A small change suggested
Alexey Melnikov
alexey.melnikov at isode.com
Wed Apr 26 12:53:06 EDT 2006
Biswatosh wrote:
>Hi
> May I propose a small change in the file server.c,
>in the function sasl_checkapop()?
>
>
I think your change is alright. I will discuss with Ken.
>See below:
>
>******************************************************
> /* Do APOP verification */
>result = _sasl_auxprop_verify_apop(******);
>
>+ if (result == SASL_OK) {
>+ result = do_authorization((sasl_server_conn_t
>*) conn);
>+ }
>+
> /* If verification failed, we don't want to
>encourage getprop to work */
> if(result != SASL_OK) {
> conn->oparams.user = NULL;
>
>
>
>
>******************************************************
>The reason being:
>The API is designed to permit an authorization
>callback as part of any authentication operation. The
>idea is that various authorization checks can all be
>put in one place and guaranteed to be called every
>time authentication occurs. So we put various access
>control tests in the authorization callback.
>We however notice the missing authorization callback
>in sasl_checkapop(), While, a customer just ran into
>the problem so we need to fix it.
>
>
More information about the Cyrus-sasl
mailing list