On Mon, 2004-07-12 at 18:38 +0300, Timo Sirainen wrote:
On Mon, 2004-07-12 at 18:07, Colin Walters wrote:
Thanks, I took a quick look through and it looked good.
Cool, thanks. I'd like to have it actually working with mutt before it goes in, but if you don't see any architectural problems, that's encouraging.
I'm not sure when I'm actually going to put it in, it needs at least some small coding style changes. Consistency is good :) I'll warn you anyway before that so if you've done any changes they won't break then.
Ok :)
By the way I looked over the integrity proxy again, and I spotted the obvious stupid mistake in the length prefix marshalling :) Relative patch attached.
I can now confirm it works correctly with mutt.
Is there a more elegant way to do it? The buffer API doesn't have a way to reserve bytes, and I was worried about alignment issues with the cast-to-uint32_t approach.
I was mostly thinking about things which don't exist yet. Such as there's already Postfix patch to authenticate from dovecot-auth, would it make sense to add integrity proxy to it?
Ah...maybe. Postfix already has its own SASL implementation, so the Postfix patch could be extended to be able to receive an exported GSS context and do its own integrity/confidentiality protection in the smtpd process. I guess it would be possible to have dovecot-auth do the integrity protection proxying itself in the same way imap-login does now, but given that Postfix has its own SASL it probably makes more sense to give control back to that.