Bluetooth: Don't enforce authentication for L2CAP PSM 1 and 3
authorMarcel Holtmann <marcel@holtmann.org>
Mon, 9 Feb 2009 02:55:28 +0000 (03:55 +0100)
committerMarcel Holtmann <marcel@holtmann.org>
Fri, 27 Feb 2009 05:14:41 +0000 (06:14 +0100)
The recommendation for the L2CAP PSM 1 (SDP) is to not use any kind
of authentication or encryption. So don't trigger authentication
for incoming and outgoing SDP connections.

For L2CAP PSM 3 (RFCOMM) there is no clear requirement, but with
Bluetooth 2.1 the initiator is required to enable authentication
and encryption first and this gets enforced. So there is no need
to trigger an additional authentication step. The RFCOMM service
security will make sure that a secure enough link key is present.

When the encryption gets enabled after the SDP connection setup,
then switch the security level from SDP to low security.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
include/net/bluetooth/hci_core.h
net/bluetooth/l2cap.c

index f75028b33883eac98be6831eaf49211006a1f012..9473fce499e75f68ac4c082716bc487b1a243239 100644 (file)
@@ -597,6 +597,9 @@ static inline void hci_encrypt_cfm(struct hci_conn *conn, __u8 status, __u8 encr
 {
        struct list_head *p;
 
+       if (conn->sec_level == BT_SECURITY_SDP)
+               conn->sec_level = BT_SECURITY_LOW;
+
        hci_proto_encrypt_cfm(conn, status, encrypt);
 
        read_lock_bh(&hci_cb_list_lock);
index 01f750142d55638dbcaee635e138835ee3b45703..88340d24d11d7ce536d49c62d5ff5db8b771436c 100644 (file)
@@ -805,7 +805,7 @@ static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_
                l2cap_pi(sk)->sport = la->l2_psm;
                sk->sk_state = BT_BOUND;
 
-               if (btohs(la->l2_psm) == 0x0001)
+               if (btohs(la->l2_psm) == 0x0001 || btohs(la->l2_psm) == 0x0003)
                        l2cap_pi(sk)->sec_level = BT_SECURITY_SDP;
        }
 
@@ -852,6 +852,9 @@ static int l2cap_do_connect(struct sock *sk)
                        auth_type = HCI_AT_NO_BONDING_MITM;
                else
                        auth_type = HCI_AT_NO_BONDING;
+
+               if (l2cap_pi(sk)->sec_level == BT_SECURITY_LOW)
+                       l2cap_pi(sk)->sec_level = BT_SECURITY_SDP;
        } else {
                switch (l2cap_pi(sk)->sec_level) {
                case BT_SECURITY_HIGH: