~ubuntu-branches/ubuntu/wily/bluez/wily

« back to all changes in this revision

Viewing changes to src/sdpd-request.c

Committer: Bazaar Package Importer
Author(s): Mario Limonciello
Date: 2008-10-07 12:10:29 UTC
Revision ID: james.westby@ubuntu.com-20081007121029-4gup4fmmh2vfo5nh

Tags: upstream-4.12

Import upstream version 4.12

files added:

AUTHORS

COPYING

COPYING.LIB

ChangeLog

INSTALL

Makefile.am

Makefile.in

NEWS

README

acinclude.m4

aclocal.m4

audio

audio/Makefile.am

audio/Makefile.in

audio/a2dp.c

audio/a2dp.h

audio/asound.conf

audio/audio.conf

audio/avdtp.c

audio/avdtp.h

audio/control.c

audio/control.h

audio/ctl_bluetooth.c

audio/device.c

audio/device.h

audio/gateway.c

audio/gateway.h

audio/gsta2dpsink.c

audio/gsta2dpsink.h

audio/gstavdtpsink.c

audio/gstavdtpsink.h

audio/gstbluetooth.c

audio/gstrtpsbcpay.c

audio/gstrtpsbcpay.h

audio/gstsbcdec.c

audio/gstsbcdec.h

audio/gstsbcenc.c

audio/gstsbcenc.h

audio/gstsbcparse.c

audio/gstsbcparse.h

audio/gstsbcutil.c

audio/gstsbcutil.h

audio/headset.c

audio/headset.h

audio/ipc.c

audio/ipc.h

audio/main.c

audio/manager.c

audio/manager.h

audio/pcm_bluetooth.c

audio/rtp.h

audio/sink.c

audio/sink.h

audio/telephony-dummy.c

audio/telephony-maemo.c

audio/telephony.h

audio/unix.c

audio/unix.h

bluez.m4

bluez.pc.in

common

common/Makefile.am

common/Makefile.in

common/glib-helper.c

common/glib-helper.h

common/logging.c

common/logging.h

common/oui.c

common/oui.h

common/ppoll.h

common/sdp-xml.c

common/sdp-xml.h

common/test_textfile.c

common/textfile.c

common/textfile.h

common/uinput.h

compat

compat/Makefile.am

compat/Makefile.in

compat/bnep.c

compat/dun.c

compat/dund.1

compat/dund.c

compat/dund.h

compat/fakehid.c

compat/fakehid.txt

compat/hidd.1

compat/hidd.c

compat/hidd.h

compat/lib.h

compat/msdun.c

compat/pand.1

compat/pand.c

compat/pand.h

compat/sdp.c

compat/sdp.h

config.guess

config.h.in

config.sub

configure

configure.ac

cups

cups/Makefile.am

cups/Makefile.in

cups/cups.h

cups/hcrp.c

cups/main.c

cups/sdp.c

cups/spp.c

depcomp

doc/Makefile.am

doc/Makefile.in

doc/adapter-api.txt

doc/agent-api.txt

doc/audio-api.txt

doc/bluez-docs.xml

doc/control-api.txt

doc/device-api.txt

doc/gtk-doc.make

doc/input-api.txt

doc/manager-api.txt

doc/network-api.txt

doc/serial-api.txt

doc/service-api.txt

doc/version.xml.in

gdbus

gdbus/Makefile.am

gdbus/Makefile.in

gdbus/gdbus.h

gdbus/mainloop.c

gdbus/object.c

gdbus/watch.c

include

include/Makefile.am

include/Makefile.in

include/bluetooth.h

include/bnep.h

include/cmtp.h

include/hci.h

include/hci_lib.h

include/hidp.h

include/l2cap.h

include/rfcomm.h

include/sco.h

include/sdp.h

include/sdp_lib.h

input

input/Makefile.am

input/Makefile.in

input/device.c

input/device.h

input/fakehid.c

input/fakehid.h

input/input.conf

input/main.c

input/manager.c

input/manager.h

input/server.c

input/server.h

install-sh

lib/Makefile.am

lib/Makefile.in

lib/bluetooth.c

lib/hci.c

lib/sdp.c

ltmain.sh

missing

network

network/Makefile.am

network/Makefile.in

network/bridge.c

network/bridge.h

network/common.c

network/common.h

network/connection.c

network/connection.h

network/main.c

network/manager.c

network/manager.h

network/network.conf

network/server.c

network/server.h

plugins

plugins/Makefile.am

plugins/Makefile.in

plugins/echo.c

plugins/hal.c

plugins/netlink.c

plugins/service.c

plugins/storage.c

rfcomm

rfcomm/Makefile.am

rfcomm/Makefile.in

rfcomm/kword.c

rfcomm/kword.h

rfcomm/lexer.c

rfcomm/lexer.l

rfcomm/main.c

rfcomm/parser.c

rfcomm/parser.h

rfcomm/parser.y

rfcomm/rfcomm.1

rfcomm/rfcomm.conf

sbc/Makefile.am

sbc/Makefile.in

sbc/sbc.c

sbc/sbc.h

sbc/sbc_math.h

sbc/sbc_tables.h

sbc/sbcdec.c

sbc/sbcenc.c

sbc/sbcinfo.c

sbc/sbctester.c

scripts

scripts/Makefile.am

scripts/Makefile.in

scripts/bluetooth.default

scripts/bluetooth.init

scripts/bluetooth.rules

scripts/bluetooth_serial

serial

serial/Makefile.am

serial/Makefile.in

serial/main.c

serial/manager.c

serial/manager.h

serial/port.c

serial/port.h

serial/proxy.c

serial/proxy.h

serial/serial-api.txt

serial/storage.c

serial/storage.h

src/Makefile.am

src/Makefile.in

src/adapter.c

src/adapter.h

src/agent.c

src/agent.h

src/bluetooth.conf

src/bluetoothd.8

