2006-10-23 11:27:19

by Valentine Sinitsyn

[permalink] [raw]
Subject: [Bluez-devel] Pin for an outgoing connection

Hi all,

I'm currently trying bluez-utils 3.7 (D-BUS interface is really sweet
thing and a must for all so called desktop Linux components) but
unfortunately I've came across the following problem: pin code I
specify in hcid.conf via "passphrase" option is never used for
outgoing connections. It's clear from the code in hcid/security.c but
man pages are somewhat misleading at this point - they state pin code
specified in hcid.conf will be used if I set security to "auto".

Apparently, "if" condition at security.c:386 will never be true -
pinlen is read from "pincodes" file in storage at line 364 but this
file is never created or stored through all the bluez-utils code.

The question is: is it intended behaviour or it's a bug and should be fixed?

Thanks in advance.

Regards,
Valentine

-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Bluez-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/bluez-devel


2006-10-29 10:01:51

by Valentine Sinitsyn

[permalink] [raw]
Subject: Re: [Bluez-devel] Pin for an outgoing connection

Hi Daniel,

> I will announce further procceding, of this development, in the end of this
> week. So far i didn't find time for this, Sorry. But i would appreciate any
> help in this development.
It's a weekend and I'm back from my trip ;-)
as far as I understand from the code, the task is to port
kbtobexclient, kobex and other apps & libs which are not compiling now
to the new D-BUS API? I can help with this development but I think
some coordination is needed so we wouldn't be porting the same code
twice.:) Besides, it would be useful to have a smal document
describing api changes from old libkdebluetooth to the new, DBUS-based
(like what's the difference between RFCOMM and RfcommSocket interface)

--
Regards,
Valentine Sinitsyn

-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Bluez-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/bluez-devel

2006-10-24 08:04:37

by Marcel Holtmann

[permalink] [raw]
Subject: Re: [Bluez-devel] Pin for an outgoing connection

Hi Daniel,

> i started porting the kdebluetooth framework to the new blueZ DBus API. All
> DBus methods are implemented in a new libkbluetooth. I dropped kbluetoothd
> and replaced (forked) it with kbluetooth. So far it only acts as passkey
> agent. Also the porting of the kcm_btpaired is nearly done...
> At the moment i am trying to get kiobluetooth working with the new
> libkbluetooth.
>
> The kdebluetooth branch for the blueZ DBus API can be found in the KDE SVN:
> http://websvn.kde.org/branches/work/kdebluetooth-dbus-integration/
>
> I will announce further procceding, of this development, in the end of this
> week. So far i didn't find time for this, Sorry. But i would appreciate any
> help in this development.

that looks nice. The best approach would be to try to link the Bluetooth
library as less as possible. Every desktop application that only depends
on D-Bus and _not_ on libbluetooth is a good one :)

Regards

Marcel



-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Bluez-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/bluez-devel

2006-10-24 03:51:52

by Valentine Sinitsyn

[permalink] [raw]
Subject: Re: [Bluez-devel] Pin for an outgoing connection

Hi Daniel,

On 10/24/06, Daniel Gollub <[email protected]> wrote:
> On Monday 23 October 2006 16:02, Valentine Sinitsyn wrote:
> > Sure - I have some experience developing D-BUS applications. ;-) I
> > only guess that (as we already have passkey-agent for GNOME and I'm
> > running KDE) this should be done within the kdebluetooth framework so
> > I'd better ask kdebluetooth team if they need one (and not developing
> > it till now, which would be surprise for me).

> i started porting the kdebluetooth framework to the new blueZ DBus API. All
> DBus methods are implemented in a new libkbluetooth. I dropped kbluetoothd
> and replaced (forked) it with kbluetooth. So far it only acts as passkey
> agent. Also the porting of the kcm_btpaired is nearly done...
> At the moment i am trying to get kiobluetooth working with the new
> libkbluetooth.
>
> The kdebluetooth branch for the blueZ DBus API can be found in the KDE SVN:
> http://websvn.kde.org/branches/work/kdebluetooth-dbus-integration/
>
> I will announce further procceding, of this development, in the end of this
> week. So far i didn't find time for this, Sorry. But i would appreciate any
> help in this development.
Great - I'll check out the code and look how much has changed since
February - it was the last time I was looking at kdebluetooth tree. :)

I'll be out for the business trip till the end of the week. I'll try
to read the code in the train :) and be back right to your anouncement
-- we'll see if (and how) I can help you with this development.

