1 /* 2 * 3 * BlueZ - Bluetooth protocol stack for Linux 4 * 5 * Copyright (C) 2004-2010 Marcel Holtmann <marcel (at) holtmann.org> 6 * 7 * This program is free software; you can redistribute it and/or modify 8 * it under the terms of the GNU General Public License as published by 9 * the Free Software Foundation; either version 2 of the License, or 10 * (at your option) any later version. 11 * 12 * This program is distributed in the hope that it will be useful, 13 * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 * GNU General Public License for more details. 16 * 17 * You should have received a copy of the GNU General Public License 18 * along with this program; if not, write to the Free Software 19 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 20 * 21 */ 22 23 #ifdef HAVE_CONFIG_H 24 #include <config.h> 25 #endif 26 27 #include <stdio.h> 28 #include <errno.h> 29 #include <unistd.h> 30 #include <stdlib.h> 31 #include <sys/types.h> 32 #include <sys/ioctl.h> 33 #include <sys/wait.h> 34 35 #include <bluetooth/bluetooth.h> 36 #include <bluetooth/hci.h> 37 #include <bluetooth/hci_lib.h> 38 #include <bluetooth/sdp.h> 39 #include <bluetooth/sdp_lib.h> 40 41 #include <glib.h> 42 43 #include "hcid.h" 44 #include "sdpd.h" 45 #include "btio.h" 46 #include "adapter.h" 47 #include "device.h" 48 #include "plugin.h" 49 #include "log.h" 50 #include "storage.h" 51 #include "event.h" 52 #include "manager.h" 53 #include "oob.h" 54 #include "eir.h" 55 56 #define DISCOV_HALTED 0 57 #define DISCOV_INQ 1 58 #define DISCOV_SCAN 2 59 60 #define TIMEOUT_BR_LE_SCAN 5120 /* TGAP(100)/2 */ 61 #define TIMEOUT_LE_SCAN 10240 /* TGAP(gen_disc_scan_min) */ 62 63 #define LENGTH_BR_INQ 0x08 64 #define LENGTH_BR_LE_INQ 0x04 65 66 static int hciops_start_scanning(int index, int timeout); 67 68 static int child_pipe[2] = { -1, -1 }; 69 70 static guint child_io_id = 0; 71 static guint ctl_io_id = 0; 72 73 enum adapter_type { 74 BR_EDR, 75 LE_ONLY, 76 BR_EDR_LE, 77 UNKNOWN, 78 }; 79 80 /* Commands sent by kernel on starting an adapter */ 81 enum { 82 PENDING_BDADDR, 83 PENDING_VERSION, 84 PENDING_FEATURES, 85 PENDING_NAME, 86 }; 87 88 struct bt_conn { 89 struct dev_info *dev; 90 bdaddr_t bdaddr; 91 uint16_t handle; 92 uint8_t loc_cap; 93 uint8_t loc_auth; 94 uint8_t rem_cap; 95 uint8_t rem_auth; 96 uint8_t rem_oob_data; 97 gboolean bonding_initiator; 98 gboolean secmode3; 99 GIOChannel *io; /* For raw L2CAP socket (bonding) */ 100 }; 101 102 struct oob_data { 103 bdaddr_t bdaddr; 104 uint8_t hash[16]; 105 uint8_t randomizer[16]; 106 }; 107 108 static int max_dev = -1; 109 static struct dev_info { 110 int id; 111 int sk; 112 bdaddr_t bdaddr; 113 char name[249]; 114 uint8_t eir[HCI_MAX_EIR_LENGTH]; 115 uint8_t features[8]; 116 uint8_t extfeatures[8]; 117 uint8_t ssp_mode; 118 119 int8_t tx_power; 120 121 int discov_state; 122 123 uint32_t current_cod; 124 uint32_t wanted_cod; 125 uint32_t pending_cod; 126 gboolean cache_enable; 127 gboolean already_up; 128 gboolean registered; 129 gboolean pairable; 130 131 uint8_t io_capability; 132 133 struct hci_version ver; 134 135 uint16_t did_vendor; 136 uint16_t did_product; 137 uint16_t did_version; 138 139 gboolean up; 140 uint32_t pending; 141 142 GIOChannel *io; 143 guint watch_id; 144 145 gboolean debug_keys; 146 GSList *keys; 147 uint8_t pin_length; 148 149 GSList *oob_data; 150 151 GSList *uuids; 152 153 GSList *connections; 154 155 guint stop_scan_id; 156 } *devs = NULL; 157 158 static inline int get_state(int index) 159 { 160 struct dev_info *dev = &devs[index]; 161 162 return dev->discov_state; 163 } 164 165 static inline gboolean is_resolvname_enabled(void) 166 { 167 return main_opts.name_resolv ? TRUE : FALSE; 168 } 169 170 static void set_state(int index, int state) 171 { 172 struct btd_adapter *adapter; 173 struct dev_info *dev = &devs[index]; 174 175 if (dev->discov_state == state) 176 return; 177 178 adapter = manager_find_adapter_by_id(index); 179 if (!adapter) { 180 error("No matching adapter found"); 181 return; 182 } 183 184 dev->discov_state = state; 185 186 DBG("hci%d: new state %d", index, dev->discov_state); 187 188 switch (dev->discov_state) { 189 case DISCOV_HALTED: 190 if (adapter_get_state(adapter) == STATE_SUSPENDED) 191 return; 192 193 if (is_resolvname_enabled() && 194 adapter_has_discov_sessions(adapter)) 195 adapter_set_state(adapter, STATE_RESOLVNAME); 196 else 197 adapter_set_state(adapter, STATE_IDLE); 198 break; 199 case DISCOV_INQ: 200 case DISCOV_SCAN: 201 adapter_set_state(adapter, STATE_DISCOV); 202 break; 203 } 204 } 205 206 static inline gboolean is_le_capable(int index) 207 { 208 struct dev_info *dev = &devs[index]; 209 210 return (main_opts.le && dev->features[4] & LMP_LE && 211 dev->extfeatures[0] & LMP_HOST_LE) ? TRUE : FALSE; 212 } 213 214 static inline gboolean is_bredr_capable(int index) 215 { 216 struct dev_info *dev = &devs[index]; 217 218 return (dev->features[4] & LMP_NO_BREDR) == 0 ? TRUE : FALSE; 219 } 220 221 static int get_adapter_type(int index) 222 { 223 if (is_le_capable(index) && is_bredr_capable(index)) 224 return BR_EDR_LE; 225 else if (is_le_capable(index)) 226 return LE_ONLY; 227 else if (is_bredr_capable(index)) 228 return BR_EDR; 229 230 return UNKNOWN; 231 } 232 233 static int ignore_device(struct hci_dev_info *di) 234 { 235 return hci_test_bit(HCI_RAW, &di->flags) || di->type >> 4 != HCI_BREDR; 236 } 237 238 static struct dev_info *init_dev_info(int index, int sk, gboolean registered, 239 gboolean already_up) 240 { 241 struct dev_info *dev = &devs[index]; 242 243 memset(dev, 0, sizeof(*dev)); 244 245 dev->id = index; 246 dev->sk = sk; 247 dev->cache_enable = TRUE; 248 dev->registered = registered; 249 dev->already_up = already_up; 250 dev->io_capability = 0x03; /* No Input No Output */ 251 dev->discov_state = DISCOV_HALTED; 252 253 return dev; 254 } 255 256 /* Async HCI command handling with callback support */ 257 258 struct hci_cmd_data { 259 bt_hci_result_t cb; 260 uint16_t handle; 261 uint16_t ocf; 262 gpointer caller_data; 263 }; 264 265 static gboolean hci_event_watch(GIOChannel *io, 266 GIOCondition cond, gpointer user_data) 267 { 268 unsigned char buf[HCI_MAX_EVENT_SIZE], *body; 269 struct hci_cmd_data *cmd = user_data; 270 evt_cmd_status *evt_status; 271 evt_auth_complete *evt_auth; 272 evt_encrypt_change *evt_enc; 273 hci_event_hdr *hdr; 274 set_conn_encrypt_cp cp; 275 int dd; 276 uint16_t ocf; 277 uint8_t status = HCI_OE_POWER_OFF; 278 279 if (cond & G_IO_NVAL) { 280 cmd->cb(status, cmd->caller_data); 281 return FALSE; 282 } 283 284 if (cond & (G_IO_ERR | G_IO_HUP)) 285 goto failed; 286 287 dd = g_io_channel_unix_get_fd(io); 288 289 if (read(dd, buf, sizeof(buf)) < 0) 290 goto failed; 291 292 hdr = (hci_event_hdr *) (buf + 1); 293 body = buf + (1 + HCI_EVENT_HDR_SIZE); 294 295 switch (hdr->evt) { 296 case EVT_CMD_STATUS: 297 evt_status = (evt_cmd_status *) body; 298 ocf = cmd_opcode_ocf(evt_status->opcode); 299 if (ocf != cmd->ocf) 300 return TRUE; 301 switch (ocf) { 302 case OCF_AUTH_REQUESTED: 303 case OCF_SET_CONN_ENCRYPT: 304 if (evt_status->status != 0) { 305 /* Baseband rejected command */ 306 status = evt_status->status; 307 goto failed; 308 } 309 break; 310 default: 311 return TRUE; 312 } 313 /* Wait for the next event */ 314 return TRUE; 315 case EVT_AUTH_COMPLETE: 316 evt_auth = (evt_auth_complete *) body; 317 if (evt_auth->handle != cmd->handle) { 318 /* Skipping */ 319 return TRUE; 320 } 321 322 if (evt_auth->status != 0x00) { 323 status = evt_auth->status; 324 /* Abort encryption */ 325 goto failed; 326 } 327 328 memset(&cp, 0, sizeof(cp)); 329 cp.handle = cmd->handle; 330 cp.encrypt = 1; 331 332 cmd->ocf = OCF_SET_CONN_ENCRYPT; 333 334 if (hci_send_cmd(dd, OGF_LINK_CTL, OCF_SET_CONN_ENCRYPT, 335 SET_CONN_ENCRYPT_CP_SIZE, &cp) < 0) { 336 status = HCI_COMMAND_DISALLOWED; 337 goto failed; 338 } 339 /* Wait for encrypt change event */ 340 return TRUE; 341 case EVT_ENCRYPT_CHANGE: 342 evt_enc = (evt_encrypt_change *) body; 343 if (evt_enc->handle != cmd->handle) 344 return TRUE; 345 346 /* Procedure finished: reporting status */ 347 status = evt_enc->status; 348 break; 349 default: 350 /* Skipping */ 351 return TRUE; 352 } 353 354 failed: 355 cmd->cb(status, cmd->caller_data); 356 g_io_channel_shutdown(io, TRUE, NULL); 357 358 return FALSE; 359 } 360 361 static int write_inq_mode(int index, uint8_t mode) 362 { 363 struct dev_info *dev = &devs[index]; 364 write_inquiry_mode_cp cp; 365 366 memset(&cp, 0, sizeof(cp)); 367 cp.mode = mode; 368 369 if (hci_send_cmd(dev->sk, OGF_HOST_CTL, OCF_WRITE_INQUIRY_MODE, 370 WRITE_INQUIRY_MODE_CP_SIZE, &cp) < 0) 371 return -errno; 372 373 return 0; 374 } 375 376 static uint8_t get_inquiry_mode(int index) 377 { 378 struct dev_info *dev = &devs[index]; 379 380 if (dev->features[6] & LMP_EXT_INQ) 381 return 2; 382 383 if (dev->features[3] & LMP_RSSI_INQ) 384 return 1; 385 386 if (dev->ver.manufacturer == 11 && dev->ver.hci_rev == 0x00 && 387 dev->ver.lmp_subver == 0x0757) 388 return 1; 389 390 if (dev->ver.manufacturer == 15) { 391 if (dev->ver.hci_rev == 0x03 && 392 dev->ver.lmp_subver == 0x6963) 393 return 1; 394 if (dev->ver.hci_rev == 0x09 && 395 dev->ver.lmp_subver == 0x6963) 396 return 1; 397 if (dev->ver.hci_rev == 0x00 && 398 dev->ver.lmp_subver == 0x6965) 399 return 1; 400 } 401 402 if (dev->ver.manufacturer == 31 && dev->ver.hci_rev == 0x2005 && 403 dev->ver.lmp_subver == 0x1805) 404 return 1; 405 406 return 0; 407 } 408 409 static int init_ssp_mode(int index) 410 { 411 struct dev_info *dev = &devs[index]; 412 write_simple_pairing_mode_cp cp; 413 414 if (ioctl(dev->sk, HCIGETAUTHINFO, NULL) < 0 && errno == EINVAL) 415 return 0; 416 417 memset(&cp, 0, sizeof(cp)); 418 cp.mode = 0x01; 419 420 if (hci_send_cmd(dev->sk, OGF_HOST_CTL, 421 OCF_WRITE_SIMPLE_PAIRING_MODE, 422 WRITE_SIMPLE_PAIRING_MODE_CP_SIZE, &cp) < 0) 423 return -errno; 424 425 return 0; 426 } 427 428 static int hciops_set_discoverable(int index, gboolean discoverable) 429 { 430 struct dev_info *dev = &devs[index]; 431 uint8_t mode; 432 433 if (discoverable) 434 mode = (SCAN_PAGE | SCAN_INQUIRY); 435 else 436 mode = SCAN_PAGE; 437 438 DBG("hci%d discoverable %d", index, discoverable); 439 440 if (hci_send_cmd(dev->sk, OGF_HOST_CTL, OCF_WRITE_SCAN_ENABLE, 441 1, &mode) < 0) 442 return -errno; 443 444 return 0; 445 } 446 447 static int hciops_set_pairable(int index, gboolean pairable) 448 { 449 struct btd_adapter *adapter; 450 451 DBG("hci%d pairable %d", index, pairable); 452 453 adapter = manager_find_adapter(&devs[index].bdaddr); 454 if (adapter) 455 btd_adapter_pairable_changed(adapter, pairable); 456 457 devs[index].pairable = pairable; 458 459 return 0; 460 } 461 462 static int hciops_power_off(int index) 463 { 464 struct dev_info *dev = &devs[index]; 465 uint8_t mode; 466 467 DBG("hci%d set scan mode off", index); 468 mode = SCAN_DISABLED; 469 if (hci_send_cmd(dev->sk, OGF_HOST_CTL, OCF_WRITE_SCAN_ENABLE, 470 1, &mode) < 0) 471 return -errno; 472 473 DBG("hci%d HCIDEVDOWN", index); 474 475 if (ioctl(dev->sk, HCIDEVDOWN, index) < 0 && errno != EALREADY) 476 return -errno; 477 478 return 0; 479 } 480 481 static void set_event_mask(int index) 482 { 483 struct dev_info *dev = &devs[index]; 484 /* The second byte is 0xff instead of 0x9f (two reserved bits 485 * disabled) since a Broadcom 1.2 dongle doesn't respond to the 486 * command otherwise */ 487 uint8_t events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 }; 488 489 /* Events for 1.2 and newer controllers */ 490 if (dev->ver.lmp_ver > 1) { 491 events[4] |= 0x01; /* Flow Specification Complete */ 492 events[4] |= 0x02; /* Inquiry Result with RSSI */ 493 events[4] |= 0x04; /* Read Remote Extended Features Complete */ 494 events[5] |= 0x08; /* Synchronous Connection Complete */ 495 events[5] |= 0x10; /* Synchronous Connection Changed */ 496 } 497 498 if (dev->features[3] & LMP_RSSI_INQ) 499 events[4] |= 0x04; /* Inquiry Result with RSSI */ 500 501 if (dev->features[5] & LMP_SNIFF_SUBR) 502 events[5] |= 0x20; /* Sniff Subrating */ 503 504 if (dev->features[5] & LMP_PAUSE_ENC) 505 events[5] |= 0x80; /* Encryption Key Refresh Complete */ 506 507 if (dev->features[6] & LMP_EXT_INQ) 508 events[5] |= 0x40; /* Extended Inquiry Result */ 509 510 if (dev->features[6] & LMP_NFLUSH_PKTS) 511 events[7] |= 0x01; /* Enhanced Flush Complete */ 512 513 if (dev->features[7] & LMP_LSTO) 514 events[6] |= 0x80; /* Link Supervision Timeout Changed */ 515 516 if (dev->features[6] & LMP_SIMPLE_PAIR) { 517 events[6] |= 0x01; /* IO Capability Request */ 518 events[6] |= 0x02; /* IO Capability Response */ 519 events[6] |= 0x04; /* User Confirmation Request */ 520 events[6] |= 0x08; /* User Passkey Request */ 521 events[6] |= 0x10; /* Remote OOB Data Request */ 522 events[6] |= 0x20; /* Simple Pairing Complete */ 523 events[7] |= 0x04; /* User Passkey Notification */ 524 events[7] |= 0x08; /* Keypress Notification */ 525 events[7] |= 0x10; /* Remote Host Supported 526 * Features Notification */ 527 } 528 529 if (dev->features[4] & LMP_LE) 530 events[7] |= 0x20; /* LE Meta-Event */ 531 532 hci_send_cmd(dev->sk, OGF_HOST_CTL, OCF_SET_EVENT_MASK, 533 sizeof(events), events); 534 } 535 536 static void start_adapter(int index) 537 { 538 struct dev_info *dev = &devs[index]; 539 uint8_t inqmode; 540 uint16_t link_policy; 541 542 set_event_mask(index); 543 544 if (dev->features[6] & LMP_SIMPLE_PAIR) 545 init_ssp_mode(index); 546 547 inqmode = get_inquiry_mode(index); 548 if (inqmode) 549 write_inq_mode(index, inqmode); 550 551 if (dev->features[7] & LMP_INQ_TX_PWR) 552 hci_send_cmd(dev->sk, OGF_HOST_CTL, 553 OCF_READ_INQ_RESPONSE_TX_POWER_LEVEL, 0, NULL); 554 555 /* Set default link policy */ 556 link_policy = main_opts.link_policy; 557 558 if (!