RFC6764 -- Implementation doesn't look right...



  • Code looks wrong... and results, too.

    Cal/CardDAV configuration doesn't work as advertised? Returns I/O Error -- Unable to resolve host "example.org" No address associated with hostname.

    INPUT: "myemail@example.org"
    PASSWORD: xxxxxx

    If I specify "myemail@mail.example.org"... I get "missing capabilities" or something like that... but, at this stage of the diagnostic game... it doesn't really matter.. because we haven't gotten the right hostname from the SRV record, yet.

    QUESTION: Look at the DNS configuration... Why is trying to resolve "example.org" instead of "mail.example.org"????? DNS "dig" works fine.

    [SUGGESTED LOGIC SHOULD ALSO INCLUDE THIS:

    1. Email addr Authentication... upon authentication faillure at PROPFIND...
    2. Username should be parsed and authenticated based on typical EMAIL address parse... [example: myemail@example.org = uid myemail... ]
      ... upon authentication failure...
    3. Accept email address but prompt for a different username and password instead ...
      [ example: user@example.org is really "user" OR LDAP translation occurs where "user" is A123 who has an email address alias].

    DNS Configuration SAMPLE

    $ttl 86400
    example.org. IN SOA ns1.example.org. dns.lan.local. (
    1465573510
    3600
    3600
    604800
    86400 )

    mail.example.org. IN A XXX.XXX.XXX.107
    ns1.example.org. IN A XXX.XXX.XXX.106
    ns2.example.org. IN A XXX.XXX.XXX.107
    support.example.org. IN A XXX.XXX.XXX.109
    example.org. IN NS ns1.example.org.
    example.org. IN NS ns2.example.org.
    example.org. IN MX 10 mail.example.org.
    _upd._tcp.example.org. IN SRV 10 10 443 mail.example.org.
    _caldav._tcp.example.org. IN SRV 0 10 8008 mail.example.org.
    _caldavs._tcp.example.org. IN SRV 0 1 8443 mail.example.org.
    _carddav._tcp.example.org. IN SRV 0 10 8008 mail.example.org.
    _carddavs._tcp.example.org. IN SRV 0 1 8443 mail.example.org.
    _caldav._tcp.example.org. IN TXT "path=/"
    _caldavs._tcp.example.org. IN TXT "path=/"
    _carddav._tcp.example.org. IN TXT "path=/"
    _carddavs._tcp.example.org. IN TXT "path=/"
    _submission._tcp.example.org. IN SRV 0 1 587 mail.example.org.
    _pandora._tcp.example.org. IN SRV 10 10 41122 pandora.example.org.
    smtp.example.org. IN CNAME mail.example.org.
    imap.example.org. IN CNAME mail.example.org.
    autodiscover.example.org. IN CNAME mail.example.org.
    _autodiscover._tcp.example.org. IN SRV 1 1 443 mail.example.org.
    example.org. IN TXT "v=spf1 a mx -all"
    example.org. IN SPF "v=spf1 a mx -all"
    _ldap._tcp.example.org. IN SRV 1 1 389 mail.example.org.
    pandora.example.org. IN A XXX.XXX.XXX.110
    info.example.org. IN A XXX.XXX.XXX.110

        /**
         * Finds the initial service URL from a given base URI (HTTP[S] or mailto URI, user name, password)
         * @param serverInfo    User-given service information (including base URI, i.e. HTTP[S] URL+user name+password or mailto URI and password)
         * @param serviceName   Service name ("carddav" or "caldav")
         * @return                              Initial service URL (HTTP/HTTPS), without user credentials
         * @throws URISyntaxException when the user-given URI is invalid
         * @throws MalformedURLException when the user-given URI is invalid
         */
        public URI getInitialContextURL(ServerInfo serverInfo, String serviceName) throws URISyntaxException, MalformedURLException {
                String  scheme = null,
                                domain;
                int             port = -1;
                String  path = "/";
    
                URI baseURI = serverInfo.getBaseURI();
                if ("mailto".equalsIgnoreCase(baseURI.getScheme())) {
                        // mailto URIs
                        String mailbox = serverInfo.getBaseURI().getSchemeSpecificPart();
    
                        // determine service FQDN
                        int pos = mailbox.lastIndexOf("@");
                        if (pos == -1)
                                throw new URISyntaxException(mailbox, "Missing @ sign");
    
                        scheme = "https";
                        domain = mailbox.substring(pos + 1);
                        if (domain.isEmpty())
                                throw new URISyntaxException(mailbox, "Missing domain name");
                } else {
                        // HTTP(S) URLs
                        scheme = baseURI.getScheme();
                        domain = baseURI.getHost();
                        port = baseURI.getPort();
                        path = baseURI.getPath();
                }
    
                // try to determine FQDN and port number using SRV records
                try {
    

    [NOTE: WTF? "...s._tcp."...??? lazy]

                        String name = "_" + serviceName + "s._tcp." + domain;
                        Log.d(TAG, "Looking up SRV records for " + name);
    
    
                        Record[] records = new Lookup(name, Type.SRV).run();
    

    [ DIG runs fine...

