1 files changed, 100 insertions, 79 deletions
diff --git a/net/bluetooth/rfcomm/core.c b/net/bluetooth/rfcomm/core.c
index acd84fd524b8..1d0fb0f23c63 100644
--- a/net/bluetooth/rfcomm/core.c
+++ b/net/bluetooth/rfcomm/core.c
@@ -46,7 +46,7 @@
 #include <net/bluetooth/l2cap.h>
 #include <net/bluetooth/rfcomm.h>
-#define VERSION "1.10"
+#define VERSION "1.11"
 static int disable_cfc = 0;
 static int channel_mtu = -1;
@@ -223,19 +223,25 @@ static int rfcomm_l2sock_create(struct socket **sock)
        return err;
 }
-static inline int rfcomm_check_link_mode(struct rfcomm_dlc *d)
+static inline int rfcomm_check_security(struct rfcomm_dlc *d)
 {
        struct sock *sk = d->session->sock->sk;
+        __u8 auth_type;
-        if (d->link_mode & (RFCOMM_LM_ENCRYPT | RFCOMM_LM_SECURE)) {
+        switch (d->sec_level) {
-                if (!hci_conn_encrypt(l2cap_pi(sk)->conn->hcon))
+        case BT_SECURITY_HIGH:
-                        return 1;
+                auth_type = HCI_AT_GENERAL_BONDING_MITM;
-        } else if (d->link_mode & RFCOMM_LM_AUTH) {
+                break;
-                if (!hci_conn_auth(l2cap_pi(sk)->conn->hcon))
+        case BT_SECURITY_MEDIUM:
-                        return 1;
+                auth_type = HCI_AT_GENERAL_BONDING;
+                break;
+        default:
+                auth_type = HCI_AT_NO_BONDING;
+                break;
        }
-        return 0;
+        return hci_conn_security(l2cap_pi(sk)->conn->hcon, d->sec_level,
+                                                                auth_type);
 }
 /* ---- RFCOMM DLCs ---- */
@@ -388,10 +394,10 @@ static int __rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst,
        d->cfc = (s->cfc == RFCOMM_CFC_UNKNOWN) ? 0 : s->cfc;
        if (s->state == BT_CONNECTED) {
-                if (rfcomm_check_link_mode(d))
+                if (rfcomm_check_security(d))
-                        set_bit(RFCOMM_AUTH_PENDING, &d->flags);
-                else
                        rfcomm_send_pn(s, 1, d);
+                else
+                        set_bit(RFCOMM_AUTH_PENDING, &d->flags);
        }
        rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
@@ -421,9 +427,16 @@ static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
                        d, d->state, d->dlci, err, s);
        switch (d->state) {
-        case BT_CONNECTED:
-        case BT_CONFIG:
        case BT_CONNECT:
+        case BT_CONFIG:
+                if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
+                        set_bit(RFCOMM_AUTH_REJECT, &d->flags);
+                        rfcomm_schedule(RFCOMM_SCHED_AUTH);
+                        break;
+                }
+                /* Fall through */
+        case BT_CONNECTED:
                d->state = BT_DISCONN;
                if (skb_queue_empty(&d->tx_queue)) {
                        rfcomm_send_disc(s, d->dlci);
@@ -434,6 +447,15 @@ static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
                }
                break;
+        case BT_OPEN:
+        case BT_CONNECT2:
+                if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
+                        set_bit(RFCOMM_AUTH_REJECT, &d->flags);
+                        rfcomm_schedule(RFCOMM_SCHED_AUTH);
+                        break;
+                }
+                /* Fall through */
        default:
                rfcomm_dlc_clear_timer(d);
@@ -636,6 +658,7 @@ static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst
        bacpy(&addr.l2_bdaddr, src);
        addr.l2_family = AF_BLUETOOTH;
        addr.l2_psm    = 0;
+        addr.l2_cid    = 0;
        *err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
        if (*err < 0)
                goto failed;
