1 /* 2 * 3 * BlueZ - Bluetooth protocol stack for Linux 4 * 5 * Copyright (C) 2000-2001 Qualcomm Incorporated 6 * Copyright (C) 2002-2003 Maxim Krasnyansky <maxk (at) qualcomm.com> 7 * Copyright (C) 2002-2009 Marcel Holtmann <marcel (at) holtmann.org> 8 * 9 * 10 * This program is free software; you can redistribute it and/or modify 11 * it under the terms of the GNU General Public License as published by 12 * the Free Software Foundation; either version 2 of the License, or 13 * (at your option) any later version. 14 * 15 * This program is distributed in the hope that it will be useful, 16 * but WITHOUT ANY WARRANTY; without even the implied warranty of 17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 18 * GNU General Public License for more details. 19 * 20 * You should have received a copy of the GNU General Public License 21 * along with this program; if not, write to the Free Software 22 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 23 * 24 */ 25 26 #ifdef HAVE_CONFIG_H 27 #include <config.h> 28 #endif 29 30 #include <stdio.h> 31 #include <errno.h> 32 #include <stdlib.h> 33 #include <time.h> 34 #include <unistd.h> 35 #include <sys/time.h> 36 #include <sys/param.h> 37 #include <sys/ioctl.h> 38 #include <sys/socket.h> 39 40 #include <bluetooth/bluetooth.h> 41 #include <bluetooth/hci.h> 42 #include <bluetooth/hci_lib.h> 43 #include <bluetooth/sdp.h> 44 45 #include <glib.h> 46 47 #include <dbus/dbus.h> 48 49 #include "hcid.h" 50 #include "logging.h" 51 #include "textfile.h" 52 53 #include "adapter.h" 54 #include "dbus-hci.h" 55 #include "storage.h" 56 #include "manager.h" 57 58 typedef enum { 59 REQ_PENDING, 60 REQ_SENT 61 } req_status_t; 62 63 struct hci_req_data { 64 int dev_id; 65 int event; 66 req_status_t status; 67 bdaddr_t dba; 68 uint16_t ogf; 69 uint16_t ocf; 70 void *cparam; 71 int clen; 72 }; 73 74 struct g_io_info { 75 GIOChannel *channel; 76 int watch_id; 77 int pin_length; 78 }; 79 80 static struct g_io_info io_data[HCI_MAX_DEV]; 81 82 static GSList *hci_req_queue = NULL; 83 84 static struct hci_req_data *hci_req_data_new(int dev_id, const bdaddr_t *dba, 85 uint16_t ogf, uint16_t ocf, int event, 86 const void *cparam, int clen) 87 { 88 struct hci_req_data *data; 89 90 data = g_new0(struct hci_req_data, 1); 91 92 data->cparam = g_malloc(clen); 93 memcpy(data->cparam, cparam, clen); 94 95 bacpy(&data->dba, dba); 96 97 data->dev_id = dev_id; 98 data->status = REQ_PENDING; 99 data->ogf = ogf; 100 data->ocf = ocf; 101 data->event = event; 102 data->clen = clen; 103 104 return data; 105 } 106 107 static int hci_req_find_by_devid(const void *data, const void *user_data) 108 { 109 const struct hci_req_data *req = data; 110 const int *dev_id = user_data; 111 112 return (*dev_id - req->dev_id); 113 } 114 115 static void hci_req_queue_process(int dev_id) 116 { 117 int dd, ret_val; 118 119 /* send the next pending cmd */ 120 dd = hci_open_dev(dev_id); 121 if (dd < 0) { 122 error("hci_open_dev(%d): %s (%d)", dev_id, strerror(errno), 123 errno); 124 return; 125 } 126 127 do { 128 struct hci_req_data *data; 129 GSList *l = g_slist_find_custom(hci_req_queue, &dev_id, hci_req_find_by_devid); 130 131 if (!l) 132 break; 133 134 data = l->data; 135 data->status = REQ_SENT; 136 137 ret_val = hci_send_cmd(dd, data->ogf, data->ocf, data->clen, data->cparam); 138 if (ret_val < 0) { 139 hci_req_queue = g_slist_remove(hci_req_queue, data); 140 g_free(data->cparam); 141 g_free(data); 142 } 143 144 } while (ret_val < 0); 145 146 hci_close_dev(dd); 147 } 148 149 static void hci_req_queue_append(struct hci_req_data *data) 150 { 151 GSList *l; 152 struct hci_req_data *match; 153 154 155 hci_req_queue = g_slist_append(hci_req_queue, data); 156 157 l = g_slist_find_custom(hci_req_queue, &data->dev_id, hci_req_find_by_devid); 158 match = l->data; 159 160 if (match->status == REQ_SENT) 161 