Re: [openobex-users] OBEX authentication test and patch for obexpushd

[Daehyung Jo <dae...@sa...>]

Hi,

> 
> > >       // script is null unless -s option is used.
> > >       if (data->child && script!=NULL) {
> 
> That is likely not needed as 'script' is not used in that function. And
> data->child only exists if script was non-NULL.
> 

I think default value of 'data->child' is -1 even we don't use '-s' option because it is initialized in the function 'handle_client'
if I understood correctly.
And the value was not null actually when I run obexpushd using '-d -B -n -a' option.

> Can you resend the diff per PM using "diff -u"? Also disable the line breaks
> in your mail client or send the diff as attachment.
> Why don't you simply use "svn diff >N95_auth.diff"? You are obviously worked
> on the latest svn trunk revision.
>

I copy the diffs below using -u option. I can't attach a file for the external mailing lists :(
I also corrected the line break option.
If the format is not correct, please let me know. I'm not used to making a patch.


diff -u trunk_r136/src/ trunk/src/
Common subdirectories: trunk_r136/src/CMakeFiles and trunk/src/CMakeFiles
Common subdirectories: trunk_r136/src/io and trunk/src/io
Common subdirectories: trunk_r136/src/net and trunk/src/net
diff -u trunk_r136/src/obex_auth.c trunk/src/obex_auth.c
--- trunk_r136/src/obex_auth.c  2007-01-01 16:47:04.000000000 +0900
+++ trunk/src/obex_auth.c       2009-01-13 19:00:00.000000000 +0900
@@ -90,10 +90,15 @@
                               struct obex_auth_response* resp)
 {
        uint32_t i = 0;
-       for (; i < size; i += h.bs[i+1]) {
-               uint8_t htype = h.bs[i];
-               uint8_t hlen = h.bs[i+1];
-               const uint8_t* hdata = h.bs+i+2;
+       uint8_t htype;
+       uint8_t hlen;
+       const uint8_t* hdata;
+
+       // The length in TLV does not include the size of type and length itself. So we add two more bytes to iterator.
+       for (; i < size; i += h.bs[i+1]+2) {
+               htype = h.bs[i];
+               hlen = h.bs[i+1];
+               hdata = h.bs+i+2;

                switch (htype){
                case 0x00: /* digest */
diff -u trunk_r136/src/obexpushd.c trunk/src/obexpushd.c
--- trunk_r136/src/obexpushd.c  2008-09-17 21:43:34.000000000 +0900
+++ trunk/src/obexpushd.c       2009-01-13 19:28:58.000000000 +0900
@@ -155,6 +155,17 @@
        if (obex_auth_unpack_response(h,size,&resp) < 0)
                return 0;
        len = (int)get_pass_for_user(auth_file,resp.user,resp.ulen,pass,sizeof(pass));
+       // get_pass_for_user seems does not work well. I hard coded the password for the test purpose.
+       int i;
+       for (i=0; i<1024; i++){
+               if( pass[i]!=0 )
+                       printf("%d\t", pass[i]);
+       }
+       printf("i [%d]\n", i);
+       if (i==1024){
+               pass[0]='1'; pass[1]='2'; pass[2]='3'; pass[3]='4';
+               len=4;
+       }
        if (len < 0)
                return 0;
        return obex_auth_check_response(&resp,pass,(size_t)len);
@@ -333,6 +344,10 @@
                        data->net_data->auth_success = obex_auth_verify_response(handle,value,vsize);
                        break;

+               // target header often comes.
+               case OBEX_HDR_TARGET:
+                       break;
+
                default:
                        /* some unexpected header, may be a bug */
                        break;
@@ -364,7 +379,9 @@
        file_data_t* data = OBEX_GetUserData(handle);
        uint8_t code = OBEX_RSP_CONTINUE;
        switch (event) {
-       case OBEX_EV_REQHINT: /* A new request is coming in */
+       // Headers are only accessable by REQ event and the authentication procedure should be done using headers.
+       //case OBEX_EV_REQHINT: /* A new request is coming in */
+       case OBEX_EV_REQ: /* A new request is has come */
                if (!net_security_check(data->net_data))
                        code = net_security_init(data->net_data, obj);
                obex_send_response(handle, obj, code);
@@ -405,6 +422,16 @@
                          obex_events[event],
                          obex_command_string(obex_cmd));

+       // We shoud parse headers after REQ event for connect and send or receive authentication headers here.
+       if ( event==OBEX_EV_REQ ) {
+               if (obj && !obex_object_headers(handle,obj)) {
+                       (void)OBEX_ObjectSetRsp(obj,
+                                               OBEX_RSP_BAD_REQUEST,
+                                               OBEX_RSP_BAD_REQUEST);
+                       return;
+               }
+       }
+
        switch (obex_cmd) {
        case OBEX_CMD_CONNECT:
                obex_action_connect(handle,obj,event);
Common subdirectories: trunk_r136/src/storage and trunk/src/storage
Common subdirectories: trunk_r136/src/x-obex and trunk/src/x-obex


> I already made the "+2" changes in obex_auth.c (changing the scope of the
> three variables is not necessary).
> 

I changed the scope of three variables because it's inside a 'for' loop duplicating its declaration.
You may change as you wish.

> Thanks for investigating this.
> 
> HS
> 

Thanks and have a good day.

Best wishes,
Jo