A small change suggested

Alexey Melnikov alexey.melnikov at isode.com
Wed Apr 26 12:53:06 EDT 2006


Biswatosh wrote:

>Hi
>  May I propose a small change in the file server.c,
>in the function sasl_checkapop()?
>  
>
I think your change is alright. I will discuss with Ken.

>See below:
>
>******************************************************
> /* Do APOP verification */
>result = _sasl_auxprop_verify_apop(******);
>  
>+     if (result == SASL_OK) {
>+       result = do_authorization((sasl_server_conn_t
>*) conn);
>+     }
>+ 
>      /* If verification failed, we don't want to
>encourage getprop to work */
>      if(result != SASL_OK) {
>        conn->oparams.user = NULL;
>
>
>
>
>******************************************************
>The reason being:
>The API is designed to permit an authorization
>callback as part of any authentication operation.  The
>idea is that various authorization checks can all be
>put in one place and guaranteed to be called every
>time authentication occurs.  So we put various access
>control tests in the authorization callback.
>We however notice the missing authorization callback
>in sasl_checkapop(), While, a customer just ran into
>the problem so we need to fix it. 
>  
>



More information about the Cyrus-sasl mailing list