| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
| |
This makes use of DEFER_SETUP mechanism to do the following checks
before accepting the connection:
- Checks a valid device object exits
- Checks if initiator/central as if the peripheral start connecting it
may cause collisions.
- Checks if the limit of allowed connections has been reached.
|
|
|
|
|
|
|
| |
This checks cid before attempting to create device, if the device is
using an RPA it could be that the MGMT event has not been processed yet
which would lead to create a second copy of the same device using its
identity address.
|
|
|
|
|
|
|
|
|
|
| |
The passed iterator can be NULL as in
src/gatt-database.c::properties_changed():
...
proxy->prop_func(..., ..., iter=NULL, ...)
+--client/gatt.c::property_changed_cb(..., ..., iter, ...);
+--dbus_message_iter_get_arg_type(iter);
...
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This fixes the following warnings:
src/gatt-database.c:3541:14: warning: Value stored to 'iface' during
its initialization is never read [deadcode.DeadStores]
const char *iface = g_dbus_proxy_get_interface(proxy);
^~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
src/gatt-database.c:3542:14: warning: Value stored to 'path' during
its initialization is never read [deadcode.DeadStores]
const char *path = g_dbus_proxy_get_path(proxy);
^~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
|
|
|
|
|
| |
CCC shall always have both Read and Write permissions set in addition to
what application set.
Fixes: https://github.com/bluez/bluez/issues/399
|
|
|
|
|
|
|
| |
Application can now encode an error code into the D-Bus reply error
message (0x80-0x9f).
Fixes: https://github.com/bluez/bluez/issues/380
|
|
|
|
|
| |
This adds btd_ prefix to device_is_trusted so it can be used by
plugins.
|
|
|
|
|
| |
This enables storing the local (adapter) GATT database which later will
be used by btmon to decode GATT handles.
|
|
|
|
|
|
|
|
|
|
|
| |
If device is no longer exists or not paired when notifications send it
is possible to get double free and dereference of already freed memory.
To avoid this we need to recheck the state of device after sending
notification.
Found by Linux Verification Center (linuxtesting.org) with the SVACE
static analysis tool.
|
|
|
|
| |
This prints an error if gatt_db_attribut_notify fails.
|
|
|
|
|
| |
Check whether type of UUIDs property of GattProfile1 object
is correct.
|
|
|
|
|
| |
This makes use of gatt_db_attribute_notify to send indications of
Service Changed.
|
|
|
|
|
| |
This introduces gatt_db_attribute_notify which can be used to trigger a
notification using the callback set by gatt_db_ccc_register.
|
|
|
|
|
| |
This uses gatt_db_service_add_ccc and gatt_db_ccc_register so any ccc
registered with the use of the former gets proper state tracking.
|
|
|
|
|
|
| |
Adds missing assignment to disconn_id for pending operations and removes
check that is already handled by checking if the owner_queue of the op
is gone at the start of write_reply_cb.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Allow a GATT server to impose write permissions/restrictions on a CCC by
setting additional `X-notify` and `X-indicate` flags on its associated
characteristic.
This allows a developer to require encryption/authentication in order
for a GATT client to subscribe to server-initiated updates.
```
[bluetooth]# register-characteristic\
4b75f0f8-1f23-46b1-900c-5bbabcd5ca93 encrypt-read,encrypt-notify
[NEW] Characteristic (Handle 0x0000)
/org/bluez/app/service0/chrc17
4b75f0f8-1f23-46b1-900c-5bbabcd5ca93
Vendor specific
[/org/bluez/app/service0/chrc17] Enter value: 42
```
|
|
|
|
|
|
|
|
|
| |
There is a current use after free possible on a gatt server if a client
disconnects while a WriteValue call is being processed with dbus.
This patch includes the addition of a pending disconnect callback to handle
cleanup better if a disconnect occurs during a write, an acquire write
or read operation using bt_att_register_disconnect with the cb.
|
|
|
|
|
|
|
|
|
| |
BlueZ contained superfluous properties that not only did nothing of
value, but needlessly created CEP descriptors for any characteristic
with a secure/encrypted/authenticated flag applied to it.
This actually deviated from the spec(Bluetooth core 5.3, 3.3.3.1) by
setting the reserved bits in the CEPD.
|
|
|
|
|
| |
This adds Central Address Resolution characteristic so peripherals can
use directed advertising using RPA as initiator address.
|
|
|
|
|
|
|
|
|
|
|
|
| |
This checks if an outstanding call to AcquireWrite is already in
progress. If so, the write request is placed into the queue, but
AcquireWrite is not called again. When a response to AcquireWrite is
received, acquire_write_reply sends all queued writes over the acquired
socket.
Making multiple simultaneous calls to AcquireWrite makes no sense,
as this would open multiple socket pairs and only the last returned
socket would be used for further writes.
|
|
|
|
|
|
| |
If source has not been set don't register DIS as it would not contain
any useful information and by doing this it actually allows systems to
register their own DIS instance.
|
|
|
|
|
|
|
|
|
| |
When a local GATT characteristic has both the indicate and notify
properties, notifications will not be send to clients requesting them.