    ; <<>> DiG 9.9.5-3ubuntu0.2-Ubuntu <<>> _caldavs._tcp.example.org SRV
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11806
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 4

    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags:; udp: 4096
    ;; QUESTION SECTION:
    ;_caldavs._tcp.example.org. IN SRV

    ;; ANSWER SECTION:
    _caldavs._tcp.example.org. 86400 IN SRV 0 0 8443 mail.example.org.

    ;; AUTHORITY SECTION:
    example.org. 86400 IN NS ns2.example.org.
    example.org. 86400 IN NS ns1.example.org.

    ;; ADDITIONAL SECTION:
    mail.example.org. 86400 IN A XXX.XXX.XXX.107
    ns1.example.org. 86400 IN A XXX.XXX.XXX.106
    ns2.example.org. 86400 IN A XXX.XXX.XXX.107

    ;; Query time: 2 msec
    ;; SERVER: 127.0.1.1#53(127.0.1.1)
    ;; WHEN: Sun May 10 13:57:20 CDT 2015
    ;; MSG SIZE rcvd: 188

    ]

    [
    NOTE: Should get the SRV record hostname back = mail.example.org." for a host address lookup... "mail.example.org" is now XXX.XXX.XXX.107
    ]
    if (records != null && records.length >= 1) {
    SRVRecord srv = selectSRVRecord(records);

                                scheme = "https";
                                domain = srv.getTarget().toString(true);
                                port = srv.getPort();
    

    [NOTE: MORE LAZY...]
    Log.d(TAG, "Found " + serviceName + "s service for " + domain + " -> " + domain + ":" + port);

    [NOTE: WHO CARES? UNNECESSARY CHECK]
    if (port == 443) // no reason to explicitly give the default port
    port = -1;

                                // SRV record found, look for TXT record too (for initial context path)
                                records = new Lookup(name, Type.TXT).run();
                                if (records != null && records.length >= 1) {
                                        TXTRecord txt = (TXTRecord)records[0];
                                        for (Object o : txt.getStrings().toArray()) {
                                                String segment = (String)o;
                                                if (segment.startsWith("path=")) {
                                                        path = segment.substring(5);
                                                        Log.d(TAG, "Found initial context path for " + serviceName + " at " + domain + " -> " + path);
                                                        break;
                                                }
                                        }
                                }
                        }
                } catch (TextParseException e) {
                        throw new URISyntaxException(domain, "Invalid domain name");
                }
    
                return new URI(scheme, null, domain, port, path, null, null);
        }


  • UPDATE: Upgraded to the Latest 0.7.6 ... looks like it's getting the hostname OK. BUT THE CODE IS STILL LAZY.

    However... it's trying to authenticate using the email address as I suspected, too.

    As I suggested above, building the URI, and then upon authentication failure, username/password activity should be activated to finish PROPER account setup.

    [SUGGESTED LOGIC SHOULD ALSO INCLUDE THIS:

    1. Email addr Authentication... upon authentication faillure at PROPFIND...
    2. Username should be parsed and authenticated based on typical EMAIL address parse... [example: myemail@example.org = uid myemail... ]
      ... upon authentication failure...
    3. Accept email address but prompt for a different username and password instead ...
      [ example: user@example.org is really "user" OR LDAP translation occurs where "user" is A123 who has an email address alias].

  • developer

    Preliminary note: Thanks for your bug report. However, it's missing essential information. If you click on "Create issue", it shows you a link to Reporting issues. There you can see what is required for an issue report so that it will be useful, in this case:

    • a useful summary ("doesn't look right" is not a precise summary)
    • your DAVdroid version and source ("DAVdroid 0.5.10 from F-Droid"),
    • your Android version and device model ("Samsung Galaxy S2 running Android 4.4.2 (CyanogenMod 11-20140504-SNAPSHOT-M6-i9100)"),
    • a problem description, including instructions on how to reproduce the problem (we need to reproduce the problem before we can fix it!),
    • verbose logs including the network traffic.

    Code looks wrong... and results, too.

    Works for me, but let's have a look.

    QUESTION: Look at the DNS configuration... Why is trying to resolve "example.org" instead of "mail.example.org"????? DNS "dig" works fine.

    I guess the DNS resolution has failed this time, for whatever reasons. If no SRV record is found, DAVdroid continues with the A record (thus leaving the scope of RFC 6764, which is not applicable to services without SRV records).

    [NOTE: WTF? "...s._tcp."...??? lazy]

    Another suggestion to convert "caldav" to "_caldavs._tcp" and "carddav" to "_carddavs._tcp"? I don't get your point. Just telling me something is "lazy" isn't positive criticism.

    [NOTE: MORE LAZY...]

    Again, I can't understand what you mean.

    [NOTE: WHO CARES? UNNECESSARY CHECK]

    Again, I can't understand what you mean. My intention was to prevent creating URLs with a default port number like https://hostname:443, because this would be redundant. If URI does that automatically (haven't checked), this check is unnecessary, indeed.

