59
clear_bit(HCI_INQUIRY, &hdev->flags);
59
if (test_bit(HCI_MGMT, &hdev->flags) &&
60
test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
61
mgmt_discovering(hdev->id, 0);
61
63
hci_req_complete(hdev, HCI_OP_INQUIRY_CANCEL, status);
75
clear_bit(HCI_INQUIRY, &hdev->flags);
77
if (test_bit(HCI_MGMT, &hdev->flags) &&
78
test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
79
mgmt_discovering(hdev->id, 0);
77
81
hci_conn_check_pending(hdev);
196
200
BT_DBG("%s status 0x%x", hdev->name, status);
201
202
sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
205
memcpy(hdev->dev_name, sent, 248);
206
if (test_bit(HCI_MGMT, &hdev->flags))
207
mgmt_set_local_name_complete(hdev->id, sent, status);
212
memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
208
215
static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
217
memcpy(hdev->dev_name, rp->name, 248);
224
memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
220
227
static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
470
477
* command otherwise */
471
478
u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
473
/* Events for 1.2 and newer controllers */
474
if (hdev->lmp_ver > 1) {
475
events[4] |= 0x01; /* Flow Specification Complete */
476
events[4] |= 0x02; /* Inquiry Result with RSSI */
477
events[4] |= 0x04; /* Read Remote Extended Features Complete */
478
events[5] |= 0x08; /* Synchronous Connection Complete */
479
events[5] |= 0x10; /* Synchronous Connection Changed */
480
/* CSR 1.1 dongles does not accept any bitfield so don't try to set
481
* any event mask for pre 1.2 devices */
482
if (hdev->lmp_ver <= 1)
485
events[4] |= 0x01; /* Flow Specification Complete */
486
events[4] |= 0x02; /* Inquiry Result with RSSI */
487
events[4] |= 0x04; /* Read Remote Extended Features Complete */
488
events[5] |= 0x08; /* Synchronous Connection Complete */
489
events[5] |= 0x10; /* Synchronous Connection Changed */
482
491
if (hdev->features[3] & LMP_RSSI_INQ)
483
492
events[4] |= 0x04; /* Inquiry Result with RSSI */
833
static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
836
struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
838
BT_DBG("%s status 0x%x", hdev->name, rp->status);
840
mgmt_read_local_oob_data_reply_complete(hdev->id, rp->hash,
841
rp->randomizer, rp->status);
824
844
static inline void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
826
846
BT_DBG("%s status 0x%x", hdev->name, status);
829
849
hci_req_complete(hdev, HCI_OP_INQUIRY, status);
831
850
hci_conn_check_pending(hdev);
833
set_bit(HCI_INQUIRY, &hdev->flags);
854
if (test_bit(HCI_MGMT, &hdev->flags) &&
855
!test_and_set_bit(HCI_INQUIRY,
857
mgmt_discovering(hdev->id, 1);
836
860
static inline void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
999
1023
hci_dev_lock(hdev);
1001
1025
conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1002
if (conn && hci_outgoing_auth_needed(hdev, conn)) {
1029
if (!hci_outgoing_auth_needed(hdev, conn))
1032
if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
1003
1033
struct hci_cp_auth_requested cp;
1004
1034
cp.handle = __cpu_to_le16(conn->handle);
1005
1035
hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1008
1039
hci_dev_unlock(hdev);
1195
1226
BT_DBG("%s status %d", hdev->name, status);
1197
clear_bit(HCI_INQUIRY, &hdev->flags);
1228
if (test_bit(HCI_MGMT, &hdev->flags) &&
1229
test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1230
mgmt_discovering(hdev->id, 0);
1199
1232
hci_req_complete(hdev, HCI_OP_INQUIRY, status);
1215
1248
hci_dev_lock(hdev);
1217
for (; num_rsp; num_rsp--) {
1250
if (!test_and_set_bit(HCI_INQUIRY, &hdev->flags)) {
1252
if (test_bit(HCI_MGMT, &hdev->flags))
1253
mgmt_discovering(hdev->id, 1);
1256
for (; num_rsp; num_rsp--, info++) {
1218
1257
bacpy(&data.bdaddr, &info->bdaddr);
1219
1258
data.pscan_rep_mode = info->pscan_rep_mode;
1220
1259
data.pscan_period_mode = info->pscan_period_mode;
1428
1468
conn->sec_level = conn->pending_sec_level;
1430
1470
mgmt_auth_failed(hdev->id, &conn->dst, ev->status);
1431
conn->sec_level = BT_SECURITY_LOW;
1434
1473
clear_bit(HCI_CONN_AUTH_PEND, &conn->pend);
1483
1522
hci_dev_lock(hdev);
1524
if (ev->status == 0 && test_bit(HCI_MGMT, &hdev->flags))
1525
mgmt_remote_name(hdev->id, &ev->bdaddr, ev->name);