@@ -657,6 +680,7 @@ static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst
        bacpy(&addr.l2_bdaddr, dst);
        addr.l2_family = AF_BLUETOOTH;
        addr.l2_psm    = htobs(RFCOMM_PSM);
+        addr.l2_cid    = 0;
        *err = kernel_connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK);
        if (*err == 0 || *err == -EINPROGRESS)
                return s;
@@ -1162,7 +1186,7 @@ static int rfcomm_recv_disc(struct rfcomm_session *s, u8 dlci)
        return 0;
 }
-static void rfcomm_dlc_accept(struct rfcomm_dlc *d)
+void rfcomm_dlc_accept(struct rfcomm_dlc *d)
 {
        struct sock *sk = d->session->sock->sk;
@@ -1175,12 +1199,31 @@ static void rfcomm_dlc_accept(struct rfcomm_dlc *d)
        d->state_change(d, 0);
        rfcomm_dlc_unlock(d);
-        if (d->link_mode & RFCOMM_LM_MASTER)
+        if (d->role_switch)
                hci_conn_switch_role(l2cap_pi(sk)->conn->hcon, 0x00);
        rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
 }
+static void rfcomm_check_accept(struct rfcomm_dlc *d)
+{
+        if (rfcomm_check_security(d)) {
+                if (d->defer_setup) {
+                        set_bit(RFCOMM_DEFER_SETUP, &d->flags);
+                        rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
+                        rfcomm_dlc_lock(d);
+                        d->state = BT_CONNECT2;
+                        d->state_change(d, 0);
+                        rfcomm_dlc_unlock(d);
+                } else
+                        rfcomm_dlc_accept(d);
+        } else {
+                set_bit(RFCOMM_AUTH_PENDING, &d->flags);
+                rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
+        }
+}
 static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci)
 {
        struct rfcomm_dlc *d;
@@ -1203,11 +1246,7 @@ static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci)
        if (d) {
                if (d->state == BT_OPEN) {
                        /* DLC was previously opened by PN request */
-                        if (rfcomm_check_link_mode(d)) {
+                        rfcomm_check_accept(d);
-                                set_bit(RFCOMM_AUTH_PENDING, &d->flags);
-                                rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
-                        } else
-                                rfcomm_dlc_accept(d);
                }
                return 0;
        }
@@ -1219,11 +1258,7 @@ static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci)
                d->addr = __addr(s->initiator, dlci);
                rfcomm_dlc_link(s, d);
-                if (rfcomm_check_link_mode(d)) {
+                rfcomm_check_accept(d);
-                        set_bit(RFCOMM_AUTH_PENDING, &d->flags);
-                        rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
-                } else
-                        rfcomm_dlc_accept(d);
        } else {
                rfcomm_send_dm(s, dlci);
        }
@@ -1637,11 +1672,12 @@ static void rfcomm_process_connect(struct rfcomm_session *s)
                d = list_entry(p, struct rfcomm_dlc, list);
                if (d->state == BT_CONFIG) {
                        d->mtu = s->mtu;
-                        if (rfcomm_check_link_mode(d)) {
+                        if (rfcomm_check_security(d)) {
+                                rfcomm_send_pn(s, 1, d);
+                        } else {
                                set_bit(RFCOMM_AUTH_PENDING, &d->flags);
                                rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
-                        } else
+                        }
-                                rfcomm_send_pn(s, 1, d);
                }
        }
 }
@@ -1717,11 +1753,17 @@ static inline void rfcomm_process_dlcs(struct rfcomm_session *s)