return; 162 163 hci_req_queue_process(data->dev_id); 164 } 165 166 void hci_req_queue_remove(int dev_id, bdaddr_t *dba) 167 { 168 GSList *cur, *next; 169 struct hci_req_data *req; 170 171 for (cur = hci_req_queue; cur != NULL; cur = next) { 172 req = cur->data; 173 next = cur->next; 174 if ((req->dev_id != dev_id) || (bacmp(&req->dba, dba))) 175 continue; 176 177 hci_req_queue = g_slist_remove(hci_req_queue, req); 178 g_free(req->cparam); 179 g_free(req); 180 } 181 } 182 183 static void check_pending_hci_req(int dev_id, int event) 184 { 185 struct hci_req_data *data; 186 GSList *l; 187 188 if (!hci_req_queue) 189 return; 190 191 /* find the first element(pending)*/ 192 l = g_slist_find_custom(hci_req_queue, &dev_id, hci_req_find_by_devid); 193 194 if (!l) 195 return; 196 197 data = l->data; 198 199 /* skip if there is pending confirmation */ 200 if (data->status == REQ_SENT) { 201 if (data->event != event) 202 return; 203 204 /* remove the confirmed cmd */ 205 hci_req_queue = g_slist_remove(hci_req_queue, data); 206 g_free(data->cparam); 207 g_free(data); 208 } 209 210 hci_req_queue_process(dev_id); 211 } 212 213 static int get_handle(int dev, bdaddr_t *sba, bdaddr_t *dba, uint16_t *handle) 214 { 215 struct hci_conn_list_req *cl; 216 struct hci_conn_info *ci; 217 char addr[18]; 218 int i; 219 220 cl = g_malloc0(10 * sizeof(*ci) + sizeof(*cl)); 221 222 ba2str(sba, addr); 223 cl->dev_id = hci_devid(addr); 224 cl->conn_num = 10; 225 ci = cl->conn_info; 226 227 if (ioctl(dev, HCIGETCONNLIST, (void *) cl) < 0) { 228 g_free(cl); 229 return -EIO; 230 } 231 232 for (i = 0; i < cl->conn_num; i++, ci++) { 233 if (bacmp(&ci->bdaddr, dba) == 0) { 234 *handle = ci->handle; 235 g_free(cl); 236 return 0; 237 } 238 } 239 240 g_free(cl); 241 242 return -ENOENT; 243 } 244 245 static inline int get_bdaddr(int dev, bdaddr_t *sba, uint16_t handle, bdaddr_t *dba) 246 { 247 struct hci_conn_list_req *cl; 248 struct hci_conn_info *ci; 249 char addr[18]; 250 int i; 251 252 cl = g_malloc0(10 * sizeof(*ci) + sizeof(*cl)); 253 254 ba2str(sba, addr); 255 cl->dev_id = hci_devid(addr); 256 cl->conn_num = 10; 257 ci = cl->conn_info; 258 259 if (ioctl(dev, HCIGETCONNLIST, (void *) cl) < 0) { 260 g_free(cl); 261 return -EIO; 262 } 263 264 for (i = 0; i < cl->conn_num; i++, ci++) 265 if (ci->handle == handle) { 266 bacpy(dba, &ci->bdaddr); 267 g_free(cl); 268 return 0; 269 } 270 271 g_free(cl); 272 273 return -ENOENT; 274 } 275 276 static inline void update_lastseen(bdaddr_t *sba, bdaddr_t *dba) 277 { 278 time_t t; 279 struct tm *tm; 280 281 t = time(NULL); 282 tm = gmtime(&t); 283 284 write_lastseen_info(sba, dba, tm); 285 } 286 287 static inline void update_lastused(bdaddr_t *sba, bdaddr_t *dba) 288 { 289 time_t t; 290 struct tm *tm; 291 292 t = time(NULL); 293 tm = gmtime(&t); 294 295 write_lastused_info(sba, dba, tm); 296 } 297 298 /* Link Key handling */ 299 300 static void link_key_request(int dev, bdaddr_t *sba, bdaddr_t *dba) 301 { 302 struct hci_auth_info_req req; 303 unsigned char key[16]; 304 char sa[18], da[18]; 305 uint8_t type; 306 int err; 307 308 ba2str(sba, sa); ba2str(dba, da); 309 info("link_key_request (sba=%s, dba=%s)", sa, da); 310 311 memset(&req, 0, sizeof(req)); 312 bacpy(&req.bdaddr, dba); 313 314 err = ioctl(dev, HCIGETAUTHINFO, (unsigned long) &req); 315 if (err < 0) { 316 if (errno != EINVAL) 317 debug("HCIGETAUTHINFO failed %s (%d)", 318 strerror(errno), errno); 319 req.type = 0x00; 320 } 321 322 debug("kernel auth requirements = 0x%02x", req.type); 323 324 err = read_link_key(sba, dba, key, &type); 325 if (err < 0) { 326 /* Link key not found */ 327 hci_send_cmd(dev, OGF_LINK_CTL, OCF_LINK_KEY_NEG_REPLY, 6, dba); 328 } else { 329 /* Link key found */ 330 link_key_reply_cp lr; 331 memcpy(lr.link_key, key, 16); 332 bacpy(&lr.bdaddr, dba); 333 334 debug("stored link key type = 0x%02x", type); 