(dev->features[0] & LMP_RSWITCH)) 559 link_policy &= ~HCI_LP_RSWITCH; 560 if (!(dev->features[0] & LMP_HOLD)) 561 link_policy &= ~HCI_LP_HOLD; 562 if (!(dev->features[0] & LMP_SNIFF)) 563 link_policy &= ~HCI_LP_SNIFF; 564 if (!(dev->features[1] & LMP_PARK)) 565 link_policy &= ~HCI_LP_PARK; 566 567 link_policy = htobs(link_policy); 568 hci_send_cmd(dev->sk, OGF_LINK_POLICY, OCF_WRITE_DEFAULT_LINK_POLICY, 569 sizeof(link_policy), &link_policy); 570 571 dev->current_cod = 0; 572 memset(dev->eir, 0, sizeof(dev->eir)); 573 } 574 575 static int hciops_stop_inquiry(int index) 576 { 577 struct dev_info *dev = &devs[index]; 578 579 DBG("hci%d", index); 580 581 if (hci_send_cmd(dev->sk, OGF_LINK_CTL, OCF_INQUIRY_CANCEL, 0, 0) < 0) 582 return -errno; 583 584 return 0; 585 } 586 587 static gboolean init_adapter(int index) 588 { 589 struct dev_info *dev = &devs[index]; 590 struct btd_adapter *adapter = NULL; 591 gboolean existing_adapter = dev->registered; 592 uint8_t mode, on_mode; 593 gboolean pairable, discoverable; 594 595 if (!dev->registered) { 596 adapter = btd_manager_register_adapter(index); 597 if (adapter) 598 dev->registered = TRUE; 599 } else { 600 adapter = manager_find_adapter(&dev->bdaddr); 601 /* FIXME: manager_find_adapter should return a new ref */ 602 btd_adapter_ref(adapter); 603 } 604 605 if (adapter == NULL) 606 return FALSE; 607 608 btd_adapter_get_mode(adapter, &mode, &on_mode, &pairable); 609 610 if (existing_adapter) 611 mode = on_mode; 612 613 if (mode == MODE_OFF) { 614 hciops_power_off(index); 615 goto done; 616 } 617 618 start_adapter(index); 619 btd_adapter_start(adapter); 620 621 discoverable = (mode == MODE_DISCOVERABLE); 622 623 hciops_set_discoverable(index, discoverable); 624 hciops_set_pairable(index, pairable); 625 626 if (dev->already_up) 627 hciops_stop_inquiry(index); 628 629 done: 630 btd_adapter_unref(adapter); 631 return TRUE; 632 } 633 634 static int hciops_encrypt_link(int index, bdaddr_t *dst, bt_hci_result_t cb, 635 gpointer user_data) 636 { 637 GIOChannel *io; 638 struct hci_cmd_data *cmd; 639 struct hci_conn_info_req *cr; 640 auth_requested_cp cp; 641 struct hci_filter nf; 642 int dd, err; 643 uint32_t link_mode; 644 uint16_t handle; 645 646 dd = hci_open_dev(index); 647 if (dd < 0) 648 return -errno; 649 650 cr = g_malloc0(sizeof(*cr) + sizeof(struct hci_conn_info)); 651 cr->type = ACL_LINK; 652 bacpy(&cr->bdaddr, dst); 653 654 err = ioctl(dd, HCIGETCONNINFO, cr); 655 link_mode = cr->conn_info->link_mode; 656 handle = cr->conn_info->handle; 657 g_free(cr); 658 659 if (err < 0) { 660 err = -errno; 661 goto fail; 662 } 663 664 if (link_mode & HCI_LM_ENCRYPT) { 665 err = -EALREADY; 666 goto fail; 667 } 668 669 memset(&cp, 0, sizeof(cp)); 670 cp.handle = htobs(handle); 671 672 if (hci_send_cmd(dd, OGF_LINK_CTL, OCF_AUTH_REQUESTED, 673 AUTH_REQUESTED_CP_SIZE, &cp) < 0) { 674 err = -errno; 675 goto fail; 676 } 677 678 cmd = g_new0(struct hci_cmd_data, 1); 679 cmd->handle = handle; 680 cmd->ocf = OCF_AUTH_REQUESTED; 681 cmd->cb = cb; 682 cmd->caller_data = user_data; 683 684 hci_filter_clear(&nf); 685 hci_filter_set_ptype(HCI_EVENT_PKT, &nf); 686 hci_filter_set_event(EVT_CMD_STATUS, &nf); 687 hci_filter_set_event(EVT_AUTH_COMPLETE, &nf); 688 hci_filter_set_event(EVT_ENCRYPT_CHANGE, &nf); 689 690 if (setsockopt(dd, SOL_HCI, HCI_FILTER, &nf, sizeof(nf)) < 0) { 691 err = -errno; 692 g_free(cmd); 693 goto fail; 694 } 695 696 io = g_io_channel_unix_new(dd); 697 g_io_channel_set_close_on_unref(io, FALSE); 698 g_io_add_watch_full(io, G_PRIORITY_DEFAULT, 699 G_IO_HUP | G_IO_ERR | G_IO_NVAL | G_IO_IN, 700 hci_event_watch, cmd, g_free); 701 g_io_channel_unref(io); 702 703 return 0; 704 705 fail: 706 close(dd); 707 return err; 708 } 709 710 static int hciops_set_did(int index, uint16_t vendor, uint16_t product, 711 uint16_t version) 712 { 713 struct dev_info *dev = &devs[index]; 714 715 dev->did_vendor = vendor; 716 dev->did_product = product; 717 dev->did_version = version; 718 719 return 0; 720 } 721 722 /* End async HCI command handling */ 723 724 /* Start of HCI event callbacks */ 725 726 static gint conn_handle_cmp(gconstpointer a, gconstpointer b) 727 { 728 const struct bt_conn *conn = a; 729 uint16_t handle = *((const uint16_t *) b); 730 731 return (int) conn->handle - (int) handle; 732 } 733 734 static struct bt_conn *find_conn_by_handle(struct dev_info *dev, 735 uint16_t handle) 736 { 737 GSList *match; 738 739 match = g_slist_find_custom(dev->connections, &handle, 740 conn_handle_cmp); 741 if (match) 742 return match->data; 743 744 return NULL; 745 } 746 747 static gint conn_bdaddr_cmp(gconstpointer a, gconstpointer b) 748 { 749 const struct bt_conn *conn = a; 750 const bdaddr_t *bdaddr = b; 751 752 return bacmp(&conn->bdaddr, bdaddr); 753 } 754 755 static struct bt_conn *find_connection(struct dev_info *dev, bdaddr_t *bdaddr) 756 { 757 GSList *match; 758 759 match = g_slist_find_custom(dev->connections, bdaddr, conn_bdaddr_cmp); 760 if (match) 761 return match->data; 762 763 return NULL; 764 } 765 766 static struct bt_conn *get_connection(struct dev_info *dev, bdaddr_t *bdaddr) 767 { 768 struct bt_conn *conn; 769 770 conn = find_connection(dev, bdaddr); 771 if (conn) 772 return conn; 773 774 conn = g_new0(struct bt_conn, 1); 775 776 conn->dev = dev; 777 conn->loc_cap = dev->io_capability; 778 conn->loc_auth = 0xff; 779 conn->rem_auth = 0xff; 780 bacpy(&conn->bdaddr, bdaddr); 781 782 dev->connections = g_slist_append(dev->connections, conn); 783 784 return conn; 785 } 786 787 static int get_handle(int index, bdaddr_t *bdaddr, uint16_t *handle) 788 { 789 struct dev_info *dev = &devs[index]; 790 struct bt_conn *conn; 791 char addr[18]; 792 793 ba2str(bdaddr, addr); 794 DBG("hci%d dba %s", index, addr); 795 796 conn = find_connection(dev, bdaddr); 797 if (conn == NULL) 798 return -ENOENT; 799 800 *handle = conn->handle; 801 802 return 0; 803 } 804 805 static int disconnect_addr(int index, bdaddr_t *dba, uint8_t reason) 806 { 807 disconnect_cp cp; 808 uint16_t handle; 809 int err; 810 811 err = get_handle(index, dba, &handle); 812 if (err < 0) 813 return err; 814 815 memset(&cp, 0, sizeof(cp)); 816 cp.handle = htobs(handle); 817 cp.reason = reason; 818 819 if (hci_send_cmd(devs[index].sk, OGF_LINK_CTL, OCF_DISCONNECT, 820 DISCONNECT_CP_SIZE, &cp) < 0) 821 return -errno; 822 823 return 0; 824 } 825 826 static void bonding_complete(struct dev_info *dev, struct bt_conn *conn, 827 uint8_t status) 828 { 829 DBG("status 0x%02x", status); 830 831 if (conn->io != NULL) { 832 /* bonding_connect_cb takes care of the successul case */ 833 if (status != 0) 834 g_io_channel_shutdown(conn->io, TRUE, NULL); 835 g_io_channel_unref(conn->io); 836 conn->io = NULL; 837 } 838 839 conn->bonding_initiator = FALSE; 840 841 btd_event_bonding_complete(&dev->bdaddr, &conn->bdaddr, status); 842 } 843 844 static int get_auth_info(int index, bdaddr_t *bdaddr, uint8_t *auth) 845 { 846 struct dev_info *dev = &devs[index]; 847 struct hci_auth_info_req req; 848 char addr[18]; 849 850 ba2str(bdaddr, addr); 851 DBG("hci%d dba %s", index, addr); 852 853 memset(&req, 0, sizeof(req)); 854 bacpy(&req.bdaddr, bdaddr); 855 856 if (ioctl(dev->sk, HCIGETAUTHINFO, (unsigned long) &req) < 0) 857 return -errno; 858 859 if (auth) 860 *auth = req.type; 861 862 return 0; 863 } 864 865 /* Link Key handling */ 866 867 static void link_key_request(int index, bdaddr_t *dba) 868 { 869 struct dev_info *dev = &devs[index]; 870 struct link_key_info *key_info; 871 struct bt_conn *conn; 872 GSList *match; 873 char da[18]; 874 875 ba2str(dba, da); 876 DBG("hci%d dba %s", index, da); 877 878 conn = get_connection(dev, dba); 879 if (conn->handle == 0) 880 conn->secmode3 = TRUE; 881 882 get_auth_info(index, dba, &conn->loc_auth); 883 884 DBG("kernel auth requirements = 0x%02x", conn->loc_auth); 885 886 match = g_slist_find_custom(dev->keys, dba, (GCompareFunc) bacmp); 887 if (match) 888 key_info = match->data; 889 else 890 key_info = NULL; 891 892 DBG("Matching key %s", key_info ? "found" : "not found"); 893 894 if (key_info == NULL || (!dev->debug_keys && key_info->type == 0x03)) { 895 /* Link key not found */ 896 hci_send_cmd(dev->sk, OGF_LINK_CTL, OCF_LINK_KEY_NEG_REPLY, 897 6, dba); 898 return; 899 } 900 901 /* Link key found */ 902 903 DBG("link key type 0x%02x", key_info->type); 904 905 /* Don't use unauthenticated combination keys if MITM is 906 * required */ 907 if (key_info->type == 0x04 && conn->loc_auth != 0xff && 908 (conn->loc_auth & 0x01)) 909 hci_send_cmd(dev->sk, OGF_LINK_CTL, OCF_LINK_KEY_NEG_REPLY, 910 6, dba); 911 else { 912 link_key_reply_cp lr; 913 914 memcpy(lr.link_key, key_info->key, 16); 915 bacpy(&lr.bdaddr, dba); 916 917 hci_send_cmd(dev->sk, OGF_LINK_CTL, OCF_LINK_KEY_REPLY, 918 LINK_KEY_REPLY_CP_SIZE, &lr); 919 } 920 } 921 922 static void link_key_notify(int index, void *ptr) 923 { 924 struct dev_info *dev = &devs[index]; 925 evt_link_key_notify *evt = ptr; 926 bdaddr_t *dba = &evt->bdaddr; 927 struct link_key_info *key_info; 928 uint8_t old_key_type, key_type; 929 struct bt_conn *conn; 930 GSList *match; 931 char da[18]; 932 uint8_t status = 0; 933 934 ba2str(dba, da); 935 DBG("hci%d dba %s type %d", index, da, evt->key_type); 936 937 conn = get_connection(dev, &evt->bdaddr); 938 939 match = g_slist_find_custom(dev->keys, dba, (GCompareFunc) bacmp); 940 if (match) 941 key_info = match->data; 942 else 943 key_info = NULL; 944 945 if (key_info == NULL) { 946 key_info = g_new0(struct link_key_info, 1); 947 bacpy(&key_info->bdaddr, &evt->bdaddr); 948 old_key_type = 0xff; 949 } else { 950 dev->keys = g_slist_remove(dev->keys, key_info); 951 old_key_type = key_info->type; 952 } 953 954 memcpy(key_info->key, evt->link_key, sizeof(evt->link_key)); 955 key_info->type = evt->key_type; 956 key_info->pin_len = dev->pin_length; 957 958 key_type = evt->key_type; 959 960 DBG("key type 0x%02x old key type 0x%02x", key_type, old_key_type); 961 DBG("local auth 0x%02x and remote auth 0x%02x", 962 conn->loc_auth, conn->rem_auth); 963 964 if (key_type == 0x06) { 965 /* Some buggy controller combinations generate a changed 966 * combination key for legacy pairing even when there's no 967 * previous key */ 968 if (conn->rem_auth == 0xff && old_key_type == 0xff) 969 key_type = 0x00; 970 else if (old_key_type != 0xff) 971 key_type = old_key_type; 972 else 973 /* This is Changed Combination Link Key for 974 * a temporary link key.*/ 975 goto done; 976 } 977 978 key_info->type = key_type; 979 980 /* Skip the storage check if this is a debug key */ 981 if (key_type == 0x03) 982 goto done; 983 984 /* Store the link key persistently if one of the following is true: 985 * 1. this is a legacy link key 986 * 2. this is a changed combination key and there was a previously 987 * stored one 988 * 3. neither local nor remote side had no-bonding as a requirement 989 * 4. the local side had dedicated bonding as a requirement 990 * 5. the remote side is using dedicated bonding since in that case 991 * also the local requirements are set to dedicated bonding 992 * If none of the above match only keep the link key around for 993 * this connection and set the temporary flag for the device. 