This change fixes this, allowing for notifications to be sent.
Also simplifies logic about when notifications/indications should
be sent.
|
|
|
|
|
|
|
|
| |
If a device is removed with notifications enabled that would lead to
device_state being freed while att_disconnected has not been called
yet.
gh-issue: https://github.com/bluez/bluez/issues/82
|
|
|
|
|
|
|
|
|
|
| |
Unfortunately assuming service changed has been subscribed may cause
indication to time out in some peripherals (Logitech M720 Triathlon, Mx
Anywhere 2, Lenovo Mice N700, RAPOO BleMouse and Microsoft Designer
Mouse) even though the expect actually mandates that the client responds
with confirmation these peripherals just ignores it completely which
leads them to be disconnected whenever bluetoothd is restarted or the
system reboots.
|
|
|
|
|
| |
This makes use of gatt_db_attribute_set_fixed_length so the database is
aware of the length of the values and perform bounds checking.
|
|
|
|
|
|
|
| |
When client features is read check if the offset is within the cli_feat
bounds.
Fixes: https://github.com/bluez/bluez/issues/70
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Objects in the service->includes queue are obtained via
dbus_message_iter_get_basic call and according to the
contract for the value is that it is returned by the reference
and should not be freed thus we should make a copy.
This will fix the issue when the GATT service app is disconnected
(reproduced with gatt-service included in bluez), bluetoothd is crashing:
bluetoothd: src/gatt-database.c:gatt_db_service_removed() Local GATT service removed
bluetoothd: src/adapter.c:adapter_service_remove() /org/bluez/hci0
bluetoothd: src/adapter.c:remove_uuid() sending remove uuid command for index 0
bluetoothd: src/sdpd-service.c:remove_record_from_server() Removing record with handle 0x10006
bluetoothd: src/gatt-database.c:proxy_removed_cb() Proxy removed - removing service: /service1
munmap_chunk(): invalid pointer
|
|
|
|
|
| |
Since we use btd term for daemon APIs it makes sense to use it also
for the header name instead of hcid.
|
|
|
|
| |
Use btd_ prefix since this is a daemon API.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds SPDX License Identifier and removes the license text.
-------------------------------------
License COUNT
-------------------------------------
LGPL-2.1-or-later : 62
GPL-2.0-or-later : 51
BSD-2-Clause : 2
License: LGPL-2.1-or-later
src/adv_monitor.c
src/adv_monitor.h
src/shared/mainloop-glib.c
src/shared/btp.c
src/shared/tester.c
src/shared/btsnoop.c
src/shared/gatt-helpers.h
src/shared/log.h
src/shared/util.h
src/shared/mainloop-ell.c
src/shared/hci-crypto.c
src/shared/mainloop.c
src/shared/hfp.h
src/shared/mainloop-notify.c
src/shared/io-mainloop.c
src/shared/btsnoop.h
src/shared/uhid.h
src/shared/util.c
src/shared/ringbuf.c
src/shared/btp.h
src/shared/shell.h
src/shared/io-glib.c
src/shared/queue.h
src/shared/gatt-server.h
src/shared/crypto.c
src/shared/crypto.h
src/shared/io-ell.c
src/shared/timeout-glib.c
src/shared/mgmt.c
src/shared/gatt-db.c
src/shared/mainloop-notify.h
src/shared/hfp.c
src/shared/timeout-ell.c
src/shared/shell.c
src/shared/hci.c
src/shared/log.c
src/shared/ringbuf.h
src/shared/gatt-helpers.c
src/shared/queue.c
src/shared/tty.h
src/shared/timeout-mainloop.c
src/shared/tester.h
src/shared/gap.h
src/shared/mgmt.h
src/shared/gatt-db.h
src/shared/uhid.c
src/shared/mainloop.h
src/shared/timeout.h
src/shared/att-types.h
src/shared/pcap.c
src/shared/gap.c
src/shared/att.c
src/shared/pcap.h
src/shared/hci.h
src/shared/gatt-client.h
src/shared/io.h
src/shared/gatt-client.c
src/shared/ad.c
src/shared/att.h
src/shared/gatt-server.c
src/shared/hci-crypto.h
src/shared/ad.h
License: GPL-2.0-or-later
src/attrib-server.h
src/advertising.h
src/textfile.c
src/attrib-server.c
src/uinput.h
src/log.h
src/eir.h
src/sdpd.h
src/sdpd-request.c
src/service.h
src/sdpd-database.c
src/adapter.h
src/plugin.h
src/uuid-helper.h
src/plugin.c
src/main.c
src/sdp-xml.c
src/error.h
src/oui.c
src/device.c
src/agent.h
src/sdp-client.c
src/oui.h
src/device.h
src/gatt-database.c
src/error.c
src/backtrace.c
src/sdpd-server.c
src/adapter.c
src/log.c
src/agent.c
src/backtrace.h
src/sdp-xml.h
src/hcid.h
src/dbus-common.h
src/uuid-helper.c
src/storage.c
src/profile.c
src/advertising.c
src/storage.h
src/dbus-common.c
src/profile.h
src/sdpd-service.c
src/eir.c
src/sdp-client.h
src/gatt-database.h
src/gatt-client.h
src/rfkill.c
src/gatt-client.c
src/service.c
src/textfile.h
License: BSD-2-Clause
src/shared/ecc.h
src/shared/ecc.c
|
|
|
|
|
|
| |
Currently parse_includes() will return false if the "Includes" property
is an empty array. Empty array in the "Includes" property should be
treated as valid.
