1 /*
2 *
3 * BlueZ - Bluetooth protocol stack for Linux
4 *
5 * Copyright (C) 2000-2001 Qualcomm Incorporated
6 * Copyright (C) 2002-2003 Maxim Krasnyansky <maxk@qualcomm.com>
7 * Copyright (C) 2002-2010 Marcel Holtmann <marcel@holtmann.org>
8 *
9 *
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License as published by
12 * the Free Software Foundation; either version 2 of the License, or
13 * (at your option) any later version.
14 *
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
19 *
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
23 *
24 */
25
26 #ifdef HAVE_CONFIG_H
27 #include <config.h>
28 #endif
29
30 #include <stdio.h>
31 #include <errno.h>
32 #include <stdlib.h>
33 #include <time.h>
34 #include <unistd.h>
35 #include <sys/time.h>
36 #include <sys/param.h>
37 #include <sys/ioctl.h>
38 #include <sys/socket.h>
39
40 #include <bluetooth/bluetooth.h>
41 #include <bluetooth/hci.h>
42 #include <bluetooth/hci_lib.h>
43 #include <bluetooth/sdp.h>
44
45 #include <glib.h>
46
47 #include <dbus/dbus.h>
48
49 #include "hcid.h"
50 #include "log.h"
51 #include "textfile.h"
52
53 #include "adapter.h"
54 #include "device.h"
55 #include "dbus-hci.h"
56 #include "storage.h"
57 #include "manager.h"
58
59 typedef enum {
60 REQ_PENDING,
61 REQ_SENT
62 } req_status_t;
63
64 struct hci_req_data {
65 int dev_id;
66 int event;
67 req_status_t status;
68 bdaddr_t dba;
69 uint16_t ogf;
70 uint16_t ocf;
71 void *cparam;
72 int clen;
73 };
74
75 struct g_io_info {
76 GIOChannel *channel;
77 int watch_id;
78 int pin_length;
79 };
80
81 static struct g_io_info io_data[HCI_MAX_DEV];
82
83 static GSList *hci_req_queue = NULL;
84
hci_req_data_new(int dev_id,const bdaddr_t * dba,uint16_t ogf,uint16_t ocf,int event,const void * cparam,int clen)85 static struct hci_req_data *hci_req_data_new(int dev_id, const bdaddr_t *dba,
86 uint16_t ogf, uint16_t ocf, int event,
87 const void *cparam, int clen)
88 {
89 struct hci_req_data *data;
90
91 data = g_new0(struct hci_req_data, 1);
92
93 data->cparam = g_malloc(clen);
94 memcpy(data->cparam, cparam, clen);
95
96 bacpy(&data->dba, dba);
97
98 data->dev_id = dev_id;
99 data->status = REQ_PENDING;
100 data->ogf = ogf;
101 data->ocf = ocf;
102 data->event = event;
103 data->clen = clen;
104
105 return data;
106 }
107
hci_req_find_by_devid(const void * data,const void * user_data)108 static int hci_req_find_by_devid(const void *data, const void *user_data)
109 {
110 const struct hci_req_data *req = data;
111 const int *dev_id = user_data;
112
113 return (*dev_id - req->dev_id);
114 }
115
hci_req_queue_process(int dev_id)116 static void hci_req_queue_process(int dev_id)
117 {
118 int dd, ret_val;
119
120 /* send the next pending cmd */
121 dd = hci_open_dev(dev_id);
122 if (dd < 0) {
123 error("hci_open_dev(%d): %s (%d)", dev_id, strerror(errno),
124 errno);
125 return;
126 }
127
128 do {
129 struct hci_req_data *data;
130 GSList *l = g_slist_find_custom(hci_req_queue, &dev_id,
131 hci_req_find_by_devid);
132
133 if (!l)
134 break;
135
136 data = l->data;
137 data->status = REQ_SENT;
138
139 ret_val = hci_send_cmd(dd, data->ogf, data->ocf,
140 data->clen, data->cparam);
141 if (ret_val < 0) {
142 hci_req_queue = g_slist_remove(hci_req_queue, data);
143 g_free(data->cparam);
144 g_free(data);
145 }
146
147 } while (ret_val < 0);
148
149 hci_close_dev(dd);
150 }
151
hci_req_queue_append(struct hci_req_data * data)152 static void hci_req_queue_append(struct hci_req_data *data)
153 {
154 GSList *l;
155 struct hci_req_data *match;
156
157 hci_req_queue = g_slist_append(hci_req_queue, data);
158
159 l = g_slist_find_custom(hci_req_queue, &data->dev_id,
160 hci_req_find_by_devid);
161 match = l->data;
162
163 if (match->status == REQ_SENT)
164 return;
165
166 hci_req_queue_process(data->dev_id);
167 }
168
hci_req_queue_remove(int dev_id,bdaddr_t * dba)169 void hci_req_queue_remove(int dev_id, bdaddr_t *dba)
170 {
171 GSList *cur, *next;
172 struct hci_req_data *req;
173
174 for (cur = hci_req_queue; cur != NULL; cur = next) {
175 req = cur->data;
176 next = cur->next;
177 if ((req->dev_id != dev_id) || (bacmp(&req->dba, dba)))
178 continue;
179
180 hci_req_queue = g_slist_remove(hci_req_queue, req);