335 336 /* Don't use debug link keys (0x03) and also don't use 337 * unauthenticated combination keys if MITM is required */ 338 if (type == 0x03 || (type == 0x04 && req.type != 0xff && 339 (req.type & 0x01))) 340 hci_send_cmd(dev, OGF_LINK_CTL, 341 OCF_LINK_KEY_NEG_REPLY, 6, dba); 342 else 343 hci_send_cmd(dev, OGF_LINK_CTL, OCF_LINK_KEY_REPLY, 344 LINK_KEY_REPLY_CP_SIZE, &lr); 345 } 346 } 347 348 static void link_key_notify(int dev, bdaddr_t *sba, void *ptr) 349 { 350 evt_link_key_notify *evt = ptr; 351 bdaddr_t *dba = &evt->bdaddr; 352 char sa[18], da[18]; 353 int dev_id, err; 354 unsigned char old_key[16]; 355 uint8_t old_key_type; 356 357 ba2str(sba, sa); ba2str(dba, da); 358 info("link_key_notify (sba=%s, dba=%s, type=%d)", sa, da, 359 evt->key_type); 360 361 err = read_link_key(sba, dba, old_key, &old_key_type); 362 if (err < 0) 363 old_key_type = 0xff; 364 365 dev_id = hci_devid(sa); 366 if (dev_id < 0) 367 err = -errno; 368 else 369 err = hcid_dbus_link_key_notify(sba, dba, evt->link_key, 370 evt->key_type, 371 io_data[dev_id].pin_length, 372 old_key_type); 373 if (err < 0) { 374 uint16_t handle; 375 376 if (err == -ENODEV) 377 hcid_dbus_bonding_process_complete(sba, dba, 378 HCI_OE_LOW_RESOURCES); 379 else 380 hcid_dbus_bonding_process_complete(sba, dba, 381 HCI_MEMORY_FULL); 382 383 if (get_handle(dev, sba, dba, &handle) == 0) { 384 disconnect_cp cp; 385 386 memset(&cp, 0, sizeof(cp)); 387 cp.handle = htobs(handle); 388 cp.reason = HCI_OE_LOW_RESOURCES; 389 390 hci_send_cmd(dev, OGF_LINK_CTL, OCF_DISCONNECT, 391 DISCONNECT_CP_SIZE, &cp); 392 } 393 } 394 395 io_data[dev_id].pin_length = -1; 396 } 397 398 static void return_link_keys(int dev, bdaddr_t *sba, void *ptr) 399 { 400 evt_return_link_keys *evt = ptr; 401 uint8_t num = evt->num_keys; 402 unsigned char key[16]; 403 char sa[18], da[18]; 404 bdaddr_t dba; 405 int i; 406 407 ba2str(sba, sa); 408 ptr++; 409 410 for (i = 0; i < num; i++) { 411 bacpy(&dba, ptr); ba2str(&dba, da); 412 memcpy(key, ptr + 6, 16); 413 414 info("return_link_keys (sba=%s, dba=%s)", sa, da); 415 416 ptr += 22; 417 } 418 } 419 420 /* Simple Pairing handling */ 421 422 static void user_confirm_request(int dev, bdaddr_t *sba, void *ptr) 423 { 424 evt_user_confirm_request *req = ptr; 425 426 if (hcid_dbus_user_confirm(sba, &req->bdaddr, 427 btohl(req->passkey)) < 0) 428 hci_send_cmd(dev, OGF_LINK_CTL, 429 OCF_USER_CONFIRM_NEG_REPLY, 6, ptr); 430 } 431 432 static void user_passkey_request(int dev, bdaddr_t *sba, void *ptr) 433 { 434 evt_user_passkey_request *req = ptr; 435 436 if (hcid_dbus_user_passkey(sba, &req->bdaddr) < 0) 437 hci_send_cmd(dev, OGF_LINK_CTL, 438 OCF_USER_PASSKEY_NEG_REPLY, 6, ptr); 439 } 440 441 static void user_passkey_notify(int dev, bdaddr_t *sba, void *ptr) 442 { 443 evt_user_passkey_notify *req = ptr; 444 445 hcid_dbus_user_notify(sba, &req->bdaddr, btohl(req->passkey)); 446 } 447 448 static void remote_oob_data_request(int dev, bdaddr_t *sba, void *ptr) 449 { 450 hci_send_cmd(dev, OGF_LINK_CTL, OCF_REMOTE_OOB_DATA_NEG_REPLY, 6, ptr); 451 } 452 453 static void io_capa_request(int dev, bdaddr_t *sba, bdaddr_t *dba) 454 { 455 char sa[18], da[18]; 456 uint8_t cap, auth; 457 458 ba2str(sba, sa); ba2str(dba, da); 459 info("io_capa_request (sba=%s, dba=%s)", sa, da); 460 461 if (hcid_dbus_get_io_cap(sba, dba, &cap, &auth) < 0) { 462 io_capability_neg_reply_cp cp; 463 memset(&cp, 0, sizeof(cp)); 464 bacpy(&cp.bdaddr, dba); 465 cp.reason = HCI_PAIRING_NOT_ALLOWED; 466 hci_send_cmd(dev, OGF_LINK_CTL, OCF_IO_CAPABILITY_NEG_REPLY, 467 IO_CAPABILITY_NEG_REPLY_CP_SIZE, &cp); 468 } else { 469 io_capability_reply_cp cp; 470 memset(&cp, 0, sizeof(cp)); 471 bacpy(&cp.bdaddr, dba); 472 cp.capability = cap; 473 cp.oob_data = 0x00; 474 cp.authentication = auth; 475 hci_send_cmd(dev, OGF_LINK_CTL, OCF_IO_CAPABILITY_REPLY, 476 