1485
1527
conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
1486
if (conn && hci_outgoing_auth_needed(hdev, conn)) {
1531
if (!hci_outgoing_auth_needed(hdev, conn))
1534
if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
1487
1535
struct hci_cp_auth_requested cp;
1488
1536
cp.handle = __cpu_to_le16(conn->handle);
1489
1537
hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1492
1541
hci_dev_unlock(hdev);
1751
1800
hci_cc_pin_code_neg_reply(hdev, skb);
1803
case HCI_OP_READ_LOCAL_OOB_DATA:
1804
hci_cc_read_local_oob_data_reply(hdev, skb);
1754
1807
case HCI_OP_LE_READ_BUFFER_SIZE:
1755
1808
hci_cc_le_read_buffer_size(hdev, skb);
1984
2037
if (!test_bit(HCI_PAIRABLE, &hdev->flags))
1985
2038
hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
1986
2039
sizeof(ev->bdaddr), &ev->bdaddr);
1988
if (test_bit(HCI_MGMT, &hdev->flags))
1989
mgmt_pin_code_request(hdev->id, &ev->bdaddr);
2040
else if (test_bit(HCI_MGMT, &hdev->flags)) {
2043
if (conn->pending_sec_level == BT_SECURITY_HIGH)
2048
mgmt_pin_code_request(hdev->id, &ev->bdaddr, secure);
1991
2051
hci_dev_unlock(hdev);
2015
2075
BT_DBG("%s found key type %u for %s", hdev->name, key->type,
2016
2076
batostr(&ev->bdaddr));
2018
if (!test_bit(HCI_DEBUG_KEYS, &hdev->flags) && key->type == 0x03) {
2078
if (!test_bit(HCI_DEBUG_KEYS, &hdev->flags) &&
2079
key->type == HCI_LK_DEBUG_COMBINATION) {
2019
2080
BT_DBG("%s ignoring debug key", hdev->name);
2020
2081
goto not_found;
2023
2084
conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2025
if (key->type == 0x04 && conn && conn->auth_type != 0xff &&
2026
(conn->auth_type & 0x01)) {
2027
BT_DBG("%s ignoring unauthenticated key", hdev->name);
2086
if (key->type == HCI_LK_UNAUTH_COMBINATION &&
2087
conn->auth_type != 0xff &&
2088
(conn->auth_type & 0x01)) {
2089
BT_DBG("%s ignoring unauthenticated key", hdev->name);
2093
if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
2094
conn->pending_sec_level == BT_SECURITY_HIGH) {
2095
BT_DBG("%s ignoring key unauthenticated for high \
2096
security", hdev->name);
2100
conn->key_type = key->type;
2101
conn->pin_length = key->pin_len;
2031
2104
bacpy(&cp.bdaddr, &ev->bdaddr);
2057
2130
hci_conn_hold(conn);
2058
2131
conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2059
2132
pin_len = conn->pin_length;
2134
if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2135
conn->key_type = ev->key_type;
2060
2137
hci_conn_put(conn);
2063
2140
if (test_bit(HCI_LINK_KEYS, &hdev->flags))
2064
hci_add_link_key(hdev, 1, &ev->bdaddr, ev->link_key,
2141
hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
2065
2142
ev->key_type, pin_len);
2067
2144
hci_dev_unlock(hdev);
2137
2214
hci_dev_lock(hdev);
2216
if (!test_and_set_bit(HCI_INQUIRY, &hdev->flags)) {
2218
if (test_bit(HCI_MGMT, &hdev->flags))
2219
mgmt_discovering(hdev->id, 1);
2139
2222
if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
2140
2223
struct inquiry_info_with_rssi_and_pscan_mode *info;
2141
2224
info = (void *) (skb->data + 1);
2143
for (; num_rsp; num_rsp--) {
2226
for (; num_rsp; num_rsp--, info++) {
2144
2227
bacpy(&data.bdaddr, &info->bdaddr);
2145
2228
data.pscan_rep_mode = info->pscan_rep_mode;
2146
2229
data.pscan_period_mode = info->pscan_period_mode;
2149
2232
data.clock_offset = info->clock_offset;
2150
2233
data.rssi = info->rssi;
2151
2234
data.ssp_mode = 0x00;
2153
2235
hci_inquiry_cache_update(hdev, &data);
2236
mgmt_device_found(hdev->id, &info->bdaddr,
2237
info->dev_class, info->rssi,
2156
2241
struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
2158
for (; num_rsp; num_rsp--) {
2243
for (; num_rsp; num_rsp--, info++) {
2159
2244
bacpy(&data.bdaddr, &info->bdaddr);
2160
2245
data.pscan_rep_mode = info->pscan_rep_mode;
2161
2246
data.pscan_period_mode = info->pscan_period_mode;
2164
2249
data.clock_offset = info->clock_offset;
2165
2250
data.rssi = info->rssi;
2166
2251
data.ssp_mode = 0x00;
2168
2252
hci_inquiry_cache_update(hdev, &data);
2253
mgmt_device_found(hdev->id, &info->bdaddr,
2254
info->dev_class, info->rssi,
2384
if (!test_and_set_bit(HCI_INQUIRY, &hdev->flags)) {
2386
if (test_bit(HCI_MGMT, &hdev->flags))
2387
mgmt_discovering(hdev->id, 1);
2297
2390
hci_dev_lock(hdev);
2299
for (; num_rsp; num_rsp--) {
2392
for (; num_rsp; num_rsp--, info++) {
