3 files changed, 39 insertions, 16 deletions
diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c
index 2435e830ba60..7fc4c048b57b 100644
--- a/net/bluetooth/hci_conn.c
+++ b/net/bluetooth/hci_conn.c
@@ -391,19 +391,14 @@ int hci_conn_check_link_mode(struct hci_conn *conn)
 EXPORT_SYMBOL(hci_conn_check_link_mode);
 /* Authenticate remote device */
-static int hci_conn_auth(struct hci_conn *conn, __u8 sec_level)
+static int hci_conn_auth(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
 {
        BT_DBG("conn %p", conn);
-        if (sec_level > conn->sec_level)
+        if (sec_level > conn->sec_level) {
-                conn->link_mode &= ~HCI_LM_AUTH;
+                conn->sec_level = sec_level;
+                conn->auth_type = auth_type;
-        conn->sec_level = sec_level;
+        } else if (conn->link_mode & HCI_LM_AUTH)
-        if (sec_level == BT_SECURITY_HIGH)
-                conn->auth_type |= 0x01;
-        if (conn->link_mode & HCI_LM_AUTH)
                return 1;
        if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
@@ -417,7 +412,7 @@ static int hci_conn_auth(struct hci_conn *conn, __u8 sec_level)
 }
 /* Enable security */
-int hci_conn_security(struct hci_conn *conn, __u8 sec_level)
+int hci_conn_security(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
 {
        BT_DBG("conn %p", conn);
@@ -426,18 +421,18 @@ int hci_conn_security(struct hci_conn *conn, __u8 sec_level)
        if (sec_level == BT_SECURITY_LOW) {
                if (conn->ssp_mode > 0 && conn->hdev->ssp_mode > 0)
-                        return hci_conn_auth(conn, sec_level);
+                        return hci_conn_auth(conn, sec_level, auth_type);
                else
                        return 1;
        }
        if (conn->link_mode & HCI_LM_ENCRYPT)
-                return hci_conn_auth(conn, sec_level);
+                return hci_conn_auth(conn, sec_level, auth_type);
        if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend))
                return 0;
-        if (hci_conn_auth(conn, sec_level)) {
+        if (hci_conn_auth(conn, sec_level, auth_type)) {
                struct hci_cp_set_conn_encrypt cp;
                cp.handle  = cpu_to_le16(conn->handle);
                cp.encrypt = 1;
diff --git a/net/bluetooth/l2cap.c b/net/bluetooth/l2cap.c
index b677af671f31..8a93dde4095b 100644
--- a/net/bluetooth/l2cap.c
+++ b/net/bluetooth/l2cap.c
@@ -263,8 +263,22 @@ static void l2cap_chan_del(struct sock *sk, int err)
 static inline int l2cap_check_security(struct sock *sk)
 {
        struct l2cap_conn *conn = l2cap_pi(sk)->conn;
+        __u8 auth_type;
+        switch (l2cap_pi(sk)->sec_level) {
+        case BT_SECURITY_HIGH:
+                auth_type = HCI_AT_GENERAL_BONDING_MITM;
+                break;
+        case BT_SECURITY_MEDIUM:
+                auth_type = HCI_AT_GENERAL_BONDING;
+                break;
+        default:
+                auth_type = HCI_AT_NO_BONDING;
+                break;
+        }
-        return hci_conn_security(conn->hcon, l2cap_pi(sk)->sec_level);
+        return hci_conn_security(conn->hcon, l2cap_pi(sk)->sec_level,
+                                                                auth_type);
 }
 static inline u8 l2cap_get_ident(struct l2cap_conn *conn)
diff --git a/net/bluetooth/rfcomm/core.c b/net/bluetooth/rfcomm/core.c
index 3717c25ba33a..1828ec06ad1c 100644
--- a/net/bluetooth/rfcomm/core.c
+++ b/net/bluetooth/rfcomm/core.c
@@ -226,8 +226,22 @@ static int rfcomm_l2sock_create(struct socket **sock)
 static inline int rfcomm_check_security(struct rfcomm_dlc *d)
 {
        struct sock *sk = d->session->sock->sk;
+        __u8 auth_type;
-        return hci_conn_security(l2cap_pi(sk)->conn->hcon, d->sec_level);
+        switch (d->sec_level) {
+        case BT_SECURITY_HIGH:
+                auth_type = HCI_AT_GENERAL_BONDING_MITM;
+                break;
+        case BT_SECURITY_MEDIUM:
+                auth_type = HCI_AT_GENERAL_BONDING;
+                break;
+        default:
+                auth_type = HCI_AT_NO_BONDING;
+                break;
+        }
+        return hci_conn_security(l2cap_pi(sk)->conn->hcon, d->sec_level,
+                                                                auth_type);
 }
 /* ---- RFCOMM DLCs ---- */

diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c index 2435e830ba60..7fc4c048b57b 100644 --- a/net/bluetooth/hci_conn.c +++ b/net/bluetooth/hci_conn.c
@@ -391,19 +391,14 @@ int hci_conn_check_link_mode(struct hci_conn *conn)
391	EXPORT_SYMBOL(hci_conn_check_link_mode);	391	EXPORT_SYMBOL(hci_conn_check_link_mode);
392		392
393	/* Authenticate remote device */	393	/* Authenticate remote device */
394	static int hci_conn_auth(struct hci_conn *conn, __u8 sec_level)	394	static int hci_conn_auth(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
395	{	395	{
396	BT_DBG("conn %p", conn);	396	BT_DBG("conn %p", conn);
397		397
398	if (sec_level > conn->sec_level)	398	if (sec_level > conn->sec_level) {
399	conn->link_mode &= ~HCI_LM_AUTH;	399	conn->sec_level = sec_level;
400		400	conn->auth_type = auth_type;
401	conn->sec_level = sec_level;	401	} else if (conn->link_mode & HCI_LM_AUTH)
402
403	if (sec_level == BT_SECURITY_HIGH)
404	conn->auth_type \|= 0x01;
405
406	if (conn->link_mode & HCI_LM_AUTH)
407	return 1;	402	return 1;
408		403
409	if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {	404	if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
@@ -417,7 +412,7 @@ static int hci_conn_auth(struct hci_conn *conn, __u8 sec_level)
417	}	412	}
418		413
419	/* Enable security */	414	/* Enable security */
420	int hci_conn_security(struct hci_conn *conn, __u8 sec_level)	415	int hci_conn_security(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
421	{	416	{
422	BT_DBG("conn %p", conn);	417	BT_DBG("conn %p", conn);
423		418
@@ -426,18 +421,18 @@ int hci_conn_security(struct hci_conn *conn, __u8 sec_level)
426		421
427	if (sec_level == BT_SECURITY_LOW) {	422	if (sec_level == BT_SECURITY_LOW) {
428	if (conn->ssp_mode > 0 && conn->hdev->ssp_mode > 0)	423	if (conn->ssp_mode > 0 && conn->hdev->ssp_mode > 0)
429	return hci_conn_auth(conn, sec_level);	424	return hci_conn_auth(conn, sec_level, auth_type);
430	else	425	else
431	return 1;	426	return 1;
432	}	427	}
433		428
434	if (conn->link_mode & HCI_LM_ENCRYPT)	429	if (conn->link_mode & HCI_LM_ENCRYPT)
435	return hci_conn_auth(conn, sec_level);	430	return hci_conn_auth(conn, sec_level, auth_type);
436		431
437	if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend))	432	if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend))
438	return 0;	433	return 0;
439		434
440	if (hci_conn_auth(conn, sec_level)) {	435	if (hci_conn_auth(conn, sec_level, auth_type)) {
441	struct hci_cp_set_conn_encrypt cp;	436	struct hci_cp_set_conn_encrypt cp;
442	cp.handle = cpu_to_le16(conn->handle);	437	cp.handle = cpu_to_le16(conn->handle);
443	cp.encrypt = 1;	438	cp.encrypt = 1;


diff --git a/net/bluetooth/l2cap.c b/net/bluetooth/l2cap.c index b677af671f31..8a93dde4095b 100644 --- a/net/bluetooth/l2cap.c +++ b/net/bluetooth/l2cap.c
@@ -263,8 +263,22 @@ static void l2cap_chan_del(struct sock *sk, int err)
263	static inline int l2cap_check_security(struct sock *sk)	263	static inline int l2cap_check_security(struct sock *sk)
264	{	264	{
265	struct l2cap_conn *conn = l2cap_pi(sk)->conn;	265	struct l2cap_conn *conn = l2cap_pi(sk)->conn;
		266	__u8 auth_type;
		267
		268	switch (l2cap_pi(sk)->sec_level) {
		269	case BT_SECURITY_HIGH:
		270	auth_type = HCI_AT_GENERAL_BONDING_MITM;
		271	break;
		272	case BT_SECURITY_MEDIUM:
		273	auth_type = HCI_AT_GENERAL_BONDING;
		274	break;
		275	default:
		276	auth_type = HCI_AT_NO_BONDING;
		277	break;
		278	}
266		279
267	return hci_conn_security(conn->hcon, l2cap_pi(sk)->sec_level);	280	return hci_conn_security(conn->hcon, l2cap_pi(sk)->sec_level,
		281	auth_type);
268	}	282	}
269		283
270	static inline u8 l2cap_get_ident(struct l2cap_conn *conn)	284	static inline u8 l2cap_get_ident(struct l2cap_conn *conn)


diff --git a/net/bluetooth/rfcomm/core.c b/net/bluetooth/rfcomm/core.c index 3717c25ba33a..1828ec06ad1c 100644 --- a/net/bluetooth/rfcomm/core.c +++ b/net/bluetooth/rfcomm/core.c
@@ -226,8 +226,22 @@ static int rfcomm_l2sock_create(struct socket **sock)
226	static inline int rfcomm_check_security(struct rfcomm_dlc *d)	226	static inline int rfcomm_check_security(struct rfcomm_dlc *d)
227	{	227	{
228	struct sock *sk = d->session->sock->sk;	228	struct sock *sk = d->session->sock->sk;
		229	__u8 auth_type;
229		230
230	return hci_conn_security(l2cap_pi(sk)->conn->hcon, d->sec_level);	231	switch (d->sec_level) {
		232	case BT_SECURITY_HIGH:
		233	auth_type = HCI_AT_GENERAL_BONDING_MITM;
		234	break;
		235	case BT_SECURITY_MEDIUM:
		236	auth_type = HCI_AT_GENERAL_BONDING;
		237	break;
		238	default:
		239	auth_type = HCI_AT_NO_BONDING;
		240	break;
		241	}
		242
		243	return hci_conn_security(l2cap_pi(sk)->conn->hcon, d->sec_level,
		244	auth_type);
231	}	245	}
232		246
233	/* ---- RFCOMM DLCs ---- */	247	/* ---- RFCOMM DLCs ---- */