diff options
| -rw-r--r-- | hcid/Makefile.am | 10 | ||||
| -rw-r--r-- | hcid/hcid.conf | 3 | ||||
| -rw-r--r-- | hcid/hcid.conf.5 | 14 | ||||
| -rw-r--r-- | hcid/hcid.h | 7 | ||||
| -rw-r--r-- | hcid/kword.c | 1 | ||||
| -rw-r--r-- | hcid/main.c | 5 | ||||
| -rw-r--r-- | hcid/parser.y | 9 | ||||
| -rw-r--r-- | hcid/security.c | 138 |
8 files changed, 28 insertions, 159 deletions
diff --git a/hcid/Makefile.am b/hcid/Makefile.am index d9e8ddbe..2f5e2038 100644 --- a/hcid/Makefile.am +++ b/hcid/Makefile.am @@ -47,13 +47,3 @@ CLEANFILES = lexer.c parser.c parser.h EXTRA_DIST = $(man_MANS) $(conf_DATA) dbus.h dbus.c dbus-test bluez-hcid.conf MAINTAINERCLEANFILES = Makefile.in - -pinfile = $(confdir)/pin - -install-data-local: - [ -f $(DESTDIR)$(pinfile) ] || \ - echo "BlueZ" > $(DESTDIR)$(pinfile); \ - chmod 600 $(DESTDIR)$(pinfile) - -uninstall-local: - @rm -f $(DESTDIR)$(pinfile) diff --git a/hcid/hcid.conf b/hcid/hcid.conf index cbb2d2eb..65e3d816 100644 --- a/hcid/hcid.conf +++ b/hcid/hcid.conf @@ -20,6 +20,9 @@ options { # once - Pair once and deny successive attempts pairing multi; + # Default PIN code for incoming connections + pin_code "BlueZ"; + # PIN helper pin_helper /usr/bin/bluepin; diff --git a/hcid/hcid.conf.5 b/hcid/hcid.conf.5 index a5d82417..b6934746 100644 --- a/hcid/hcid.conf.5 +++ b/hcid/hcid.conf.5 @@ -45,6 +45,12 @@ with already paired devices. \fIonce\fP allows pairing once and denies successive attempts. The default hcid configuration is shipped with \fBmulti\fP enabled +.TP +\fBpin_code\fP "\fIpin\fP" + +The default PIN for incoming connections if \fBsecurity\fP has been +set to \fIauto\fP. + .TP \fBpin_helper\fP "\fIfile\fP" @@ -67,7 +73,7 @@ requests. \fBsecurity\fP none|auto|user \fInone\fP means the security manager is disabled. \fIauto\fP uses -local PIN, by default from /etc/bluetooth/pin, for incoming +local PIN, by default from pin_code, for incoming connections. \fIuser\fP always asks the user for a PIN. .SH "DEVICE SECTION" @@ -236,11 +242,5 @@ You can check the Bluetooth specification version 1.2 Volume 2, Part B section 6 .I /etc/bluetooth/hcid.conf Default location of the global configuration file. -.TP -.I /etc/bluetooth/pin -Default location of local PIN file, used for incoming connections in -security mode \fIauto\fP. The file contains the PIN code terminated by -newline. - .SH "AUTHOR" This manual page was written by Edouard Lafargue, Fredrik Noring and Maxim Krasnyansky. diff --git a/hcid/hcid.h b/hcid/hcid.h index c7aa0315..482cf589 100644 --- a/hcid/hcid.h +++ b/hcid/hcid.h @@ -33,8 +33,7 @@ #include "glib-ectomy.h" #define HCID_CONFIG_FILE CONFIGDIR "/hcid.conf" -#define HCID_PIN_FILE CONFIGDIR "/pin" -#define HCID_KEY_FILE CONFIGDIR "/link_key" + #define HCID_PIN_HELPER "/usr/bin/bluepin" enum { @@ -90,12 +89,10 @@ struct hcid_opts { uint8_t pin_code[16]; int pin_len; + char *pin_helper; - char *pin_file; int dbus_pin_helper; - char *key_file; - int sock; }; extern struct hcid_opts hcid; diff --git a/hcid/kword.c b/hcid/kword.c index 0edf099c..f7a3f66e 