                        if (d->out) {
                                rfcomm_send_pn(s, 1, d);
                                rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
-                        } else
+                        } else {
-                                rfcomm_dlc_accept(d);
+                                if (d->defer_setup) {
-                        if (d->link_mode & RFCOMM_LM_SECURE) {
+                                        set_bit(RFCOMM_DEFER_SETUP, &d->flags);
-                                struct sock *sk = s->sock->sk;
+                                        rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
-                                hci_conn_change_link_key(l2cap_pi(sk)->conn->hcon);
+                                        rfcomm_dlc_lock(d);
+                                        d->state = BT_CONNECT2;
+                                        d->state_change(d, 0);
+                                        rfcomm_dlc_unlock(d);
+                                } else
+                                        rfcomm_dlc_accept(d);
                        }
                        continue;
                } else if (test_and_clear_bit(RFCOMM_AUTH_REJECT, &d->flags)) {
@@ -1734,6 +1776,9 @@ static inline void rfcomm_process_dlcs(struct rfcomm_session *s)
                        continue;
                }
+                if (test_bit(RFCOMM_SEC_PENDING, &d->flags))
+                        continue;
                if (test_bit(RFCOMM_TX_THROTTLED, &s->flags))
                        continue;
@@ -1876,6 +1921,7 @@ static int rfcomm_add_listener(bdaddr_t *ba)
        bacpy(&addr.l2_bdaddr, ba);
        addr.l2_family = AF_BLUETOOTH;
        addr.l2_psm    = htobs(RFCOMM_PSM);
+        addr.l2_cid    = 0;
        err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
        if (err < 0) {
                BT_ERR("Bind failed %d", err);
@@ -1947,42 +1993,7 @@ static int rfcomm_run(void *unused)
        return 0;
 }
-static void rfcomm_auth_cfm(struct hci_conn *conn, u8 status)
+static void rfcomm_security_cfm(struct hci_conn *conn, u8 status, u8 encrypt)
-{
-        struct rfcomm_session *s;
-        struct rfcomm_dlc *d;
-        struct list_head *p, *n;
-        BT_DBG("conn %p status 0x%02x", conn, status);
-        s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst);
-        if (!s)
-                return;
-        rfcomm_session_hold(s);
-        list_for_each_safe(p, n, &s->dlcs) {
-                d = list_entry(p, struct rfcomm_dlc, list);
-                if ((d->link_mode & (RFCOMM_LM_ENCRYPT | RFCOMM_LM_SECURE)) &&
-                                !(conn->link_mode & HCI_LM_ENCRYPT) && !status)
-                        continue;
-                if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
-                        continue;
-                if (!status)
-                        set_bit(RFCOMM_AUTH_ACCEPT, &d->flags);
-                else
-                        set_bit(RFCOMM_AUTH_REJECT, &d->flags);
-        }
-        rfcomm_session_put(s);
-        rfcomm_schedule(RFCOMM_SCHED_AUTH);
-}
-static void rfcomm_encrypt_cfm(struct hci_conn *conn, u8 status, u8 encrypt)
 {
        struct rfcomm_session *s;
        struct rfcomm_dlc *d;
@@ -1999,18 +2010,29 @@ static void rfcomm_encrypt_cfm(struct hci_conn *conn, u8 status, u8 encrypt)
        list_for_each_safe(p, n, &s->dlcs) {
                d = list_entry(p, struct rfcomm_dlc, list);
-                if ((d->link_mode & (RFCOMM_LM_ENCRYPT | RFCOMM_LM_SECURE)) &&
+                if (test_and_clear_bit(RFCOMM_SEC_PENDING, &d->flags)) {
-                                        (d->state == BT_CONNECTED ||
+                        rfcomm_dlc_clear_timer(d);
