1 /*
2 *
3 * BlueZ - Bluetooth protocol stack for Linux
4 *
5 * Copyright (C) 2006-2010 Nokia Corporation
6 * Copyright (C) 2004-2010 Marcel Holtmann <marcel@holtmann.org>
7 *
8 *
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, write to the Free Software
21 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
22 *
23 */
24
25 #ifdef HAVE_CONFIG_H
26 #include <config.h>
27 #endif
28
29 #define _GNU_SOURCE
30 #include <stdio.h>
31 #include <errno.h>
32 #include <unistd.h>
33 #include <stdlib.h>
34 #include <string.h>
35 #include <sys/param.h>
36 #include <sys/ioctl.h>
37 #include <sys/socket.h>
38
39 #include <bluetooth/bluetooth.h>
40 #include <bluetooth/hci.h>
41 #include <bluetooth/hci_lib.h>
42 #include <bluetooth/sdp.h>
43
44 #include <glib.h>
45 #include <dbus/dbus.h>
46 #include <gdbus.h>
47
48 #include "log.h"
49 #include "textfile.h"
50
51 #include "hcid.h"
52 #include "manager.h"
53 #include "adapter.h"
54 #include "device.h"
55 #include "error.h"
56 #include "glib-helper.h"
57 #include "dbus-common.h"
58 #include "agent.h"
59 #include "storage.h"
60 #include "dbus-hci.h"
61
62 struct oob_availability_req {
63 struct btd_device *device;
64 uint8_t auth;
65 uint8_t capa;
66 };
67
68 static DBusConnection *connection = NULL;
69
get_adapter_and_device(bdaddr_t * src,bdaddr_t * dst,struct btd_adapter ** adapter,struct btd_device ** device,gboolean create)70 gboolean get_adapter_and_device(bdaddr_t *src, bdaddr_t *dst,
71 struct btd_adapter **adapter,
72 struct btd_device **device,
73 gboolean create)
74 {
75 char peer_addr[18];
76
77 *adapter = manager_find_adapter(src);
78 if (!*adapter) {
79 error("Unable to find matching adapter");
80 return FALSE;
81 }
82
83 ba2str(dst, peer_addr);
84
85 if (create)
86 *device = adapter_get_device(connection, *adapter, peer_addr);
87 else
88 *device = adapter_find_device(*adapter, peer_addr);
89
90 if (create && !*device) {
91 error("Unable to get device object!");
92 return FALSE;
93 }
94
95 return TRUE;
96 }
97
class_to_icon(uint32_t class)98 const char *class_to_icon(uint32_t class)
99 {
100 switch ((class & 0x1f00) >> 8) {
101 case 0x01:
102 return "computer";
103 case 0x02:
104 switch ((class & 0xfc) >> 2) {
105 case 0x01:
106 case 0x02:
107 case 0x03:
108 case 0x05:
109 return "phone";
110 case 0x04:
111 return "modem";
112 }
113 break;
114 case 0x03:
115 return "network-wireless";
116 case 0x04:
117 switch ((class & 0xfc) >> 2) {
118 case 0x01:
119 case 0x02:
120 return "audio-card"; /* Headset */
121 case 0x06:
122 return "audio-card"; /* Headphone */
123 case 0x0b: /* VCR */
124 case 0x0c: /* Video Camera */
125 case 0x0d: /* Camcorder */
126 return "camera-video";
127 default:
128 return "audio-card"; /* Other audio device */
129 }
130 break;
131 case 0x05:
132 switch ((class & 0xc0) >> 6) {
133 case 0x00:
134 switch ((class & 0x1e) >> 2) {
135 case 0x01:
136 case 0x02:
137 return "input-gaming";
138 }
139 break;
140 case 0x01:
141 return "input-keyboard";
142 case 0x02:
143 switch ((class & 0x1e) >> 2) {
144 case 0x05:
145 return "input-tablet";
146 default:
147 return "input-mouse";
148 }
149 }
150 break;
151 case 0x06:
152 if (class & 0x80)
153 return "printer";
154 if (class & 0x20)
155 return "camera-photo";
156 break;
157 }
158
159 return NULL;
160 }
161
162 /*****************************************************************
163 *
164 * Section reserved to HCI commands confirmation handling and low
165 * level events(eg: device attached/dettached.
