1/*
2 * search.c
3 *
4 * Copyright (c) 2001-2003 Maksim Yevmenkin <m_evmenkin@yahoo.com>
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 *    notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 *    notice, this list of conditions and the following disclaimer in the
14 *    documentation and/or other materials provided with the distribution.
15 *
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26 * SUCH DAMAGE.
27 *
28 * $Id: search.c,v 1.2 2003/09/04 22:12:13 max Exp $
29 * $FreeBSD$
30 */
31
32#include <sys/uio.h>
33#include <netinet/in.h>
34#include <arpa/inet.h>
35#include <bluetooth.h>
36#include <errno.h>
37#include <stdio.h>
38#include <stdlib.h>
39#include <string.h>
40#include <unistd.h>
41
42#include <sdp-int.h>
43#include <sdp.h>
44
45int32_t
46sdp_search(void *xss,
47		uint32_t plen, uint16_t const *pp,
48		uint32_t alen, uint32_t const *ap,
49		uint32_t vlen, sdp_attr_t *vp)
50{
51	struct sdp_xpdu {
52		sdp_pdu_t		 pdu;
53		uint16_t		 len;
54	} __attribute__ ((packed))	 xpdu;
55
56	sdp_session_p			 ss = (sdp_session_p) xss;
57	uint8_t				*req = NULL, *rsp = NULL, *rsp_tmp = NULL;
58	int32_t				 t, len;
59	uint16_t			 lo, hi;
60
61	if (ss == NULL)
62		return (-1);
63
64	if (ss->req == NULL || ss->rsp == NULL ||
65	    plen == 0 || pp == NULL || alen == 0 || ap == NULL) {
66		ss->error = EINVAL;
67		return (-1);
68	}
69
70	req = ss->req;
71
72	/* Calculate ServiceSearchPattern length */
73	plen = plen * (sizeof(pp[0]) + 1);
74
75	/* Calculate AttributeIDList length */
76	for (len = 0, t = 0; t < alen; t ++) {
77		lo = (uint16_t) (ap[t] >> 16);
78		hi = (uint16_t) (ap[t]);
79
80		if (lo > hi) {
81			ss->error = EINVAL;
82			return (-1);
83		}
84
85		if (lo != hi)
86			len += (sizeof(ap[t]) + 1);
87		else
88			len += (sizeof(lo) + 1);
89	}
90	alen = len;
91
92	/* Calculate length of the request */
93	len =	plen + sizeof(uint8_t) + sizeof(uint16_t) +
94			/* ServiceSearchPattern */
95		sizeof(uint16_t) +
96			/* MaximumAttributeByteCount */
97		alen + sizeof(uint8_t) + sizeof(uint16_t);
98			/* AttributeIDList */
99
100	if (ss->req_e - req < len) {
101		ss->error = ENOBUFS;
102		return (-1);
103	}
104
105	/* Put ServiceSearchPattern */
106	SDP_PUT8(SDP_DATA_SEQ16, req);
107	SDP_PUT16(plen, req);
108	for (; plen > 0; pp ++, plen -= (sizeof(pp[0]) + 1)) {
109		SDP_PUT8(SDP_DATA_UUID16, req);
110		SDP_PUT16(*pp, req);
111	}
112
113	/* Put MaximumAttributeByteCount */
114	SDP_PUT16(0xffff, req);
115
116	/* Put AttributeIDList */
117	SDP_PUT8(SDP_DATA_SEQ16, req);
118	SDP_PUT16(alen, req);
119	for (; alen > 0; ap ++) {
120		lo = (uint16_t) (*ap >> 16);
121		hi = (uint16_t) (*ap);
122
123		if (lo != hi) {
124			/* Put attribute range */
125			SDP_PUT8(SDP_DATA_UINT32, req);
126			SDP_PUT32(*ap, req);
127			alen -= (sizeof(ap[0]) + 1);
128		} else {
129			/* Put attribute */
130			SDP_PUT8(SDP_DATA_UINT16, req);
131			SDP_PUT16(lo, req);
132			alen -= (sizeof(lo) + 1);
133		}
134	}
135
136	/* Submit ServiceSearchAttributeRequest and wait for response */
137	ss->cslen = 0;
138	rsp = ss->rsp;
139
140	do {
141		struct iovec	 iov[2];
142		uint8_t		*req_cs = req;
143
144		/* Add continuation state (if any) */
145		if (ss->req_e - req_cs < ss->cslen + 1) {
146			ss->error = ENOBUFS;
147			return (-1);
148		}
149
150		SDP_PUT8(ss->cslen, req_cs);
151		if (ss->cslen > 0) {
152			memcpy(req_cs, ss->cs, ss->cslen);
153			req_cs += ss->cslen;
154		}
155
156		/* Prepare SDP PDU header */
