summaryrefslogtreecommitdiff
path: root/hcid/security.c
diff options
context:
space:
mode:
Diffstat (limited to 'hcid/security.c')
-rw-r--r--hcid/security.c1037
1 files changed, 1037 insertions, 0 deletions
diff --git a/hcid/security.c b/hcid/security.c
new file mode 100644
index 000000000..0bfbcbec0
--- /dev/null
+++ b/hcid/security.c
@@ -0,0 +1,1037 @@
+/*
+ *
+ * BlueZ - Bluetooth protocol stack for Linux
+ *
+ * Copyright (C) 2000-2001 Qualcomm Incorporated
+ * Copyright (C) 2002-2003 Maxim Krasnyansky <maxk@qualcomm.com>
+ * Copyright (C) 2002-2008 Marcel Holtmann <marcel@holtmann.org>
+ *
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ *
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdio.h>
+#include <errno.h>
+#include <ctype.h>
+#include <fcntl.h>
+#include <unistd.h>
+#include <stdlib.h>
+#include <string.h>
+#include <signal.h>
+#include <time.h>
+#include <sys/time.h>
+#include <sys/param.h>
+#include <sys/ioctl.h>
+#include <sys/socket.h>
+
+#include <bluetooth/bluetooth.h>
+#include <bluetooth/hci.h>
+#include <bluetooth/hci_lib.h>
+
+#include <glib.h>
+
+#include <dbus/dbus.h>
+
+#include "hcid.h"
+#include "textfile.h"
+#include "adapter.h"
+#include "dbus-hci.h"
+
+struct g_io_info {
+ GIOChannel *channel;
+ int watch_id;
+ int pin_length;
+};
+
+static struct g_io_info io_data[HCI_MAX_DEV];
+
+static int pairing = HCID_PAIRING_MULTI;
+
+static GSList *hci_req_queue = NULL;
+
+struct hci_req_data *hci_req_data_new(int dev_id, const bdaddr_t *dba, uint16_t ogf, uint16_t ocf, int event, const void *cparam, int clen)
+{
+ struct hci_req_data *data;
+
+ data = g_new0(struct hci_req_data, 1);
+
+ data->cparam = g_malloc(clen);
+ memcpy(data->cparam, cparam, clen);
+
+ bacpy(&data->dba, dba);
+
+ data->dev_id = dev_id;
+ data->status = REQ_PENDING;
+ data->ogf = ogf;
+ data->ocf = ocf;
+ data->event = event;
+ data->clen = clen;
+
+ return data;
+}
+
+static int hci_req_find_by_devid(const void *data, const void *user_data)
+{
+ const struct hci_req_data *req = data;
+ const int *dev_id = user_data;
+
+ return (*dev_id - req->dev_id);
+}
+
+static void hci_req_queue_process(int dev_id)
+{
+ int dd, ret_val;
+
+ /* send the next pending cmd */
+ dd = hci_open_dev(dev_id);
+ do {
+ struct hci_req_data *data;
+ GSList *l = g_slist_find_custom(hci_req_queue, &dev_id, hci_req_find_by_devid);
+
+ if (!l)
+ break;
+
+ data = l->data;
+ data->status = REQ_SENT;
+
+ ret_val = hci_send_cmd(dd, data->ogf, data->ocf, data->clen, data->cparam);
+ if (ret_val < 0) {
+ hci_req_queue = g_slist_remove(hci_req_queue, data);
+ g_free(data->cparam);
+ g_free(data);
+ }
+
+ } while(ret_val < 0);
+
+ hci_close_dev(dd);
+}
+
+void hci_req_queue_append(struct hci_req_data *data)
+{
+ GSList *l;
+ struct hci_req_data *match;
+
+
+ hci_req_queue = g_slist_append(hci_req_queue, data);
+
+ l = g_slist_find_custom(hci_req_queue, &data->dev_id, hci_req_find_by_devid);
+ match = l->data;
+
+ if (match->status == REQ_SENT)
+ return;
+
+ hci_req_queue_process(data->dev_id);
+}
+
+void hci_req_queue_remove(int dev_id, bdaddr_t *dba)
+{
+ GSList *cur, *next;