166 *
167 *****************************************************************/
168
pincode_cb(struct agent * agent,DBusError * err,const char * pincode,struct btd_device * device)169 static void pincode_cb(struct agent *agent, DBusError *err,
170 const char *pincode, struct btd_device *device)
171 {
172 struct btd_adapter *adapter = device_get_adapter(device);
173 pin_code_reply_cp pr;
174 bdaddr_t sba, dba;
175 size_t len;
176 int dev;
177 uint16_t dev_id = adapter_get_dev_id(adapter);
178
179 dev = hci_open_dev(dev_id);
180 if (dev < 0) {
181 error("hci_open_dev(%d): %s (%d)", dev_id,
182 strerror(errno), errno);
183 return;
184 }
185
186 adapter_get_address(adapter, &sba);
187 device_get_address(device, &dba);
188
189 if (err) {
190 hci_send_cmd(dev, OGF_LINK_CTL,
191 OCF_PIN_CODE_NEG_REPLY, 6, &dba);
192 goto done;
193 }
194
195 len = strlen(pincode);
196
197 set_pin_length(&sba, len);
198
199 memset(&pr, 0, sizeof(pr));
200 bacpy(&pr.bdaddr, &dba);
201 memcpy(pr.pin_code, pincode, len);
202 pr.pin_len = len;
203 hci_send_cmd(dev, OGF_LINK_CTL, OCF_PIN_CODE_REPLY,
204 PIN_CODE_REPLY_CP_SIZE, &pr);
205
206 done:
207 hci_close_dev(dev);
208 }
209
hcid_dbus_request_pin(int dev,bdaddr_t * sba,struct hci_conn_info * ci)210 int hcid_dbus_request_pin(int dev, bdaddr_t *sba, struct hci_conn_info *ci)
211 {
212 struct btd_adapter *adapter;
213 struct btd_device *device;
214
215 if (!get_adapter_and_device(sba, &ci->bdaddr, &adapter, &device, TRUE))
216 return -ENODEV;
217
218 /* Check if the adapter is not pairable and if there isn't a bonding in
219 * progress */
220 if (!adapter_is_pairable(adapter) && !device_is_bonding(device, NULL))
221 return -EPERM;
222
223 return device_request_authentication(device, AUTH_TYPE_PINCODE, 0,
224 pincode_cb);
225 }
226
confirm_reply(struct btd_adapter * adapter,struct btd_device * device,gboolean success)227 static int confirm_reply(struct btd_adapter *adapter,
228 struct btd_device *device, gboolean success)
229 {
230 int dd;
231 user_confirm_reply_cp cp;
232 uint16_t dev_id = adapter_get_dev_id(adapter);
233
234 dd = hci_open_dev(dev_id);
235 if (dd < 0) {
236 error("Unable to open hci%d", dev_id);
237 return dd;
238 }
239
240 memset(&cp, 0, sizeof(cp));
241 device_get_address(device, &cp.bdaddr);
242
243 if (success)
244 hci_send_cmd(dd, OGF_LINK_CTL, OCF_USER_CONFIRM_REPLY,
245 USER_CONFIRM_REPLY_CP_SIZE, &cp);
246 else
247 hci_send_cmd(dd, OGF_LINK_CTL, OCF_USER_CONFIRM_NEG_REPLY,
248 USER_CONFIRM_REPLY_CP_SIZE, &cp);
249
250 hci_close_dev(dd);
251
252 return 0;
253 }
254
confirm_cb(struct agent * agent,DBusError * err,void * user_data)255 static void confirm_cb(struct agent *agent, DBusError *err, void *user_data)
256 {
257 struct btd_device *device = user_data;
258 struct btd_adapter *adapter = device_get_adapter(device);
259 gboolean success = (err == NULL) ? TRUE : FALSE;
260
261 confirm_reply(adapter, device, success);
262 }
263
passkey_cb(struct agent * agent,DBusError * err,uint32_t passkey,void * user_data)264 static void passkey_cb(struct agent *agent, DBusError *err, uint32_t passkey,
265 void *user_data)
266 {
267 struct btd_device *device = user_data;
268 struct btd_adapter *adapter = device_get_adapter(device);
269 user_passkey_reply_cp cp;
270 bdaddr_t dba;
271 int dd;
272 uint16_t dev_id = adapter_get_dev_id(adapter);
273
274 dd = hci_open_dev(dev_id);
275 if (dd < 0) {
276 error("Unable to open hci%d", dev_id);
277 return;
278 }
279
280 device_get_address(device, &dba);
281
282 memset(&cp, 0, sizeof(cp));
283 bacpy(&cp.bdaddr, &dba);
284 cp.passkey = passkey;
285
286 if (err)
287 hci_send_cmd(dd, OGF_LINK_CTL,
288 OCF_USER_PASSKEY_NEG_REPLY, 6, &dba);
289 else
290 hci_send_cmd(dd, OGF_LINK_CTL, OCF_USER_PASSKEY_REPLY,
291 USER_PASSKEY_REPLY_CP_SIZE, &cp);
292
293 hci_close_dev(dd);
294 }
295
oob_data_cb(struct agent * agent,DBusError * err,uint8_t * hash,uint8_t * randomizer,void * user_data)296 static void oob_data_cb(struct agent *agent, DBusError *err, uint8_t *hash,
297 uint8_t *randomizer, void *user_data)
298 {
299 struct btd_device *device = user_data;
300 struct btd_adapter *adapter = device_get_adapter(device);
301 remote_oob_data_reply_cp cp;
302 bdaddr_t dba;
303 int dd;
304 uint16_t dev_id = adapter_get_dev_id(adapter);
305
306 dd = hci_open_dev(dev_id);
307 if (dd < 0) {
308 error("Unable to open hci%d", dev_id);