157		xpdu.pdu.pid = SDP_PDU_SERVICE_SEARCH_ATTRIBUTE_REQUEST;
158		xpdu.pdu.tid = htons(ss->tid);
159		xpdu.pdu.len = htons(req_cs - ss->req);
160
161		/* Submit request */
162		iov[0].iov_base = (void *) &xpdu;
163		iov[0].iov_len = sizeof(xpdu.pdu);
164		iov[1].iov_base = (void *) ss->req;
165		iov[1].iov_len = req_cs - ss->req;
166
167		do {
168			len = writev(ss->s, iov, sizeof(iov)/sizeof(iov[0]));
169		} while (len < 0 && errno == EINTR);
170
171		if (len < 0) {
172			ss->error = errno;
173			return (-1);
174		}
175
176		/* Read response */
177		iov[0].iov_base = (void *) &xpdu;
178		iov[0].iov_len = sizeof(xpdu);
179		iov[1].iov_base = (void *) rsp;
180		iov[1].iov_len = ss->imtu;
181
182		do {
183			len = readv(ss->s, iov, sizeof(iov)/sizeof(iov[0]));
184		} while (len < 0 && errno == EINTR);
185
186		if (len < 0) {
187			ss->error = errno;
188			return (-1);
189		}
190		if (len < sizeof(xpdu)) {
191			ss->error = ENOMSG;
192			return (-1);
193		}
194
195		xpdu.pdu.tid = ntohs(xpdu.pdu.tid);
196		xpdu.pdu.len = ntohs(xpdu.pdu.len);
197		xpdu.len = ntohs(xpdu.len);
198
199		if (xpdu.pdu.pid == SDP_PDU_ERROR_RESPONSE ||
200		    xpdu.pdu.tid != ss->tid ||
201		    xpdu.pdu.len > len ||
202		    xpdu.len > xpdu.pdu.len) {
203			ss->error = EIO;
204			return (-1);
205		}
206
207		rsp += xpdu.len;
208		ss->tid ++;
209
210		/* Save continuation state (if any) */
211		ss->cslen = rsp[0];
212		if (ss->cslen > 0) {
213			if (ss->cslen > sizeof(ss->cs)) {
214				ss->error = ENOBUFS;
215				return (-1);
216			}
217
218			memcpy(ss->cs, rsp + 1, ss->cslen);
219
220			/*
221			 * Ensure that we always have ss->imtu bytes
222			 * available in the ss->rsp buffer
223			 */
224
225			if (ss->rsp_e - rsp <= ss->imtu) {
226				uint32_t	 size, offset;
227
228				size = ss->rsp_e - ss->rsp + ss->imtu;
229				offset = rsp - ss->rsp;
230
231				rsp_tmp = realloc(ss->rsp, size);
232				if (rsp_tmp == NULL) {
233					ss->error = ENOMEM;
234					return (-1);
235				}
236
237				ss->rsp = rsp_tmp;
238				ss->rsp_e = ss->rsp + size;
239				rsp = ss->rsp + offset;
240			}
241		}
242	} while (ss->cslen > 0);
243
244	/*
245	 * If we got here then we have completed SDP transaction and now
246	 * we must populate attribute values into vp array. At this point
247	 * ss->rsp points to the beginning of the response and rsp points
248	 * to the end of the response.
249	 *
250	 * From Bluetooth v1.1 spec page 364
251	 *
252	 * The AttributeLists is a data element sequence where each element
253	 * in turn is a data element sequence representing an attribute list.
254	 * Each attribute list contains attribute IDs and attribute values
255	 * from one service record. The first element in each attribute list
256	 * contains the attribute ID of the first attribute to be returned for
257	 * that service record. The second element in each attribute list
258	 * contains the corresponding attribute value. Successive pairs of
259	 * elements in each attribute list contain additional attribute ID
260	 * and value pairs. Only attributes that have non-null values within
261	 * the service record and whose attribute IDs were specified in the
262	 * SDP_ServiceSearchAttributeRequest are contained in the AttributeLists
263	 * Neither an attribute ID nor attribute value is placed in
264	 * AttributeLists for attributes in the service record that have no
265	 * value. Within each attribute list, the attributes are listed in
266	 * ascending order of attribute ID value.