-                                                d->state == BT_CONFIG) &&
+                        if (status || encrypt == 0x00) {
-                                                !status && encrypt == 0x00) {
+                                __rfcomm_dlc_close(d, ECONNREFUSED);
-                        __rfcomm_dlc_close(d, ECONNREFUSED);
+                                continue;
-                        continue;
+                        }
+                }
+                if (d->state == BT_CONNECTED && !status && encrypt == 0x00) {
+                        if (d->sec_level == BT_SECURITY_MEDIUM) {
+                                set_bit(RFCOMM_SEC_PENDING, &d->flags);
+                                rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
+                                continue;
+                        } else if (d->sec_level == BT_SECURITY_HIGH) {
+                                __rfcomm_dlc_close(d, ECONNREFUSED);
+                                continue;
+                        }
                }
                if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
                        continue;
-                if (!status && encrypt)
+                if (!status)
                        set_bit(RFCOMM_AUTH_ACCEPT, &d->flags);
                else
                        set_bit(RFCOMM_AUTH_REJECT, &d->flags);
@@ -2023,8 +2045,7 @@ static void rfcomm_encrypt_cfm(struct hci_conn *conn, u8 status, u8 encrypt)
 static struct hci_cb rfcomm_cb = {
        .name           = "RFCOMM",
-        .auth_cfm       = rfcomm_auth_cfm,
+        .security_cfm   = rfcomm_security_cfm
-        .encrypt_cfm    = rfcomm_encrypt_cfm
 };
 static ssize_t rfcomm_dlc_sysfs_show(struct class *dev, char *buf)

diff --git a/net/bluetooth/rfcomm/core.c b/net/bluetooth/rfcomm/core.c index acd84fd524b8..1d0fb0f23c63 100644 --- a/net/bluetooth/rfcomm/core.c +++ b/net/bluetooth/rfcomm/core.c
@@ -46,7 +46,7 @@
46	#include <net/bluetooth/l2cap.h>	46	#include <net/bluetooth/l2cap.h>
47	#include <net/bluetooth/rfcomm.h>	47	#include <net/bluetooth/rfcomm.h>
48		48
49	#define VERSION "1.10"	49	#define VERSION "1.11"
50		50
51	static int disable_cfc = 0;	51	static int disable_cfc = 0;
52	static int channel_mtu = -1;	52	static int channel_mtu = -1;
@@ -223,19 +223,25 @@ static int rfcomm_l2sock_create(struct socket **sock)
223	return err;	223	return err;
224	}	224	}
225		225
226	static inline int rfcomm_check_link_mode(struct rfcomm_dlc *d)	226	static inline int rfcomm_check_security(struct rfcomm_dlc *d)
227	{	227	{
228	struct sock *sk = d->session->sock->sk;	228	struct sock *sk = d->session->sock->sk;
		229	__u8 auth_type;
229		230
230	if (d->link_mode & (RFCOMM_LM_ENCRYPT \| RFCOMM_LM_SECURE)) {	231	switch (d->sec_level) {
231	if (!hci_conn_encrypt(l2cap_pi(sk)->conn->hcon))	232	case BT_SECURITY_HIGH:
232	return 1;	233	auth_type = HCI_AT_GENERAL_BONDING_MITM;
233	} else if (d->link_mode & RFCOMM_LM_AUTH) {	234	break;
234	if (!hci_conn_auth(l2cap_pi(sk)->conn->hcon))	235	case BT_SECURITY_MEDIUM:
235	return 1;	236	auth_type = HCI_AT_GENERAL_BONDING;
		237	break;
		238	default:
		239	auth_type = HCI_AT_NO_BONDING;
		240	break;
236	}	241	}
237		242
238	return 0;	243	return hci_conn_security(l2cap_pi(sk)->conn->hcon, d->sec_level,
		244	auth_type);
239	}	245	}
240		246
241	/* ---- RFCOMM DLCs ---- */	247	/* ---- RFCOMM DLCs ---- */
@@ -388,10 +394,10 @@ static int __rfcomm_dlc_open(struct rfcomm_dlc d, bdaddr_t src, bdaddr_t *dst,
388	d->cfc = (s->cfc == RFCOMM_CFC_UNKNOWN) ? 0 : s->cfc;	394	d->cfc = (s->cfc == RFCOMM_CFC_UNKNOWN) ? 0 : s->cfc;
389		395
390	if (s->state == BT_CONNECTED) {	396	if (s->state == BT_CONNECTED) {
391	if (rfcomm_check_link_mode(d))	397	if (rfcomm_check_security(d))
392	set_bit(RFCOMM_AUTH_PENDING, &d->flags);
393	else