181 g_free(req->cparam);
182 g_free(req);
183 }
184 }
185
check_pending_hci_req(int dev_id,int event)186 static void check_pending_hci_req(int dev_id, int event)
187 {
188 struct hci_req_data *data;
189 GSList *l;
190
191 if (!hci_req_queue)
192 return;
193
194 /* find the first element(pending)*/
195 l = g_slist_find_custom(hci_req_queue, &dev_id, hci_req_find_by_devid);
196
197 if (!l)
198 return;
199
200 data = l->data;
201
202 /* skip if there is pending confirmation */
203 if (data->status == REQ_SENT) {
204 if (data->event != event)
205 return;
206
207 /* remove the confirmed cmd */
208 hci_req_queue = g_slist_remove(hci_req_queue, data);
209 g_free(data->cparam);
210 g_free(data);
211 }
212
213 hci_req_queue_process(dev_id);
214 }
215
get_handle(int dev,bdaddr_t * sba,bdaddr_t * dba,uint16_t * handle)216 static int get_handle(int dev, bdaddr_t *sba, bdaddr_t *dba, uint16_t *handle)
217 {
218 struct hci_conn_list_req *cl;
219 struct hci_conn_info *ci;
220 char addr[18];
221 int i;
222
223 cl = g_malloc0(10 * sizeof(*ci) + sizeof(*cl));
224
225 ba2str(sba, addr);
226 cl->dev_id = hci_devid(addr);
227 cl->conn_num = 10;
228 ci = cl->conn_info;
229
230 if (ioctl(dev, HCIGETCONNLIST, (void *) cl) < 0) {
231 g_free(cl);
232 return -EIO;
233 }
234
235 for (i = 0; i < cl->conn_num; i++, ci++) {
236 if (bacmp(&ci->bdaddr, dba) == 0) {
237 *handle = ci->handle;
238 g_free(cl);
239 return 0;
240 }
241 }
242
243 g_free(cl);
244
245 return -ENOENT;
246 }
247
get_bdaddr(int dev,bdaddr_t * sba,uint16_t handle,bdaddr_t * dba)248 static inline int get_bdaddr(int dev, bdaddr_t *sba, uint16_t handle, bdaddr_t *dba)
249 {
250 struct hci_conn_list_req *cl;
251 struct hci_conn_info *ci;
252 char addr[18];
253 int i;
254
255 cl = g_malloc0(10 * sizeof(*ci) + sizeof(*cl));
256
257 ba2str(sba, addr);
258 cl->dev_id = hci_devid(addr);
259 cl->conn_num = 10;
260 ci = cl->conn_info;
261
262 if (ioctl(dev, HCIGETCONNLIST, (void *) cl) < 0) {
263 g_free(cl);
264 return -EIO;
265 }
266
267 for (i = 0; i < cl->conn_num; i++, ci++)
268 if (ci->handle == handle) {
269 bacpy(dba, &ci->bdaddr);
270 g_free(cl);
271 return 0;
272 }
273
274 g_free(cl);
275
276 return -ENOENT;
277 }
278
update_lastseen(bdaddr_t * sba,bdaddr_t * dba)279 static inline void update_lastseen(bdaddr_t *sba, bdaddr_t *dba)
280 {
281 time_t t;
282 struct tm *tm;
283
284 t = time(NULL);
285 tm = gmtime(&t);
286
287 write_lastseen_info(sba, dba, tm);
288 }
289
update_lastused(bdaddr_t * sba,bdaddr_t * dba)290 static inline void update_lastused(bdaddr_t *sba, bdaddr_t *dba)
291 {
292 time_t t;
293 struct tm *tm;
294
295 t = time(NULL);
296 tm = gmtime(&t);
297
298 write_lastused_info(sba, dba, tm);
299 }
300
301 /* Link Key handling */
302
link_key_request(int dev,bdaddr_t * sba,bdaddr_t * dba)303 static void link_key_request(int dev, bdaddr_t *sba, bdaddr_t *dba)
304 {
305 struct btd_adapter *adapter;
306 struct btd_device *device;
307 struct hci_auth_info_req req;
308 unsigned char key[16];
309 char sa[18], da[18];
310 uint8_t type;
311 int err;
312
313 if (!get_adapter_and_device(sba, dba, &adapter, &device, FALSE))
314 device = NULL;
315
316 ba2str(sba, sa); ba2str(dba, da);
317 info("link_key_request (sba=%s, dba=%s)", sa, da);
318
319 memset(&req, 0, sizeof(req));
320 bacpy(&req.bdaddr, dba);
321
322 err = ioctl(dev, HCIGETAUTHINFO, (unsigned long) &req);
323 if (err < 0) {
324 if (errno != EINVAL)
325 DBG("HCIGETAUTHINFO failed %s (%d)",
326 strerror(errno), errno);
327 req.type = 0x00;
328 }
329
330 DBG("kernel auth requirements = 0x%02x", req.type);
331
332 if (main_opts.debug_keys && device && device_get_debug_key(device, key))
333 type = 0x03;
334 else if (read_link_key(sba, dba, key, &type) < 0 || type == 0x03) {
335 /* Link key not found */
336 hci_send_cmd(dev, OGF_LINK_CTL, OCF_LINK_KEY_NEG_REPLY, 6, dba);
337 return;
338 }
339
340 /* Link key found */
341
342 DBG("link key type = 0x%02x", type);
343
344 /* Don't use unauthenticated combination keys if MITM is
345 * required */
346 if (type == 0x04 && req.type != 0xff && (req.type & 0x01))
347 hci_send_cmd(dev, OGF_LINK_CTL, OCF_LINK_KEY_NEG_REPLY,
348 6, dba);