IO_CAPABILITY_REPLY_CP_SIZE, &cp); 477 } 478 } 479 480 static void io_capa_response(int dev, bdaddr_t *sba, void *ptr) 481 { 482 evt_io_capability_response *evt = ptr; 483 char sa[18], da[18]; 484 485 ba2str(sba, sa); ba2str(&evt->bdaddr, da); 486 info("io_capa_response (sba=%s, dba=%s)", sa, da); 487 488 hcid_dbus_set_io_cap(sba, &evt->bdaddr, 489 evt->capability, evt->authentication); 490 } 491 492 /* PIN code handling */ 493 494 void set_pin_length(bdaddr_t *sba, int length) 495 { 496 char addr[18]; 497 int dev_id; 498 499 ba2str(sba, addr); 500 dev_id = hci_devid(addr); 501 502 if (dev_id >= 0) 503 io_data[dev_id].pin_length = length; 504 } 505 506 static void pin_code_request(int dev, bdaddr_t *sba, bdaddr_t *dba) 507 { 508 pin_code_reply_cp pr; 509 struct hci_conn_info_req *cr; 510 struct hci_conn_info *ci; 511 char sa[18], da[18], pin[17]; 512 int pinlen; 513 514 memset(&pr, 0, sizeof(pr)); 515 bacpy(&pr.bdaddr, dba); 516 517 ba2str(sba, sa); ba2str(dba, da); 518 info("pin_code_request (sba=%s, dba=%s)", sa, da); 519 520 cr = g_malloc0(sizeof(*cr) + sizeof(*ci)); 521 522 bacpy(&cr->bdaddr, dba); 523 cr->type = ACL_LINK; 524 if (ioctl(dev, HCIGETCONNINFO, (unsigned long) cr) < 0) { 525 error("Can't get conn info: %s (%d)", strerror(errno), errno); 526 goto reject; 527 } 528 ci = cr->conn_info; 529 530 memset(pin, 0, sizeof(pin)); 531 pinlen = read_pin_code(sba, dba, pin); 532 533 if (pinlen > 0) { 534 set_pin_length(sba, pinlen); 535 memcpy(pr.pin_code, pin, pinlen); 536 pr.pin_len = pinlen; 537 hci_send_cmd(dev, OGF_LINK_CTL, OCF_PIN_CODE_REPLY, 538 PIN_CODE_REPLY_CP_SIZE, &pr); 539 } else { 540 /* Request PIN from passkey agent */ 541 if (hcid_dbus_request_pin(dev, sba, ci) < 0) 542 goto reject; 543 } 544 545 g_free(cr); 546 547 return; 548 549 reject: 550 g_free(cr); 551 552 hci_send_cmd(dev, OGF_LINK_CTL, OCF_PIN_CODE_NEG_REPLY, 6, dba); 553 } 554 555 static void start_inquiry(bdaddr_t *local, uint8_t status, gboolean periodic) 556 { 557 struct btd_adapter *adapter; 558 int state; 559 560 /* Don't send the signal if the cmd failed */ 561 if (status) { 562 error("Inquiry Failed with status 0x%02x", status); 563 return; 564 } 565 566 adapter = manager_find_adapter(local); 567 if (!adapter) { 568 error("Unable to find matching adapter"); 569 return; 570 } 571 572 state = adapter_get_state(adapter); 573 574 /* Disable name resolution for non D-Bus clients */ 575 if (!adapter_has_discov_sessions(adapter)) 576 state &= ~RESOLVE_NAME; 577 578 if (periodic) { 579 state |= PERIODIC_INQUIRY; 580 adapter_set_state(adapter, state); 581 return; 582 } 583 584 state |= STD_INQUIRY; 585 adapter_set_state(adapter, state); 586 587 /* 588 * Cancel pending remote name request and clean the device list 589 * when inquiry is supported in periodic inquiry idle state. 590 */ 591 if (adapter_get_state(adapter) & PERIODIC_INQUIRY) { 592 pending_remote_name_cancel(adapter); 593 594 clear_found_devices_list(adapter); 595 } 596 } 597 598 static void inquiry_complete(bdaddr_t *local, uint8_t status, gboolean periodic) 599 { 600 struct btd_adapter *adapter; 601 int state; 602 603 /* Don't send the signal if the cmd failed */ 604 if (status) { 605 error("Inquiry Failed with status 0x%02x", status); 606 return; 607 } 608 609 adapter = manager_find_adapter(local); 610 if (!adapter) { 611 error("Unable to find matching adapter"); 612 return; 613 } 614 615 /* 616 * The following scenarios can happen: 617 * 1. standard inquiry: always send discovery completed signal 618 * 2. standard inquiry + name resolving: send discovery completed 619 * after name resolving 620 * 3. periodic inquiry: skip discovery completed signal 621 * 4. periodic inquiry + standard inquiry: always send discovery 622 * completed signal 623 * 624 * Keep in mind that non D-Bus requests can arrive. 