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds support for the PNPID characteristic when configured in
main.conf.
This was validated as read correclty both by manually reading the valud
and confirming in the Ellisys Analyzer.
ATT Read (PnP ID: Source=Bluetooth ID, Vendor=224, Product=50181,
ATT Read Response Packet (Source=Bluetooth ID, Vendor=224,
Product=50181, Version=86) | OK | 7 bytes (01 E0 00 05 C4 56 00)
|
|
|
|
|
|
| |
gatt_db_get_hash actually depends on crypto so platforms that don't
have it enabled shall not register GATT_CHARAC_DB_HASH as otherwise it
would cause a crash due to hash being NULL.
|
|
|
|
|
|
| |
According to bluetooth spec Ver 5.2, Vol 3, Part G, 7.1, the
service_changed characteristic is not readable. Therefore, this
patch marks it as such.
|
|
|
|
|
| |
msg.msg_iovlen should be set to 1 to forward the data received over the
file descriptor.
|
|
|
|
|
| |
Register read handler only for notify IO and handle socket
disconnection in sock_io_read.
|
|
|
|
|
|
|
|
| |
Originally these operation did not set any owner_queue which caused
them to crash if the attribute is freed before the respose, to fix that
the reply will now check if owner_queue was reset to NULL which means
the attribute is no longer available but the owner_queue was never set
in the first place so this ensures they are now setup properly.
|
|
|
|
|
|
|
|
| |
If the method has timed out it probably means the application is not
responding so a follow up method call might have the same result, also
in case the application returns org.bluez.Error.Failed it indicates the
operation has been attempted but failed which again most likely will
have the same result if reattempted.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If there are pending AcquireWrite or AcquireNotify when disconnecting
the attribute object may be freed (e.g. device is temporary) leading to
the following backtrace:
bluetoothd[369928]: src/gatt-database.c:gatt_db_service_removed() Local GATT service removed
bluetoothd[369928]: src/adapter.c:adapter_service_remove() /org/bluez/hci1
bluetoothd[369928]: src/adapter.c:remove_uuid() sending remove uuid command for index 1
bluetoothd[369928]: src/sdpd-service.c:remove_record_from_server() Removing record with handle 0x1002e
bluetoothd[369928]: src/gatt-database.c:send_notification_to_device() GATT server sending indication
bluetoothd[369928]: src/device.c:gatt_debug() Write Complete: err -125
bluetoothd[369928]: src/gatt-database.c:client_disconnect_cb() Client disconnected
bluetoothd[369928]: src/advertising.c:client_disconnect_cb() Client disconnected
bluetoothd[369928]: Failed to acquire write: org.freedesktop.DBus.Error.NoReply
Program received signal SIGSEGV, Segmentation fault.
0x0000555555631450 in acquire_write_reply (message=0x55555583dec0, user_data=0x555555843e40) at src/gatt-database.c:2437
2437 send_write(op->device, op->attrib, chrc->proxy, NULL, op->id,
|
|
|
|
|
| |
This adds option to set the numbers of GATT Channels/Bearers to be
connected in main.conf.
|
|
|
|
|
| |
This adds support for Notify Multiple procedure marking its bit as
supported in the Client Features.
|
|
|
|
| |
This adds support for EATT connections.
|
|
|
|
|
| |
This adds EATT support to bt_att, EATT bearers are handled as
additional channels which auto allocated for queued requests.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The spec actually allows writing just 1 byte:
BLUETOOTH CORE SPECIFICATION Version 5.1 | Vol 3, Part F
page 2320:
'If the attribute value has a fixed length and the Attribute Value
parameter length is less than or equal to the length of the attribute
value, the octets of the attribute value parameter length shall be
written; all other octets in this attribute value shall be
unchanged.'
|
|
|
|
|
|
|
|
|
|
|
| |
Encryption is required according to the spec:
BLUETOOTH CORE SPECIFICATION Version 5.1 | Vol 3, Part G page 2397:
5.1.2 BR/EDR channel requirements
The channel shall be encrypted. The Key_Type shall be either an
Unauthenticated Combination Key or an Authenticated Combination Key.
|
|
|
|
| |
Allows 'extended-propeties' as flags.
|
|
|
|
|
| |
This detects when a client becomes change-unware returning
DB Out of Sync error when that happens.
|
|
|
|
|
| |
This registers both Client Features and Database Hash Characteristics
which are mandatory for the server.
|
|
|
|
| |
This emulates application setting their attribute handles.
|
|
|
|
|
| |
If the application has set an attribute with Handle set to 0 inform the
allocated handle by writting the Handle property.
|