349 else {
350 link_key_reply_cp lr;
351
352 memcpy(lr.link_key, key, 16);
353 bacpy(&lr.bdaddr, dba);
354
355 hci_send_cmd(dev, OGF_LINK_CTL, OCF_LINK_KEY_REPLY,
356 LINK_KEY_REPLY_CP_SIZE, &lr);
357 }
358 }
359
link_key_notify(int dev,bdaddr_t * sba,void * ptr)360 static void link_key_notify(int dev, bdaddr_t *sba, void *ptr)
361 {
362 evt_link_key_notify *evt = ptr;
363 bdaddr_t *dba = &evt->bdaddr;
364 char sa[18], da[18];
365 int dev_id, err;
366 unsigned char old_key[16];
367 uint8_t old_key_type;
368
369 ba2str(sba, sa); ba2str(dba, da);
370 info("link_key_notify (sba=%s, dba=%s, type=%d)", sa, da,
371 evt->key_type);
372
373 err = read_link_key(sba, dba, old_key, &old_key_type);
374 if (err < 0)
375 old_key_type = 0xff;
376
377 dev_id = hci_devid(sa);
378 if (dev_id < 0)
379 err = -errno;
380 else {
381 err = hcid_dbus_link_key_notify(sba, dba, evt->link_key,
382 evt->key_type,
383 io_data[dev_id].pin_length,
384 old_key_type);
385 io_data[dev_id].pin_length = -1;
386 }
387
388 if (err < 0) {
389 uint16_t handle;
390
391 if (err == -ENODEV)
392 hcid_dbus_bonding_process_complete(sba, dba,
393 HCI_OE_LOW_RESOURCES);
394 else
395 hcid_dbus_bonding_process_complete(sba, dba,
396 HCI_MEMORY_FULL);
397
398 if (get_handle(dev, sba, dba, &handle) == 0) {
399 disconnect_cp cp;
400
401 memset(&cp, 0, sizeof(cp));
402 cp.handle = htobs(handle);
403 cp.reason = HCI_OE_LOW_RESOURCES;
404
405 hci_send_cmd(dev, OGF_LINK_CTL, OCF_DISCONNECT,
406 DISCONNECT_CP_SIZE, &cp);
407 }
408 }
409 }
410
return_link_keys(int dev,bdaddr_t * sba,void * ptr)411 static void return_link_keys(int dev, bdaddr_t *sba, void *ptr)
412 {
413 evt_return_link_keys *evt = ptr;
414 uint8_t num = evt->num_keys;
415 unsigned char key[16];
416 char sa[18], da[18];
417 bdaddr_t dba;
418 int i;
419
420 ba2str(sba, sa);
421 ptr++;
422
423 for (i = 0; i < num; i++) {
424 bacpy(&dba, ptr); ba2str(&dba, da);
425 memcpy(key, ptr + 6, 16);
426
427 info("return_link_keys (sba=%s, dba=%s)", sa, da);
428
429 hcid_dbus_returned_link_key(sba, &dba);
430
431 ptr += 22;
432 }
433 }
434
435 /* Simple Pairing handling */
436
user_confirm_request(int dev,bdaddr_t * sba,void * ptr)437 static void user_confirm_request(int dev, bdaddr_t *sba, void *ptr)
438 {
439 evt_user_confirm_request *req = ptr;
440
441 if (hcid_dbus_user_confirm(sba, &req->bdaddr,
442 btohl(req->passkey)) < 0)
443 hci_send_cmd(dev, OGF_LINK_CTL,
444 OCF_USER_CONFIRM_NEG_REPLY, 6, ptr);
445 }
446
user_passkey_request(int dev,bdaddr_t * sba,void * ptr)447 static void user_passkey_request(int dev, bdaddr_t *sba, void *ptr)
448 {
449 evt_user_passkey_request *req = ptr;
450
451 if (hcid_dbus_user_passkey(sba, &req->bdaddr) < 0)
452 hci_send_cmd(dev, OGF_LINK_CTL,
453 OCF_USER_PASSKEY_NEG_REPLY, 6, ptr);
454 }
455
user_passkey_notify(int dev,bdaddr_t * sba,void * ptr)456 static void user_passkey_notify(int dev, bdaddr_t *sba, void *ptr)
457 {
458 evt_user_passkey_notify *req = ptr;
459
460 hcid_dbus_user_notify(sba, &req->bdaddr, btohl(req->passkey));
461 }
462
remote_oob_data_request(int dev,bdaddr_t * sba,void * ptr)463 static void remote_oob_data_request(int dev, bdaddr_t *sba, void *ptr)
464 {
465 evt_remote_oob_data_request *req = ptr;
466
467 if (hcid_dbus_get_oob_data(sba, &req->bdaddr) < 0)
468 hci_send_cmd(dev, OGF_LINK_CTL, OCF_REMOTE_OOB_DATA_NEG_REPLY,
469 6, ptr);
470 }
471
io_capa_request(int dev,bdaddr_t * sba,bdaddr_t * dba)472 static void io_capa_request(int dev, bdaddr_t *sba, bdaddr_t *dba)
473 {
474 char sa[18], da[18];
475
476 ba2str(sba, sa);
477 ba2str(dba, da);
478 info("io_capa_request (sba=%s, dba=%s)", sa, da);
479
480 if (hcid_dbus_get_io_cap(sba, dba) < 0) {
481 io_capability_neg_reply_cp cp;
482 memset(&cp, 0, sizeof(cp));
483 bacpy(&cp.bdaddr, dba);
484 cp.reason = HCI_PAIRING_NOT_ALLOWED;
485 hci_send_cmd(dev, OGF_LINK_CTL, OCF_IO_CAPABILITY_NEG_REPLY,
486 IO_CAPABILITY_NEG_REPLY_CP_SIZE, &cp);
487 }
488 }
489
io_capa_response(int dev,bdaddr_t * sba,void * ptr)490 static void io_capa_response(int dev, bdaddr_t *sba, void *ptr)
491 {
492 evt_io_capability_response *evt = ptr;
493 char sa[18], da[18];
494
495 ba2str(sba, sa); ba2str(&evt->bdaddr, da);