309 return;
310 }
311
312 device_get_address(device, &dba);
313 memset(&cp, 0, sizeof(cp));
314 bacpy(&cp.bdaddr, &dba);
315
316 memcpy(&cp.hash, hash, 16);
317 memcpy(&cp.randomizer, randomizer, 16);
318
319 if (err)
320 hci_send_cmd(dd, OGF_LINK_CTL, OCF_REMOTE_OOB_DATA_NEG_REPLY,
321 6, &dba);
322
323 else
324 hci_send_cmd(dd, OGF_LINK_CTL, OCF_REMOTE_OOB_DATA_REPLY,
325 REMOTE_OOB_DATA_REPLY_CP_SIZE, &cp);
326
327 hci_close_dev(dd);
328 }
329
io_capa_oob_response(struct btd_adapter * adapter,struct btd_device * device,uint8_t cap,uint8_t auth,gboolean oob)330 static void io_capa_oob_response(struct btd_adapter *adapter, struct btd_device *device,
331 uint8_t cap, uint8_t auth, gboolean oob)
332 {
333 io_capability_reply_cp cp;
334 int dd;
335 uint16_t dev_id = adapter_get_dev_id(adapter);
336
337 dd = hci_open_dev(dev_id);
338 if (dd < 0) {
339 error("Unable to open hci%d", dev_id);
340 return;
341 }
342 memset(&cp, 0, sizeof(cp));
343 device_get_address(device, &cp.bdaddr);
344
345 cp.capability = cap;
346 if (oob)
347 cp.oob_data = 0x01;
348 else
349 cp.oob_data = 0x00;
350 cp.authentication = auth;
351
352 hci_send_cmd(dd, OGF_LINK_CTL, OCF_IO_CAPABILITY_REPLY,
353 IO_CAPABILITY_REPLY_CP_SIZE, &cp);
354 hci_close_dev(dd);
355 }
356
oob_availability_cb(struct agent * agent,DBusError * err,void * user_data)357 static void oob_availability_cb(struct agent *agent, DBusError *err,
358 void *user_data)
359 {
360 struct oob_availability_req *oob = user_data;
361 struct btd_device *device = oob->device;
362 struct btd_adapter *adapter = device_get_adapter(device);
363
364 if (err) {
365 io_capa_oob_response(adapter, device, oob->capa, oob->auth, FALSE);
366 } else {
367 io_capa_oob_response(adapter, device, oob->capa, oob->auth, TRUE);
368 }
369 }
370
371
pairing_consent_cb(struct agent * agent,DBusError * err,void * user_data)372 static void pairing_consent_cb(struct agent *agent, DBusError *err,
373 void *user_data)
374 {
375 struct btd_device *device = user_data;
376 struct btd_adapter *adapter = device_get_adapter(device);
377 user_confirm_reply_cp cp;
378 int dd;
379 uint16_t dev_id = adapter_get_dev_id(adapter);
380
381 dd = hci_open_dev(dev_id);
382 if (dd < 0) {
383 error("Unable to open hci%d", dev_id);
384 return;
385 }
386
387 memset(&cp, 0, sizeof(cp));
388 device_get_address(device, &cp.bdaddr);
389
390 if (err)
391 hci_send_cmd(dd, OGF_LINK_CTL, OCF_USER_CONFIRM_NEG_REPLY,
392 USER_CONFIRM_REPLY_CP_SIZE, &cp);
393 else
394 hci_send_cmd(dd, OGF_LINK_CTL, OCF_USER_CONFIRM_REPLY,
395 USER_CONFIRM_REPLY_CP_SIZE, &cp);
396
397 hci_close_dev(dd);
398 }
399
get_auth_requirements(bdaddr_t * local,bdaddr_t * remote,uint8_t * auth)400 static int get_auth_requirements(bdaddr_t *local, bdaddr_t *remote,
401 uint8_t *auth)
402 {
403 struct hci_auth_info_req req;
404 char addr[18];
405 int err, dd, dev_id;
406
407 ba2str(local, addr);
408
409 dev_id = hci_devid(addr);
410 if (dev_id < 0)
411 return dev_id;
412
413 dd = hci_open_dev(dev_id);
414 if (dd < 0)
415 return dd;
416
417 memset(&req, 0, sizeof(req));
418 bacpy(&req.bdaddr, remote);
419
420 err = ioctl(dd, HCIGETAUTHINFO, (unsigned long) &req);
421 if (err < 0) {
422 DBG("HCIGETAUTHINFO failed: %s (%d)",
423 strerror(errno), errno);
424 hci_close_dev(dd);
425 return err;
426 }
427
428 hci_close_dev(dd);
429
430 if (auth)
431 *auth = req.type;
432
433 return 0;
434 }
435
hcid_dbus_user_confirm(bdaddr_t * sba,bdaddr_t * dba,uint32_t passkey)436 int hcid_dbus_user_confirm(bdaddr_t *sba, bdaddr_t *dba, uint32_t passkey)
437 {
438 struct btd_adapter *adapter;
439 struct btd_device *device;
440 struct agent *agent;
441 uint8_t rem_cap, rem_auth, loc_cap, loc_auth;
442 gboolean bonding_initiator;
443
444 if (!get_adapter_and_device(sba, dba, &adapter, &device, TRUE))
445 return -ENODEV;
446
447 if (get_auth_requirements(sba, dba, &loc_auth) < 0) {
448 error("Unable to get local authentication requirements");
449 goto fail;
450 }
451
452 agent = device_get_agent(device);
453 if (agent == NULL) {
454 error("No agent available for user confirmation");
455 goto fail;
456 }
457
458 loc_cap = agent_get_io_capability(agent);
459
460 DBG("confirm IO capabilities are 0x%02x", loc_cap);
461 DBG("confirm authentication requirement is 0x%02x", loc_auth);
462
463 rem_cap = device_get_cap(device);
464 rem_auth = device_get_auth(device);
465
