• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  *
3  *  BlueZ - Bluetooth protocol stack for Linux
4  *
5  *  Copyright (C) 2006-2010  Nokia Corporation
6  *  Copyright (C) 2004-2010  Marcel Holtmann <marcel@holtmann.org>
7  *
8  *
9  *  This program is free software; you can redistribute it and/or modify
10  *  it under the terms of the GNU General Public License as published by
11  *  the Free Software Foundation; either version 2 of the License, or
12  *  (at your option) any later version.
13  *
14  *  This program is distributed in the hope that it will be useful,
15  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
16  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17  *  GNU General Public License for more details.
18  *
19  *  You should have received a copy of the GNU General Public License
20  *  along with this program; if not, write to the Free Software
21  *  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
22  *
23  */
24 
25 #ifdef HAVE_CONFIG_H
26 #include <config.h>
27 #endif
28 
29 #define _GNU_SOURCE
30 #include <stdio.h>
31 #include <errno.h>
32 #include <unistd.h>
33 #include <stdlib.h>
34 #include <string.h>
35 #include <sys/param.h>
36 #include <sys/ioctl.h>
37 #include <sys/socket.h>
38 
39 #include <bluetooth/bluetooth.h>
40 #include <bluetooth/hci.h>
41 #include <bluetooth/hci_lib.h>
42 #include <bluetooth/sdp.h>
43 
44 #include <glib.h>
45 #include <dbus/dbus.h>
46 #include <gdbus.h>
47 
48 #include "log.h"
49 #include "textfile.h"
50 
51 #include "hcid.h"
52 #include "manager.h"
53 #include "adapter.h"
54 #include "device.h"
55 #include "error.h"
56 #include "glib-helper.h"
57 #include "dbus-common.h"
58 #include "agent.h"
59 #include "storage.h"
60 #include "dbus-hci.h"
61 
62 struct oob_availability_req {
63         struct btd_device *device;
64         uint8_t auth;
65         uint8_t capa;
66 };
67 
68 static DBusConnection *connection = NULL;
69 
get_adapter_and_device(bdaddr_t * src,bdaddr_t * dst,struct btd_adapter ** adapter,struct btd_device ** device,gboolean create)70 gboolean get_adapter_and_device(bdaddr_t *src, bdaddr_t *dst,
71 					struct btd_adapter **adapter,
72 					struct btd_device **device,
73 					gboolean create)
74 {
75 	char peer_addr[18];
76 
77 	*adapter = manager_find_adapter(src);
78 	if (!*adapter) {
79 		error("Unable to find matching adapter");
80 		return FALSE;
81 	}
82 
83 	ba2str(dst, peer_addr);
84 
85 	if (create)
86 		*device = adapter_get_device(connection, *adapter, peer_addr);
87 	else
88 		*device = adapter_find_device(*adapter, peer_addr);
89 
90 	if (create && !*device) {
91 		error("Unable to get device object!");
92 		return FALSE;
93 	}
94 
95 	return TRUE;
96 }
97 
class_to_icon(uint32_t class)98 const char *class_to_icon(uint32_t class)
99 {
100 	switch ((class & 0x1f00) >> 8) {
101 	case 0x01:
102 		return "computer";
103 	case 0x02:
104 		switch ((class & 0xfc) >> 2) {
105 		case 0x01:
106 		case 0x02:
107 		case 0x03:
108 		case 0x05:
109 			return "phone";
110 		case 0x04:
111 			return "modem";
112 		}
113 		break;
114 	case 0x03:
115 		return "network-wireless";
116 	case 0x04:
117 		switch ((class & 0xfc) >> 2) {
118 		case 0x01:
119 		case 0x02:
120 			return "audio-card";	/* Headset */
121 		case 0x06:
122 			return "audio-card";	/* Headphone */
123 		case 0x0b: /* VCR */
124 		case 0x0c: /* Video Camera */
125 		case 0x0d: /* Camcorder */
126 			return "camera-video";
127 		default:
128 			return "audio-card";	/* Other audio device */
129 		}
130 		break;
131 	case 0x05:
132 		switch ((class & 0xc0) >> 6) {
133 		case 0x00:
134 			switch ((class & 0x1e) >> 2) {
135 			case 0x01:
136 			case 0x02:
137 				return "input-gaming";
138 			}
139 			break;
140 		case 0x01:
141 			return "input-keyboard";
142 		case 0x02:
143 			switch ((class & 0x1e) >> 2) {
144 			case 0x05:
145 				return "input-tablet";
146 			default:
147 				return "input-mouse";
148 			}
149 		}
150 		break;
151 	case 0x06:
152 		if (class & 0x80)
153 			return "printer";
154 		if (class & 0x20)
155 			return "camera-photo";
156 		break;
157 	}
158 
159 	return NULL;
160 }
161 
162 /*****************************************************************
163  *
164  *  Section reserved to HCI commands confirmation handling and low
165  *  level events(eg: device attached/dettached.
