Commit 435fef20 authored by Marcel Holtmann's avatar Marcel Holtmann

Bluetooth: Don't enforce authentication for L2CAP PSM 1 and 3

The recommendation for the L2CAP PSM 1 (SDP) is to not use any kind
of authentication or encryption. So don't trigger authentication
for incoming and outgoing SDP connections.

For L2CAP PSM 3 (RFCOMM) there is no clear requirement, but with
Bluetooth 2.1 the initiator is required to enable authentication
and encryption first and this gets enforced. So there is no need
to trigger an additional authentication step. The RFCOMM service
security will make sure that a secure enough link key is present.

When the encryption gets enabled after the SDP connection setup,
then switch the security level from SDP to low security.
Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
parent 6a8d3010
...@@ -597,6 +597,9 @@ static inline void hci_encrypt_cfm(struct hci_conn *conn, __u8 status, __u8 encr ...@@ -597,6 +597,9 @@ static inline void hci_encrypt_cfm(struct hci_conn *conn, __u8 status, __u8 encr
{ {
struct list_head *p; struct list_head *p;
if (conn->sec_level == BT_SECURITY_SDP)
conn->sec_level = BT_SECURITY_LOW;
hci_proto_encrypt_cfm(conn, status, encrypt); hci_proto_encrypt_cfm(conn, status, encrypt);
read_lock_bh(&hci_cb_list_lock); read_lock_bh(&hci_cb_list_lock);
......
...@@ -805,7 +805,7 @@ static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_ ...@@ -805,7 +805,7 @@ static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_
l2cap_pi(sk)->sport = la->l2_psm; l2cap_pi(sk)->sport = la->l2_psm;
sk->sk_state = BT_BOUND; sk->sk_state = BT_BOUND;
if (btohs(la->l2_psm) == 0x0001) if (btohs(la->l2_psm) == 0x0001 || btohs(la->l2_psm) == 0x0003)
l2cap_pi(sk)->sec_level = BT_SECURITY_SDP; l2cap_pi(sk)->sec_level = BT_SECURITY_SDP;
} }
...@@ -852,6 +852,9 @@ static int l2cap_do_connect(struct sock *sk) ...@@ -852,6 +852,9 @@ static int l2cap_do_connect(struct sock *sk)
auth_type = HCI_AT_NO_BONDING_MITM; auth_type = HCI_AT_NO_BONDING_MITM;
else else
auth_type = HCI_AT_NO_BONDING; auth_type = HCI_AT_NO_BONDING;
if (l2cap_pi(sk)->sec_level == BT_SECURITY_LOW)
l2cap_pi(sk)->sec_level = BT_SECURITY_SDP;
} else { } else {
switch (l2cap_pi(sk)->sec_level) { switch (l2cap_pi(sk)->sec_level) {
case BT_SECURITY_HIGH: case BT_SECURITY_HIGH:
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment