hciops.c revision e6c2d1c3fc81864e38316ed24ade5994b78cc751
1/* 2 * 3 * BlueZ - Bluetooth protocol stack for Linux 4 * 5 * Copyright (C) 2004-2010 Marcel Holtmann <marcel@holtmann.org> 6 * 7 * This program is free software; you can redistribute it and/or modify 8 * it under the terms of the GNU General Public License as published by 9 * the Free Software Foundation; either version 2 of the License, or 10 * (at your option) any later version. 11 * 12 * This program is distributed in the hope that it will be useful, 13 * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 * GNU General Public License for more details. 16 * 17 * You should have received a copy of the GNU General Public License 18 * along with this program; if not, write to the Free Software 19 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 20 * 21 */ 22 23#ifdef HAVE_CONFIG_H 24#include <config.h> 25#endif 26 27#include <stdio.h> 28#include <errno.h> 29#include <unistd.h> 30#include <stdlib.h> 31#include <sys/types.h> 32#include <sys/ioctl.h> 33#include <sys/wait.h> 34 35#include <bluetooth/bluetooth.h> 36#include <bluetooth/hci.h> 37#include <bluetooth/hci_lib.h> 38#include <bluetooth/sdp.h> 39#include <bluetooth/sdp_lib.h> 40 41#include <glib.h> 42 43#include "hcid.h" 44#include "sdpd.h" 45#include "btio.h" 46#include "adapter.h" 47#include "device.h" 48#include "plugin.h" 49#include "log.h" 50#include "storage.h" 51#include "event.h" 52#include "manager.h" 53#include "oob.h" 54 55#define DISCOV_HALTED 0 56#define DISCOV_INQ 1 57#define DISCOV_SCAN 2 58 59#define TIMEOUT_BR_LE_SCAN 5120 /* TGAP(100)/2 */ 60#define TIMEOUT_LE_SCAN 10240 /* TGAP(gen_disc_scan_min) */ 61 62#define LENGTH_BR_INQ 0x08 63#define LENGTH_BR_LE_INQ 0x04 64 65static int hciops_start_scanning(int index, int timeout); 66 67static int child_pipe[2] = { -1, -1 }; 68 69static guint child_io_id = 0; 70static guint ctl_io_id = 0; 71 72enum adapter_type { 73 BR_EDR, 74 LE_ONLY, 75 BR_EDR_LE, 76 UNKNOWN, 77}; 78 79/* Commands sent by kernel on starting an adapter */ 80enum { 81 PENDING_BDADDR, 82 PENDING_VERSION, 83 PENDING_FEATURES, 84 PENDING_NAME, 85}; 86 87struct uuid_info { 88 uuid_t uuid; 89 uint8_t svc_hint; 90}; 91 92struct bt_conn { 93 struct dev_info *dev; 94 bdaddr_t bdaddr; 95 uint16_t handle; 96 uint8_t loc_cap; 97 uint8_t loc_auth; 98 uint8_t rem_cap; 99 uint8_t rem_auth; 100 uint8_t rem_oob_data; 101 gboolean bonding_initiator; 102 gboolean secmode3; 103 GIOChannel *io; /* For raw L2CAP socket (bonding) */ 104}; 105 106struct oob_data { 107 bdaddr_t bdaddr; 108 uint8_t hash[16]; 109 uint8_t randomizer[16]; 110}; 111 112static int max_dev = -1; 113static struct dev_info { 114 int id; 115 int sk; 116 bdaddr_t bdaddr; 117 char name[249]; 118 uint8_t eir[HCI_MAX_EIR_LENGTH]; 119 uint8_t features[8]; 120 uint8_t extfeatures[8]; 121 uint8_t ssp_mode; 122 123 int8_t tx_power; 124 125 int discov_state; 126 127 uint32_t current_cod; 128 uint32_t wanted_cod; 129 uint32_t pending_cod; 130 gboolean cache_enable; 131 gboolean already_up; 132 gboolean registered; 133 gboolean pairable; 134 135 uint8_t io_capability; 136 137 struct hci_version ver; 138 139 uint16_t did_vendor; 140 uint16_t did_product; 141 uint16_t did_version; 142 143 gboolean up; 144 uint32_t pending; 145 146 GIOChannel *io; 147 guint watch_id; 148 149 gboolean debug_keys; 150 GSList *keys; 151 uint8_t pin_length; 152 153 GSList *oob_data; 154 155 GSList *uuids; 156 157 GSList *connections; 158 159 guint stop_scan_id; 160} *devs = NULL; 161 162static inline int get_state(int index) 163{ 164 struct dev_info *dev = &devs[index]; 165 166 return dev->discov_state; 167} 168 169static inline gboolean is_resolvname_enabled(void) 170{ 171 return main_opts.name_resolv ? TRUE : FALSE; 172} 173 174static void set_state(int index, int state) 175{ 176 struct btd_adapter *adapter; 177 struct dev_info *dev = &devs[index]; 178 179 if (dev->discov_state == state) 180 return; 181 182 adapter = manager_find_adapter_by_id(index); 183 if (!adapter) { 184 error("No matching adapter found"); 185 return; 186 } 187 188 dev->discov_state = state; 189 190 DBG("hci%d: new state %d", index, dev->discov_state); 191 192 switch (dev->discov_state) { 193 case DISCOV_HALTED: 194 if (adapter_get_state(adapter) == STATE_SUSPENDED) 195 return; 196 197 if (is_resolvname_enabled() && 198 adapter_has_discov_sessions(adapter)) 199 adapter_set_state(adapter, STATE_RESOLVNAME); 200 else 201 adapter_set_state(adapter, STATE_IDLE); 202 break; 203 case DISCOV_INQ: 204 case DISCOV_SCAN: 205 adapter_set_state(adapter, STATE_DISCOV); 206 break; 207 } 208} 209 210static inline gboolean is_le_capable(int index) 211{ 212 struct dev_info *dev = &devs[index]; 213 214 return (main_opts.le && dev->features[4] & LMP_LE && 215 dev->extfeatures[0] & LMP_HOST_LE) ? TRUE : FALSE; 216} 217 218static inline gboolean is_bredr_capable(int index) 219{ 220 struct dev_info *dev = &devs[index]; 221 222 return (dev->features[4] & LMP_NO_BREDR) == 0 ? TRUE : FALSE; 223} 224 225static int get_adapter_type(int index) 226{ 227 if (is_le_capable(index) && is_bredr_capable(index)) 228 return BR_EDR_LE; 229 else if (is_le_capable(index)) 230 return LE_ONLY; 231 else if (is_bredr_capable(index)) 232 return BR_EDR; 233 234 return UNKNOWN; 235} 236 237static int ignore_device(struct hci_dev_info *di) 238{ 239 return hci_test_bit(HCI_RAW, &di->flags) || di->type >> 4 != HCI_BREDR; 240} 241 242static struct dev_info *init_dev_info(int index, int sk, gboolean registered, 243 gboolean already_up) 244{ 245 struct dev_info *dev = &devs[index]; 246 247 memset(dev, 0, sizeof(*dev)); 248 249 dev->id = index; 250 dev->sk = sk; 251 dev->cache_enable = TRUE; 252 dev->registered = registered; 253 dev->already_up = already_up; 254 dev->io_capability = 0x03; /* No Input No Output */ 255 dev->discov_state = DISCOV_HALTED; 256 257 return dev; 258} 259 260/* Async HCI command handling with callback support */ 261 262struct hci_cmd_data { 263 bt_hci_result_t cb; 264 uint16_t handle; 265 uint16_t ocf; 266 gpointer caller_data; 267}; 268 269static gboolean hci_event_watch(GIOChannel *io, 270 GIOCondition cond, gpointer user_data) 271{ 272 unsigned char buf[HCI_MAX_EVENT_SIZE], *body; 273 struct hci_cmd_data *cmd = user_data; 274 evt_cmd_status *evt_status; 275 evt_auth_complete *evt_auth; 276 evt_encrypt_change *evt_enc; 277 hci_event_hdr *hdr; 278 set_conn_encrypt_cp cp; 279 int dd; 280 uint16_t ocf; 281 uint8_t status = HCI_OE_POWER_OFF; 282 283 if (cond & G_IO_NVAL) { 284 cmd->cb(status, cmd->caller_data); 285 return FALSE; 286 } 287 288 if (cond & (G_IO_ERR | G_IO_HUP)) 289 goto failed; 290 291 dd = g_io_channel_unix_get_fd(io); 292 293 if (read(dd, buf, sizeof(buf)) < 0) 294 goto failed; 295 296 hdr = (hci_event_hdr *) (buf + 1); 297 body = buf + (1 + HCI_EVENT_HDR_SIZE); 298 299 switch (hdr->evt) { 300 case EVT_CMD_STATUS: 301 evt_status = (evt_cmd_status *) body; 302 ocf = cmd_opcode_ocf(evt_status->opcode); 303 if (ocf != cmd->ocf) 304 return TRUE; 305 switch (ocf) { 306 case OCF_AUTH_REQUESTED: 307 case OCF_SET_CONN_ENCRYPT: 308 if (evt_status->status != 0) { 309 /* Baseband rejected command */ 310 status = evt_status->status; 311 goto failed; 312 } 313 break; 314 default: 315 return TRUE; 316 } 317 /* Wait for the next event */ 318 return TRUE; 319 case EVT_AUTH_COMPLETE: 320 evt_auth = (evt_auth_complete *) body; 321 if (evt_auth->handle != cmd->handle) { 322 /* Skipping */ 323 return TRUE; 324 } 325 326 if (evt_auth->status != 0x00) { 327 status = evt_auth->status; 328 /* Abort encryption */ 329 goto failed; 330 } 331 332 memset(&cp, 0, sizeof(cp)); 333 cp.handle = cmd->handle; 334 cp.encrypt = 1; 335 336 cmd->ocf = OCF_SET_CONN_ENCRYPT; 337 338 if (hci_send_cmd(dd, OGF_LINK_CTL, OCF_SET_CONN_ENCRYPT, 339 SET_CONN_ENCRYPT_CP_SIZE, &cp) < 0) { 340 status = HCI_COMMAND_DISALLOWED; 341 goto failed; 342 } 343 /* Wait for encrypt change event */ 344 return TRUE; 345 case EVT_ENCRYPT_CHANGE: 346 evt_enc = (evt_encrypt_change *) body; 347 if (evt_enc->handle != cmd->handle) 348 return TRUE; 349 350 /* Procedure finished: reporting status */ 351 status = evt_enc->status; 352 break; 353 default: 354 /* Skipping */ 355 return TRUE; 356 } 357 358failed: 359 cmd->cb(status, cmd->caller_data); 360 g_io_channel_shutdown(io, TRUE, NULL); 361 362 return FALSE; 363} 364 365static int write_inq_mode(int index, uint8_t mode) 366{ 367 struct dev_info *dev = &devs[index]; 368 write_inquiry_mode_cp cp; 369 370 memset(&cp, 0, sizeof(cp)); 371 cp.mode = mode; 372 373 if (hci_send_cmd(dev->sk, OGF_HOST_CTL, OCF_WRITE_INQUIRY_MODE, 374 WRITE_INQUIRY_MODE_CP_SIZE, &cp) < 0) 375 return -errno; 376 377 return 0; 378} 379 380static uint8_t get_inquiry_mode(int index) 381{ 382 struct dev_info *dev = &devs[index]; 383 384 if (dev->features[6] & LMP_EXT_INQ) 385 return 2; 386 387 if (dev->features[3] & LMP_RSSI_INQ) 388 return 1; 389 390 if (dev->ver.manufacturer == 11 && dev->ver.hci_rev == 0x00 && 391 dev->ver.lmp_subver == 0x0757) 392 return 1; 393 394 if (dev->ver.manufacturer == 15) { 395 if (dev->ver.hci_rev == 0x03 && 396 dev->ver.lmp_subver == 0x6963) 397 return 1; 398 if (dev->ver.hci_rev == 0x09 && 399 dev->ver.lmp_subver == 0x6963) 400 return 1; 401 if (dev->ver.hci_rev == 0x00 && 402 dev->ver.lmp_subver == 0x6965) 403 return 1; 404 } 405 406 if (dev->ver.manufacturer == 31 && dev->ver.hci_rev == 0x2005 && 407 dev->ver.lmp_subver == 0x1805) 408 return 1; 409 410 return 0; 411} 412 413static int init_ssp_mode(int index) 414{ 415 struct dev_info *dev = &devs[index]; 416 write_simple_pairing_mode_cp cp; 417 418 if (ioctl(dev->sk, HCIGETAUTHINFO, NULL) < 0 && errno == EINVAL) 419 return 0; 420 421 memset(&cp, 0, sizeof(cp)); 422 cp.mode = 0x01; 423 424 if (hci_send_cmd(dev->sk, OGF_HOST_CTL, 425 OCF_WRITE_SIMPLE_PAIRING_MODE, 426 WRITE_SIMPLE_PAIRING_MODE_CP_SIZE, &cp) < 0) 427 return -errno; 428 429 return 0; 430} 431 432static int hciops_set_discoverable(int index, gboolean discoverable) 433{ 434 struct dev_info *dev = &devs[index]; 435 uint8_t mode; 436 437 if (discoverable) 438 mode = (SCAN_PAGE | SCAN_INQUIRY); 439 else 440 mode = SCAN_PAGE; 441 442 DBG("hci%d discoverable %d", index, discoverable); 443 444 if (hci_send_cmd(dev->sk, OGF_HOST_CTL, OCF_WRITE_SCAN_ENABLE, 445 1, &mode) < 0) 446 return -errno; 447 448 return 0; 449} 450 451static int hciops_set_pairable(int index, gboolean pairable) 452{ 453 struct btd_adapter *adapter; 454 455 DBG("hci%d pairable %d", index, pairable); 456 457 adapter = manager_find_adapter(&devs[index].bdaddr); 458 if (adapter) 459 btd_adapter_pairable_changed(adapter, pairable); 460 461 devs[index].pairable = pairable; 462 463 return 0; 464} 465 466static int hciops_power_off(int index) 467{ 468 struct dev_info *dev = &devs[index]; 469 470 DBG("hci%d", index); 471 472 if (ioctl(dev->sk, HCIDEVDOWN, index) < 0 && errno != EALREADY) 473 return -errno; 474 475 return 0; 476} 477 478static void set_event_mask(int index) 479{ 480 struct dev_info *dev = &devs[index]; 481 /* The second byte is 0xff instead of 0x9f (two reserved bits 482 * disabled) since a Broadcom 1.2 dongle doesn't respond to the 483 * command otherwise */ 484 uint8_t events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 }; 485 486 /* Events for 1.2 and newer controllers */ 487 if (dev->ver.lmp_ver > 1) { 488 events[4] |= 0x01; /* Flow Specification Complete */ 489 events[4] |= 0x02; /* Inquiry Result with RSSI */ 490 events[4] |= 0x04; /* Read Remote Extended Features Complete */ 491 events[5] |= 0x08; /* Synchronous Connection Complete */ 492 events[5] |= 0x10; /* Synchronous Connection Changed */ 493 } 494 495 if (dev->features[3] & LMP_RSSI_INQ) 496 events[4] |= 0x04; /* Inquiry Result with RSSI */ 497 498 if (dev->features[5] & LMP_SNIFF_SUBR) 499 events[5] |= 0x20; /* Sniff Subrating */ 500 501 if (dev->features[5] & LMP_PAUSE_ENC) 502 events[5] |= 0x80; /* Encryption Key Refresh Complete */ 503 504 if (dev->features[6] & LMP_EXT_INQ) 505 events[5] |= 0x40; /* Extended Inquiry Result */ 506 507 if (dev->features[6] & LMP_NFLUSH_PKTS) 508 events[7] |= 0x01; /* Enhanced Flush Complete */ 509 510 if (dev->features[7] & LMP_LSTO) 511 events[6] |= 0x80; /* Link Supervision Timeout Changed */ 512 513 if (dev->features[6] & LMP_SIMPLE_PAIR) { 514 events[6] |= 0x01; /* IO Capability Request */ 515 events[6] |= 0x02; /* IO Capability Response */ 516 events[6] |= 0x04; /* User Confirmation Request */ 517 events[6] |= 0x08; /* User Passkey Request */ 518 events[6] |= 0x10; /* Remote OOB Data Request */ 519 events[6] |= 0x20; /* Simple Pairing Complete */ 520 events[7] |= 0x04; /* User Passkey Notification */ 521 events[7] |= 0x08; /* Keypress Notification */ 522 events[7] |= 0x10; /* Remote Host Supported 523 * Features Notification */ 524 } 525 526 if (dev->features[4] & LMP_LE) 527 events[7] |= 0x20; /* LE Meta-Event */ 528 529 hci_send_cmd(dev->sk, OGF_HOST_CTL, OCF_SET_EVENT_MASK, 530 sizeof(events), events); 531} 532 533static void start_adapter(int index) 534{ 535 struct dev_info *dev = &devs[index]; 536 uint8_t inqmode; 537 uint16_t link_policy; 538 539 set_event_mask(index); 540 541 if (dev->features[6] & LMP_SIMPLE_PAIR) 542 init_ssp_mode(index); 543 544 inqmode = get_inquiry_mode(index); 545 if (inqmode) 546 write_inq_mode(index, inqmode); 547 548 if (dev->features[7] & LMP_INQ_TX_PWR) 549 hci_send_cmd(dev->sk, OGF_HOST_CTL, 550 OCF_READ_INQ_RESPONSE_TX_POWER_LEVEL, 0, NULL); 551 552 /* Set default link policy */ 553 link_policy = main_opts.link_policy; 554 555 if (!(dev->features[0] & LMP_RSWITCH)) 556 link_policy &= ~HCI_LP_RSWITCH; 557 if (!(dev->features[0] & LMP_HOLD)) 558 link_policy &= ~HCI_LP_HOLD; 559 if (!(dev->features[0] & LMP_SNIFF)) 560 link_policy &= ~HCI_LP_SNIFF; 561 if (!(dev->features[1] & LMP_PARK)) 562 link_policy &= ~HCI_LP_PARK; 563 564 link_policy = htobs(link_policy); 565 hci_send_cmd(dev->sk, OGF_LINK_POLICY, OCF_WRITE_DEFAULT_LINK_POLICY, 566 sizeof(link_policy), &link_policy); 567 568 dev->current_cod = 0; 569 memset(dev->eir, 0, sizeof(dev->eir)); 570} 571 572static int hciops_stop_inquiry(int index) 573{ 574 struct dev_info *dev = &devs[index]; 575 576 DBG("hci%d", index); 577 578 if (hci_send_cmd(dev->sk, OGF_LINK_CTL, OCF_INQUIRY_CANCEL, 0, 0) < 0) 579 return -errno; 580 581 return 0; 582} 583 584static gboolean init_adapter(int index) 585{ 586 struct dev_info *dev = &devs[index]; 587 struct btd_adapter *adapter = NULL; 588 gboolean existing_adapter = dev->registered; 589 uint8_t mode, on_mode; 590 gboolean pairable, discoverable; 591 592 if (!dev->registered) { 593 adapter = btd_manager_register_adapter(index); 594 if (adapter) 595 dev->registered = TRUE; 596 } else { 597 adapter = manager_find_adapter(&dev->bdaddr); 598 /* FIXME: manager_find_adapter should return a new ref */ 599 btd_adapter_ref(adapter); 600 } 601 602 if (adapter == NULL) 603 return FALSE; 604 605 btd_adapter_get_mode(adapter, &mode, &on_mode, &pairable); 606 607 if (existing_adapter) 608 mode = on_mode; 609 610 if (mode == MODE_OFF) { 611 hciops_power_off(index); 612 goto done; 613 } 614 615 start_adapter(index); 616 btd_adapter_start(adapter); 617 618 discoverable = (mode == MODE_DISCOVERABLE); 619 620 hciops_set_discoverable(index, discoverable); 621 hciops_set_pairable(index, pairable); 622 623 if (dev->already_up) 624 hciops_stop_inquiry(index); 625 626done: 627 btd_adapter_unref(adapter); 628 return TRUE; 629} 630 631static int hciops_encrypt_link(int index, bdaddr_t *dst, bt_hci_result_t cb, 632 gpointer user_data) 633{ 634 GIOChannel *io; 635 struct hci_cmd_data *cmd; 636 struct hci_conn_info_req *cr; 637 auth_requested_cp cp; 638 struct hci_filter nf; 639 int dd, err; 640 uint32_t link_mode; 641 uint16_t handle; 642 643 dd = hci_open_dev(index); 644 if (dd < 0) 645 return -errno; 646 647 cr = g_malloc0(sizeof(*cr) + sizeof(struct hci_conn_info)); 648 cr->type = ACL_LINK; 649 bacpy(&cr->bdaddr, dst); 650 651 err = ioctl(dd, HCIGETCONNINFO, cr); 652 link_mode = cr->conn_info->link_mode; 653 handle = cr->conn_info->handle; 654 g_free(cr); 655 656 if (err < 0) { 657 err = -errno; 658 goto fail; 659 } 660 661 if (link_mode & HCI_LM_ENCRYPT) { 662 err = -EALREADY; 663 goto fail; 664 } 665 666 memset(&cp, 0, sizeof(cp)); 667 cp.handle = htobs(handle); 668 669 if (hci_send_cmd(dd, OGF_LINK_CTL, OCF_AUTH_REQUESTED, 670 AUTH_REQUESTED_CP_SIZE, &cp) < 0) { 671 err = -errno; 672 goto fail; 673 } 674 675 cmd = g_new0(struct hci_cmd_data, 1); 676 cmd->handle = handle; 677 cmd->ocf = OCF_AUTH_REQUESTED; 678 cmd->cb = cb; 679 cmd->caller_data = user_data; 680 681 hci_filter_clear(&nf); 682 hci_filter_set_ptype(HCI_EVENT_PKT, &nf); 683 hci_filter_set_event(EVT_CMD_STATUS, &nf); 684 hci_filter_set_event(EVT_AUTH_COMPLETE, &nf); 685 hci_filter_set_event(EVT_ENCRYPT_CHANGE, &nf); 686 687 if (setsockopt(dd, SOL_HCI, HCI_FILTER, &nf, sizeof(nf)) < 0) { 688 err = -errno; 689 g_free(cmd); 690 goto fail; 691 } 692 693 io = g_io_channel_unix_new(dd); 694 g_io_channel_set_close_on_unref(io, FALSE); 695 g_io_add_watch_full(io, G_PRIORITY_DEFAULT, 696 G_IO_HUP | G_IO_ERR | G_IO_NVAL | G_IO_IN, 697 hci_event_watch, cmd, g_free); 698 g_io_channel_unref(io); 699 700 return 0; 701 702fail: 703 close(dd); 704 return err; 705} 706 707static int hciops_set_did(int index, uint16_t vendor, uint16_t product, 708 uint16_t version) 709{ 710 struct dev_info *dev = &devs[index]; 711 712 dev->did_vendor = vendor; 713 dev->did_product = product; 714 dev->did_version = version; 715 716 return 0; 717} 718 719/* End async HCI command handling */ 720 721/* Start of HCI event callbacks */ 722 723static gint conn_handle_cmp(gconstpointer a, gconstpointer b) 724{ 725 const struct bt_conn *conn = a; 726 uint16_t handle = *((const uint16_t *) b); 727 728 return (int) conn->handle - (int) handle; 729} 730 731static struct bt_conn *find_conn_by_handle(struct dev_info *dev, 732 uint16_t handle) 733{ 734 GSList *match; 735 736 match = g_slist_find_custom(dev->connections, &handle, 737 conn_handle_cmp); 738 if (match) 739 return match->data; 740 741 return NULL; 742} 743 744static gint conn_bdaddr_cmp(gconstpointer a, gconstpointer b) 745{ 746 const struct bt_conn *conn = a; 747 const bdaddr_t *bdaddr = b; 748 749 return bacmp(&conn->bdaddr, bdaddr); 750} 751 752static struct bt_conn *find_connection(struct dev_info *dev, bdaddr_t *bdaddr) 753{ 754 GSList *match; 755 756 match = g_slist_find_custom(dev->connections, bdaddr, conn_bdaddr_cmp); 757 if (match) 758 return match->data; 759 760 return NULL; 761} 762 763static struct bt_conn *get_connection(struct dev_info *dev, bdaddr_t *bdaddr) 764{ 765 struct bt_conn *conn; 766 767 conn = find_connection(dev, bdaddr); 768 if (conn) 769 return conn; 770 771 conn = g_new0(struct bt_conn, 1); 772 773 conn->dev = dev; 774 conn->loc_cap = dev->io_capability; 775 conn->loc_auth = 0xff; 776 conn->rem_auth = 0xff; 777 bacpy(&conn->bdaddr, bdaddr); 778 779 dev->connections = g_slist_append(dev->connections, conn); 780 781 return conn; 782} 783 784static int get_handle(int index, bdaddr_t *bdaddr, uint16_t *handle) 785{ 786 struct dev_info *dev = &devs[index]; 787 struct bt_conn *conn; 788 char addr[18]; 789 790 ba2str(bdaddr, addr); 791 DBG("hci%d dba %s", index, addr); 792 793 conn = find_connection(dev, bdaddr); 794 if (conn == NULL) 795 return -ENOENT; 796 797 *handle = conn->handle; 798 799 return 0; 800} 801 802static int disconnect_addr(int index, bdaddr_t *dba, uint8_t reason) 803{ 804 disconnect_cp cp; 805 uint16_t handle; 806 int err; 807 808 err = get_handle(index, dba, &handle); 809 if (err < 0) 810 return err; 811 812 memset(&cp, 0, sizeof(cp)); 813 cp.handle = htobs(handle); 814 cp.reason = reason; 815 816 if (hci_send_cmd(devs[index].sk, OGF_LINK_CTL, OCF_DISCONNECT, 817 DISCONNECT_CP_SIZE, &cp) < 0) 818 return -errno; 819 820 return 0; 821} 822 823static void bonding_complete(struct dev_info *dev, struct bt_conn *conn, 824 uint8_t status) 825{ 826 DBG("status 0x%02x", status); 827 828 if (conn->io != NULL) { 829 /* bonding_connect_cb takes care of the successul case */ 830 if (status != 0) 831 g_io_channel_shutdown(conn->io, TRUE, NULL); 832 g_io_channel_unref(conn->io); 833 conn->io = NULL; 834 } 835 836 conn->bonding_initiator = FALSE; 837 838 btd_event_bonding_complete(&dev->bdaddr, &conn->bdaddr, status); 839} 840 841static int get_auth_info(int index, bdaddr_t *bdaddr, uint8_t *auth) 842{ 843 struct dev_info *dev = &devs[index]; 844 struct hci_auth_info_req req; 845 char addr[18]; 846 847 ba2str(bdaddr, addr); 848 DBG("hci%d dba %s", index, addr); 849 850 memset(&req, 0, sizeof(req)); 851 bacpy(&req.bdaddr, bdaddr); 852 853 if (ioctl(dev->sk, HCIGETAUTHINFO, (unsigned long) &req) < 0) 854 return -errno; 855 856 if (auth) 857 *auth = req.type; 858 859 return 0; 860} 861 862/* Link Key handling */ 863 864static void link_key_request(int index, bdaddr_t *dba) 865{ 866 struct dev_info *dev = &devs[index]; 867 struct link_key_info *key_info; 868 struct bt_conn *conn; 869 GSList *match; 870 char da[18]; 871 872 ba2str(dba, da); 873 DBG("hci%d dba %s", index, da); 874 875 conn = get_connection(dev, dba); 876 if (conn->handle == 0) 877 conn->secmode3 = TRUE; 878 879 get_auth_info(index, dba, &conn->loc_auth); 880 881 DBG("kernel auth requirements = 0x%02x", conn->loc_auth); 882 883 match = g_slist_find_custom(dev->keys, dba, (GCompareFunc) bacmp); 884 if (match) 885 key_info = match->data; 886 else 887 key_info = NULL; 888 889 DBG("Matching key %s", key_info ? "found" : "not found"); 890 891 if (key_info == NULL || (!dev->debug_keys && key_info->type == 0x03)) { 892 /* Link key not found */ 893 hci_send_cmd(dev->sk, OGF_LINK_CTL, OCF_LINK_KEY_NEG_REPLY, 894 6, dba); 895 return; 896 } 897 898 /* Link key found */ 899 900 DBG("link key type 0x%02x", key_info->type); 901 902 /* Don't use unauthenticated combination keys if MITM is 903 * required */ 904 if (key_info->type == 0x04 && conn->loc_auth != 0xff && 905 (conn->loc_auth & 0x01)) 906 hci_send_cmd(dev->sk, OGF_LINK_CTL, OCF_LINK_KEY_NEG_REPLY, 907 6, dba); 908 else { 909 link_key_reply_cp lr; 910 911 memcpy(lr.link_key, key_info->key, 16); 912 bacpy(&lr.bdaddr, dba); 913 914 hci_send_cmd(dev->sk, OGF_LINK_CTL, OCF_LINK_KEY_REPLY, 915 LINK_KEY_REPLY_CP_SIZE, &lr); 916 } 917} 918 919static void link_key_notify(int index, void *ptr) 920{ 921 struct dev_info *dev = &devs[index]; 922 evt_link_key_notify *evt = ptr; 923 bdaddr_t *dba = &evt->bdaddr; 924 struct link_key_info *key_info; 925 uint8_t old_key_type, key_type; 926 struct bt_conn *conn; 927 GSList *match; 928 char da[18]; 929 uint8_t status = 0; 930 931 ba2str(dba, da); 932 DBG("hci%d dba %s type %d", index, da, evt->key_type); 933 934 conn = get_connection(dev, &evt->bdaddr); 935 936 match = g_slist_find_custom(dev->keys, dba, (GCompareFunc) bacmp); 937 if (match) 938 key_info = match->data; 939 else 940 key_info = NULL; 941 942 if (key_info == NULL) { 943 key_info = g_new0(struct link_key_info, 1); 944 bacpy(&key_info->bdaddr, &evt->bdaddr); 945 old_key_type = 0xff; 946 } else { 947 dev->keys = g_slist_remove(dev->keys, key_info); 948 old_key_type = key_info->type; 949 } 950 951 memcpy(key_info->key, evt->link_key, sizeof(evt->link_key)); 952 key_info->type = evt->key_type; 953 key_info->pin_len = dev->pin_length; 954 955 key_type = evt->key_type; 956 957 DBG("key type 0x%02x old key type 0x%02x", key_type, old_key_type); 958 DBG("local auth 0x%02x and remote auth 0x%02x", 959 conn->loc_auth, conn->rem_auth); 960 961 if (key_type == 0x06) { 962 /* Some buggy controller combinations generate a changed 963 * combination key for legacy pairing even when there's no 964 * previous key */ 965 if ((!conn || conn->rem_auth == 0xff) && old_key_type == 0xff) 966 key_type = 0x00; 967 else if (old_key_type != 0xff) 968 key_type = old_key_type; 969 else 970 /* This is Changed Combination Link Key for 971 * a temporary link key.*/ 972 goto done; 973 } 974 975 key_info->type = key_type; 976 977 /* Skip the storage check if this is a debug key */ 978 if (key_type == 0x03) 979 goto done; 980 981 /* Store the link key persistently if one of the following is true: 982 * 1. this is a legacy link key 983 * 2. this is a changed combination key and there was a previously 984 * stored one 985 * 3. neither local nor remote side had no-bonding as a requirement 986 * 4. the local side had dedicated bonding as a requirement 987 * 5. the remote side is using dedicated bonding since in that case 988 * also the local requirements are set to dedicated bonding 989 * If none of the above match only keep the link key around for 990 * this connection and set the temporary flag for the device. 