1 /*
2 * \file libusb1-glue.c
3 * Low-level USB interface glue towards libusb.
4 *
5 * Copyright (C) 2005-2007 Richard A. Low <richard@wentnet.com>
6 * Copyright (C) 2005-2012 Linus Walleij <triad@df.lth.se>
7 * Copyright (C) 2006-2011 Marcus Meissner
8 * Copyright (C) 2007 Ted Bullock
9 * Copyright (C) 2008 Chris Bagwell <chris@cnpbagwell.com>
10 *
11 * This library is free software; you can redistribute it and/or
12 * modify it under the terms of the GNU Lesser General Public
13 * License as published by the Free Software Foundation; either
14 * version 2 of the License, or (at your option) any later version.
15 *
16 * This library is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
19 * Lesser General Public License for more details.
20 *
21 * You should have received a copy of the GNU Lesser General Public
22 * License along with this library; if not, write to the
23 * Free Software Foundation, Inc., 59 Temple Place - Suite 330,
24 * Boston, MA 02111-1307, USA.
25 *
26 * Created by Richard Low on 24/12/2005. (as mtp-utils.c)
27 * Modified by Linus Walleij 2006-03-06
28 * (Notice that Anglo-Saxons use little-endian dates and Swedes
29 * use big-endian dates.)
30 *
31 */
32 #include "../config.h"
33 #include "libmtp.h"
34 #include "libusb-glue.h"
35 #include "device-flags.h"
36 #include "util.h"
37 #include "ptp.h"
38
39 #include <errno.h>
40 #include <stdio.h>
41 #include <stdlib.h>
42 #include <string.h>
43 #include <unistd.h>
44 #include <usb.h>
45
46 #include "ptp-pack.c"
47
48 /* Aha, older libusb does not have USB_CLASS_PTP */
49 #ifndef USB_CLASS_PTP
50 #define USB_CLASS_PTP 6
51 #endif
52
53 /*
54 * Default USB timeout length. This can be overridden as needed
55 * but should start with a reasonable value so most common
56 * requests can be completed. The original value of 4000 was
57 * not long enough for large file transfer. Also, players can
58 * spend a bit of time collecting data. Higher values also
59 * make connecting/disconnecting more reliable.
60 */
61 #define USB_TIMEOUT_DEFAULT 20000
62 #define USB_TIMEOUT_LONG 60000
63
get_timeout(PTP_USB * ptp_usb)64 static inline int get_timeout(PTP_USB* ptp_usb) {
65 if (FLAG_LONG_TIMEOUT(ptp_usb)) {
66 return USB_TIMEOUT_LONG;
67 }
68 return USB_TIMEOUT_DEFAULT;
69 }
70
71 /* USB Feature selector HALT */
72 #ifndef USB_FEATURE_HALT
73 #define USB_FEATURE_HALT 0x00
74 #endif
75
76 /* Internal data types */
77 struct mtpdevice_list_struct {
78 openusb_dev_handle_t device;
79 PTPParams *params;
80 PTP_USB *ptp_usb;
81 uint32_t bus_location;
82 struct mtpdevice_list_struct *next;
83 };
84 typedef struct mtpdevice_list_struct mtpdevice_list_t;
85
86 static const LIBMTP_device_entry_t mtp_device_table[] = {
87 /* We include an .h file which is shared between us and libgphoto2 */
88 #include "music-players.h"
89 };
90 static const int mtp_device_table_size = sizeof (mtp_device_table) / sizeof (LIBMTP_device_entry_t);
91
92 // Local functions
93 static void init_usb();
94 static void close_usb(PTP_USB* ptp_usb);
95 static int find_interface_and_endpoints(openusb_dev_handle_t *dev,
96 uint8_t *conf,
97 uint8_t *interface,
98 uint8_t *altsetting,
99 int* inep,
100 int* inep_maxpacket,
101 int* outep,
102 int* outep_maxpacket,
103 int* intep);
104 static void clear_stall(PTP_USB* ptp_usb);
105 static int init_ptp_usb(PTPParams* params, PTP_USB* ptp_usb, openusb_dev_handle_t * dev);
106 static short ptp_write_func(unsigned long, PTPDataHandler*, void *data, unsigned long*);
107 static short ptp_read_func(unsigned long, PTPDataHandler*, void *data, unsigned long*, int);
108 static int usb_get_endpoint_status(PTP_USB* ptp_usb, int ep, uint16_t* status);
109
110 // Local USB handles.
111 static openusb_handle_t libmtp_openusb_handle;
112
113 /**
114 * Get a list of the supported USB devices.
115 *
116 * The developers depend on users of this library to constantly
117 * add in to the list of supported devices. What we need is the
118 * device name, USB Vendor ID (VID) and USB Product ID (PID).
119 * put this into a bug ticket at the project homepage, please.
120 * The VID/PID is used to let e.g. udev lift the device to
121 * console userspace access when it's plugged in.
122 *
123 * @param devices a pointer to a pointer that will hold a device
124 * list after the call to this function, if it was
125 * successful.
126 * @param numdevs a pointer to an integer that will hold the number
127 * of devices in the device list if the call was successful.
