help-gsasl
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: 'gsasl' command-line utility bad for automated testing

From: Jacek Konieczny
Subject: Re: 'gsasl' command-line utility bad for automated testing
Date: Tue, 7 Jun 2011 08:34:32 +0200
User-agent: Mutt/1.5.21 (2010-09-15) 
On Mon, Jun 06, 2011 at 09:54:47PM +0200, Simon Josefsson wrote:
> I can imagine that you would have these problems with it, the gsasl tool
> was designed and intended for interactive debug purposes.  How about
> adding a --batch parameter for automated situations like yours?

Sounds great. :-)

> Hm.  Maybe there should be a --channel-binding parameter to let the
> caller specify the CB data manually.  For debugging purposes.

That would be great.

> > - data sent to stdin is echoed back to stdout, with some control
> >   characters (line editing?). One has to filter that out to get the
> >   actual SASL response
> 
> Anything other than a \n (newline)?  Maybe a \r in there?  If so, that
> would be a bug.

It was some terminal escape sequence.

> > - stdout is also used for some diagnostic messages ("Mechanism
> >   requestes...") which also need to be filtered out. Those should rather
> >   be sent to stderr.
> 
> I agree, fixed on master.

:-)

> >>  -d, --application-data        After authentication, read data from stdin 
> >> and 
> >>                                  run it through the mechanism's security 
> >> layer 
> >>                                  and print it base64 encoded to stdout. 
> >> The 
> >>                                  default is to terminate after 
> >> authentication. 
> >>                                   (default=on)
> 
> You can specify -d to toggle it off.

I think I have tried that and it didn't work. Though I am not sure at
the moment.

> > I hope the utility can be improved to satisfy the automated use case.
> > Especially it seems it was thought for such purpose too.
> 
> Not really, but I can see how it would be useful.  Maybe we could work
> out how a --batch mode would work?  Something like this maybe:
> 
> SERVER-LIST: CRAM-MD5 SCRAM-SHA-1  <- gsasl writes
> CLIENT-START CRAM-MD5  <- your application writes
> SERVER-CHALLENGE: b64-data <- gsasl writes
> CLIENT-RESPONSE: b64-data <- your application
> ...
> SERVER-STATUS: OK/NO ("error-code")
> 
> It would never write anything else except label-prefixed data like
> SERVER-LIST, SERVER-CHALLENGE, SERVER-STATUS etc.  It would never query
> for anything else, all data has to come from command line parameters.

That would be exactly what I need.
 
> The gsasl command line tool is written in a fairly ugly code style

I have noticed that ;)

> compared to the rest,

It is quite normal for debug code. :)

Greets,
        Jacek
reply via email to
[Prev in Thread] Current Thread [Next in Thread]