166  *
167  *****************************************************************/
168 
pincode_cb(struct agent * agent,DBusError * err,const char * pincode,struct btd_device * device)169 static void pincode_cb(struct agent *agent, DBusError *err,
170 				const char *pincode, struct btd_device *device)
171 {
172 	struct btd_adapter *adapter = device_get_adapter(device);
173 	pin_code_reply_cp pr;
174 	bdaddr_t sba, dba;
175 	size_t len;
176 	int dev;
177 	uint16_t dev_id = adapter_get_dev_id(adapter);
178 
179 	dev = hci_open_dev(dev_id);
180 	if (dev < 0) {
181 		error("hci_open_dev(%d): %s (%d)", dev_id,
182 				strerror(errno), errno);
183 		return;
184 	}
185 
186 	adapter_get_address(adapter, &sba);
187 	device_get_address(device, &dba);
188 
189 	if (err) {
190 		hci_send_cmd(dev, OGF_LINK_CTL,
191 				OCF_PIN_CODE_NEG_REPLY, 6, &dba);
192 		goto done;
193 	}
194 
195 	len = strlen(pincode);
196 
197 	set_pin_length(&sba, len);
198 
199 	memset(&pr, 0, sizeof(pr));
200 	bacpy(&pr.bdaddr, &dba);
201 	memcpy(pr.pin_code, pincode, len);
202 	pr.pin_len = len;
203 	hci_send_cmd(dev, OGF_LINK_CTL, OCF_PIN_CODE_REPLY,
204 						PIN_CODE_REPLY_CP_SIZE, &pr);
205 
206 done:
207 	hci_close_dev(dev);
208 }
209 
hcid_dbus_request_pin(int dev,bdaddr_t * sba,struct hci_conn_info * ci)210 int hcid_dbus_request_pin(int dev, bdaddr_t *sba, struct hci_conn_info *ci)
211 {
212 	struct btd_adapter *adapter;
213 	struct btd_device *device;
214 
215 	if (!get_adapter_and_device(sba, &ci->bdaddr, &adapter, &device, TRUE))
216 		return -ENODEV;
217 
218 	/* Check if the adapter is not pairable and if there isn't a bonding in
219 	 * progress */
220 	if (!adapter_is_pairable(adapter) && !device_is_bonding(device, NULL))
221 		return -EPERM;
222 
223 	return device_request_authentication(device, AUTH_TYPE_PINCODE, 0,
224 								pincode_cb);
225 }
226 
confirm_reply(struct btd_adapter * adapter,struct btd_device * device,gboolean success)227 static int confirm_reply(struct btd_adapter *adapter,
228 				struct btd_device *device, gboolean success)
229 {
230 	int dd;
231 	user_confirm_reply_cp cp;
232 	uint16_t dev_id = adapter_get_dev_id(adapter);
233 
234 	dd = hci_open_dev(dev_id);
235 	if (dd < 0) {
236 		error("Unable to open hci%d", dev_id);
237 		return dd;
238 	}
239 
240 	memset(&cp, 0, sizeof(cp));
241 	device_get_address(device, &cp.bdaddr);
242 
243 	if (success)
244 		hci_send_cmd(dd, OGF_LINK_CTL, OCF_USER_CONFIRM_REPLY,
245 					USER_CONFIRM_REPLY_CP_SIZE, &cp);
246 	else
247 		hci_send_cmd(dd, OGF_LINK_CTL, OCF_USER_CONFIRM_NEG_REPLY,
248 					USER_CONFIRM_REPLY_CP_SIZE, &cp);
249 
250 	hci_close_dev(dd);
251 
252 	return 0;
253 }
254 
confirm_cb(struct agent * agent,DBusError * err,void * user_data)255 static void confirm_cb(struct agent *agent, DBusError *err, void *user_data)
256 {
257 	struct btd_device *device = user_data;
258 	struct btd_adapter *adapter = device_get_adapter(device);
259 	gboolean success = (err == NULL) ? TRUE : FALSE;
260 
261 	confirm_reply(adapter, device, success);
262 }
263 
passkey_cb(struct agent * agent,DBusError * err,uint32_t passkey,void * user_data)264 static void passkey_cb(struct agent *agent, DBusError *err, uint32_t passkey,
265 			void *user_data)
266 {
267 	struct btd_device *device = user_data;
268 	struct btd_adapter *adapter = device_get_adapter(device);
269 	user_passkey_reply_cp cp;
270 	bdaddr_t dba;
271 	int dd;
272 	uint16_t dev_id = adapter_get_dev_id(adapter);
273 
274 	dd = hci_open_dev(dev_id);
275 	if (dd < 0) {
276 		error("Unable to open hci%d", dev_id);
277 		return;
278 	}
279 
280 	device_get_address(device, &dba);
281 
282 	memset(&cp, 0, sizeof(cp));
283 	bacpy(&cp.bdaddr, &dba);
284 	cp.passkey = passkey;
285 
286 	if (err)
287 		hci_send_cmd(dd, OGF_LINK_CTL,
288 				OCF_USER_PASSKEY_NEG_REPLY, 6, &dba);
289 	else
290 		hci_send_cmd(dd, OGF_LINK_CTL, OCF_USER_PASSKEY_REPLY,
291 					USER_PASSKEY_REPLY_CP_SIZE, &cp);
292 
293 	hci_close_dev(dd);
294 }
295 
oob_data_cb(struct agent * agent,DBusError * err,uint8_t * hash,uint8_t * randomizer,void * user_data)296 static void oob_data_cb(struct  agent *agent, DBusError *err, uint8_t *hash,
297 				uint8_t *randomizer, void *user_data)
298 {
299 	struct btd_device *device = user_data;
300 	struct btd_adapter *adapter = device_get_adapter(device);
301 	remote_oob_data_reply_cp cp;
302 	bdaddr_t dba;
303 	int dd;
304 	uint16_t dev_id = adapter_get_dev_id(adapter);
305 
306 	dd = hci_open_dev(dev_id);
307 	if (dd < 0) {
308 		error("Unable to open hci%d", dev_id);
309 		return;
310 	}
311 
312 	device_get_address(device, &dba);