+ struct hci_req_data *req;
+
+ for (cur = hci_req_queue; cur != NULL; cur = next) {
+ req = cur->data;
+ next = cur->next;
+ if ((req->dev_id != dev_id) || (bacmp(&req->dba, dba)))
+ continue;
+
+ hci_req_queue = g_slist_remove(hci_req_queue, req);
+ g_free(req->cparam);
+ g_free(req);
+ }
+}
+
+static void check_pending_hci_req(int dev_id, int event)
+{
+ struct hci_req_data *data;
+ GSList *l;
+
+ if (!hci_req_queue)
+ return;
+
+ /* find the first element(pending)*/
+ l = g_slist_find_custom(hci_req_queue, &dev_id, hci_req_find_by_devid);
+
+ if (!l)
+ return;
+
+ data = l->data;
+
+ /* skip if there is pending confirmation */
+ if (data->status == REQ_SENT) {
+ if (data->event != event)
+ return;
+
+ /* remove the confirmed cmd */
+ hci_req_queue = g_slist_remove(hci_req_queue, data);
+ g_free(data->cparam);
+ g_free(data);
+ }
+
+ hci_req_queue_process(dev_id);
+}
+
+static int get_handle(int dev, bdaddr_t *sba, bdaddr_t *dba, uint16_t *handle)
+{
+ struct hci_conn_list_req *cl;
+ struct hci_conn_info *ci;
+ char addr[18];
+ int i;
+
+ cl = g_malloc0(10 * sizeof(*ci) + sizeof(*cl));
+
+ ba2str(sba, addr);
+ cl->dev_id = hci_devid(addr);
+ cl->conn_num = 10;
+ ci = cl->conn_info;
+
+ if (ioctl(dev, HCIGETCONNLIST, (void *) cl) < 0) {
+ g_free(cl);
+ return -EIO;
+ }
+
+ for (i = 0; i < cl->conn_num; i++, ci++) {
+ if (bacmp(&ci->bdaddr, dba) == 0) {
+ *handle = ci->handle;
+ g_free(cl);
+ return 0;
+ }
+ }
+
+ g_free(cl);
+
+ return -ENOENT;
+}
+
+static inline int get_bdaddr(int dev, bdaddr_t *sba, uint16_t handle, bdaddr_t *dba)
+{
+ struct hci_conn_list_req *cl;
+ struct hci_conn_info *ci;
+ char addr[18];
+ int i;
+
+ cl = g_malloc0(10 * sizeof(*ci) + sizeof(*cl));
+
+ ba2str(sba, addr);
+ cl->dev_id = hci_devid(addr);
+ cl->conn_num = 10;
+ ci = cl->conn_info;
+
+ if (ioctl(dev, HCIGETCONNLIST, (void *) cl) < 0) {
+ g_free(cl);
+ return -EIO;
+ }
+
+ for (i = 0; i < cl->conn_num; i++, ci++)
+ if (ci->handle == handle) {
+ bacpy(dba, &ci->bdaddr);
+ g_free(cl);
+ return 0;
+ }
+
+ g_free(cl);
+
+ return -ENOENT;
+}
+
+static inline void update_lastseen(bdaddr_t *sba, bdaddr_t *dba)
+{
+ time_t t;
+ struct tm *tm;
+
+ t = time(NULL);
+ tm = gmtime(&t);
+
+ write_lastseen_info(sba, dba, tm);
+}
+
+static inline void update_lastused(bdaddr_t *sba, bdaddr_t *dba)
+{
+ time_t t;
+ struct tm *tm;
+
+ t = time(NULL);
+ tm = gmtime(&t);
+
+ write_lastused_info(sba, dba, tm);
+}
+
+/* Link Key handling */
+
+static void link_key_request(int dev, bdaddr_t *sba, bdaddr_t *dba)
+{
+ struct hci_auth_info_req req;
+ unsigned char key[16];
+ char sa[18], da[18];
+ uint8_t type;
+ int err;
+
+ ba2str(sba, sa); ba2str(dba, da);
+ info("link_key_request (sba=%s, dba=%s)", sa, da);
+
+ memset(&req, 0, sizeof(req));
+ bacpy(&req.bdaddr, dba);
+
+ err = ioctl(dev, HCIGETAUTHINFO, (unsigned long) &req);
+ if (err < 0 && errno != EINVAL)
+ debug("HCIGETAUTHINFO failed %s (%d)",
+ strerror(errno), errno);
+ else
+ req.type = 0x00;
+
+ debug("kernel auth requirements = 0x%02x", req.type);
+
+ err = read_link_key(sba, dba, key, &type);
+ if (err < 0) {
+ /* Link key not found */
