesn't matter the actual
+				%% local host, since the globall one will be used, even if this domain has a special rule
+			    change_shaper(StateData, "", jlib:make_jid("", AuthDomain, "")),
 			    {next_state, wait_for_stream,
 			     StateData#state{streamid = new_id(),
 					     authenticated = true,