Re: [Bluez-devel] Pin for an outgoing connection

[Marcel Holtmann <marcel@holtmann.org>]

Hi Valentine,

> > > I'm currently trying bluez-utils 3.7 (D-BUS interface is really sweet
> > > thing and a must for all so called desktop Linux components) but
> > > unfortunately I've came across the following problem: pin code I
> > > specify in hcid.conf via "passphrase" option is never used for
> > > outgoing connections. It's clear from the code in hcid/security.c but
> > > man pages are somewhat misleading at this point - they state pin code
> > > specified in hcid.conf will be used if I set security to "auto".
> > >
> > > Apparently, "if" condition at security.c:386 will never be true -
> > > pinlen is read from "pincodes" file in storage at line 364 but this
> > > file is never created or stored through all the bluez-utils code.
> > >
> > > The question is: is it intended behaviour or it's a bug and should be fixed?
> >
> > if the manual pages are misleading, then this is a bug. The pincodes
> > file is meant to be kinda secret. The code in the CVS will also use it
> > in case of security user, but it will still ask the passkey agent. From
> > a security perspective, any automatic pairing with a default PIN is a
> > security risk and by default we don't allow that anymore. The passkey in
> > the hcid.conf is only used for incoming connection btw.
>
> So, if I understood correctly, specifying pin in the hcid.conf only
> affects incoming connection (i.e., for user's point of view "my
> computer's pin" is stored there) and pin for outgoing connection ("my
> phone's pin" form user perspective) is always asked via D-BUS and
> there is no way to specify it in the config? So hcid manpage should be
> fixed. Is passkey-agent the only pin agent available now?

actually in the current default configuration, the PIN code will be
always requested via the passkey agent. It is the most secure way and in
case no passkey agent is running the authentication request will be
automatically rejected.

Besides the passkey-agent.c example (yes, it is an example only), you
can use bluetooth-applet from bluez-gnome if you are running the GNOME
desktop environment. Otherwise you have to write one by yourself, but
that is not hard at all. It is actually kinda simple.

Regards

Marcel



-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Bluez-devel mailing list
Bluez-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bluez-devel