991 */ 992 if (key_type < 0x03 || (key_type == 0x06 && old_key_type != 0xff) || 993 (conn->loc_auth > 0x01 && conn->rem_auth > 0x01) || 994 (conn->loc_auth == 0x02 || conn->loc_auth == 0x03) || 995 (conn->rem_auth == 0x02 || conn->rem_auth == 0x03)) { 996 int err; 997 998 err = btd_event_link_key_notify(&dev->bdaddr, dba, 999 evt->link_key, key_type, 1000 dev->pin_length); 1001 1002 if (err == -ENODEV) 1003 status = HCI_OE_LOW_RESOURCES; 1004 else if (err < 0) 1005 status = HCI_MEMORY_FULL; 1006 1007 goto done; 1008 } 1009 1010done: 1011 dev->pin_length = 0; 1012 1013 if (status != 0) { 1014 g_free(key_info); 1015 bonding_complete(dev, conn, status); 1016 disconnect_addr(index, dba, status); 1017 return; 1018 } 1019 1020 dev->keys = g_slist_prepend(dev->keys, key_info); 1021 1022 /* If we're connected and not dedicated bonding initiators we're 1023 * done with the bonding process */ 1024 if (!conn->bonding_initiator && conn->handle != 0) 1025 bonding_complete(dev, conn, 0); 1026} 1027 1028static void return_link_keys(int index, void *ptr) 1029{ 1030 struct dev_info *dev = &devs[index]; 1031 evt_return_link_keys *evt = ptr; 1032 uint8_t num = evt->num_keys; 1033 unsigned char key[16]; 1034 char da[18]; 1035 bdaddr_t dba; 1036 int i; 1037 1038 DBG("hci%d num_keys %u", index, num); 1039 1040 ptr++; 1041 1042 for (i = 0; i < num; i++) { 1043 bacpy(&dba, ptr); ba2str(&dba, da); 1044 memcpy(key, ptr + 6, 16); 1045 1046 DBG("hci%d returned key for %s", index, da); 1047 1048 btd_event_returned_link_key(&dev->bdaddr, &dba); 1049 1050 ptr += 22; 1051 } 1052} 1053 1054/* Simple Pairing handling */ 1055 1056static int hciops_confirm_reply(int index, bdaddr_t *bdaddr, gboolean success) 1057{ 1058 struct dev_info *dev = &devs[index]; 1059 user_confirm_reply_cp cp; 1060 char addr[18]; 1061 int err; 1062 1063 ba2str(bdaddr, addr); 1064 DBG("hci%d dba %s success %d", index, addr, success); 1065 1066 memset(&cp, 0, sizeof(cp)); 1067 bacpy(&cp.bdaddr, bdaddr); 1068 1069 if (success) 1070 err = hci_send_cmd(dev->sk, OGF_LINK_CTL, 1071 OCF_USER_CONFIRM_REPLY, 1072 USER_CONFIRM_REPLY_CP_SIZE, &cp); 1073 else 1074 err = hci_send_cmd(dev->sk, OGF_LINK_CTL, 1075 OCF_USER_CONFIRM_NEG_REPLY, 1076 USER_CONFIRM_REPLY_CP_SIZE, &cp); 1077 1078 if (err < 0) 1079 err = -errno; 1080 1081 return err; 1082} 1083 1084static void user_confirm_request(int index, void *ptr) 1085{ 1086 struct dev_info *dev = &devs[index]; 1087 evt_user_confirm_request *req = ptr; 1088 gboolean loc_mitm, rem_mitm; 1089 struct bt_conn *conn; 1090 1091 DBG("hci%d", index); 1092 1093 conn = find_connection(dev, &req->bdaddr); 1094 if (conn == NULL) 1095 return; 1096 1097 loc_mitm = (conn->loc_auth & 0x01) ? TRUE : FALSE; 1098 rem_mitm = (conn->rem_auth & 0x01) ? TRUE : FALSE; 1099 1100 /* If we require MITM but the remote device can't provide that 1101 * (it has NoInputNoOutput) then reject the confirmation 1102 * request. The only exception is when we're dedicated bonding 1103 * initiators since then we always have the MITM bit set. */ 1104 if (!conn->bonding_initiator && loc_mitm && conn->rem_cap == 0x03) { 1105 error("Rejecting request: remote device can't provide MITM"); 1106 goto fail; 1107 } 1108 1109 /* If no side requires MITM protection; auto-accept */ 1110 if ((conn->loc_auth == 0xff || !loc_mitm || conn->rem_cap == 0x03) && 1111 (!rem_mitm || conn->loc_cap == 0x03)) { 1112 DBG("auto accept of confirmation"); 1113 1114 /* Wait 5 milliseconds before doing auto-accept */ 1115 usleep(5000); 1116 1117 if (hciops_confirm_reply(index, &req->bdaddr, TRUE) < 0) 1118 goto fail; 1119 1120 return; 1121 } 1122 1123 if (btd_event_user_confirm(&dev->bdaddr, &req->bdaddr, 1124 btohl(req->passkey)) == 0) 1125 return; 1126 1127fail: 1128 hci_send_cmd(dev->sk, OGF_LINK_CTL, OCF_USER_CONFIRM_NEG_REPLY, 1129 6, ptr); 1130} 1131 1132static void user_passkey_request(int index, void *ptr) 1133{ 1134 struct dev_info *dev = &devs[index]; 1135 evt_user_passkey_request *req = ptr; 1136 1137 DBG("hci%d", index); 1138 1139 if (btd_event_user_passkey(&dev->bdaddr, &req->bdaddr) < 0) 1140 hci_send_cmd(dev->sk, OGF_LINK_CTL, 1141 OCF_USER_PASSKEY_NEG_REPLY, 6, ptr); 1142} 1143 1144static void user_passkey_notify(int index, void *ptr) 1145{ 1146 struct dev_info *dev = &devs[index]; 1147 evt_user_passkey_notify *req = ptr; 1148 1149 DBG("hci%d", index); 1150 1151 btd_event_user_notify(&dev->bdaddr, &req->bdaddr, 1152 btohl(req->passkey)); 1153} 1154 1155static gint oob_bdaddr_cmp(gconstpointer a, gconstpointer b) 1156{ 1157 const struct oob_data *data = a; 1158 const bdaddr_t *bdaddr = b; 1159 1160 return bacmp(&data->bdaddr, bdaddr); 1161} 1162 1163static void remote_oob_data_request(int index, bdaddr_t *bdaddr) 1164{ 1165 struct dev_info *dev = &devs[index]; 1166 GSList *match; 1167 1168 DBG("hci%d", index); 1169 1170 match = g_slist_find_custom(dev->oob_data, bdaddr, oob_bdaddr_cmp); 1171 1172 if (match) { 1173 struct oob_data *data; 1174 remote_oob_data_reply_cp cp; 1175 1176 data = match->data; 1177 1178 bacpy(&cp.bdaddr, &data->bdaddr); 1179 memcpy(cp.hash, data->hash, sizeof(cp.hash)); 1180 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer)); 1181 1182 dev->oob_data = g_slist_delete_link(dev->oob_data, match); 1183 1184 hci_send_cmd(dev->sk, OGF_LINK_CTL, OCF_REMOTE_OOB_DATA_REPLY, 1185 REMOTE_OOB_DATA_REPLY_CP_SIZE, &cp); 1186 1187 } else { 1188 hci_send_cmd(dev->sk, OGF_LINK_CTL, 1189 OCF_REMOTE_OOB_DATA_NEG_REPLY, 6, bdaddr); 1190 } 1191} 1192 1193static int get_io_cap(int index, bdaddr_t *bdaddr, uint8_t *cap, uint8_t *auth) 1194{ 1195 struct dev_info *dev = &devs[index]; 1196 struct bt_conn *conn; 1197 int err; 1198 1199 conn = find_connection(dev, bdaddr); 1200 if (conn == NULL) 1201 return -ENOENT; 1202 1203 err = get_auth_info(index, bdaddr, &conn->loc_auth); 1204 if (err < 0) 1205 return err; 1206 1207 DBG("initial authentication requirement is 0x%02x", conn->loc_auth); 1208 1209 if (!dev->pairable && !conn->bonding_initiator) { 1210 if (conn->rem_auth < 0x02) { 1211 DBG("Allowing no bonding in non-bondable mode"); 1212 /* Kernel defaults to general bonding and so 1213 * overwrite for this special case. Otherwise 1214 * non-pairable test cases will fail. */ 1215 conn->loc_auth = conn->rem_auth; 1216 goto done; 1217 } 1218 1219 return -EPERM; 1220 } 1221 1222 /* If the kernel doesn't know the local requirement just mirror 1223 * the remote one */ 1224 if (conn->loc_auth == 0xff) 1225 conn->loc_auth = conn->rem_auth; 1226 1227 if (conn->loc_auth == 0x00 || conn->loc_auth == 0x04) { 1228 /* If remote requests dedicated bonding follow that lead */ 1229 if (conn->rem_auth == 0x02 || conn->rem_auth == 0x03) { 1230 1231 /* If both remote and local IO capabilities allow MITM 1232 * then require it, otherwise don't */ 1233 if (conn->rem_cap == 0x03 || conn->loc_cap == 0x03) 1234 conn->loc_auth = 0x02; 1235 else 1236 conn->loc_auth = 0x03; 1237 } 1238 1239 /* If remote indicates no bonding then follow that. This 1240 * is important since the kernel might give general bonding 1241 * as default. */ 1242 if (conn->rem_auth == 0x00 || conn->rem_auth == 0x01) 1243 conn->loc_auth = 0x00; 1244 1245 /* If remote requires MITM then also require it, unless 1246 * our IO capability is NoInputNoOutput (so some 1247 * just-works security cases can be tested) */ 1248 if (conn->rem_auth != 0xff && (conn->rem_auth & 0x01) && 1249 conn->loc_cap != 0x03) 1250 conn->loc_auth |= 0x01; 1251 } 1252 1253done: 1254 *cap = conn->loc_cap; 1255 *auth = conn->loc_auth; 1256 1257 DBG("final authentication requirement is 0x%02x", *auth); 1258 1259 return 0; 1260} 1261 1262static void io_capa_request(int index, void *ptr) 1263{ 1264 struct dev_info *dev = &devs[index]; 1265 bdaddr_t *dba = ptr; 1266 uint8_t cap, auth = 0xff; 1267 char da[18]; 1268 int err; 1269 1270 ba2str(dba, da); 1271 DBG("hci%d IO capability request for %s", index, da); 1272 1273 err = get_io_cap(index, dba, &cap, &auth); 1274 if (err < 0) { 1275 io_capability_neg_reply_cp cp; 1276 1277 error("Getting IO capability failed: %s (%d)", 1278 strerror(-err), -err); 1279 1280 memset(&cp, 0, sizeof(cp)); 1281 bacpy(&cp.bdaddr, dba); 1282 cp.reason = HCI_PAIRING_NOT_ALLOWED; 1283 hci_send_cmd(dev->sk, OGF_LINK_CTL, 1284 OCF_IO_CAPABILITY_NEG_REPLY, 1285 IO_CAPABILITY_NEG_REPLY_CP_SIZE, &cp); 1286 } else { 1287 io_capability_reply_cp cp; 1288 struct bt_conn *conn; 1289 GSList *match; 1290 1291 memset(&cp, 0, sizeof(cp)); 1292 bacpy(&cp.bdaddr, dba); 1293 cp.capability = cap; 1294 cp.authentication = auth; 1295 1296 conn = find_connection(dev, dba); 1297 match = g_slist_find_custom(dev->oob_data, dba, oob_bdaddr_cmp); 1298 1299 if ((conn->bonding_initiator || conn->rem_oob_data == 0x01) && 1300 match) 1301 cp.oob_data = 0x01; 1302 else 1303 cp.oob_data = 0x00; 1304 1305 hci_send_cmd(dev->sk, OGF_LINK_CTL, OCF_IO_CAPABILITY_REPLY, 1306 IO_CAPABILITY_REPLY_CP_SIZE, &cp); 1307 } 1308} 1309 1310static void io_capa_response(int index, void *ptr) 1311{ 1312 struct dev_info *dev = &devs[index]; 1313 evt_io_capability_response *evt = ptr; 1314 struct bt_conn *conn; 1315 char da[18]; 1316 1317 ba2str(&evt->bdaddr, da); 1318 DBG("hci%d IO capability response from %s", index, da); 1319 1320 conn = find_connection(dev, &evt->bdaddr); 1321 if (conn) { 1322 conn->rem_cap = evt->capability; 1323 conn->rem_auth = evt->authentication; 1324 conn->rem_oob_data = evt->oob_data; 1325 } 1326} 1327 1328/* PIN code handling */ 1329 1330static void pin_code_request(int index, bdaddr_t *dba) 1331{ 1332 struct dev_info *dev = &devs[index]; 1333 struct bt_conn *conn; 1334 char addr[18]; 1335 int err; 1336 1337 ba2str(dba, addr); 1338 DBG("hci%d PIN request for %s", index, addr); 1339 1340 conn = get_connection(dev, dba); 1341 if (conn->handle == 0) 1342 conn->secmode3 = TRUE; 1343 1344 /* Check if the adapter is not pairable and if there isn't a bonding in 1345 * progress */ 1346 if (!dev->pairable && !conn->bonding_initiator) { 1347 DBG("Rejecting PIN request in non-pairable mode"); 1348 goto reject; 1349 } 1350 1351 err = btd_event_request_pin(&dev->bdaddr, dba); 1352 if (err < 0) { 1353 error("PIN code negative reply: %s", strerror(-err)); 1354 goto reject; 1355 } 1356 1357 return; 1358 1359reject: 1360 hci_send_cmd(dev->sk, OGF_LINK_CTL, OCF_PIN_CODE_NEG_REPLY, 6, dba); 1361} 1362 1363static inline void remote_features_notify(int index, void *ptr) 1364{ 1365 struct dev_info *dev = &devs[index]; 1366 evt_remote_host_features_notify *evt = ptr; 1367 1368 if (evt->features[0] & 0x01) 1369 btd_event_set_legacy_pairing(&dev->bdaddr, &evt->bdaddr, 1370 FALSE); 1371 else 1372 btd_event_set_legacy_pairing(&dev->bdaddr, &evt->bdaddr, 1373 TRUE); 1374 1375 write_features_info(&dev->bdaddr, &evt->bdaddr, NULL, evt->features); 1376} 1377 1378static void write_le_host_complete(int index, uint8_t status) 1379{ 1380 struct dev_info *dev = &devs[index]; 1381 uint8_t page_num = 0x01; 1382 1383 if (status) 1384 return; 1385 1386 if (hci_send_cmd(dev->sk, OGF_INFO_PARAM, 1387 OCF_READ_LOCAL_EXT_FEATURES, 1, &page_num) < 0) 1388 error("Unable to read extended local features: %s (%d)", 1389 strerror(errno), errno); 1390} 1391 1392static void read_local_version_complete(int index, 1393 const read_local_version_rp *rp) 1394{ 1395 struct dev_info *dev = &devs[index]; 1396 1397 if (rp->status) 1398 return; 1399 1400 dev->ver.manufacturer = btohs(bt_get_unaligned(&rp->manufacturer)); 1401 dev->ver.hci_ver = rp->hci_ver; 1402 dev->ver.hci_rev = btohs(bt_get_unaligned(&rp->hci_rev)); 1403 dev->ver.lmp_ver = rp->lmp_ver; 1404 dev->ver.lmp_subver = btohs(bt_get_unaligned(&rp->lmp_subver)); 1405 1406 if (!dev->pending) 1407 return; 1408 1409 hci_clear_bit(PENDING_VERSION, &dev->pending); 1410 1411 DBG("Got version for hci%d", index); 1412 1413 if (!dev->pending && dev->up) 1414 init_adapter(index); 1415} 1416 1417static void read_local_features_complete(int index, 1418 const read_local_features_rp *rp) 1419{ 1420 struct dev_info *dev = &devs[index]; 1421 1422 if (rp->status) 1423 return; 1424 1425 memcpy(dev->features, rp->features, 8); 1426 1427 if (!dev->pending) 1428 return; 1429 1430 hci_clear_bit(PENDING_FEATURES, &dev->pending); 1431 1432 DBG("Got features for hci%d", index); 1433 1434 if (!dev->pending && dev->up) 1435 init_adapter(index); 1436} 1437 1438#define SIZEOF_UUID128 16 1439 1440static void eir_generate_uuid128(GSList *list, uint8_t *ptr, uint16_t *eir_len) 1441{ 1442 int i, k, uuid_count = 0; 1443 uint16_t len = *eir_len; 1444 uint8_t *uuid128; 1445 gboolean truncated = FALSE; 1446 1447 /* Store UUIDs in place, skip 2 bytes to write type and length later */ 1448 uuid128 = ptr + 2; 1449 1450 for (; list; list = list->next) { 1451 struct uuid_info *uuid = list->data; 1452 uint8_t *uuid128_data = uuid->uuid.value.uuid128.data; 1453 1454 if (uuid->uuid.type != SDP_UUID128) 1455 continue; 1456 1457 /* Stop if not enough space to put next UUID128 */ 1458 if ((len + 2 + SIZEOF_UUID128) > EIR_DATA_LENGTH) { 1459 truncated = TRUE; 1460 break; 1461 } 1462 1463 /* Check