2300
2393
bacpy(&data.bdaddr, &info->bdaddr);
2301
2394
data.pscan_rep_mode = info->pscan_rep_mode;
2302
2395
data.pscan_period_mode = info->pscan_period_mode;
2356
2450
bacpy(&cp.bdaddr, &ev->bdaddr);
2357
2451
cp.capability = conn->io_capability;
2359
cp.authentication = hci_get_auth_req(conn);
2452
conn->auth_type = hci_get_auth_req(conn);
2453
cp.authentication = conn->auth_type;
2455
if ((conn->out == 0x01 || conn->remote_oob == 0x01) &&
2456
hci_find_remote_oob_data(hdev, &conn->dst))
2361
2461
hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
2362
2462
sizeof(cp), &cp);
2364
2464
struct hci_cp_io_capability_neg_reply cp;
2366
2466
bacpy(&cp.bdaddr, &ev->bdaddr);
2367
cp.reason = 0x16; /* Pairing not allowed */
2467
cp.reason = 0x18; /* Pairing not allowed */
2369
2469
hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
2370
2470
sizeof(cp), &cp);
2399
2499
struct sk_buff *skb)
2401
2501
struct hci_ev_user_confirm_req *ev = (void *) skb->data;
2502
int loc_mitm, rem_mitm, confirm_hint = 0;
2503
struct hci_conn *conn;
2403
2505
BT_DBG("%s", hdev->name);
2405
2507
hci_dev_lock(hdev);
2407
if (test_bit(HCI_MGMT, &hdev->flags))
2408
mgmt_user_confirm_request(hdev->id, &ev->bdaddr, ev->passkey);
2509
if (!test_bit(HCI_MGMT, &hdev->flags))
2512
conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2516
loc_mitm = (conn->auth_type & 0x01);
2517
rem_mitm = (conn->remote_auth & 0x01);
2519
/* If we require MITM but the remote device can't provide that
2520
* (it has NoInputNoOutput) then reject the confirmation
2521
* request. The only exception is when we're dedicated bonding
2522
* initiators (connect_cfm_cb set) since then we always have the MITM
2524
if (!conn->connect_cfm_cb && loc_mitm && conn->remote_cap == 0x03) {
2525
BT_DBG("Rejecting request: remote device can't provide MITM");
2526
hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
2527
sizeof(ev->bdaddr), &ev->bdaddr);
2531
/* If no side requires MITM protection; auto-accept */
2532
if ((!loc_mitm || conn->remote_cap == 0x03) &&
2533
(!rem_mitm || conn->io_capability == 0x03)) {
2535
/* If we're not the initiators request authorization to
2536
* proceed from user space (mgmt_user_confirm with
2537
* confirm_hint set to 1). */
2538
if (!test_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
2539
BT_DBG("Confirming auto-accept as acceptor");
2544
BT_DBG("Auto-accept of user confirmation with %ums delay",
2545
hdev->auto_accept_delay);
2547
if (hdev->auto_accept_delay > 0) {
2548
int delay = msecs_to_jiffies(hdev->auto_accept_delay);
2549
mod_timer(&conn->auto_accept_timer, jiffies + delay);
2553
hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
2554
sizeof(ev->bdaddr), &ev->bdaddr);
2559
mgmt_user_confirm_request(hdev->id, &ev->bdaddr, ev->passkey,
2410
2563
hci_dev_unlock(hdev);
2453
2606
hci_dev_unlock(hdev);
2609
static inline void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
2610
struct sk_buff *skb)
2612
struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
2613
struct oob_data *data;
2615
BT_DBG("%s", hdev->name);
2619
if (!test_bit(HCI_MGMT, &hdev->flags))
2622
data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
2624
struct hci_cp_remote_oob_data_reply cp;
2626
bacpy(&cp.bdaddr, &ev->bdaddr);
2627
memcpy(cp.hash, data->hash, sizeof(cp.hash));
2628
memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
2630
hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),
2633
struct hci_cp_remote_oob_data_neg_reply cp;
2635
bacpy(&cp.bdaddr, &ev->bdaddr);
2636
hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),
2641
hci_dev_unlock(hdev);
2456
2644
static inline void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2458
2646
struct hci_ev_le_conn_complete *ev = (void *) skb->data;
2475
2663
if (ev->status) {
2664
mgmt_connect_failed(hdev->id, &ev->bdaddr, ev->status);
2476
2665
hci_proto_connect_cfm(conn, ev->status);
2477
2666
conn->state = BT_CLOSED;
2478
2667
hci_conn_del(conn);
2671
mgmt_connected(hdev->id, &ev->bdaddr);
2482
2673
conn->handle = __le16_to_cpu(ev->handle);
2483
2674
conn->state = BT_CONNECTED;
2655
2846
hci_le_meta_evt(hdev, skb);
2849
case HCI_EV_REMOTE_OOB_DATA_REQUEST:
2850
hci_remote_oob_data_request_evt(hdev, skb);
2659
2854
BT_DBG("%s event 0x%x", hdev->name, event);