466 DBG("remote IO capabilities are 0x%02x", rem_cap);
467 DBG("remote authentication requirement is 0x%02x", rem_auth);
468
469 /* If we require MITM but the remote device can't provide that
470 * (it has NoInputNoOutput) then reject the confirmation
471 * request. The only exception is when we're dedicated bonding
472 * initiators since then we always have the MITM bit set. */
473 bonding_initiator = device_is_bonding(device, NULL);
474 if (!bonding_initiator && (loc_auth & 0x01) && rem_cap == 0x03) {
475 error("Rejecting request: remote device can't provide MITM");
476 goto fail;
477 }
478
479 /* If local IO capabilities are DisplayYesNo and remote IO
480 * capabiltiies are DisplayOnly or NoInputNoOutput;
481 * call PairingConsent callback for incoming requests. */
482 agent = device_get_agent(device);
483 if (!agent) {
484 agent = adapter_get_agent(adapter);
485 if ((agent_get_io_capability(agent) & 0x01) &&
486 (rem_cap == 0x00 || rem_cap == 0x03))
487 return device_request_authentication(device,
488 AUTH_TYPE_PAIRING_CONSENT, 0,
489 pairing_consent_cb);
490 }
491
492 /* If no side requires MITM protection; auto-accept */
493 if ((loc_auth == 0xff || !(loc_auth & 0x01) || rem_cap == 0x03) &&
494 (!(rem_auth & 0x01) || loc_cap == 0x03)) {
495 DBG("auto accept of confirmation");
496
497 /* Wait 5 milliseconds before doing auto-accept */
498 usleep(5000);
499
500 if (confirm_reply(adapter, device, TRUE) < 0)
501 return -EIO;
502
503 return device_request_authentication(device, AUTH_TYPE_AUTO,
504 0, NULL);
505 }
506
507 return device_request_authentication(device, AUTH_TYPE_CONFIRM,
508 passkey, confirm_cb);
509
510 fail:
511 return confirm_reply(adapter, device, FALSE);
512 }
513
hcid_dbus_user_passkey(bdaddr_t * sba,bdaddr_t * dba)514 int hcid_dbus_user_passkey(bdaddr_t *sba, bdaddr_t *dba)
515 {
516 struct btd_adapter *adapter;
517 struct btd_device *device;
518
519 if (!get_adapter_and_device(sba, dba, &adapter, &device, TRUE))
520 return -ENODEV;
521
522 return device_request_authentication(device, AUTH_TYPE_PASSKEY, 0,
523 passkey_cb);
524 }
525
hcid_dbus_user_notify(bdaddr_t * sba,bdaddr_t * dba,uint32_t passkey)526 int hcid_dbus_user_notify(bdaddr_t *sba, bdaddr_t *dba, uint32_t passkey)
527 {
528 struct btd_adapter *adapter;
529 struct btd_device *device;
530
531 if (!get_adapter_and_device(sba, dba, &adapter, &device, TRUE))
532 return -ENODEV;
533
534 return device_request_authentication(device, AUTH_TYPE_NOTIFY,
535 passkey, NULL);
536 }
537
hcid_dbus_bonding_process_complete(bdaddr_t * local,bdaddr_t * peer,uint8_t status)538 void hcid_dbus_bonding_process_complete(bdaddr_t *local, bdaddr_t *peer,
539 uint8_t status)
540 {
541 struct btd_adapter *adapter;
542 struct btd_device *device;
543
544 DBG("status=%02x", status);
545
546 if (!get_adapter_and_device(local, peer, &adapter, &device, TRUE))
547 return;
548
549 if (!device_is_authenticating(device)) {
550 /* This means that there was no pending PIN or SSP token
551 * request from the controller, i.e. this is not a new
552 * pairing */
553 DBG("no pending auth request");
554 return;
555 }
556
557 /* If this is a new pairing send the appropriate reply and signal for
558 * it and proceed with service discovery */
559 device_bonding_complete(device, status);
560 }
561
hcid_dbus_simple_pairing_complete(bdaddr_t * local,bdaddr_t * peer,uint8_t status)562 void hcid_dbus_simple_pairing_complete(bdaddr_t *local, bdaddr_t *peer,
563 uint8_t status)
564 {
565 struct btd_adapter *adapter;
566 struct btd_device *device;
567
568 DBG("status=%02x", status);
569
570 if (!get_adapter_and_device(local, peer, &adapter, &device, TRUE))
571 return;
572
573 device_simple_pairing_complete(device, status);
574 }
575
extract_eir_name(uint8_t * data,uint8_t * type)576 static char *extract_eir_name(uint8_t *data, uint8_t *type)
577 {
578 if (!data || !type)
579 return NULL;
580
581 if (data[0] == 0)
582 return NULL;
583
584 *type = data[1];
585
586 switch (*type) {
587 case 0x08:
588 case 0x09:
589 return strndup((char *) (data + 2), data[0] - 1);
590 }
591
592 return NULL;
593 }
594
hcid_dbus_inquiry_result(bdaddr_t * local,bdaddr_t * peer,uint32_t class,int8_t rssi,uint8_t * data)595 void hcid_dbus_inquiry_result(bdaddr_t *local, bdaddr_t *peer, uint32_t class,
596 int8_t rssi, uint8_t *data)
597 {
598 char filename[PATH_MAX + 1];