313 	memset(&cp, 0, sizeof(cp));
314 	bacpy(&cp.bdaddr, &dba);
315 
316 	memcpy(&cp.hash, hash, 16);
317 	memcpy(&cp.randomizer, randomizer, 16);
318 
319 	if (err)
320                 hci_send_cmd(dd, OGF_LINK_CTL, OCF_REMOTE_OOB_DATA_NEG_REPLY,
321                                 6, &dba);
322 
323 	else
324                 hci_send_cmd(dd, OGF_LINK_CTL, OCF_REMOTE_OOB_DATA_REPLY,
325                                 REMOTE_OOB_DATA_REPLY_CP_SIZE, &cp);
326 
327 	hci_close_dev(dd);
328 }
329 
io_capa_oob_response(struct btd_adapter * adapter,struct btd_device * device,uint8_t cap,uint8_t auth,gboolean oob)330 static void io_capa_oob_response(struct btd_adapter *adapter, struct btd_device *device,
331 					uint8_t cap, uint8_t auth, gboolean oob)
332 {
333         io_capability_reply_cp cp;
334 	int dd;
335 	uint16_t dev_id = adapter_get_dev_id(adapter);
336 
337 	dd = hci_open_dev(dev_id);
338 	if (dd < 0) {
339 		error("Unable to open hci%d", dev_id);
340 		return;
341 	}
342 	memset(&cp, 0, sizeof(cp));
343 	device_get_address(device, &cp.bdaddr);
344 
345 	cp.capability = cap;
346 	if (oob)
347 		cp.oob_data = 0x01;
348 	else
349 		cp.oob_data = 0x00;
350 	cp.authentication = auth;
351 
352 	hci_send_cmd(dd, OGF_LINK_CTL, OCF_IO_CAPABILITY_REPLY,
353 			IO_CAPABILITY_REPLY_CP_SIZE, &cp);
354 	hci_close_dev(dd);
355 }
356 
oob_availability_cb(struct agent * agent,DBusError * err,void * user_data)357 static void oob_availability_cb(struct agent *agent, DBusError *err,
358 					void *user_data)
359 {
360 	struct oob_availability_req *oob = user_data;
361 	struct btd_device *device = oob->device;
362 	struct btd_adapter *adapter = device_get_adapter(device);
363 
364 	if (err) {
365 		io_capa_oob_response(adapter, device, oob->capa, oob->auth, FALSE);
366 	} else {
367 		io_capa_oob_response(adapter, device, oob->capa, oob->auth, TRUE);
368 	}
369 }
370 
371 
pairing_consent_cb(struct agent * agent,DBusError * err,void * user_data)372 static void pairing_consent_cb(struct agent *agent, DBusError *err,
373 					void *user_data)
374 {
375 	struct btd_device *device = user_data;
376 	struct btd_adapter *adapter = device_get_adapter(device);
377 	user_confirm_reply_cp cp;
378 	int dd;
379 	uint16_t dev_id = adapter_get_dev_id(adapter);
380 
381 	dd = hci_open_dev(dev_id);
382 	if (dd < 0) {
383 		error("Unable to open hci%d", dev_id);
384 		return;
385 	}
386 
387 	memset(&cp, 0, sizeof(cp));
388 	device_get_address(device, &cp.bdaddr);
389 
390 	if (err)
391 		hci_send_cmd(dd, OGF_LINK_CTL, OCF_USER_CONFIRM_NEG_REPLY,
392 					USER_CONFIRM_REPLY_CP_SIZE, &cp);
393 	else
394 		hci_send_cmd(dd, OGF_LINK_CTL, OCF_USER_CONFIRM_REPLY,
395 					USER_CONFIRM_REPLY_CP_SIZE, &cp);
396 
397 	hci_close_dev(dd);
398 }
399 
get_auth_requirements(bdaddr_t * local,bdaddr_t * remote,uint8_t * auth)400 static int get_auth_requirements(bdaddr_t *local, bdaddr_t *remote,
401 							uint8_t *auth)
402 {
403 	struct hci_auth_info_req req;
404 	char addr[18];
405 	int err, dd, dev_id;
406 
407 	ba2str(local, addr);
408 
409 	dev_id = hci_devid(addr);
410 	if (dev_id < 0)
411 		return dev_id;
412 
413 	dd = hci_open_dev(dev_id);
414 	if (dd < 0)
415 		return dd;
416 
417 	memset(&req, 0, sizeof(req));
418 	bacpy(&req.bdaddr, remote);
419 
420 	err = ioctl(dd, HCIGETAUTHINFO, (unsigned long) &req);
421 	if (err < 0) {
422 		DBG("HCIGETAUTHINFO failed: %s (%d)",
423 					strerror(errno), errno);
424 		hci_close_dev(dd);
425 		return err;
426 	}
427 
428 	hci_close_dev(dd);
429 
430 	if (auth)
431 		*auth = req.type;
432 
433 	return 0;
434 }
435 
hcid_dbus_user_confirm(bdaddr_t * sba,bdaddr_t * dba,uint32_t passkey)436 int hcid_dbus_user_confirm(bdaddr_t *sba, bdaddr_t *dba, uint32_t passkey)
437 {
438 	struct btd_adapter *adapter;
439 	struct btd_device *device;
440 	struct agent *agent;
441 	uint8_t rem_cap, rem_auth, loc_cap, loc_auth;
442 	gboolean bonding_initiator;
443 
444 	if (!get_adapter_and_device(sba, dba, &adapter, &device, TRUE))
445 		return -ENODEV;
446 
447 	if (get_auth_requirements(sba, dba, &loc_auth) < 0) {
448 		error("Unable to get local authentication requirements");
449 		goto fail;
450 	}
451 
452 	agent = device_get_agent(device);
453 	if (agent == NULL) {
454 		error("No agent available for user confirmation");
455 		goto fail;
456 	}
457 
458 	loc_cap = agent_get_io_capability(agent);
459 
460 	DBG("confirm IO capabilities are 0x%02x", loc_cap);
461 	DBG("confirm authentication requirement is 0x%02x", loc_auth);
462 
463 	rem_cap = device_get_cap(device);
464 	rem_auth = device_get_auth(device);
