Use MITM for CreatePairedDevice and handle the NoInputNoOuput cases

2 files changed, 12 insertions, 4 deletions

diff --git a/src/dbus-hci.c b/src/dbus-hci.c
index 36bd0c94..85805906 100644
--- a/src/dbus-hci.c
+++ b/src/dbus-hci.c
@@ -295,7 +295,7 @@ int hcid_dbus_user_confirm(bdaddr_t *sba, bdaddr_t *dba, uint32_t passkey)
 	struct btd_adapter *adapter;
 	struct btd_device *device;
 	char addr[18];
-	uint8_t type;
+	uint8_t remcap, remauth, type;
 	uint16_t dev_id;
 
 	adapter = manager_find_adapter(sba);
@@ -333,8 +333,14 @@ int hcid_dbus_user_confirm(bdaddr_t *sba, bdaddr_t *dba, uint32_t passkey)
 		return -1;
 	}
 
-	/* If no MITM protection required, auto-accept */
-	if (!(device_get_auth(device) & 0x01) && !(type & 0x01)) {
+	remcap = device_get_cap(device);
+	remauth = device_get_auth(device);
+
+	debug("remote IO capabilities are 0x%02x", remcap);
+	debug("remote authentication requirement is 0x%02x", remauth);
+
+	/* If no side requires MITM protection; auto-accept */
+	if (!(remauth & 0x01) && (!(type & 0x01) || remcap == 0x03)) {
 		int dd;
 
 		dd = hci_open_dev(dev_id);
@@ -348,6 +354,8 @@ int hcid_dbus_user_confirm(bdaddr_t *sba, bdaddr_t *dba, uint32_t passkey)
 
 		hci_close_dev(dd);
 
+		debug("auto accept of confirmation");
+
 		return device_request_authentication(device,
 						AUTH_TYPE_AUTO, 0, NULL);
 	}
diff --git a/src/device.c b/src/device.c
index 7b3131ff..9c647f39 100644
--- a/src/device.c
+++ b/src/device.c
@@ -1709,7 +1709,7 @@ static int l2raw_connect(const bdaddr_t *src, const bdaddr_t *dst,
 		goto failed;
 	}
 
-	opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT;
+	opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT | L2CAP_LM_SECURE;
 
 	err = setsockopt(sk, SOL_L2CAP, L2CAP_LM, &opt, sizeof(opt));
 	if (err < 0) {