for duplicates, EIR data is Little Endian */ 1464 for (i = 0; i < uuid_count; i++) { 1465 for (k = 0; k < SIZEOF_UUID128; k++) { 1466 if (uuid128[i * SIZEOF_UUID128 + k] != 1467 uuid128_data[SIZEOF_UUID128 - 1 - k]) 1468 break; 1469 } 1470 if (k == SIZEOF_UUID128) 1471 break; 1472 } 1473 1474 if (i < uuid_count) 1475 continue; 1476 1477 /* EIR data is Little Endian */ 1478 for (k = 0; k < SIZEOF_UUID128; k++) 1479 uuid128[uuid_count * SIZEOF_UUID128 + k] = 1480 uuid128_data[SIZEOF_UUID128 - 1 - k]; 1481 1482 len += SIZEOF_UUID128; 1483 uuid_count++; 1484 } 1485 1486 if (uuid_count > 0 || truncated) { 1487 /* EIR Data length */ 1488 ptr[0] = (uuid_count * SIZEOF_UUID128) + 1; 1489 /* EIR Data type */ 1490 ptr[1] = truncated ? EIR_UUID128_SOME : EIR_UUID128_ALL; 1491 len += 2; 1492 *eir_len = len; 1493 } 1494} 1495 1496static void create_ext_inquiry_response(int index, uint8_t *data) 1497{ 1498 struct dev_info *dev = &devs[index]; 1499 GSList *l; 1500 uint8_t *ptr = data; 1501 uint16_t eir_len = 0; 1502 uint16_t uuid16[EIR_DATA_LENGTH / 2]; 1503 int i, uuid_count = 0; 1504 gboolean truncated = FALSE; 1505 size_t name_len; 1506 1507 name_len = strlen(dev->name); 1508 1509 if (name_len > 0) { 1510 /* EIR Data type */ 1511 if (name_len > 48) { 1512 name_len = 48; 1513 ptr[1] = EIR_NAME_SHORT; 1514 } else 1515 ptr[1] = EIR_NAME_COMPLETE; 1516 1517 /* EIR Data length */ 1518 ptr[0] = name_len + 1; 1519 1520 memcpy(ptr + 2, dev->name, name_len); 1521 1522 eir_len += (name_len + 2); 1523 ptr += (name_len + 2); 1524 } 1525 1526 if (dev->tx_power != 0) { 1527 *ptr++ = 2; 1528 *ptr++ = EIR_TX_POWER; 1529 *ptr++ = (uint8_t) dev->tx_power; 1530 eir_len += 3; 1531 } 1532 1533 if (dev->did_vendor != 0x0000) { 1534 uint16_t source = 0x0002; 1535 *ptr++ = 9; 1536 *ptr++ = EIR_DEVICE_ID; 1537 *ptr++ = (source & 0x00ff); 1538 *ptr++ = (source & 0xff00) >> 8; 1539 *ptr++ = (dev->did_vendor & 0x00ff); 1540 *ptr++ = (dev->did_vendor & 0xff00) >> 8; 1541 *ptr++ = (dev->did_product & 0x00ff); 1542 *ptr++ = (dev->did_product & 0xff00) >> 8; 1543 *ptr++ = (dev->did_version & 0x00ff); 1544 *ptr++ = (dev->did_version & 0xff00) >> 8; 1545 eir_len += 10; 1546 } 1547 1548 /* Group all UUID16 types */ 1549 for (l = dev->uuids; l != NULL; l = g_slist_next(l)) { 1550 struct uuid_info *uuid = l->data; 1551 1552 if (uuid->uuid.type != SDP_UUID16) 1553 continue; 1554 1555 if (uuid->uuid.value.uuid16 < 0x1100) 1556 continue; 1557 1558 if (uuid->uuid.value.uuid16 == PNP_INFO_SVCLASS_ID) 1559 continue; 1560 1561 /* Stop if not enough space to put next UUID16 */ 1562 if ((eir_len + 2 + sizeof(uint16_t)) > EIR_DATA_LENGTH) { 1563 truncated = TRUE; 1564 break; 1565 } 1566 1567 /* Check for duplicates */ 1568 for (i = 0; i < uuid_count; i++) 1569 if (uuid16[i] == uuid->uuid.value.uuid16) 1570 break; 1571 1572 if (i < uuid_count) 1573 continue; 1574 1575 uuid16[uuid_count++] = uuid->uuid.value.uuid16; 1576 eir_len += sizeof(uint16_t); 1577 } 1578 1579 if (uuid_count > 0) { 1580 /* EIR Data length */ 1581 ptr[0] = (uuid_count * sizeof(uint16_t)) + 1; 1582 /* EIR Data type */ 1583 ptr[1] = truncated ? EIR_UUID16_SOME : EIR_UUID16_ALL; 1584 1585 ptr += 2; 1586 eir_len += 2; 1587 1588 for (i = 0; i < uuid_count; i++) { 1589 *ptr++ = (uuid16[i] & 0x00ff); 1590 *ptr++ = (uuid16[i] & 0xff00) >> 8; 1591 } 1592 } 1593 1594 /* Group all UUID128 types */ 1595 if (eir_len <= EIR_DATA_LENGTH - 2) 1596 eir_generate_uuid128(dev->uuids, ptr, &eir_len); 1597} 1598 1599static void update_ext_inquiry_response(int index) 1600{ 1601 struct dev_info *dev = &devs[index]; 1602 write_ext_inquiry_response_cp cp; 1603 1604 DBG("hci%d", index); 1605 1606 if (!(dev->features[6] & LMP_EXT_INQ)) 1607 return; 1608 1609 if (dev->ssp_mode == 0) 1610 return; 1611 1612 if (dev->cache_enable) 1613 return; 1614 1615 memset(&cp, 0, sizeof(cp)); 1616 1617 create_ext_inquiry_response(index, cp.data); 1618 1619 if (memcmp(cp.data, dev->eir, sizeof(cp.data)) == 0) 1620 return; 1621 1622 memcpy(dev->eir, cp.data, sizeof(cp.data)); 1623 1624 if (hci_send_cmd(dev->sk, OGF_HOST_CTL, 1625 OCF_WRITE_EXT_INQUIRY_RESPONSE, 1626 WRITE_EXT_INQUIRY_RESPONSE_CP_SIZE, &cp) < 0) 1627 error("Unable to write EIR data: %s (%d)", 1628 strerror(errno), errno); 1629} 1630 1631static void update_name(int index, const char *name) 1632{ 1633 struct btd_adapter *adapter; 1634 1635 adapter = manager_find_adapter_by_id(index); 1636 if (adapter) 1637 adapter_update_local_name(adapter, name); 1638 1639 update_ext_inquiry_response(index); 1640} 1641 1642static void read_local_name_complete(int index, read_local_name_rp *rp) 1643{ 1644 struct dev_info *dev = &devs[index]; 1645 1646 DBG("hci%d status %u", index, rp->status); 1647 1648 if (rp->status) 1649 return; 1650 1651 memcpy(dev->name, rp->name, 248); 1652 1653 if (!dev->pending) { 1654 update_name(index, (char *) rp->name); 1655 return; 1656 } 1657 1658 hci_clear_bit(PENDING_NAME, &dev->pending); 1659 1660 DBG("Got name for hci%d", index); 1661 1662 /* Even though it shouldn't happen (assuming the kernel behaves 1663 * properly) it seems like we might miss the very first 1664 * initialization commands that the kernel sends. So check for 1665 * it here (since read_local_name is one of the last init 1666 * commands) and resend the first ones if we haven't seen 1667 * their results yet */ 1668 1669 if (hci_test_bit(PENDING_FEATURES, &dev->pending)) 1670 hci_send_cmd(dev->sk, OGF_INFO_PARAM, 1671 OCF_READ_LOCAL_FEATURES, 0, NULL); 1672 1673 if (hci_test_bit(PENDING_VERSION, &dev->pending)) 1674 hci_send_cmd(dev->sk, OGF_INFO_PARAM, 1675 OCF_READ_LOCAL_VERSION, 0, NULL); 1676 1677 if (!dev->pending && dev->up) 1678 init_adapter(index); 1679} 1680 1681static void read_tx_power_complete(int index, void *ptr) 1682{ 1683 struct dev_info *dev = &devs[index]; 1684 1685 read_inq_response_tx_power_level_rp *rp = ptr; 1686 1687 DBG("hci%d status %u", index, rp->status); 1688 1689 if (rp->status) 1690 return; 1691 1692 dev->tx_power = rp->level; 1693 update_ext_inquiry_response(index); 1694} 1695 1696static void read_simple_pairing_mode_complete(int index, void *ptr) 1697{ 1698 struct dev_info *dev = &devs[index]; 1699 read_simple_pairing_mode_rp *rp = ptr; 1700 1701 DBG("hci%d status %u", index, rp->status); 1702 1703 if (rp->status) 1704 return; 1705 1706 dev->ssp_mode = rp->mode; 1707 update_ext_inquiry_response(index); 1708} 1709 1710static void read_local_ext_features_complete(int index, 1711 const read_local_ext_features_rp *rp) 1712{ 1713 struct dev_info *dev = &devs[index]; 1714 1715 DBG("hci%d status %u", index, rp->status); 1716 1717 if (rp->status) 1718 return; 1719 1720 /* Local Extended feature page number is 1 */ 1721 if (rp->page_num != 1) 1722 return; 1723 1724 memcpy(dev->extfeatures, rp->features, sizeof(dev->extfeatures)); 1725} 1726 1727static void read_bd_addr_complete(int index, read_bd_addr_rp *rp) 1728{ 1729 struct dev_info *dev = &devs[index]; 1730 1731 DBG("hci%d status %u", index, rp->status); 1732 1733 if (rp->status) 1734 return; 1735 1736 bacpy(&dev->bdaddr, &rp->bdaddr); 1737 1738 if (!dev->pending) 1739 return; 1740 1741 hci_clear_bit(PENDING_BDADDR, &dev->pending); 1742 1743 DBG("Got bdaddr for hci%d", index); 1744 1745 if (!dev->pending && dev->up) 1746 init_adapter(index); 1747} 1748 1749static inline void cs_inquiry_evt(int index, uint8_t status) 1750{ 1751 if (status) { 1752 error("Inquiry Failed with status 0x%02x", status); 1753 return; 1754 } 1755 1756 set_state(index, DISCOV_INQ); 1757} 1758 1759static inline void cmd_status(int index, void *ptr) 1760{ 1761 evt_cmd_status *evt = ptr; 1762 uint16_t opcode = btohs(evt->opcode); 1763 1764 if (opcode == cmd_opcode_pack(OGF_LINK_CTL, OCF_INQUIRY)) 1765 cs_inquiry_evt(index, evt->status); 1766} 1767 1768static void read_scan_complete(int index, uint8_t status, void *ptr) 1769{ 1770 struct btd_adapter *adapter; 1771 read_scan_enable_rp *rp = ptr; 1772 1773 DBG("hci%d status %u", index, status); 1774 1775 adapter = manager_find_adapter_by_id(index); 1776 if (!adapter) { 1777 error("Unable to find matching adapter"); 1778 return; 1779 } 1780 1781 adapter_mode_changed(adapter, rp->enable); 1782} 1783 1784static int write_class(int index, uint32_t class) 1785{ 1786 struct dev_info *dev = &devs[index]; 1787 write_class_of_dev_cp cp; 1788 1789 DBG("hci%d class 0x%06x", index, class); 1790 1791 memcpy(cp.dev_class, &class, 3); 1792 1793 if (hci_send_cmd(dev->sk, OGF_HOST_CTL, OCF_WRITE_CLASS_OF_DEV, 1794 WRITE_CLASS_OF_DEV_CP_SIZE, &cp) < 0) 1795 return -errno; 1796 1797 dev->pending_cod = class; 1798 1799 return 0; 1800} 1801 1802/* Limited Discoverable bit mask in CoD */ 1803#define LIMITED_BIT 0x002000 1804 1805static int hciops_set_limited_discoverable(int index, gboolean limited) 1806{ 1807 struct dev_info *dev = &devs[index]; 1808 int num = (limited ? 2 : 1); 1809 uint8_t lap[] = { 0x33, 0x8b, 0x9e, 0x00, 0x8b, 0x9e }; 1810 write_current_iac_lap_cp cp; 1811 1812 DBG("hci%d limited %d", index, limited); 1813 1814 /* Check if limited bit needs to be set/reset */ 1815 if (limited) 1816 dev->wanted_cod |= LIMITED_BIT; 1817 else 1818 dev->wanted_cod &= ~LIMITED_BIT; 1819 1820 /* If we dont need the toggling, save an unnecessary CoD write */ 1821 if (dev->pending_cod || dev->wanted_cod == dev->current_cod) 1822 return 0; 1823 1824 /* 1825 * 1: giac 1826 * 2: giac + liac 1827 */ 1828 memset(&cp, 0, sizeof(cp)); 1829 cp.num_current_iac = num; 1830 memcpy(&cp.lap, lap, num * 3); 1831 1832 if (hci_send_cmd(dev->sk, OGF_HOST_CTL, OCF_WRITE_CURRENT_IAC_LAP, 1833 (num * 3 + 1), &cp) < 0) 1834 return -errno; 1835 1836 return write_class(index, dev->wanted_cod); 1837} 1838 1839static void write_class_complete(int index, uint8_t status) 1840{ 1841 struct dev_info *dev = &devs[index]; 1842 struct btd_adapter *adapter; 1843 1844 if (status) 1845 return; 1846 1847 if (dev->pending_cod == 0) 1848 return; 1849 1850 dev->current_cod = dev->pending_cod; 1851 dev->pending_cod = 0; 1852 1853 adapter = manager_find_adapter(&dev->bdaddr); 1854 if (adapter) 1855 btd_adapter_class_changed(adapter, dev->current_cod); 1856 1857 update_ext_inquiry_response(index); 1858 1859 if (dev->wanted_cod == dev->current_cod) 1860 return; 1861 1862 if (dev->wanted_cod & LIMITED_BIT && 1863 !(dev->current_cod & LIMITED_BIT)) 1864 hciops_set_limited_discoverable(index, TRUE); 1865 else if (!(dev->wanted_cod & LIMITED_BIT) && 1866 (dev->current_cod & LIMITED_BIT)) 1867 hciops_set_limited_discoverable(index, FALSE); 1868 else 1869 write_class(index, dev->wanted_cod); 1870} 1871 1872static void read_local_oob_data_complete(int index, uint8_t status, 1873 read_local_oob_data_rp *rp) 1874{ 1875 struct btd_adapter *adapter = manager_find_adapter_by_id(index); 1876 1877 if (!adapter) 1878 return; 1879 1880 if (status) 1881 oob_read_local_data_complete(adapter, NULL, NULL); 1882 else 1883 oob_read_local_data_complete(adapter, rp->hash, rp->randomizer); 1884} 1885 1886static inline void inquiry_complete_evt(int index, uint8_t status) 1887{ 1888 int adapter_type; 1889 struct btd_adapter *adapter; 1890 1891 if (status) { 1892 error("Inquiry Failed with status 0x%02x", status); 1893 return; 1894 } 1895 1896 adapter = manager_find_adapter_by_id(index); 1897 if (!adapter) { 1898 error("No matching adapter found"); 1899 return; 1900 } 1901 1902 adapter_type = get_adapter_type(index); 1903 1904 if (adapter_type == BR_EDR_LE && 1905 adapter_has_discov_sessions(adapter)) { 1906 int err = hciops_start_scanning(index, TIMEOUT_BR_LE_SCAN); 1907 if (err < 0) 1908 set_state(index, DISCOV_HALTED); 1909 } else { 1910 set_state(index, DISCOV_HALTED); 1911 } 1912} 1913 1914static inline void cc_inquiry_cancel(int index, uint8_t status) 1915{ 1916 if (status) { 1917 error("Inquiry Cancel Failed with status 0x%02x", status); 1918 return; 1919 } 1920 1921 set_state(index, DISCOV_HALTED); 1922} 1923 1924static inline void cc_le_set_scan_enable(int index, uint8_t status) 1925{ 1926 int state; 1927 1928 if (status) { 1929 error("LE Set Scan Enable Failed with status 0x%02x", status); 1930 return; 1931 } 1932 1933 state = get_state(index); 1934 if (state == DISCOV_SCAN) 1935 set_state(index, DISCOV_HALTED); 1936 else 1937 set_state(index, DISCOV_SCAN); 1938} 1939 1940static inline void cmd_complete(int index, void *ptr) 1941{ 1942 struct dev_info *dev = &devs[index]; 1943 evt_cmd_complete *evt = ptr; 1944 uint16_t opcode = btohs(evt->opcode); 1945 uint8_t status = *((uint8_t *) ptr + EVT_CMD_COMPLETE_SIZE); 1946 1947 switch (opcode) { 1948 case cmd_opcode_pack(OGF_INFO_PARAM, OCF_READ_LOCAL_VERSION): 