Require client pin?

Question

Require client pin?

Closed this issue 5 years ago · 4 comments

This is really handy and works great on a Pi Zero W. One question. For my car I'd like to require connecting clients to enter a pin because, sometimes we can't have nice things. I've been playing with this block of agent.py but haven't figured out the magic. Thoughts? It's not critical- I'll dig into DBUS if I need to. Thx!

def __init__(self,
                 path='/test/agent',
                 auto_authorize_connections=True,
                 default_pin_code='0000',
                 default_pass_key=0,   # Range: 0-999999
                 cb_notify_on_release=None,
                 cb_notify_on_authorize=None,
                 cb_notify_on_request_pin_code=None,
                 cb_notify_on_request_pass_key=None,
                 cb_notify_on_display_pass_key=None,
                 cb_notify_on_request_confirmation=None,
                 cb_notify_on_confirm_mode_change=None,
                 cb_notify_on_cancel=None):

Answer 1 · 2017-03-27T08:52:51.000Z

Sorry for late reply, I was on vacation.

Great to hear its working on the Pi Zero too!

As far as I know (or as I just checked up), entering a pin is the deprecated legacy way of connecting devices in bluetooth. If you try to connect an old device the callbacks might be called. It could be that you need to adjust this value too. [related bluez api doc]
I have not tried that personally.

Regarding your case I would suggest some kind of real pairing as a solution.
That would mean disabling the current auto pairing/connecting mechanism and use hcitool for pairing.
You might play around with not requesting the default agent and adjusting the agent settings/callbacks.

A little easier solution would be to rewrite the auto_accept_one method and check against your cars device id before allowing it to connect.
Kind of hacky but should work.

Answer 2 · 2017-03-27T16:08:58.000Z

Thanks, Vacation is key. :) I was thinking the way to go is a toggle button that enables a wifi hotspot, dhcp and a little Express page with one textbox for saving a list of allowed bluetooth IDs. I did something like that for a lighting controller- quick and easy.

In auto_accept_one where's the check for the address from the client? Thx!

Answer 3 · 2017-03-27T22:39:18.000Z

It is stored in the device variable. If I am not mistaken it will be unique for each device.

So you can check there if it is inside your list and return False if not.

It could probably be spoofed easily though, so its by no means the most secure solution.

Answer 4 · 2020-03-29T14:07:21.000Z

This can now be done with bt-speaker.

btmgmt ssp off

needed for this to work