+ hci_send_cmd(dev, OGF_LINK_CTL, OCF_LINK_KEY_NEG_REPLY, 6, dba);
+ } else {
+ /* Link key found */
+ link_key_reply_cp lr;
+ memcpy(lr.link_key, key, 16);
+ bacpy(&lr.bdaddr, dba);
+
+ debug("stored link key type = 0x%02x", type);
+
+ if ((type == 0x03 || type == 0x04) && (req.type & 0x01))
+ hci_send_cmd(dev, OGF_LINK_CTL,
+ OCF_LINK_KEY_NEG_REPLY, 6, dba);
+ else
+ hci_send_cmd(dev, OGF_LINK_CTL, OCF_LINK_KEY_REPLY,
+ LINK_KEY_REPLY_CP_SIZE, &lr);
+ }
+}
+
+static void link_key_notify(int dev, bdaddr_t *sba, void *ptr)
+{
+ evt_link_key_notify *evt = ptr;
+ bdaddr_t *dba = &evt->bdaddr;
+ char sa[18], da[18];
+ int dev_id, err;
+
+ ba2str(sba, sa); ba2str(dba, da);
+ info("link_key_notify (sba=%s, dba=%s)", sa, da);
+
+ dev_id = hci_devid(sa);
+
+ err = write_link_key(sba, dba, evt->link_key, evt->key_type,
+ io_data[dev_id].pin_length);
+ if (err < 0) {
+ uint16_t handle;
+
+ error("write_link_key: %s (%d)", strerror(-err), -err);
+
+ hcid_dbus_bonding_process_complete(sba, dba, HCI_MEMORY_FULL);
+
+ if (get_handle(dev, sba, dba, &handle) == 0) {
+ disconnect_cp cp;
+
+ memset(&cp, 0, sizeof(cp));
+ cp.handle = htobs(handle);
+ cp.reason = HCI_OE_LOW_RESOURCES;
+
+ hci_send_cmd(dev, OGF_LINK_CTL, OCF_DISCONNECT,
+ DISCONNECT_CP_SIZE, &cp);
+ }
+ } else
+ hcid_dbus_bonding_process_complete(sba, dba, 0);
+
+ io_data[dev_id].pin_length = -1;
+}
+
+static void return_link_keys(int dev, bdaddr_t *sba, void *ptr)
+{
+ evt_return_link_keys *evt = ptr;
+ uint8_t num = evt->num_keys;
+ unsigned char key[16];
+ char sa[18], da[18];
+ bdaddr_t dba;
+ int i;
+
+ ba2str(sba, sa);
+ ptr++;
+
+ for (i = 0; i < num; i++) {
+ bacpy(&dba, ptr); ba2str(&dba, da);
+ memcpy(key, ptr + 6, 16);
+
+ info("return_link_keys (sba=%s, dba=%s)", sa, da);
+
+ ptr += 22;
+ }
+}
+
+/* Simple Pairing handling */
+
+static void user_confirm_request(int dev, bdaddr_t *sba, void *ptr)
+{
+ evt_user_confirm_request *req = ptr;
+
+ if (hcid_dbus_user_confirm(sba, &req->bdaddr,
+ btohl(req->passkey)) < 0)
+ hci_send_cmd(dev, OGF_LINK_CTL,
+ OCF_USER_CONFIRM_NEG_REPLY, 6, ptr);
+}
+
+static void user_passkey_request(int dev, bdaddr_t *sba, void *ptr)
+{
+ evt_user_passkey_request *req = ptr;
+
+ if (hcid_dbus_user_passkey(sba, &req->bdaddr) < 0)
+ hci_send_cmd(dev, OGF_LINK_CTL,
+ OCF_USER_PASSKEY_NEG_REPLY, 6, ptr);
+}
+
+static void user_passkey_notify(int dev, bdaddr_t *sba, void *ptr)
+{
+ evt_user_passkey_notify *req = ptr;
+
+ hcid_dbus_user_notify(sba, &req->bdaddr, btohl(req->passkey));
+}
+
+static void remote_oob_data_request(int dev, bdaddr_t *sba, void *ptr)
+{
+ hci_send_cmd(dev, OGF_LINK_CTL, OCF_REMOTE_OOB_DATA_NEG_REPLY, 6, ptr);
+}
+
+static void io_capa_request(int dev, bdaddr_t *sba, bdaddr_t *dba)
+{
+ char sa[18], da[18];
+ uint8_t cap, auth;
+
+ ba2str(sba, sa); ba2str(dba, da);
+ info("io_capa_request (sba=%s, dba=%s)", sa, da);
+
+ if (hcid_dbus_get_io_cap(sba, dba, &cap, &auth) < 0) {
+ io_capability_neg_reply_cp cp;
+ memset(&cp, 0, sizeof(cp));
+ bacpy(&cp.bdaddr, dba);
+ cp.reason = HCI_PAIRING_NOT_ALLOWED;
+ hci_send_cmd(dev, OGF_LINK_CTL, OCF_IO_CAPABILITY_NEG_REPLY,