599 struct btd_adapter *adapter;
600 struct btd_device *device;
601 char local_addr[18], peer_addr[18], *alias, *name, *tmp_name;
602 struct remote_dev_info *dev, match;
603 uint8_t name_type = 0x00;
604 name_status_t name_status;
605 int state;
606 dbus_bool_t legacy;
607 unsigned char features[8];
608
609 ba2str(local, local_addr);
610 ba2str(peer, peer_addr);
611
612 if (!get_adapter_and_device(local, peer, &adapter, &device, FALSE)) {
613 error("No matching adapter found");
614 return;
615 }
616
617 write_remote_class(local, peer, class);
618
619 if (data)
620 write_remote_eir(local, peer, data);
621
622 /*
623 * workaround to identify situation when the daemon started and
624 * a standard inquiry or periodic inquiry was already running
625 */
626 if (!(adapter_get_state(adapter) & STD_INQUIRY) &&
627 !(adapter_get_state(adapter) & PERIODIC_INQUIRY)) {
628 state = adapter_get_state(adapter);
629 state |= PERIODIC_INQUIRY;
630 adapter_set_state(adapter, state);
631 }
632
633 memset(&match, 0, sizeof(struct remote_dev_info));
634 bacpy(&match.bdaddr, peer);
635 match.name_status = NAME_SENT;
636 /* if found: don't send the name again */
637 dev = adapter_search_found_devices(adapter, &match);
638 if (dev) {
639 adapter_update_found_devices(adapter, peer, rssi, class,
640 NULL, NULL, dev->legacy,
641 NAME_NOT_REQUIRED);
642 return;
643 }
644
645 /* the inquiry result can be triggered by NON D-Bus client */
646 if (adapter_get_state(adapter) & RESOLVE_NAME)
647 name_status = NAME_REQUIRED;
648 else
649 name_status = NAME_NOT_REQUIRED;
650
651 create_name(filename, PATH_MAX, STORAGEDIR, local_addr, "aliases");
652 alias = textfile_get(filename, peer_addr);
653
654 create_name(filename, PATH_MAX, STORAGEDIR, local_addr, "names");
655 name = textfile_get(filename, peer_addr);
656
657 if (data)
658 legacy = FALSE;
659 else if (name == NULL)
660 legacy = TRUE;
661 else if (read_remote_features(local, peer, NULL, features) == 0) {
662 if (features[0] & 0x01)
663 legacy = FALSE;
664 else
665 legacy = TRUE;
666 } else
667 legacy = TRUE;
668
669 tmp_name = extract_eir_name(data, &name_type);
670 if (tmp_name) {
671 if (name_type == 0x09) {
672 write_device_name(local, peer, tmp_name);
673 name_status = NAME_NOT_REQUIRED;
674
675 if (name)
676 g_free(name);
677
678 name = tmp_name;
679 } else {
680 if (name)
681 free(tmp_name);
682 else
683 name = tmp_name;
684 }
685 }
686
687 if (name && name_type != 0x08)
688 name_status = NAME_SENT;
689
690 /* add in the list to track name sent/pending */
691 adapter_update_found_devices(adapter, peer, rssi, class, name, alias,
692 legacy, name_status);
693
694 g_free(name);
695 g_free(alias);
696 }
697
hcid_dbus_set_legacy_pairing(bdaddr_t * local,bdaddr_t * peer,gboolean legacy)698 void hcid_dbus_set_legacy_pairing(bdaddr_t *local, bdaddr_t *peer,
699 gboolean legacy)
700 {
701 struct btd_adapter *adapter;
702 struct btd_device *device;
703 struct remote_dev_info *dev, match;
704
705 if (!get_adapter_and_device(local, peer, &adapter, &device, FALSE)) {
706 error("No matching adapter found");
707 return;
708 }
709
710 memset(&match, 0, sizeof(struct remote_dev_info));
711 bacpy(&match.bdaddr, peer);
712 match.name_status = NAME_ANY;
713
714 dev = adapter_search_found_devices(adapter, &match);
715 if (dev)
716 dev->legacy = legacy;
717 }
718
hcid_dbus_remote_class(bdaddr_t * local,bdaddr_t * peer,uint32_t class)719 void hcid_dbus_remote_class(bdaddr_t *local, bdaddr_t *peer, uint32_t class)
720 {
721 uint32_t old_class = 0;
722 struct btd_adapter *adapter;
723 struct btd_device *device;
724 const gchar *dev_path;
725
726 read_remote_class(local, peer, &old_class);
727
728 if (old_class == class)
729 return;
730
731 if (!get_adapter_and_device(local, peer, &adapter, &device, FALSE))
732 return;
733
734 if (!device)
735 return;
736
737 dev_path = device_get_path(device);
738
739 emit_property_changed(connection, dev_path, DEVICE_INTERFACE, "Class",
740 DBUS_TYPE_UINT32, &class);
741 }
742
hcid_dbus_remote_name(bdaddr_t * local,bdaddr_t * peer,uint8_t status,char * name)743 void hcid_dbus_remote_name(bdaddr_t *local, bdaddr_t *peer, uint8_t status,
744 char *name)
745 {
746 struct btd_adapter *adapter;
747 char srcaddr[18], dstaddr[18];
748 int state;
749 struct btd_device *device;
750 struct remote_dev_info match, *dev_info;
751
752 if (!get_adapter_and_device(local, peer, &adapter, &device, FALSE))
