On Mon, 2004-07-12 at 18:49, Colin Walters wrote:
Is there a more elegant way to do it? The buffer API doesn't have a way to reserve bytes, and I was worried about alignment issues with the cast-to-uint32_t approach.
buffer_get_space_unsafe() and buffer_append_space_unsafe() maybe? Or I'd do it by first converting the integer to network byte order, then buffer_append(buf, &num, sizeof(num)). There's macros for that in lib/byteorder.h.
I was mostly thinking about things which don't exist yet. Such as there's already Postfix patch to authenticate from dovecot-auth, would it make sense to add integrity proxy to it?
Ah...maybe. Postfix already has its own SASL implementation, so the Postfix patch could be extended to be able to receive an exported GSS context and do its own integrity/confidentiality protection in the smtpd process. I guess it would be possible to have dovecot-auth do the integrity protection proxying itself in the same way imap-login does now, but given that Postfix has its own SASL it probably makes more sense to give control back to that.
Postfix uses Cyrus SASL library to do all the SASL stuff (well, except parsing the SMTP commands of course). I replaced that completely with my patch (http://dovecot.org/patches/postfix/).
Anyway, Postfix didn't do integrity protection with Cyrus library either even though it supported it. Also I was thinking about modifying my patch some day to use only Postfix's internal functions since all it really needs is some simple UNIX socket talking. So I guess integrity proxy might as well be in login-common.