+ IO_CAPABILITY_NEG_REPLY_CP_SIZE, &cp);
+ } else {
+ io_capability_reply_cp cp;
+ memset(&cp, 0, sizeof(cp));
+ bacpy(&cp.bdaddr, dba);
+ cp.capability = cap;
+ cp.oob_data = 0x00;
+ cp.authentication = auth;
+ hci_send_cmd(dev, OGF_LINK_CTL, OCF_IO_CAPABILITY_REPLY,
+ IO_CAPABILITY_REPLY_CP_SIZE, &cp);
+ }
+}
+
+static void io_capa_response(int dev, bdaddr_t *sba, void *ptr)
+{
+ evt_io_capability_response *evt = ptr;
+ char sa[18], da[18];
+
+ ba2str(sba, sa); ba2str(&evt->bdaddr, da);
+ info("io_capa_response (sba=%s, dba=%s)", sa, da);
+
+ hcid_dbus_set_io_cap(sba, &evt->bdaddr,
+ evt->capability, evt->authentication);
+}
+
+/* PIN code handling */
+
+void set_pin_length(bdaddr_t *sba, int length)
+{
+ char addr[18];
+ int dev_id;
+
+ ba2str(sba, addr);
+ dev_id = hci_devid(addr);
+
+ io_data[dev_id].pin_length = length;
+}
+
+static void pin_code_request(int dev, bdaddr_t *sba, bdaddr_t *dba)
+{
+ pin_code_reply_cp pr;
+ struct hci_conn_info_req *cr;
+ struct hci_conn_info *ci;
+ unsigned char key[16];
+ char sa[18], da[18], pin[17];
+ int err, pinlen;
+
+ memset(&pr, 0, sizeof(pr));
+ bacpy(&pr.bdaddr, dba);
+
+ ba2str(sba, sa); ba2str(dba, da);
+ info("pin_code_request (sba=%s, dba=%s)", sa, da);
+
+ cr = g_malloc0(sizeof(*cr) + sizeof(*ci));
+
+ bacpy(&cr->bdaddr, dba);
+ cr->type = ACL_LINK;
+ if (ioctl(dev, HCIGETCONNINFO, (unsigned long) cr) < 0) {
+ error("Can't get conn info: %s (%d)", strerror(errno), errno);
+ goto reject;
+ }
+ ci = cr->conn_info;
+
+ memset(pin, 0, sizeof(pin));
+ pinlen = read_pin_code(sba, dba, pin);
+
+ if (pairing == HCID_PAIRING_ONCE) {
+ err = read_link_key(sba, dba, key, NULL);
+ if (!err) {
+ ba2str(dba, da);
+ error("PIN code request for already paired device %s", da);
+ goto reject;
+ }
+ } else if (pairing == HCID_PAIRING_NONE)
+ goto reject;
+
+ if (hcid.security == HCID_SEC_AUTO && !ci->out) {
+ set_pin_length(sba, hcid.pin_len);
+ memcpy(pr.pin_code, hcid.pin_code, hcid.pin_len);
+ pr.pin_len = hcid.pin_len;
+ hci_send_cmd(dev, OGF_LINK_CTL, OCF_PIN_CODE_REPLY,
+ PIN_CODE_REPLY_CP_SIZE, &pr);
+ } else {
+ if (pinlen > 0) {
+ set_pin_length(sba, pinlen);
+ memcpy(pr.pin_code, pin, pinlen);
+ pr.pin_len = pinlen;
+ hci_send_cmd(dev, OGF_LINK_CTL, OCF_PIN_CODE_REPLY,
+ PIN_CODE_REPLY_CP_SIZE, &pr);
+ } else {
+ /* Request PIN from passkey agent */
+ if (hcid_dbus_request_pin(dev, sba, ci) < 0)
+ goto reject;
+ }
+ }
+
+ g_free(cr);
+
+ return;
+
+reject:
+ g_free(cr);
+
+ hci_send_cmd(dev, OGF_LINK_CTL, OCF_PIN_CODE_NEG_REPLY, 6, dba);
+}
+
+static inline void cmd_status(int dev, bdaddr_t *sba, void *ptr)
+{
+ evt_cmd_status *evt = ptr;
+ uint16_t opcode = btohs(evt->opcode);
+
+ if (evt->status)
+ return;
+
+ if (opcode == cmd_opcode_pack(OGF_LINK_CTL, OCF_INQUIRY))
+ hcid_dbus_inquiry_start(sba);
+}
+
+static inline void cmd_complete(int dev, bdaddr_t *sba, void *ptr)
+{
+ evt_cmd_complete *evt = ptr;
+ uint16_t opcode = btohs(evt->opcode);
+ uint8_t status;
+
+ switch (opcode) {
+ case cmd_opcode_pack(OGF_LINK_CTL, OCF_PERIODIC_INQUIRY):
+ status = *((uint8_t *) ptr + EVT_CMD_COMPLETE_SIZE);