465 
466 	DBG("remote IO capabilities are 0x%02x", rem_cap);
467 	DBG("remote authentication requirement is 0x%02x", rem_auth);
468 
469 	/* If we require MITM but the remote device can't provide that
470 	 * (it has NoInputNoOutput) then reject the confirmation
471 	 * request. The only exception is when we're dedicated bonding
472 	 * initiators since then we always have the MITM bit set. */
473 	bonding_initiator = device_is_bonding(device, NULL);
474 	if (!bonding_initiator && (loc_auth & 0x01) && rem_cap == 0x03) {
475 		error("Rejecting request: remote device can't provide MITM");
476 		goto fail;
477 	}
478 
479 	/* If local IO capabilities are DisplayYesNo and remote IO
480 	 * capabiltiies are DisplayOnly or NoInputNoOutput;
481 	 * call PairingConsent callback for incoming requests. */
482 	agent = device_get_agent(device);
483 	if (!agent) {
484 		agent = adapter_get_agent(adapter);
485 		if ((agent_get_io_capability(agent) & 0x01) &&
486 		            (rem_cap == 0x00 || rem_cap == 0x03))
487 			return device_request_authentication(device,
488 					AUTH_TYPE_PAIRING_CONSENT, 0,
489 					pairing_consent_cb);
490 	}
491 
492 	/* If no side requires MITM protection; auto-accept */
493 	if ((loc_auth == 0xff || !(loc_auth & 0x01) || rem_cap == 0x03) &&
494 				(!(rem_auth & 0x01) || loc_cap == 0x03)) {
495 		DBG("auto accept of confirmation");
496 
497 		/* Wait 5 milliseconds before doing auto-accept */
498 		usleep(5000);
499 
500 		if (confirm_reply(adapter, device, TRUE) < 0)
501 			return -EIO;
502 
503 		return device_request_authentication(device, AUTH_TYPE_AUTO,
504 								0, NULL);
505 	}
506 
507 	return device_request_authentication(device, AUTH_TYPE_CONFIRM,
508 							passkey, confirm_cb);
509 
510 fail:
511 	return confirm_reply(adapter, device, FALSE);
512 }
513 
hcid_dbus_user_passkey(bdaddr_t * sba,bdaddr_t * dba)514 int hcid_dbus_user_passkey(bdaddr_t *sba, bdaddr_t *dba)
515 {
516 	struct btd_adapter *adapter;
517 	struct btd_device *device;
518 
519 	if (!get_adapter_and_device(sba, dba, &adapter, &device, TRUE))
520 		return -ENODEV;
521 
522 	return device_request_authentication(device, AUTH_TYPE_PASSKEY, 0,
523 								passkey_cb);
524 }
525 
hcid_dbus_user_notify(bdaddr_t * sba,bdaddr_t * dba,uint32_t passkey)526 int hcid_dbus_user_notify(bdaddr_t *sba, bdaddr_t *dba, uint32_t passkey)
527 {
528 	struct btd_adapter *adapter;
529 	struct btd_device *device;
530 
531 	if (!get_adapter_and_device(sba, dba, &adapter, &device, TRUE))
532 		return -ENODEV;
533 
534 	return device_request_authentication(device, AUTH_TYPE_NOTIFY,
535 								passkey, NULL);
536 }
537 
hcid_dbus_bonding_process_complete(bdaddr_t * local,bdaddr_t * peer,uint8_t status)538 void hcid_dbus_bonding_process_complete(bdaddr_t *local, bdaddr_t *peer,
539 								uint8_t status)
540 {
541 	struct btd_adapter *adapter;
542 	struct btd_device *device;
543 
544 	DBG("status=%02x", status);
545 
546 	if (!get_adapter_and_device(local, peer, &adapter, &device, TRUE))
547 		return;
548 
549 	if (!device_is_authenticating(device)) {
550 		/* This means that there was no pending PIN or SSP token
551 		 * request from the controller, i.e. this is not a new
552 		 * pairing */
553 		DBG("no pending auth request");
554 		return;
555 	}
556 
557 	/* If this is a new pairing send the appropriate reply and signal for
558 	 * it and proceed with service discovery */
559 	device_bonding_complete(device, status);
560 }
561 
hcid_dbus_simple_pairing_complete(bdaddr_t * local,bdaddr_t * peer,uint8_t status)562 void hcid_dbus_simple_pairing_complete(bdaddr_t *local, bdaddr_t *peer,
563 								uint8_t status)
564 {
565 	struct btd_adapter *adapter;
566 	struct btd_device *device;
567 
568 	DBG("status=%02x", status);
569 
570 	if (!get_adapter_and_device(local, peer, &adapter, &device, TRUE))
571 		return;
572 
573 	device_simple_pairing_complete(device, status);
574 }
575 
extract_eir_name(uint8_t * data,uint8_t * type)576 static char *extract_eir_name(uint8_t *data, uint8_t *type)
577 {
578 	if (!data || !type)
579 		return NULL;
580 
581 	if (data[0] == 0)
582 		return NULL;
583 
584 	*type = data[1];
585 
586 	switch (*type) {
587 	case 0x08:
588 	case 0x09:
589 		return strndup((char *) (data + 2), data[0] - 1);
590 	}
591 
592 	return NULL;
593 }
594 
hcid_dbus_inquiry_result(bdaddr_t * local,bdaddr_t * peer,uint32_t class,int8_t rssi,uint8_t * data)595 void hcid_dbus_inquiry_result(bdaddr_t *local, bdaddr_t *peer, uint32_t class,
596 				int8_t rssi, uint8_t *data)
597 {
598 	char filename[PATH_MAX + 1];
599 	struct btd_adapter *adapter;