625 */ 626 if (periodic) { 627 state = adapter_get_state(adapter); 628 state &= ~PERIODIC_INQUIRY; 629 adapter_set_state(adapter, state); 630 return; 631 } 632 633 if (adapter_resolve_names(adapter) == 0) 634 return; 635 636 state = adapter_get_state(adapter); 637 /* 638 * workaround to identify situation when there is no devices around 639 * but periodic inquiry is active. 640 */ 641 if (!(state & STD_INQUIRY) && !(state & PERIODIC_INQUIRY)) { 642 state |= PERIODIC_INQUIRY; 643 adapter_set_state(adapter, state); 644 return; 645 } 646 647 /* reset the discover type to be able to handle D-Bus and non D-Bus 648 * requests */ 649 state &= ~STD_INQUIRY; 650 state &= ~PERIODIC_INQUIRY; 651 adapter_set_state(adapter, state); 652 } 653 654 static inline void cmd_status(int dev, bdaddr_t *sba, void *ptr) 655 { 656 evt_cmd_status *evt = ptr; 657 uint16_t opcode = btohs(evt->opcode); 658 659 if (opcode == cmd_opcode_pack(OGF_LINK_CTL, OCF_INQUIRY)) 660 start_inquiry(sba, evt->status, FALSE); 661 } 662 663 static inline void cmd_complete(int dev, bdaddr_t *sba, void *ptr) 664 { 665 evt_cmd_complete *evt = ptr; 666 uint16_t opcode = btohs(evt->opcode); 667 uint8_t status = *((uint8_t *) ptr + EVT_CMD_COMPLETE_SIZE); 668 669 switch (opcode) { 670 case cmd_opcode_pack(OGF_LINK_CTL, OCF_PERIODIC_INQUIRY): 671 start_inquiry(sba, status, TRUE); 672 break; 673 case cmd_opcode_pack(OGF_LINK_CTL, OCF_EXIT_PERIODIC_INQUIRY): 674 inquiry_complete(sba, status, TRUE); 675 break; 676 case cmd_opcode_pack(OGF_LINK_CTL, OCF_INQUIRY_CANCEL): 677 inquiry_complete(sba, status, FALSE); 678 break; 679 case cmd_opcode_pack(OGF_HOST_CTL, OCF_CHANGE_LOCAL_NAME): 680 adapter_setname_complete(sba, status); 681 break; 682 case cmd_opcode_pack(OGF_HOST_CTL, OCF_WRITE_SCAN_ENABLE): 683 hcid_dbus_setscan_enable_complete(sba); 684 break; 685 case cmd_opcode_pack(OGF_HOST_CTL, OCF_WRITE_CLASS_OF_DEV): 686 hcid_dbus_write_class_complete(sba); 687 break; 688 case cmd_opcode_pack(OGF_HOST_CTL, OCF_WRITE_SIMPLE_PAIRING_MODE): 689 hcid_dbus_write_simple_pairing_mode_complete(sba); 690 break; 691 case cmd_opcode_pack(OGF_HOST_CTL, OCF_READ_LOCAL_NAME): 692 ptr += sizeof(evt_cmd_complete); 693 adapter_update_local_name(sba, status, ptr); 694 break; 695 }; 696 } 697 698 static inline void remote_name_information(int dev, bdaddr_t *sba, void *ptr) 699 { 700 evt_remote_name_req_complete *evt = ptr; 701 bdaddr_t dba; 702 char name[MAX_NAME_LENGTH + 1]; 703 704 memset(name, 0, sizeof(name)); 705 bacpy(&dba, &evt->bdaddr); 706 707 if (!evt->status) { 708 char *end; 709 memcpy(name, evt->name, MAX_NAME_LENGTH); 710 /* It's ok to cast end between const and non-const since 711 * we know it points to inside of name which is non-const */ 712 if (!g_utf8_validate(name, -1, (const char **) &end)) 713 *end = '\0'; 714 write_device_name(sba, &dba, name); 715 } 716 717 hcid_dbus_remote_name(sba, &dba, evt->status, name); 718 } 719 720 static inline void remote_version_information(int dev, bdaddr_t *sba, void *ptr) 721 { 722 evt_read_remote_version_complete *evt = ptr; 723 bdaddr_t dba; 724 725 if (evt->status) 726 return; 727 728 if (get_bdaddr(dev, sba, btohs(evt->handle), &dba) < 0) 729 return; 730 731 write_version_info(sba, &dba, btohs(evt->manufacturer), 732 evt->lmp_ver, btohs(evt->lmp_subver)); 733 } 734 735 static inline void inquiry_result(int dev, bdaddr_t *sba, int plen, void *ptr) 736 { 737 uint8_t num = *(uint8_t *) ptr++; 738 int i; 739 740 for (i = 0; i < num; i++) { 741 inquiry_info *info = ptr; 742 uint32_t class = info->dev_class[0] 743 | (info->dev_class[1] << 8) 744 | (info->dev_class[2] << 16); 745 746 hcid_dbus_inquiry_result(sba, &info->bdaddr, class, 0, NULL); 747 748 update_lastseen(sba, &info->bdaddr); 749 750 ptr += INQUIRY_INFO_SIZE; 751 } 752 } 753 754 static inline void inquiry_result_with_rssi(int dev, bdaddr_t *sba, int plen, void *ptr) 755 { 756 uint8_t num = *(uint8_t *) ptr++; 757 int i; 758 759 if (!num) 760 return; 761 762 if ((plen - 1) / num == INQUIRY_INFO_WITH_RSSI_AND_PSCAN_MODE_SIZE) { 763 for (i = 0; i < num; i++) { 764 inquiry_info_with_rssi_and_pscan_mode *info = ptr; 765 uint32_t class = info->dev_class[0] 766 | (info->dev_class[1] << 8) 767 | (info->dev_class[2] << 16); 768 769 hcid_dbus_inquiry_result(sba, &info->bdaddr, 770 class, info->rssi, NULL); 771 772 update_lastseen(sba, &info->bdaddr); 773 774 ptr += INQUIRY_INFO_WITH_RSSI_AND_PSCAN_MODE_SIZE; 775 } 776 } else { 777 for (i = 0; i < num; i++) { 778 inquiry_info_with_rssi *info = ptr; 779 uint32_t class = info->dev_class[0] 780 | (info->dev_class[1] << 8) 781 | (info->dev_class[2] << 16); 782 783 hcid_dbus_inquiry_result(sba, &info->bdaddr, 784 class, info->rssi, NULL); 785 786 update_lastseen(sba, &info->bdaddr); 787 788 ptr += INQUIRY_INFO_WITH_RSSI_SIZE; 789 } 790 } 791 } 792 793 static inline void extended_inquiry_result(int dev, bdaddr_t *sba, int plen, void *ptr) 794 { 795 uint8_t num = *(uint8_t *) ptr++; 796 int i; 797 798 for (i = 0; i < num; i++) { 799 extended_inquiry_info *info = ptr; 800 uint32_t class = info->dev_class[0] 801 | (info->dev_class[1] << 8) 802 | (info->dev_class[2] << 16); 803 804 hcid_dbus_inquiry_result(sba, &info->bdaddr, class, 805 info->rssi, info->data); 806 807 update_lastseen(sba, &info->bdaddr); 808 809 ptr += EXTENDED_INQUIRY_INFO_SIZE; 810 } 811 } 812 813 static inline void remote_features_information(int dev, bdaddr_t *sba, void *ptr) 814 { 815 evt_read_remote_features_complete *evt = ptr; 816 bdaddr_t dba; 817 818 if (evt->status) 819 return; 820 821 if (get_bdaddr(dev, sba, btohs(evt->handle), &dba) < 0) 822 return; 823 824 write_features_info(sba, &dba, evt->features); 825 } 826 827 static inline void conn_complete(int dev, int dev_id, bdaddr_t *sba, void *ptr) 828 { 829 evt_conn_complete *evt = ptr; 830 char filename[PATH_MAX]; 831 remote_name_req_cp cp_name; 832 struct hci_req_data *data; 833 char local_addr[18], peer_addr[18], *str; 834 835 if (evt->link_type != ACL_LINK) 836 return; 837 838 hcid_dbus_conn_complete(sba, evt->status, btohs(evt->handle), 839 &evt->bdaddr); 840 841 if (evt->status) 842 return; 843 844 update_lastused(sba, &evt->bdaddr); 845 846 /* Request remote name */ 847 memset(&cp_name, 0, sizeof(cp_name)); 848 bacpy(&cp_name.bdaddr, &evt->bdaddr); 849 cp_name.pscan_rep_mode = 0x02; 850 851 data = hci_req_data_new(dev_id, &evt->bdaddr, OGF_LINK_CTL, 852 OCF_REMOTE_NAME_REQ, EVT_REMOTE_NAME_REQ_COMPLETE, 853 &cp_name, REMOTE_NAME_REQ_CP_SIZE); 854 855 hci_req_queue_append(data); 856 857 /* check if the remote version needs be requested */ 858 ba2str(sba, local_addr); 859 ba2str(&evt->bdaddr, peer_addr); 860 861 create_name(filename, sizeof(filename), STORAGEDIR, local_addr, "manufacturers"); 862 863 str = textfile_get(filename, peer_addr); 864 if (!str) { 865 read_remote_version_cp cp; 866 867 memset(&cp, 0, sizeof(cp)); 868 cp.handle = evt->handle; 869 870 data = hci_req_data_new(dev_id, &evt->bdaddr, OGF_LINK_CTL, 871 OCF_READ_REMOTE_VERSION, EVT_READ_REMOTE_VERSION_COMPLETE, 872 &cp, READ_REMOTE_VERSION_CP_SIZE); 873 874 hci_req_queue_append(data); 875 } else 876 free(str); 877 } 878 879 static inline void disconn_complete(int dev, bdaddr_t *sba, void *ptr) 880 { 881 evt_disconn_complete *evt = ptr; 882 883 hcid_dbus_disconn_complete(sba, evt->status, btohs(evt->handle), 884 evt->reason); 885 } 886 887 static inline void auth_complete(int dev, bdaddr_t *sba, void *ptr) 888 { 889 evt_auth_complete *evt = ptr; 890 bdaddr_t dba; 891 892 if (get_bdaddr(dev, sba, btohs(evt->handle), &dba) < 0) 893 return; 894 895 hcid_dbus_bonding_process_complete(sba, &dba, evt->status); 896 } 897 898 static inline void simple_pairing_complete(int dev, bdaddr_t *sba, void *ptr) 899 { 900 evt_simple_pairing_complete *evt = ptr; 901 