A small change suggested
Biswatosh
biswatosh2001 at yahoo.com
Tue Apr 25 06:46:32 EDT 2006
Hi
May I propose a small change in the file server.c,
in the function sasl_checkapop()?
See below:
******************************************************
/* Do APOP verification */
result = _sasl_auxprop_verify_apop(******);
+ if (result == SASL_OK) {
+ result = do_authorization((sasl_server_conn_t
*) conn);
+ }
+
/* If verification failed, we don't want to
encourage getprop to work */
if(result != SASL_OK) {
conn->oparams.user = NULL;
******************************************************
The reason being:
The API is designed to permit an authorization
callback as part of any authentication operation. The
idea is that various authorization checks can all be
put in one place and guaranteed to be called every
time authentication occurs. So we put various access
control tests in the authorization callback.
We however notice the missing authorization callback
in sasl_checkapop(), While, a customer just ran into
the problem so we need to fix it.
Thanks
Biswatosh
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
More information about the Cyrus-sasl
mailing list