600 	struct btd_device *device;
601 	char local_addr[18], peer_addr[18], *alias, *name, *tmp_name;
602 	struct remote_dev_info *dev, match;
603 	uint8_t name_type = 0x00;
604 	name_status_t name_status;
605 	int state;
606 	dbus_bool_t legacy;
607 	unsigned char features[8];
608 
609 	ba2str(local, local_addr);
610 	ba2str(peer, peer_addr);
611 
612 	if (!get_adapter_and_device(local, peer, &adapter, &device, FALSE)) {
613 		error("No matching adapter found");
614 		return;
615 	}
616 
617 	write_remote_class(local, peer, class);
618 
619 	if (data)
620 		write_remote_eir(local, peer, data);
621 
622 	/*
623 	 * workaround to identify situation when the daemon started and
624 	 * a standard inquiry or periodic inquiry was already running
625 	 */
626 	if (!(adapter_get_state(adapter) & STD_INQUIRY) &&
627 			!(adapter_get_state(adapter) & PERIODIC_INQUIRY)) {
628 		state = adapter_get_state(adapter);
629 		state |= PERIODIC_INQUIRY;
630 		adapter_set_state(adapter, state);
631 	}
632 
633 	memset(&match, 0, sizeof(struct remote_dev_info));
634 	bacpy(&match.bdaddr, peer);
635 	match.name_status = NAME_SENT;
636 	/* if found: don't send the name again */
637 	dev = adapter_search_found_devices(adapter, &match);
638 	if (dev) {
639 		adapter_update_found_devices(adapter, peer, rssi, class,
640 						NULL, NULL, dev->legacy,
641 						NAME_NOT_REQUIRED);
642 		return;
643 	}
644 
645 	/* the inquiry result can be triggered by NON D-Bus client */
646 	if (adapter_get_state(adapter) & RESOLVE_NAME)
647 		name_status = NAME_REQUIRED;
648 	else
649 		name_status = NAME_NOT_REQUIRED;
650 
651 	create_name(filename, PATH_MAX, STORAGEDIR, local_addr, "aliases");
652 	alias = textfile_get(filename, peer_addr);
653 
654 	create_name(filename, PATH_MAX, STORAGEDIR, local_addr, "names");
655 	name = textfile_get(filename, peer_addr);
656 
657 	if (data)
658 		legacy = FALSE;
659 	else if (name == NULL)
660 		legacy = TRUE;
661 	else if (read_remote_features(local, peer, NULL, features) == 0) {
662 		if (features[0] & 0x01)
663 			legacy = FALSE;
664 		else
665 			legacy = TRUE;
666 	} else
667 		legacy = TRUE;
668 
669 	tmp_name = extract_eir_name(data, &name_type);
670 	if (tmp_name) {
671 		if (name_type == 0x09) {
672 			write_device_name(local, peer, tmp_name);
673 			name_status = NAME_NOT_REQUIRED;
674 
675 			if (name)
676 				g_free(name);
677 
678 			name = tmp_name;
679 		} else {
680 			if (name)
681 				free(tmp_name);
682 			else
683 				name = tmp_name;
684 		}
685 	}
686 
687 	if (name && name_type != 0x08)
688 		name_status = NAME_SENT;
689 
690 	/* add in the list to track name sent/pending */
691 	adapter_update_found_devices(adapter, peer, rssi, class, name, alias,
692 					legacy, name_status);
693 
694 	g_free(name);
695 	g_free(alias);
696 }
697 
hcid_dbus_set_legacy_pairing(bdaddr_t * local,bdaddr_t * peer,gboolean legacy)698 void hcid_dbus_set_legacy_pairing(bdaddr_t *local, bdaddr_t *peer,
699 							gboolean legacy)
700 {
701 	struct btd_adapter *adapter;
702 	struct btd_device *device;
703 	struct remote_dev_info *dev, match;
704 
705 	if (!get_adapter_and_device(local, peer, &adapter, &device, FALSE)) {
706 		error("No matching adapter found");
707 		return;
708 	}
709 
710 	memset(&match, 0, sizeof(struct remote_dev_info));
711 	bacpy(&match.bdaddr, peer);
712 	match.name_status = NAME_ANY;
713 
714 	dev = adapter_search_found_devices(adapter, &match);
715 	if (dev)
716 		dev->legacy = legacy;
717 }
718 
hcid_dbus_remote_class(bdaddr_t * local,bdaddr_t * peer,uint32_t class)719 void hcid_dbus_remote_class(bdaddr_t *local, bdaddr_t *peer, uint32_t class)
720 {
721 	uint32_t old_class = 0;
722 	struct btd_adapter *adapter;
723 	struct btd_device *device;
724 	const gchar *dev_path;
725 
726 	read_remote_class(local, peer, &old_class);
727 
728 	if (old_class == class)
729 		return;
730 
731 	if (!get_adapter_and_device(local, peer, &adapter, &device, FALSE))
732 		return;
733 
734 	if (!device)
735 		return;
736 
737 	dev_path = device_get_path(device);
738 
739 	emit_property_changed(connection, dev_path, DEVICE_INTERFACE, "Class",
740 				DBUS_TYPE_UINT32, &class);
741 }
742 
hcid_dbus_remote_name(bdaddr_t * local,bdaddr_t * peer,uint8_t status,char * name)743 void hcid_dbus_remote_name(bdaddr_t *local, bdaddr_t *peer, uint8_t status,
744 				char *name)
745 {
746 	struct btd_adapter *adapter;
747 	char srcaddr[18], dstaddr[18];
748 	int state;
749 	struct btd_device *device;
750 	struct remote_dev_info match, *dev_info;
751 
752 	if (!get_adapter_and_device(local, peer, &adapter, &device, FALSE))