902 hcid_dbus_simple_pairing_complete(sba, &evt->bdaddr, evt->status); 903 } 904 905 static inline void conn_request(int dev, bdaddr_t *sba, void *ptr) 906 { 907 evt_conn_request *evt = ptr; 908 uint32_t class = evt->dev_class[0] | (evt->dev_class[1] << 8) 909 | (evt->dev_class[2] << 16); 910 911 hcid_dbus_remote_class(sba, &evt->bdaddr, class); 912 913 write_remote_class(sba, &evt->bdaddr, class); 914 } 915 916 static void delete_channel(GIOChannel *chan) 917 { 918 int i; 919 920 /* Look for the GIOChannel in the table */ 921 for (i = 0; i < HCI_MAX_DEV; i++) 922 if (io_data[i].channel == chan) { 923 stop_security_manager(i); 924 return; 925 } 926 927 error("IO channel not found in the io_data table"); 928 } 929 930 static gboolean io_security_event(GIOChannel *chan, GIOCondition cond, gpointer data) 931 { 932 unsigned char buf[HCI_MAX_EVENT_SIZE], *ptr = buf; 933 struct hci_dev_info *di = data; 934 int type, dev; 935 size_t len; 936 hci_event_hdr *eh; 937 GIOError err; 938 evt_cmd_status *evt; 939 940 if (cond & (G_IO_NVAL | G_IO_HUP | G_IO_ERR)) { 941 delete_channel(chan); 942 return FALSE; 943 } 944 945 if ((err = g_io_channel_read(chan, (gchar *) buf, sizeof(buf), &len))) { 946 if (err == G_IO_ERROR_AGAIN) 947 return TRUE; 948 delete_channel(chan); 949 return FALSE; 950 } 951 952 type = *ptr++; 953 954 if (type != HCI_EVENT_PKT) 955 return TRUE; 956 957 eh = (hci_event_hdr *) ptr; 958 ptr += HCI_EVENT_HDR_SIZE; 959 960 dev = g_io_channel_unix_get_fd(chan); 961 962 ioctl(dev, HCIGETDEVINFO, (void *) di); 963 964 if (hci_test_bit(HCI_RAW, &di->flags)) 965 return TRUE; 966 967 switch (eh->evt) { 968 case EVT_CMD_STATUS: 969 cmd_status(dev, &di->bdaddr, ptr); 970 break; 971 972 case EVT_CMD_COMPLETE: 973 cmd_complete(dev, &di->bdaddr, ptr); 974 break; 975 976 case EVT_REMOTE_NAME_REQ_COMPLETE: 977 remote_name_information(dev, &di->bdaddr, ptr); 978 break; 979 980 case EVT_READ_REMOTE_VERSION_COMPLETE: 981 remote_version_information(dev, &di->bdaddr, ptr); 982 break; 983 984 case EVT_READ_REMOTE_FEATURES_COMPLETE: 985 remote_features_information(dev, &di->bdaddr, ptr); 986 break; 987 988 case EVT_INQUIRY_COMPLETE: 989 evt = (evt_cmd_status *) ptr; 990 inquiry_complete(&di->bdaddr, evt->status, FALSE); 991 break; 992 993 case EVT_INQUIRY_RESULT: 994 inquiry_result(dev, &di->bdaddr, eh->plen, ptr); 995 break; 996 997 case EVT_INQUIRY_RESULT_WITH_RSSI: 998 inquiry_result_with_rssi(dev, &di->bdaddr, eh->plen, ptr); 999 break; 1000 1001 case EVT_EXTENDED_INQUIRY_RESULT: 1002 extended_inquiry_result(dev, &di->bdaddr, eh->plen, ptr); 1003 break; 1004 1005 case EVT_CONN_COMPLETE: 1006 conn_complete(dev, di->dev_id, &di->bdaddr, ptr); 1007 break; 1008 1009 case EVT_DISCONN_COMPLETE: 1010 disconn_complete(dev, &di->bdaddr, ptr); 1011 break; 1012 1013 case EVT_AUTH_COMPLETE: 1014 auth_complete(dev, &di->bdaddr, ptr); 1015 break; 1016 1017 case EVT_SIMPLE_PAIRING_COMPLETE: 1018 simple_pairing_complete(dev, &di->bdaddr, ptr); 1019 break; 1020 1021 case EVT_CONN_REQUEST: 1022 conn_request(dev, &di->bdaddr, ptr); 1023 break; 1024 } 1025 1026 /* Check for pending command request */ 1027 check_pending_hci_req(di->dev_id, eh->evt); 1028 1029 switch (eh->evt) { 1030 case EVT_PIN_CODE_REQ: 1031 pin_code_request(dev, &di->bdaddr, (bdaddr_t *) ptr); 1032 break; 1033 1034 case EVT_LINK_KEY_REQ: 1035 link_key_request(dev, &di->bdaddr, (bdaddr_t *) ptr); 1036 break; 1037 1038 case EVT_LINK_KEY_NOTIFY: 1039 link_key_notify(dev, &di->bdaddr, ptr); 1040 break; 1041 1042 case EVT_RETURN_LINK_KEYS: 1043 return_link_keys(dev, &di->bdaddr, ptr); 1044 break; 1045 1046 case EVT_IO_CAPABILITY_REQUEST: 1047 io_capa_request(dev, &di->bdaddr, (bdaddr_t *) ptr); 1048 break; 1049 1050 case EVT_IO_CAPABILITY_RESPONSE: 1051 io_capa_response(dev, &di->bdaddr, ptr); 1052 break; 1053 1054 case EVT_USER_CONFIRM_REQUEST: 1055 