128 * @return 0 if the list was successful retrieved, any other
129 * value means failure.
130 */
LIBMTP_Get_Supported_Devices_List(LIBMTP_device_entry_t ** const devices,int * const numdevs)131 int LIBMTP_Get_Supported_Devices_List(LIBMTP_device_entry_t * * const devices, int * const numdevs) {
132 *devices = (LIBMTP_device_entry_t *) & mtp_device_table;
133 *numdevs = mtp_device_table_size;
134 return 0;
135 }
136
init_usb()137 static void init_usb() {
138 openusb_init(NULL, &libmtp_openusb_handle);
139 }
140
141 /**
142 * Small recursive function to append a new usb_device to the linked list of
143 * USB MTP devices
144 * @param devlist dynamic linked list of pointers to usb devices with MTP
145 * properties, to be extended with new device.
146 * @param newdevice the new device to add.
147 * @param bus_location bus for this device.
148 * @return an extended array or NULL on failure.
149 */
append_to_mtpdevice_list(mtpdevice_list_t * devlist,openusb_dev_handle_t * newdevice,uint32_t bus_location)150 static mtpdevice_list_t *append_to_mtpdevice_list(mtpdevice_list_t *devlist,
151 openusb_dev_handle_t *newdevice,
152
153 uint32_t bus_location) {
154 mtpdevice_list_t *new_list_entry;
155
156 new_list_entry = (mtpdevice_list_t *) malloc(sizeof (mtpdevice_list_t));
157 if (new_list_entry == NULL) {
158 return NULL;
159 }
160 // Fill in USB device, if we *HAVE* to make a copy of the device do it here.
161 new_list_entry->device = *newdevice;
162 new_list_entry->bus_location = bus_location;
163 new_list_entry->next = NULL;
164
165 if (devlist == NULL) {
166 return new_list_entry;
167 } else {
168 mtpdevice_list_t *tmp = devlist;
169 while (tmp->next != NULL) {
170 tmp = tmp->next;
171 }
172 tmp->next = new_list_entry;
173 }
174 return devlist;
175 }
176
177 /**
178 * Small recursive function to free dynamic memory allocated to the linked list
179 * of USB MTP devices
180 * @param devlist dynamic linked list of pointers to usb devices with MTP
181 * properties.
182 * @return nothing
183 */
free_mtpdevice_list(mtpdevice_list_t * devlist)184 static void free_mtpdevice_list(mtpdevice_list_t *devlist) {
185 mtpdevice_list_t *tmplist = devlist;
186
187 if (devlist == NULL)
188 return;
189 while (tmplist != NULL) {
190 mtpdevice_list_t *tmp = tmplist;
191 tmplist = tmplist->next;
192 // Do not free() the fields (ptp_usb, params)! These are used elsewhere.
193 free(tmp);
194 }
195 return;
196 }
197
198 /**
199 * This checks if a device has an MTP descriptor. The descriptor was
200 * elaborated about in gPhoto bug 1482084, and some official documentation
201 * with no strings attached was published by Microsoft at
202 * http://www.microsoft.com/whdc/system/bus/USB/USBFAQ_intermed.mspx#E3HAC
203 *
204 * @param dev a device struct from libopenusb.
205 * @param dumpfile set to non-NULL to make the descriptors dump out
206 * to this file in human-readable hex so we can scruitinze them.
207 * @return 1 if the device is MTP compliant, 0 if not.
208 */
probe_device_descriptor(openusb_dev_handle_t * dev,FILE * dumpfile)209 static int probe_device_descriptor(openusb_dev_handle_t *dev, FILE *dumpfile) {
210 openusb_dev_handle_t *devh = NULL;
211 unsigned char buf[1024], cmd;
212 uint8_t *bufptr = (uint8_t *) &buf;
213 unsigned int buffersize = sizeof(buf);
214 int i;
215 int ret;
216 /* This is to indicate if we find some vendor interface */
217 int found_vendor_spec_interface = 0;
218 struct usb_device_desc desc;
219 struct usb_interface_desc ifcdesc;
220
221 ret = openusb_parse_device_desc(libmtp_openusb_handle, *dev, NULL, 0, &desc);
222 if (ret != OPENUSB_SUCCESS) return 0;
223 /*
224 * Don't examine devices that are not likely to
225 * contain any MTP interface, update this the day
226 * you find some weird combination...
227 */
228 if (!(desc.bDeviceClass == USB_CLASS_PER_INTERFACE ||
229 desc.bDeviceClass == USB_CLASS_COMM ||
230 desc.bDeviceClass == USB_CLASS_PTP ||
231 desc.bDeviceClass == 0xEF || /* Intf. Association Desc.*/
232 desc.bDeviceClass == USB_CLASS_VENDOR_SPEC)) {
233 return 0;
234 }
235
236 /* Attempt to open Device on this port */
237 ret = openusb_open_device(libmtp_openusb_handle, NULL, USB_INIT_DEFAULT, devh);
238 if (ret != OPENUSB_SUCCESS) {
239 /* Could not open this device */
240 return 0;
241 }
242
243 /*
244 * This sometimes crashes on the j for loop below
245 * I think it is because config is NULL yet
246 * dev->descriptor.bNumConfigurations > 0
247 * this check should stop this
248 */
249 /*
250 * Loop over the device configurations and interfaces. Nokia MTP-capable
251 * handsets (possibly others) typically have the string "MTP" in their
252 * MTP interface descriptions, that's how they can be detected, before
253 * we try the more esoteric "OS descriptors" (below).