496 info("io_capa_response (sba=%s, dba=%s)", sa, da);
497
498 hcid_dbus_set_io_cap(sba, &evt->bdaddr,
499 evt->capability, evt->authentication);
500 }
501
502 /* PIN code handling */
503
set_pin_length(bdaddr_t * sba,int length)504 void set_pin_length(bdaddr_t *sba, int length)
505 {
506 char addr[18];
507 int dev_id;
508
509 ba2str(sba, addr);
510 dev_id = hci_devid(addr);
511
512 if (dev_id >= 0)
513 io_data[dev_id].pin_length = length;
514 }
515
pin_code_request(int dev,bdaddr_t * sba,bdaddr_t * dba)516 static void pin_code_request(int dev, bdaddr_t *sba, bdaddr_t *dba)
517 {
518 pin_code_reply_cp pr;
519 struct hci_conn_info_req *cr;
520 struct hci_conn_info *ci;
521 char sa[18], da[18], pin[17];
522 int pinlen;
523
524 memset(&pr, 0, sizeof(pr));
525 bacpy(&pr.bdaddr, dba);
526
527 ba2str(sba, sa); ba2str(dba, da);
528 info("pin_code_request (sba=%s, dba=%s)", sa, da);
529
530 cr = g_malloc0(sizeof(*cr) + sizeof(*ci));
531
532 bacpy(&cr->bdaddr, dba);
533 cr->type = ACL_LINK;
534 if (ioctl(dev, HCIGETCONNINFO, (unsigned long) cr) < 0) {
535 error("Can't get conn info: %s (%d)", strerror(errno), errno);
536 goto reject;
537 }
538 ci = cr->conn_info;
539
540 memset(pin, 0, sizeof(pin));
541 pinlen = read_pin_code(sba, dba, pin);
542
543 if (pinlen > 0) {
544 set_pin_length(sba, pinlen);
545 memcpy(pr.pin_code, pin, pinlen);
546 pr.pin_len = pinlen;
547 hci_send_cmd(dev, OGF_LINK_CTL, OCF_PIN_CODE_REPLY,
548 PIN_CODE_REPLY_CP_SIZE, &pr);
549 } else {
550 /* Request PIN from passkey agent */
551 if (hcid_dbus_request_pin(dev, sba, ci) < 0)
552 goto reject;
553 }
554
555 g_free(cr);
556
557 return;
558
559 reject:
560 g_free(cr);
561
562 hci_send_cmd(dev, OGF_LINK_CTL, OCF_PIN_CODE_NEG_REPLY, 6, dba);
563 }
564
start_inquiry(bdaddr_t * local,uint8_t status,gboolean periodic)565 static void start_inquiry(bdaddr_t *local, uint8_t status, gboolean periodic)
566 {
567 struct btd_adapter *adapter;
568 int state;
569
570 /* Don't send the signal if the cmd failed */
571 if (status) {
572 error("Inquiry Failed with status 0x%02x", status);
573 return;
574 }
575
576 adapter = manager_find_adapter(local);
577 if (!adapter) {
578 error("Unable to find matching adapter");
579 return;
580 }
581
582 state = adapter_get_state(adapter);
583
584 /* Disable name resolution for non D-Bus clients */
585 if (!adapter_has_discov_sessions(adapter))
586 state &= ~RESOLVE_NAME;
587
588 if (periodic) {
589 state |= PERIODIC_INQUIRY;
590 adapter_set_state(adapter, state);
591 return;
592 }
593
594 state |= STD_INQUIRY;
595 adapter_set_state(adapter, state);
596
597 /*
598 * Cancel pending remote name request and clean the device list
599 * when inquiry is supported in periodic inquiry idle state.
600 */
601 if (adapter_get_state(adapter) & PERIODIC_INQUIRY) {
602 pending_remote_name_cancel(adapter);
603
604 clear_found_devices_list(adapter);
605 }
606 }
607
inquiry_complete(bdaddr_t * local,uint8_t status,gboolean periodic)608 static void inquiry_complete(bdaddr_t *local, uint8_t status, gboolean periodic)
609 {
610 struct btd_adapter *adapter;
611 int state;
612
613 /* Don't send the signal if the cmd failed */
614 if (status) {
615 error("Inquiry Failed with status 0x%02x", status);
616 return;
617 }
618
619 adapter = manager_find_adapter(local);
620 if (!adapter) {
621 error("Unable to find matching adapter");
622 return;
623 }
624
625 /*
626 * The following scenarios can happen:
627 * 1. standard inquiry: always send discovery completed signal
628 * 2. standard inquiry + name resolving: send discovery completed
629 * after name resolving
630 * 3. periodic inquiry: skip discovery completed signal
631 * 4. periodic inquiry + standard inquiry: always send discovery
632 * completed signal
633 *
634 * Keep in mind that non D-Bus requests can arrive.
635 */
636 if (periodic) {
637 state = adapter_get_state(adapter);
638 state &= ~PERIODIC_INQUIRY;
639 adapter_set_state(adapter, state);
640 return;
641 }
642
643 if (adapter_resolve_names(adapter) == 0)
644 return;
645
646 state = adapter_get_state(adapter);
647 /*
648 * workaround to identify situation when there is no devices around
649 * but periodic inquiry is active.