--
Regards,
Valentine Sinitsyn

-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Bluez-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/bluez-devel

2006-10-23 20:50:13

by Daniel Gollub

[permalink] [raw]
Subject: Re: [Bluez-devel] Pin for an outgoing connection

On Monday 23 October 2006 16:02, Valentine Sinitsyn wrote:
> Sure - I have some experience developing D-BUS applications. ;-) I
> only guess that (as we already have passkey-agent for GNOME and I'm
> running KDE) this should be done within the kdebluetooth framework so
> I'd better ask kdebluetooth team if they need one (and not developing
> it till now, which would be surprise for me).

Hi Valentine,

i started porting the kdebluetooth framework to the new blueZ DBus API. All
DBus methods are implemented in a new libkbluetooth. I dropped kbluetoothd
and replaced (forked) it with kbluetooth. So far it only acts as passkey
agent. Also the porting of the kcm_btpaired is nearly done...
At the moment i am trying to get kiobluetooth working with the new
libkbluetooth.

The kdebluetooth branch for the blueZ DBus API can be found in the KDE SVN:
http://websvn.kde.org/branches/work/kdebluetooth-dbus-integration/

I will announce further procceding, of this development, in the end of this
week. So far i didn't find time for this, Sorry. But i would appreciate any
help in this development.

best regards,
Daniel

-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Bluez-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/bluez-devel

2006-10-23 16:06:46

by Marcel Holtmann

[permalink] [raw]
Subject: Re: [Bluez-devel] Pin for an outgoing connection

Hi Valentine,

> > Besides the passkey-agent.c example (yes, it is an example only), you
> > can use bluetooth-applet from bluez-gnome if you are running the GNOME
> > desktop environment. Otherwise you have to write one by yourself, but
> > that is not hard at all. It is actually kinda simple.
>
> Sure - I have some experience developing D-BUS applications. ;-) I
> only guess that (as we already have passkey-agent for GNOME and I'm
> running KDE) this should be done within the kdebluetooth framework so
> I'd better ask kdebluetooth team if they need one (and not developing
> it till now, which would be surprise for me).

they should be working on it, but since I am more a GNOME person, I
don't follow KDE that closely.

> Thank you very much for the explanation and please fix manpage for hid.conf ;-)

Feel free to send in a patch for the manpage.

Regards

Marcel



-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Bluez-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/bluez-devel

2006-10-23 14:02:27

by Valentine Sinitsyn

[permalink] [raw]
Subject: Re: [Bluez-devel] Pin for an outgoing connection

Hi Marcel,

> > So, if I understood correctly, specifying pin in the hcid.conf only
> > affects incoming connection (i.e., for user's point of view "my
> > computer's pin" is stored there) and pin for outgoing connection ("my
> > phone's pin" form user perspective) is always asked via D-BUS and
> > there is no way to specify it in the config? So hcid manpage should be
> > fixed. Is passkey-agent the only pin agent available now?
>
> actually in the current default configuration, the PIN code will be
> always requested via the passkey agent. It is the most secure way and in
> case no passkey agent is running the authentication request will be
> automatically rejected.
Yes, that's exactly what I'm observing.

> Besides the passkey-agent.c example (yes, it is an example only), you
> can use bluetooth-applet from bluez-gnome if you are running the GNOME
> desktop environment. Otherwise you have to write one by yourself, but
> that is not hard at all. It is actually kinda simple.
Sure - I have some experience developing D-BUS applications. ;-) I
only guess that (as we already have passkey-agent for GNOME and I'm
running KDE) this should be done within the kdebluetooth framework so
I'd better ask kdebluetooth team if they need one (and not developing
it till now, which would be surprise for me).

Thank you very much for the explanation and please fix manpage for hid.conf ;-)

--
Regards,
Valentine Sinitsyn

-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Bluez-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/bluez-devel