254 */
255 for (i = 0; i < desc.bNumConfigurations; i++) {
256 uint8_t j;
257 struct usb_config_desc config;
258
259 ret = openusb_parse_config_desc(libmtp_openusb_handle, *dev, NULL, 0, 0, &config);
260 if (ret != OPENUSB_SUCCESS) {
261 LIBMTP_INFO("configdescriptor %d get failed with ret %d in probe_device_descriptor yet dev->descriptor.bNumConfigurations > 0\n", i, ret);
262 continue;
263 }
264
265 for (j = 0; j < config.bNumInterfaces; j++) {
266 int k = 0;
267
268 while (openusb_parse_interface_desc(libmtp_openusb_handle, *dev, NULL, 0, 0, j, k++, &ifcdesc) == 0) {
269 /* Current interface descriptor */
270
271 /*
272 * MTP interfaces have three endpoints, two bulk and one
273 * interrupt. Don't probe anything else.
274 */
275 if (ifcdesc.bNumEndpoints != 3)
276 continue;
277
278 /*
279 * We only want to probe for the OS descriptor if the
280 * device is LIBUSB_CLASS_VENDOR_SPEC or one of the interfaces
281 * in it is, so flag if we find an interface like this.
282 */
283 if (ifcdesc.bInterfaceClass == USB_CLASS_VENDOR_SPEC) {
284 found_vendor_spec_interface = 1;
285 }
286
287 /*
288 * Check for Still Image Capture class with PIMA 15740 protocol,
289 * also known as PTP
290 */
291
292 /*
293 * Next we search for the MTP substring in the interface name.
294 * For example : "RIM MS/MTP" should work.
295 */
296 buf[0] = '\0';
297 // FIXME: DK: Find out how to get the string descriptor for an interface?
298 /*
299 ret = libusb_get_string_descriptor_ascii(devh,
300 config->interface[j].altsetting[k].iInterface,
301 buf,
302 1024);
303 */
304 if (ret < 3)
305 continue;
306 if (strstr((char *) buf, "MTP") != NULL) {
307 if (dumpfile != NULL) {
308 fprintf(dumpfile, "Configuration %d, interface %d, altsetting %d:\n", i, j, k);
309 fprintf(dumpfile, " Interface description contains the string \"MTP\"\n");
310 fprintf(dumpfile, " Device recognized as MTP, no further probing.\n");
311 }
312 //libusb_free_config_descriptor(config);
313 openusb_close_device(*devh);
314 return 1;
315 }
316 }
317 }
318 }
319
320 /*
321 * Only probe for OS descriptor if the device is vendor specific
322 * or one of the interfaces found is.
323 */
324 if (desc.bDeviceClass == USB_CLASS_VENDOR_SPEC ||
325 found_vendor_spec_interface) {
326
327 /* Read the special descriptor */
328 //ret = libusb_get_descriptor(devh, 0x03, 0xee, buf, sizeof (buf));
329 ret = openusb_get_raw_desc(libmtp_openusb_handle, *dev, USB_DESC_TYPE_STRING, 0xee, 0, &bufptr, (unsigned short *)&buffersize);
330 /*
331 * If something failed we're probably stalled to we need
332 * to clear the stall off the endpoint and say this is not
333 * MTP.
334 */
335 if (ret < 0) {
336 /* EP0 is the default control endpoint */
337 //libusb_clear_halt (devh, 0);
338 openusb_close_device(*devh);
339 openusb_free_raw_desc(buf);
340 return 0;
341 }
342
343 // Dump it, if requested
344 if (dumpfile != NULL && ret > 0) {
345 fprintf(dumpfile, "Microsoft device descriptor 0xee:\n");
346 data_dump_ascii(dumpfile, buf, ret, 16);
347 }
348
349 /* Check if descriptor length is at least 10 bytes */
350 if (ret < 10) {
351 openusb_close_device(*devh);
352 openusb_free_raw_desc(buf);
353 return 0;
354 }
355
356 /* Check if this device has a Microsoft Descriptor */
357 if (!((buf[2] == 'M') && (buf[4] == 'S') &&
358 (buf[6] == 'F') && (buf[8] == 'T'))) {
359 openusb_close_device(*devh);
360 openusb_free_raw_desc(buf);
361 return 0;
362 }
363
364 /* Check if device responds to control message 1 or if there is an error */
365 cmd = buf[16];
366
367 /*
368 ret = libusb_control_transfer (devh,
369 LIBUSB_ENDPOINT_IN | LIBUSB_RECIPIENT_DEVICE | LIBUSB_REQUEST_TYPE_VENDOR,
370 cmd,
371 0,
372 4,
373 buf,
374 sizeof(buf),
375 USB_TIMEOUT_DEFAULT);
376 */
377 struct openusb_ctrl_request ctrl;
378 ctrl.setup.bmRequestType = USB_ENDPOINT_IN | USB_RECIP_DEVICE | USB_REQ_TYPE_VENDOR;
379 ctrl.setup.bRequest = cmd;
380 ctrl.setup.wValue = 0;
381 ctrl.setup.wIndex = 4;
382 ctrl.payload = bufptr; // Out
383 ctrl.length = sizeof (buf);
384 ctrl.timeout = USB_TIMEOUT_DEFAULT;
385 ctrl.next = NULL;
386 ctrl.flags = 0;
387
388 ret = openusb_ctrl_xfer(*devh, 0, USB_ENDPOINT_IN, &ctrl);
389
390
391 // Dump it, if requested
392 if (dumpfile != NULL && ctrl.result.transferred_bytes > 0) {
393 fprintf(dumpfile, "Microsoft device response to control message 1, CMD 0x%02x:\n", cmd);
394 data_dump_ascii(dumpfile, buf, ctrl.result.transferred_bytes, 16);
395 }
396
397 /* If this is true, the device either isn't MTP or there was an error */
398 if (ctrl.result.transferred_bytes <= 0x15) {
399 /* TODO: If there was an error, flag it and let the user know somehow */
400 /* if(ret == -1) {} */
401 openusb_close_device(*devh);
402 return 0;
403 }
404
405 /* Check if device is MTP or if it is something like a USB Mass Storage
406 device with Janus DRM support */
407 if ((buf[0x12] != 'M') || (buf[0x13] != 'T') || (buf[0x14] != 'P')) {
408 openusb_close_device(*devh);
409 return 0;
410 }
411
412 /* After this point we are probably dealing with an MTP device */
413
414 /*
415 * Check if device responds to control message 2, which is
416 * the extended device parameters. Most devices will just
417 * respond with a copy of the same message as for the first
418 * message, some respond with zero-length (which is OK)
419 * and some with pure garbage. We're not parsing the result
420 * so this is not very important.
421 */
422 /*
423 ret = libusb_control_transfer (devh,
424 LIBUSB_ENDPOINT_IN | LIBUSB_RECIPIENT_DEVICE | LIBUSB_REQUEST_TYPE_VENDOR,
425 cmd,
426 0,
427 5,
428 buf,
429 sizeof(buf),
430 USB_TIMEOUT_DEFAULT);
431 */
432 //struct openusb_ctrl_request ctrl;
433 ctrl.setup.bmRequestType = USB_ENDPOINT_IN | USB_RECIP_DEVICE | USB_REQ_TYPE_VENDOR;
434 ctrl.setup.bRequest = cmd;
435 ctrl.setup.wValue = 0;
436 ctrl.setup.wIndex = 5;
437 ctrl.payload = bufptr; // Out
438 ctrl.length = sizeof (buf);
439 ctrl.timeout = USB_TIMEOUT_DEFAULT;
440 ctrl.next = NULL;
441 ctrl.flags = 0;
442
443 ret = openusb_ctrl_xfer(*devh, 0, USB_ENDPOINT_IN, &ctrl);
444
445 // Dump it, if requested
446 if (dumpfile != NULL && ctrl.result.transferred_bytes > 0) {
447 fprintf(dumpfile, "Microsoft device response to control message 2, CMD 0x%02x:\n", cmd);
448 data_dump_ascii(dumpfile, buf, ret, 16);
449 }
450
451 /* If this is true, the device errored against control message 2 */
452 if (ctrl.result.transferred_bytes < 0) {
453 /* TODO: Implement callback function to let managing program know there
454 was a problem, along with description of the problem */
455 LIBMTP_ERROR("Potential MTP Device with VendorID:%04x and "
456 "ProductID:%04x encountered an error responding to "
457 "control message 2.\n"
458 "Problems may arrise but continuing\n",
459 desc.idVendor, desc.idProduct);
460 } else if (dumpfile != NULL && ctrl.result.transferred_bytes == 0) {
461 fprintf(dumpfile, "Zero-length response to control message 2 (OK)\n");
462 } else if (dumpfile != NULL) {
463 fprintf(dumpfile, "Device responds to control message 2 with some data.\n");
464 }
465 /* Close the USB device handle */
466 openusb_close_device(*devh);
467 return 1;
468 }
469
470 /* Close the USB device handle */
471 openusb_close_device(*devh);
472 return 0;
473 }
474
475 /**
476 * This function scans through the connected usb devices on a machine and
477 * if they match known Vendor and Product identifiers appends them to the
478 * dynamic array mtp_device_list. Be sure to call
479 * <code>free_mtpdevice_list(mtp_device_list)</code> when you are done
480 * with it, assuming it is not NULL.
481 * @param mtp_device_list dynamic array of pointers to usb devices with MTP
482 * properties (if this list is not empty, new entries will be appended
483 * to the list).
484 * @return LIBMTP_ERROR_NONE implies that devices have been found, scan the list
485 * appropriately. LIBMTP_ERROR_NO_DEVICE_ATTACHED implies that no
486 * devices have been found.