650 */
651 if (!(state & STD_INQUIRY) && !(state & PERIODIC_INQUIRY)) {
652 state |= PERIODIC_INQUIRY;
653 adapter_set_state(adapter, state);
654 return;
655 }
656
657 /* reset the discover type to be able to handle D-Bus and non D-Bus
658 * requests */
659 state &= ~STD_INQUIRY;
660 state &= ~PERIODIC_INQUIRY;
661 adapter_set_state(adapter, state);
662 }
663
remote_features_notify(int dev,bdaddr_t * sba,void * ptr)664 static inline void remote_features_notify(int dev, bdaddr_t *sba, void *ptr)
665 {
666 evt_remote_host_features_notify *evt = ptr;
667
668 if (evt->features[0] & 0x01)
669 hcid_dbus_set_legacy_pairing(sba, &evt->bdaddr, FALSE);
670 else
671 hcid_dbus_set_legacy_pairing(sba, &evt->bdaddr, TRUE);
672
673 write_features_info(sba, &evt->bdaddr, NULL, evt->features);
674 }
675
cmd_status(int dev,bdaddr_t * sba,void * ptr)676 static inline void cmd_status(int dev, bdaddr_t *sba, void *ptr)
677 {
678 evt_cmd_status *evt = ptr;
679 uint16_t opcode = btohs(evt->opcode);
680
681 if (opcode == cmd_opcode_pack(OGF_LINK_CTL, OCF_INQUIRY))
682 start_inquiry(sba, evt->status, FALSE);
683 }
684
cmd_complete(int dev,bdaddr_t * sba,void * ptr)685 static inline void cmd_complete(int dev, bdaddr_t *sba, void *ptr)
686 {
687 evt_cmd_complete *evt = ptr;
688 uint16_t opcode = btohs(evt->opcode);
689 uint8_t status = *((uint8_t *) ptr + EVT_CMD_COMPLETE_SIZE);
690
691 switch (opcode) {
692 case cmd_opcode_pack(OGF_LINK_CTL, OCF_PERIODIC_INQUIRY):
693 start_inquiry(sba, status, TRUE);
694 break;
695 case cmd_opcode_pack(OGF_LINK_CTL, OCF_EXIT_PERIODIC_INQUIRY):
696 inquiry_complete(sba, status, TRUE);
697 break;
698 case cmd_opcode_pack(OGF_LINK_CTL, OCF_INQUIRY_CANCEL):
699 inquiry_complete(sba, status, FALSE);
700 break;
701 case cmd_opcode_pack(OGF_HOST_CTL, OCF_CHANGE_LOCAL_NAME):
702 adapter_setname_complete(sba, status);
703 break;
704 case cmd_opcode_pack(OGF_HOST_CTL, OCF_WRITE_SCAN_ENABLE):
705 hcid_dbus_setscan_enable_complete(sba);
706 break;
707 case cmd_opcode_pack(OGF_HOST_CTL, OCF_WRITE_CLASS_OF_DEV):
708 adapter_set_class_complete(sba, status);
709 break;
710 case cmd_opcode_pack(OGF_HOST_CTL, OCF_WRITE_SIMPLE_PAIRING_MODE):
711 hcid_dbus_write_simple_pairing_mode_complete(sba);
712 break;
713 case cmd_opcode_pack(OGF_HOST_CTL, OCF_READ_LOCAL_NAME):
714 ptr += sizeof(evt_cmd_complete);
715 adapter_update_local_name(sba, status, ptr);
716 break;
717 case cmd_opcode_pack(OGF_HOST_CTL, OCF_READ_INQ_RESPONSE_TX_POWER_LEVEL):
718 ptr += sizeof(evt_cmd_complete);
719 adapter_update_tx_power(sba, status, ptr);
720 break;
721 };
722 }
723
remote_name_information(int dev,bdaddr_t * sba,void * ptr)724 static inline void remote_name_information(int dev, bdaddr_t *sba, void *ptr)
725 {
726 evt_remote_name_req_complete *evt = ptr;
727 bdaddr_t dba;
728 char name[MAX_NAME_LENGTH + 1];
729
730 memset(name, 0, sizeof(name));
731 bacpy(&dba, &evt->bdaddr);
732
733 if (!evt->status) {
734 char *end;
735 memcpy(name, evt->name, MAX_NAME_LENGTH);
736 /* It's ok to cast end between const and non-const since
737 * we know it points to inside of name which is non-const */
738 if (!g_utf8_validate(name, -1, (const char **) &end))
739 *end = '\0';
740 write_device_name(sba, &dba, name);
741 }
742
743 hcid_dbus_remote_name(sba, &dba, evt->status, name);
744 }
745
remote_version_information(int dev,bdaddr_t * sba,void * ptr)746 static inline void remote_version_information(int dev, bdaddr_t *sba, void *ptr)
747 {
748 evt_read_remote_version_complete *evt = ptr;
749 bdaddr_t dba;
750
751 if (evt->status)
752 return;
753
754 if (get_bdaddr(dev, sba, btohs(evt->handle), &dba) < 0)
755 return;
756
757 write_version_info(sba, &dba, btohs(evt->manufacturer),
758 evt->lmp_ver, btohs(evt->lmp_subver));
759 }
760
inquiry_result(int dev,bdaddr_t * sba,int plen,void * ptr)761 static inline void inquiry_result(int dev, bdaddr_t *sba, int plen, void *ptr)
762 {
763 uint8_t num = *(uint8_t *) ptr++;
764 int i;
765
766 for (i = 0; i < num; i++) {
767 inquiry_info *info = ptr;
768 uint32_t class = info->dev_class[0]
769 | (info->dev_class[1] << 8)
770 | (info->dev_class[2] << 16);
771
772 hcid_dbus_inquiry_result(sba, &info->bdaddr, class, 0, NULL);
773