994 */ 995 if (key_type < 0x03 || (key_type == 0x06 && old_key_type != 0xff) || 996 (conn->loc_auth > 0x01 && conn->rem_auth > 0x01) || 997 (conn->loc_auth == 0x02 || conn->loc_auth == 0x03) || 998 (conn->rem_auth == 0x02 || conn->rem_auth == 0x03)) { 999 int err; 1000 1001 err = btd_event_link_key_notify(&dev->bdaddr, dba, 1002 evt->link_key, key_type, 1003 dev->pin_length); 1004 1005 if (err == -ENODEV) 1006 status = HCI_OE_LOW_RESOURCES; 1007 else if (err < 0) 1008 status = HCI_MEMORY_FULL; 1009 1010 goto done; 1011 } 1012 1013 done: 1014 dev->pin_length = 0; 1015 1016 if (status != 0) { 1017 g_free(key_info); 1018 bonding_complete(dev, conn, status); 1019 disconnect_addr(index, dba, status); 1020 return; 1021 } 1022 1023 dev->keys = g_slist_prepend(dev->keys, key_info); 1024 1025 /* If we're connected and not dedicated bonding initiators we're 1026 * done with the bonding process */ 1027 if (!conn->bonding_initiator && conn->handle != 0) 1028 bonding_complete(dev, conn, 0); 1029 } 1030 1031 static void return_link_keys(int index, void *ptr) 1032 { 1033 struct dev_info *dev = &devs[index]; 1034 evt_return_link_keys *evt = ptr; 1035 uint8_t num = evt->num_keys; 1036 unsigned char key[16]; 1037 char da[18]; 1038 bdaddr_t dba; 1039 int i; 1040 1041 DBG("hci%d num_keys %u", index, num); 1042 1043 ptr++; 1044 1045 for (i = 0; i < num; i++) { 1046 bacpy(&dba, ptr); ba2str(&dba, da); 1047 memcpy(key, ptr + 6, 16); 1048 1049 DBG("hci%d returned key for %s", index, da); 1050 1051 btd_event_returned_link_key(&dev->bdaddr, &dba); 1052 1053 ptr += 22; 1054 } 1055 } 1056 1057 /* Simple Pairing handling */ 1058 1059 static int hciops_confirm_reply(int index, bdaddr_t *bdaddr, gboolean success) 1060 { 1061 struct dev_info *dev = &devs[index]; 1062 user_confirm_reply_cp cp; 1063 char addr[18]; 1064 int err; 1065 1066 ba2str(bdaddr, addr); 1067 DBG("hci%d dba %s success %d", index, addr, success); 1068 1069 memset(&cp, 0, sizeof(cp)); 1070 bacpy(&cp.bdaddr, bdaddr); 1071 1072 if (success) 1073 err = hci_send_cmd(dev->sk, OGF_LINK_CTL, 1074 OCF_USER_CONFIRM_REPLY, 1075 USER_CONFIRM_REPLY_CP_SIZE, &cp); 1076 else 1077 err = hci_send_cmd(dev->sk, OGF_LINK_CTL, 1078 OCF_USER_CONFIRM_NEG_REPLY, 1079 USER_CONFIRM_REPLY_CP_SIZE, &cp); 1080 1081 if (err < 0) 1082 err = -errno; 1083 1084 return err; 1085 } 1086 1087 static void user_confirm_request(int index, void *ptr) 1088 { 1089 struct dev_info *dev = &devs[index]; 1090 evt_user_confirm_request *req = ptr; 1091 gboolean loc_mitm, rem_mitm; 1092 struct bt_conn *conn; 1093 struct agent *agent; 1094 1095 DBG("hci%d", index); 1096 1097 conn = find_connection(dev, &req->bdaddr); 1098 if (conn == NULL) 1099 return; 1100 1101 loc_mitm = (conn->loc_auth & 0x01) ? TRUE : FALSE; 1102 rem_mitm = (conn->rem_auth & 0x01) ? TRUE : FALSE; 1103 1104 /* If we require MITM but the remote device can't provide that 1105 * (it has NoInputNoOutput) then reject the confirmation 1106 * request. The only exception is when we're dedicated bonding 1107 * initiators since then we always have the MITM bit set. */ 1108 if (!conn->bonding_initiator && loc_mitm && conn->rem_cap == 0x03) { 1109 error("Rejecting request: remote device can't provide MITM"); 1110 goto fail; 1111 } 1112 1113 /* If local IO capabilities are DisplayYesNo and remote IO 1114 * capabiltiies are DisplayOnly or NoInputNoOutput; 1115 * call PairingConsent callback for incoming requests. */ 1116 if (conn->bonding_initiator == FALSE) { 1117 if ((conn->loc_cap == 0x01) && 1118 (conn->rem_cap == 0x00 || conn->rem_cap == 0x03)) { 1119 if (btd_event_user_consent(&dev->bdaddr, &req->bdaddr) 1120 < 0) 1121 goto fail; 1122 return; 1123 } 1124 } 1125 1126 /* If no side requires MITM protection; auto-accept */ 1127 if ((conn->loc_auth == 0xff || !loc_mitm || conn->rem_cap == 0x03) && 1128 (!rem_mitm || conn->loc_cap == 0x03)) { 1129 DBG("auto accept of confirmation"); 1130 1131 /* Wait 5 milliseconds before doing auto-accept */ 1132 usleep(5000); 1133 1134 if (hciops_confirm_reply(index, &req->bdaddr, TRUE) < 0) 1135 goto fail; 1136 1137 return; 1138 } 1139 1140 if (btd_event_user_confirm(&dev->bdaddr, &req->bdaddr, 1141 btohl(req->passkey)) == 0) 1142 return; 1143 1144 fail: 1145 hci_send_cmd(dev->sk, OGF_LINK_CTL, OCF_USER_CONFIRM_NEG_REPLY, 1146 6, ptr); 1147 } 1148 1149 static void user_passkey_request(int index, void *ptr) 1150 { 1151 struct dev_info *dev = &devs[index]; 1152 evt_user_passkey_request *req = ptr; 1153 1154 DBG("hci%d", index); 1155 1156 if (btd_event_user_passkey(&dev->bdaddr, &req->bdaddr) < 0) 1157 hci_send_cmd(dev->sk, OGF_LINK_CTL, 1158 OCF_USER_PASSKEY_NEG_REPLY, 6, ptr); 1159 } 1160 1161 static void user_passkey_notify(int index, void *ptr) 1162 { 1163 struct dev_info *dev = &devs[index]; 1164 evt_user_passkey_notify *req = ptr; 1165 1166 DBG("hci%d", index); 1167 1168 btd_event_user_notify(&dev->bdaddr, &req->bdaddr, 1169 btohl(req->passkey)); 1170 } 1171 1172 static gint oob_bdaddr_cmp(gconstpointer a, gconstpointer b) 1173 { 1174 const struct oob_data *data = a; 1175 const bdaddr_t *bdaddr = b; 1176 1177 return bacmp(&data->bdaddr, bdaddr); 1178 } 1179 1180 static void remote_oob_data_request(int index, bdaddr_t *bdaddr) 1181 { 1182 struct dev_info *dev = &devs[index]; 1183 GSList *match; 1184 1185 DBG("hci%d", index); 1186 1187 match = g_slist_find_custom(dev->oob_data, bdaddr, oob_bdaddr_cmp); 1188 1189 if (match) { 1190 struct oob_data *data; 1191 remote_oob_data_reply_cp cp; 1192 1193 data = match->data; 1194 1195 bacpy(&cp.bdaddr, &data->bdaddr); 1196 memcpy(cp.hash, data->hash, sizeof(cp.hash)); 1197 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer)); 1198 1199 dev->oob_data = g_slist_delete_link(dev->oob_data, match); 1200 1201 hci_send_cmd(dev->sk, OGF_LINK_CTL, OCF_REMOTE_OOB_DATA_REPLY, 1202 REMOTE_OOB_DATA_REPLY_CP_SIZE, &cp); 1203 1204 } else { 1205 hci_send_cmd(dev->sk, OGF_LINK_CTL, 1206 OCF_REMOTE_OOB_DATA_NEG_REPLY, 6, bdaddr); 1207 } 1208 } 1209 1210 static int get_io_cap(int index, bdaddr_t *bdaddr, uint8_t *cap, uint8_t *auth) 1211 { 1212 struct dev_info *dev = &devs[index]; 1213 struct bt_conn *conn; 1214 int err; 1215 1216 conn = find_connection(dev, bdaddr); 1217 if (conn == NULL) 1218 return -ENOENT; 1219 1220 err = get_auth_info(index, bdaddr, &conn->loc_auth); 1221 if (err < 0) 1222 return err; 1223 1224 DBG("initial authentication requirement is 0x%02x", conn->loc_auth); 1225 1226 if (!dev->pairable && !conn->bonding_initiator) { 1227 if (conn->rem_auth < 0x02) { 1228 DBG("Allowing no bonding in non-bondable mode"); 1229 /* Kernel defaults to general bonding and so 1230 * overwrite for this special case. Otherwise 1231 * non-pairable test cases will fail. */ 1232 conn->loc_auth = conn->rem_auth; 1233 goto done; 1234 } 1235 1236 return -EPERM; 1237 } 1238 1239 /* If the kernel doesn't know the local requirement just mirror 1240 * the remote one */ 1241 if (conn->loc_auth == 0xff) 1242 conn->loc_auth = conn->rem_auth; 1243 1244 if (conn->loc_auth == 0x00 || conn->loc_auth == 0x04) { 1245 /* If remote requests dedicated bonding follow that lead */ 1246 if (conn->rem_auth == 0x02 || conn->rem_auth == 0x03) { 1247 1248 /* If both remote and local IO capabilities allow MITM 1249 * then require it, otherwise don't */ 1250 if (conn->rem_cap == 0x03 || conn->loc_cap == 0x03) 1251 conn->loc_auth = 0x02; 1252 else 1253 conn->loc_auth = 0x03; 1254 } 1255 1256 /* If remote indicates no bonding then follow that. This 1257 * is important since the kernel might give general bonding 1258 * as default. */ 1259 if (conn->rem_auth == 0x00 || conn->rem_auth == 0x01) 1260 conn->loc_auth = 0x00; 1261 1262 /* If remote requires MITM then also require it, unless 1263 * our IO capability is NoInputNoOutput (so some 1264 * just-works security cases can be tested) */ 1265 if (conn->rem_auth != 0xff && (conn->rem_auth & 0x01) && 1266 conn->loc_cap != 0x03) 1267 conn->loc_auth |= 0x01; 1268 } 1269 1270 done: 1271 *cap = conn->loc_cap; 1272 *auth = conn->loc_auth; 1273 1274 DBG("final authentication requirement is 0x%02x", *auth); 1275 1276 return 0; 1277 } 1278 1279 static void io_capa_request(int index, void *ptr) 1280 { 1281 struct dev_info *dev = &devs[index]; 1282 bdaddr_t *dba = ptr; 1283 uint8_t cap, auth = 0xff; 1284 char da[18]; 1285 int err; 1286 1287 ba2str(dba, da); 1288 DBG("hci%d IO capability request for %s", index, da); 1289 1290 err = get_io_cap(index, dba, &cap, &auth); 1291 if (err < 0) { 1292 io_capability_neg_reply_cp cp; 1293 1294 error("Getting IO capability failed: %s (%d)", 1295 strerror(-err), -err); 1296 1297 memset(&cp, 0, sizeof(cp)); 1298 bacpy(&cp.bdaddr, dba); 1299 cp.reason = HCI_PAIRING_NOT_ALLOWED; 1300 hci_send_cmd(dev->sk, OGF_LINK_CTL, 1301 OCF_IO_CAPABILITY_NEG_REPLY, 1302 IO_CAPABILITY_NEG_REPLY_CP_SIZE, &cp); 1303 } else { 1304 io_capability_reply_cp cp; 1305 struct bt_conn *conn; 1306 GSList *match; 1307 1308 memset(&cp, 0, sizeof(cp)); 1309 bacpy(&cp.bdaddr, dba); 1310 cp.capability = cap; 1311 cp.authentication = auth; 1312 1313 conn = find_connection(dev, dba); 1314 match = g_slist_find_custom(dev->oob_data, dba, oob_bdaddr_cmp); 1315 1316 if ((conn->bonding_initiator || conn->rem_oob_data == 0x01) && 1317 match) 1318 cp.oob_data = 0x01; 1319 else 1320 cp.oob_data = 0x00; 1321 1322 hci_send_cmd(dev->sk, OGF_LINK_CTL, OCF_IO_CAPABILITY_REPLY, 1323 IO_CAPABILITY_REPLY_CP_SIZE, &cp); 1324 } 1325 } 1326 1327 static void io_capa_response(int index, void *ptr) 1328 { 1329 struct dev_info *dev = &devs[index]; 1330 evt_io_capability_response *evt = ptr; 1331 struct bt_conn *conn; 1332 char da[18]; 1333 1334 ba2str(&evt->bdaddr, da); 1335 DBG("hci%d IO capability response from %s", index, da); 1336 1337 conn = find_connection(dev, &evt->bdaddr); 1338 if (conn) { 1339 conn->rem_cap = evt->capability; 1340 conn->rem_auth = evt->authentication; 1341 conn->rem_oob_data = evt->oob_data; 1342 } 1343 } 1344 1345 /* PIN code handling */ 1346 1347 static void pin_code_request(int index, bdaddr_t *dba) 1348 { 1349 struct dev_info *dev = &devs[index]; 1350 struct bt_conn *conn; 1351 char addr[18]; 1352 int err; 1353 1354 ba2str(dba, addr); 1355 DBG("hci%d PIN request for %s", index, addr); 1356 1357 conn = get_connection(dev, dba); 1358 if (conn->handle == 0) 1359 conn->secmode3 = TRUE; 1360 1361 /* Check if the adapter is not pairable and if there isn't a bonding in 1362 * progress */ 1363 if (!dev->pairable && !conn->bonding_initiator) { 1364 DBG("Rejecting PIN request in non-pairable mode"); 1365 goto reject; 1366 } 1367 1368 err = btd_event_request_pin(&dev->bdaddr, dba); 1369 if (err < 0) { 1370 error("PIN code negative reply: %s", strerror(-err)); 1371 goto reject; 1372 } 1373 1374 return; 1375 1376 reject: 1377 hci_send_cmd(dev->sk, OGF_LINK_CTL, OCF_PIN_CODE_NEG_REPLY, 6, dba); 1378 } 1379 1380 static inline void remote_features_notify(int index, void *ptr) 1381 { 1382 struct dev_info *dev = &devs[index]; 1383 evt_remote_host_features_notify *evt = ptr; 1384 1385 if (evt->features[0] & 0x01) 1386 btd_event_set_legacy_pairing(&dev->bdaddr, &evt->bdaddr, 1387 FALSE); 1388 else 1389 btd_event_set_legacy_pairing(&dev->bdaddr, &evt->bdaddr, 1390 TRUE); 1391 1392 write_features_info(&dev->bdaddr, &evt->bdaddr, NULL, evt->features); 1393 } 1394 1395 static void write_le_host_complete(int index, uint8_t status) 1396 { 1397 struct dev_info *dev = &devs[index]; 1398 uint8_t page_num = 0x01; 1399 1400 if (status) 1401 return; 1402 1403 if (hci_send_cmd(dev->sk, OGF_INFO_PARAM, 1404 OCF_READ_LOCAL_EXT_FEATURES, 1, &page_num) < 0) 1405 error("Unable to read extended local features: %s (%d)", 1406 strerror(errno), errno); 1407 } 1408 1409 static void read_local_version_complete(int index, 1410 const read_local_version_rp *rp) 1411 { 1412 struct dev_info *dev = &devs[index]; 1413 1414 if (rp->status) 1415 return; 1416 1417 dev->ver.manufacturer = btohs(bt_get_unaligned(&rp->manufacturer)); 1418 dev->ver.hci_ver = rp->hci_ver; 1419 dev->ver.hci_rev = btohs(bt_get_unaligned(&rp->hci_rev)); 1420 dev->ver.lmp_ver = rp->lmp_ver; 1421 dev->ver.lmp_subver = btohs(bt_get_unaligned(&rp->lmp_subver)); 1422 1423 if (!dev->pending) 1424 return; 1425 1426 hci_clear_bit(PENDING_VERSION, &dev->pending); 1427 1428 DBG("Got version for hci%d", index); 1429 1430 if (!dev->pending && dev->up) 1431 init_adapter(index); 1432 } 1433 1434 static void read_local_features_complete(int index, 1435 const read_local_features_rp *rp) 1436 { 1437 struct dev_info *dev = &devs[index]; 1438 1439 if (rp->status) 1440 return; 1441 1442 memcpy(dev->features, rp->features, 8); 1443 1444 if (!dev->pending) 1445 return; 1446 1447 hci_clear_bit(PENDING_FEATURES, &dev->pending); 1448 1449 DBG("Got features for hci%d", index); 1450 1451 if (!dev->pending && dev->up) 1452 init_adapter(index); 1453 } 1454 1455 static void update_ext_inquiry_response(int index) 1456 { 1457 struct dev_info *dev = &devs[index]; 1458 write_ext_inquiry_response_cp cp; 1459 1460 DBG("hci%d", index); 1461 1462 if (!