487 */
get_mtp_usb_device_list(mtpdevice_list_t ** mtp_device_list)488 static LIBMTP_error_number_t get_mtp_usb_device_list(mtpdevice_list_t ** mtp_device_list) {
489 int nrofdevs = 0;
490 openusb_devid_t *devs = NULL;
491 struct usb_device_desc desc;
492 int ret, i;
493
494 init_usb();
495 ret = openusb_get_devids_by_bus(libmtp_openusb_handle, 0, &devs, &nrofdevs);
496
497
498 for (i = 0; i < nrofdevs; i++) {
499 openusb_devid_t dev = devs[i];
500
501 ret = openusb_parse_device_desc(libmtp_openusb_handle, dev, NULL, 0, &desc);
502 if (ret != OPENUSB_SUCCESS) continue;
503
504 if (desc.bDeviceClass != USB_CLASS_HUB) {
505 int i;
506 int found = 0;
507 // First check if we know about the device already.
508 // Devices well known to us will not have their descriptors
509 // probed, it caused problems with some devices.
510 for (i = 0; i < mtp_device_table_size; i++) {
511 if (desc.idVendor == mtp_device_table[i].vendor_id &&
512 desc.idProduct == mtp_device_table[i].product_id) {
513 /* Append this usb device to the MTP device list */
514 *mtp_device_list = append_to_mtpdevice_list(*mtp_device_list, &dev, 0);
515 found = 1;
516 break;
517 }
518 }
519 // If we didn't know it, try probing the "OS Descriptor".
520 //if (!found) {
521 // if (probe_device_descriptor(&dev, NULL)) {
522 /* Append this usb device to the MTP USB Device List */
523 // *mtp_device_list = append_to_mtpdevice_list(*mtp_device_list, &dev, 0);
524 // }
525 /*
526 * By thomas_-_s: Also append devices that are no MTP but PTP devices
527 * if this is commented out.
528 */
529 /*
530 else {
531 // Check whether the device is no USB hub but a PTP.
532 if ( dev->config != NULL &&dev->config->interface->altsetting->bInterfaceClass == LIBUSB_CLASS_PTP && dev->descriptor.bDeviceClass != LIBUSB_CLASS_HUB ) {
533 *mtp_device_list = append_to_mtpdevice_list(*mtp_device_list, dev, bus->location);
534 }
535 }
536 */
537 //}
538 }
539 }
540
541 /* If nothing was found we end up here. */
542 if (*mtp_device_list == NULL) {
543 return LIBMTP_ERROR_NO_DEVICE_ATTACHED;
544 }
545 return LIBMTP_ERROR_NONE;
546 }
547
548 /**
549 * Checks if a specific device with a certain bus and device
550 * number has an MTP type device descriptor.
551 *
552 * @param busno the bus number of the device to check
553 * @param deviceno the device number of the device to check
554 * @return 1 if the device is MTP else 0
555 */
LIBMTP_Check_Specific_Device(int busno,int devno)556 int LIBMTP_Check_Specific_Device(int busno, int devno) {
557 unsigned int nrofdevs;
558 openusb_devid_t **devs = NULL;
559 int i;
560
561 init_usb();
562
563 openusb_get_devids_by_bus(libmtp_openusb_handle, 0, devs, &nrofdevs);
564 for (i = 0; i < nrofdevs; i++) {
565 /*
566 if (bus->location != busno)
567 continue;
568 if (dev->devnum != devno)
569 continue;
570 */
571 if (probe_device_descriptor(devs[i], NULL))
572 return 1;
573 }
574 return 0;
575 }
576
577 /**
578 * Detect the raw MTP device descriptors and return a list of
579 * of the devices found.
580 *
581 * @param devices a pointer to a variable that will hold
582 * the list of raw devices found. This may be NULL
583 * on return if the number of detected devices is zero.
584 * The user shall simply <code>free()</code> this
585 * variable when finished with the raw devices,
586 * in order to release memory.
587 * @param numdevs a pointer to an integer that will hold
588 * the number of devices in the list. This may
589 * be 0.
590 * @return 0 if successful, any other value means failure.