src/dbus-common.c

src/dbus-common.h

src/dbus-hci.c

src/dbus-hci.h

src/device.c

src/device.h

src/error.c

src/error.h

src/hcid.h

src/main.c

src/main.conf

src/manager.c

src/manager.h

src/plugin.c

src/plugin.h

src/sdpd-database.c

src/sdpd-request.c

src/sdpd-server.c

src/sdpd-service.c

src/sdpd.h

src/security.c

src/storage.c

src/storage.h

test

test/Makefile.am

test/Makefile.in

test/agent.c

test/apitest

test/attest.c

test/bdaddr.8

test/bdaddr.c

test/dbusdef.py

test/hciemu.c

test/hsmicro

test/hsplay

test/hstest.c

test/l2test.c

test/list-devices

test/lmptest.c

test/rctest.c

test/scotest.c

test/sdptest.c

test/service-did.xml

test/service-ftp.xml

test/service-opp.xml

test/service-record.dtd

test/service-spp.xml

test/simple-agent

test/simple-service

test/test-adapter

test/test-device

test/test-discovery

test/test-manager

test/test-serial

test/test-telephony

tools

tools/Makefile.am

tools/Makefile.in

tools/avctrl.8

tools/avctrl.c

tools/avinfo.c

tools/bccmd.8

tools/bccmd.c

tools/ciptool.1

tools/ciptool.c

tools/csr.c

tools/csr.h

tools/csr_3wire.c

tools/csr_bcsp.c

tools/csr_h4.c

tools/csr_hci.c

tools/csr_usb.c

tools/dfu.c

tools/dfu.h

tools/dfubabel.1

tools/dfubabel.c

tools/dfutool.1

tools/dfutool.c

tools/example.psr

tools/hciattach.8

tools/hciattach.c

tools/hciattach_st.c

tools/hciattach_ti.c

tools/hciattach_tialt.c

tools/hciconfig.8

tools/hciconfig.c

tools/hcisecfilter.c

tools/hcitool.1

tools/hcitool.c

tools/hid2hci.8

tools/hid2hci.c

tools/l2ping.1

tools/l2ping.c

tools/ppporc.c

tools/sdptool.1

tools/sdptool.c

tools/ubcsp.c

tools/ubcsp.h

ylwrap

Show diffs side-by-side

added added

removed removed

src/sdpd-request.c

* BlueZ - Bluetooth protocol stack for Linux

* This program is free software; you can redistribute it and/or modify

* it under the terms of the GNU General Public License as published by

* the Free Software Foundation; either version 2 of the License, or

* (at your option) any later version.

* This program is distributed in the hope that it will be useful,

* but WITHOUT ANY WARRANTY; without even the implied warranty of

* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

* GNU General Public License for more details.

* You should have received a copy of the GNU General Public License

* along with this program; if not, write to the Free Software

* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA

#ifdef HAVE_CONFIG_H

#include <config.h>

#endif

#include <stdio.h>

#include <errno.h>

#include <stdlib.h>

#include <string.h>

#include <limits.h>

#include <sys/socket.h>

#include <bluetooth/bluetooth.h>

#include <bluetooth/l2cap.h>

#include <bluetooth/sdp.h>

#include <bluetooth/sdp_lib.h>

#include <netinet/in.h>

#include "sdpd.h"

#include "logging.h"

#define MIN(x, y) ((x) < (y)) ? (x): (y)

typedef struct _sdp_cstate_list sdp_cstate_list_t;

struct _sdp_cstate_list {

sdp_cstate_list_t *next;

uint32_t timestamp;

sdp_buf_t buf;

};

static sdp_cstate_list_t *cstates;

// FIXME: should probably remove it when it's found

sdp_buf_t *sdp_get_cached_rsp(sdp_cont_state_t *cstate)

{

sdp_cstate_list_t *p;

for (p = cstates; p; p = p->next)

if (p->timestamp == cstate->timestamp)

return &p->buf;

return 0;

}

static uint32_t sdp_cstate_alloc_buf(sdp_buf_t *buf)

{

sdp_cstate_list_t *cstate = malloc(sizeof(sdp_cstate_list_t));

uint8_t *data = malloc(buf->data_size);

memcpy(data, buf->data, buf->data_size);

memset((char *)cstate, 0, sizeof(sdp_cstate_list_t));

cstate->buf.data = data;

cstate->buf.data_size = buf->data_size;

cstate->buf.buf_size = buf->data_size;

cstate->timestamp = sdp_get_time();

cstate->next = cstates;

cstates = cstate;

return cstate->timestamp;

}

/* Additional values for checking datatype (not in spec) */

#define SDP_TYPE_UUID 0xfe

#define SDP_TYPE_ANY 0xff

* Generic data element sequence extractor. Builds

* a list whose elements are those found in the

* sequence. The data type of elements found in the

* sequence is returned in the reference pDataType

static int extract_des(uint8_t *buf, int len, sdp_list_t **svcReqSeq, uint8_t *pDataType, uint8_t expectedType)

{

uint8_t seqType;

100

int scanned, data_size = 0;

101

short numberOfElements = 0;

102

int seqlen = 0;

103

sdp_list_t *pSeq = NULL;