394	rfcomm_send_pn(s, 1, d);	398	rfcomm_send_pn(s, 1, d);
		399	else
		400	set_bit(RFCOMM_AUTH_PENDING, &d->flags);
395	}	401	}
396		402
397	rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);	403	rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
@@ -421,9 +427,16 @@ static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
421	d, d->state, d->dlci, err, s);	427	d, d->state, d->dlci, err, s);
422		428
423	switch (d->state) {	429	switch (d->state) {
424	case BT_CONNECTED:
425	case BT_CONFIG:
426	case BT_CONNECT:	430	case BT_CONNECT:
		431	case BT_CONFIG:
		432	if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
		433	set_bit(RFCOMM_AUTH_REJECT, &d->flags);
		434	rfcomm_schedule(RFCOMM_SCHED_AUTH);
		435	break;
		436	}
		437	/* Fall through */
		438
		439	case BT_CONNECTED:
427	d->state = BT_DISCONN;	440	d->state = BT_DISCONN;
428	if (skb_queue_empty(&d->tx_queue)) {	441	if (skb_queue_empty(&d->tx_queue)) {
429	rfcomm_send_disc(s, d->dlci);	442	rfcomm_send_disc(s, d->dlci);
@@ -434,6 +447,15 @@ static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
434	}	447	}
435	break;	448	break;
436		449
		450	case BT_OPEN:
		451	case BT_CONNECT2:
		452	if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
		453	set_bit(RFCOMM_AUTH_REJECT, &d->flags);
		454	rfcomm_schedule(RFCOMM_SCHED_AUTH);
		455	break;
		456	}
		457	/* Fall through */
		458
437	default:	459	default:
438	rfcomm_dlc_clear_timer(d);	460	rfcomm_dlc_clear_timer(d);
439		461
@@ -636,6 +658,7 @@ static struct rfcomm_session rfcomm_session_create(bdaddr_t src, bdaddr_t *dst
636	bacpy(&addr.l2_bdaddr, src);	658	bacpy(&addr.l2_bdaddr, src);
637	addr.l2_family = AF_BLUETOOTH;	659	addr.l2_family = AF_BLUETOOTH;
638	addr.l2_psm = 0;	660	addr.l2_psm = 0;
		661	addr.l2_cid = 0;
639	err = kernel_bind(sock, (struct sockaddr ) &addr, sizeof(addr));	662	err = kernel_bind(sock, (struct sockaddr ) &addr, sizeof(addr));
640	if (*err < 0)	663	if (*err < 0)
641	goto failed;	664	goto failed;
@@ -657,6 +680,7 @@ static struct rfcomm_session rfcomm_session_create(bdaddr_t src, bdaddr_t *dst
657	bacpy(&addr.l2_bdaddr, dst);	680	bacpy(&addr.l2_bdaddr, dst);
658	addr.l2_family = AF_BLUETOOTH;	681	addr.l2_family = AF_BLUETOOTH;
659	addr.l2_psm = htobs(RFCOMM_PSM);	682	addr.l2_psm = htobs(RFCOMM_PSM);
		683	addr.l2_cid = 0;
660	err = kernel_connect(sock, (struct sockaddr ) &addr, sizeof(addr), O_NONBLOCK);	684	err = kernel_connect(sock, (struct sockaddr ) &addr, sizeof(addr), O_NONBLOCK);
661	if (err == 0 \|\| err == -EINPROGRESS)	685	if (err == 0 \|\| err == -EINPROGRESS)
662	return s;	686	return s;
@@ -1162,7 +1186,7 @@ static int rfcomm_recv_disc(struct rfcomm_session *s, u8 dlci)
1162	return 0;	1186	return 0;
1163	}	1187	}
1164		1188
1165	static void rfcomm_dlc_accept(struct rfcomm_dlc *d)	1189	void rfcomm_dlc_accept(struct rfcomm_dlc *d)
1166	{	1190	{
1167	struct sock *sk = d->session->sock->sk;	1191	struct sock *sk = d->session->sock->sk;
1168		1192
@@ -1175,12 +1199,31 @@ static void rfcomm_dlc_accept(struct rfcomm_dlc *d)
1175	d->state_change(d, 0);	1199	d->state_change(d, 0);
1176	rfcomm_dlc_unlock(d);	1200	rfcomm_dlc_unlock(d);
1177		1201
1178	if (d->link_mode & RFCOMM_LM_MASTER)	1202	if (d->role_switch)
1179	hci_conn_switch_role(l2cap_pi(sk)->conn->hcon, 0x00);	1203	hci_conn_switch_role(l2cap_pi(sk)->conn->hcon, 0x00);
1180		1204
1181	rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);	1205	rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1182	}	1206	}
1183		1207
		1208	static void rfcomm_check_accept(struct rfcomm_dlc *d)
		1209	{
		1210	if (rfcomm_check_security(d)) {
		1211	if (d->defer_setup) {
		1212	set_bit(RFCOMM_DEFER_SETUP, &d->flags);
		1213	rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
		1214
		1215	rfcomm_dlc_lock(d);
