Biswatosh wrote:
Hi
May I propose a small change in the file server.c,
in the function sasl_checkapop()?
I think your change is alright. I will discuss with Ken.
See below:
******************************************************
/* Do APOP verification */
result = _sasl_auxprop_verify_apop(******);
+ if (result == SASL_OK) {
+ result = do_authorization((sasl_server_conn_t
*) conn);
+ }
+
/* If verification failed, we don't want to
encourage getprop to work */
if(result != SASL_OK) {
conn->oparams.user = NULL;
******************************************************
The reason being:
The API is designed to permit an authorization
callback as part of any authentication operation. The
idea is that various authorization checks can all be
put in one place and guaranteed to be called every
time authentication occurs. So we put various access
control tests in the authorization callback.
We however notice the missing authorization callback
in sasl_checkapop(), While, a customer just ran into
the problem so we need to fix it.