[Date Prev][Date Next] [Chronological] [Thread] [Top]

SASL_SUCCESS_DATA should be set (ITS#2202)



Full_Name: Luke Howard
Version: HEAD
OS: Linux
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (165.228.130.11)


In servers/slapd/sasl.c, when calling sasl_server_new(), you should pass
SASL_SUCCESS_DATA as the second-last argument.

Why? Some SASL mechanisms appear to send a final response with the last token.
For example, Microsoft's GSS-SPNEGO mechanism appears not to do the SASL SSF
negotiation, and so the final SPNEGO "accept completed" token is returned in a
successful LDAP BindResponse PDU.