774 update_lastseen(sba, &info->bdaddr);
775
776 ptr += INQUIRY_INFO_SIZE;
777 }
778 }
779
inquiry_result_with_rssi(int dev,bdaddr_t * sba,int plen,void * ptr)780 static inline void inquiry_result_with_rssi(int dev, bdaddr_t *sba,
781 int plen, void *ptr)
782 {
783 uint8_t num = *(uint8_t *) ptr++;
784 int i;
785
786 if (!num)
787 return;
788
789 if ((plen - 1) / num == INQUIRY_INFO_WITH_RSSI_AND_PSCAN_MODE_SIZE) {
790 for (i = 0; i < num; i++) {
791 inquiry_info_with_rssi_and_pscan_mode *info = ptr;
792 uint32_t class = info->dev_class[0]
793 | (info->dev_class[1] << 8)
794 | (info->dev_class[2] << 16);
795
796 hcid_dbus_inquiry_result(sba, &info->bdaddr,
797 class, info->rssi, NULL);
798
799 update_lastseen(sba, &info->bdaddr);
800
801 ptr += INQUIRY_INFO_WITH_RSSI_AND_PSCAN_MODE_SIZE;
802 }
803 } else {
804 for (i = 0; i < num; i++) {
805 inquiry_info_with_rssi *info = ptr;
806 uint32_t class = info->dev_class[0]
807 | (info->dev_class[1] << 8)
808 | (info->dev_class[2] << 16);
809
810 hcid_dbus_inquiry_result(sba, &info->bdaddr,
811 class, info->rssi, NULL);
812
813 update_lastseen(sba, &info->bdaddr);
814
815 ptr += INQUIRY_INFO_WITH_RSSI_SIZE;
816 }
817 }
818 }
819
extended_inquiry_result(int dev,bdaddr_t * sba,int plen,void * ptr)820 static inline void extended_inquiry_result(int dev, bdaddr_t *sba,
821 int plen, void *ptr)
822 {
823 uint8_t num = *(uint8_t *) ptr++;
824 int i;
825
826 for (i = 0; i < num; i++) {
827 extended_inquiry_info *info = ptr;
828 uint32_t class = info->dev_class[0]
829 | (info->dev_class[1] << 8)
830 | (info->dev_class[2] << 16);
831
832 hcid_dbus_inquiry_result(sba, &info->bdaddr, class,
833 info->rssi, info->data);
834
835 update_lastseen(sba, &info->bdaddr);
836
837 ptr += EXTENDED_INQUIRY_INFO_SIZE;
838 }
839 }
840
remote_features_information(int dev,bdaddr_t * sba,void * ptr)841 static inline void remote_features_information(int dev, bdaddr_t *sba,
842 void *ptr)
843 {
844 evt_read_remote_features_complete *evt = ptr;
845 bdaddr_t dba;
846
847 if (evt->status)
848 return;
849
850 if (get_bdaddr(dev, sba, btohs(evt->handle), &dba) < 0)
851 return;
852
853 write_features_info(sba, &dba, evt->features, NULL);
854 }
855
conn_complete(int dev,int dev_id,bdaddr_t * sba,void * ptr)856 static inline void conn_complete(int dev, int dev_id, bdaddr_t *sba, void *ptr)
857 {
858 evt_conn_complete *evt = ptr;
859 char filename[PATH_MAX];
860 remote_name_req_cp cp_name;
861 struct hci_req_data *data;
862 char local_addr[18], peer_addr[18], *str;
863
864 if (evt->link_type != ACL_LINK)
865 return;
866
867 hcid_dbus_conn_complete(sba, evt->status, btohs(evt->handle),
868 &evt->bdaddr);
869
870 if (evt->status)
871 return;
872
873 update_lastused(sba, &evt->bdaddr);
874
875 /* Request remote name */
876 memset(&cp_name, 0, sizeof(cp_name));
877 bacpy(&cp_name.bdaddr, &evt->bdaddr);
878 cp_name.pscan_rep_mode = 0x02;
879
880 data = hci_req_data_new(dev_id, &evt->bdaddr, OGF_LINK_CTL,
881 OCF_REMOTE_NAME_REQ,
882 EVT_REMOTE_NAME_REQ_COMPLETE,
883 &cp_name, REMOTE_NAME_REQ_CP_SIZE);
884
885 hci_req_queue_append(data);
886
887 /* check if the remote version needs be requested */
888 ba2str(sba, local_addr);
889 ba2str(&evt->bdaddr, peer_addr);
890
891 create_name(filename, sizeof(filename), STORAGEDIR, local_addr,
892 "manufacturers");
893
894 str = textfile_get(filename, peer_addr);
895 if (!str) {
896 read_remote_version_cp cp;
897
898 memset(&cp, 0, sizeof(cp));
899 cp.handle = evt->handle;
900
901 data = hci_req_data_new(dev_id, &evt->bdaddr, OGF_LINK_CTL,
902 OCF_READ_REMOTE_VERSION,
903 EVT_READ_REMOTE_VERSION_COMPLETE,
904 &cp, READ_REMOTE_VERSION_CP_SIZE);
905
906 hci_req_queue_append(data);
907 } else
908 free(str);
909 }
910
disconn_complete(int dev,bdaddr_t * sba,void * ptr)911 static inline void disconn_complete(int dev, bdaddr_t *sba, void *ptr)
912 {
913 evt_disconn_complete *evt = ptr;
914
915 hcid_dbus_disconn_complete(sba, evt->status, btohs(evt->handle),
916 evt->reason);
917 }
918
auth_complete(int dev,bdaddr_t * sba,void * ptr)919 static inline void auth_complete(int dev, bdaddr_t *sba, void *ptr)
920 {
921 evt_auth_complete *evt = ptr;
922 bdaddr_t dba;
923
