Bluetooth: Fix authentication requirements for L2CAP security check
authorMarcel Holtmann <marcel@holtmann.org>
Thu, 12 Feb 2009 15:19:45 +0000 (16:19 +0100)
committerMarcel Holtmann <marcel@holtmann.org>
Fri, 27 Feb 2009 05:14:43 +0000 (06:14 +0100)
The L2CAP layer can trigger the authentication via an ACL connection or
later on to increase the security level. When increasing the security
level it didn't use the same authentication requirements when triggering
a new ACL connection. Make sure that exactly the same authentication
requirements are used. The only exception here are the L2CAP raw sockets
which are only used for dedicated bonding.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
net/bluetooth/l2cap.c

index d563f2ebcbb31d40f41805f1648d1262053747eb..79a4325a1388f2de329a3b6c7e6d3f9fc93a6dd0 100644 (file)
@@ -268,16 +268,26 @@ static inline int l2cap_check_security(struct sock *sk)
        struct l2cap_conn *conn = l2cap_pi(sk)->conn;
        __u8 auth_type;
 
-       switch (l2cap_pi(sk)->sec_level) {
-       case BT_SECURITY_HIGH:
-               auth_type = HCI_AT_GENERAL_BONDING_MITM;
-               break;
-       case BT_SECURITY_MEDIUM:
-               auth_type = HCI_AT_GENERAL_BONDING;
-               break;
-       default:
-               auth_type = HCI_AT_NO_BONDING;
-               break;
+       if (l2cap_pi(sk)->psm == cpu_to_le16(0x0001)) {
+               if (l2cap_pi(sk)->sec_level == BT_SECURITY_HIGH)
+                       auth_type = HCI_AT_NO_BONDING_MITM;
+               else
+                        auth_type = HCI_AT_NO_BONDING;
+
+               if (l2cap_pi(sk)->sec_level == BT_SECURITY_LOW)
+                       l2cap_pi(sk)->sec_level = BT_SECURITY_SDP;
+       } else {
+               switch (l2cap_pi(sk)->sec_level) {
+               case BT_SECURITY_HIGH:
+                       auth_type = HCI_AT_GENERAL_BONDING_MITM;
+                       break;
+               case BT_SECURITY_MEDIUM:
+                       auth_type = HCI_AT_GENERAL_BONDING;
+                       break;
+               default:
+                       auth_type = HCI_AT_NO_BONDING;
+                       break;
+               }
        }
 
        return hci_conn_security(conn->hcon, l2cap_pi(sk)->sec_level,