+ hcid_dbus_periodic_inquiry_start(sba, status);
+ break;
+ case cmd_opcode_pack(OGF_LINK_CTL, OCF_EXIT_PERIODIC_INQUIRY):
+ status = *((uint8_t *) ptr + EVT_CMD_COMPLETE_SIZE);
+ hcid_dbus_periodic_inquiry_exit(sba, status);
+ break;
+ case cmd_opcode_pack(OGF_LINK_CTL, OCF_INQUIRY_CANCEL):
+ hcid_dbus_inquiry_complete(sba);
+ break;
+ case cmd_opcode_pack(OGF_HOST_CTL, OCF_CHANGE_LOCAL_NAME):
+ hcid_dbus_setname_complete(sba);
+ break;
+ case cmd_opcode_pack(OGF_HOST_CTL, OCF_WRITE_SCAN_ENABLE):
+ hcid_dbus_setscan_enable_complete(sba);
+ break;
+ case cmd_opcode_pack(OGF_HOST_CTL, OCF_WRITE_CLASS_OF_DEV):
+ hcid_dbus_write_class_complete(sba);
+ break;
+ case cmd_opcode_pack(OGF_HOST_CTL, OCF_WRITE_SIMPLE_PAIRING_MODE):
+ hcid_dbus_write_simple_pairing_mode_complete(sba);
+ break;
+ };
+}
+
+static inline void remote_name_information(int dev, bdaddr_t *sba, void *ptr)
+{
+ evt_remote_name_req_complete *evt = ptr;
+ bdaddr_t dba;
+ char name[249];
+
+ memset(name, 0, sizeof(name));
+ bacpy(&dba, &evt->bdaddr);
+
+ if (!evt->status) {
+ char *end;
+ memcpy(name, evt->name, 248);
+ /* It's ok to cast end between const and non-const since
+ * we know it points to inside of name which is non-const */
+ if (!g_utf8_validate(name, -1, (const char **) &end))
+ *end = '\0';
+ write_device_name(sba, &dba, name);
+ }
+
+ hcid_dbus_remote_name(sba, &dba, evt->status, name);
+}
+
+static inline void remote_version_information(int dev, bdaddr_t *sba, void *ptr)
+{
+ evt_read_remote_version_complete *evt = ptr;
+ bdaddr_t dba;
+
+ if (evt->status)
+ return;
+
+ if (get_bdaddr(dev, sba, btohs(evt->handle), &dba) < 0)
+ return;
+
+ write_version_info(sba, &dba, btohs(evt->manufacturer),
+ evt->lmp_ver, btohs(evt->lmp_subver));
+}
+
+static inline void inquiry_complete(int dev, bdaddr_t *sba, void *ptr)
+{
+ hcid_dbus_inquiry_complete(sba);
+}
+
+static inline void inquiry_result(int dev, bdaddr_t *sba, int plen, void *ptr)
+{
+ uint8_t num = *(uint8_t *) ptr++;
+ int i;
+
+ for (i = 0; i < num; i++) {
+ inquiry_info *info = ptr;
+ uint32_t class = info->dev_class[0]
+ | (info->dev_class[1] << 8)
+ | (info->dev_class[2] << 16);
+
+ hcid_dbus_inquiry_result(sba, &info->bdaddr, class, 0, NULL);
+
+ update_lastseen(sba, &info->bdaddr);
+
+ ptr += INQUIRY_INFO_SIZE;
+ }
+}
+
+static inline void inquiry_result_with_rssi(int dev, bdaddr_t *sba, int plen, void *ptr)
+{
+ uint8_t num = *(uint8_t *) ptr++;
+ int i;
+
+ if (!num)
+ return;
+
+ if ((plen - 1) / num == INQUIRY_INFO_WITH_RSSI_AND_PSCAN_MODE_SIZE) {
+ for (i = 0; i < num; i++) {
+ inquiry_info_with_rssi_and_pscan_mode *info = ptr;
+ uint32_t class = info->dev_class[0]
+ | (info->dev_class[1] << 8)
+ | (info->dev_class[2] << 16);
+
+ hcid_dbus_inquiry_result(sba, &info->bdaddr,
+ class, info->rssi, NULL);
+
+ update_lastseen(sba, &info->bdaddr);
+
+ ptr += INQUIRY_INFO_WITH_RSSI_AND_PSCAN_MODE_SIZE;
+ }
+ } else {
+ for (i = 0; i < num; i++) {
+ inquiry_info_with_rssi *info = ptr;
+ uint32_t class = info->dev_class[0]
+ | (info->dev_class[1] << 8)
+ | (info->dev_class[2] << 16);
+
+ hcid_dbus_inquiry_result(sba, &info->bdaddr,