100644 --- a/hcid/kword.c +++ b/hcid/kword.c @@ -60,6 +60,7 @@ struct kword cfg_keyword[] = { { "pageto", K_PAGETO }, { "auth", K_AUTH }, { "encrypt", K_ENCRYPT }, + { "pin_code", K_PINCODE }, { "pin_helper", K_PINHELP }, { "dbus_pin_helper", K_DBUSPINHELP }, diff --git a/hcid/main.c b/hcid/main.c index 50cf86de..d5e5de85 100644 --- a/hcid/main.c +++ b/hcid/main.c @@ -552,9 +552,10 @@ int main(int argc, char *argv[], char *env[]) hcid.security = HCID_SEC_AUTO; hcid.pairing = HCID_PAIRING_MULTI; - hcid.pin_file = strdup(HCID_PIN_FILE); + strcpy((char *) hcid.pin_code, "BlueZ"); + hcid.pin_len = 5; + hcid.pin_helper = strdup(HCID_PIN_HELPER); - hcid.key_file = strdup(HCID_KEY_FILE); init_defaults(); diff --git a/hcid/parser.y b/hcid/parser.y index 948793cb..2697559f 100644 --- a/hcid/parser.y +++ b/hcid/parser.y @@ -61,7 +61,7 @@ int yyerror(char *s); %token K_OPTIONS K_DEVICE %token K_AUTOINIT K_SECURITY K_PAIRING %token K_PTYPE K_NAME K_CLASS K_VOICE K_INQMODE K_PAGETO K_LM K_LP K_AUTH K_ENCRYPT K_ISCAN K_PSCAN -%token K_PINHELP K_DBUSPINHELP +%token K_PINCODE K_PINHELP K_DBUSPINHELP %token K_YES K_NO %token <str> WORD PATH STRING LIST HCI BDADDR @@ -115,6 +115,13 @@ hcid_opt: hcid.pairing = $2; } + | K_PINCODE STRING { + strncpy((char *) hcid.pin_code, $2, 16); + hcid.pin_len = strlen($2); + if (hcid.pin_len > 16) + hcid.pin_len = 16; + } + | K_PINHELP PATH { if (hcid.pin_helper) free(hcid.pin_helper); diff --git a/hcid/security.c b/hcid/security.c index 9364938f..f4b46bfe 100644 --- a/hcid/security.c +++ b/hcid/security.c @@ -98,46 +98,6 @@ static inline int get_bdaddr(int dev, bdaddr_t *sba, uint16_t handle, bdaddr_t * /* Link Key handling */ -/* This function is not reentrable */ -static struct link_key *__get_link_key(int f, bdaddr_t *sba, bdaddr_t *dba) -{ - static struct link_key k; - struct link_key *key = NULL; - int r; - - while ((r = read_n(f, &k, sizeof(k)))) { - if (r < 0) { - syslog(LOG_ERR, "Link key database read failed: %s (%d)", - strerror(errno), errno); - break; - } - - if (!bacmp(&k.sba, sba) && !bacmp(&k.dba, dba)) { - key = &k; - break; - } - } - - return key; -} - -static struct link_key *get_link_key(bdaddr_t *sba, bdaddr_t *dba) -{ - struct link_key *key = NULL; - int f; - - f = open(hcid.key_file, O_RDONLY); - if (f >= 0) - key = __get_link_key(f, sba, dba); - else if (errno != ENOENT) - syslog(LOG_ERR, "Link key database open failed: %s (%d)", - strerror(errno), errno); - - close(f); - - return key; -} - static void link_key_request(int dev, bdaddr_t *sba, bdaddr_t *dba) { unsigned char key[16]; @@ -149,15 +109,6 @@ static void link_key_request(int dev, bdaddr_t *sba, bdaddr_t *dba) err = read_link_key(sba, dba, key); if (err < 0) { - struct link_key *linkkey = get_link_key(sba, dba); - if (linkkey) { - memcpy(key, linkkey->key, 16); - linkkey->time = time(0); - err = 0; - } - } - - if (err < 0) { /* Link key not found */ hci_send_cmd(dev, OGF_LINK_CTL, OCF_LINK_KEY_NEG_REPLY, 6, dba); } else { @@ -170,50 +121,6 @@ static void link_key_request(int