591 */
LIBMTP_Detect_Raw_Devices(LIBMTP_raw_device_t ** devices,int * numdevs)592 LIBMTP_error_number_t LIBMTP_Detect_Raw_Devices(LIBMTP_raw_device_t ** devices,
593 int * numdevs) {
594 mtpdevice_list_t *devlist = NULL;
595 mtpdevice_list_t *dev;
596 LIBMTP_error_number_t ret;
597 LIBMTP_raw_device_t *retdevs;
598 int devs = 0;
599 int i, j;
600
601 ret = get_mtp_usb_device_list(&devlist);
602 if (ret == LIBMTP_ERROR_NO_DEVICE_ATTACHED) {
603 *devices = NULL;
604 *numdevs = 0;
605 return ret;
606 } else if (ret != LIBMTP_ERROR_NONE) {
607 LIBMTP_ERROR("LIBMTP PANIC: get_mtp_usb_device_list() "
608 "error code: %d on line %d\n", ret, __LINE__);
609 return ret;
610 }
611
612 // Get list size
613 dev = devlist;
614 while (dev != NULL) {
615 devs++;
616 dev = dev->next;
617 }
618 if (devs == 0) {
619 *devices = NULL;
620 *numdevs = 0;
621 return LIBMTP_ERROR_NONE;
622 }
623 // Conjure a device list
624 retdevs = (LIBMTP_raw_device_t *) malloc(sizeof (LIBMTP_raw_device_t) * devs);
625 if (retdevs == NULL) {
626 // Out of memory
627 *devices = NULL;
628 *numdevs = 0;
629 return LIBMTP_ERROR_MEMORY_ALLOCATION;
630 }
631 dev = devlist;
632 i = 0;
633 while (dev != NULL) {
634 int device_known = 0;
635 struct usb_device_desc desc;
636
637 openusb_parse_device_desc(libmtp_openusb_handle, dev->device, NULL, 0, &desc);
638 // Assign default device info
639 retdevs[i].device_entry.vendor = NULL;
640 retdevs[i].device_entry.vendor_id = desc.idVendor;
641 retdevs[i].device_entry.product = NULL;
642 retdevs[i].device_entry.product_id = desc.idProduct;
643 retdevs[i].device_entry.device_flags = 0x00000000U;
644 // See if we can locate some additional vendor info and device flags
645 for (j = 0; j < mtp_device_table_size; j++) {
646 if (desc.idVendor == mtp_device_table[j].vendor_id &&
647 desc.idProduct == mtp_device_table[j].product_id) {
648 device_known = 1;
649 retdevs[i].device_entry.vendor = mtp_device_table[j].vendor;
650 retdevs[i].device_entry.product = mtp_device_table[j].product;
651 retdevs[i].device_entry.device_flags = mtp_device_table[j].device_flags;
652
653 // This device is known to the developers
654 LIBMTP_INFO("Device %d (VID=%04x and PID=%04x) is a %s %s.\n",
655 i,
656 desc.idVendor,
657 desc.idProduct,
658 mtp_device_table[j].vendor,
659 mtp_device_table[j].product);
660 break;
661 }
662 }
663 if (!device_known) {
664 device_unknown(i, desc.idVendor, desc.idProduct);
665 }
666 // Save the location on the bus
667 retdevs[i].bus_location = 0;
668 retdevs[i].devnum = openusb_get_devid(libmtp_openusb_handle, &dev->device);
669 i++;
670 dev = dev->next;
671 }
672 *devices = retdevs;
673 *numdevs = i;
674 free_mtpdevice_list(devlist);
675 return LIBMTP_ERROR_NONE;
676 }
677
678 /**
679 * This routine just dumps out low-level
680 * USB information about the current device.
681 * @param ptp_usb the USB device to get information from.
682 */
dump_usbinfo(PTP_USB * ptp_usb)683 void dump_usbinfo(PTP_USB *ptp_usb) {
684 struct usb_device_desc desc;
685
686 openusb_parse_device_desc(libmtp_openusb_handle, *ptp_usb->handle, NULL, 0, &desc);
687
688 LIBMTP_INFO(" bcdUSB: %d\n", desc.bcdUSB);
689 LIBMTP_INFO(" bDeviceClass: %d\n", desc.bDeviceClass);
690 LIBMTP_INFO(" bDeviceSubClass: %d\n", desc.bDeviceSubClass);
691 LIBMTP_INFO(" bDeviceProtocol: %d\n", desc.bDeviceProtocol);
692 LIBMTP_INFO(" idVendor: %04x\n", desc.idVendor);
693 LIBMTP_INFO(" idProduct: %04x\n", desc.idProduct);
694 LIBMTP_INFO(" IN endpoint maxpacket: %d bytes\n", ptp_usb->inep_maxpacket);
695 LIBMTP_INFO(" OUT endpoint maxpacket: %d bytes\n", ptp_usb->outep_maxpacket);
696 LIBMTP_INFO(" Raw device info:\n");
697 LIBMTP_INFO(" Bus location: %d\n", ptp_usb->rawdevice.bus_location);
698 LIBMTP_INFO(" Device number: %d\n", ptp_usb->rawdevice.devnum);
699 LIBMTP_INFO(" Device entry info:\n");
700 LIBMTP_INFO(" Vendor: %s\n", ptp_usb->rawdevice.device_entry.vendor);
701 LIBMTP_INFO(" Vendor id: 0x%04x\n", ptp_usb->rawdevice.device_entry.vendor_id);
702 LIBMTP_INFO(" Product: %s\n", ptp_usb->rawdevice.device_entry.product);
703 LIBMTP_INFO(" Vendor id: 0x%04x\n", ptp_usb->rawdevice.device_entry.product_id);
704 LIBMTP_INFO(" Device flags: 0x%08x\n", ptp_usb->rawdevice.device_entry.device_flags);
705 // TODO: (void) probe_device_descriptor(dev, stdout);
706 }
707
708 /**
709 * Retrieve the appropriate playlist extension for this
710 * device. Rather hacky at the moment. This is probably
711 * desired by the managing software, but when creating
712 * lists on the device itself you notice certain preferences.
713 * @param ptp_usb the USB device to get suggestion for.
714 * @return the suggested playlist extension.