753 		return;
754 
755 	ba2str(local, srcaddr);
756 	ba2str(peer, dstaddr);
757 
758 	if (status != 0)
759 		goto proceed;
760 
761 	bacpy(&match.bdaddr, peer);
762 	match.name_status = NAME_ANY;
763 
764 	dev_info = adapter_search_found_devices(adapter, &match);
765 	if (dev_info) {
766 		g_free(dev_info->name);
767 		dev_info->name = g_strdup(name);
768 		adapter_emit_device_found(adapter, dev_info);
769 	}
770 
771 	if (device)
772 		device_set_name(device, name);
773 
774 proceed:
775 	/* remove from remote name request list */
776 	adapter_remove_found_device(adapter, peer);
777 
778 	/* check if there is more devices to request names */
779 	if (adapter_resolve_names(adapter) == 0)
780 		return;
781 
782 	state = adapter_get_state(adapter);
783 	state &= ~PERIODIC_INQUIRY;
784 	state &= ~STD_INQUIRY;
785 	adapter_set_state(adapter, state);
786 }
787 
hcid_dbus_link_key_notify(bdaddr_t * local,bdaddr_t * peer,uint8_t * key,uint8_t key_type,int pin_length,uint8_t old_key_type)788 int hcid_dbus_link_key_notify(bdaddr_t *local, bdaddr_t *peer,
789 				uint8_t *key, uint8_t key_type,
790 				int pin_length, uint8_t old_key_type)
791 {
792 	struct btd_device *device;
793 	struct btd_adapter *adapter;
794 	uint8_t local_auth = 0xff, remote_auth, new_key_type;
795 	gboolean bonding, temporary = FALSE;
796 
797 	if (!get_adapter_and_device(local, peer, &adapter, &device, TRUE))
798 		return -ENODEV;
799 
800 	new_key_type = key_type;
801 
802 	if (key_type == 0x06) {
803 		if (device_get_debug_key(device, NULL))
804 			old_key_type = 0x03;
805 		if (old_key_type != 0xff)
806 			new_key_type = old_key_type;
807 		else
808 			/* This is Changed Combination Link Key for
809 			 * a temporary link key.*/
810 			return 0;
811 	}
812 
813 	get_auth_requirements(local, peer, &local_auth);
814 	remote_auth = device_get_auth(device);
815 	bonding = device_is_bonding(device, NULL);
816 
817 	DBG("key type 0x%02x old key type 0x%02x new key type 0x%02x",
818 					key_type, old_key_type, new_key_type);
819 
820 	DBG("local auth 0x%02x and remote auth 0x%02x",
821 					local_auth, remote_auth);
822 
823 	/* Clear any previous debug key */
824 	device_set_debug_key(device, NULL);
825 
826 	/* If this is not the first link key set a flag so a subsequent auth
827 	 * complete event doesn't trigger SDP and remove any stored key */
828 	if (old_key_type != 0xff) {
829 		device_set_renewed_key(device, TRUE);
830 		device_remove_bonding(device);
831 	}
832 
833 	/* Store the link key only in runtime memory if it's a debug
834 	 * key, else store the link key persistently if one of the
835 	 * following is true:
836 	 * 1. this is a legacy link key
837 	 * 2. this is a changed combination key and there was a previously
838 	 *    stored one
839 	 * 3. neither local nor remote side had no-bonding as a requirement
840 	 * 4. the local side had dedicated bonding as a requirement
841 	 * 5. the remote side is using dedicated bonding since in that case
842 	 *    also the local requirements are set to dedicated bonding
843 	 * If none of the above match only keep the link key around for
844 	 * this connection and set the temporary flag for the device.
845 	 */
846 	if (new_key_type == 0x03) {
847 		DBG("Storing debug key in runtime memory");
848 		device_set_debug_key(device, key);
849 	} else if (key_type < 0x03 ||
850 				(key_type == 0x06 && old_key_type != 0xff) ||
851 				(local_auth > 0x01 && remote_auth > 0x01) ||
852 				(local_auth == 0x02 || local_auth == 0x03) ||
853 				(remote_auth == 0x02 || remote_auth == 0x03)) {
854 		int err;
855 
856 		DBG("storing link key of type 0x%02x", key_type);
857 
858 		err = write_link_key(local, peer, key, new_key_type,
859 								pin_length);
860 		if (err < 0) {
861 			error("write_link_key: %s (%d)", strerror(-err), -err);
862 			return err;
863 		}
864 	} else
865 		temporary = TRUE;
866 
867 	if (!device_is_connected(device))
868 		device_set_secmode3_conn(device, TRUE);
869 	else if (!bonding && old_key_type == 0xff)
870 		hcid_dbus_bonding_process_complete(local, peer, 0);
871 
872 	device_set_temporary(device, temporary);
873 
874 	return 0;
875 }
876 
hcid_dbus_get_oob_data(bdaddr_t * sba,bdaddr_t * dba)877 int hcid_dbus_get_oob_data(bdaddr_t *sba, bdaddr_t * dba)
878 {
879 	struct btd_adapter *adapter;
880 	struct btd_device *device;
881 	struct agent *agent = NULL;
882 
883         if (!get_adapter_and_device(sba, dba, &adapter, &device, TRUE))
884 	        return -ENODEV;
885 
886 	agent = device_get_agent(device);
887 	if (agent == NULL) {
888 		error("No agent available for device");