		1216	d->state = BT_CONNECT2;
		1217	d->state_change(d, 0);
		1218	rfcomm_dlc_unlock(d);
		1219	} else
		1220	rfcomm_dlc_accept(d);
		1221	} else {
		1222	set_bit(RFCOMM_AUTH_PENDING, &d->flags);
		1223	rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
		1224	}
		1225	}
		1226
1184	static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci)	1227	static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci)
1185	{	1228	{
1186	struct rfcomm_dlc *d;	1229	struct rfcomm_dlc *d;
@@ -1203,11 +1246,7 @@ static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci)
1203	if (d) {	1246	if (d) {
1204	if (d->state == BT_OPEN) {	1247	if (d->state == BT_OPEN) {
1205	/* DLC was previously opened by PN request */	1248	/* DLC was previously opened by PN request */
1206	if (rfcomm_check_link_mode(d)) {	1249	rfcomm_check_accept(d);
1207	set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1208	rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1209	} else
1210	rfcomm_dlc_accept(d);
1211	}	1250	}
1212	return 0;	1251	return 0;
1213	}	1252	}
@@ -1219,11 +1258,7 @@ static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci)
1219	d->addr = __addr(s->initiator, dlci);	1258	d->addr = __addr(s->initiator, dlci);
1220	rfcomm_dlc_link(s, d);	1259	rfcomm_dlc_link(s, d);
1221		1260
1222	if (rfcomm_check_link_mode(d)) {	1261	rfcomm_check_accept(d);
1223	set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1224	rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1225	} else
1226	rfcomm_dlc_accept(d);
1227	} else {	1262	} else {
1228	rfcomm_send_dm(s, dlci);	1263	rfcomm_send_dm(s, dlci);
1229	}	1264	}
@@ -1637,11 +1672,12 @@ static void rfcomm_process_connect(struct rfcomm_session *s)
1637	d = list_entry(p, struct rfcomm_dlc, list);	1672	d = list_entry(p, struct rfcomm_dlc, list);
1638	if (d->state == BT_CONFIG) {	1673	if (d->state == BT_CONFIG) {
1639	d->mtu = s->mtu;	1674	d->mtu = s->mtu;
1640	if (rfcomm_check_link_mode(d)) {	1675	if (rfcomm_check_security(d)) {
		1676	rfcomm_send_pn(s, 1, d);
		1677	} else {
1641	set_bit(RFCOMM_AUTH_PENDING, &d->flags);	1678	set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1642	rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);	1679	rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1643	} else	1680	}
1644	rfcomm_send_pn(s, 1, d);
1645	}	1681	}
1646	}	1682	}
1647	}	1683	}
@@ -1717,11 +1753,17 @@ static inline void rfcomm_process_dlcs(struct rfcomm_session *s)
1717	if (d->out) {	1753	if (d->out) {
1718	rfcomm_send_pn(s, 1, d);	1754	rfcomm_send_pn(s, 1, d);
1719	rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);	1755	rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
1720	} else	1756	} else {
1721	rfcomm_dlc_accept(d);	1757	if (d->defer_setup) {
1722	if (d->link_mode & RFCOMM_LM_SECURE) {	1758	set_bit(RFCOMM_DEFER_SETUP, &d->flags);
1723	struct sock *sk = s->sock->sk;	1759	rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1724	hci_conn_change_link_key(l2cap_pi(sk)->conn->hcon);	1760
		1761	rfcomm_dlc_lock(d);
		1762	d->state = BT_CONNECT2;
		1763	d->state_change(d, 0);
		1764	rfcomm_dlc_unlock(d);
		1765	} else
		1766	rfcomm_dlc_accept(d);
1725	}	1767	}
1726	continue;	1768	continue;
1727	} else if (test_and_clear_bit(RFCOMM_AUTH_REJECT, &d->flags)) {	1769	} else if (test_and_clear_bit(RFCOMM_AUTH_REJECT, &d->flags)) {
@@ -1734,6 +1776,9 @@ static inline void rfcomm_process_dlcs(struct rfcomm_session *s)
1734	continue;	1776	continue;
1735	}	1777	}
1736		1778
		1779	if (test_bit(RFCOMM_SEC_PENDING, &d->flags))
		1780	continue;
		1781
1737	if (test_bit(RFCOMM_TX_THROTTLED, &s->flags))	1782	if (test_bit(RFCOMM_TX_THROTTLED, &s->flags))
1738	continue;	1783	continue;
1739		1784
@@ -1876,6 +1921,7 @@ static int rfcomm_add_listener(bdaddr_t *ba)
1876	bacpy(&addr.l2_bdaddr, ba);	1921	bacpy(&addr.l2_bdaddr, ba);