104

uint8_t dataType;

105

int status = 0;

106

const uint8_t *p;

107

int bufsize;

108

109

scanned = sdp_extract_seqtype(buf, len, &seqType, &data_size);

110

111

SDPDBG("Seq type : %d", seqType);

112

if (!scanned || (seqType != SDP_SEQ8 && seqType != SDP_SEQ16)) {

113

error("Unknown seq type");

114

return -1;

115

}

116

p = buf + scanned;

117

bufsize = len - scanned;

118

119

SDPDBG("Data size : %d", data_size);

120

121

for (;;) {

122

char *pElem = NULL;

123

int localSeqLength = 0;

124

125

if (bufsize < sizeof(uint8_t)) {

126

SDPDBG("->Unexpected end of buffer");

127

return -1;

128

}

129

130

dataType = *(uint8_t *)p;

131

SDPDBG("Data type: 0x%02x", dataType);

132

133

if (expectedType == SDP_TYPE_UUID) {

134

if (dataType != SDP_UUID16 && dataType != SDP_UUID32 && dataType != SDP_UUID128) {

135

SDPDBG("->Unexpected Data type (expected UUID_ANY)");

136

return -1;

137

}

138

} else if (expectedType != SDP_TYPE_ANY && dataType != expectedType) {

139

SDPDBG("->Unexpected Data type (expected 0x%02x)", expectedType);

140

return -1;

141

}

142

143

switch (dataType) {

144

case SDP_UINT16:

145

p += sizeof(uint8_t);

146

seqlen += sizeof(uint8_t);

147

bufsize -= sizeof(uint8_t);

148

if (bufsize < sizeof(uint16_t)) {

149

SDPDBG("->Unexpected end of buffer");

150

return -1;

151

}

152

153

pElem = malloc(sizeof(uint16_t));

154

bt_put_unaligned(ntohs(bt_get_unaligned((uint16_t *)p)), (uint16_t *)pElem);

155

p += sizeof(uint16_t);

156

seqlen += sizeof(uint16_t);

157

bufsize -= sizeof(uint16_t);

158

break;

159

case SDP_UINT32:

160

p += sizeof(uint8_t);

161

seqlen += sizeof(uint8_t);

162

bufsize -= sizeof(uint8_t);

163

if (bufsize < (int)sizeof(uint32_t)) {

164

SDPDBG("->Unexpected end of buffer");

165

return -1;

166

}

167

168

pElem = malloc(sizeof(uint32_t));

169

bt_put_unaligned(ntohl(bt_get_unaligned((uint32_t *)p)), (uint32_t *)pElem);

170

p += sizeof(uint32_t);

171

seqlen += sizeof(uint32_t);

172

bufsize -= sizeof(uint32_t);

173

break;

174

case SDP_UUID16:

175

case SDP_UUID32:

176

case SDP_UUID128:

177

pElem = malloc(sizeof(uuid_t));

178

status = sdp_uuid_extract(p, bufsize, (uuid_t *) pElem, &localSeqLength);

179

if (status == 0) {

180

seqlen += localSeqLength;

181

p += localSeqLength;

182

bufsize -= localSeqLength;

183

}

184

break;

185

default:

186

return -1;

187

}

188

if (status == 0) {

189

pSeq = sdp_list_append(pSeq, pElem);

190

numberOfElements++;

191

SDPDBG("No of elements : %d", numberOfElements);

192

193

if (seqlen == data_size)

194

break;

195

else if (seqlen > data_size || seqlen > len)

196

return -1;

197

} else

198

free(pElem);

199

}

200

*svcReqSeq = pSeq;

201

scanned += seqlen;

202

*pDataType = dataType;

203

return scanned;

204

}

205

206

static int sdp_set_cstate_pdu(sdp_buf_t *buf, sdp_cont_state_t *cstate)

207

{

208

uint8_t *pdata = buf->data + buf->data_size;

209

int length = 0;

210

211

if (cstate) {

212

SDPDBG("Non null sdp_cstate_t id : 0x%lx", cstate->timestamp);

213

*(uint8_t *)pdata = sizeof(sdp_cont_state_t);

214

pdata += sizeof(uint8_t);

215

length += sizeof(uint8_t);

216

memcpy(pdata, cstate, sizeof(sdp_cont_state_t));

217

length += sizeof(sdp_cont_state_t);

218

} else {

219

// set "null" continuation state

220

*(uint8_t *)pdata = 0;

221

pdata += sizeof(uint8_t);

222

length += sizeof(uint8_t);

223

}

224

buf->data_size += length;

225

return length;

226

}

227

228

static sdp_cont_state_t *sdp_cstate_get(uint8_t *buffer)

229

{

230

uint8_t *pdata = buffer;

231

uint8_t cStateSize = *(uint8_t *)pdata;

232

233

234

* Check if continuation state exists, if yes attempt

235

* to get response remainder from cache, else send error

236

237

SDPDBG("Continuation State size : %d", cStateSize);

238

239

pdata += sizeof(uint8_t);

240

if (cStateSize != 0) {

241

sdp_cont_state_t *cstate = malloc(sizeof(sdp_cont_state_t));

242

if (!cstate)

243

return NULL;

244

memcpy(cstate, (sdp_cont_state_t *)pdata, sizeof(sdp_cont_state_t));

245

SDPDBG("Cstate TS : 0x%lx", cstate->timestamp);

246

SDPDBG("Bytes sent : %d", cstate->cStateValue.maxBytesSent);

247

return cstate;

248

}

249

return NULL;

250

}

251

252

253

* The matching process is defined as "each and every UUID

254

* specified in the "search pattern" must be present in the

255

* "target pattern". Here "search pattern" is the set of UUIDs

256

* specified by the service discovery client and "target pattern"

257

* is the set of UUIDs present in a service record.

