summaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
authorMarcel Holtmann <marcel@holtmann.org>2009-02-12 16:19:45 +0100
committerMarcel Holtmann <marcel@holtmann.org>2009-02-27 06:14:43 +0100
commit00ae4af91d8c5b6814e2bb3bfaaf743845f989eb (patch)
tree616da6330e5b9ca7448234fbd588c536da165d11 /net
parent2950f21acb0f6b8fcd964485c2ebf1e06545ac20 (diff)
downloadlinux-00ae4af91d8c5b6814e2bb3bfaaf743845f989eb.tar.bz2
Bluetooth: Fix authentication requirements for L2CAP security check
The L2CAP layer can trigger the authentication via an ACL connection or later on to increase the security level. When increasing the security level it didn't use the same authentication requirements when triggering a new ACL connection. Make sure that exactly the same authentication requirements are used. The only exception here are the L2CAP raw sockets which are only used for dedicated bonding. Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Diffstat (limited to 'net')
-rw-r--r--net/bluetooth/l2cap.c30
1 files changed, 20 insertions, 10 deletions
diff --git a/net/bluetooth/l2cap.c b/net/bluetooth/l2cap.c
index d563f2ebcbb3..79a4325a1388 100644
--- a/net/bluetooth/l2cap.c
+++ b/net/bluetooth/l2cap.c
@@ -268,16 +268,26 @@ static inline int l2cap_check_security(struct sock *sk)
struct l2cap_conn *conn = l2cap_pi(sk)->conn;
__u8 auth_type;
- switch (l2cap_pi(sk)->sec_level) {
- case BT_SECURITY_HIGH:
- auth_type = HCI_AT_GENERAL_BONDING_MITM;
- break;
- case BT_SECURITY_MEDIUM:
- auth_type = HCI_AT_GENERAL_BONDING;
- break;
- default:
- auth_type = HCI_AT_NO_BONDING;
- break;
+ if (l2cap_pi(sk)->psm == cpu_to_le16(0x0001)) {
+ if (l2cap_pi(sk)->sec_level == BT_SECURITY_HIGH)
+ auth_type = HCI_AT_NO_BONDING_MITM;
+ else
+ auth_type = HCI_AT_NO_BONDING;
+
+ if (l2cap_pi(sk)->sec_level == BT_SECURITY_LOW)
+ l2cap_pi(sk)->sec_level = BT_SECURITY_SDP;
+ } else {
+ switch (l2cap_pi(sk)->sec_level) {
+ case BT_SECURITY_HIGH:
+ auth_type = HCI_AT_GENERAL_BONDING_MITM;
+ break;
+ case BT_SECURITY_MEDIUM:
+ auth_type = HCI_AT_GENERAL_BONDING;
+ break;
+ default:
+ auth_type = HCI_AT_NO_BONDING;
+ break;
+ }
}
return hci_conn_security(conn->hcon, l2cap_pi(sk)->sec_level,