From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!.POSTED!not-for-mail
From: =?UTF-8?Q?Elias_M=C3=A5rtenson?= <lokedhs@gmail.com>
Newsgroups: gmane.emacs.devel
Subject: Request for advice on GNUS internals. GSSAPI progress report
Date: Wed, 15 Feb 2017 12:37:30 +0800
Message-ID: <CADtN0W+syvfoGe+f2+9Xd=AHv75rMnv1WTq8KxV6MZRpR2-Fzg@mail.gmail.com>
NNTP-Posting-Host: blaine.gmane.org
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary=001a1143225015b9b805488a3de7
X-Trace: blaine.gmane.org 1487133461 13337 195.159.176.226 (15 Feb 2017 04:37:41 GMT)
X-Complaints-To: usenet@blaine.gmane.org
NNTP-Posting-Date: Wed, 15 Feb 2017 04:37:41 +0000 (UTC)
To: emacs-devel <emacs-devel@gnu.org>
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Wed Feb 15 05:37:36 2017
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane.org
Original-Received: from lists.gnu.org ([208.118.235.17])
	by blaine.gmane.org with esmtp (Exim 4.84_2)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1cdrLR-00034z-V9
	for ged-emacs-devel@m.gmane.org; Wed, 15 Feb 2017 05:37:34 +0100
Original-Received: from localhost ([::1]:38487 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1cdrLX-0004AU-RH
	for ged-emacs-devel@m.gmane.org; Tue, 14 Feb 2017 23:37:39 -0500
Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:56445)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <lokedhs@gmail.com>) id 1cdrLR-000497-G5
	for emacs-devel@gnu.org; Tue, 14 Feb 2017 23:37:34 -0500
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <lokedhs@gmail.com>) id 1cdrLQ-0007P4-Ah
	for emacs-devel@gnu.org; Tue, 14 Feb 2017 23:37:33 -0500
Original-Received: from mail-vk0-x236.google.com ([2607:f8b0:400c:c05::236]:33868)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <lokedhs@gmail.com>) id 1cdrLQ-0007Ov-47
	for emacs-devel@gnu.org; Tue, 14 Feb 2017 23:37:32 -0500
Original-Received: by mail-vk0-x236.google.com with SMTP id r136so92755216vke.1
	for <emacs-devel@gnu.org>; Tue, 14 Feb 2017 20:37:32 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
	h=mime-version:from:date:message-id:subject:to;
	bh=E6OKRVczQXAY92kpbJJgahaeBj6ySHikdjN39jv9V2k=;
	b=UBcbqtf9ja1aUxU2gHjg0qTk92+tZ0wXQfFyqsWj3xUuY7dmSA4TQqOeX+tpCdJ/ZS
	/dOJicO8oOfBj30lwbxe5sKHHgTwWpbA9BUprSlCL/zmvRiWVwgVWHglKDGUVH7+2DXv
	UkS/jzWuT+JBkEJDFWz8oOPhWz2jRz3VD/Ti1WVcXTEj7H2sQ3GmvHsakxO39gReHcpP
	sUTthgQnr7o/0Il4bSTKJIxItxPMVtDAR90kYu04Rfaec/m9gjV9XpIuYQrv0Qb2EeVM
	5U2aAmqTzdeB704UIJlIi+POuAxdIrqq9iw5Ch3V+NyQuxK0Y/N+JjjAMUwUUMSc67qe
	Upaw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:mime-version:from:date:message-id:subject:to;
	bh=E6OKRVczQXAY92kpbJJgahaeBj6ySHikdjN39jv9V2k=;
	b=AQLJ5yGRT1MWlstZIQxgt9K7wQS8zHjWj5C0xUIPdt1b+nvVWENWJ6Ai5yJgYhtfQA
	pZ0RegtZXEsk6gwBeCdEN6zndTqBoEt2qQhwn6hpXD82TalhfZ4clSPACNpdeqqYoSYr
	iTWYjJawk1ML0c6u2m2TDvjMnOfGjFIJO9YvplFnc5ITBBnAW+88Q7PmVO24Bj1eGto8
	aEkshkkHrp5nPflBKuBwg/4ORLyK10p16t5q+QMqgTOZX0NIYt9yBfQXEVsjdJz0UGGt
	7WR5n7buGo7+1B6Tx3EQZ1CsB8Iru9VlmLSvoEygUbZcm6lyTaEoZ5dTgdkRfi5lWaSd
	/y5g==
X-Gm-Message-State: AMke39maKJE3na+WC4hB23gQBpGSJfAzkrcjt/gsfKoGezw/tN2989fzRPbst2D9wHDSxC2mhSjbrHXciyAv5Q==
X-Received: by 10.31.170.15 with SMTP id t15mr14061226vke.6.1487133451070;
	Tue, 14 Feb 2017 20:37:31 -0800 (PST)
Original-Received: by 10.103.131.215 with HTTP; Tue, 14 Feb 2017 20:37:30 -0800 (PST)
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Received-From: 2607:f8b0:400c:c05::236
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/emacs-devel/>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=subscribe>
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Original-Sender: "Emacs-devel" <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Xref: news.gmane.org gmane.emacs.devel:212393
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/212393>

--001a1143225015b9b805488a3de7
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

I've now spent a few days figuring out how to do GSSAPI authentication with
IMAP, and I have now managed to complete a full handshake from GNUS with a
Microsoft Exchange server using GSSAPI.

Immediately after authentication is complete, the connection switches to
GSSAPI mode where each packet needs to pass through a call to =E2=80=98gss-=
unwrap=E2=80=99,
and the data sent to the server also needs to be split into packets which
are wrapped using a call to =E2=80=98gss-wrap=E2=80=99. The situation is fu=
rther
complicated by the fact that the server can limit the maximum packet size
during initial handshake.

I need some advice from someone who is well-versed in the internals of GNUS
to explain where I should add the code to handle this.

At first I was looking at create a new =E2=80=98nnimap-stream=E2=80=99 type=
 to represent
this, but the connection is already inside a TLS connection which already
uses =E2=80=98ssl=E2=80=99 or =E2=80=98starttls=E2=80=99 here. The GSSAPI a=
uthentication is independent of
the actual connection type, but it wraps all the IMAP commands that are
transmitted over it.

What approach should I take here?

Regards,
Elias

--001a1143225015b9b805488a3de7
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">I&#39;ve now spent a few days figuring out how to do GSSAP=
I authentication with IMAP, and I have now managed to complete a full hands=
hake from GNUS with a Microsoft Exchange server using GSSAPI.<div><br></div=
><div>Immediately after authentication is complete, the connection switches=
 to GSSAPI mode where each packet needs to pass through a call to =E2=80=98=
gss-unwrap=E2=80=99, and the data sent to the server also needs to be split=
 into packets which are wrapped using a call to =E2=80=98gss-wrap=E2=80=99.=
 The situation is further complicated by the fact that the server can limit=
 the maximum packet size during initial handshake.</div><div><br></div><div=
>I need some advice from someone who is well-versed in the internals of GNU=
S to explain where I should add the code to handle this.</div><div><br></di=
v><div>At first I was looking at create a new =E2=80=98nnimap-stream=E2=80=
=99 type to represent this, but the connection is already inside a TLS conn=
ection which already uses =E2=80=98ssl=E2=80=99 or =E2=80=98starttls=E2=80=
=99 here. The GSSAPI authentication is independent of the actual connection=
 type, but it wraps all the IMAP commands that are transmitted over it.</di=
v><div><br></div><div>What approach should I take here?</div><div><br></div=
><div>Regards,</div><div>Elias</div></div>

--001a1143225015b9b805488a3de7--