Bluetooth: Fix auth_complete_evt for legacy units

Legacy devices don't re-authenticate the link properly if a link key
already exists.  Thus, don't update sec_level for this case even if
hci_auth_complete_evt indicates success. Otherwise the sec_level will
not reflect a real security on the link.

Signed-off-by: Waldemar Rymarkiewicz <waldemar.rymarkiewicz@tieto.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>

diff --git a/include/net/bluetooth/hci_core.h b/include/net/bluetooth/hci_core.h
index 01459ecc16e949fbc3db7140a10fe5125c434da4..90a921cfd23d0d139c581d5d93e62223e3f21d14 100644 (file)
--- a/include/net/bluetooth/hci_core.h
+++ b/include/net/bluetooth/hci_core.h
@@ -322,6 +322,7 @@ void hci_inquiry_cache_update(struct hci_dev *hdev, struct inquiry_data *data);
 /* ----- HCI Connections ----- */
 enum {
        HCI_CONN_AUTH_PEND,
+       HCI_CONN_REAUTH_PEND,
        HCI_CONN_ENCRYPT_PEND,
        HCI_CONN_RSWITCH_PEND,
        HCI_CONN_MODE_CHANGE_PEND,

diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c
index 0514a7a01a57111850b39efa5abe9259f1853ac4..803628d6814e0f2908d0364e61c24a877f8663c0 100644 (file)
--- a/net/bluetooth/hci_conn.c
+++ b/net/bluetooth/hci_conn.c
@@ -559,6 +559,8 @@ static int hci_conn_auth(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
                cp.handle = cpu_to_le16(conn->handle);
                hci_send_cmd(conn->hdev, HCI_OP_AUTH_REQUESTED,
                                                        sizeof(cp), &cp);
+               if (conn->key_type != 0xff)
+                       set_bit(HCI_CONN_REAUTH_PEND, &conn->pend);
        }
 
        return 0;

diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
index 55d527e3f3b6ada81b046a97eda79c97b4b48364..72c3eb2fe674d848f0b99e29d8a239015b95d451 100644 (file)
--- a/net/bluetooth/hci_event.c
+++ b/net/bluetooth/hci_event.c
@@ -1492,13 +1492,21 @@ static inline void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *s
        conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
        if (conn) {
                if (!ev->status) {
-                       conn->link_mode |= HCI_LM_AUTH;
-                       conn->sec_level = conn->pending_sec_level;
+                       if (!(conn->ssp_mode > 0 && hdev->ssp_mode > 0) &&
+                                               test_bit(HCI_CONN_REAUTH_PEND,
+                                               &conn->pend)) {
+                               BT_INFO("re-auth of legacy device is not"
+                                                               "possible.");
+                       } else {
+                               conn->link_mode |= HCI_LM_AUTH;
+                               conn->sec_level = conn->pending_sec_level;
+                       }
                } else {
                        mgmt_auth_failed(hdev->id, &conn->dst, ev->status);
                }
 
                clear_bit(HCI_CONN_AUTH_PEND, &conn->pend);
+               clear_bit(HCI_CONN_REAUTH_PEND, &conn->pend);
 
                if (conn->state == BT_CONFIG) {
                        if (!ev->status && hdev->ssp_mode > 0 &&