258

259

* Return 1 if each and every UUID in the search

260

* pattern exists in the target pattern, 0 if the

261

* match succeeds and -1 on error.

262

263

static int sdp_match_uuid(sdp_list_t *search, sdp_list_t *pattern)

264

{

265

266

* The target is a sorted list, so we need not look

267

* at all elements to confirm existence of an element

268

* from the search pattern

269

270

int patlen = sdp_list_len(pattern);

271

272

if (patlen < sdp_list_len(search))

273

return -1;

274

for (; search; search = search->next) {

275

uuid_t *uuid128;

276

void *data = search->data;

277

sdp_list_t *list;

278

if (data == NULL)

279

return -1;

280

281

// create 128-bit form of the search UUID

282

uuid128 = sdp_uuid_to_uuid128((uuid_t *)data);

283

list = sdp_list_find(pattern, uuid128, sdp_uuid128_cmp);

284

bt_free(uuid128);

285

if (!list)

286

return 0;

287

}

288

return 1;

289

}

290

291

292

* Service search request PDU. This method extracts the search pattern

293

* (a sequence of UUIDs) and calls the matching function

294

* to find matching services

295

296

static int service_search_req(sdp_req_t *req, sdp_buf_t *buf)

297

{

298

int status = 0, i, plen, mlen, mtu, scanned;

299

sdp_list_t *pattern = NULL;

300

uint16_t expected, actual, rsp_count = 0;

301

uint8_t dtd;

302

sdp_cont_state_t *cstate = NULL;

303

uint8_t *pCacheBuffer = NULL;

304

int handleSize = 0;

305

uint32_t cStateId = 0;

306

short *pTotalRecordCount, *pCurrentRecordCount;

307

uint8_t *pdata = req->buf + sizeof(sdp_pdu_hdr_t);

308

309

scanned = extract_des(pdata, req->len - sizeof(sdp_pdu_hdr_t),

310

&pattern, &dtd, SDP_TYPE_UUID);

311

312

if (scanned == -1) {

313

status = SDP_INVALID_SYNTAX;

314

goto done;

315

}

316

pdata += scanned;

317

318

plen = ntohs(((sdp_pdu_hdr_t *)(req->buf))->plen);

319

mlen = scanned + sizeof(uint16_t) + 1;

320

// ensure we don't read past buffer

321

if (plen < mlen || plen != mlen + *(uint8_t *)(pdata+sizeof(uint16_t))) {

322

status = SDP_INVALID_SYNTAX;

323

goto done;

324

}

325

326

expected = ntohs(bt_get_unaligned((uint16_t *)pdata));

327

328

SDPDBG("Expected count: %d", expected);

329

SDPDBG("Bytes scanned : %d", scanned);

330

331

pdata += sizeof(uint16_t);

332

333

334

* Check if continuation state exists, if yes attempt

335

* to get rsp remainder from cache, else send error

336

337

cstate = sdp_cstate_get(pdata);

338

339

mtu = req->mtu - sizeof(sdp_pdu_hdr_t) - sizeof(uint16_t) - sizeof(uint16_t) - SDP_CONT_STATE_SIZE;

340

actual = MIN(expected, mtu >> 2);

341

342

/* make space in the rsp buffer for total and current record counts */

343

pdata = buf->data;

344

345

/* total service record count = 0 */

346

pTotalRecordCount = (short *)pdata;

347

bt_put_unaligned(0, (uint16_t *)pdata);

348

pdata += sizeof(uint16_t);

349

buf->data_size += sizeof(uint16_t);

350

351

/* current service record count = 0 */

352

pCurrentRecordCount = (short *)pdata;

353

bt_put_unaligned(0, (uint16_t *)pdata);

354

pdata += sizeof(uint16_t);

355

buf->data_size += sizeof(uint16_t);

356

357

if (cstate == NULL) {

358

/* for every record in the DB, do a pattern search */

359

sdp_list_t *list = sdp_get_record_list();

360

361

handleSize = 0;

362

for (; list && rsp_count < expected; list = list->next) {

363

sdp_record_t *rec = (sdp_record_t *) list->data;

364

365

SDPDBG("Checking svcRec : 0x%x", rec->handle);

366

367

if (sdp_match_uuid(pattern, rec->pattern) > 0 &&

368

sdp_check_access(rec->handle, &req->device)) {

369

rsp_count++;

370

bt_put_unaligned(htonl(rec->handle), (uint32_t *)pdata);

371

pdata += sizeof(uint32_t);

372

handleSize += sizeof(uint32_t);

373

}

374

}

375

376

SDPDBG("Match count: %d", rsp_count);

377

378

buf->data_size += handleSize;

379

bt_put_unaligned(htons(rsp_count), (uint16_t *)pTotalRecordCount);

380

bt_put_unaligned(htons(rsp_count), (uint16_t *)pCurrentRecordCount);

381

382

if (rsp_count > actual) {

383

/* cache the rsp and generate a continuation state */

384

cStateId = sdp_cstate_alloc_buf(buf);

385

386

* subtract handleSize since we now send only

387

* a subset of handles

388

389

buf->data_size -= handleSize;

390

} else {

391

/* NULL continuation state */

392

sdp_set_cstate_pdu(buf, NULL);