+ class, info->rssi, NULL);
+
+ update_lastseen(sba, &info->bdaddr);
+
+ ptr += INQUIRY_INFO_WITH_RSSI_SIZE;
+ }
+ }
+}
+
+static inline void extended_inquiry_result(int dev, bdaddr_t *sba, int plen, void *ptr)
+{
+ uint8_t num = *(uint8_t *) ptr++;
+ int i;
+
+ for (i = 0; i < num; i++) {
+ extended_inquiry_info *info = ptr;
+ uint32_t class = info->dev_class[0]
+ | (info->dev_class[1] << 8)
+ | (info->dev_class[2] << 16);
+
+ hcid_dbus_inquiry_result(sba, &info->bdaddr, class,
+ info->rssi, info->data);
+
+ update_lastseen(sba, &info->bdaddr);
+
+ ptr += EXTENDED_INQUIRY_INFO_SIZE;
+ }
+}
+
+static inline void remote_features_information(int dev, bdaddr_t *sba, void *ptr)
+{
+ evt_read_remote_features_complete *evt = ptr;
+ bdaddr_t dba;
+
+ if (evt->status)
+ return;
+
+ if (get_bdaddr(dev, sba, btohs(evt->handle), &dba) < 0)
+ return;
+
+ write_features_info(sba, &dba, evt->features);
+}
+
+static inline void conn_complete(int dev, int dev_id, bdaddr_t *sba, void *ptr)
+{
+ evt_conn_complete *evt = ptr;
+ char filename[PATH_MAX];
+ remote_name_req_cp cp_name;
+ struct hci_req_data *data;
+ char local_addr[18], peer_addr[18], *str;
+
+ if (evt->link_type != ACL_LINK)
+ return;
+
+ hcid_dbus_conn_complete(sba, evt->status, btohs(evt->handle),
+ &evt->bdaddr);
+
+ if (evt->status)
+ return;
+
+ update_lastused(sba, &evt->bdaddr);
+
+ /* Request remote name */
+ memset(&cp_name, 0, sizeof(cp_name));
+ bacpy(&cp_name.bdaddr, &evt->bdaddr);
+ cp_name.pscan_rep_mode = 0x02;
+
+ data = hci_req_data_new(dev_id, &evt->bdaddr, OGF_LINK_CTL,
+ OCF_REMOTE_NAME_REQ, EVT_REMOTE_NAME_REQ_COMPLETE,
+ &cp_name, REMOTE_NAME_REQ_CP_SIZE);
+
+ hci_req_queue_append(data);
+
+ /* check if the remote version needs be requested */
+ ba2str(sba, local_addr);
+ ba2str(&evt->bdaddr, peer_addr);
+
+ create_name(filename, sizeof(filename), STORAGEDIR, local_addr, "manufacturers");
+
+ str = textfile_get(filename, peer_addr);
+ if (!str) {
+ read_remote_version_cp cp;
+
+ memset(&cp, 0, sizeof(cp));
+ cp.handle = evt->handle;
+
+ data = hci_req_data_new(dev_id, &evt->bdaddr, OGF_LINK_CTL,
+ OCF_READ_REMOTE_VERSION, EVT_READ_REMOTE_VERSION_COMPLETE,
+ &cp, READ_REMOTE_VERSION_CP_SIZE);
+
+ hci_req_queue_append(data);
+ } else
+ free(str);
+}
+
+static inline void disconn_complete(int dev, bdaddr_t *sba, void *ptr)
+{
+ evt_disconn_complete *evt = ptr;
+
+ hcid_dbus_disconn_complete(sba, evt->status, btohs(evt->handle),
+ evt->reason);
+}
+
+static inline void auth_complete(int dev, bdaddr_t *sba, void *ptr)
+{
+ evt_auth_complete *evt = ptr;
+ bdaddr_t dba;
+
+ if (get_bdaddr(dev, sba, btohs(evt->handle), &dba) < 0)
+ return;
+
+ if (evt->status)
+ hcid_dbus_bonding_process_complete(sba, &dba, evt->status);
+}
+
+static inline void conn_request(int dev, bdaddr_t *sba, void *ptr)
+{
+ evt_conn_request *evt = ptr;
+ uint32_t class = evt->dev_class[0] | (evt->dev_class[1] << 8)
+ | (evt->dev_class[2] << 16);
+
+ hcid_dbus_remote_class(sba, &evt->bdaddr, class);
+
+ write_remote_class(sba, &evt->bdaddr, class);
+}
+
+static gboolean io_security_event(GIOChannel *chan, GIOCondition cond, gpointer data)