(dev->features[6] & LMP_EXT_INQ)) 1463 return; 1464 1465 if (dev->ssp_mode == 0) 1466 return; 1467 1468 if (dev->cache_enable) 1469 return; 1470 1471 memset(&cp, 0, sizeof(cp)); 1472 1473 eir_create(dev->name, dev->tx_power, dev->did_vendor, dev->did_product, 1474 dev->did_version, dev->uuids, cp.data); 1475 1476 if (memcmp(cp.data, dev->eir, sizeof(cp.data)) == 0) 1477 return; 1478 1479 memcpy(dev->eir, cp.data, sizeof(cp.data)); 1480 1481 if (hci_send_cmd(dev->sk, OGF_HOST_CTL, 1482 OCF_WRITE_EXT_INQUIRY_RESPONSE, 1483 WRITE_EXT_INQUIRY_RESPONSE_CP_SIZE, &cp) < 0) 1484 error("Unable to write EIR data: %s (%d)", 1485 strerror(errno), errno); 1486 } 1487 1488 static void update_name(int index, const char *name) 1489 { 1490 struct btd_adapter *adapter; 1491 1492 adapter = manager_find_adapter_by_id(index); 1493 if (adapter) 1494 adapter_update_local_name(adapter, name); 1495 1496 update_ext_inquiry_response(index); 1497 } 1498 1499 static void read_local_name_complete(int index, read_local_name_rp *rp) 1500 { 1501 struct dev_info *dev = &devs[index]; 1502 1503 DBG("hci%d status %u", index, rp->status); 1504 1505 if (rp->status) 1506 return; 1507 1508 memcpy(dev->name, rp->name, 248); 1509 1510 if (!dev->pending) { 1511 update_name(index, (char *) rp->name); 1512 return; 1513 } 1514 1515 hci_clear_bit(PENDING_NAME, &dev->pending); 1516 1517 DBG("Got name for hci%d", index); 1518 1519 /* Even though it shouldn't happen (assuming the kernel behaves 1520 * properly) it seems like we might miss the very first 1521 * initialization commands that the kernel sends. So check for 1522 * it here (since read_local_name is one of the last init 1523 * commands) and resend the first ones if we haven't seen 1524 * their results yet */ 1525 1526 if (hci_test_bit(PENDING_FEATURES, &dev->pending)) 1527 hci_send_cmd(dev->sk, OGF_INFO_PARAM, 1528 OCF_READ_LOCAL_FEATURES, 0, NULL); 1529 1530 if (hci_test_bit(PENDING_VERSION, &dev->pending)) 1531 hci_send_cmd(dev->sk, OGF_INFO_PARAM, 1532 OCF_READ_LOCAL_VERSION, 0, NULL); 1533 1534 if (!dev->pending && dev->up) 1535 init_adapter(index); 1536 } 1537 1538 static void read_tx_power_complete(int index, void *ptr) 1539 { 1540 struct dev_info *dev = &devs[index]; 1541 1542 read_inq_response_tx_power_level_rp *rp = ptr; 1543 1544 DBG("hci%d status %u", index, rp->status); 1545 1546 if (rp->status) 1547 return; 1548 1549 dev->tx_power = rp->level; 1550 update_ext_inquiry_response(index); 1551 } 1552 1553 static void read_simple_pairing_mode_complete(int index, void *ptr) 1554 { 1555 struct dev_info *dev = &devs[index]; 1556 read_simple_pairing_mode_rp *rp = ptr; 1557 1558 DBG("hci%d status %u", index, rp->status); 1559 1560 if (rp->status) 1561 return; 1562 1563 dev->ssp_mode = rp->mode; 1564 update_ext_inquiry_response(index); 1565 } 1566 1567 static void read_local_ext_features_complete(int index, 1568 const read_local_ext_features_rp *rp) 1569 { 1570 struct dev_info *dev = &devs[index]; 1571 1572 DBG("hci%d status %u", index, rp->status); 1573 1574 if (rp->status) 1575 return; 1576 1577 /* Local Extended feature page number is 1 */ 1578 if (rp->page_num != 1) 1579 return; 1580 1581 memcpy(dev->extfeatures, rp->features, sizeof(dev->extfeatures)); 1582 } 1583 1584 static void read_bd_addr_complete(int index, read_bd_addr_rp *rp) 1585 { 1586 struct dev_info *dev = &devs[index]; 1587 1588 DBG("hci%d status %u", index, rp->status); 1589 1590 if (rp->status) 1591 return; 1592 1593 bacpy(&dev->bdaddr, &rp->bdaddr); 1594 1595 if (!dev->pending) 1596 return; 1597 1598 hci_clear_bit(PENDING_BDADDR, &dev->pending); 1599 1600 DBG("Got bdaddr for hci%d", index); 1601 1602 if (!dev->pending && dev->up) 1603 init_adapter(index); 1604 } 1605 1606 static inline void cs_inquiry_evt(int index, uint8_t status) 1607 { 1608 if (status) { 1609 error("Inquiry Failed with status 0x%02x", status); 1610 return; 1611 } 1612 1613 set_state(index, DISCOV_INQ); 1614 } 1615 1616 static inline void cmd_status(int index, void *ptr) 1617 { 1618 evt_cmd_status *evt = ptr; 1619 uint16_t opcode = btohs(evt->opcode); 1620 1621 if (opcode == cmd_opcode_pack(OGF_LINK_CTL, OCF_INQUIRY)) 1622 cs_inquiry_evt(index, evt->status); 1623 } 1624 1625 static void read_scan_complete(int index, uint8_t status, void *ptr) 1626 { 1627 struct btd_adapter *adapter; 1628 read_scan_enable_rp *rp = ptr; 1629 1630 DBG("hci%d status %u", index, status); 1631 1632 adapter = manager_find_adapter_by_id(index); 1633 if (!adapter) { 1634 error("Unable to find matching adapter"); 1635 return; 1636 } 1637 1638 adapter_mode_changed(adapter, rp->enable); 1639 } 1640 1641 static int write_class(int index, uint32_t class) 1642 { 1643 struct dev_info *dev = &devs[index]; 1644 write_class_of_dev_cp cp; 1645 1646 DBG("hci%d class 0x%06x", index, class); 1647 1648 memcpy(cp.dev_class, &class, 3); 1649 1650 if (hci_send_cmd(dev->sk, OGF_HOST_CTL, OCF_WRITE_CLASS_OF_DEV, 1651 WRITE_CLASS_OF_DEV_CP_SIZE, &cp) < 0) 1652 return -errno; 1653 1654 dev->pending_cod = class; 1655 1656 return 0; 1657 } 1658 1659 /* Limited Discoverable bit mask in CoD */ 1660 #define LIMITED_BIT 0x002000 1661 1662 static int hciops_set_limited_discoverable(int index, gboolean limited) 1663 { 1664 struct dev_info *dev = &devs[index]; 1665 int num = (limited ? 2 : 1); 1666 uint8_t lap[] = { 0x33, 0x8b, 0x9e, 0x00, 0x8b, 0x9e }; 1667 write_current_iac_lap_cp cp; 1668 1669 DBG("hci%d limited %d", index, limited); 1670 1671 /* Check if limited bit needs to be set/reset */ 1672 if (limited) 1673 dev->wanted_cod |= LIMITED_BIT; 1674 else 1675 dev->wanted_cod &= ~LIMITED_BIT; 1676 1677 /* If we dont need the toggling, save an unnecessary CoD write */ 1678 if (dev->pending_cod || dev->wanted_cod == dev->current_cod) 1679 return 0; 1680 1681 /* 1682 * 1: giac 1683 * 2: giac + liac 1684 */ 1685 memset(&cp, 0, sizeof(cp)); 1686 cp.num_current_iac = num; 1687 memcpy(&cp.lap, lap, num * 3); 1688 1689 if (hci_send_cmd(dev->sk, OGF_HOST_CTL, OCF_WRITE_CURRENT_IAC_LAP, 1690 (num * 3 + 1), &cp) < 0) 1691 return -errno; 1692 1693 return write_class(index, dev->wanted_cod); 1694 } 1695 1696 static void write_class_complete(int index, uint8_t status) 1697 { 1698 struct dev_info *dev = &devs[index]; 1699 struct btd_adapter *adapter; 1700 1701 if (status) 1702 return; 1703 1704 if (dev->pending_cod == 0) 1705 return; 1706 1707 dev->current_cod = dev->pending_cod; 1708 dev->pending_cod = 0; 1709 1710 adapter = manager_find_adapter(&dev->bdaddr); 1711 if (adapter) 1712 btd_adapter_class_changed(adapter, dev->current_cod); 1713 1714 update_ext_inquiry_response(index); 1715 1716 if (dev->wanted_cod == dev->current_cod) 1717 return; 1718 1719 if (dev->wanted_cod & LIMITED_BIT && 1720 !(dev->current_cod & LIMITED_BIT)) 1721 hciops_set_limited_discoverable(index, TRUE); 1722 else if (!(dev->wanted_cod & LIMITED_BIT) && 1723 (dev->current_cod & LIMITED_BIT)) 1724 hciops_set_limited_discoverable(index, FALSE); 1725 else 1726 write_class(index, dev->wanted_cod); 1727 } 1728 1729 static void read_local_oob_data_complete(int index, uint8_t status, 1730 read_local_oob_data_rp *rp) 1731 { 1732 struct btd_adapter *adapter = manager_find_adapter_by_id(index); 1733 1734 if (!adapter) 1735 return; 1736 1737 if (status) 1738 oob_read_local_data_complete(adapter, NULL, NULL); 1739 else 1740 oob_read_local_data_complete(adapter, rp->hash, rp->randomizer); 1741 } 1742 1743 static inline void inquiry_complete_evt(int index, uint8_t status) 1744 { 1745 int adapter_type; 1746 struct btd_adapter *adapter; 1747 1748 if (status) { 1749 error("Inquiry Failed with status 0x%02x", status); 1750 return; 1751 } 1752 1753 adapter = manager_find_adapter_by_id(index); 1754 if (!adapter) { 1755 error("No matching adapter found"); 1756 return; 1757 } 1758 1759 adapter_type = get_adapter_type(index); 1760 1761 if (adapter_type == BR_EDR_LE && 1762 adapter_has_discov_sessions(adapter)) { 1763 int err = hciops_start_scanning(index, TIMEOUT_BR_LE_SCAN); 1764 if (err < 0) 1765 set_state(index, DISCOV_HALTED); 1766 } else { 1767 set_state(index, DISCOV_HALTED); 1768 } 1769 } 1770 1771 static inline void cc_inquiry_cancel(int index, uint8_t status) 1772 { 1773 if (status) { 1774 error("Inquiry Cancel Failed with status 0x%02x", status); 1775 return; 1776 } 1777 1778 set_state(index, DISCOV_HALTED); 1779 } 1780 1781 static inline void cc_le_set_scan_enable(int index, uint8_t status) 1782 { 1783 int state; 1784 1785 if (status) { 1786 error("LE Set Scan Enable Failed with status 0x%02x", status); 1787 return; 1788 } 1789 1790 state = get_state(index); 1791 if (state == DISCOV_SCAN) 1792 set_state(index, DISCOV_HALTED); 1793 else 1794 set_state(index, DISCOV_SCAN); 1795 } 1796 1797 static inline void cmd_complete(int index, void *ptr) 1798 { 1799 struct dev_info *dev = &devs[index]; 1800 evt_cmd_complete *evt = ptr; 1801 uint16_t opcode = btohs(evt->opcode); 1802 uint8_t status = *((uint8_t *) ptr + EVT_CMD_COMPLETE_SIZE); 1803 1804 switch (opcode) { 1805 case cmd_opcode_pack(OGF_INFO_PARAM, OCF_READ_LOCAL_VERSION): 1806 ptr += sizeof(evt_cmd_complete); 1807 read_local_version_complete(index, ptr); 1808 break; 1809 case cmd_opcode_pack(OGF_INFO_PARAM, OCF_READ_LOCAL_FEATURES): 1810 ptr += sizeof(evt_cmd_complete); 1811 read_local_features_complete(index, ptr); 1812 break; 1813 case cmd_opcode_pack(OGF_INFO_PARAM, OCF_READ_LOCAL_EXT_FEATURES): 1814 ptr += sizeof(evt_cmd_complete); 1815 read_local_ext_features_complete(index, ptr); 1816 break; 1817 case cmd_opcode_pack(OGF_INFO_PARAM, OCF_READ_BD_ADDR): 1818 ptr += sizeof(evt_cmd_complete); 1819 read_bd_addr_complete(index, ptr); 1820 break; 1821 case cmd_opcode_pack(OGF_LINK_CTL, OCF_INQUIRY_CANCEL): 1822 cc_inquiry_cancel(index, status); 1823 break; 1824 case cmd_opcode_pack(OGF_HOST_CTL, OCF_WRITE_LE_HOST_SUPPORTED): 1825 write_le_host_complete(index, status); 1826 break; 1827 case cmd_opcode_pack(OGF_LE_CTL, OCF_LE_SET_SCAN_ENABLE): 1828 cc_le_set_scan_enable(index, status); 1829 break; 1830 case cmd_opcode_pack(OGF_HOST_CTL, OCF_CHANGE_LOCAL_NAME): 1831 if (!status) 1832 hci_send_cmd(dev->sk, OGF_HOST_CTL, 1833 OCF_READ_LOCAL_NAME, 0, 0); 1834 break; 1835 case cmd_opcode_pack(OGF_HOST_CTL, OCF_WRITE_SCAN_ENABLE): 1836 hci_send_cmd(dev->sk, OGF_HOST_CTL, OCF_READ_SCAN_ENABLE, 1837 0, NULL); 1838 break; 1839 case cmd_opcode_pack(OGF_HOST_CTL, OCF_READ_SCAN_ENABLE): 1840 ptr += sizeof(evt_cmd_complete); 1841 read_scan_complete(index, status, ptr); 1842 break; 1843 case cmd_opcode_pack(OGF_HOST_CTL, OCF_WRITE_CLASS_OF_DEV): 1844 write_class_complete(index, status); 1845 break; 1846 case cmd_opcode_pack(OGF_HOST_CTL, OCF_WRITE_SIMPLE_PAIRING_MODE): 1847 if (!status) 1848 hci_send_cmd(dev->sk, OGF_HOST_CTL, 1849 OCF_READ_SIMPLE_PAIRING_MODE, 0, NULL); 1850 break; 1851 case cmd_opcode_pack(OGF_HOST_CTL, OCF_READ_SIMPLE_PAIRING_MODE): 1852 ptr += sizeof(evt_cmd_complete); 1853 read_simple_pairing_mode_complete(index, ptr); 1854 break; 1855 case cmd_opcode_pack(OGF_HOST_CTL, OCF_READ_LOCAL_NAME): 1856 ptr += sizeof(evt_cmd_complete); 1857 read_local_name_complete(index, ptr); 1858 break; 1859 case cmd_opcode_pack(OGF_HOST_CTL, 1860 OCF_READ_INQ_RESPONSE_TX_POWER_LEVEL): 1861 ptr += sizeof(evt_cmd_complete); 1862 read_tx_power_complete(index, ptr); 1863 break; 1864 case cmd_opcode_pack(OGF_HOST_CTL, OCF_READ_LOCAL_OOB_DATA): 1865 ptr += sizeof(evt_cmd_complete); 