753 return;
754
755 ba2str(local, srcaddr);
756 ba2str(peer, dstaddr);
757
758 if (status != 0)
759 goto proceed;
760
761 bacpy(&match.bdaddr, peer);
762 match.name_status = NAME_ANY;
763
764 dev_info = adapter_search_found_devices(adapter, &match);
765 if (dev_info) {
766 g_free(dev_info->name);
767 dev_info->name = g_strdup(name);
768 adapter_emit_device_found(adapter, dev_info);
769 }
770
771 if (device)
772 device_set_name(device, name);
773
774 proceed:
775 /* remove from remote name request list */
776 adapter_remove_found_device(adapter, peer);
777
778 /* check if there is more devices to request names */
779 if (adapter_resolve_names(adapter) == 0)
780 return;
781
782 state = adapter_get_state(adapter);
783 state &= ~PERIODIC_INQUIRY;
784 state &= ~STD_INQUIRY;
785 adapter_set_state(adapter, state);
786 }
787
hcid_dbus_link_key_notify(bdaddr_t * local,bdaddr_t * peer,uint8_t * key,uint8_t key_type,int pin_length,uint8_t old_key_type)788 int hcid_dbus_link_key_notify(bdaddr_t *local, bdaddr_t *peer,
789 uint8_t *key, uint8_t key_type,
790 int pin_length, uint8_t old_key_type)
791 {
792 struct btd_device *device;
793 struct btd_adapter *adapter;
794 uint8_t local_auth = 0xff, remote_auth, new_key_type;
795 gboolean bonding, temporary = FALSE;
796
797 if (!get_adapter_and_device(local, peer, &adapter, &device, TRUE))
798 return -ENODEV;
799
800 new_key_type = key_type;
801
802 if (key_type == 0x06) {
803 if (device_get_debug_key(device, NULL))
804 old_key_type = 0x03;
805 if (old_key_type != 0xff)
806 new_key_type = old_key_type;
807 else
808 /* This is Changed Combination Link Key for
809 * a temporary link key.*/
810 return 0;
811 }
812
813 get_auth_requirements(local, peer, &local_auth);
814 remote_auth = device_get_auth(device);
815 bonding = device_is_bonding(device, NULL);
816
817 DBG("key type 0x%02x old key type 0x%02x new key type 0x%02x",
818 key_type, old_key_type, new_key_type);
819
820 DBG("local auth 0x%02x and remote auth 0x%02x",
821 local_auth, remote_auth);
822
823 /* Clear any previous debug key */
824 device_set_debug_key(device, NULL);
825
826 /* If this is not the first link key set a flag so a subsequent auth
827 * complete event doesn't trigger SDP and remove any stored key */
828 if (old_key_type != 0xff) {
829 device_set_renewed_key(device, TRUE);
830 device_remove_bonding(device);
831 }
832
833 /* Store the link key only in runtime memory if it's a debug
834 * key, else store the link key persistently if one of the
835 * following is true:
836 * 1. this is a legacy link key
837 * 2. this is a changed combination key and there was a previously
838 * stored one
839 * 3. neither local nor remote side had no-bonding as a requirement
840 * 4. the local side had dedicated bonding as a requirement
841 * 5. the remote side is using dedicated bonding since in that case
842 * also the local requirements are set to dedicated bonding
843 * If none of the above match only keep the link key around for
844 * this connection and set the temporary flag for the device.
845 */
846 if (new_key_type == 0x03) {
847 DBG("Storing debug key in runtime memory");
848 device_set_debug_key(device, key);
849 } else if (key_type < 0x03 ||
850 (key_type == 0x06 && old_key_type != 0xff) ||
851 (local_auth > 0x01 && remote_auth > 0x01) ||
852 (local_auth == 0x02 || local_auth == 0x03) ||
853 (remote_auth == 0x02 || remote_auth == 0x03)) {
854 int err;
855
856 DBG("storing link key of type 0x%02x", key_type);
857
858 err = write_link_key(local, peer, key, new_key_type,
859 pin_length);
860 if (err < 0) {
861 error("write_link_key: %s (%d)", strerror(-err), -err);
862 return err;
863 }
864 } else
865 temporary = TRUE;
866
867 if (!device_is_connected(device))
868 device_set_secmode3_conn(device, TRUE);
869 else if (!bonding && old_key_type == 0xff)
870 hcid_dbus_bonding_process_complete(local, peer, 0);
871
872 device_set_temporary(device, temporary);
873
874 return 0;
875 }
876
hcid_dbus_get_oob_data(bdaddr_t * sba,bdaddr_t * dba)877 int hcid_dbus_get_oob_data(bdaddr_t *sba, bdaddr_t * dba)
878 {
879 struct btd_adapter *adapter;
880 struct btd_device *device;
881 struct agent *agent = NULL;
882
883 if (!get_adapter_and_device(sba, dba, &adapter, &device, TRUE))
884 return -ENODEV;
885
886 agent = device_get_agent(device);
887 if (agent == NULL) {