393

}

394

}

395

396

/* under both the conditions below, the rsp buffer is not built yet */

397

if (cstate || cStateId > 0) {

398

short lastIndex = 0;

399

400

if (cstate) {

401

402

* Get the previous sdp_cont_state_t and obtain

403

* the cached rsp

404

405

sdp_buf_t *pCache = sdp_get_cached_rsp(cstate);

406

if (pCache) {

407

pCacheBuffer = pCache->data;

408

/* get the rsp_count from the cached buffer */

409

rsp_count = ntohs(bt_get_unaligned((uint16_t *)pCacheBuffer));

410

411

/* get index of the last sdp_record_t sent */

412

lastIndex = cstate->cStateValue.lastIndexSent;

413

} else {

414

status = SDP_INVALID_CSTATE;

415

goto done;

416

}

417

} else {

418

pCacheBuffer = buf->data;

419

lastIndex = 0;

420

}

421

422

423

* Set the local buffer pointer to after the

424

* current record count and increment the cached

425

* buffer pointer to beyond the counters

426

427

pdata = (uint8_t *) pCurrentRecordCount + sizeof(uint16_t);

428

429

/* increment beyond the totalCount and the currentCount */

430

pCacheBuffer += 2 * sizeof(uint16_t);

431

432

if (cstate) {

433

handleSize = 0;

434

for (i = lastIndex; (i - lastIndex) < actual && i < rsp_count; i++) {

435

bt_put_unaligned(bt_get_unaligned((uint32_t *)(pCacheBuffer + i * sizeof(uint32_t))), (uint32_t *)pdata);

436

pdata += sizeof(uint32_t);

437

handleSize += sizeof(uint32_t);

438

}

439

} else {

440

handleSize = actual << 2;

441

i = actual;

442

}

443

444

buf->data_size += handleSize;

445

bt_put_unaligned(htons(rsp_count), (uint16_t *)pTotalRecordCount);

446

bt_put_unaligned(htons(i - lastIndex), (uint16_t *)pCurrentRecordCount);

447

448

if (i == rsp_count) {

449

/* set "null" continuationState */

450

sdp_set_cstate_pdu(buf, NULL);

451

} else {

452

453

* there's more: set lastIndexSent to

454

* the new value and move on

455

456

sdp_cont_state_t newState;

457

458

SDPDBG("Setting non-NULL sdp_cstate_t");

459

460

if (cstate)

461

memcpy((char *)&newState, cstate, sizeof(sdp_cont_state_t));

462

else {

463

memset((char *)&newState, 0, sizeof(sdp_cont_state_t));

464

newState.timestamp = cStateId;

465

}

466

newState.cStateValue.lastIndexSent = i;

467

sdp_set_cstate_pdu(buf, &newState);

468

}

469

}

470

471

done:

472

if (cstate)

473

free(cstate);

474

if (pattern)

475

sdp_list_free(pattern, free);

476

477

return status;

478

}

479

480

481

* Extract attribute identifiers from the request PDU.

482

* Clients could request a subset of attributes (by id)

483

* from a service record, instead of the whole set. The

484

* requested identifiers are present in the PDU form of

485

* the request

486

487

static int extract_attrs(sdp_record_t *rec, sdp_list_t *seq, uint8_t dtd, sdp_buf_t *buf)

488

{

489

if (!rec)

490

return SDP_INVALID_RECORD_HANDLE;

491

492

if (seq)

493

SDPDBG("Entries in attr seq : %d", sdp_list_len(seq));

494

else

495

SDPDBG("NULL attribute descriptor");

496

497

SDPDBG("AttrDataType : %d", dtd);

498

499

if (seq == NULL) {

500

SDPDBG("Attribute sequence is NULL");

501

return 0;

502

}

503

if (dtd == SDP_UINT16)

504

for (; seq; seq = seq->next) {

505

uint16_t attr = bt_get_unaligned((uint16_t *)seq->data);

506

sdp_data_t *a = (sdp_data_t *)sdp_data_get(rec, attr);

507

if (a)

508

sdp_append_to_pdu(buf, a);

509

}

510

else if (dtd == SDP_UINT32) {

511

sdp_buf_t pdu;

512

sdp_gen_record_pdu(rec, &pdu);

513

for (; seq; seq = seq->next) {

514

uint32_t range = bt_get_unaligned((uint32_t *)seq->data);

515

uint16_t attr;

516

uint16_t low = (0xffff0000 & range) >> 16;

517

uint16_t high = 0x0000ffff & range;

518

sdp_data_t *data;

519

520

SDPDBG("attr range : 0x%x", range);

521

SDPDBG("Low id : 0x%x", low);

522

SDPDBG("High id : 0x%x", high);

523

524

if (low == 0x0000 && high == 0xffff && pdu.data_size <= buf->buf_size) {

525

/* copy it */

526

memcpy(buf->data, pdu.data, pdu.data_size);

527

buf->data_size = pdu.data_size;

528

break;

529

}

530

/* (else) sub-range of attributes */

531

for (attr = low; attr < high; attr++) {

532

data = sdp_data_get(rec, attr);

533

if (data)

534

sdp_append_to_pdu(buf, data);

535

}

536

data = sdp_data_get(rec, high);

537

if (data)

538

sdp_append_to_pdu(buf, data);

539

}

540

free(pdu.data);

541

} else {

542

error("Unexpected data type : 0x%x", dtd);

543

error("Expect uint16_t or uint32_t");

544

return SDP_INVALID_SYNTAX;

545

}

546

return 0;

547

}

548

549

550

* A request for the attributes of a service record.