+{
+ unsigned char buf[HCI_MAX_EVENT_SIZE], *ptr = buf;
+ struct hci_dev_info *di = data;
+ int type, dev;
+ size_t len;
+ hci_event_hdr *eh;
+ GIOError err;
+
+ if (cond & (G_IO_NVAL | G_IO_HUP | G_IO_ERR)) {
+ g_io_channel_unref(chan);
+ return FALSE;
+ }
+
+ if ((err = g_io_channel_read(chan, (gchar *) buf, sizeof(buf), &len))) {
+ if (err == G_IO_ERROR_AGAIN)
+ return TRUE;
+ g_io_channel_unref(chan);
+ return FALSE;
+ }
+
+ type = *ptr++;
+
+ if (type != HCI_EVENT_PKT)
+ return TRUE;
+
+ eh = (hci_event_hdr *) ptr;
+ ptr += HCI_EVENT_HDR_SIZE;
+
+ dev = g_io_channel_unix_get_fd(chan);
+
+ ioctl(dev, HCIGETDEVINFO, (void *) di);
+
+ if (hci_test_bit(HCI_RAW, &di->flags))
+ return TRUE;
+
+ switch (eh->evt) {
+ case EVT_CMD_STATUS:
+ cmd_status(dev, &di->bdaddr, ptr);
+ break;
+
+ case EVT_CMD_COMPLETE:
+ cmd_complete(dev, &di->bdaddr, ptr);
+ break;
+
+ case EVT_REMOTE_NAME_REQ_COMPLETE:
+ remote_name_information(dev, &di->bdaddr, ptr);
+ break;
+
+ case EVT_READ_REMOTE_VERSION_COMPLETE:
+ remote_version_information(dev, &di->bdaddr, ptr);
+ break;
+
+ case EVT_READ_REMOTE_FEATURES_COMPLETE:
+ remote_features_information(dev, &di->bdaddr, ptr);
+ break;
+
+ case EVT_INQUIRY_COMPLETE:
+ inquiry_complete(dev, &di->bdaddr, ptr);
+ break;
+
+ case EVT_INQUIRY_RESULT:
+ inquiry_result(dev, &di->bdaddr, eh->plen, ptr);
+ break;
+
+ case EVT_INQUIRY_RESULT_WITH_RSSI:
+ inquiry_result_with_rssi(dev, &di->bdaddr, eh->plen, ptr);
+ break;
+
+ case EVT_EXTENDED_INQUIRY_RESULT:
+ extended_inquiry_result(dev, &di->bdaddr, eh->plen, ptr);
+ break;
+
+ case EVT_CONN_COMPLETE:
+ conn_complete(dev, di->dev_id, &di->bdaddr, ptr);
+ break;
+
+ case EVT_DISCONN_COMPLETE:
+ disconn_complete(dev, &di->bdaddr, ptr);
+ break;
+
+ case EVT_AUTH_COMPLETE:
+ auth_complete(dev, &di->bdaddr, ptr);
+ break;
+
+ case EVT_CONN_REQUEST:
+ conn_request(dev, &di->bdaddr, ptr);
+ break;
+ }
+
+ /* Check for pending command request */
+ check_pending_hci_req(di->dev_id, eh->evt);
+
+ if (hci_test_bit(HCI_SECMGR, &di->flags))
+ return TRUE;
+
+ switch (eh->evt) {
+ case EVT_PIN_CODE_REQ:
+ pin_code_request(dev, &di->bdaddr, (bdaddr_t *) ptr);
+ break;
+
+ case EVT_LINK_KEY_REQ:
+ link_key_request(dev, &di->bdaddr, (bdaddr_t *) ptr);
+ break;
+
+ case EVT_LINK_KEY_NOTIFY:
+ link_key_notify(dev, &di->bdaddr, ptr);
+ break;
+
+ case EVT_RETURN_LINK_KEYS:
+ return_link_keys(dev, &di->bdaddr, ptr);
+ break;
+
+ case EVT_IO_CAPABILITY_REQUEST:
+ io_capa_request(dev, &di->bdaddr, (bdaddr_t *) ptr);
+ break;
+
+ case EVT_IO_CAPABILITY_RESPONSE:
+ io_capa_response(dev, &di->bdaddr, ptr);
+ break;
+
+ case EVT_USER_CONFIRM_REQUEST:
+ user_confirm_request(dev, &di->bdaddr, ptr);
+ break;
+
+ case EVT_USER_PASSKEY_REQUEST:
+ user_passkey_request(dev, &di->bdaddr, ptr);
+ break;
+
+ case EVT_USER_PASSKEY_NOTIFY:
+ user_passkey_notify(dev, &di->bdaddr, ptr);
+ break;
+
+ case EVT_REMOTE_OOB_DATA_REQUEST:
+ remote_oob_data_request(dev, &di->bdaddr, ptr);
+ break;
+ }
+
+ return TRUE;
+}
+
+void start_security_manager(int hdev)
+{
+ GIOChannel *chan = io_data[hdev].channel;
