A small change suggested

Biswatosh biswatosh2001 at yahoo.com
Tue Apr 25 06:46:32 EDT 2006


Hi
  May I propose a small change in the file server.c,
in the function sasl_checkapop()?
See below:

******************************************************
 /* Do APOP verification */
result = _sasl_auxprop_verify_apop(******);
  
+     if (result == SASL_OK) {
+       result = do_authorization((sasl_server_conn_t
*) conn);
+     }
+ 
      /* If verification failed, we don't want to
encourage getprop to work */
      if(result != SASL_OK) {
        conn->oparams.user = NULL;




******************************************************
The reason being:
The API is designed to permit an authorization
callback as part of any authentication operation.  The
idea is that various authorization checks can all be
put in one place and guaranteed to be called every
time authentication occurs.  So we put various access
control tests in the authorization callback.
We however notice the missing authorization callback
in sasl_checkapop(), While, a customer just ran into
the problem so we need to fix it. 
 

Thanks
Biswatosh

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 


More information about the Cyrus-sasl mailing list