715 */
get_playlist_extension(PTP_USB * ptp_usb)716 const char *get_playlist_extension(PTP_USB *ptp_usb) {
717 static char creative_pl_extension[] = ".zpl";
718 static char default_pl_extension[] = ".pla";
719 struct usb_device_desc desc;
720 openusb_parse_device_desc(libmtp_openusb_handle, *ptp_usb->handle, NULL, 0, &desc);
721 if (desc.idVendor == 0x041e)
722 return creative_pl_extension;
723 return default_pl_extension;
724 }
725
726 static void
libusb_glue_debug(PTPParams * params,const char * format,...)727 libusb_glue_debug(PTPParams *params, const char *format, ...) {
728 va_list args;
729
730 va_start(args, format);
731 if (params->debug_func != NULL)
732 params->debug_func(params->data, format, args);
733 else {
734 vfprintf(stderr, format, args);
735 fprintf(stderr, "\n");
736 fflush(stderr);
737 }
738 va_end(args);
739 }
740
741 static void
libusb_glue_error(PTPParams * params,const char * format,...)742 libusb_glue_error(PTPParams *params, const char *format, ...) {
743 va_list args;
744
745 va_start(args, format);
746 if (params->error_func != NULL)
747 params->error_func(params->data, format, args);
748 else {
749 vfprintf(stderr, format, args);
750 fprintf(stderr, "\n");
751 fflush(stderr);
752 }
753 va_end(args);
754 }
755
756
757 /*
758 * ptp_read_func() and ptp_write_func() are
759 * based on same functions usb.c in libgphoto2.
760 * Much reading packet logs and having fun with trials and errors
761 * reveals that WMP / Windows is probably using an algorithm like this
762 * for large transfers:
763 *
764 * 1. Send the command (0x0c bytes) if headers are split, else, send
765 * command plus sizeof(endpoint) - 0x0c bytes.
766 * 2. Send first packet, max size to be sizeof(endpoint) but only when using
767 * split headers. Else goto 3.
768 * 3. REPEAT send 0x10000 byte chunks UNTIL remaining bytes < 0x10000
769 * We call 0x10000 CONTEXT_BLOCK_SIZE.
770 * 4. Send remaining bytes MOD sizeof(endpoint)
771 * 5. Send remaining bytes. If this happens to be exactly sizeof(endpoint)
772 * then also send a zero-length package.
773 *
774 * Further there is some special quirks to handle zero reads from the
775 * device, since some devices can't do them at all due to shortcomings
776 * of the USB slave controller in the device.
777 */
778 #define CONTEXT_BLOCK_SIZE_1 0x3e00
779 #define CONTEXT_BLOCK_SIZE_2 0x200
780 #define CONTEXT_BLOCK_SIZE CONTEXT_BLOCK_SIZE_1+CONTEXT_BLOCK_SIZE_2
781
782 static short
ptp_read_func(unsigned long size,PTPDataHandler * handler,void * data,unsigned long * readbytes,int readzero)783 ptp_read_func(
784 unsigned long size, PTPDataHandler *handler, void *data,
785 unsigned long *readbytes,
786 int readzero
787 ) {
788 PTP_USB *ptp_usb = (PTP_USB *) data;
789 unsigned long toread = 0;
790 int ret = 0;
791 int xread;
792 unsigned long curread = 0;
793 unsigned long written;
794 unsigned char *bytes;
795 int expect_terminator_byte = 0;
796 unsigned long usb_inep_maxpacket_size;
797 unsigned long context_block_size_1;
798 unsigned long context_block_size_2;
799 uint16_t ptp_dev_vendor_id = ptp_usb->rawdevice.device_entry.vendor_id;
800
801 //"iRiver" device special handling
802 if (ptp_dev_vendor_id == 0x4102 || ptp_dev_vendor_id == 0x1006) {
803 usb_inep_maxpacket_size = ptp_usb->inep_maxpacket;
804 if (usb_inep_maxpacket_size == 0x400) {
805 context_block_size_1 = CONTEXT_BLOCK_SIZE_1 - 0x200;
806 context_block_size_2 = CONTEXT_BLOCK_SIZE_2 + 0x200;
807 }
808 else {
809 context_block_size_1 = CONTEXT_BLOCK_SIZE_1;
810 context_block_size_2 = CONTEXT_BLOCK_SIZE_2;
811 }
812 }
813 struct openusb_bulk_request bulk;
814 // This is the largest block we'll need to read in.