dev, bdaddr_t *sba, bdaddr_t *dba) } } -#if 0 -static void save_link_key(struct link_key *key) -{ - struct link_key *exist; - char sa[18], da[18]; - int f, err; - - f = open(hcid.key_file, O_RDWR | O_CREAT, S_IRUSR | S_IWUSR); - if (f < 0) { - syslog(LOG_ERR, "Link key database open failed: %s (%d)", - strerror(errno), errno); - return; - } - - /* Check if key already exist */ - exist = __get_link_key(f, &key->sba, &key->dba); - - err = 0; - - if (exist) { - off_t o = lseek(f, 0, SEEK_CUR); - err = lseek(f, o - sizeof(*key), SEEK_SET); - } else - err = fcntl(f, F_SETFL, O_APPEND); - - if (err < 0) { - syslog(LOG_ERR, "Link key database seek failed: %s (%d)", - strerror(errno), errno); - goto failed; - } - - if (write_n(f, key, sizeof(*key)) < 0) { - syslog(LOG_ERR, "Link key database write failed: %s (%d)", - strerror(errno), errno); - } - - ba2str(&key->sba, sa); ba2str(&key->dba, da); - syslog(LOG_INFO, "%s link key %s %s", exist ? "Replacing" : "Saving", sa, da); - -failed: - close(f); -} -#endif - static void link_key_notify(int dev, bdaddr_t *sba, void *ptr) { evt_link_key_notify *evt = ptr; @@ -230,10 +137,6 @@ static void link_key_notify(int dev, bdaddr_t *sba, void *ptr) key.type = evt->key_type; key.time = time(0); -#if 0 - save_link_key(&key); -#endif - write_link_key(sba, dba, evt->link_key, evt->key_type); } @@ -261,34 +164,6 @@ static void return_link_keys(int dev, bdaddr_t *sba, void *ptr) /* PIN code handling */ -static int read_default_pin_code(void) -{ - char buf[17]; - FILE *f; - int len; - - if (!(f = fopen(hcid.pin_file, "r"))) { - syslog(LOG_ERR, "Can't open PIN file %s: %s (%d)", - hcid.pin_file, strerror(errno), errno); - return -1; - } - - if (fgets(buf, sizeof(buf), f)) { - strtok(buf, "\n\r"); - len = strlen(buf); - memcpy(hcid.pin_code, buf, len); - hcid.pin_len = len; - } else { - syslog(LOG_ERR, "Can't read PIN file %s: %s (%d)", - hcid.pin_file, strerror(errno), errno); - len = -1; - } - - fclose(f); - - return len; -} - /* PIN helper is an external app that asks user for a PIN. It can implement its own PIN code generation policy and methods like @@ -415,8 +290,9 @@ static void pin_code_request(int dev, bdaddr_t *sba, bdaddr_t *dba) pin_code_reply_cp pr; struct hci_conn_info_req *cr; struct hci_conn_info *ci; + unsigned char key[16]; char sa[18], da[18], pin[17]; - int pinlen; + int err, pinlen; memset(&pr, 0, sizeof(pr)); bacpy(&pr.bdaddr, dba); @@ -441,8 +317,8 @@ static void pin_code_request(int dev, bdaddr_t *sba, bdaddr_t *dba) pinlen = read_pin_code(sba, dba, pin); if (pairing == HCID_PAIRING_ONCE) { - struct link_key *key = get_link_key(sba, dba); - if (key) { + err = read_link_key(sba, dba, key); + if (!err) { ba2str(dba, da); syslog(LOG_WARNING, "PIN code request for already paired device %s", da); goto reject; @@ -871,11 +747,5 @@ void stop_security_manager(int hdev) void init_security_data(void) { - /* Set local PIN code */ - if (read_default_pin_code() < 0) { - strcpy((char *) hcid.pin_code, "BlueZ"); - hcid.pin_len = 5; - } - pairing = hcid.pairing; } |