888 error("No agent available for device");
889 return -1;
890 }
891
892 return device_request_authentication(device, AUTH_TYPE_OOB, 0,
893 oob_data_cb);
894 }
895
hcid_dbus_conn_complete(bdaddr_t * local,uint8_t status,uint16_t handle,bdaddr_t * peer)896 void hcid_dbus_conn_complete(bdaddr_t *local, uint8_t status, uint16_t handle,
897 bdaddr_t *peer)
898 {
899 struct btd_adapter *adapter;
900 struct btd_device *device;
901
902 if (!get_adapter_and_device(local, peer, &adapter, &device, TRUE))
903 return;
904
905 if (status) {
906 gboolean secmode3 = device_get_secmode3_conn(device);
907
908 device_set_secmode3_conn(device, FALSE);
909
910 if (device_is_bonding(device, NULL))
911 device_bonding_complete(device, status);
912 if (device_is_temporary(device))
913 adapter_remove_device(connection, adapter, device,
914 secmode3);
915 return;
916 }
917
918 /* add in the device connetions list */
919 adapter_add_connection(adapter, device, handle);
920 }
921
hcid_dbus_disconn_complete(bdaddr_t * local,uint8_t status,uint16_t handle,uint8_t reason)922 void hcid_dbus_disconn_complete(bdaddr_t *local, uint8_t status,
923 uint16_t handle, uint8_t reason)
924 {
925 struct btd_adapter *adapter;
926 struct btd_device *device;
927
928 if (status) {
929 error("Disconnection failed: 0x%02x", status);
930 return;
931 }
932
933 adapter = manager_find_adapter(local);
934 if (!adapter) {
935 error("No matching adapter found");
936 return;
937 }
938
939 device = adapter_find_connection(adapter, handle);
940 if (!device) {
941 DBG("No matching connection found for handle %u", handle);
942 return;
943 }
944
945 adapter_remove_connection(adapter, device, handle);
946 }
947
948 /* Section reserved to device HCI callbacks */
949
hcid_dbus_setscan_enable_complete(bdaddr_t * local)950 void hcid_dbus_setscan_enable_complete(bdaddr_t *local)
951 {
952 struct btd_adapter *adapter;
953 read_scan_enable_rp rp;
954 struct hci_request rq;
955 int dd = -1;
956 uint16_t dev_id;
957
958 adapter = manager_find_adapter(local);
959 if (!adapter) {
960 error("No matching adapter found");
961 return;
962 }
963
964 if (adapter_powering_down(adapter))
965 return;
966
967 dev_id = adapter_get_dev_id(adapter);
968
969 dd = hci_open_dev(dev_id);
970 if (dd < 0) {
971 error("HCI device open failed: hci%d", dev_id);
972 return;
973 }
974
975 memset(&rq, 0, sizeof(rq));
976 rq.ogf = OGF_HOST_CTL;
977 rq.ocf = OCF_READ_SCAN_ENABLE;
978 rq.rparam = &rp;
979 rq.rlen = READ_SCAN_ENABLE_RP_SIZE;
980 rq.event = EVT_CMD_COMPLETE;
981
982 if (hci_send_req(dd, &rq, HCI_REQ_TIMEOUT) < 0) {
983 error("Sending read scan enable command failed: %s (%d)",
984 strerror(errno), errno);
985 goto failed;
986 }
987
988 if (rp.status) {
989 error("Getting scan enable failed with status 0x%02x",
990 rp.status);
991 goto failed;
992 }
993
994 adapter_mode_changed(adapter, rp.enable);
995
996 failed:
997 if (dd >= 0)
998 hci_close_dev(dd);
999 }
1000
hcid_dbus_write_simple_pairing_mode_complete(bdaddr_t * local)1001 void hcid_dbus_write_simple_pairing_mode_complete(bdaddr_t *local)
1002 {
1003 struct btd_adapter *adapter;
1004 int dd;
1005 uint8_t mode;
1006 uint16_t dev_id;
1007 const gchar *path;
1008
1009 adapter = manager_find_adapter(local);
1010 if (!adapter) {
1011 error("No matching adapter found");
1012 return;
1013 }
1014
1015 dev_id = adapter_get_dev_id(adapter);
1016 path = adapter_get_path(adapter);
1017
1018 dd = hci_open_dev(dev_id);
1019 if (dd < 0) {
1020 error("HCI adapter open failed: %s", path);
1021 return;
1022 }
1023
1024 if (hci_read_simple_pairing_mode(dd, &mode,
1025 HCI_REQ_TIMEOUT) < 0) {
1026 error("Can't read simple pairing mode for %s: %s(%d)",
1027 path, strerror(errno), errno);
1028 hci_close_dev(dd);
1029 return;
1030 }
1031
1032 hci_close_dev(dd);
1033
1034 adapter_update_ssp_mode(adapter, mode);
1035 }
1036
hcid_dbus_returned_link_key(bdaddr_t * local,bdaddr_t * peer)1037 void hcid_dbus_returned_link_key(bdaddr_t *local, bdaddr_t *peer)
1038 {
1039 struct btd_adapter *adapter;
1040 struct btd_device *device;
1041
1042 if (!get_adapter_and_device(local, peer, &adapter, &device, TRUE))
1043 return;
1044
1045 device_set_paired(device, TRUE);
1046 }
1047
hcid_dbus_get_io_cap(bdaddr_t * local,bdaddr_t * remote)1048 int hcid_dbus_get_io_cap(bdaddr_t *local, bdaddr_t *remote)
1049 {
1050 struct btd_adapter *adapter;