1866 read_local_oob_data_complete(index, status, ptr); 1867 break; 1868 }; 1869 } 1870 1871 static inline void remote_name_information(int index, void *ptr) 1872 { 1873 struct dev_info *dev = &devs[index]; 1874 evt_remote_name_req_complete *evt = ptr; 1875 char name[MAX_NAME_LENGTH + 1]; 1876 1877 DBG("hci%d status %u", index, evt->status); 1878 1879 memset(name, 0, sizeof(name)); 1880 1881 if (!evt->status) 1882 memcpy(name, evt->name, MAX_NAME_LENGTH); 1883 1884 btd_event_remote_name(&dev->bdaddr, &evt->bdaddr, evt->status, name); 1885 } 1886 1887 static inline void remote_version_information(int index, void *ptr) 1888 { 1889 struct dev_info *dev = &devs[index]; 1890 evt_read_remote_version_complete *evt = ptr; 1891 struct bt_conn *conn; 1892 1893 DBG("hci%d status %u", index, evt->status); 1894 1895 if (evt->status) 1896 return; 1897 1898 conn = find_conn_by_handle(dev, btohs(evt->handle)); 1899 if (conn == NULL) 1900 return; 1901 1902 write_version_info(&dev->bdaddr, &conn->bdaddr, 1903 btohs(evt->manufacturer), evt->lmp_ver, 1904 btohs(evt->lmp_subver)); 1905 } 1906 1907 static inline void inquiry_result(int index, int plen, void *ptr) 1908 { 1909 struct dev_info *dev = &devs[index]; 1910 uint8_t num = *(uint8_t *) ptr++; 1911 int i; 1912 1913 /* Skip if it is not in Inquiry state */ 1914 if (get_state(index) != DISCOV_INQ) 1915 return; 1916 1917 for (i = 0; i < num; i++) { 1918 inquiry_info *info = ptr; 1919 uint32_t class = info->dev_class[0] | 1920 (info->dev_class[1] << 8) | 1921 (info->dev_class[2] << 16); 1922 1923 btd_event_device_found(&dev->bdaddr, &info->bdaddr, class, 1924 0, NULL); 1925 ptr += INQUIRY_INFO_SIZE; 1926 } 1927 } 1928 1929 static inline void inquiry_result_with_rssi(int index, int plen, void *ptr) 1930 { 1931 struct dev_info *dev = &devs[index]; 1932 uint8_t num = *(uint8_t *) ptr++; 1933 int i; 1934 1935 if (!num) 1936 return; 1937 1938 if ((plen - 1) / num == INQUIRY_INFO_WITH_RSSI_AND_PSCAN_MODE_SIZE) { 1939 for (i = 0; i < num; i++) { 1940 inquiry_info_with_rssi_and_pscan_mode *info = ptr; 1941 uint32_t class = info->dev_class[0] 1942 | (info->dev_class[1] << 8) 1943 | (info->dev_class[2] << 16); 1944 1945 btd_event_device_found(&dev->bdaddr, &info->bdaddr, 1946 class, info->rssi, NULL); 1947 ptr += INQUIRY_INFO_WITH_RSSI_AND_PSCAN_MODE_SIZE; 1948 } 1949 } else { 1950 for (i = 0; i < num; i++) { 1951 inquiry_info_with_rssi *info = ptr; 1952 uint32_t class = info->dev_class[0] 1953 | (info->dev_class[1] << 8) 1954 | (info->dev_class[2] << 16); 1955 1956 btd_event_device_found(&dev->bdaddr, &info->bdaddr, 1957 class, info->rssi, NULL); 1958 ptr += INQUIRY_INFO_WITH_RSSI_SIZE; 1959 } 1960 } 1961 } 1962 1963 static inline void extended_inquiry_result(int index, int plen, void *ptr) 1964 { 1965 struct dev_info *dev = &devs[index]; 1966 uint8_t num = *(uint8_t *) ptr++; 1967 int i; 1968 1969 for (i = 0; i < num; i++) { 1970 extended_inquiry_info *info = ptr; 1971 uint32_t class = info->dev_class[0] 1972 | (info->dev_class[1] << 8) 1973 | (info->dev_class[2] << 16); 1974 1975 btd_event_device_found(&dev->bdaddr, &info->bdaddr, class, 1976 info->rssi, info->data); 1977 ptr += EXTENDED_INQUIRY_INFO_SIZE; 1978 } 1979 } 1980 1981 static inline void remote_features_information(int index, void *ptr) 1982 { 1983 struct dev_info *dev = &devs[index]; 1984 evt_read_remote_features_complete *evt = ptr; 1985 struct bt_conn *conn; 1986 1987 DBG("hci%d status %u", index, evt->status); 1988 1989 if (evt->status) 1990 return; 1991 1992 conn = find_conn_by_handle(dev, btohs(evt->handle)); 1993 if (conn == NULL) 1994 return; 1995 1996 write_features_info(&dev->bdaddr, &conn->bdaddr, evt->features, NULL); 1997 } 1998 1999 struct remote_version_req { 2000 int index; 2001 uint16_t handle; 2002 }; 2003 2004 static gboolean __get_remote_version(gpointer user_data) 2005 { 2006 struct remote_version_req *req = user_data; 2007 struct dev_info *dev = &devs[req->index]; 2008 read_remote_version_cp cp; 2009 2010 DBG("hci%d handle %u", req->index, req->handle); 2011 2012 memset(&cp, 0, sizeof(cp)); 2013 cp.handle = htobs(req->handle); 2014 2015 hci_send_cmd(dev->sk, OGF_LINK_CTL, OCF_READ_REMOTE_VERSION, 2016 READ_REMOTE_VERSION_CP_SIZE, &cp); 2017 2018 return FALSE; 2019 } 2020 2021 static void get_remote_version(int index, uint16_t handle) 2022 { 2023 struct remote_version_req *req; 2024 2025 req = g_new0(struct remote_version_req, 1); 2026 req->handle = handle; 2027 req->index = index; 2028 2029 g_timeout_add_seconds_full(G_PRIORITY_DEFAULT, 1, __get_remote_version, 2030 req, g_free); 2031 } 2032 2033 static void conn_free(struct bt_conn *conn) 2034 { 2035 if (conn->io != NULL) { 2036 g_io_channel_shutdown(conn->io, TRUE, NULL); 2037 g_io_channel_unref(conn->io); 2038 } 2039 2040 g_free(conn); 2041 } 2042 2043 static inline void conn_failed(int index, bdaddr_t *bdaddr, uint8_t status) 2044 { 2045 struct dev_info *dev = &devs[index]; 2046 struct bt_conn *conn; 2047 2048 2049 conn = find_connection(dev, bdaddr); 2050 if (conn == NULL) 2051 return; 2052 2053 bonding_complete(dev, conn, status); 2054 2055 dev->connections = g_slist_remove(dev->connections, conn); 2056 conn_free(conn); 2057 2058 btd_event_conn_failed(&dev->bdaddr, bdaddr, status); 2059 } 2060 2061 static inline void conn_complete(int index, void *ptr) 2062 { 2063 struct dev_info *dev = &devs[index]; 2064 evt_conn_complete *evt = ptr; 2065 char filename[PATH_MAX]; 2066 char local_addr[18], peer_addr[18], *str; 2067 struct bt_conn *conn; 2068 2069 if (evt->link_type != ACL_LINK) 2070 return; 2071 2072 DBG("status 0x%02x", evt->status); 2073 2074 if (evt->status != 0) { 2075 conn_failed(index, &evt->bdaddr, evt->status); 2076 return; 2077 } 2078 2079 conn = get_connection(dev, &evt->bdaddr); 2080 conn->handle = btohs(evt->handle); 2081 2082 btd_event_conn_complete(&dev->bdaddr, &evt->bdaddr); 2083 2084 if (conn->secmode3) 2085 bonding_complete(dev, conn, 0); 2086 2087 /* check if the remote version needs be requested */ 2088 ba2str(&dev->bdaddr, local_addr); 2089 ba2str(&evt->bdaddr, peer_addr); 2090 2091 create_name(filename, sizeof(filename), STORAGEDIR, local_addr, 2092 "manufacturers"); 2093 2094 str = textfile_get(filename, peer_addr); 2095 if (!str) 2096 get_remote_version(index, btohs(evt->handle)); 2097 else 2098 free(str); 2099 } 2100 2101 static inline void le_conn_complete(int index, void *ptr) 2102 { 2103 struct dev_info *dev = &devs[index]; 2104 evt_le_connection_complete *evt = ptr; 2105 char filename[PATH_MAX]; 2106 char local_addr[18], peer_addr[18], *str; 2107 struct bt_conn *conn; 2108 2109 if (evt->status) { 2110 btd_event_conn_failed(&dev->bdaddr, &evt->peer_bdaddr, 2111 evt->status); 2112 return; 2113 } 2114 2115 conn = get_connection(dev, &evt->peer_bdaddr); 2116 conn->handle = btohs(evt->handle); 2117 2118 btd_event_conn_complete(&dev->bdaddr, &evt->peer_bdaddr); 2119 2120 /* check if the remote version needs be requested */ 2121 ba2str(&dev->bdaddr, local_addr); 2122 ba2str(&evt->peer_bdaddr, peer_addr); 2123 2124 create_name(filename, sizeof(filename), STORAGEDIR, local_addr, 2125 "manufacturers"); 2126 2127 str = textfile_get(filename, peer_addr); 2128 if (!str) 2129 get_remote_version(index, btohs(evt->handle)); 2130 else 2131 free(str); 2132 } 2133 2134 static inline void disconn_complete(int index, void *ptr) 2135 { 2136 struct dev_info *dev = &devs[index]; 2137 evt_disconn_complete *evt = ptr; 2138 struct bt_conn *conn; 2139 2140 DBG("handle %u status 0x%02x", btohs(evt->handle), evt->status); 2141 2142 if (evt->status != 0) 2143 return; 2144 2145 conn = find_conn_by_handle(dev, btohs(evt->handle)); 2146 if (conn == NULL) 2147 return; 2148 2149 dev->connections = g_slist_remove(dev->connections, conn); 2150 2151 btd_event_disconn_complete(&dev->bdaddr, &conn->bdaddr); 2152 2153 conn_free(conn); 2154 } 2155 2156 static inline void auth_complete(int index, void *ptr) 2157 { 2158 struct dev_info *dev = &devs[index]; 2159 evt_auth_complete *evt = ptr; 2160 struct bt_conn *conn; 2161 2162 DBG("hci%d status %u", index, evt->status); 2163 2164 conn = find_conn_by_handle(dev, btohs(evt->handle)); 2165 if (conn == NULL) 2166 return; 2167 2168 bonding_complete(dev, conn, evt->status); 2169 } 2170 2171 static inline void simple_pairing_complete(int index, void *ptr) 2172 { 2173 struct dev_info *dev = &devs[index]; 2174 evt_simple_pairing_complete *evt = ptr; 2175 2176 DBG("hci%d status %u", index, evt->status); 2177 2178 btd_event_simple_pairing_complete(&dev->bdaddr, &evt->bdaddr, 2179 evt->status); 2180 } 2181 2182 static inline void conn_request(int index, void *ptr) 2183 { 2184 struct dev_info *dev = &devs[index]; 2185 evt_conn_request *evt = ptr; 2186 uint32_t class = evt->dev_class[0] | (evt->dev_class[1] << 8) 2187 | (evt->dev_class[2] << 16); 2188 2189 btd_event_remote_class(&dev->bdaddr, &evt->bdaddr, class); 2190 } 2191 2192 static inline void le_advertising_report(int index, evt_le_meta_event *meta) 2193 { 2194 struct dev_info *dev = &devs[index]; 2195 le_advertising_info *info; 2196 uint8_t num_reports, rssi, eir[HCI_MAX_EIR_LENGTH]; 2197 const uint8_t RSSI_SIZE = 1; 2198 2199 num_reports = meta->data[0]; 2200 2201 info = (le_advertising_info *) &meta->data[1]; 2202 rssi = *(info->data + info->length); 2203 2204 memset(eir, 0, sizeof(eir)); 2205 memcpy(eir, info->data, info->length); 2206 2207 btd_event_device_found(&dev->bdaddr, &info->bdaddr, 0, rssi, eir); 2208 2209 num_reports--; 2210 2211 while (num_reports--) { 2212 info = (le_advertising_info *) (info->data + info->length + 2213 RSSI_SIZE); 2214 rssi = *(info->data + info->length); 2215 2216 memset(eir, 0, sizeof(eir)); 2217 memcpy(eir, info->data, info->length); 2218 2219 btd_event_device_found(&dev->bdaddr, &info->bdaddr, 0, rssi, 2220 eir); 2221 } 2222 } 2223 2224 static inline void le_metaevent(int index, void *ptr) 2225 { 2226 evt_le_meta_event *meta = ptr; 2227 2228 DBG("hci%d LE Meta Event %u", index, meta->subevent); 2229 2230 switch (meta->subevent) { 2231 case EVT_LE_ADVERTISING_REPORT: 2232 le_advertising_report(index, meta); 2233 break; 2234 2235 case EVT_LE_CONN_COMPLETE: 2236 le_conn_complete(index, meta->data); 2237 break; 2238 } 2239 } 2240 2241 static void stop_hci_dev(int index) 2242 { 2243 struct dev_info *dev = &devs[index]; 2244 2245 if (dev->sk < 0) 2246 return; 2247 2248 info("Stopping hci%d event socket", index); 2249 2250 if (dev->watch_id > 0) 2251 g_source_remove(dev->watch_id); 2252 2253 if (dev->stop_scan_id > 0) 2254 g_source_remove(dev->stop_scan_id); 2255 2256 if (dev->io != NULL) 2257 g_io_channel_unref(dev->io); 2258 2259 hci_close_dev(dev->sk); 2260 2261 g_slist_foreach(dev->keys, (GFunc) g_free, NULL); 2262 g_slist_free(dev->keys); 2263 2264 g_slist_foreach(dev->uuids, (GFunc) g_free, NULL); 2265 g_slist_free(dev->uuids); 2266 2267 g_slist_foreach(dev->connections, (GFunc) conn_free, NULL); 2268 g_slist_free(dev->connections); 2269 2270 init_dev_info(index, -1, dev->registered, dev->already_up); 2271 } 2272 2273 static gboolean io_security_event(GIOChannel *chan, GIOCondition cond, 2274 gpointer data) 2275 { 2276 unsigned char buf[HCI_MAX_EVENT_SIZE], *ptr = buf; 2277 int type, index = GPOINTER_TO_INT(data); 2278 struct dev_info *dev = &devs[index]; 2279 struct hci_dev_info di; 2280 ssize_t len; 2281 hci_event_hdr *eh; 2282 evt_cmd_status *evt; 2283 int fd; 2284 2285 if (cond & (G_IO_NVAL | G_IO_HUP | G_IO_ERR)) { 2286 stop_hci_dev(index); 2287 return FALSE; 2288 } 2289 2290 fd = g_io_channel_unix_get_fd(chan); 2291 2292 len = read(fd, buf, sizeof(buf)); 2293 if (len < 0) { 2294 if (errno == EAGAIN) 2295 return TRUE; 2296 stop_hci_dev(index); 2297 return FALSE; 2298 } 2299 2300 type = *ptr++; 2301 2302 if (type != HCI_EVENT_PKT) 2303 return TRUE; 2304 2305 eh = (hci_event_hdr *) ptr; 2306 ptr += HCI_EVENT_HDR_SIZE; 2307 2308 memset(&di, 0, sizeof(di)); 2309 if (hci_devinfo(index, &di) == 0) { 2310 bacpy(&dev->bdaddr, &di.bdaddr); 2311 2312 if (ignore_device(&di)) 2313 return TRUE; 2314 } 2315 2316 switch (eh->evt) { 2317 case EVT_CMD_STATUS: 2318 cmd_status(index, ptr); 2319 break; 2320 2321 case EVT_CMD_COMPLETE: 2322 cmd_complete(index, ptr); 2323 break; 2324 2325 case EVT_REMOTE_NAME_REQ_COMPLETE: 2326 remote_name_information(index, ptr); 2327 break; 2328 2329 case EVT_READ_REMOTE_VERSION_COMPLETE: 