924 if (get_bdaddr(dev, sba, btohs(evt->handle), &dba) < 0)
925 return;
926
927 hcid_dbus_bonding_process_complete(sba, &dba, evt->status);
928 }
929
simple_pairing_complete(int dev,bdaddr_t * sba,void * ptr)930 static inline void simple_pairing_complete(int dev, bdaddr_t *sba, void *ptr)
931 {
932 evt_simple_pairing_complete *evt = ptr;
933
934 hcid_dbus_simple_pairing_complete(sba, &evt->bdaddr, evt->status);
935 }
936
conn_request(int dev,bdaddr_t * sba,void * ptr)937 static inline void conn_request(int dev, bdaddr_t *sba, void *ptr)
938 {
939 evt_conn_request *evt = ptr;
940 uint32_t class = evt->dev_class[0] | (evt->dev_class[1] << 8)
941 | (evt->dev_class[2] << 16);
942
943 hcid_dbus_remote_class(sba, &evt->bdaddr, class);
944
945 write_remote_class(sba, &evt->bdaddr, class);
946 }
947
delete_channel(GIOChannel * chan)948 static void delete_channel(GIOChannel *chan)
949 {
950 int i;
951
952 /* Look for the GIOChannel in the table */
953 for (i = 0; i < HCI_MAX_DEV; i++)
954 if (io_data[i].channel == chan) {
955 stop_security_manager(i);
956 return;
957 }
958
959 error("IO channel not found in the io_data table");
960 }
961
io_security_event(GIOChannel * chan,GIOCondition cond,gpointer data)962 static gboolean io_security_event(GIOChannel *chan, GIOCondition cond,
963 gpointer data)
964 {
965 unsigned char buf[HCI_MAX_EVENT_SIZE], *ptr = buf;
966 struct hci_dev_info *di = data;
967 int type, dev;
968 size_t len;
969 hci_event_hdr *eh;
970 GIOError err;
971 evt_cmd_status *evt;
972
973 if (cond & (G_IO_NVAL | G_IO_HUP | G_IO_ERR)) {
974 delete_channel(chan);
975 return FALSE;
976 }
977
978 if ((err = g_io_channel_read(chan, (gchar *) buf, sizeof(buf), &len))) {
979 if (err == G_IO_ERROR_AGAIN)
980 return TRUE;
981 delete_channel(chan);
982 return FALSE;
983 }
984
985 type = *ptr++;
986
987 if (type != HCI_EVENT_PKT)
988 return TRUE;
989
990 eh = (hci_event_hdr *) ptr;
991 ptr += HCI_EVENT_HDR_SIZE;
992
993 dev = g_io_channel_unix_get_fd(chan);
994
995 ioctl(dev, HCIGETDEVINFO, (void *) di);
996
997 if (hci_test_bit(HCI_RAW, &di->flags))
998 return TRUE;
999
1000 switch (eh->evt) {
1001 case EVT_CMD_STATUS:
1002 cmd_status(dev, &di->bdaddr, ptr);
1003 break;
1004
1005 case EVT_CMD_COMPLETE:
1006 cmd_complete(dev, &di->bdaddr, ptr);
1007 break;
1008
1009 case EVT_REMOTE_NAME_REQ_COMPLETE:
1010 remote_name_information(dev, &di->bdaddr, ptr);
1011 break;
1012
1013 case EVT_READ_REMOTE_VERSION_COMPLETE:
1014 remote_version_information(dev, &di->bdaddr, ptr);
1015 break;
1016
1017 case EVT_READ_REMOTE_FEATURES_COMPLETE:
1018 remote_features_information(dev, &di->bdaddr, ptr);
1019 break;
1020
1021 case EVT_REMOTE_HOST_FEATURES_NOTIFY:
1022 remote_features_notify(dev, &di->bdaddr, ptr);
1023 break;
1024
1025 case EVT_INQUIRY_COMPLETE:
1026 evt = (evt_cmd_status *) ptr;
1027 inquiry_complete(&di->bdaddr, evt->status, FALSE);
1028 break;
1029
1030 case EVT_INQUIRY_RESULT:
1031 inquiry_result(dev, &di->bdaddr, eh->plen, ptr);
1032 break;
1033
1034 case EVT_INQUIRY_RESULT_WITH_RSSI:
1035 inquiry_result_with_rssi(dev, &di->bdaddr, eh->plen, ptr);
1036 break;
1037
1038 case EVT_EXTENDED_INQUIRY_RESULT:
1039 extended_inquiry_result(dev, &di->bdaddr, eh->plen, ptr);
1040 break;
1041
1042 case EVT_CONN_COMPLETE:
1043 conn_complete(dev, di->dev_id, &di->bdaddr, ptr);
1044 break;
1045
1046 case EVT_DISCONN_COMPLETE:
1047 disconn_complete(dev, &di->bdaddr, ptr);
1048 break;
1049
1050 case EVT_AUTH_COMPLETE:
1051 auth_complete(dev, &di->bdaddr, ptr);
1052 break;
1053
1054 case EVT_SIMPLE_PAIRING_COMPLETE:
1055 simple_pairing_complete(dev, &di->bdaddr, ptr);
1056 break;
1057
1058 case EVT_CONN_REQUEST:
1059 conn_request(dev, &di->bdaddr, ptr);
1060 break;
1061 }
1062
1063 /* Check for pending command request */
1064 check_pending_hci_req(di->dev_id, eh->evt);
1065
1066 switch (eh->evt) {
1067 case EVT_PIN_CODE_REQ:
1068 pin_code_request(dev, &di->bdaddr, (bdaddr_t *) ptr);
1069 break;
1070
1071 case EVT_LINK_KEY_REQ:
1072 link_key_request(dev, &di->bdaddr, (bdaddr_t *) ptr);
1073 break;
1074
1075 case EVT_LINK_KEY_NOTIFY:
1076 link_key_notify(dev, &di->bdaddr, ptr);
1077 break;
1078
1079 case EVT_RETURN_LINK_KEYS:
1080 return_link_keys(dev, &di->bdaddr, ptr);