    [SUGGESTED LOGIC SHOULD ALSO INCLUDE THIS:

    1. Email addr Authentication... upon authentication faillure at PROPFIND...

    I don't know what you mean. DAVdroid already authenticates the user with the given email address and password to the server. However, in the next posting, you say

    UPDATE: Upgraded to the Latest 0.7.6 ... looks like it's getting the hostname OK. BUT THE CODE >IS STILL LAZY.

    However... it's trying to authenticate using the email address as I suspected, too.

    so I guess this issue is not an issue anymore.

    1. Username should be parsed and authenticated based on typical EMAIL address parse... [example: myemail@example.org = uid myemail... ]

    This yet missing RFC-SHOULD behaviour is discussed in #465. Implementation suggestions and high-quality pull requests are welcome.

    1. Accept email address but prompt for a different username and password instead ...
      [ example: user@example.org is really "user" OR LDAP translation occurs where "user" is A123 who has an email address alias].

    High-quality pull requests are welcome.

    UPDATE: Upgraded to the Latest 0.7.6 ... looks like it's getting the hostname OK. BUT THE CODE IS STILL LAZY.

    Service and collection detection hasn't changed from 0.7.5 to 0.7.6. This supports the theory that your issue was caused by a temporary DNS problem.



  • Prior DAVDroid version was from December or February. I think the latter.

    Not a DNS issue. Since I host my own DNS and they are sync'ed within microseconds within my own network, ... DNS is NEVER an issue.

    RFCs are not lazy. So when someone tells me that it's written to the spec, it's implied that its written to the entire spec...

    When a system claims that it's RFC compliant (express or implied), I assume that it is. Then, it doesn't work. Then I pull the RFC to see if I did something wrong in my setup. Well, nope. So... let's look a the code now. Is it really written to RFC spec? Then I spend a few hours digging thru the code and comparing to the spec, I've lost most of my initiative to write anything new...

    When I write such things, I prefer to say that its a minimalistic, incomplete RFC hack. And, that RFC items X, Y, and Z are not implemented or in development.

    The purpose of email-address-only-auth-mechanism is generally for larger, multi-domain systems.

    Consider your main audience -- single domain... those who don't want to use Google. I spent 4-6 hours downloading the source, looking for the relevant code sections, comparing my configuration to the expected results from the code, updating the DAVDroid (on Android 4.2.2), and then figured out that the RFC wasn't really implemented as intended.

    Multiply 4-6 hours per user... doing the same thing. I could've had it done in 4-6 hours... but, now I'm too tired and too busy to mess with it. Got a busy week ahead. I had 4-6 hours to mess with it over the weekend and I just wasted that time hacking the hack.

    With 30 years of experience, myself, I know that's the quickest way to hack an end user.

    Food for thought.

    Thanks for the reply.


  • developer

    I remember now. We have "discussed" in #3 already in the same manner, namely in a personal and non-objective style, including authority through seniority.

    I'm with you that the implementation is only partly (BTW, I rarely know implementations that cover the spec to 100%, although it's the goal to achieve in most cases).

    However, I can't extract much help from your postings.

    Multiply 4-6 hours per user... doing the same thing. I could've had it done in 4-6 hours... but, now I'm too tired and too busy to mess with it. Got a busy week ahead. I had 4-6 hours to mess with it over the weekend and I just wasted that time hacking the hack.

    Why do you assume that I don't have other things to do in my life as to provide highest-quality open-source 100% RFC implementations for you? How much time do you think that I have for DAVdroid? Why do I have to defend myself for producing open-source software, instead of receiving helpful pull requests?

    Please:

    1. Just submit a pull-request that matches your own (and mine, which seem to be a very little subset of yours, just look at how crappy DAVdroid is implemented) quality standards, and/or
    2. provide issue reports in the requested form, i.e. with useful summary, steps to reproduce, results and expected results.

    Can we agree on that approach?



  • Some programmers just don't get it.

    Sorry I said anything at all.

    The more things change... the more the people never learn.

    Later.



  • Interested bystander here. I don't speak on behalf of the project or the author:

    This is one of the poorest bug reports I've seen. @rfc2822 so far seems very open and helpful to suggestions and concerns. You need to work on your communication skills and not blame the author here. Perhaps you had a real point somewhere, but it's completely drowned in all the bullshit.



  • I have a suggestion... Read #3.

    Guess what? It took a year of everyone ARGUING to get that fixed.

    Why?

    Open and helpful? Depends on whether you know what the real problem is... and when a problem shouldn't have existed in the first place.

    Hegelian Dialectic... create the problem... let people react and cause chaos... and then solve it. The creator of the problem gets some sort of kick out of it. As the fools eat out of the problem-creators hand because, really, he resents this project and the people who point out the laziness. (I've rewritten a lot of bad code written by half-ass programmers who don't give a hoot.)

    Have a good one. I'm out of here.


  • admin

    Thank you. I'm closing this since it seems to be a waste of time for everyone including the author.


Log in to reply
 

Looks like your connection to Bitfire App Forums was lost, please wait while we try to reconnect.