2330 remote_version_information(index, ptr); 2331 break; 2332 2333 case EVT_READ_REMOTE_FEATURES_COMPLETE: 2334 remote_features_information(index, ptr); 2335 break; 2336 2337 case EVT_REMOTE_HOST_FEATURES_NOTIFY: 2338 remote_features_notify(index, ptr); 2339 break; 2340 2341 case EVT_INQUIRY_COMPLETE: 2342 evt = (evt_cmd_status *) ptr; 2343 inquiry_complete_evt(index, evt->status); 2344 break; 2345 2346 case EVT_INQUIRY_RESULT: 2347 inquiry_result(index, eh->plen, ptr); 2348 break; 2349 2350 case EVT_INQUIRY_RESULT_WITH_RSSI: 2351 inquiry_result_with_rssi(index, eh->plen, ptr); 2352 break; 2353 2354 case EVT_EXTENDED_INQUIRY_RESULT: 2355 extended_inquiry_result(index, eh->plen, ptr); 2356 break; 2357 2358 case EVT_CONN_COMPLETE: 2359 conn_complete(index, ptr); 2360 break; 2361 2362 case EVT_DISCONN_COMPLETE: 2363 disconn_complete(index, ptr); 2364 break; 2365 2366 case EVT_AUTH_COMPLETE: 2367 auth_complete(index, ptr); 2368 break; 2369 2370 case EVT_SIMPLE_PAIRING_COMPLETE: 2371 simple_pairing_complete(index, ptr); 2372 break; 2373 2374 case EVT_CONN_REQUEST: 2375 conn_request(index, ptr); 2376 break; 2377 case EVT_LE_META_EVENT: 2378 le_metaevent(index, ptr); 2379 break; 2380 case EVT_PIN_CODE_REQ: 2381 pin_code_request(index, (bdaddr_t *) ptr); 2382 break; 2383 2384 case EVT_LINK_KEY_REQ: 2385 link_key_request(index, (bdaddr_t *) ptr); 2386 break; 2387 2388 case EVT_LINK_KEY_NOTIFY: 2389 link_key_notify(index, ptr); 2390 break; 2391 2392 case EVT_RETURN_LINK_KEYS: 2393 return_link_keys(index, ptr); 2394 break; 2395 2396 case EVT_IO_CAPABILITY_REQUEST: 2397 io_capa_request(index, ptr); 2398 break; 2399 2400 case EVT_IO_CAPABILITY_RESPONSE: 2401 io_capa_response(index, ptr); 2402 break; 2403 2404 case EVT_USER_CONFIRM_REQUEST: 2405 user_confirm_request(index, ptr); 2406 break; 2407 2408 case EVT_USER_PASSKEY_REQUEST: 2409 user_passkey_request(index, ptr); 2410 break; 2411 2412 case EVT_USER_PASSKEY_NOTIFY: 2413 user_passkey_notify(index, ptr); 2414 break; 2415 2416 case EVT_REMOTE_OOB_DATA_REQUEST: 2417 remote_oob_data_request(index, (bdaddr_t *) ptr); 2418 break; 2419 } 2420 2421 return TRUE; 2422 } 2423 2424 static void start_hci_dev(int index) 2425 { 2426 struct dev_info *dev = &devs[index]; 2427 GIOChannel *chan = dev->io; 2428 GIOCondition cond; 2429 struct hci_filter flt; 2430 2431 if (chan) 2432 return; 2433 2434 info("Listening for HCI events on hci%d", index); 2435 2436 /* Set filter */ 2437 hci_filter_clear(&flt); 2438 hci_filter_set_ptype(HCI_EVENT_PKT, &flt); 2439 hci_filter_set_event(EVT_CMD_STATUS, &flt); 2440 hci_filter_set_event(EVT_CMD_COMPLETE, &flt); 2441 hci_filter_set_event(EVT_PIN_CODE_REQ, &flt); 2442 hci_filter_set_event(EVT_LINK_KEY_REQ, &flt); 2443 hci_filter_set_event(EVT_LINK_KEY_NOTIFY, &flt); 2444 hci_filter_set_event(EVT_RETURN_LINK_KEYS, &flt); 2445 hci_filter_set_event(EVT_IO_CAPABILITY_REQUEST, &flt); 2446 hci_filter_set_event(EVT_IO_CAPABILITY_RESPONSE, &flt); 2447 hci_filter_set_event(EVT_USER_CONFIRM_REQUEST, &flt); 2448 hci_filter_set_event(EVT_USER_PASSKEY_REQUEST, &flt); 2449 hci_filter_set_event(EVT_REMOTE_OOB_DATA_REQUEST, &flt); 2450 hci_filter_set_event(EVT_USER_PASSKEY_NOTIFY, &flt); 2451 hci_filter_set_event(EVT_KEYPRESS_NOTIFY, &flt); 2452 hci_filter_set_event(EVT_SIMPLE_PAIRING_COMPLETE, &flt); 2453 hci_filter_set_event(EVT_AUTH_COMPLETE, &flt); 2454 hci_filter_set_event(EVT_REMOTE_NAME_REQ_COMPLETE, &flt); 2455 hci_filter_set_event(EVT_READ_REMOTE_VERSION_COMPLETE, &flt); 2456 hci_filter_set_event(EVT_READ_REMOTE_FEATURES_COMPLETE, &flt); 2457 hci_filter_set_event(EVT_REMOTE_HOST_FEATURES_NOTIFY, &flt); 2458 hci_filter_set_event(EVT_INQUIRY_COMPLETE, &flt); 2459 hci_filter_set_event(EVT_INQUIRY_RESULT, &flt); 2460 hci_filter_set_event(EVT_INQUIRY_RESULT_WITH_RSSI, &flt); 2461 hci_filter_set_event(EVT_EXTENDED_INQUIRY_RESULT, &flt); 2462 hci_filter_set_event(EVT_CONN_REQUEST, &flt); 2463 hci_filter_set_event(EVT_CONN_COMPLETE, &flt); 2464 hci_filter_set_event(EVT_DISCONN_COMPLETE, &flt); 2465 hci_filter_set_event(EVT_LE_META_EVENT, &flt); 2466 if (setsockopt(dev->sk, SOL_HCI, HCI_FILTER, &flt, sizeof(flt)) < 0) { 2467 error("Can't set filter on hci%d: %s (%d)", 2468 index, strerror(errno), errno); 2469 return; 2470 } 2471 2472 chan = g_io_channel_unix_new(dev->sk); 2473 cond = G_IO_IN | G_IO_NVAL | G_IO_HUP | G_IO_ERR; 2474 dev->watch_id = g_io_add_watch_full(chan, G_PRIORITY_LOW, cond, 2475 io_security_event, 2476 GINT_TO_POINTER(index), NULL); 2477 dev->io = chan; 2478 dev->pin_length = 0; 2479 2480 } 2481 2482 /* End of HCI event callbacks */ 2483 2484 static gboolean child_exit(GIOChannel *io, GIOCondition cond, void *user_data) 2485 { 2486 int status, fd = g_io_channel_unix_get_fd(io); 2487 pid_t child_pid; 2488 2489 if (read(fd, &child_pid, sizeof(child_pid)) != sizeof(child_pid)) { 2490 error("child_exit: unable to read child pid from pipe"); 2491 return TRUE; 2492 } 2493 2494 if (waitpid(child_pid, &status, 0) != child_pid) 2495 error("waitpid(%d) failed", child_pid); 2496 else 2497 DBG("child %d exited", child_pid); 2498 2499 return TRUE; 2500 } 2501 2502 static void at_child_exit(void) 2503 { 2504 pid_t pid = getpid(); 2505 2506 if (write(child_pipe[1], &pid, sizeof(pid)) != sizeof(pid)) 2507 error("unable to write to child pipe"); 2508 } 2509 2510 static void device_devup_setup(int index) 2511 { 2512 struct dev_info *dev = &devs[index]; 2513 struct hci_dev_info di; 2514 read_stored_link_key_cp cp; 2515 2516 DBG("hci%d", index); 2517 2518 if (hci_devinfo(index, &di) < 0) 2519 return; 2520 2521 if (ignore_device(&di)) 2522 return; 2523 2524 bacpy(&dev->bdaddr, &di.bdaddr); 2525 memcpy(dev->features, di.features, 8); 2526 2527 /* Set page timeout */ 2528 if ((main_opts.flags & (1 << HCID_SET_PAGETO))) { 2529 write_page_timeout_cp cp; 2530 2531 cp.timeout = htobs(main_opts.pageto); 2532 hci_send_cmd(dev->sk, OGF_HOST_CTL, OCF_WRITE_PAGE_TIMEOUT, 2533 WRITE_PAGE_TIMEOUT_CP_SIZE, &cp); 2534 } 2535 2536 bacpy(&cp.bdaddr, BDADDR_ANY); 2537 cp.read_all = 1; 2538 hci_send_cmd(dev->sk, OGF_HOST_CTL, OCF_READ_STORED_LINK_KEY, 2539 READ_STORED_LINK_KEY_CP_SIZE, &cp); 2540 2541 if (!dev->pending) 2542 init_adapter(index); 2543 } 2544 2545 static void init_pending(int index) 2546 { 2547 struct dev_info *dev = &devs[index]; 2548 2549 hci_set_bit(PENDING_BDADDR, &dev->pending); 2550 hci_set_bit(PENDING_VERSION, &dev->pending); 2551 hci_set_bit(PENDING_FEATURES, &dev->pending); 2552 hci_set_bit(PENDING_NAME, &dev->pending); 2553 } 2554 2555 static struct dev_info *init_device(int index, gboolean already_up) 2556 { 2557 struct dev_info *dev; 2558 struct hci_dev_req dr; 2559 int dd; 2560 pid_t pid; 2561 2562 DBG("hci%d", index); 2563 2564 dd = hci_open_dev(index); 2565 if (dd < 0) { 2566 error("Unable to open hci%d: %s (%d)", index, 2567 strerror(errno), errno); 2568 return NULL; 2569 } 2570 2571 if (index > max_dev) { 2572 max_dev = index; 2573 devs = g_realloc(devs, sizeof(devs[0]) * (max_dev + 1)); 2574 } 2575 2576 dev = init_dev_info(index, dd, FALSE, already_up); 2577 init_pending(index); 2578 start_hci_dev(index); 2579 2580 /* Avoid forking if nothing else has to be done */ 2581 if (already_up) 2582 return dev; 2583 2584 /* Do initialization in the separate process */ 2585 pid = fork(); 2586 switch (pid) { 2587 case 0: 2588 atexit(at_child_exit); 2589 break; 2590 case -1: 2591 error("Fork failed. Can't init device hci%d: %s (%d)", 2592 index, strerror(errno), errno); 2593 default: 2594 DBG("child %d forked", pid); 2595 return dev; 2596 } 2597 2598 memset(&dr, 0, sizeof(dr)); 2599 dr.dev_id = index; 2600 2601 /* Set link mode */ 2602 dr.dev_opt = main_opts.link_mode; 2603 if (ioctl(dd, HCISETLINKMODE, (unsigned long) &dr) < 0) 2604 error("Can't set link mode on hci%d: %s (%d)", 2605 index, strerror(errno), errno); 2606 2607 /* Start HCI device */ 2608 if (ioctl(dd, HCIDEVUP, index) < 0 && errno != EALREADY) { 2609 error("Can't init device hci%d: %s (%d)", 2610 index, strerror(errno), errno); 2611 goto fail; 2612 } 2613 2614 hci_close_dev(dd); 2615 exit(0); 2616 2617 fail: 2618 hci_close_dev(dd); 2619 exit(1); 2620 } 2621 2622 static void init_conn_list(int index) 2623 { 2624 struct dev_info *dev = &devs[index]; 2625 struct hci_conn_list_req *cl; 2626 struct hci_conn_info *ci; 2627 int i; 2628 2629 DBG("hci%d", index); 2630 2631 cl = g_malloc0(10 * sizeof(*ci) + sizeof(*cl)); 2632 2633 cl->dev_id = index; 2634 cl->conn_num = 10; 2635 ci = cl->conn_info; 2636 2637 if (ioctl(dev->sk, HCIGETCONNLIST, cl) < 0) { 2638 error("Unable to get connection list: %s (%d)", 2639 strerror(errno), errno); 2640 goto failed; 2641 } 2642 2643 for (i = 0; i < cl->conn_num; i++, ci++) { 2644 struct bt_conn *conn; 2645 2646 if (ci->type != ACL_LINK) 2647 continue; 2648 2649 conn = get_connection(dev, &ci->bdaddr); 2650 conn->handle = ci->handle; 2651 } 2652 2653 failed: 2654 g_free(cl); 2655 } 2656 2657 static void device_event(int event, int index) 2658 { 2659 switch (event) { 2660 case HCI_DEV_REG: 2661 info("HCI dev %d registered", index); 2662 init_device(index, FALSE); 2663 break; 2664 2665 case HCI_DEV_UNREG: 2666 info("HCI dev %d unregistered", index); 2667 stop_hci_dev(index); 2668 if (devs[index].registered) 2669 btd_manager_unregister_adapter(index); 2670 break; 2671 2672 case HCI_DEV_UP: 2673 info("HCI dev %d up", index); 2674 devs[index].up = TRUE; 2675 device_devup_setup(index); 2676 break; 2677 2678 case HCI_DEV_DOWN: 2679 info("HCI dev %d down", index); 2680 devs[index].up = FALSE; 2681 devs[index].pending_cod = 0; 2682 devs[index].cache_enable = TRUE; 2683 if (!devs[index].pending) { 2684 struct btd_adapter *adapter; 2685 2686 adapter = manager_find_adapter_by_id(index); 2687 if (adapter) 2688 btd_adapter_stop(adapter); 2689 2690 init_pending(index); 2691 } 2692 break; 2693 } 2694 } 2695 2696 static gboolean init_known_adapters(gpointer user_data) 2697 { 2698 struct hci_dev_list_req *dl; 2699 struct hci_dev_req *dr; 2700 int i, err, ctl = GPOINTER_TO_INT(user_data); 2701 size_t req_size; 2702 2703 DBG(""); 2704 2705 req_size = HCI_MAX_DEV * sizeof(struct hci_dev_req) + sizeof(uint16_t); 2706 2707 dl = g_try_malloc0(req_size); 2708 if (!dl) { 2709 error("Can't allocate devlist buffer"); 2710 return FALSE; 2711 } 2712 2713 dl->dev_num = HCI_MAX_DEV; 2714 dr = dl->dev_req; 2715 2716 if (ioctl(ctl, HCIGETDEVLIST, dl) < 0) { 2717 err = -errno; 2718 error("Can't get device list: %s (%d)", strerror(-err), -err); 2719 g_free(dl); 2720 return FALSE; 2721 } 2722 2723 for (i = 0; i < dl->dev_num; i++, dr++) { 2724 struct dev_info *dev; 2725 gboolean already_up; 2726 2727 already_up = hci_test_bit(HCI_UP, &dr->dev_opt); 2728 2729 dev = init_device(dr->dev_id, already_up); 2730 if (dev == NULL) 2731 continue; 2732 2733 if (!dev->already_up) 2734 continue; 2735 2736 init_conn_list(dr->dev_id); 2737 2738 dev->pending = 0; 2739 hci_set_bit(PENDING_VERSION, &dev->pending); 2740 hci_send_cmd(dev->sk, OGF_INFO_PARAM, 2741 OCF_READ_LOCAL_VERSION, 0, NULL); 2742 device_event(HCI_DEV_UP, dr->dev_id); 2743 } 2744 2745 g_free(dl); 2746 2747 return FALSE; 2748 } 2749 2750 static gboolean io_stack_event(GIOChannel *chan, GIOCondition cond, 2751 gpointer data) 2752 { 2753 unsigned char buf[HCI_MAX_FRAME_SIZE], *ptr; 2754 evt_stack_internal *si; 2755 evt_si_device *sd; 2756 hci_event_hdr *eh; 2757 int type, fd; 2758 ssize_t len; 2759 2760 ptr = buf; 2761 2762 fd = g_io_channel_unix_get_fd(chan); 2763 2764 len = read(fd, buf, sizeof(buf)); 2765 if (len < 0) { 2766 if (errno == EAGAIN) 2767 return TRUE; 2768 2769 error("Read from control socket failed: %s (%d)", 2770 strerror(errno), errno); 2771 return FALSE; 2772 } 2773 2774 type = *ptr++; 2775 2776 if (type != HCI_EVENT_PKT) 2777 return TRUE; 2778 2779 eh = (hci_event_hdr *) ptr; 2780 if (eh->evt != EVT_STACK_INTERNAL) 2781 return TRUE; 2782 2783 ptr += HCI_EVENT_HDR_SIZE; 2784 2785 si = (evt_stack_internal *) ptr; 2786 switch (si->type) { 2787 case EVT_SI_DEVICE: 2788 sd = (void *) &si->data; 2789 device_event(sd->event, sd->dev_id); 2790 break; 2791 } 2792 2793 return TRUE; 2794 } 2795 2796 static int hciops_setup(void) 2797 { 2798 struct sockaddr_hci addr; 2799 struct hci_filter flt; 2800 GIOChannel *ctl_io, *child_io; 2801 int sock, err; 2802 2803 DBG(""); 2804 2805 if (child_pipe[0] != -1) 2806 return -EALREADY; 2807 