2006-10-23 15:44:39

by Marcel Holtmann

[permalink] [raw]
Subject: Re: [Bluez-devel] Pin for an outgoing connection

Hi Valentine,

> > > I'm currently trying bluez-utils 3.7 (D-BUS interface is really sweet
> > > thing and a must for all so called desktop Linux components) but
> > > unfortunately I've came across the following problem: pin code I
> > > specify in hcid.conf via "passphrase" option is never used for
> > > outgoing connections. It's clear from the code in hcid/security.c but
> > > man pages are somewhat misleading at this point - they state pin code
> > > specified in hcid.conf will be used if I set security to "auto".
> > >
> > > Apparently, "if" condition at security.c:386 will never be true -
> > > pinlen is read from "pincodes" file in storage at line 364 but this
> > > file is never created or stored through all the bluez-utils code.
> > >
> > > The question is: is it intended behaviour or it's a bug and should be fixed?
> >
> > if the manual pages are misleading, then this is a bug. The pincodes
> > file is meant to be kinda secret. The code in the CVS will also use it
> > in case of security user, but it will still ask the passkey agent. From
> > a security perspective, any automatic pairing with a default PIN is a
> > security risk and by default we don't allow that anymore. The passkey in
> > the hcid.conf is only used for incoming connection btw.
>
> So, if I understood correctly, specifying pin in the hcid.conf only
> affects incoming connection (i.e., for user's point of view "my
> computer's pin" is stored there) and pin for outgoing connection ("my
> phone's pin" form user perspective) is always asked via D-BUS and
> there is no way to specify it in the config? So hcid manpage should be
> fixed. Is passkey-agent the only pin agent available now?

actually in the current default configuration, the PIN code will be
always requested via the passkey agent. It is the most secure way and in
case no passkey agent is running the authentication request will be
automatically rejected.

Besides the passkey-agent.c example (yes, it is an example only), you
can use bluetooth-applet from bluez-gnome if you are running the GNOME
desktop environment. Otherwise you have to write one by yourself, but
that is not hard at all. It is actually kinda simple.

Regards

Marcel



-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Bluez-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/bluez-devel

2006-10-23 13:40:03

by Valentine Sinitsyn

[permalink] [raw]
Subject: Re: [Bluez-devel] Pin for an outgoing connection

Hi Marcel,

> > I'm currently trying bluez-utils 3.7 (D-BUS interface is really sweet
> > thing and a must for all so called desktop Linux components) but
> > unfortunately I've came across the following problem: pin code I
> > specify in hcid.conf via "passphrase" option is never used for
> > outgoing connections. It's clear from the code in hcid/security.c but
> > man pages are somewhat misleading at this point - they state pin code
> > specified in hcid.conf will be used if I set security to "auto".
> >
> > Apparently, "if" condition at security.c:386 will never be true -
> > pinlen is read from "pincodes" file in storage at line 364 but this
> > file is never created or stored through all the bluez-utils code.
> >
> > The question is: is it intended behaviour or it's a bug and should be fixed?
>
> if the manual pages are misleading, then this is a bug. The pincodes
> file is meant to be kinda secret. The code in the CVS will also use it
> in case of security user, but it will still ask the passkey agent. From
> a security perspective, any automatic pairing with a default PIN is a
> security risk and by default we don't allow that anymore. The passkey in
> the hcid.conf is only used for incoming connection btw.
So, if I understood correctly, specifying pin in the hcid.conf only
affects incoming connection (i.e., for user's point of view "my
computer's pin" is stored there) and pin for outgoing connection ("my
phone's pin" form user perspective) is always asked via D-BUS and
there is no way to specify it in the config? So hcid manpage should be
fixed. Is passkey-agent the only pin agent available now?

--
Regards,
Valentine Sinitsyn

-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Bluez-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/bluez-devel

2006-10-23 15:08:57

by Marcel Holtmann

[permalink] [raw]
Subject: Re: [Bluez-devel] Pin for an outgoing connection

Hi Valentine,

> I'm currently trying bluez-utils 3.7 (D-BUS interface is really sweet
> thing and a must for all so called desktop Linux components) but
> unfortunately I've came across the following problem: pin code I
> specify in hcid.conf via "passphrase" option is never used for
> outgoing connections. It's clear from the code in hcid/security.c but
> man pages are somewhat misleading at this point - they state pin code
> specified in hcid.conf will be used if I set security to "auto".
>
> Apparently, "if" condition at security.c:386 will never be true -
> pinlen is read from "pincodes" file in storage at line 364 but this
> file is never created or stored through all the bluez-utils code.
>
> The question is: is it intended behaviour or it's a bug and should be fixed?

if the manual pages are misleading, then this is a bug. The pincodes
file is meant to be kinda secret. The code in the CVS will also use it
in case of security user, but it will still ask the passkey agent. From
a security perspective, any automatic pairing with a default PIN is a
security risk and by default we don't allow that anymore. The passkey in
the hcid.conf is only used for incoming connection btw.

Regards

Marcel



-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Bluez-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/bluez-devel