+ struct hci_dev_info *di;
+ struct hci_filter flt;
+ read_stored_link_key_cp cp;
+ int dev;
+
+ if (chan)
+ return;
+
+ info("Starting security manager %d", hdev);
+
+ if ((dev = hci_open_dev(hdev)) < 0) {
+ error("Can't open device hci%d: %s (%d)",
+ hdev, strerror(errno), errno);
+ return;
+ }
+
+ /* Set filter */
+ hci_filter_clear(&flt);
+ hci_filter_set_ptype(HCI_EVENT_PKT, &flt);
+ hci_filter_set_event(EVT_CMD_STATUS, &flt);
+ hci_filter_set_event(EVT_CMD_COMPLETE, &flt);
+ hci_filter_set_event(EVT_PIN_CODE_REQ, &flt);
+ hci_filter_set_event(EVT_LINK_KEY_REQ, &flt);
+ hci_filter_set_event(EVT_LINK_KEY_NOTIFY, &flt);
+ hci_filter_set_event(EVT_RETURN_LINK_KEYS, &flt);
+ hci_filter_set_event(EVT_IO_CAPABILITY_REQUEST, &flt);
+ hci_filter_set_event(EVT_IO_CAPABILITY_RESPONSE, &flt);
+ hci_filter_set_event(EVT_USER_CONFIRM_REQUEST, &flt);
+ hci_filter_set_event(EVT_USER_PASSKEY_REQUEST, &flt);
+ hci_filter_set_event(EVT_REMOTE_OOB_DATA_REQUEST, &flt);
+ hci_filter_set_event(EVT_USER_PASSKEY_NOTIFY, &flt);
+ hci_filter_set_event(EVT_KEYPRESS_NOTIFY, &flt);
+ hci_filter_set_event(EVT_SIMPLE_PAIRING_COMPLETE, &flt);
+ hci_filter_set_event(EVT_AUTH_COMPLETE, &flt);
+ hci_filter_set_event(EVT_REMOTE_NAME_REQ_COMPLETE, &flt);
+ hci_filter_set_event(EVT_READ_REMOTE_VERSION_COMPLETE, &flt);
+ hci_filter_set_event(EVT_READ_REMOTE_FEATURES_COMPLETE, &flt);
+ hci_filter_set_event(EVT_REMOTE_HOST_FEATURES_NOTIFY, &flt);
+ hci_filter_set_event(EVT_INQUIRY_COMPLETE, &flt);
+ hci_filter_set_event(EVT_INQUIRY_RESULT, &flt);
+ hci_filter_set_event(EVT_INQUIRY_RESULT_WITH_RSSI, &flt);
+ hci_filter_set_event(EVT_EXTENDED_INQUIRY_RESULT, &flt);
+ hci_filter_set_event(EVT_CONN_REQUEST, &flt);
+ hci_filter_set_event(EVT_CONN_COMPLETE, &flt);
+ hci_filter_set_event(EVT_DISCONN_COMPLETE, &flt);
+ if (setsockopt(dev, SOL_HCI, HCI_FILTER, &flt, sizeof(flt)) < 0) {
+ error("Can't set filter on hci%d: %s (%d)",
+ hdev, strerror(errno), errno);
+ close(dev);
+ return;
+ }
+
+ di = g_new(struct hci_dev_info, 1);
+ if (hci_devinfo(hdev, di) < 0) {
+ error("Can't get device info: %s (%d)",
+ strerror(errno), errno);
+ close(dev);
+ g_free(di);
+ return;
+ }
+
+ chan = g_io_channel_unix_new(dev);
+ g_io_channel_set_close_on_unref(chan, TRUE);
+ io_data[hdev].watch_id = g_io_add_watch_full(chan, G_PRIORITY_HIGH,
+ G_IO_IN | G_IO_NVAL | G_IO_HUP | G_IO_ERR,
+ io_security_event, di, (GDestroyNotify) g_free);
+ io_data[hdev].channel = chan;
+ io_data[hdev].pin_length = -1;
+
+ if (hci_test_bit(HCI_RAW, &di->flags))
+ return;
+
+ bacpy(&cp.bdaddr, BDADDR_ANY);
+ cp.read_all = 1;
+
+ hci_send_cmd(dev, OGF_HOST_CTL, OCF_READ_STORED_LINK_KEY,
+ READ_STORED_LINK_KEY_CP_SIZE, (void *) &cp);
+}
+
+void stop_security_manager(int hdev)
+{
+ GIOChannel *chan = io_data[hdev].channel;
+
+ if (!chan)
+ return;
+
+ info("Stopping security manager %d", hdev);
+
+ g_source_remove(io_data[hdev].watch_id);
+ g_io_channel_unref(io_data[hdev].channel);
+ io_data[hdev].watch_id = -1;
+ io_data[hdev].channel = NULL;
+ io_data[hdev].pin_length = -1;
+}
+
+void init_security_data(void)
+{
+ pairing = hcid.pairing;
+}