1949 ptr += sizeof(evt_cmd_complete); 1950 read_local_version_complete(index, ptr); 1951 break; 1952 case cmd_opcode_pack(OGF_INFO_PARAM, OCF_READ_LOCAL_FEATURES): 1953 ptr += sizeof(evt_cmd_complete); 1954 read_local_features_complete(index, ptr); 1955 break; 1956 case cmd_opcode_pack(OGF_INFO_PARAM, OCF_READ_LOCAL_EXT_FEATURES): 1957 ptr += sizeof(evt_cmd_complete); 1958 read_local_ext_features_complete(index, ptr); 1959 break; 1960 case cmd_opcode_pack(OGF_INFO_PARAM, OCF_READ_BD_ADDR): 1961 ptr += sizeof(evt_cmd_complete); 1962 read_bd_addr_complete(index, ptr); 1963 break; 1964 case cmd_opcode_pack(OGF_LINK_CTL, OCF_INQUIRY_CANCEL): 1965 cc_inquiry_cancel(index, status); 1966 break; 1967 case cmd_opcode_pack(OGF_HOST_CTL, OCF_WRITE_LE_HOST_SUPPORTED): 1968 write_le_host_complete(index, status); 1969 break; 1970 case cmd_opcode_pack(OGF_LE_CTL, OCF_LE_SET_SCAN_ENABLE): 1971 cc_le_set_scan_enable(index, status); 1972 break; 1973 case cmd_opcode_pack(OGF_HOST_CTL, OCF_CHANGE_LOCAL_NAME): 1974 if (!status) 1975 hci_send_cmd(dev->sk, OGF_HOST_CTL, 1976 OCF_READ_LOCAL_NAME, 0, 0); 1977 break; 1978 case cmd_opcode_pack(OGF_HOST_CTL, OCF_WRITE_SCAN_ENABLE): 1979 hci_send_cmd(dev->sk, OGF_HOST_CTL, OCF_READ_SCAN_ENABLE, 1980 0, NULL); 1981 break; 1982 case cmd_opcode_pack(OGF_HOST_CTL, OCF_READ_SCAN_ENABLE): 1983 ptr += sizeof(evt_cmd_complete); 1984 read_scan_complete(index, status, ptr); 1985 break; 1986 case cmd_opcode_pack(OGF_HOST_CTL, OCF_WRITE_CLASS_OF_DEV): 1987 write_class_complete(index, status); 1988 break; 1989 case cmd_opcode_pack(OGF_HOST_CTL, OCF_WRITE_SIMPLE_PAIRING_MODE): 1990 if (!status) 1991 hci_send_cmd(dev->sk, OGF_HOST_CTL, 1992 OCF_READ_SIMPLE_PAIRING_MODE, 0, NULL); 1993 break; 1994 case cmd_opcode_pack(OGF_HOST_CTL, OCF_READ_SIMPLE_PAIRING_MODE): 1995 ptr += sizeof(evt_cmd_complete); 1996 read_simple_pairing_mode_complete(index, ptr); 1997 break; 1998 case cmd_opcode_pack(OGF_HOST_CTL, OCF_READ_LOCAL_NAME): 1999 ptr += sizeof(evt_cmd_complete); 2000 read_local_name_complete(index, ptr); 2001 break; 2002 case cmd_opcode_pack(OGF_HOST_CTL, 2003 OCF_READ_INQ_RESPONSE_TX_POWER_LEVEL): 2004 ptr += sizeof(evt_cmd_complete); 2005 read_tx_power_complete(index, ptr); 2006 break; 2007 case cmd_opcode_pack(OGF_HOST_CTL, OCF_READ_LOCAL_OOB_DATA): 2008 ptr += sizeof(evt_cmd_complete); 2009 read_local_oob_data_complete(index, status, ptr); 2010 break; 2011 }; 2012} 2013 2014static inline void remote_name_information(int index, void *ptr) 2015{ 2016 struct dev_info *dev = &devs[index]; 2017 evt_remote_name_req_complete *evt = ptr; 2018 char name[MAX_NAME_LENGTH + 1]; 2019 2020 DBG("hci%d status %u", index, evt->status); 2021 2022 memset(name, 0, sizeof(name)); 2023 2024 if (!evt->status) 2025 memcpy(name, evt->name, MAX_NAME_LENGTH); 2026 2027 btd_event_remote_name(&dev->bdaddr, &evt->bdaddr, evt->status, name); 2028} 2029 2030static inline void remote_version_information(int index, void *ptr) 2031{ 2032 struct dev_info *dev = &devs[index]; 2033 evt_read_remote_version_complete *evt = ptr; 2034 struct bt_conn *conn; 2035 2036 DBG("hci%d status %u", index, evt->status); 2037 2038 if (evt->status) 2039 return; 2040 2041 conn = find_conn_by_handle(dev, btohs(evt->handle)); 2042 if (conn == NULL) 2043 return; 2044 2045 write_version_info(&dev->bdaddr, &conn->bdaddr, 2046 btohs(evt->manufacturer), evt->lmp_ver, 2047 btohs(evt->lmp_subver)); 2048} 2049 2050static inline void inquiry_result(int index, int plen, void *ptr) 2051{ 2052 struct dev_info *dev = &devs[index]; 2053 uint8_t num = *(uint8_t *) ptr++; 2054 int i; 2055 2056 /* Skip if it is not in Inquiry state */ 2057 if (get_state(index) != DISCOV_INQ) 2058 return; 2059 2060 for (i = 0; i < num; i++) { 2061 inquiry_info *info = ptr; 2062 uint32_t class = info->dev_class[0] | 2063 (info->dev_class[1] << 8) | 2064 (info->dev_class[2] << 16); 2065 2066 btd_event_device_found(&dev->bdaddr, &info->bdaddr, class, 2067 0, NULL); 2068 ptr += INQUIRY_INFO_SIZE; 2069 } 2070} 2071 2072static inline void inquiry_result_with_rssi(int index, int plen, void *ptr) 2073{ 2074 struct dev_info *dev = &devs[index]; 2075 uint8_t num = *(uint8_t *) ptr++; 2076 int i; 2077 2078 if (!num) 2079 return; 2080 2081 if ((plen - 1) / num == INQUIRY_INFO_WITH_RSSI_AND_PSCAN_MODE_SIZE) { 2082 for (i = 0; i < num; i++) { 2083 inquiry_info_with_rssi_and_pscan_mode *info = ptr; 2084 uint32_t class = info->dev_class[0] 2085 | (info->dev_class[1] << 8) 2086 | (info->dev_class[2] << 16); 2087 2088 btd_event_device_found(&dev->bdaddr, &info->bdaddr, 2089 class, info->rssi, NULL); 2090 ptr += INQUIRY_INFO_WITH_RSSI_AND_PSCAN_MODE_SIZE; 2091 } 2092 } else { 2093 for (i = 0; i < num; i++) { 2094 inquiry_info_with_rssi *info = ptr; 2095 uint32_t class = info->dev_class[0] 2096 | (info->dev_class[1] << 8) 2097 | (info->dev_class[2] << 16); 2098 2099 btd_event_device_found(&dev->bdaddr, &info->bdaddr, 2100 class, info->rssi, NULL); 2101 ptr += INQUIRY_INFO_WITH_RSSI_SIZE; 2102 } 2103 } 2104} 2105 2106static inline void extended_inquiry_result(int index, int plen, void *ptr) 2107{ 2108 struct dev_info *dev = &devs[index]; 2109 uint8_t num = *(uint8_t *) ptr++; 2110 int i; 2111 2112 for (i = 0; i < num; i++) { 2113 extended_inquiry_info *info = ptr; 2114 uint32_t class = info->dev_class[0] 2115 | (info->dev_class[1] << 8) 2116 | (info->dev_class[2] << 16); 2117 2118 btd_event_device_found(&dev->bdaddr, &info->bdaddr, class, 2119 info->rssi, info->data); 2120 ptr += EXTENDED_INQUIRY_INFO_SIZE; 2121 } 2122} 2123 2124static inline void remote_features_information(int index, void *ptr) 2125{ 2126 struct dev_info *dev = &devs[index]; 2127 evt_read_remote_features_complete *evt = ptr; 2128 struct bt_conn *conn; 2129 2130 DBG("hci%d status %u", index, evt->status); 2131 2132 if (evt->status) 2133 return; 2134 2135 conn = find_conn_by_handle(dev, btohs(evt->handle)); 2136 if (conn == NULL) 2137 return; 2138 2139 write_features_info(&dev->bdaddr, &conn->bdaddr, evt->features, NULL); 2140} 2141 2142struct remote_version_req { 2143 int index; 2144 uint16_t handle; 2145}; 2146 2147static gboolean __get_remote_version(gpointer user_data) 2148{ 2149 struct remote_version_req *req = user_data; 2150 struct dev_info *dev = &devs[req->index]; 2151 read_remote_version_cp cp; 2152 2153 DBG("hci%d handle %u", req->index, req->handle); 2154 2155 memset(&cp, 0, sizeof(cp)); 2156 cp.handle = htobs(req->handle); 2157 2158 hci_send_cmd(dev->sk, OGF_LINK_CTL, OCF_READ_REMOTE_VERSION, 2159 READ_REMOTE_VERSION_CP_SIZE, &cp); 2160 2161 return FALSE; 2162} 2163 2164static void get_remote_version(int index, uint16_t handle) 2165{ 2166 struct remote_version_req *req; 2167 2168 req = g_new0(struct remote_version_req, 1); 2169 req->handle = handle; 2170 req->index = index; 2171 2172 g_timeout_add_seconds_full(G_PRIORITY_DEFAULT, 1, __get_remote_version, 2173 req, g_free); 2174} 2175 2176static void conn_free(struct bt_conn *conn) 2177{ 2178 if (conn->io != NULL) { 2179 g_io_channel_shutdown(conn->io, TRUE, NULL); 2180 g_io_channel_unref(conn->io); 2181 } 2182 2183 g_free(conn); 2184} 2185 2186static inline void conn_failed(int index, bdaddr_t *bdaddr, uint8_t status) 2187{ 2188 struct dev_info *dev = &devs[index]; 2189 struct bt_conn *conn; 2190 2191 btd_event_conn_failed(&dev->bdaddr, bdaddr, status); 2192 2193 conn = find_connection(dev, bdaddr); 2194 if (conn == NULL) 2195 return; 2196 2197 bonding_complete(dev, conn, status); 2198 2199 dev->connections = g_slist_remove(dev->connections, conn); 2200 conn_free(conn); 2201} 2202 2203static inline void conn_complete(int index, void *ptr) 2204{ 2205 struct dev_info *dev = &devs[index]; 2206 evt_conn_complete *evt = ptr; 2207 char filename[PATH_MAX]; 2208 char local_addr[18], peer_addr[18], *str; 2209 struct bt_conn *conn; 2210 2211 if (evt->link_type != ACL_LINK) 2212 return; 2213 2214 DBG("status 0x%02x", evt->status); 2215 2216 if (evt->status != 0) { 2217 conn_failed(index, &evt->bdaddr, evt->status); 2218 return; 2219 } 2220 2221 conn = get_connection(dev, &evt->bdaddr); 2222 conn->handle = btohs(evt->handle); 2223 2224 btd_event_conn_complete(&dev->bdaddr, &evt->bdaddr); 2225 2226 if (conn->secmode3) 2227 bonding_complete(dev, conn, 0); 2228 2229 /* check if the remote version needs be requested */ 2230 ba2str(&dev->bdaddr, local_addr); 2231 ba2str(&evt->bdaddr, peer_addr); 2232 2233 create_name(filename, sizeof(filename), STORAGEDIR, local_addr, 2234 "manufacturers"); 2235 2236 str = textfile_get(filename, peer_addr); 2237 if (!str) 2238 get_remote_version(index, btohs(evt->handle)); 2239 else 2240 free(str); 2241} 2242 2243static inline void le_conn_complete(int index, void *ptr) 2244{ 2245 struct dev_info *dev = &devs[index]; 2246 evt_le_connection_complete *evt = ptr; 2247 char filename[PATH_MAX]; 2248 char local_addr[18], peer_addr[18], *str; 2249 struct bt_conn *conn; 2250 2251 if (evt->status) { 2252 btd_event_conn_failed(&dev->bdaddr, &evt->peer_bdaddr, 2253 evt->status); 2254 return; 2255 } 2256 2257 conn = get_connection(dev, &evt->peer_bdaddr); 2258 conn->handle = btohs(evt->handle); 2259 2260 btd_event_conn_complete(&dev->bdaddr, &evt->peer_bdaddr); 2261 2262 /* check if the remote version needs be requested */ 2263 ba2str(&dev->bdaddr, local_addr); 2264 ba2str(&evt->peer_bdaddr, peer_addr); 2265 2266 create_name(filename, sizeof(filename), STORAGEDIR, local_addr, 2267 "manufacturers"); 2268 2269 str = textfile_get(filename, peer_addr); 2270 if (!str) 2271 get_remote_version(index, btohs(evt->handle)); 2272 else 2273 free(str); 2274} 2275 2276static inline void disconn_complete(int index, void *ptr) 2277{ 2278 struct dev_info *dev = &devs[index]; 2279 evt_disconn_complete *evt = ptr; 2280 struct bt_conn *conn; 2281 2282 DBG("handle %u status 0x%02x", btohs(evt->handle), evt->status); 2283 2284 if (evt->status != 0) 2285 return; 2286 2287 conn = find_conn_by_handle(dev, btohs(evt->handle)); 2288 if (conn == NULL) 2289 return; 2290 2291 dev->connections = g_slist_remove(dev->connections, conn); 2292 2293 btd_event_disconn_complete(&dev->bdaddr, &conn->bdaddr); 2294 2295 conn_free(conn); 2296} 2297 2298static inline void auth_complete(int index, void *ptr) 2299{ 2300 struct dev_info *dev = &devs[index]; 2301 evt_auth_complete *evt = ptr; 2302 struct bt_conn *conn; 2303 2304 DBG("hci%d status %u", index, evt->status); 2305 2306 conn = find_conn_by_handle(dev, btohs(evt->handle)); 2307 if (conn == NULL) 2308 return; 2309 2310 bonding_complete(dev, conn, evt->status); 2311} 2312 2313static inline void simple_pairing_complete(int index, void *ptr) 2314{ 2315 struct dev_info *dev = &devs[index]; 2316 evt_simple_pairing_complete *evt = ptr; 2317 2318 DBG("hci%d status %u", index, evt->status); 2319 2320 btd_event_simple_pairing_complete(&dev->bdaddr, &evt->bdaddr, 2321 evt->status); 2322} 2323 2324static inline void conn_request(int index, void *ptr) 2325{ 2326 struct dev_info *dev = &devs[index]; 2327 evt_conn_request *evt = ptr; 2328 uint32_t class = evt->dev_class[0] | (evt->dev_class[1] << 8) 2329 | (evt->dev_class[2] << 16); 2330 2331 btd_event_remote_class(&dev->bdaddr, &evt->bdaddr, class); 2332} 2333 2334static inline void le_advertising_report(int index, evt_le_meta_event *meta) 2335{ 2336 struct dev_info *dev = &devs[index]; 2337 le_advertising_info *info; 2338 uint8_t num_reports; 2339 const uint8_t RSSI_SIZE = 1; 2340 2341 num_reports = meta->data[0]; 2342 2343 info = (le_advertising_info *) &meta->data[1]; 2344 btd_event_advertising_report(&dev->bdaddr, info); 2345 num_reports--; 2346 2347 while (num_reports--) { 2348 info = (le_advertising_info *) (info->data + info->length + 2349 RSSI_SIZE); 2350 btd_event_advertising_report(&dev->bdaddr, info); 2351 } 2352} 2353 2354static inline void le_metaevent(int index, void *ptr) 2355{ 2356 evt_le_meta_event *meta = ptr; 2357 2358 DBG("hci%d LE Meta Event %u", index, meta->subevent); 2359 2360 switch (meta->subevent) { 2361 case EVT_LE_ADVERTISING_REPORT: 2362 le_advertising_report(index, meta); 2363 break; 2364 2365 case EVT_LE_CONN_COMPLETE: 2366 le_conn_complete(index, meta->data); 2367 break; 2368 } 2369} 2370 2371static void stop_hci_dev(int index) 2372{ 2373 struct dev_info *dev = &devs[index]; 2374 2375 if (dev->sk < 0) 2376 return; 2377 2378 info("Stopping hci%d event socket", index); 2379 2380 if (dev->watch_id > 0) 2381 g_source_remove(dev->watch_id); 2382 2383 if (dev->stop_scan_id > 0) 2384 g_source_remove(dev->stop_scan_id); 2385 2386 if (dev->io != NULL) 2387 g_io_channel_unref(dev->io); 2388 2389 