1877	addr.l2_family = AF_BLUETOOTH;	1922	addr.l2_family = AF_BLUETOOTH;
1878	addr.l2_psm = htobs(RFCOMM_PSM);	1923	addr.l2_psm = htobs(RFCOMM_PSM);
		1924	addr.l2_cid = 0;
1879	err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));	1925	err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
1880	if (err < 0) {	1926	if (err < 0) {
1881	BT_ERR("Bind failed %d", err);	1927	BT_ERR("Bind failed %d", err);
@@ -1947,42 +1993,7 @@ static int rfcomm_run(void *unused)
1947	return 0;	1993	return 0;
1948	}	1994	}
1949		1995
1950	static void rfcomm_auth_cfm(struct hci_conn *conn, u8 status)	1996	static void rfcomm_security_cfm(struct hci_conn *conn, u8 status, u8 encrypt)
1951	{
1952	struct rfcomm_session *s;
1953	struct rfcomm_dlc *d;
1954	struct list_head p, n;
1955
1956	BT_DBG("conn %p status 0x%02x", conn, status);
1957
1958	s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst);
1959	if (!s)
1960	return;
1961
1962	rfcomm_session_hold(s);
1963
1964	list_for_each_safe(p, n, &s->dlcs) {
1965	d = list_entry(p, struct rfcomm_dlc, list);
1966
1967	if ((d->link_mode & (RFCOMM_LM_ENCRYPT \| RFCOMM_LM_SECURE)) &&
1968	!(conn->link_mode & HCI_LM_ENCRYPT) && !status)
1969	continue;
1970
1971	if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
1972	continue;
1973
1974	if (!status)
1975	set_bit(RFCOMM_AUTH_ACCEPT, &d->flags);
1976	else
1977	set_bit(RFCOMM_AUTH_REJECT, &d->flags);
1978	}
1979
1980	rfcomm_session_put(s);
1981
1982	rfcomm_schedule(RFCOMM_SCHED_AUTH);
1983	}
1984
1985	static void rfcomm_encrypt_cfm(struct hci_conn *conn, u8 status, u8 encrypt)
1986	{	1997	{
1987	struct rfcomm_session *s;	1998	struct rfcomm_session *s;
1988	struct rfcomm_dlc *d;	1999	struct rfcomm_dlc *d;
@@ -1999,18 +2010,29 @@ static void rfcomm_encrypt_cfm(struct hci_conn *conn, u8 status, u8 encrypt)
1999	list_for_each_safe(p, n, &s->dlcs) {	2010	list_for_each_safe(p, n, &s->dlcs) {
2000	d = list_entry(p, struct rfcomm_dlc, list);	2011	d = list_entry(p, struct rfcomm_dlc, list);
2001		2012
2002	if ((d->link_mode & (RFCOMM_LM_ENCRYPT \| RFCOMM_LM_SECURE)) &&	2013	if (test_and_clear_bit(RFCOMM_SEC_PENDING, &d->flags)) {
2003	(d->state == BT_CONNECTED \|\|	2014	rfcomm_dlc_clear_timer(d);
2004	d->state == BT_CONFIG) &&	2015	if (status \|\| encrypt == 0x00) {
2005	!status && encrypt == 0x00) {	2016	__rfcomm_dlc_close(d, ECONNREFUSED);
2006	__rfcomm_dlc_close(d, ECONNREFUSED);	2017	continue;
2007	continue;	2018	}
		2019	}
		2020
		2021	if (d->state == BT_CONNECTED && !status && encrypt == 0x00) {
		2022	if (d->sec_level == BT_SECURITY_MEDIUM) {
		2023	set_bit(RFCOMM_SEC_PENDING, &d->flags);
		2024	rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
		2025	continue;
		2026	} else if (d->sec_level == BT_SECURITY_HIGH) {
		2027	__rfcomm_dlc_close(d, ECONNREFUSED);
		2028	continue;
		2029	}
2008	}	2030	}
2009		2031
2010	if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))	2032	if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
2011	continue;	2033	continue;
2012		2034
2013	if (!status && encrypt)	2035	if (!status)
2014	set_bit(RFCOMM_AUTH_ACCEPT, &d->flags);	2036	set_bit(RFCOMM_AUTH_ACCEPT, &d->flags);
2015	else	2037	else
2016	set_bit(RFCOMM_AUTH_REJECT, &d->flags);	2038	set_bit(RFCOMM_AUTH_REJECT, &d->flags);
@@ -2023,8 +2045,7 @@ static void rfcomm_encrypt_cfm(struct hci_conn *conn, u8 status, u8 encrypt)
2023		2045
2024	static struct hci_cb rfcomm_cb = {	2046	static struct hci_cb rfcomm_cb = {
2025	.name = "RFCOMM",	2047	.name = "RFCOMM",
2026	.auth_cfm = rfcomm_auth_cfm,	2048	.security_cfm = rfcomm_security_cfm
2027	.encrypt_cfm = rfcomm_encrypt_cfm
2028	};	2049	};
2029		2050
2030	static ssize_t rfcomm_dlc_sysfs_show(struct class dev, char buf)	2051	static ssize_t rfcomm_dlc_sysfs_show(struct class dev, char buf)