2808 if (pipe(child_pipe) < 0) { 2809 err = -errno; 2810 error("pipe(): %s (%d)", strerror(-err), -err); 2811 return err; 2812 } 2813 2814 child_io = g_io_channel_unix_new(child_pipe[0]); 2815 g_io_channel_set_close_on_unref(child_io, TRUE); 2816 child_io_id = g_io_add_watch(child_io, 2817 G_IO_IN | G_IO_ERR | G_IO_HUP | G_IO_NVAL, 2818 child_exit, NULL); 2819 g_io_channel_unref(child_io); 2820 2821 /* Create and bind HCI socket */ 2822 sock = socket(AF_BLUETOOTH, SOCK_RAW, BTPROTO_HCI); 2823 if (sock < 0) { 2824 err = -errno; 2825 error("Can't open HCI socket: %s (%d)", strerror(-err), 2826 -err); 2827 return err; 2828 } 2829 2830 /* Set filter */ 2831 hci_filter_clear(&flt); 2832 hci_filter_set_ptype(HCI_EVENT_PKT, &flt); 2833 hci_filter_set_event(EVT_STACK_INTERNAL, &flt); 2834 if (setsockopt(sock, SOL_HCI, HCI_FILTER, &flt, sizeof(flt)) < 0) { 2835 err = -errno; 2836 error("Can't set filter: %s (%d)", strerror(-err), -err); 2837 return err; 2838 } 2839 2840 memset(&addr, 0, sizeof(addr)); 2841 addr.hci_family = AF_BLUETOOTH; 2842 addr.hci_dev = HCI_DEV_NONE; 2843 if (bind(sock, (struct sockaddr *) &addr, sizeof(addr)) < 0) { 2844 err = -errno; 2845 error("Can't bind HCI socket: %s (%d)", strerror(-err), -err); 2846 return err; 2847 } 2848 2849 ctl_io = g_io_channel_unix_new(sock); 2850 g_io_channel_set_close_on_unref(ctl_io, TRUE); 2851 2852 ctl_io_id = g_io_add_watch(ctl_io, G_IO_IN, io_stack_event, NULL); 2853 2854 g_io_channel_unref(ctl_io); 2855 2856 g_idle_add(init_known_adapters, GINT_TO_POINTER(sock)); 2857 2858 return 0; 2859 } 2860 2861 static void hciops_cleanup(void) 2862 { 2863 int i; 2864 2865 DBG(""); 2866 2867 for (i = 0; i <= max_dev; i++) 2868 stop_hci_dev(i); 2869 2870 g_free(devs); 2871 devs = NULL; 2872 max_dev = -1; 2873 2874 if (child_io_id) { 2875 g_source_remove(child_io_id); 2876 child_io_id = 0; 2877 } 2878 2879 if (ctl_io_id) { 2880 g_source_remove(ctl_io_id); 2881 ctl_io_id = 0; 2882 } 2883 2884 if (child_pipe[0] >= 0) { 2885 close(child_pipe[0]); 2886 child_pipe[0] = -1; 2887 } 2888 2889 if (child_pipe[1] >= 0) { 2890 close(child_pipe[1]); 2891 child_pipe[1] = -1; 2892 } 2893 } 2894 2895 static int hciops_set_powered(int index, gboolean powered) 2896 { 2897 struct dev_info *dev = &devs[index]; 2898 int err; 2899 2900 DBG("hci%d powered %d", index, powered); 2901 2902 if (powered == FALSE) 2903 return hciops_power_off(index); 2904 2905 if (ioctl(dev->sk, HCIDEVUP, index) == 0) 2906 return 0; 2907 2908 if (errno == EALREADY) 2909 return 0; 2910 2911 err = -errno; 2912 error("Can't init device hci%d: %s (%d)", 2913 index, strerror(-err), -err); 2914 2915 return err; 2916 } 2917 2918 static int hciops_set_dev_class(int index, uint8_t major, uint8_t minor) 2919 { 2920 struct dev_info *dev = &devs[index]; 2921 int err; 2922 2923 DBG("hci%d major %u minor %u", index, major, minor); 2924 2925 /* Update only the major and minor class bits keeping remaining bits 2926 * intact*/ 2927 dev->wanted_cod &= 0xffe000; 2928 dev->wanted_cod |= ((major & 0x1f) << 8) | minor; 2929 2930 if (dev->wanted_cod == dev->current_cod || 2931 dev->cache_enable || dev->pending_cod) 2932 return 0; 2933 2934 DBG("Changing Major/Minor class to 0x%06x", dev->wanted_cod); 2935 2936 err = write_class(index, dev->wanted_cod); 2937 if (err < 0) 2938 error("Adapter class update failed: %s (%d)", 2939 strerror(-err), -err); 2940 2941 return err; 2942 } 2943 2944 static int hciops_start_inquiry(int index, uint8_t length) 2945 { 2946 struct dev_info *dev = &devs[index]; 2947 uint8_t lap[3] = { 0x33, 0x8b, 0x9e }; 2948 inquiry_cp inq_cp; 2949 2950 DBG("hci%d length %u", index, length); 2951 2952 memset(&inq_cp, 0, sizeof(inq_cp)); 2953 memcpy(&inq_cp.lap, lap, 3); 2954 inq_cp.length = length; 2955 inq_cp.num_rsp = 0x00; 2956 2957 if (hci_send_cmd(dev->sk, OGF_LINK_CTL, 2958 OCF_INQUIRY, INQUIRY_CP_SIZE, &inq_cp) < 0) 2959 return -errno; 2960 2961 return 0; 2962 } 2963 2964 static int le_set_scan_enable(int index, uint8_t enable) 2965 { 2966 struct dev_info *dev = &devs[index]; 2967 le_set_scan_enable_cp cp; 2968 2969 DBG("hci%d enable %u", index, enable); 2970 2971 memset(&cp, 0, sizeof(cp)); 2972 cp.enable = enable; 2973 cp.filter_dup = 0; 2974 2975 if (hci_send_cmd(dev->sk, OGF_LE_CTL, OCF_LE_SET_SCAN_ENABLE, 2976 LE_SET_SCAN_ENABLE_CP_SIZE, &cp) < 0) 2977 return -errno; 2978 2979 return 0; 2980 } 2981 2982 static gboolean stop_le_scan_cb(gpointer user_data) 2983 { 2984 struct dev_info *dev = user_data; 2985 int err; 2986 2987 err = le_set_scan_enable(dev->id, 0); 2988 if (err < 0) 2989 return TRUE; 2990 2991 dev->stop_scan_id = 0; 2992 2993 return FALSE; 2994 } 2995 2996 static int hciops_start_scanning(int index, int timeout) 2997 { 2998 struct dev_info *dev = &devs[index]; 2999 le_set_scan_parameters_cp cp; 3000 int err; 3001 3002 DBG("hci%d", index); 3003 3004 memset(&cp, 0, sizeof(cp)); 3005 cp.type = 0x01; /* Active scanning */ 3006 /* The recommended value for scan interval and window is 11.25 msec. 3007 * It is calculated by: time = n * 0.625 msec */ 3008 cp.interval = htobs(0x0012); 3009 cp.window = htobs(0x0012); 3010 cp.own_bdaddr_type = 0; /* Public address */ 3011 cp.filter = 0; /* Accept all adv packets */ 3012 3013 if (hci_send_cmd(dev->sk, OGF_LE_CTL, OCF_LE_SET_SCAN_PARAMETERS, 3014 LE_SET_SCAN_PARAMETERS_CP_SIZE, &cp) < 0) 3015 return -errno; 3016 3017 err = le_set_scan_enable(index, 1); 3018 if (err < 0) 3019 return err; 3020 3021 /* Schedule a le scan disable in 'timeout' milliseconds */ 3022 dev->stop_scan_id = g_timeout_add(timeout, stop_le_scan_cb, dev); 3023 3024 return 0; 3025 } 3026 3027 static int hciops_stop_scanning(int index) 3028 { 3029 struct dev_info *dev = &devs[index]; 3030 3031 DBG("hci%d", index); 3032 3033 if (dev->stop_scan_id > 0) { 3034 g_source_remove(dev->stop_scan_id); 3035 dev->stop_scan_id = 0; 3036 } 3037 3038 return le_set_scan_enable(index, 0); 3039 } 3040 3041 static int hciops_resolve_name(int index, bdaddr_t *bdaddr) 3042 { 3043 struct dev_info *dev = &devs[index]; 3044 remote_name_req_cp cp; 3045 char addr[18]; 3046 3047 ba2str(bdaddr, addr); 3048 DBG("hci%d dba %s", index, addr); 3049 3050 memset(&cp, 0, sizeof(cp)); 3051 bacpy(&cp.bdaddr, bdaddr); 3052 cp.pscan_rep_mode = 0x02; 3053 3054 if (hci_send_cmd(dev->sk, OGF_LINK_CTL, OCF_REMOTE_NAME_REQ, 3055 REMOTE_NAME_REQ_CP_SIZE, &cp) < 0) 3056 return -errno; 3057 3058 return 0; 3059 } 3060 3061 static int hciops_set_name(int index, const char *name) 3062 { 3063 struct dev_info *dev = &devs[index]; 3064 change_local_name_cp cp; 3065 3066 DBG("hci%d, name %s", index, name); 3067 3068 memset(&cp, 0, sizeof(cp)); 3069 strncpy((char *) cp.name, name, sizeof(cp.name)); 3070 3071 if (hci_send_cmd(dev->sk, OGF_HOST_CTL, OCF_CHANGE_LOCAL_NAME, 3072 CHANGE_LOCAL_NAME_CP_SIZE, &cp) < 0) 3073 return -errno; 3074 3075 memcpy(dev->name, cp.name, 248); 3076 update_ext_inquiry_response(index); 3077 3078 return 0; 3079 } 3080 3081 static int hciops_cancel_resolve_name(int index, bdaddr_t *bdaddr) 3082 { 3083 struct dev_info *dev = &devs[index]; 3084 remote_name_req_cancel_cp cp; 3085 char addr[18]; 3086 3087 ba2str(bdaddr, addr); 3088 DBG("hci%d dba %s", index, addr); 3089 3090 memset(&cp, 0, sizeof(cp)); 3091 bacpy(&cp.bdaddr, bdaddr); 3092 3093 if (hci_send_cmd(dev->sk, OGF_LINK_CTL, OCF_REMOTE_NAME_REQ_CANCEL, 3094 REMOTE_NAME_REQ_CANCEL_CP_SIZE, &cp) < 0) 3095 return -errno; 3096 3097 return 0; 3098 } 3099 3100 static int hciops_start_discovery(int index) 3101 { 3102 int adapter_type = get_adapter_type(index); 3103 3104 switch (adapter_type) { 3105 case BR_EDR_LE: 3106 return hciops_start_inquiry(index, LENGTH_BR_LE_INQ); 3107 case BR_EDR: 3108 return hciops_start_inquiry(index, LENGTH_BR_INQ); 3109 case LE_ONLY: 3110 return hciops_start_scanning(index, TIMEOUT_LE_SCAN); 3111 default: 3112 return -EINVAL; 3113 } 3114 } 3115 3116 static int hciops_stop_discovery(int index) 3117 { 3118 struct dev_info *dev = &devs[index]; 3119 3120 DBG("index %d", index); 3121 3122 switch (dev->discov_state) { 3123 case DISCOV_INQ: 3124 return hciops_stop_inquiry(index); 3125 case DISCOV_SCAN: 3126 return hciops_stop_scanning(index); 3127 default: 3128 return -EINVAL; 3129 } 3130 } 3131 3132 static int hciops_fast_connectable(int index, gboolean enable) 3133 { 3134 struct dev_info *dev = &devs[index]; 3135 write_page_activity_cp cp; 3136 uint8_t type; 3137 3138 DBG("hci%d enable %d", index, enable); 3139 3140 if (enable) { 3141 type = PAGE_SCAN_TYPE_INTERLACED; 3142 cp.interval = 0x0024; /* 22.5 msec page scan interval */ 3143 } else { 3144 type = PAGE_SCAN_TYPE_STANDARD; /* default */ 3145 cp.interval = 0x0800; /* default 1.28 sec page scan */ 3146 } 3147 3148 cp.window = 0x0012; /* default 11.25 msec page scan window */ 3149 3150 if (hci_send_cmd(dev->sk, OGF_HOST_CTL, OCF_WRITE_PAGE_ACTIVITY, 3151 WRITE_PAGE_ACTIVITY_CP_SIZE, &cp) < 0) 3152 return -errno; 3153 else if (hci_send_cmd(dev->sk, OGF_HOST_CTL, 3154 OCF_WRITE_PAGE_SCAN_TYPE, 1, &type) < 0) 3155 return -errno; 3156 3157 return 0; 3158 } 3159 3160 static int hciops_read_clock(int index, bdaddr_t *bdaddr, int which, 3161 int timeout, uint32_t *clock, 3162 uint16_t *accuracy) 3163 { 3164 struct dev_info *dev = &devs[index]; 3165 uint16_t handle = 0; 3166 char addr[18]; 3167 int ret; 3168 3169 ba2str(bdaddr, addr); 3170 DBG("hci%d addr %s which %d timeout %d", index, addr, which, timeout); 3171 3172 ret = get_handle(index, bdaddr, &handle); 3173 if (ret < 0) 3174 return ret; 3175 3176 if (hci_read_clock(dev->sk, htobs(handle), which, clock, accuracy, 3177 timeout) < 0) 3178 return -errno; 3179 3180 return 0; 3181 } 3182 3183 static int hciops_read_bdaddr(int index, bdaddr_t *bdaddr) 3184 { 3185 struct dev_info *dev = &devs[index]; 3186 3187 DBG("hci%d", index); 3188 3189 bacpy(bdaddr, &dev->bdaddr); 3190 3191 return 0; 3192 } 3193 3194 static int hciops_block_device(int index, bdaddr_t *bdaddr) 3195 { 3196 struct dev_info *dev = &devs[index]; 3197 char addr[18]; 3198 3199 ba2str(bdaddr, addr); 3200 DBG("hci%d dba %s", index, addr); 3201 3202 if (ioctl(dev->sk, HCIBLOCKADDR, bdaddr) < 0) 3203 return -errno; 3204 3205 return 0; 3206 } 3207 3208 static int hciops_unblock_device(int index, bdaddr_t *bdaddr) 3209 { 3210 struct dev_info *dev = &devs[index]; 3211 char addr[18]; 3212 3213 ba2str(bdaddr, addr); 3214 DBG("hci%d dba %s", index, addr); 3215 3216 if (ioctl(dev->sk, HCIUNBLOCKADDR, bdaddr) < 0) 3217 return -errno; 3218 3219 return 0; 3220 } 3221 3222 static int hciops_get_conn_list(int index, GSList **conns) 3223 { 3224 struct dev_info *dev = &devs[index]; 3225 GSList *l; 3226 3227 DBG("hci%d", index); 3228 3229 *conns = NULL; 3230 3231 for (l = dev->connections; l != NULL; l = g_slist_next(l)) { 3232 struct bt_conn *conn = l->data; 3233 3234 *conns = g_slist_append(*conns, 3235 g_memdup(&conn->bdaddr, sizeof(bdaddr_t))); 3236 } 3237 3238 return 0; 3239 } 3240 3241 static int hciops_read_local_features(int index, uint8_t *features) 3242 { 3243 struct dev_info *dev = &devs[index]; 3244 3245 DBG("hci%d", index); 3246 3247 memcpy(features, dev->features, 8); 3248 3249 return 0; 3250 } 3251 3252 static int hciops_disconnect(int index, bdaddr_t *bdaddr) 3253 { 3254 DBG("hci%d", index); 3255 3256 return disconnect_addr(index, bdaddr, HCI_OE_USER_ENDED_CONNECTION); 3257 } 3258 3259 static int hciops_remove_bonding(int index, bdaddr_t *bdaddr) 3260 { 3261 struct dev_info *dev = &devs[index]; 3262 delete_stored_link_key_cp cp; 3263 GSList *match; 3264 char addr[18]; 3265 3266 ba2str(bdaddr, addr); 3267 DBG("hci%d dba %s", index, addr); 3268 3269 match = g_slist_find_custom(dev->keys, bdaddr, (GCompareFunc) bacmp); 3270 if (match) { 3271 g_free(match->data); 3272 dev->keys = g_slist_delete_link(dev->keys, match); 3273 } 3274 3275 memset(&cp, 0, sizeof(cp)); 3276 bacpy(&cp.bdaddr, bdaddr); 3277 3278 /* Delete the link key from the Bluetooth chip */ 3279 if (hci_send_cmd(dev->sk, OGF_HOST_CTL, OCF_DELETE_STORED_LINK_KEY, 3280 DELETE_STORED_LINK_KEY_CP_SIZE, &cp) < 0) 3281 return -errno; 3282 3283 return 0; 3284 } 3285 3286 static int hciops_pincode_reply(int index, bdaddr_t *bdaddr, const char *pin, 3287 size_t pin_len) 3288 { 3289 struct dev_info *dev = &devs[index]; 3290 char addr[18]; 3291 int err; 3292 3293 ba2str(bdaddr, addr); 3294 DBG("hci%d dba %s", index, addr); 3295 3296 if (pin) { 3297 pin_code_reply_cp pr; 3298 3299 dev->pin_length = pin_len; 3300 3301 memset(&pr, 0, sizeof(pr)); 3302 bacpy(&pr.bdaddr, bdaddr); 3303 memcpy(pr.pin_code, pin, pin_len); 3304 pr.pin_len = pin_len; 3305 err = hci_send_cmd(dev->sk, OGF_LINK_CTL, 3306 OCF_PIN_CODE_REPLY, 3307 PIN_CODE_REPLY_CP_SIZE, &pr); 3308 } else 3309 err = hci_send_cmd(dev->sk, OGF_LINK_CTL, 3310 OCF_PIN_CODE_NEG_REPLY, 6, bdaddr); 3311 3312 if (err < 0) 3313 err = -errno; 3314 3315 return err; 3316 } 3317 3318 static int hciops_passkey_reply(int index, bdaddr_t *bdaddr, uint32_t passkey) 3319 { 3320 struct dev_info *dev = &devs[index]; 3321 char addr[18]; 3322 int err; 3323 3324 ba2str(bdaddr, addr); 3325 DBG("hci%d dba %s", index, addr); 3326 3327 if (passkey != INVALID_PASSKEY) { 3328 user_passkey_reply_cp cp; 3329 3330 memset(&cp, 0, sizeof(cp)); 3331 bacpy(&cp.bdaddr, bdaddr); 3332 cp.passkey = passkey; 3333 3334 err = hci_send_cmd(dev->sk, OGF_LINK_CTL, 3335 OCF_USER_PASSKEY_REPLY, 3336 USER_PASSKEY_REPLY_CP_SIZE, &cp); 3337 } else 3338 err = hci_send_cmd(dev->sk, OGF_LINK_CTL, 3339 OCF_USER_PASSKEY_NEG_REPLY, 6, bdaddr); 3340 3341 if (err < 0) 3342 err = -errno; 3343 3344 return err; 3345 } 3346 3347 static int hciops_enable_le(int index) 3348 { 3349 struct dev_info *dev = &devs[index]; 3350 write_le_host_supported_cp cp; 3351 3352 DBG("hci%d", index); 3353 3354 if (!