hci_close_dev(dev->sk); 2390 2391 g_slist_foreach(dev->keys, (GFunc) g_free, NULL); 2392 g_slist_free(dev->keys); 2393 2394 g_slist_foreach(dev->uuids, (GFunc) g_free, NULL); 2395 g_slist_free(dev->uuids); 2396 2397 g_slist_foreach(dev->connections, (GFunc) conn_free, NULL); 2398 g_slist_free(dev->connections); 2399 2400 init_dev_info(index, -1, dev->registered, dev->already_up); 2401} 2402 2403static gboolean io_security_event(GIOChannel *chan, GIOCondition cond, 2404 gpointer data) 2405{ 2406 unsigned char buf[HCI_MAX_EVENT_SIZE], *ptr = buf; 2407 int type, index = GPOINTER_TO_INT(data); 2408 struct dev_info *dev = &devs[index]; 2409 struct hci_dev_info di; 2410 ssize_t len; 2411 hci_event_hdr *eh; 2412 evt_cmd_status *evt; 2413 int fd; 2414 2415 if (cond & (G_IO_NVAL | G_IO_HUP | G_IO_ERR)) { 2416 stop_hci_dev(index); 2417 return FALSE; 2418 } 2419 2420 fd = g_io_channel_unix_get_fd(chan); 2421 2422 len = read(fd, buf, sizeof(buf)); 2423 if (len < 0) { 2424 if (errno == EAGAIN) 2425 return TRUE; 2426 stop_hci_dev(index); 2427 return FALSE; 2428 } 2429 2430 type = *ptr++; 2431 2432 if (type != HCI_EVENT_PKT) 2433 return TRUE; 2434 2435 eh = (hci_event_hdr *) ptr; 2436 ptr += HCI_EVENT_HDR_SIZE; 2437 2438 memset(&di, 0, sizeof(di)); 2439 if (hci_devinfo(index, &di) == 0) { 2440 bacpy(&dev->bdaddr, &di.bdaddr); 2441 2442 if (ignore_device(&di)) 2443 return TRUE; 2444 } 2445 2446 switch (eh->evt) { 2447 case EVT_CMD_STATUS: 2448 cmd_status(index, ptr); 2449 break; 2450 2451 case EVT_CMD_COMPLETE: 2452 cmd_complete(index, ptr); 2453 break; 2454 2455 case EVT_REMOTE_NAME_REQ_COMPLETE: 2456 remote_name_information(index, ptr); 2457 break; 2458 2459 case EVT_READ_REMOTE_VERSION_COMPLETE: 2460 remote_version_information(index, ptr); 2461 break; 2462 2463 case EVT_READ_REMOTE_FEATURES_COMPLETE: 2464 remote_features_information(index, ptr); 2465 break; 2466 2467 case EVT_REMOTE_HOST_FEATURES_NOTIFY: 2468 remote_features_notify(index, ptr); 2469 break; 2470 2471 case EVT_INQUIRY_COMPLETE: 2472 evt = (evt_cmd_status *) ptr; 2473 inquiry_complete_evt(index, evt->status); 2474 break; 2475 2476 case EVT_INQUIRY_RESULT: 2477 inquiry_result(index, eh->plen, ptr); 2478 break; 2479 2480 case EVT_INQUIRY_RESULT_WITH_RSSI: 2481 inquiry_result_with_rssi(index, eh->plen, ptr); 2482 break; 2483 2484 case EVT_EXTENDED_INQUIRY_RESULT: 2485 extended_inquiry_result(index, eh->plen, ptr); 2486 break; 2487 2488 case EVT_CONN_COMPLETE: 2489 conn_complete(index, ptr); 2490 break; 2491 2492 case EVT_DISCONN_COMPLETE: 2493 disconn_complete(index, ptr); 2494 break; 2495 2496 case EVT_AUTH_COMPLETE: 2497 auth_complete(index, ptr); 2498 break; 2499 2500 case EVT_SIMPLE_PAIRING_COMPLETE: 2501 simple_pairing_complete(index, ptr); 2502 break; 2503 2504 case EVT_CONN_REQUEST: 2505 conn_request(index, ptr); 2506 break; 2507 case EVT_LE_META_EVENT: 2508 le_metaevent(index, ptr); 2509 break; 2510 case EVT_PIN_CODE_REQ: 2511 pin_code_request(index, (bdaddr_t *) ptr); 2512 break; 2513 2514 case EVT_LINK_KEY_REQ: 2515 link_key_request(index, (bdaddr_t *) ptr); 2516 break; 2517 2518 case EVT_LINK_KEY_NOTIFY: 2519 link_key_notify(index, ptr); 2520 break; 2521 2522 case EVT_RETURN_LINK_KEYS: 2523 return_link_keys(index, ptr); 2524 break; 2525 2526 case EVT_IO_CAPABILITY_REQUEST: 2527 io_capa_request(index, ptr); 2528 break; 2529 2530 case EVT_IO_CAPABILITY_RESPONSE: 2531 io_capa_response(index, ptr); 2532 break; 2533 2534 case EVT_USER_CONFIRM_REQUEST: 2535 user_confirm_request(index, ptr); 2536 break; 2537 2538 case EVT_USER_PASSKEY_REQUEST: 2539 user_passkey_request(index, ptr); 2540 break; 2541 2542 case EVT_USER_PASSKEY_NOTIFY: 2543 user_passkey_notify(index, ptr); 2544 break; 2545 2546 case EVT_REMOTE_OOB_DATA_REQUEST: 2547 remote_oob_data_request(index, (bdaddr_t *) ptr); 2548 break; 2549 } 2550 2551 return TRUE; 2552} 2553 2554static void start_hci_dev(int index) 2555{ 2556 struct dev_info *dev = &devs[index]; 2557 GIOChannel *chan = dev->io; 2558 GIOCondition cond; 2559 struct hci_filter flt; 2560 2561 if (chan) 2562 return; 2563 2564 info("Listening for HCI events on hci%d", index); 2565 2566 /* Set filter */ 2567 hci_filter_clear(&flt); 2568 hci_filter_set_ptype(HCI_EVENT_PKT, &flt); 2569 hci_filter_set_event(EVT_CMD_STATUS, &flt); 2570 hci_filter_set_event(EVT_CMD_COMPLETE, &flt); 2571 hci_filter_set_event(EVT_PIN_CODE_REQ, &flt); 2572 hci_filter_set_event(EVT_LINK_KEY_REQ, &flt); 2573 hci_filter_set_event(EVT_LINK_KEY_NOTIFY, &flt); 2574 hci_filter_set_event(EVT_RETURN_LINK_KEYS, &flt); 2575 hci_filter_set_event(EVT_IO_CAPABILITY_REQUEST, &flt); 2576 hci_filter_set_event(EVT_IO_CAPABILITY_RESPONSE, &flt); 2577 hci_filter_set_event(EVT_USER_CONFIRM_REQUEST, &flt); 2578 hci_filter_set_event(EVT_USER_PASSKEY_REQUEST, &flt); 2579 hci_filter_set_event(EVT_REMOTE_OOB_DATA_REQUEST, &flt); 2580 hci_filter_set_event(EVT_USER_PASSKEY_NOTIFY, &flt); 2581 hci_filter_set_event(EVT_KEYPRESS_NOTIFY, &flt); 2582 hci_filter_set_event(EVT_SIMPLE_PAIRING_COMPLETE, &flt); 2583 hci_filter_set_event(EVT_AUTH_COMPLETE, &flt); 2584 hci_filter_set_event(EVT_REMOTE_NAME_REQ_COMPLETE, &flt); 2585 hci_filter_set_event(EVT_READ_REMOTE_VERSION_COMPLETE, &flt); 2586 hci_filter_set_event(EVT_READ_REMOTE_FEATURES_COMPLETE, &flt); 2587 hci_filter_set_event(EVT_REMOTE_HOST_FEATURES_NOTIFY, &flt); 2588 hci_filter_set_event(EVT_INQUIRY_COMPLETE, &flt); 2589 hci_filter_set_event(EVT_INQUIRY_RESULT, &flt); 2590 hci_filter_set_event(EVT_INQUIRY_RESULT_WITH_RSSI, &flt); 2591 hci_filter_set_event(EVT_EXTENDED_INQUIRY_RESULT, &flt); 2592 hci_filter_set_event(EVT_CONN_REQUEST, &flt); 2593 hci_filter_set_event(EVT_CONN_COMPLETE, &flt); 2594 hci_filter_set_event(EVT_DISCONN_COMPLETE, &flt); 2595 hci_filter_set_event(EVT_LE_META_EVENT, &flt); 2596 if (setsockopt(dev->sk, SOL_HCI, HCI_FILTER, &flt, sizeof(flt)) < 0) { 2597 error("Can't set filter on hci%d: %s (%d)", 2598 index, strerror(errno), errno); 2599 return; 2600 } 2601 2602 chan = g_io_channel_unix_new(dev->sk); 2603 cond = G_IO_IN | G_IO_NVAL | G_IO_HUP | G_IO_ERR; 2604 dev->watch_id = g_io_add_watch_full(chan, G_PRIORITY_LOW, cond, 2605 io_security_event, 2606 GINT_TO_POINTER(index), NULL); 2607 dev->io = chan; 2608 dev->pin_length = 0; 2609 2610} 2611 2612/* End of HCI event callbacks */ 2613 2614static gboolean child_exit(GIOChannel *io, GIOCondition cond, void *user_data) 2615{ 2616 int status, fd = g_io_channel_unix_get_fd(io); 2617 pid_t child_pid; 2618 2619 if (read(fd, &child_pid, sizeof(child_pid)) != sizeof(child_pid)) { 2620 error("child_exit: unable to read child pid from pipe"); 2621 return TRUE; 2622 } 2623 2624 if (waitpid(child_pid, &status, 0) != child_pid) 2625 error("waitpid(%d) failed", child_pid); 2626 else 2627 DBG("child %d exited", child_pid); 2628 2629 return TRUE; 2630} 2631 2632static void at_child_exit(void) 2633{ 2634 pid_t pid = getpid(); 2635 2636 if (write(child_pipe[1], &pid, sizeof(pid)) != sizeof(pid)) 2637 error("unable to write to child pipe"); 2638} 2639 2640static void device_devup_setup(int index) 2641{ 2642 struct dev_info *dev = &devs[index]; 2643 struct hci_dev_info di; 2644 read_stored_link_key_cp cp; 2645 2646 DBG("hci%d", index); 2647 2648 if (hci_devinfo(index, &di) < 0) 2649 return; 2650 2651 if (ignore_device(&di)) 2652 return; 2653 2654 bacpy(&dev->bdaddr, &di.bdaddr); 2655 memcpy(dev->features, di.features, 8); 2656 2657 /* Set page timeout */ 2658 if ((main_opts.flags & (1 << HCID_SET_PAGETO))) { 2659 write_page_timeout_cp cp; 2660 2661 cp.timeout = htobs(main_opts.pageto); 2662 hci_send_cmd(dev->sk, OGF_HOST_CTL, OCF_WRITE_PAGE_TIMEOUT, 2663 WRITE_PAGE_TIMEOUT_CP_SIZE, &cp); 2664 } 2665 2666 bacpy(&cp.bdaddr, BDADDR_ANY); 2667 cp.read_all = 1; 2668 hci_send_cmd(dev->sk, OGF_HOST_CTL, OCF_READ_STORED_LINK_KEY, 2669 READ_STORED_LINK_KEY_CP_SIZE, &cp); 2670 2671 if (!dev->pending) 2672 init_adapter(index); 2673} 2674 2675static void init_pending(int index) 2676{ 2677 struct dev_info *dev = &devs[index]; 2678 2679 hci_set_bit(PENDING_BDADDR, &dev->pending); 2680 hci_set_bit(PENDING_VERSION, &dev->pending); 2681 hci_set_bit(PENDING_FEATURES, &dev->pending); 2682 hci_set_bit(PENDING_NAME, &dev->pending); 2683} 2684 2685static struct dev_info *init_device(int index, gboolean already_up) 2686{ 2687 struct dev_info *dev; 2688 struct hci_dev_req dr; 2689 int dd; 2690 pid_t pid; 2691 2692 DBG("hci%d", index); 2693 2694 dd = hci_open_dev(index); 2695 if (dd < 0) { 2696 error("Unable to open hci%d: %s (%d)", index, 2697 strerror(errno), errno); 2698 return NULL; 2699 } 2700 2701 if (index > max_dev) { 2702 max_dev = index; 2703 devs = g_realloc(devs, sizeof(devs[0]) * (max_dev + 1)); 2704 } 2705 2706 dev = init_dev_info(index, dd, FALSE, already_up); 2707 init_pending(index); 2708 start_hci_dev(index); 2709 2710 /* Avoid forking if nothing else has to be done */ 2711 if (already_up) 2712 return dev; 2713 2714 /* Do initialization in the separate process */ 2715 pid = fork(); 2716 switch (pid) { 2717 case 0: 2718 atexit(at_child_exit); 2719 break; 2720 case -1: 2721 error("Fork failed. Can't init device hci%d: %s (%d)", 2722 index, strerror(errno), errno); 2723 default: 2724 DBG("child %d forked", pid); 2725 return dev; 2726 } 2727 2728 memset(&dr, 0, sizeof(dr)); 2729 dr.dev_id = index; 2730 2731 /* Set link mode */ 2732 dr.dev_opt = main_opts.link_mode; 2733 if (ioctl(dd, HCISETLINKMODE, (unsigned long) &dr) < 0) 2734 error("Can't set link mode on hci%d: %s (%d)", 2735 index, strerror(errno), errno); 2736 2737 /* Start HCI device */ 2738 if (ioctl(dd, HCIDEVUP, index) < 0 && errno != EALREADY) { 2739 error("Can't init device hci%d: %s (%d)", 2740 index, strerror(errno), errno); 2741 goto fail; 2742 } 2743 2744 hci_close_dev(dd); 2745 exit(0); 2746 2747fail: 2748 hci_close_dev(dd); 2749 exit(1); 2750} 2751 2752static void init_conn_list(int index) 2753{ 2754 struct dev_info *dev = &devs[index]; 2755 struct hci_conn_list_req *cl; 2756 struct hci_conn_info *ci; 2757 int err, i; 2758 2759 DBG("hci%d", index); 2760 2761 cl = g_malloc0(10 * sizeof(*ci) + sizeof(*cl)); 2762 2763 cl->dev_id = index; 2764 cl->conn_num = 10; 2765 ci = cl->conn_info; 2766 2767 if (ioctl(dev->sk, HCIGETCONNLIST, cl) < 0) { 2768 error("Unable to get connection list: %s (%d)", 2769 strerror(errno), errno); 2770 goto failed; 2771 } 2772 2773 for (i = 0; i < cl->conn_num; i++, ci++) { 2774 struct bt_conn *conn; 2775 2776 if (ci->type != ACL_LINK) 2777 continue; 2778 2779 conn = get_connection(dev, &ci->bdaddr); 2780 conn->handle = ci->handle; 2781 } 2782 2783 err = 0; 2784 2785failed: 2786 g_free(cl); 2787} 2788 2789static void device_event(int event, int index) 2790{ 2791 switch (event) { 2792 case HCI_DEV_REG: 2793 info("HCI dev %d registered", index); 2794 init_device(index, FALSE); 2795 break; 2796 2797 case HCI_DEV_UNREG: 2798 info("HCI dev %d unregistered", index); 2799 stop_hci_dev(index); 2800 if (devs[index].registered) 2801 btd_manager_unregister_adapter(index); 2802 break; 2803 2804 case HCI_DEV_UP: 2805 info("HCI dev %d up", index); 2806 devs[index].up = TRUE; 2807 device_devup_setup(index); 2808 break; 2809 2810 case HCI_DEV_DOWN: 2811 info("HCI dev %d down", index); 2812 devs[index].up = FALSE; 2813 devs[index].pending_cod = 0; 2814 devs[index].cache_enable = TRUE; 2815 if (!devs[index].pending) { 2816 struct btd_adapter *adapter; 2817 2818 adapter = manager_find_adapter_by_id(index); 2819 if (adapter) 2820 btd_adapter_stop(adapter); 2821 2822 init_pending(index); 2823 } 2824 break; 2825 } 2826} 2827 2828static gboolean init_known_adapters(gpointer user_data) 2829{ 2830 struct hci_dev_list_req *dl; 2831 struct hci_dev_req *dr; 2832 int i, err, ctl = GPOINTER_TO_INT(user_data); 2833 size_t req_size; 2834 2835 DBG(""); 2836 2837 req_size = HCI_MAX_DEV * sizeof(struct hci_dev_req) + sizeof(uint16_t); 2838 2839 dl = g_try_malloc0(req_size); 2840 if (!dl) { 2841 error("Can't allocate devlist buffer"); 2842 return FALSE; 2843 } 2844 2845 dl->dev_num = HCI_MAX_DEV; 2846 dr = dl->dev_req; 2847 2848 if (ioctl(ctl, HCIGETDEVLIST, dl) < 0) { 2849 err = -errno; 2850 error("Can't get device list: %s (%d)", strerror(-err), -err); 2851 g_free(dl); 2852 return FALSE; 2853 } 2854 2855 for (i = 0; i < dl->dev_num; i++, dr++) { 2856 struct dev_info *dev; 2857 gboolean already_up; 2858 2859 already_up = hci_test_bit(HCI_UP, &dr->dev_opt); 2860 2861 dev = init_device(dr->dev_id, already_up); 2862 if (dev == NULL) 2863 continue; 2864 2865 if (!dev->already_up) 2866 continue; 2867 2868 init_conn_list(dr->dev_id); 2869 2870 dev->pending = 0; 2871 