551

* First check if the service record (specified by

552

* service record handle) exists, then call the attribute

553

* streaming function

554

555

static int service_attr_req(sdp_req_t *req, sdp_buf_t *buf)

556

{

557

sdp_cont_state_t *cstate = NULL;

558

uint8_t *pResponse = NULL;

559

short cstate_size = 0;

560

sdp_list_t *seq = NULL;

561

uint8_t dtd = 0;

562

int scanned = 0;

563

int max_rsp_size;

564

int status = 0, plen, mlen;

565

uint8_t *pdata = req->buf + sizeof(sdp_pdu_hdr_t);

566

uint32_t handle = ntohl(bt_get_unaligned((uint32_t *)pdata));

567

568

pdata += sizeof(uint32_t);

569

max_rsp_size = ntohs(bt_get_unaligned((uint16_t *)pdata));

570

pdata += sizeof(uint16_t);

571

572

/* extract the attribute list */

573

scanned = extract_des(pdata, req->len - sizeof(sdp_pdu_hdr_t),

574

&seq, &dtd, SDP_TYPE_ANY);

575

if (scanned == -1) {

576

status = SDP_INVALID_SYNTAX;

577

goto done;

578

}

579

pdata += scanned;

580

581

plen = ntohs(((sdp_pdu_hdr_t *)(req->buf))->plen);

582

mlen = scanned + sizeof(uint32_t) + sizeof(uint16_t) + 1;

583

// ensure we don't read past buffer

584

if (plen < mlen || plen != mlen + *(uint8_t *)pdata) {

585

status = SDP_INVALID_SYNTAX;

586

goto done;

587

}

588

589

590

* if continuation state exists, attempt

591

* to get rsp remainder from cache, else send error

592

593

cstate = sdp_cstate_get(pdata);

594

595

SDPDBG("SvcRecHandle : 0x%x", handle);

596

SDPDBG("max_rsp_size : %d", max_rsp_size);

597

598

599

* Calculate Attribute size acording to MTU

600

* We can send only (MTU - sizeof(sdp_pdu_hdr_t) - sizeof(sdp_cont_state_t))

601

602

max_rsp_size = MIN(max_rsp_size, req->mtu - sizeof(sdp_pdu_hdr_t) -

603

sizeof(uint32_t) - SDP_CONT_STATE_SIZE - sizeof(uint16_t));

604

605

/* pull header for AttributeList byte count */

606

buf->data += sizeof(uint16_t);

607

buf->buf_size -= sizeof(uint16_t);

608

609

if (cstate) {

610

sdp_buf_t *pCache = sdp_get_cached_rsp(cstate);

611

612

SDPDBG("Obtained cached rsp : %p", pCache);

613

614

if (pCache) {

615

short sent = MIN(max_rsp_size, pCache->data_size - cstate->cStateValue.maxBytesSent);

616

pResponse = pCache->data;

617

memcpy(buf->data, pResponse + cstate->cStateValue.maxBytesSent, sent);

618

buf->data_size += sent;

619

cstate->cStateValue.maxBytesSent += sent;

620

621

SDPDBG("Response size : %d sending now : %d bytes sent so far : %d",

622

pCache->data_size, sent, cstate->cStateValue.maxBytesSent);

623

if (cstate->cStateValue.maxBytesSent == pCache->data_size)

624

cstate_size = sdp_set_cstate_pdu(buf, NULL);

625

else

626

cstate_size = sdp_set_cstate_pdu(buf, cstate);

627

} else {

628

status = SDP_INVALID_CSTATE;

629

error("NULL cache buffer and non-NULL continuation state");

630

}

631

} else {

632

sdp_record_t *rec = sdp_record_find(handle);

633

status = extract_attrs(rec, seq, dtd, buf);

634

if (buf->data_size > max_rsp_size) {

635

sdp_cont_state_t newState;

636

637

memset((char *)&newState, 0, sizeof(sdp_cont_state_t));

638

newState.timestamp = sdp_cstate_alloc_buf(buf);

639

640

* Reset the buffer size to the maximum expected and

641

* set the sdp_cont_state_t

642

643

SDPDBG("Creating continuation state of size : %d", buf->data_size);

644

buf->data_size = max_rsp_size;

645

newState.cStateValue.maxBytesSent = max_rsp_size;

646

cstate_size = sdp_set_cstate_pdu(buf, &newState);

647

} else {

648

if (buf->data_size == 0)

649

sdp_append_to_buf(buf, 0, 0);

650

cstate_size = sdp_set_cstate_pdu(buf, NULL);

651

}

652

}

653

654

// push header

655

buf->data -= sizeof(uint16_t);

656

buf->buf_size += sizeof(uint16_t);

657

658

done:

659

if (cstate)

660

free(cstate);

661

if (seq)

662

sdp_list_free(seq, free);

663

if (status)

664

return status;

665

666

/* set attribute list byte count */

667

bt_put_unaligned(htons(buf->data_size - cstate_size), (uint16_t *)buf->data);

668

buf->data_size += sizeof(uint16_t);

669

return 0;

670

}

671

672

673

* combined service search and attribute extraction

674

675

static int service_search_attr_req(sdp_req_t *req, sdp_buf_t *buf)

676

{

677

int status = 0, plen, totscanned;

678

uint8_t *pdata, *pResponse = NULL;

679

int scanned, max, rsp_count = 0;

680

sdp_list_t *pattern = NULL, *seq = NULL, *svcList;

681

sdp_cont_state_t *cstate = NULL;

682

short cstate_size = 0;

