Re: protocol: closing SASL upon Unbind

["Kurt D. Zeilenga" <Kurt@OpenLDAP.org>]

At 02:31 PM 12/6/2004, Hallvard B Furuseth wrote:
>Kurt D. Zeilenga writes:
>>At 01:59 PM 12/6/2004, Hallvard B Furuseth wrote:
>>>protocol-28 section 4.3 (Unbind Operation) says:
>>>
>>>> (...) close the LDAP session as follows:
>>>>
>>>>   - cease exchanges at the LDAP message layer,
>>>>   - close the SASL layer (if installed),
>>>
>>> No.  To do that, one simply closes the connection.  As I noted earlier,
>>> [SASL] does not define the operation of closing a SASL layer, it only
>>> defines replacing it with another layer.
>>
>> The SASL mechanism itself may provide a layer closure facility
>> and, if so, it should be used.
>
>If so, [SASL] should be modified to mention such a facility:

[SASL] leaves most of the details of layers to mechanisms,
and, in general, doesn't preclude layers from providing closure
facilities.  If the SASL base specification needs to mention
something here, then I suggest you raise a concern on the
SASL mailing list.

>The application shouldn't need to know that the particilar SASL layer it is
>using has such a facility; the SASL implementation itself should provide
>a "close the current layer" function.

Well, if by SASL implementation, you mean some library providing
some SASL services to a program, then likely, yes, that API
should likely include a close function.   That's a good topic
for those designing SASL APIs.  In Cyrus SASL, IIRC, the
function is named sasl_dispose().

Kurt