Synchronization - device name with backslash

Help
Burkhard
2013-01-20
2013-05-05
  • Burkhard
    Burkhard
    2013-01-20

    I fail to synchronize. Basic connection (host & port) works, but I get an authorization error. A couple month back it worked fine with iPhone settings:
    device name = \   … with  being my Windows logon user
    Password = my Windows logon password
    Now I'm getting the authorization error showing in the desktop log:
        INFO: 401 Unauthorized: by client /192.168.1.2:49666: Authentication failed.
        (requested URI: /list?version=3&device=%5C)
    I see that the backslash got replaced with %5C and that seems to be the problem. Is there a basic (java) setting that I have to do so that the backslash comes over as backslash?
    I tried without success:
    device name =
    device name =
    device name = /
    … with my Windows password and without password.
    I got Windows 7; latest Karatasi versions; java.runtime.version=1.6.0_38-b05, iPhone 4S
    Thanks for your help.

     
  • Christa Runge
    Christa Runge
    2013-01-31

    Hi bgremler,

    thank you for reporting this issue. I have filed a bug report (3602885), we need to investigate it.
    We will keep you up-to-date on this.

    Regards,

    Christa

     
  • Christa Runge
    Christa Runge
    2013-05-05

    Started analysis.
    A) on the client (iPhone)
    1) we construct a http request to the [host] at [port]
    2) the request method is 'GET'
    3) the URI is 'list'
    4) parameters are:
    a) the current supported database version (currently: 3)
    b) the [device name], URI-encoded (this encoding converts '\' to '%5C').
    5) the http header field 'Authorization' is constructed as follows:
    a) we concatenate the [device name] with the [password], separated with a colon ':'.
    b) we encode the resulting string (UTF8)
    c) we encode the resulting bytes again (Base64)
    d) we prepend the resulting string with 'Basic '.
    e) the resulting string is used as http authorization field.

    B) on the server (Java)
    1) we register the server to the [sync server network port]
    2) we check the authorization as follows:
    a) we extract the string from the http authorization field
    b) we verify that it starts with 'Basic ' and extract the remaining substring
    c) we decode it (Base64)
    d) we construct a Java string from UTF8-encoded bytes
    e) we split the string along the colon ':'
    f) we lookup a matching [authorized device: name] for the first part
    g) we compare the [authorized device: password] with the second part
    3) we dispatch to the GET method of the 'list' URI and construct the http response
    Note: in the 'list' URI the parameters (database version and device name) are currently not used.