(dev->features[4] & LMP_LE)) 3355 return -ENOTSUP; 3356 3357 cp.le = 0x01; 3358 cp.simul = (dev->features[6] & LMP_LE_BREDR) ? 0x01 : 0x00; 3359 3360 if (hci_send_cmd(dev->sk, OGF_HOST_CTL, 3361 OCF_WRITE_LE_HOST_SUPPORTED, 3362 WRITE_LE_HOST_SUPPORTED_CP_SIZE, &cp) < 0) 3363 return -errno; 3364 3365 return 0; 3366 } 3367 3368 static uint8_t generate_service_class(int index) 3369 { 3370 struct dev_info *dev = &devs[index]; 3371 GSList *l; 3372 uint8_t val = 0; 3373 3374 for (l = dev->uuids; l != NULL; l = g_slist_next(l)) { 3375 struct uuid_info *uuid = l->data; 3376 3377 val |= uuid->svc_hint; 3378 } 3379 3380 return val; 3381 } 3382 3383 static int update_service_classes(int index) 3384 { 3385 struct dev_info *dev = &devs[index]; 3386 uint8_t value; 3387 int err; 3388 3389 value = generate_service_class(index); 3390 3391 DBG("hci%d value %u", index, value); 3392 3393 /* Update only the service class, keep the limited bit, 3394 * major/minor class bits intact */ 3395 dev->wanted_cod &= 0x00ffff; 3396 dev->wanted_cod |= (value << 16); 3397 3398 /* If the cache is enabled or an existing CoD write is in progress 3399 * just bail out */ 3400 if (dev->cache_enable || dev->pending_cod) 3401 return 0; 3402 3403 /* If we already have the CoD we want, update EIR and return */ 3404 if (dev->current_cod == dev->wanted_cod) { 3405 update_ext_inquiry_response(index); 3406 return 0; 3407 } 3408 3409 DBG("Changing service classes to 0x%06x", dev->wanted_cod); 3410 3411 err = write_class(index, dev->wanted_cod); 3412 if (err < 0) 3413 error("Adapter class update failed: %s (%d)", 3414 strerror(-err), -err); 3415 3416 return err; 3417 } 3418 3419 static int hciops_add_uuid(int index, uuid_t *uuid, uint8_t svc_hint) 3420 { 3421 struct dev_info *dev = &devs[index]; 3422 struct uuid_info *info; 3423 3424 DBG("hci%d", index); 3425 3426 info = g_new0(struct uuid_info, 1); 3427 memcpy(&info->uuid, uuid, sizeof(*uuid)); 3428 info->svc_hint = svc_hint; 3429 3430 dev->uuids = g_slist_append(dev->uuids, info); 3431 3432 return update_service_classes(index); 3433 } 3434 3435 static int hciops_remove_uuid(int index, uuid_t *uuid) 3436 { 3437 struct dev_info *dev = &devs[index]; 3438 GSList *match; 3439 3440 match = g_slist_find_custom(dev->uuids, uuid, sdp_uuid_cmp); 3441 if (match) { 3442 g_free(match->data); 3443 dev->uuids = g_slist_delete_link(dev->uuids, match); 3444 } 3445 3446 DBG("hci%d", index); 3447 3448 return update_service_classes(index); 3449 } 3450 3451 static int hciops_disable_cod_cache(int index) 3452 { 3453 struct dev_info *dev = &devs[index]; 3454 3455 DBG("hci%d cache_enable %d", index, dev->cache_enable); 3456 3457 if (!dev->cache_enable) 3458 return 0; 3459 3460 DBG("hci%d current_cod 0x%06x wanted_cod 0x%06x", index, 3461 dev->current_cod, dev->wanted_cod); 3462 3463 /* Disable and flush svc cache. All successive service class 3464 * updates * will be written to the device */ 3465 dev->cache_enable = FALSE; 3466 3467 if (dev->current_cod == dev->wanted_cod) { 3468 update_ext_inquiry_response(index); 3469 return 0; 3470 } 3471 3472 return write_class(index, dev->wanted_cod); 3473 } 3474 3475 static int hciops_restore_powered(int index) 3476 { 3477 struct dev_info *dev = &devs[index]; 3478 3479 if (!dev->already_up && dev->up) 3480 return hciops_power_off(index); 3481 3482 return 0; 3483 } 3484 3485 static int hciops_load_keys(int index, GSList *keys, gboolean debug_keys) 3486 { 3487 struct dev_info *dev = &devs[index]; 3488 3489 DBG("hci%d keys %d debug_keys %d", index, g_slist_length(keys), 3490 debug_keys); 3491 3492 if (dev->keys != NULL) 3493 return -EEXIST; 3494 3495 dev->keys = keys; 3496 dev->debug_keys = debug_keys; 3497 3498 return 0; 3499 } 3500 3501 static int hciops_set_io_capability(int index, uint8_t io_capability) 3502 { 3503 struct dev_info *dev = &devs[index]; 3504 3505 dev->io_capability = io_capability; 3506 3507 return 0; 3508 } 3509 3510 static int request_authentication(int index, bdaddr_t *bdaddr) 3511 { 3512 struct dev_info *dev = &devs[index]; 3513 auth_requested_cp cp; 3514 uint16_t handle; 3515 int err; 3516 3517 DBG("hci%d", index); 3518 3519 err = get_handle(index, bdaddr, &handle); 3520 if (err < 0) 3521 return err; 3522 3523 memset(&cp, 0, sizeof(cp)); 3524 cp.handle = htobs(handle); 3525 3526 if (hci_send_cmd(dev->sk, OGF_LINK_CTL, OCF_AUTH_REQUESTED, 3527 AUTH_REQUESTED_CP_SIZE, &cp) < 0) 3528 return -errno; 3529 3530 return 0; 3531 } 3532 3533 static void bonding_connect_cb(GIOChannel *io, GError *err, gpointer user_data) 3534 { 3535 struct bt_conn *conn = user_data; 3536 struct dev_info *dev = conn->dev; 3537 3538 if (!conn->io) { 3539 if (!err) 3540 g_io_channel_shutdown(io, TRUE, NULL); 3541 return; 3542 } 3543 3544 if (err) 3545 /* Wait proper error to be propagated by bonding complete */ 3546 return; 3547 3548 if (request_authentication(dev->id, &conn->bdaddr) < 0) 3549 goto failed; 3550 3551 return; 3552 3553 failed: 3554 bonding_complete(dev, conn, HCI_UNSPECIFIED_ERROR); 3555 } 3556 3557 static int hciops_create_bonding(int index, bdaddr_t *bdaddr, uint8_t io_cap) 3558 { 3559 struct dev_info *dev = &devs[index]; 3560 BtIOSecLevel sec_level; 3561 struct bt_conn *conn; 3562 GError *err = NULL; 3563 3564 conn = get_connection(dev, bdaddr); 3565 3566 if (conn->io != NULL) 3567 return -EBUSY; 3568 3569 conn->loc_cap = io_cap; 3570 3571 /* If our IO capability is NoInputNoOutput use medium security 3572 * level (i.e. don't require MITM protection) else use high 3573 * security level */ 3574 if (io_cap == 0x03) 3575 sec_level = BT_IO_SEC_MEDIUM; 3576 else 3577 sec_level = BT_IO_SEC_HIGH; 3578 3579 conn->io = bt_io_connect(BT_IO_L2RAW, bonding_connect_cb, conn, 3580 NULL, &err, 3581 BT_IO_OPT_SOURCE_BDADDR, &dev->bdaddr, 3582 BT_IO_OPT_DEST_BDADDR, bdaddr, 3583 BT_IO_OPT_SEC_LEVEL, sec_level, 3584 BT_IO_OPT_INVALID); 3585 if (conn->io == NULL) { 3586 error("bt_io_connect: %s", err->message); 3587 g_error_free(err); 3588 return -EIO; 3589 } 3590 3591 conn->bonding_initiator = TRUE; 3592 3593 return 0; 3594 } 3595 3596 static int hciops_cancel_bonding(int index, bdaddr_t *bdaddr) 3597 { 3598 struct dev_info *dev = &devs[index]; 3599 struct bt_conn *conn; 3600 3601 DBG("hci%d", index); 3602 3603 conn = find_connection(dev, bdaddr); 3604 if (conn == NULL || conn->io == NULL) 3605 return -ENOTCONN; 3606 3607 g_io_channel_shutdown(conn->io, TRUE, NULL); 3608 g_io_channel_unref(conn->io); 3609 conn->io = NULL; 3610 3611 return 0; 3612 } 3613 3614 static int hciops_read_local_oob_data(int index) 3615 { 3616 struct dev_info *dev = &devs[index]; 3617 3618 DBG("hci%d", index); 3619 3620 if (hci_send_cmd(dev->sk, OGF_HOST_CTL, OCF_READ_LOCAL_OOB_DATA, 0, 0) 3621 < 0) 3622 return -errno; 3623 3624 return 0; 3625 } 3626 3627 static int hciops_add_remote_oob_data(int index, bdaddr_t *bdaddr, 3628 uint8_t *hash, uint8_t *randomizer) 3629 { 3630 char addr[18]; 3631 struct dev_info *dev = &devs[index]; 3632 GSList *match; 3633 struct oob_data *data; 3634 3635 ba2str(bdaddr, addr); 3636 DBG("hci%d bdaddr %s", index, addr); 3637 3638 match = g_slist_find_custom(dev->oob_data, &bdaddr, oob_bdaddr_cmp); 3639 3640 if (match) { 3641 data = match->data; 3642 } else { 3643 data = g_new(struct oob_data, 1); 3644 bacpy(&data->bdaddr, bdaddr); 3645 dev->oob_data = g_slist_prepend(dev->oob_data, data); 3646 } 3647 3648 memcpy(data->hash, hash, sizeof(data->hash)); 3649 memcpy(data->randomizer, randomizer, sizeof(data->randomizer)); 3650 3651 return 0; 3652 } 3653 3654 static int hciops_remove_remote_oob_data(int index, bdaddr_t *bdaddr) 3655 { 3656 char addr[18]; 3657 struct dev_info *dev = &devs[index]; 3658 GSList *match; 3659 3660 ba2str(bdaddr, addr); 3661 DBG("hci%d bdaddr %s", index, addr); 3662 3663 match = g_slist_find_custom(dev->oob_data, &bdaddr, oob_bdaddr_cmp); 3664 3665 if (!match) 3666 return -ENOENT; 3667 3668 g_free(match->data); 3669 dev->oob_data = g_slist_delete_link(dev->oob_data, match); 3670 3671 return 0; 3672 } 3673 3674 static int hciops_set_link_timeout(int index, bdaddr_t *bdaddr, uint32_t num_slots) 3675 { 3676 int dd, err; 3677 uint16_t handle; 3678 char addr[18]; 3679 3680 ba2str(bdaddr, addr); 3681 DBG("hci%d, addr %s, num_slots %d", index, bdaddr, num_slots); 3682 3683 dd = hci_open_dev(index); 3684 3685 if (dd < 0) 3686 return EIO; 3687 3688 handle = get_handle(index, bdaddr, &handle); 3689 err = hci_write_link_supervision_timeout(dd, htobs(handle), 3690 htobs(num_slots), 1000); 3691 if (err < 0) 3692 err = -errno; 3693 3694 hci_close_dev(dd); 3695 3696 return err; 3697 } 3698 3699 static int hciops_retry_authentication(int index, bdaddr_t *bdaddr) 3700 { 3701 return request_authentication(index, bdaddr); 3702 } 3703 3704 static struct btd_adapter_ops hci_ops = { 3705 .setup = hciops_setup, 3706 .cleanup = hciops_cleanup, 3707 .set_powered = hciops_set_powered, 3708 .set_discoverable = hciops_set_discoverable, 3709 .set_pairable = hciops_set_pairable, 3710 .set_limited_discoverable = hciops_set_limited_discoverable, 3711 .start_discovery = hciops_start_discovery, 3712 .stop_discovery = hciops_stop_discovery, 3713 .resolve_name = hciops_resolve_name, 3714 .cancel_resolve_name = hciops_cancel_resolve_name, 3715 .set_name = hciops_set_name, 3716 .set_dev_class = hciops_set_dev_class, 3717 .set_fast_connectable = hciops_fast_connectable, 3718 .read_clock = hciops_read_clock, 3719 .read_bdaddr = hciops_read_bdaddr, 3720 .block_device = hciops_block_device, 3721 .unblock_device = hciops_unblock_device, 3722 .get_conn_list = hciops_get_conn_list, 3723 .read_local_features = hciops_read_local_features, 3724 .disconnect = hciops_disconnect, 3725 .remove_bonding = hciops_remove_bonding, 3726 .pincode_reply = hciops_pincode_reply, 3727 .confirm_reply = hciops_confirm_reply, 3728 .passkey_reply = hciops_passkey_reply, 3729 .enable_le = hciops_enable_le, 3730 .encrypt_link = hciops_encrypt_link, 3731 .set_did = hciops_set_did, 3732 .add_uuid = hciops_add_uuid, 3733 .remove_uuid = hciops_remove_uuid, 3734 .disable_cod_cache = hciops_disable_cod_cache, 3735 .restore_powered = hciops_restore_powered, 3736 .load_keys = hciops_load_keys, 3737 .set_io_capability = hciops_set_io_capability, 3738 .create_bonding = hciops_create_bonding, 3739 .cancel_bonding = hciops_cancel_bonding, 3740 .read_local_oob_data = hciops_read_local_oob_data, 3741 .add_remote_oob_data = hciops_add_remote_oob_data, 3742 .remove_remote_oob_data = hciops_remove_remote_oob_data, 3743 .set_link_timeout = hciops_set_link_timeout, 3744 .retry_authentication = hciops_retry_authentication, 3745 }; 3746 3747 static int hciops_init(void) 3748 { 3749 DBG(""); 3750 return btd_register_adapter_ops(&hci_ops, FALSE); 3751 } 3752 3753 static void hciops_exit(void) 3754 { 3755 DBG(""); 3756 btd_adapter_cleanup_ops(&hci_ops); 3757 } 3758 3759 BLUETOOTH_PLUGIN_DEFINE(hciops, VERSION, 3760 BLUETOOTH_PLUGIN_PRIORITY_LOW, hciops_init, hciops_exit) 3761