683

uint8_t dtd = 0;

684

sdp_buf_t tmpbuf;

685

686

tmpbuf.data = NULL;

687

pdata = req->buf + sizeof(sdp_pdu_hdr_t);

688

scanned = extract_des(pdata, req->len - sizeof(sdp_pdu_hdr_t),

689

&pattern, &dtd, SDP_TYPE_UUID);

690

if (scanned == -1) {

691

status = SDP_INVALID_SYNTAX;

692

goto done;

693

}

694

totscanned = scanned;

695

696

SDPDBG("Bytes scanned: %d", scanned);

697

698

pdata += scanned;

699

max = ntohs(bt_get_unaligned((uint16_t *)pdata));

700

pdata += sizeof(uint16_t);

701

702

SDPDBG("Max Attr expected: %d", max);

703

704

/* extract the attribute list */

705

scanned = extract_des(pdata, req->len - sizeof(sdp_pdu_hdr_t),

706

&seq, &dtd, SDP_TYPE_ANY);

707

if (scanned == -1) {

708

status = SDP_INVALID_SYNTAX;

709

goto done;

710

}

711

pdata += scanned;

712

totscanned += scanned + sizeof(uint16_t) + 1;

713

714

plen = ntohs(((sdp_pdu_hdr_t *)(req->buf))->plen);

715

if (plen < totscanned || plen != totscanned + *(uint8_t *)pdata) {

716

status = SDP_INVALID_SYNTAX;

717

goto done;

718

}

719

720

721

* if continuation state exists attempt

722

* to get rsp remainder from cache, else send error

723

724

cstate = sdp_cstate_get(pdata); // continuation information

725

726

svcList = sdp_get_record_list();

727

728

tmpbuf.data = malloc(USHRT_MAX);

729

tmpbuf.data_size = 0;

730

tmpbuf.buf_size = USHRT_MAX;

731

memset(tmpbuf.data, 0, USHRT_MAX);

732

733

734

* Calculate Attribute size acording to MTU

735

* We can send only (MTU - sizeof(sdp_pdu_hdr_t) - sizeof(sdp_cont_state_t))

736

737

max = MIN(max, req->mtu - sizeof(sdp_pdu_hdr_t) - SDP_CONT_STATE_SIZE - sizeof(uint16_t));

738

739

/* pull header for AttributeList byte count */

740

buf->data += sizeof(uint16_t);

741

buf->buf_size -= sizeof(uint16_t);

742

743

if (cstate == NULL) {

744

/* no continuation state -> create new response */

745

sdp_list_t *p;

746

for (p = svcList; p; p = p->next) {

747

sdp_record_t *rec = (sdp_record_t *) p->data;

748

if (sdp_match_uuid(pattern, rec->pattern) > 0 &&

749

sdp_check_access(rec->handle, &req->device)) {

750

rsp_count++;

751

status = extract_attrs(rec, seq, dtd, &tmpbuf);

752

753

SDPDBG("Response count : %d", rsp_count);

754

SDPDBG("Local PDU size : %d", tmpbuf.data_size);

755

if (status) {

756

SDPDBG("Extract attr from record returns err");

757

break;

758

}

759

if (buf->data_size + tmpbuf.data_size < buf->buf_size) {

760

// to be sure no relocations

761

sdp_append_to_buf(buf, tmpbuf.data, tmpbuf.data_size);

762

tmpbuf.data_size = 0;

763

memset(tmpbuf.data, 0, USHRT_MAX);

764

} else {

765

error("Relocation needed");

766

break;

767

}

768

SDPDBG("Net PDU size : %d", buf->data_size);

769

}

770

}

771

if (buf->data_size > max) {

772

sdp_cont_state_t newState;

773

774

memset((char *)&newState, 0, sizeof(sdp_cont_state_t));

775

newState.timestamp = sdp_cstate_alloc_buf(buf);

776

777

* Reset the buffer size to the maximum expected and

778

* set the sdp_cont_state_t

779

780

buf->data_size = max;

781

newState.cStateValue.maxBytesSent = max;

782

cstate_size = sdp_set_cstate_pdu(buf, &newState);

783

} else

784

cstate_size = sdp_set_cstate_pdu(buf, NULL);

785

} else {

786

/* continuation State exists -> get from cache */

787

sdp_buf_t *pCache = sdp_get_cached_rsp(cstate);

788

if (pCache) {

789

uint16_t sent = MIN(max, pCache->data_size - cstate->cStateValue.maxBytesSent);

790

pResponse = pCache->data;

791

memcpy(buf->data, pResponse + cstate->cStateValue.maxBytesSent, sent);

792

buf->data_size += sent;

793

cstate->cStateValue.maxBytesSent += sent;

794

if (cstate->cStateValue.maxBytesSent == pCache->data_size)

795

cstate_size = sdp_set_cstate_pdu(buf, NULL);

796

else

797

cstate_size = sdp_set_cstate_pdu(buf, cstate);

798

} else {

799

status = SDP_INVALID_CSTATE;

800

SDPDBG("Non-null continuation state, but null cache buffer");

801

}

802

}

803

804

if (!rsp_count && !cstate) {

805

// found nothing

806

buf->data_size = 0;

807

sdp_append_to_buf(buf, tmpbuf.data, tmpbuf.data_size);

808

sdp_set_cstate_pdu(buf, NULL);

809

}

810

811

// push header

812

buf->data -= sizeof(uint16_t);

813

buf->buf_size += sizeof(uint16_t);

814

815

if (!status) {

816

/* set attribute list byte count */

817

bt_put_unaligned(htons(buf->data_size - cstate_size), (uint16_t *)buf->data);

818

buf->data_size += sizeof(uint16_t);

819

}

820

821

done:

822

if (cstate)

823

free(cstate);

824

if (tmpbuf.data)

825

free(tmpbuf.data);

826

if (pattern)

827

sdp_list_free(pattern, free);

828

if (seq)

829

sdp_list_free(seq, free);

830

return status;

831

}

832

833

834

* Top level request processor. Calls the appropriate processing

835

* function based on request type. Handles service registration

836

* client requests also.

