aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMarcel Holtmann <marcel@holtmann.org>2009-02-12 10:19:45 -0500
committerMarcel Holtmann <marcel@holtmann.org>2009-02-27 00:14:43 -0500
commit00ae4af91d8c5b6814e2bb3bfaaf743845f989eb (patch)
tree616da6330e5b9ca7448234fbd588c536da165d11
parent2950f21acb0f6b8fcd964485c2ebf1e06545ac20 (diff)
Bluetooth: Fix authentication requirements for L2CAP security check
The L2CAP layer can trigger the authentication via an ACL connection or later on to increase the security level. When increasing the security level it didn't use the same authentication requirements when triggering a new ACL connection. Make sure that exactly the same authentication requirements are used. The only exception here are the L2CAP raw sockets which are only used for dedicated bonding. Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
-rw-r--r--net/bluetooth/l2cap.c30
1 files changed, 20 insertions, 10 deletions
diff --git a/net/bluetooth/l2cap.c b/net/bluetooth/l2cap.c
index d563f2ebcbb3..79a4325a1388 100644
--- a/net/bluetooth/l2cap.c
+++ b/net/bluetooth/l2cap.c
@@ -268,16 +268,26 @@ static inline int l2cap_check_security(struct sock *sk)
268 struct l2cap_conn *conn = l2cap_pi(sk)->conn; 268 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
269 __u8 auth_type; 269 __u8 auth_type;
270 270
271 switch (l2cap_pi(sk)->sec_level) { 271 if (l2cap_pi(sk)->psm == cpu_to_le16(0x0001)) {
272 case BT_SECURITY_HIGH: 272 if (l2cap_pi(sk)->sec_level == BT_SECURITY_HIGH)
273 auth_type = HCI_AT_GENERAL_BONDING_MITM; 273 auth_type = HCI_AT_NO_BONDING_MITM;
274 break; 274 else
275 case BT_SECURITY_MEDIUM: 275 auth_type = HCI_AT_NO_BONDING;
276 auth_type = HCI_AT_GENERAL_BONDING; 276
277 break; 277 if (l2cap_pi(sk)->sec_level == BT_SECURITY_LOW)
278 default: 278 l2cap_pi(sk)->sec_level = BT_SECURITY_SDP;
279 auth_type = HCI_AT_NO_BONDING; 279 } else {
280 break; 280 switch (l2cap_pi(sk)->sec_level) {
281 case BT_SECURITY_HIGH:
282 auth_type = HCI_AT_GENERAL_BONDING_MITM;
283 break;
284 case BT_SECURITY_MEDIUM:
285 auth_type = HCI_AT_GENERAL_BONDING;
286 break;
287 default:
288 auth_type = HCI_AT_NO_BONDING;
289 break;
290 }
281 } 291 }
282 292
283 return hci_conn_security(conn->hcon, l2cap_pi(sk)->sec_level, 293 return hci_conn_security(conn->hcon, l2cap_pi(sk)->sec_level,