hci_set_bit(PENDING_VERSION, &dev->pending); 2872 hci_send_cmd(dev->sk, OGF_INFO_PARAM, 2873 OCF_READ_LOCAL_VERSION, 0, NULL); 2874 device_event(HCI_DEV_UP, dr->dev_id); 2875 } 2876 2877 g_free(dl); 2878 2879 return FALSE; 2880} 2881 2882static gboolean io_stack_event(GIOChannel *chan, GIOCondition cond, 2883 gpointer data) 2884{ 2885 unsigned char buf[HCI_MAX_FRAME_SIZE], *ptr; 2886 evt_stack_internal *si; 2887 evt_si_device *sd; 2888 hci_event_hdr *eh; 2889 int type, fd; 2890 ssize_t len; 2891 2892 ptr = buf; 2893 2894 fd = g_io_channel_unix_get_fd(chan); 2895 2896 len = read(fd, buf, sizeof(buf)); 2897 if (len < 0) { 2898 if (errno == EAGAIN) 2899 return TRUE; 2900 2901 error("Read from control socket failed: %s (%d)", 2902 strerror(errno), errno); 2903 return FALSE; 2904 } 2905 2906 type = *ptr++; 2907 2908 if (type != HCI_EVENT_PKT) 2909 return TRUE; 2910 2911 eh = (hci_event_hdr *) ptr; 2912 if (eh->evt != EVT_STACK_INTERNAL) 2913 return TRUE; 2914 2915 ptr += HCI_EVENT_HDR_SIZE; 2916 2917 si = (evt_stack_internal *) ptr; 2918 switch (si->type) { 2919 case EVT_SI_DEVICE: 2920 sd = (void *) &si->data; 2921 device_event(sd->event, sd->dev_id); 2922 break; 2923 } 2924 2925 return TRUE; 2926} 2927 2928static int hciops_setup(void) 2929{ 2930 struct sockaddr_hci addr; 2931 struct hci_filter flt; 2932 GIOChannel *ctl_io, *child_io; 2933 int sock, err; 2934 2935 DBG(""); 2936 2937 if (child_pipe[0] != -1) 2938 return -EALREADY; 2939 2940 if (pipe(child_pipe) < 0) { 2941 err = -errno; 2942 error("pipe(): %s (%d)", strerror(-err), -err); 2943 return err; 2944 } 2945 2946 child_io = g_io_channel_unix_new(child_pipe[0]); 2947 g_io_channel_set_close_on_unref(child_io, TRUE); 2948 child_io_id = g_io_add_watch(child_io, 2949 G_IO_IN | G_IO_ERR | G_IO_HUP | G_IO_NVAL, 2950 child_exit, NULL); 2951 g_io_channel_unref(child_io); 2952 2953 /* Create and bind HCI socket */ 2954 sock = socket(AF_BLUETOOTH, SOCK_RAW, BTPROTO_HCI); 2955 if (sock < 0) { 2956 err = -errno; 2957 error("Can't open HCI socket: %s (%d)", strerror(-err), 2958 -err); 2959 return err; 2960 } 2961 2962 /* Set filter */ 2963 hci_filter_clear(&flt); 2964 hci_filter_set_ptype(HCI_EVENT_PKT, &flt); 2965 hci_filter_set_event(EVT_STACK_INTERNAL, &flt); 2966 if (setsockopt(sock, SOL_HCI, HCI_FILTER, &flt, sizeof(flt)) < 0) { 2967 err = -errno; 2968 error("Can't set filter: %s (%d)", strerror(-err), -err); 2969 return err; 2970 } 2971 2972 memset(&addr, 0, sizeof(addr)); 2973 addr.hci_family = AF_BLUETOOTH; 2974 addr.hci_dev = HCI_DEV_NONE; 2975 if (bind(sock, (struct sockaddr *) &addr, sizeof(addr)) < 0) { 2976 err = -errno; 2977 error("Can't bind HCI socket: %s (%d)", strerror(-err), -err); 2978 return err; 2979 } 2980 2981 ctl_io = g_io_channel_unix_new(sock); 2982 g_io_channel_set_close_on_unref(ctl_io, TRUE); 2983 2984 ctl_io_id = g_io_add_watch(ctl_io, G_IO_IN, io_stack_event, NULL); 2985 2986 g_io_channel_unref(ctl_io); 2987 2988 g_idle_add(init_known_adapters, GINT_TO_POINTER(sock)); 2989 2990 return 0; 2991} 2992 2993static void hciops_cleanup(void) 2994{ 2995 int i; 2996 2997 DBG(""); 2998 2999 for (i = 0; i <= max_dev; i++) 3000 stop_hci_dev(i); 3001 3002 g_free(devs); 3003 devs = NULL; 3004 max_dev = -1; 3005 3006 if (child_io_id) { 3007 g_source_remove(child_io_id); 3008 child_io_id = 0; 3009 } 3010 3011 if (ctl_io_id) { 3012 g_source_remove(ctl_io_id); 3013 ctl_io_id = 0; 3014 } 3015 3016 if (child_pipe[0] >= 0) { 3017 close(child_pipe[0]); 3018 child_pipe[0] = -1; 3019 } 3020 3021 if (child_pipe[1] >= 0) { 3022 close(child_pipe[1]); 3023 child_pipe[1] = -1; 3024 } 3025} 3026 3027static int hciops_set_powered(int index, gboolean powered) 3028{ 3029 struct dev_info *dev = &devs[index]; 3030 int err; 3031 3032 DBG("hci%d powered %d", index, powered); 3033 3034 if (powered == FALSE) 3035 return hciops_power_off(index); 3036 3037 if (ioctl(dev->sk, HCIDEVUP, index) == 0) 3038 return 0; 3039 3040 if (errno == EALREADY) 3041 return 0; 3042 3043 err = -errno; 3044 error("Can't init device hci%d: %s (%d)", 3045 index, strerror(-err), -err); 3046 3047 return err; 3048} 3049 3050static int hciops_set_dev_class(int index, uint8_t major, uint8_t minor) 3051{ 3052 struct dev_info *dev = &devs[index]; 3053 int err; 3054 3055 DBG("hci%d major %u minor %u", index, major, minor); 3056 3057 /* Update only the major and minor class bits keeping remaining bits 3058 * intact*/ 3059 dev->wanted_cod &= 0xffe000; 3060 dev->wanted_cod |= ((major & 0x1f) << 8) | minor; 3061 3062 if (dev->wanted_cod == dev->current_cod || 3063 dev->cache_enable || dev->pending_cod) 3064 return 0; 3065 3066 DBG("Changing Major/Minor class to 0x%06x", dev->wanted_cod); 3067 3068 err = write_class(index, dev->wanted_cod); 3069 if (err < 0) 3070 error("Adapter class update failed: %s (%d)", 3071 strerror(-err), -err); 3072 3073 return err; 3074} 3075 3076static int hciops_start_inquiry(int index, uint8_t length) 3077{ 3078 struct dev_info *dev = &devs[index]; 3079 uint8_t lap[3] = { 0x33, 0x8b, 0x9e }; 3080 inquiry_cp inq_cp; 3081 3082 DBG("hci%d length %u", index, length); 3083 3084 memset(&inq_cp, 0, sizeof(inq_cp)); 3085 memcpy(&inq_cp.lap, lap, 3); 3086 inq_cp.length = length; 3087 inq_cp.num_rsp = 0x00; 3088 3089 if (hci_send_cmd(dev->sk, OGF_LINK_CTL, 3090 OCF_INQUIRY, INQUIRY_CP_SIZE, &inq_cp) < 0) 3091 return -errno; 3092 3093 return 0; 3094} 3095 3096static int le_set_scan_enable(int index, uint8_t enable) 3097{ 3098 struct dev_info *dev = &devs[index]; 3099 le_set_scan_enable_cp cp; 3100 3101 DBG("hci%d enable %u", index, enable); 3102 3103 memset(&cp, 0, sizeof(cp)); 3104 cp.enable = enable; 3105 cp.filter_dup = 0; 3106 3107 if (hci_send_cmd(dev->sk, OGF_LE_CTL, OCF_LE_SET_SCAN_ENABLE, 3108 LE_SET_SCAN_ENABLE_CP_SIZE, &cp) < 0) 3109 return -errno; 3110 3111 return 0; 3112} 3113 3114static gboolean stop_le_scan_cb(gpointer user_data) 3115{ 3116 struct dev_info *dev = user_data; 3117 int err; 3118 3119 err = le_set_scan_enable(dev->id, 0); 3120 if (err < 0) 3121 return TRUE; 3122 3123 dev->stop_scan_id = 0; 3124 3125 return FALSE; 3126} 3127 3128static int hciops_start_scanning(int index, int timeout) 3129{ 3130 struct dev_info *dev = &devs[index]; 3131 le_set_scan_parameters_cp cp; 3132 int err; 3133 3134 DBG("hci%d", index); 3135 3136 memset(&cp, 0, sizeof(cp)); 3137 cp.type = 0x01; /* Active scanning */ 3138 /* The recommended value for scan interval and window is 11.25 msec. 3139 * It is calculated by: time = n * 0.625 msec */ 3140 cp.interval = htobs(0x0012); 3141 cp.window = htobs(0x0012); 3142 cp.own_bdaddr_type = 0; /* Public address */ 3143 cp.filter = 0; /* Accept all adv packets */ 3144 3145 if (hci_send_cmd(dev->sk, OGF_LE_CTL, OCF_LE_SET_SCAN_PARAMETERS, 3146 LE_SET_SCAN_PARAMETERS_CP_SIZE, &cp) < 0) 3147 return -errno; 3148 3149 err = le_set_scan_enable(index, 1); 3150 if (err < 0) 3151 return err; 3152 3153 /* Schedule a le scan disable in 'timeout' milliseconds */ 3154 dev->stop_scan_id = g_timeout_add(timeout, stop_le_scan_cb, dev); 3155 3156 return 0; 3157} 3158 3159static int hciops_stop_scanning(int index) 3160{ 3161 struct dev_info *dev = &devs[index]; 3162 3163 DBG("hci%d", index); 3164 3165 if (dev->stop_scan_id > 0) { 3166 g_source_remove(dev->stop_scan_id); 3167 dev->stop_scan_id = 0; 3168 } 3169 3170 return le_set_scan_enable(index, 0); 3171} 3172 3173static int hciops_resolve_name(int index, bdaddr_t *bdaddr) 3174{ 3175 struct dev_info *dev = &devs[index]; 3176 remote_name_req_cp cp; 3177 char addr[18]; 3178 3179 ba2str(bdaddr, addr); 3180 DBG("hci%d dba %s", index, addr); 3181 3182 memset(&cp, 0, sizeof(cp)); 3183 bacpy(&cp.bdaddr, bdaddr); 3184 cp.pscan_rep_mode = 0x02; 3185 3186 if (hci_send_cmd(dev->sk, OGF_LINK_CTL, OCF_REMOTE_NAME_REQ, 3187 REMOTE_NAME_REQ_CP_SIZE, &cp) < 0) 3188 return -errno; 3189 3190 return 0; 3191} 3192 3193static int hciops_set_name(int index, const char *name) 3194{ 3195 struct dev_info *dev = &devs[index]; 3196 change_local_name_cp cp; 3197 3198 DBG("hci%d, name %s", index, name); 3199 3200 memset(&cp, 0, sizeof(cp)); 3201 strncpy((char *) cp.name, name, sizeof(cp.name)); 3202 3203 if (hci_send_cmd(dev->sk, OGF_HOST_CTL, OCF_CHANGE_LOCAL_NAME, 3204 CHANGE_LOCAL_NAME_CP_SIZE, &cp) < 0) 3205 return -errno; 3206 3207 memcpy(dev->name, cp.name, 248); 3208 update_ext_inquiry_response(index); 3209 3210 return 0; 3211} 3212 3213static int hciops_cancel_resolve_name(int index, bdaddr_t *bdaddr) 3214{ 3215 struct dev_info *dev = &devs[index]; 3216 remote_name_req_cancel_cp cp; 3217 char addr[18]; 3218 3219 ba2str(bdaddr, addr); 3220 DBG("hci%d dba %s", index, addr); 3221 3222 memset(&cp, 0, sizeof(cp)); 3223 bacpy(&cp.bdaddr, bdaddr); 3224 3225 if (hci_send_cmd(dev->sk, OGF_LINK_CTL, OCF_REMOTE_NAME_REQ_CANCEL, 3226 REMOTE_NAME_REQ_CANCEL_CP_SIZE, &cp) < 0) 3227 return -errno; 3228 3229 return 0; 3230} 3231 3232static int hciops_start_discovery(int index) 3233{ 3234 int adapter_type = get_adapter_type(index); 3235 3236 switch (adapter_type) { 3237 case BR_EDR_LE: 3238 return hciops_start_inquiry(index, LENGTH_BR_LE_INQ); 3239 case BR_EDR: 3240 return hciops_start_inquiry(index, LENGTH_BR_INQ); 3241 case LE_ONLY: 3242 return hciops_start_scanning(index, TIMEOUT_LE_SCAN); 3243 default: 3244 return -EINVAL; 3245 } 3246} 3247 3248static int hciops_stop_discovery(int index) 3249{ 3250 struct dev_info *dev = &devs[index]; 3251 3252 DBG("index %d", index); 3253 3254 switch (dev->discov_state) { 3255 case DISCOV_INQ: 3256 return hciops_stop_inquiry(index); 3257 case DISCOV_SCAN: 3258 return hciops_stop_scanning(index); 3259 default: 3260 return -EINVAL; 3261 } 3262} 3263 3264static int hciops_fast_connectable(int index, gboolean enable) 3265{ 3266 struct dev_info *dev = &devs[index]; 3267 write_page_activity_cp cp; 3268 uint8_t type; 3269 3270 DBG("hci%d enable %d", index, enable); 3271 3272 if (enable) { 3273 type = PAGE_SCAN_TYPE_INTERLACED; 3274 cp.interval = 0x0024; /* 22.5 msec page scan interval */ 3275 } else { 3276 type = PAGE_SCAN_TYPE_STANDARD; /* default */ 3277 cp.interval = 0x0800; /* default 1.28 sec page scan */ 3278 } 3279 3280 cp.window = 0x0012; /* default 11.25 msec page scan window */ 3281 3282 if (hci_send_cmd(dev->sk, OGF_HOST_CTL, OCF_WRITE_PAGE_ACTIVITY, 3283 WRITE_PAGE_ACTIVITY_CP_SIZE, &cp) < 0) 3284 return -errno; 3285 else if (hci_send_cmd(dev->sk, OGF_HOST_CTL, 3286 OCF_WRITE_PAGE_SCAN_TYPE, 1, &type) < 0) 3287 return -errno; 3288 3289 return 0; 3290} 3291 3292static int hciops_read_clock(int index, bdaddr_t *bdaddr, int which, 3293 int timeout, uint32_t *clock, 3294 uint16_t *accuracy) 3295{ 3296 struct dev_info *dev = &devs[index]; 3297 uint16_t handle = 0; 3298 char addr[18]; 3299 int ret; 3300 3301 ba2str(bdaddr, addr); 3302 DBG("hci%d addr %s which %d timeout %d", index, addr, which, timeout); 3303 3304 ret = get_handle(index, bdaddr, &handle); 3305 if (ret < 0) 3306 return ret; 3307 3308 if (hci_read_clock(dev->sk, htobs(handle), which, clock, accuracy, 3309 timeout) < 0) 3310 return -errno; 3311 3312 return 0; 3313} 3314 3315static int hciops_read_bdaddr(int index, bdaddr_t *bdaddr) 3316{ 3317 struct dev_info *dev = &devs[index]; 3318 3319 DBG("hci%d", index); 3320 3321 bacpy(bdaddr, &dev->bdaddr); 3322 3323 return 0; 3324} 3325 3326static int hciops_block_device(int index, bdaddr_t *bdaddr) 3327{ 3328 struct dev_info *dev = &devs[index]; 3329 char addr[18]; 3330 3331 ba2str(bdaddr, addr); 3332 DBG("hci%d dba %s", index, addr); 3333 3334 if (ioctl(dev->sk, HCIBLOCKADDR, bdaddr) < 0) 3335 return -errno; 3336 3337 return 0; 3338} 3339 3340static int hciops_unblock_device(int index, bdaddr_t *bdaddr) 3341{ 3342 struct dev_info *dev = &devs[index]; 3343 char addr[18]; 3344 3345 ba2str(bdaddr, addr); 3346 DBG("hci%d dba %s", index, addr); 3347 3348 if (ioctl(dev->sk, HCIUNBLOCKADDR, bdaddr) < 0) 3349 return -errno; 3350 3351 return 0; 3352} 3353 3354static int hciops_get_conn_list(int index, GSList **conns) 3355{ 3356 struct dev_info *dev = &devs[index]; 3357 GSList *l; 3358 3359 DBG("hci%d", index); 3360 3361 *conns = NULL; 3362 3363 for (l = dev->connections; l != NULL; l = g_slist_next(l)) { 3364 struct bt_conn *conn = l->data; 3365 3366 *conns = g_slist_append(*conns, 3367 g_memdup(&conn->bdaddr, sizeof(bdaddr_t))); 3368 } 3369 3370 return 0; 3371} 3372 3373static int hciops_read_local_features(int index, uint8_t *features) 3374{ 3375 struct dev_info *dev = &devs[index]; 3376 3377 DBG("hci%d", index); 3378 3379 memcpy(features, dev->features, 8); 3380 3381 return 0; 3382} 3383 3384static int hciops_disconnect(int index, bdaddr_t *bdaddr) 3385{ 3386 DBG("hci%d", index); 3387 3388 return disconnect_addr(index, bdaddr, HCI_OE_USER_ENDED_CONNECTION); 3389} 3390 3391static int hciops_remove_bonding(int index, bdaddr_t *bdaddr) 3392{ 3393 struct dev_info *dev = &devs[index]; 3394 delete_stored_link_key_cp cp; 3395 GSList *match; 3396 char addr[18]; 3397 3398 ba2str(bdaddr, addr); 3399 DBG("hci%d dba %s", index, addr); 3400 3401 match = g_slist_find_custom(dev->keys, bdaddr, (GCompareFunc) bacmp); 3402 if (match) { 3403 g_free(match->data); 3404 dev->keys = g_slist_delete_link(dev->keys, match); 3405 } 3406 3407 memset(&cp, 0, sizeof(cp)); 3408 bacpy(&cp.bdaddr, bdaddr); 3409 3410 /* Delete the link key from the Bluetooth chip */ 3411 if (hci_send_cmd(dev->sk, OGF_HOST_CTL, OCF_DELETE_STORED_LINK_KEY, 3412 DELETE_STORED_LINK_KEY_CP_SIZE, &cp) < 0) 3413 return -errno; 3414 3415 return 0; 3416} 3417 3418static int hciops_pincode_reply(int index, bdaddr_t *bdaddr, const char *pin) 3419{ 3420 struct dev_info *dev = &devs[index]; 3421 char addr[18]; 3422 int err; 3423 3424 ba2str(bdaddr, addr); 3425 DBG("hci%d dba %s", index, addr); 3426 3427 if (pin) { 3428 pin_code_reply_cp pr; 3429 size_t len = strlen(pin); 3430 3431 dev->pin_length = len; 3432 3433 memset(&pr, 0, sizeof(pr)); 3434 bacpy(&pr.bdaddr, bdaddr); 3435 memcpy(pr.pin_code, pin, len); 3436 pr.pin_len = len; 3437 err = hci_send_cmd(dev->sk, OGF_LINK_CTL, 3438 OCF_PIN_CODE_REPLY, 3439 PIN_CODE_REPLY_CP_SIZE, &pr); 3440 } else 3441 err = hci_send_cmd(dev->sk, OGF_LINK_CTL, 3442 OCF_PIN_CODE_NEG_REPLY, 6, bdaddr); 3443 3444 if (err < 0) 3445 err = -errno; 3446 3447 return err; 3448} 3449 3450static int hciops_passkey_reply(int index, bdaddr_t *bdaddr, uint32_t passkey) 3451{ 3452 struct dev_info *dev = &devs[index]; 3453 char addr[18]; 3454 int err; 3455 3456 ba2str(bdaddr, addr); 3457 DBG("hci%d dba %s", index, addr); 3458 3459 if (passkey != INVALID_PASSKEY) { 3460 user_passkey_reply_cp cp; 3461 3462 memset(&cp, 0, sizeof(cp)); 3463 bacpy(&cp.bdaddr, bdaddr); 3464 cp.passkey = passkey; 3465 3466 err = hci_send_cmd(dev->sk, OGF_LINK_CTL, 3467 OCF_USER_PASSKEY_REPLY, 3468 USER_PASSKEY_REPLY_CP_SIZE, &cp); 3469 } else 3470 err = hci_send_cmd(dev->sk, OGF_LINK_CTL, 3471 OCF_USER_PASSKEY_NEG_REPLY, 6, bdaddr); 3472 3473 if (err < 0) 3474 err = -errno; 3475 3476 return err; 3477} 3478 3479static int hciops_enable_le(int index) 3480{ 3481 struct dev_info *dev = &devs[index]; 3482 write_le_host_supported_cp cp; 3483 3484 DBG("hci%d", index); 3485 3486 if (!(dev->features[4] & LMP_LE)) 3487 return -ENOTSUP; 3488 3489 cp.le = 0x01; 3490 cp.simul = (dev->features[6] & LMP_LE_BREDR) ? 0x01 : 0x00; 3491 3492 if (hci_send_cmd(dev->sk, OGF_HOST_CTL, 3493 OCF_WRITE_LE_HOST_SUPPORTED, 3494 WRITE_LE_HOST_SUPPORTED_CP_SIZE, &cp) < 0) 3495 return -errno; 3496 3497 return 0; 3498} 3499 3500static uint8_t generate_service_class(int index) 3501{ 3502 struct dev_info *dev = &devs[index]; 3503 GSList *l; 3504 uint8_t val = 0; 3505 3506 for (l = dev->uuids; l != NULL; l = g_slist_next(l)) { 3507 struct uuid_info *uuid = l->data; 3508 3509 val |= uuid->svc_hint; 3510 } 3511 3512 return val; 3513} 3514 3515static int update_service_classes(int index) 3516{ 3517 struct dev_info *dev = &devs[index]; 3518 uint8_t value; 3519 int err; 3520 3521 value = generate_service_class(index); 3522 3523 DBG("hci%d value %u", index, value); 3524 3525 /* Update only the service class, keep the limited bit, 3526 * major/minor class bits intact */ 3527 dev->wanted_cod &= 0x00ffff; 3528 dev->wanted_cod |= (value << 16); 3529 3530 /* If the cache is enabled or an existing CoD write is in progress 3531 * just bail out */ 3532 if (dev->cache_enable || dev->pending_cod) 3533 return 0; 3534 3535 /* If we already have the CoD we want, update EIR and return */ 3536 if (dev->current_cod == dev->wanted_cod) { 3537 update_ext_inquiry_response(index); 3538 return 0; 3539 } 3540 3541 DBG("Changing service classes to 0x%06x", dev->wanted_cod); 3542 3543 err = write_class(index, dev->wanted_cod); 3544 if (err < 0) 3545 error("Adapter class update failed: %s (%d)", 3546 strerror(-err), -err); 3547 3548 return err; 3549} 3550 3551static int hciops_add_uuid(int index, uuid_t *uuid, uint8_t svc_hint) 3552{ 3553 struct dev_info *dev = &devs[index]; 3554 struct uuid_info *info; 3555 3556 DBG("hci%d", index); 3557 3558 info = g_new0(struct uuid_info, 1); 3559 memcpy(&info->uuid, uuid, sizeof(*uuid)); 3560 info->svc_hint = svc_hint; 3561 3562 dev->uuids = g_slist_append(dev->uuids, info); 3563 3564 return update_service_classes(index); 3565} 3566 3567static int hciops_remove_uuid(int index, uuid_t *uuid) 3568{ 3569 struct dev_info *dev = &devs[index]; 3570 GSList *match; 3571 3572 match = g_slist_find_custom(dev->uuids, uuid, sdp_uuid_cmp); 3573 if (match) { 3574 g_free(match->data); 3575 dev->uuids = g_slist_delete_link(dev->uuids, match); 3576 } 3577 3578 DBG("hci%d", index); 3579 3580 return update_service_classes(index); 3581} 3582 3583static int hciops_disable_cod_cache(int index) 3584{ 3585 struct dev_info *dev = &devs[index]; 3586 3587 DBG("hci%d cache_enable %d", index, dev->cache_enable); 3588 3589 if (!dev->cache_enable) 3590 return 0; 3591 3592 DBG("hci%d current_cod 0x%06x wanted_cod 0x%06x", index, 3593 dev->current_cod, dev->wanted_cod); 3594 3595 /* Disable and flush svc cache. All successive service class 3596 * updates * will be written to the device */ 3597 dev->cache_enable = FALSE; 3598 3599 if (dev->current_cod == dev->wanted_cod) { 3600 update_ext_inquiry_response(index); 3601 return 0; 3602 } 3603 3604 return write_class(index, dev->wanted_cod); 3605} 3606 3607static int hciops_restore_powered(int index) 3608{ 3609 struct dev_info *dev = &devs[index]; 3610 3611 if (!dev->already_up && dev->up) 3612 return hciops_power_off(index); 3613 3614 return 0; 3615} 3616 3617static int hciops_load_keys(int index, GSList *keys, gboolean debug_keys) 3618{ 3619 struct dev_info *dev = &devs[index]; 3620 3621 DBG("hci%d keys %d debug_keys %d", index, g_slist_length(keys), 3622 debug_keys); 3623 3624 if (dev->keys != NULL) 3625 return -EEXIST; 3626 3627 dev->keys = keys; 3628 dev->debug_keys = debug_keys; 3629 3630 return 0; 3631} 3632 3633static int hciops_set_io_capability(int index, uint8_t io_capability) 3634{ 3635 struct dev_info *dev = &devs[index]; 3636 3637 dev->io_capability = io_capability; 3638 3639 return 0; 3640} 3641 3642static int request_authentication(int index, bdaddr_t *bdaddr) 3643{ 3644 struct dev_info *dev = &devs[index]; 3645 auth_requested_cp cp; 3646 uint16_t handle; 3647 int err; 3648 3649 DBG("hci%d", index); 3650 3651 err = get_handle(index, bdaddr, &handle); 3652 if (err < 0) 3653 return err; 3654 3655 memset(&cp, 0, sizeof(cp)); 3656 cp.handle = htobs(handle); 3657 3658 if (hci_send_cmd(dev->sk, OGF_LINK_CTL, OCF_AUTH_REQUESTED, 3659 AUTH_REQUESTED_CP_SIZE, &cp) < 0) 3660 return -errno; 3661 3662 return 0; 3663} 3664 3665static void bonding_connect_cb(GIOChannel *io, GError *err, gpointer user_data) 3666{ 3667 struct bt_conn *conn = user_data; 3668 struct dev_info *dev = conn->dev; 3669 3670 if (!conn->io) { 3671 if (!err) 3672 g_io_channel_shutdown(io, TRUE, NULL); 3673 return; 3674 } 3675 3676 if (err) 3677 /* Wait proper error to be propagated by bonding complete */ 3678 return; 3679 3680 if (request_authentication(dev->id, &conn->bdaddr) < 0) 3681 goto failed; 3682 3683 return; 3684 3685failed: 3686 bonding_complete(dev, conn, HCI_UNSPECIFIED_ERROR); 3687} 3688 3689static int hciops_create_bonding(int index, bdaddr_t *bdaddr, uint8_t io_cap) 3690{ 3691 struct dev_info *dev = &devs[index]; 3692 BtIOSecLevel sec_level; 3693 struct bt_conn *conn; 3694 GError *err = NULL; 3695 3696 conn = get_connection(dev, bdaddr); 3697 3698 if (conn->io != NULL) 3699 return -EBUSY; 3700 3701 conn->loc_cap = io_cap; 3702 3703 /* If our IO capability is NoInputNoOutput use medium security 3704 * level (i.e. don't require MITM protection) else use high 3705 * security level */ 3706 if (io_cap == 0x03) 3707 sec_level = BT_IO_SEC_MEDIUM; 3708 else 3709 sec_level = BT_IO_SEC_HIGH; 3710 3711 conn->io = bt_io_connect(BT_IO_L2RAW, bonding_connect_cb, conn, 3712 NULL, &err, 3713 BT_IO_OPT_SOURCE_BDADDR, &dev->bdaddr, 3714 BT_IO_OPT_DEST_BDADDR, bdaddr, 3715 BT_IO_OPT_SEC_LEVEL, sec_level, 3716 BT_IO_OPT_INVALID); 3717 if (conn->io == NULL) { 3718 error("bt_io_connect: %s", err->message); 3719 g_error_free(err); 3720 return -EIO; 3721 } 3722 3723 conn->bonding_initiator = TRUE; 3724 3725 return 0; 3726} 3727 3728static int hciops_cancel_bonding(int index, bdaddr_t *bdaddr) 3729{ 3730 struct dev_info *dev = &devs[index]; 3731 struct bt_conn *conn; 3732 3733 DBG("hci%d", index); 3734 3735 conn = find_connection(dev, bdaddr); 3736 if (conn == NULL || conn->io == NULL) 3737 return -ENOTCONN; 3738 3739 g_io_channel_shutdown(conn->io, TRUE, NULL); 3740 g_io_channel_unref(conn->io); 3741 conn->io = NULL; 3742 3743 return 0; 3744} 3745 3746static int hciops_read_local_oob_data(int index) 3747{ 3748 struct dev_info *dev = &devs[index]; 3749 3750 DBG("hci%d", index); 3751 3752 if (hci_send_cmd(dev->sk, OGF_HOST_CTL, OCF_READ_LOCAL_OOB_DATA, 0, 0) 3753 < 0) 3754 return -errno; 3755 3756 return 0; 3757} 3758 3759static int hciops_add_remote_oob_data(int index, bdaddr_t *bdaddr, 3760 uint8_t *hash, uint8_t *randomizer) 3761{ 3762 char addr[18]; 3763 struct dev_info *dev = &devs[index]; 3764 GSList *match; 3765 struct oob_data *data; 3766 3767 ba2str(bdaddr, addr); 3768 DBG("hci%d bdaddr %s", index, addr); 3769 3770 match = g_slist_find_custom(dev->oob_data, &bdaddr, oob_bdaddr_cmp); 3771 3772 if (match) { 3773 data = match->data; 3774 } else { 3775 data = g_new(struct oob_data, 1); 3776 bacpy(&data->bdaddr, bdaddr); 3777 dev->oob_data = g_slist_prepend(dev->oob_data, data); 3778 } 3779 3780 memcpy(data->hash, hash, sizeof(data->hash)); 3781 memcpy(data->randomizer, randomizer, sizeof(data->randomizer)); 3782 3783 return 0; 3784} 3785 3786static int hciops_remove_remote_oob_data(int index, bdaddr_t *bdaddr) 3787{ 3788 char addr[18]; 3789 struct dev_info *dev = &devs[index]; 3790 GSList *match; 3791 3792 ba2str(bdaddr, addr); 3793 DBG("hci%d bdaddr %s", index, addr); 3794 3795 match = g_slist_find_custom(dev->oob_data, &bdaddr, oob_bdaddr_cmp); 3796 3797 if (!match) 3798 return -ENOENT; 3799 3800 g_free(match->data); 3801 dev->oob_data = g_slist_delete_link(dev->oob_data, match); 3802 3803 return 0; 3804} 3805 3806static struct btd_adapter_ops hci_ops = { 3807 .setup = hciops_setup, 3808 .cleanup = hciops_cleanup, 3809 .set_powered = hciops_set_powered, 3810 .set_discoverable = hciops_set_discoverable, 3811 .set_pairable = hciops_set_pairable, 3812 .set_limited_discoverable = hciops_set_limited_discoverable, 3813 .start_discovery = hciops_start_discovery, 3814 .stop_discovery = hciops_stop_discovery, 3815 .resolve_name = hciops_resolve_name, 3816 .cancel_resolve_name = hciops_cancel_resolve_name, 3817 .set_name = hciops_set_name, 3818 .set_dev_class = hciops_set_dev_class, 3819 .set_fast_connectable = hciops_fast_connectable, 3820 .read_clock = hciops_read_clock, 3821 .read_bdaddr = hciops_read_bdaddr, 3822 .block_device = hciops_block_device, 3823 .unblock_device = hciops_unblock_device, 3824 .get_conn_list = hciops_get_conn_list, 3825 .read_local_features = hciops_read_local_features, 3826 .disconnect = hciops_disconnect, 3827 .remove_bonding = hciops_remove_bonding, 3828 .pincode_reply = hciops_pincode_reply, 3829 .confirm_reply = hciops_confirm_reply, 3830 .passkey_reply = hciops_passkey_reply, 3831 .enable_le = hciops_enable_le, 3832 .encrypt_link = hciops_encrypt_link, 3833 .set_did = hciops_set_did, 3834 .add_uuid = hciops_add_uuid, 3835 .remove_uuid = hciops_remove_uuid, 3836 .disable_cod_cache = hciops_disable_cod_cache, 3837 .restore_powered = hciops_restore_powered, 3838 .load_keys = hciops_load_keys, 3839 .set_io_capability = hciops_set_io_capability, 3840 .create_bonding = hciops_create_bonding, 3841 .cancel_bonding = hciops_cancel_bonding, 3842 .read_local_oob_data = hciops_read_local_oob_data, 3843 .add_remote_oob_data = hciops_add_remote_oob_data, 3844 .remove_remote_oob_data = hciops_remove_remote_oob_data, 3845}; 3846 3847static int hciops_init(void) 3848{ 3849 DBG(""); 3850 return btd_register_adapter_ops(&hci_ops, FALSE); 3851} 3852 3853static void hciops_exit(void) 3854{ 3855 DBG(""); 3856 btd_adapter_cleanup_ops(&hci_ops); 3857} 3858 3859BLUETOOTH_PLUGIN_DEFINE(hciops, VERSION, 3860 BLUETOOTH_PLUGIN_PRIORITY_LOW, hciops_init, hciops_exit) 3861