1051 struct btd_device *device;
1052 struct oob_availability_req *oob_req;
1053 struct agent *agent = NULL;
1054 uint8_t agent_cap, auth, cap;
1055 gboolean oob = FALSE;
1056 int ret;
1057
1058 if (!get_adapter_and_device(local, remote, &adapter, &device, TRUE))
1059 return -ENODEV;
1060
1061 if (get_auth_requirements(local, remote, &auth) < 0)
1062 return -1;
1063
1064 DBG("initial authentication requirement is 0x%02x", auth);
1065
1066 if (auth == 0xff)
1067 auth = device_get_auth(device);
1068
1069 /* Check if the adapter is not pairable and if there isn't a bonding
1070 * in progress */
1071 if (!adapter_is_pairable(adapter) &&
1072 !device_is_bonding(device, NULL)) {
1073 if (device_get_auth(device) < 0x02) {
1074 DBG("Allowing no bonding in non-bondable mode");
1075 /* No input, no output */
1076 cap = 0x03;
1077 /* Kernel defaults to general bonding and so
1078 * overwrite for this special case. Otherwise
1079 * non-pairable test cases will fail. */
1080 auth = 0x00;
1081 goto done;
1082 }
1083 return -EPERM;
1084 }
1085
1086 /* For CreatePairedDevice use dedicated bonding */
1087 agent = device_get_agent(device);
1088 if (!agent) {
1089 /* This is the non bondable mode case */
1090 if (device_get_auth(device) > 0x01) {
1091 DBG("Bonding request, but no agent present");
1092 return -1;
1093 }
1094
1095 /* No agent available, and no bonding case */
1096 if (auth == 0x00 || auth == 0x04) {
1097 DBG("Allowing no bonding without agent");
1098 /* No input, no output */
1099 cap = 0x03;
1100 /* If kernel defaults to general bonding, set it
1101 * back to no bonding */
1102 auth = 0x00;
1103 goto done;
1104 }
1105
1106 error("No agent available for IO capability");
1107 return -1;
1108 }
1109
1110 agent_cap = agent_get_io_capability(agent);
1111
1112 if (auth == 0x00 || auth == 0x04) {
1113 /* If remote requests dedicated bonding follow that lead */
1114 if (device_get_auth(device) == 0x02 ||
1115 device_get_auth(device) == 0x03) {
1116
1117 /* If both remote and local IO capabilities allow MITM
1118 * then require it, otherwise don't */
1119 if (device_get_cap(device) == 0x03 ||
1120 agent_cap == 0x03)
1121 auth = 0x02;
1122 else
1123 auth = 0x03;
1124 }
1125
1126 /* If remote indicates no bonding then follow that. This
1127 * is important since the kernel might give general bonding
1128 * as default. */
1129 if (device_get_auth(device) == 0x00 ||
1130 device_get_auth(device) == 0x01)
1131 auth = 0x00;
1132
1133 /* If remote requires MITM then also require it, unless
1134 * our IO capability is NoInputNoOutput (so some
1135 * just-works security cases can be tested) */
1136 if (device_get_auth(device) != 0xff &&
1137 (device_get_auth(device) & 0x01) &&
1138 agent_cap != 0x03)
1139 auth |= 0x01;
1140 }
1141
1142 DBG("final authentication requirement is 0x%02x", auth);
1143 cap = agent_get_io_capability(agent);
1144 oob = agent_get_oob_capability(agent);
1145
1146 // if pairing is not locally initiated
1147 if (oob && agent == adapter_get_agent(adapter)) {
1148 oob_req = g_new0(struct oob_availability_req, 1);
1149 oob_req->device = device;
1150 oob_req->auth = auth;
1151 oob_req->capa = cap;
1152
1153 ret = device_request_oob_availability(device, oob_availability_cb,
1154 oob_req);
1155 if (ret < 0) {
1156 g_free(oob_req);
1157 oob = FALSE;
1158 goto done;
1159 }
1160 return ret;
1161 }
1162
1163 done:
1164 io_capa_oob_response(adapter, device, cap, auth, oob);
1165 return 0;
1166 }
1167
hcid_dbus_set_io_cap(bdaddr_t * local,bdaddr_t * remote,uint8_t cap,uint8_t auth)1168 int hcid_dbus_set_io_cap(bdaddr_t *local, bdaddr_t *remote,
1169 uint8_t cap, uint8_t auth)
1170 {
1171 struct btd_adapter *adapter;
1172 struct btd_device *device;
1173
1174 if (!get_adapter_and_device(local, remote, &adapter, &device, TRUE))
1175 return -ENODEV;
1176
1177 device_set_cap(device, cap);
1178 device_set_auth(device, auth);
1179
1180 return 0;
1181 }
1182
1183 /* Most of the functions in this module require easy access to a connection so
1184 * we keep it global here and provide these access functions the other (few)
1185 * modules that require access to it */
1186
set_dbus_connection(DBusConnection * conn)1187 void set_dbus_connection(DBusConnection *conn)
1188 {
1189 connection = conn;
1190 }
1191
get_dbus_connection(void)1192 DBusConnection *get_dbus_connection(void)
1193 {
1194 return connection;
1195 }
1196