889 		return -1;
890 	}
891 
892 	return device_request_authentication(device, AUTH_TYPE_OOB, 0,
893 						oob_data_cb);
894 }
895 
hcid_dbus_conn_complete(bdaddr_t * local,uint8_t status,uint16_t handle,bdaddr_t * peer)896 void hcid_dbus_conn_complete(bdaddr_t *local, uint8_t status, uint16_t handle,
897 				bdaddr_t *peer)
898 {
899 	struct btd_adapter *adapter;
900 	struct btd_device *device;
901 
902 	if (!get_adapter_and_device(local, peer, &adapter, &device, TRUE))
903 		return;
904 
905 	if (status) {
906 		gboolean secmode3 = device_get_secmode3_conn(device);
907 
908 		device_set_secmode3_conn(device, FALSE);
909 
910 		if (device_is_bonding(device, NULL))
911 			device_bonding_complete(device, status);
912 		if (device_is_temporary(device))
913 			adapter_remove_device(connection, adapter, device,
914 								secmode3);
915 		return;
916 	}
917 
918 	/* add in the device connetions list */
919 	adapter_add_connection(adapter, device, handle);
920 }
921 
hcid_dbus_disconn_complete(bdaddr_t * local,uint8_t status,uint16_t handle,uint8_t reason)922 void hcid_dbus_disconn_complete(bdaddr_t *local, uint8_t status,
923 				uint16_t handle, uint8_t reason)
924 {
925 	struct btd_adapter *adapter;
926 	struct btd_device *device;
927 
928 	if (status) {
929 		error("Disconnection failed: 0x%02x", status);
930 		return;
931 	}
932 
933 	adapter = manager_find_adapter(local);
934 	if (!adapter) {
935 		error("No matching adapter found");
936 		return;
937 	}
938 
939 	device = adapter_find_connection(adapter, handle);
940 	if (!device) {
941 		DBG("No matching connection found for handle %u", handle);
942 		return;
943 	}
944 
945 	adapter_remove_connection(adapter, device, handle);
946 }
947 
948 /* Section reserved to device HCI callbacks */
949 
hcid_dbus_setscan_enable_complete(bdaddr_t * local)950 void hcid_dbus_setscan_enable_complete(bdaddr_t *local)
951 {
952 	struct btd_adapter *adapter;
953 	read_scan_enable_rp rp;
954 	struct hci_request rq;
955 	int dd = -1;
956 	uint16_t dev_id;
957 
958 	adapter = manager_find_adapter(local);
959 	if (!adapter) {
960 		error("No matching adapter found");
961 		return;
962 	}
963 
964 	if (adapter_powering_down(adapter))
965 		return;
966 
967 	dev_id = adapter_get_dev_id(adapter);
968 
969 	dd = hci_open_dev(dev_id);
970 	if (dd < 0) {
971 		error("HCI device open failed: hci%d", dev_id);
972 		return;
973 	}
974 
975 	memset(&rq, 0, sizeof(rq));
976 	rq.ogf    = OGF_HOST_CTL;
977 	rq.ocf    = OCF_READ_SCAN_ENABLE;
978 	rq.rparam = &rp;
979 	rq.rlen   = READ_SCAN_ENABLE_RP_SIZE;
980 	rq.event  = EVT_CMD_COMPLETE;
981 
982 	if (hci_send_req(dd, &rq, HCI_REQ_TIMEOUT) < 0) {
983 		error("Sending read scan enable command failed: %s (%d)",
984 				strerror(errno), errno);
985 		goto failed;
986 	}
987 
988 	if (rp.status) {
989 		error("Getting scan enable failed with status 0x%02x",
990 				rp.status);
991 		goto failed;
992 	}
993 
994 	adapter_mode_changed(adapter, rp.enable);
995 
996 failed:
997 	if (dd >= 0)
998 		hci_close_dev(dd);
999 }
1000 
hcid_dbus_write_simple_pairing_mode_complete(bdaddr_t * local)1001 void hcid_dbus_write_simple_pairing_mode_complete(bdaddr_t *local)
1002 {
1003 	struct btd_adapter *adapter;
1004 	int dd;
1005 	uint8_t mode;
1006 	uint16_t dev_id;
1007 	const gchar *path;
1008 
1009 	adapter = manager_find_adapter(local);
1010 	if (!adapter) {
1011 		error("No matching adapter found");
1012 		return;
1013 	}
1014 
1015 	dev_id = adapter_get_dev_id(adapter);
1016 	path = adapter_get_path(adapter);
1017 
1018 	dd = hci_open_dev(dev_id);
1019 	if (dd < 0) {
1020 		error("HCI adapter open failed: %s", path);
1021 		return;
1022 	}
1023 
1024 	if (hci_read_simple_pairing_mode(dd, &mode,
1025 						HCI_REQ_TIMEOUT) < 0) {
1026 		error("Can't read simple pairing mode for %s: %s(%d)",
1027 					path, strerror(errno), errno);
1028 		hci_close_dev(dd);
1029 		return;
1030 	}
1031 
1032 	hci_close_dev(dd);
1033 
1034 	adapter_update_ssp_mode(adapter, mode);
1035 }
1036 
hcid_dbus_returned_link_key(bdaddr_t * local,bdaddr_t * peer)1037 void hcid_dbus_returned_link_key(bdaddr_t *local, bdaddr_t *peer)
1038 {
1039 	struct btd_adapter *adapter;
1040 	struct btd_device *device;
1041 
1042 	if (!get_adapter_and_device(local, peer, &adapter, &device, TRUE))
1043 		return;
1044 
1045 	device_set_paired(device, TRUE);
1046 }
1047 
hcid_dbus_get_io_cap(bdaddr_t * local,bdaddr_t * remote)1048 int hcid_dbus_get_io_cap(bdaddr_t *local, bdaddr_t *remote)
1049 {
1050 	struct btd_adapter *adapter;
1051 	struct btd_device *device;