1081 break;
1082
1083 case EVT_IO_CAPABILITY_REQUEST:
1084 io_capa_request(dev, &di->bdaddr, (bdaddr_t *) ptr);
1085 break;
1086
1087 case EVT_IO_CAPABILITY_RESPONSE:
1088 io_capa_response(dev, &di->bdaddr, ptr);
1089 break;
1090
1091 case EVT_USER_CONFIRM_REQUEST:
1092 user_confirm_request(dev, &di->bdaddr, ptr);
1093 break;
1094
1095 case EVT_USER_PASSKEY_REQUEST:
1096 user_passkey_request(dev, &di->bdaddr, ptr);
1097 break;
1098
1099 case EVT_USER_PASSKEY_NOTIFY:
1100 user_passkey_notify(dev, &di->bdaddr, ptr);
1101 break;
1102
1103 case EVT_REMOTE_OOB_DATA_REQUEST:
1104 remote_oob_data_request(dev, &di->bdaddr, ptr);
1105 break;
1106 }
1107
1108 return TRUE;
1109 }
1110
start_security_manager(int hdev)1111 void start_security_manager(int hdev)
1112 {
1113 GIOChannel *chan = io_data[hdev].channel;
1114 struct hci_dev_info *di;
1115 struct hci_filter flt;
1116 read_stored_link_key_cp cp;
1117 int dev;
1118
1119 if (chan)
1120 return;
1121
1122 info("Starting security manager %d", hdev);
1123
1124 if ((dev = hci_open_dev(hdev)) < 0) {
1125 error("Can't open device hci%d: %s (%d)",
1126 hdev, strerror(errno), errno);
1127 return;
1128 }
1129
1130 /* Set filter */
1131 hci_filter_clear(&flt);
1132 hci_filter_set_ptype(HCI_EVENT_PKT, &flt);
1133 hci_filter_set_event(EVT_CMD_STATUS, &flt);
1134 hci_filter_set_event(EVT_CMD_COMPLETE, &flt);
1135 hci_filter_set_event(EVT_PIN_CODE_REQ, &flt);
1136 hci_filter_set_event(EVT_LINK_KEY_REQ, &flt);
1137 hci_filter_set_event(EVT_LINK_KEY_NOTIFY, &flt);
1138 hci_filter_set_event(EVT_RETURN_LINK_KEYS, &flt);
1139 hci_filter_set_event(EVT_IO_CAPABILITY_REQUEST, &flt);
1140 hci_filter_set_event(EVT_IO_CAPABILITY_RESPONSE, &flt);
1141 hci_filter_set_event(EVT_USER_CONFIRM_REQUEST, &flt);
1142 hci_filter_set_event(EVT_USER_PASSKEY_REQUEST, &flt);
1143 hci_filter_set_event(EVT_REMOTE_OOB_DATA_REQUEST, &flt);
1144 hci_filter_set_event(EVT_USER_PASSKEY_NOTIFY, &flt);
1145 hci_filter_set_event(EVT_KEYPRESS_NOTIFY, &flt);
1146 hci_filter_set_event(EVT_SIMPLE_PAIRING_COMPLETE, &flt);
1147 hci_filter_set_event(EVT_AUTH_COMPLETE, &flt);
1148 hci_filter_set_event(EVT_REMOTE_NAME_REQ_COMPLETE, &flt);
1149 hci_filter_set_event(EVT_READ_REMOTE_VERSION_COMPLETE, &flt);
1150 hci_filter_set_event(EVT_READ_REMOTE_FEATURES_COMPLETE, &flt);
1151 hci_filter_set_event(EVT_REMOTE_HOST_FEATURES_NOTIFY, &flt);
1152 hci_filter_set_event(EVT_INQUIRY_COMPLETE, &flt);
1153 hci_filter_set_event(EVT_INQUIRY_RESULT, &flt);
1154 hci_filter_set_event(EVT_INQUIRY_RESULT_WITH_RSSI, &flt);
1155 hci_filter_set_event(EVT_EXTENDED_INQUIRY_RESULT, &flt);
1156 hci_filter_set_event(EVT_CONN_REQUEST, &flt);
1157 hci_filter_set_event(EVT_CONN_COMPLETE, &flt);
1158 hci_filter_set_event(EVT_DISCONN_COMPLETE, &flt);
1159 if (setsockopt(dev, SOL_HCI, HCI_FILTER, &flt, sizeof(flt)) < 0) {
1160 error("Can't set filter on hci%d: %s (%d)",
1161 hdev, strerror(errno), errno);
1162 close(dev);
1163 return;
1164 }
1165
1166 di = g_new(struct hci_dev_info, 1);
1167 if (hci_devinfo(hdev, di) < 0) {
1168 error("Can't get device info: %s (%d)",
1169 strerror(errno), errno);
1170 close(dev);
1171 g_free(di);
1172 return;
1173 }
1174
1175 chan = g_io_channel_unix_new(dev);
1176 g_io_channel_set_close_on_unref(chan, TRUE);
1177 io_data[hdev].watch_id = g_io_add_watch_full(chan, G_PRIORITY_LOW,
1178 G_IO_IN | G_IO_NVAL | G_IO_HUP | G_IO_ERR,
1179 io_security_event, di, (GDestroyNotify) g_free);
1180 io_data[hdev].channel = chan;
1181 io_data[hdev].pin_length = -1;
1182
1183 if (hci_test_bit(HCI_RAW, &di->flags))
1184 return;
1185
1186 bacpy(&cp.bdaddr, BDADDR_ANY);
1187 cp.read_all = 1;
1188
1189 hci_send_cmd(dev, OGF_HOST_CTL, OCF_READ_STORED_LINK_KEY,
1190 READ_STORED_LINK_KEY_CP_SIZE, (void *) &cp);
1191 }
1192
stop_security_manager(int hdev)1193 void stop_security_manager(int hdev)
1194 {
1195 GIOChannel *chan = io_data[hdev].channel;
1196
1197 if (!chan)
1198 return;
1199
1200 info("Stopping security manager %d", hdev);
1201
1202 g_source_remove(io_data[hdev].watch_id);
1203 g_io_channel_unref(io_data[hdev].channel);
1204 io_data[hdev].watch_id = -1;
1205 io_data[hdev].channel = NULL;
1206 io_data[hdev].pin_length = -1;
1207 }
1208
1209