267	 */
268
269	if (vp == NULL)
270		goto done;
271
272	rsp_tmp = ss->rsp;
273
274	/* Skip the first SEQ */
275	SDP_GET8(t, rsp_tmp);
276	switch (t) {
277	case SDP_DATA_SEQ8:
278		SDP_GET8(len, rsp_tmp);
279		break;
280
281	case SDP_DATA_SEQ16:
282		SDP_GET16(len, rsp_tmp);
283		break;
284
285	case SDP_DATA_SEQ32:
286		SDP_GET32(len, rsp_tmp);
287		break;
288
289	default:
290		ss->error = ENOATTR;
291		return (-1);
292		/* NOT REACHED */
293	}
294
295	for (; rsp_tmp < rsp && vlen > 0; ) {
296		/* Get set of attributes for the next record */
297		SDP_GET8(t, rsp_tmp);
298		switch (t) {
299		case SDP_DATA_SEQ8:
300			SDP_GET8(len, rsp_tmp);
301			break;
302
303		case SDP_DATA_SEQ16:
304			SDP_GET16(len, rsp_tmp);
305			break;
306
307		case SDP_DATA_SEQ32:
308			SDP_GET32(len, rsp_tmp);
309			break;
310
311		default:
312			ss->error = ENOATTR;
313			return (-1);
314			/* NOT REACHED */
315		}
316
317		/* Now rsp_tmp points to list of (attr,value) pairs */
318		for (; len > 0 && vlen > 0; vp ++, vlen --) {
319			/* Attribute */
320			SDP_GET8(t, rsp_tmp);
321			if (t != SDP_DATA_UINT16) {
322				ss->error = ENOATTR;
323				return (-1);
324			}
325			SDP_GET16(vp->attr, rsp_tmp);
326
327			/* Attribute value */
328			switch (rsp_tmp[0]) {
329			case SDP_DATA_NIL:
330				alen = 0;
331				break;
332
333			case SDP_DATA_UINT8:
334			case SDP_DATA_INT8:
335			case SDP_DATA_BOOL:
336				alen = sizeof(uint8_t);
337				break;
338
339			case SDP_DATA_UINT16:
340			case SDP_DATA_INT16:
341			case SDP_DATA_UUID16:
342				alen = sizeof(uint16_t);
343				break;
344
345			case SDP_DATA_UINT32:
346			case SDP_DATA_INT32:
347			case SDP_DATA_UUID32:
348				alen = sizeof(uint32_t);
349				break;
350
351			case SDP_DATA_UINT64:
352			case SDP_DATA_INT64:
353				alen = sizeof(uint64_t);
354				break;
355
356			case SDP_DATA_UINT128:
357			case SDP_DATA_INT128:
358			case SDP_DATA_UUID128:
359				alen = sizeof(uint128_t);
360				break;
361
362			case SDP_DATA_STR8:
363			case SDP_DATA_URL8:
364			case SDP_DATA_SEQ8:
365			case SDP_DATA_ALT8:
366				alen = rsp_tmp[1] + sizeof(uint8_t);
367				break;
368
369			case SDP_DATA_STR16:
370			case SDP_DATA_URL16:
371			case SDP_DATA_SEQ16:
372			case SDP_DATA_ALT16:
373				alen =	  ((uint16_t)rsp_tmp[1] << 8)
374					| ((uint16_t)rsp_tmp[2]);
375				alen += sizeof(uint16_t);
376				break;
377
378			case SDP_DATA_STR32:
379			case SDP_DATA_URL32:
380			case SDP_DATA_SEQ32:
381			case SDP_DATA_ALT32:
382				alen =    ((uint32_t)rsp_tmp[1] << 24)
383					| ((uint32_t)rsp_tmp[2] << 16)
384					| ((uint32_t)rsp_tmp[3] <<  8)
385					| ((uint32_t)rsp_tmp[4]);
386				alen += sizeof(uint32_t);
387				break;
388
389			default:
390				ss->error = ENOATTR;
391				return (-1);
392				/* NOT REACHED */
393			}
394
395			alen += sizeof(uint8_t);
396
397			if (vp->value != NULL) {
398				if (alen <= vp->vlen) {
399					vp->flags = SDP_ATTR_OK;
400					vp->vlen = alen;
401				} else
402					vp->flags = SDP_ATTR_TRUNCATED;
403
404				memcpy(vp->value, rsp_tmp, vp->vlen);
405			} else
406				vp->flags = SDP_ATTR_INVALID;
407
408			len -=	(
409				sizeof(uint8_t) + sizeof(uint16_t) +
410				alen
411				);
412
413			rsp_tmp += alen;
414		}
415	}
416done:
417	ss->error = 0;
418
419	return (0);
420}
421
422