1052 	struct oob_availability_req *oob_req;
1053 	struct agent *agent = NULL;
1054 	uint8_t agent_cap, auth, cap;
1055 	gboolean oob = FALSE;
1056 	int ret;
1057 
1058 	if (!get_adapter_and_device(local, remote, &adapter, &device, TRUE))
1059 		return -ENODEV;
1060 
1061 	if (get_auth_requirements(local, remote, &auth) < 0)
1062 		return -1;
1063 
1064 	DBG("initial authentication requirement is 0x%02x", auth);
1065 
1066 	if (auth == 0xff)
1067 		auth = device_get_auth(device);
1068 
1069 	/* Check if the adapter is not pairable and if there isn't a bonding
1070 	 * in progress */
1071 	if (!adapter_is_pairable(adapter) &&
1072 				!device_is_bonding(device, NULL)) {
1073 		if (device_get_auth(device) < 0x02) {
1074 			DBG("Allowing no bonding in non-bondable mode");
1075 			/* No input, no output */
1076 			cap = 0x03;
1077 			/* Kernel defaults to general bonding and so
1078 			 * overwrite for this special case. Otherwise
1079 			 * non-pairable test cases will fail. */
1080 			auth = 0x00;
1081 			goto done;
1082 		}
1083 		return -EPERM;
1084 	}
1085 
1086 	/* For CreatePairedDevice use dedicated bonding */
1087 	agent = device_get_agent(device);
1088 	if (!agent) {
1089 		/* This is the non bondable mode case */
1090 		if (device_get_auth(device) > 0x01) {
1091 			DBG("Bonding request, but no agent present");
1092 			return -1;
1093 		}
1094 
1095 		/* No agent available, and no bonding case */
1096 		if (auth == 0x00 || auth == 0x04) {
1097 			DBG("Allowing no bonding without agent");
1098 			/* No input, no output */
1099 			cap = 0x03;
1100 			/* If kernel defaults to general bonding, set it
1101 			 * back to no bonding */
1102 			auth = 0x00;
1103 			goto done;
1104 		}
1105 
1106 		error("No agent available for IO capability");
1107 		return -1;
1108 	}
1109 
1110 	agent_cap = agent_get_io_capability(agent);
1111 
1112 	if (auth == 0x00 || auth == 0x04) {
1113 		/* If remote requests dedicated bonding follow that lead */
1114 		if (device_get_auth(device) == 0x02 ||
1115 				device_get_auth(device) == 0x03) {
1116 
1117 			/* If both remote and local IO capabilities allow MITM
1118 			 * then require it, otherwise don't */
1119 			if (device_get_cap(device) == 0x03 ||
1120 							agent_cap == 0x03)
1121 				auth = 0x02;
1122 			else
1123 				auth = 0x03;
1124 		}
1125 
1126 		/* If remote indicates no bonding then follow that. This
1127 		 * is important since the kernel might give general bonding
1128 		 * as default. */
1129 		if (device_get_auth(device) == 0x00 ||
1130 					device_get_auth(device) == 0x01)
1131 			auth = 0x00;
1132 
1133 		/* If remote requires MITM then also require it, unless
1134 		 * our IO capability is NoInputNoOutput (so some
1135 		 * just-works security cases can be tested) */
1136 		if (device_get_auth(device) != 0xff &&
1137 					(device_get_auth(device) & 0x01) &&
1138 					agent_cap != 0x03)
1139 			auth |= 0x01;
1140 	}
1141 
1142 	DBG("final authentication requirement is 0x%02x", auth);
1143 	cap = agent_get_io_capability(agent);
1144 	oob = agent_get_oob_capability(agent);
1145 
1146 	// if pairing is not locally initiated
1147 	if (oob && agent == adapter_get_agent(adapter)) {
1148 		oob_req = g_new0(struct oob_availability_req, 1);
1149 		oob_req->device = device;
1150 		oob_req->auth = auth;
1151 		oob_req->capa = cap;
1152 
1153 		ret = device_request_oob_availability(device, oob_availability_cb,
1154 							oob_req);
1155 		if (ret < 0) {
1156 			g_free(oob_req);
1157 			oob = FALSE;
1158 			goto done;
1159 		}
1160 		return ret;
1161 	}
1162 
1163 done:
1164 	io_capa_oob_response(adapter, device, cap, auth, oob);
1165 	return 0;
1166 }
1167 
hcid_dbus_set_io_cap(bdaddr_t * local,bdaddr_t * remote,uint8_t cap,uint8_t auth)1168 int hcid_dbus_set_io_cap(bdaddr_t *local, bdaddr_t *remote,
1169 						uint8_t cap, uint8_t auth)
1170 {
1171 	struct btd_adapter *adapter;
1172 	struct btd_device *device;
1173 
1174 	if (!get_adapter_and_device(local, remote, &adapter, &device, TRUE))
1175 		return -ENODEV;
1176 
1177 	device_set_cap(device, cap);
1178 	device_set_auth(device, auth);
1179 
1180 	return 0;
1181 }
1182 
1183 /* Most of the functions in this module require easy access to a connection so
1184  * we keep it global here and provide these access functions the other (few)
1185  * modules that require access to it */
1186 
set_dbus_connection(DBusConnection * conn)1187 void set_dbus_connection(DBusConnection *conn)
1188 {
1189 	connection = conn;
1190 }
1191 
get_dbus_connection(void)1192 DBusConnection *get_dbus_connection(void)
1193 {
1194 	return connection;
1195 }
1196