837

838

static void process_request(sdp_req_t *req)

839

{

840

sdp_pdu_hdr_t *reqhdr = (sdp_pdu_hdr_t *)req->buf;

841

sdp_pdu_hdr_t *rsphdr;

842

sdp_buf_t rsp;

843

uint8_t *buf = malloc(USHRT_MAX);

844

int sent = 0;

845

int status = SDP_INVALID_SYNTAX;

846

847

memset(buf, 0, USHRT_MAX);

848

rsp.data = buf + sizeof(sdp_pdu_hdr_t);

849

rsp.data_size = 0;

850

rsp.buf_size = USHRT_MAX - sizeof(sdp_pdu_hdr_t);

851

rsphdr = (sdp_pdu_hdr_t *)buf;

852

853

if (ntohs(reqhdr->plen) != req->len - sizeof(sdp_pdu_hdr_t)) {

854

status = SDP_INVALID_PDU_SIZE;

855

goto send_rsp;

856

}

857

switch (reqhdr->pdu_id) {

858

case SDP_SVC_SEARCH_REQ:

859

SDPDBG("Got a svc srch req");

860

status = service_search_req(req, &rsp);

861

rsphdr->pdu_id = SDP_SVC_SEARCH_RSP;

862

break;

863

case SDP_SVC_ATTR_REQ:

864

SDPDBG("Got a svc attr req");

865

status = service_attr_req(req, &rsp);

866

rsphdr->pdu_id = SDP_SVC_ATTR_RSP;

867

break;

868

case SDP_SVC_SEARCH_ATTR_REQ:

869

SDPDBG("Got a svc srch attr req");

870

status = service_search_attr_req(req, &rsp);

871

rsphdr->pdu_id = SDP_SVC_SEARCH_ATTR_RSP;

872

break;

873

/* Following requests are allowed only for local connections */

874

case SDP_SVC_REGISTER_REQ:

875

SDPDBG("Service register request");

876

if (req->local) {

877

status = service_register_req(req, &rsp);

878

rsphdr->pdu_id = SDP_SVC_REGISTER_RSP;

879

}

880

break;

881

case SDP_SVC_UPDATE_REQ:

882

SDPDBG("Service update request");

883

if (req->local) {

884

status = service_update_req(req, &rsp);

885

rsphdr->pdu_id = SDP_SVC_UPDATE_RSP;

886

}

887

break;

888

case SDP_SVC_REMOVE_REQ:

889

SDPDBG("Service removal request");

890

if (req->local) {

891

status = service_remove_req(req, &rsp);

892

rsphdr->pdu_id = SDP_SVC_REMOVE_RSP;

893

}

894

break;

895

default:

896

error("Unknown PDU ID : 0x%x received", reqhdr->pdu_id);

897

status = SDP_INVALID_SYNTAX;

898

break;

899

}

900

901

send_rsp:

902

if (status) {

903

rsphdr->pdu_id = SDP_ERROR_RSP;

904

bt_put_unaligned(htons(status), (uint16_t *)rsp.data);

905

rsp.data_size = sizeof(uint16_t);

906

}

907

908

SDPDBG("Sending rsp. status %d", status);

909

910

rsphdr->tid = reqhdr->tid;

911

rsphdr->plen = htons(rsp.data_size);

912

913

/* point back to the real buffer start and set the real rsp length */

914

rsp.data_size += sizeof(sdp_pdu_hdr_t);

915

rsp.data = buf;

916

917

/* stream the rsp PDU */

918

sent = send(req->sock, rsp.data, rsp.data_size, 0);

919

920

SDPDBG("Bytes Sent : %d", sent);

921

922

free(rsp.data);

923

free(req->buf);

924

}

925

926

void handle_request(int sk, uint8_t *data, int len)

927

{

928

struct sockaddr_l2 sa;

929

socklen_t size;

930

sdp_req_t req;

931

932

size = sizeof(sa);

933

if (getpeername(sk, (struct sockaddr *) &sa, &size) < 0)

934

return;

935

936

if (sa.l2_family == AF_BLUETOOTH) {

937

struct l2cap_options lo;

938

memset(&lo, 0, sizeof(lo));

939

size = sizeof(lo);

940

getsockopt(sk, SOL_L2CAP, L2CAP_OPTIONS, &lo, &size);

941

bacpy(&req.bdaddr, &sa.l2_bdaddr);

942

req.mtu = lo.omtu;

943

req.local = 0;

944

memset(&sa, 0, sizeof(sa));

945

size = sizeof(sa);

946

getsockname(sk, (struct sockaddr *) &sa, &size);

947

bacpy(&req.device, &sa.l2_bdaddr);

948

} else {

949

bacpy(&req.device, BDADDR_ANY);

950

bacpy(&req.bdaddr, BDADDR_LOCAL);

951

req.mtu = 2048;

952

req.local = 1;

953

}

954

955

req.sock = sk;

956

req.buf = data;

957

req.len = len;

958

959

process_request(&req);

960

}

Older »