user_confirm_request(dev, &di->bdaddr, ptr); 1056 break; 1057 1058 case EVT_USER_PASSKEY_REQUEST: 1059 user_passkey_request(dev, &di->bdaddr, ptr); 1060 break; 1061 1062 case EVT_USER_PASSKEY_NOTIFY: 1063 user_passkey_notify(dev, &di->bdaddr, ptr); 1064 break; 1065 1066 case EVT_REMOTE_OOB_DATA_REQUEST: 1067 remote_oob_data_request(dev, &di->bdaddr, ptr); 1068 break; 1069 } 1070 1071 return TRUE; 1072 } 1073 1074 void start_security_manager(int hdev) 1075 { 1076 GIOChannel *chan = io_data[hdev].channel; 1077 struct hci_dev_info *di; 1078 struct hci_filter flt; 1079 read_stored_link_key_cp cp; 1080 int dev; 1081 1082 if (chan) 1083 return; 1084 1085 info("Starting security manager %d", hdev); 1086 1087 if ((dev = hci_open_dev(hdev)) < 0) { 1088 error("Can't open device hci%d: %s (%d)", 1089 hdev, strerror(errno), errno); 1090 return; 1091 } 1092 1093 /* Set filter */ 1094 hci_filter_clear(&flt); 1095 hci_filter_set_ptype(HCI_EVENT_PKT, &flt); 1096 hci_filter_set_event(EVT_CMD_STATUS, &flt); 1097 hci_filter_set_event(EVT_CMD_COMPLETE, &flt); 1098 hci_filter_set_event(EVT_PIN_CODE_REQ, &flt); 1099 hci_filter_set_event(EVT_LINK_KEY_REQ, &flt); 1100 hci_filter_set_event(EVT_LINK_KEY_NOTIFY, &flt); 1101 hci_filter_set_event(EVT_RETURN_LINK_KEYS, &flt); 1102 hci_filter_set_event(EVT_IO_CAPABILITY_REQUEST, &flt); 1103 hci_filter_set_event(EVT_IO_CAPABILITY_RESPONSE, &flt); 1104 hci_filter_set_event(EVT_USER_CONFIRM_REQUEST, &flt); 1105 hci_filter_set_event(EVT_USER_PASSKEY_REQUEST, &flt); 1106 hci_filter_set_event(EVT_REMOTE_OOB_DATA_REQUEST, &flt); 1107 hci_filter_set_event(EVT_USER_PASSKEY_NOTIFY, &flt); 1108 hci_filter_set_event(EVT_KEYPRESS_NOTIFY, &flt); 1109 hci_filter_set_event(EVT_SIMPLE_PAIRING_COMPLETE, &flt); 1110 hci_filter_set_event(EVT_AUTH_COMPLETE, &flt); 1111 hci_filter_set_event(EVT_REMOTE_NAME_REQ_COMPLETE, &flt); 1112 hci_filter_set_event(EVT_READ_REMOTE_VERSION_COMPLETE, &flt); 1113 hci_filter_set_event(EVT_READ_REMOTE_FEATURES_COMPLETE, &flt); 1114 hci_filter_set_event(EVT_REMOTE_HOST_FEATURES_NOTIFY, &flt); 1115 hci_filter_set_event(EVT_INQUIRY_COMPLETE, &flt); 1116 hci_filter_set_event(EVT_INQUIRY_RESULT, &flt); 1117 hci_filter_set_event(EVT_INQUIRY_RESULT_WITH_RSSI, &flt); 1118 hci_filter_set_event(EVT_EXTENDED_INQUIRY_RESULT, &flt); 1119 hci_filter_set_event(EVT_CONN_REQUEST, &flt); 1120 hci_filter_set_event(EVT_CONN_COMPLETE, &flt); 1121 hci_filter_set_event(EVT_DISCONN_COMPLETE, &flt); 1122 if (setsockopt(dev, SOL_HCI, HCI_FILTER, &flt, sizeof(flt)) < 0) { 1123 error("Can't set filter on hci%d: %s (%d)", 1124 hdev, strerror(errno), errno); 1125 close(dev); 1126 return; 1127 } 1128 1129 di = g_new(struct hci_dev_info, 1); 1130 if (hci_devinfo(hdev, di) < 0) { 1131 error("Can't get device info: %s (%d)", 1132 strerror(errno), errno); 1133 close(dev); 1134 g_free(di); 1135 return; 1136 } 1137 1138 chan = g_io_channel_unix_new(dev); 1139 g_io_channel_set_close_on_unref(chan, TRUE); 1140 io_data[hdev].watch_id = g_io_add_watch_full(chan, G_PRIORITY_HIGH, 1141 G_IO_IN | G_IO_NVAL | G_IO_HUP | G_IO_ERR, 1142 io_security_event, di, (GDestroyNotify) g_free); 1143 io_data[hdev].channel = chan; 1144 io_data[hdev].pin_length = -1; 1145 1146 if (hci_test_bit(HCI_RAW, &di->flags)) 1147 return; 1148 1149 bacpy(&cp.bdaddr, BDADDR_ANY); 1150 cp.read_all = 1; 1151 1152 hci_send_cmd(dev, OGF_HOST_CTL, OCF_READ_STORED_LINK_KEY, 1153 READ_STORED_LINK_KEY_CP_SIZE, (void *) &cp); 1154 } 1155 1156 void stop_security_manager(int hdev) 1157 { 1158 GIOChannel *chan = io_data[hdev].channel; 1159 1160 if (!chan) 1161 return; 1162 1163 info("Stopping security manager %d", hdev); 1164 1165 g_source_remove(io_data[hdev].watch_id); 1166 g_io_channel_unref(io_data[hdev].channel); 1167 io_data[hdev].watch_id = -1; 1168 io_data[hdev].channel = NULL; 1169 io_data[hdev].pin_length = -1; 1170 } 1171 1172