815 bytes = malloc(CONTEXT_BLOCK_SIZE);
816 while (curread < size) {
817
818 LIBMTP_USB_DEBUG("Remaining size to read: 0x%04lx bytes\n", size - curread);
819
820 // check equal to condition here
821 if (size - curread < CONTEXT_BLOCK_SIZE) {
822 // this is the last packet
823 toread = size - curread;
824 // this is equivalent to zero read for these devices
825 if (readzero && FLAG_NO_ZERO_READS(ptp_usb) && (toread % ptp_usb->inep_maxpacket == 0)) {
826 toread += 1;
827 expect_terminator_byte = 1;
828 }
829 } else if (ptp_dev_vendor_id == 0x4102 || ptp_dev_vendor_id == 0x1006) {
830 //"iRiver" device special handling
831 if (curread == 0)
832 // we are first packet, but not last packet
833 toread = context_block_size_1;
834 else if (toread == context_block_size_1)
835 toread = context_block_size_2;
836 else if (toread == context_block_size_2)
837 toread = context_block_size_1;
838 else
839 LIBMTP_INFO("unexpected toread size 0x%04x, 0x%04x remaining bytes\n",
840 (unsigned int) toread, (unsigned int) (size - curread));
841 }
842 else
843 toread = CONTEXT_BLOCK_SIZE;
844
845 LIBMTP_USB_DEBUG("Reading in 0x%04lx bytes\n", toread);
846
847 /*
848 ret = USB_BULK_READ(ptp_usb->handle,
849 ptp_usb->inep,
850 bytes,
851 toread,
852 &xread,
853 ptp_usb->timeout);
854 */
855 bulk.payload = bytes;
856 bulk.length = toread;
857 bulk.timeout = ptp_usb->timeout;
858 bulk.flags = 0;
859 bulk.next = NULL;
860 ret = openusb_bulk_xfer(*ptp_usb->handle, ptp_usb->interface, ptp_usb->inep, &bulk);
861 xread = bulk.result.transferred_bytes;
862 LIBMTP_USB_DEBUG("Result of read: 0x%04x (%d bytes)\n", ret, xread);
863
864 if (ret != OPENUSB_SUCCESS)
865 return PTP_ERROR_IO;
866
867 LIBMTP_USB_DEBUG("<==USB IN\n");
868 if (xread == 0)
869 LIBMTP_USB_DEBUG("Zero Read\n");
870 else
871 LIBMTP_USB_DATA(bytes, xread, 16);
872
873 // want to discard extra byte
874 if (expect_terminator_byte && xread == toread) {
875 LIBMTP_USB_DEBUG("<==USB IN\nDiscarding extra byte\n");
876
877 xread--;
878 }
879
880 int putfunc_ret = handler->putfunc(NULL, handler->priv, xread, bytes);
881 LIBMTP_USB_DEBUG("handler->putfunc ret = 0x%x\n", putfunc_ret);
882 if (putfunc_ret != PTP_RC_OK)
883 return putfunc_ret;
884
885 ptp_usb->current_transfer_complete += xread;
886 curread += xread;
887
888 // Increase counters, call callback
889 if (ptp_usb->callback_active) {
890 if (ptp_usb->current_transfer_complete >= ptp_usb->current_transfer_total) {
891 // send last update and disable callback.
892 ptp_usb->current_transfer_complete = ptp_usb->current_transfer_total;
893 ptp_usb->callback_active = 0;
894 }
895 if (ptp_usb->current_transfer_callback != NULL) {
896 int ret;
897 ret = ptp_usb->current_transfer_callback(ptp_usb->current_transfer_complete,
898 ptp_usb->current_transfer_total,
899 ptp_usb->current_transfer_callback_data);
900 if (ret != 0) {
901 return PTP_ERROR_CANCEL;
902 }
903 }
904 }
905
906 if (xread < toread) /* short reads are common */
907 break;
908 }
909 if (readbytes) *readbytes = curread;
910 free(bytes);
911 LIBMTP_USB_DEBUG("Pointer Updated\n");
912 // there might be a zero packet waiting for us...
913 if (readzero &&
914 !FLAG_NO_ZERO_READS(ptp_usb) &&
915 curread % ptp_usb->outep_maxpacket == 0) {
916 unsigned char temp;
917 int zeroresult = 0, xread;
918
919 LIBMTP_USB_DEBUG("<==USB IN\n");
920 LIBMTP_USB_DEBUG("Zero Read\n");
921
922 /*
923 zeroresult = USB_BULK_READ(ptp_usb->handle,
924 ptp_usb->inep,
925 &temp,
926 0,
927 &xread,
928 ptp_usb->timeout);
929 */
930 bulk.payload = &temp;
931 bulk.length = 0;
932 bulk.timeout = ptp_usb->timeout;
933 bulk.flags = 0;
934 bulk.next = NULL;
935 ret = openusb_bulk_xfer(*ptp_usb->handle, ptp_usb->interface, ptp_usb->inep, &bulk);
936 xread = bulk.result.transferred_bytes;
937 if (zeroresult != OPENUSB_SUCCESS)
938 LIBMTP_INFO("LIBMTP panic: unable to read in zero packet, response 0x%04x", zeroresult);
939 }
940 return PTP_RC_OK;
941 }
942
943 static short
ptp_write_func(unsigned long size,PTPDataHandler * handler,void * data,unsigned long * written)944 ptp_write_func(
945 unsigned long size,
946 PTPDataHandler *handler,
947 void *data,
948 unsigned long *written
949 ) {
950 PTP_USB *ptp_usb = (PTP_USB *) data;
951 unsigned long towrite = 0;
952 int ret = 0;
953 unsigned long curwrite = 0;
954 unsigned char *bytes;
955
956 struct openusb_bulk_request bulk;
957
958 // This is the largest block we'll need to read in.
959 bytes = malloc(CONTEXT_BLOCK_SIZE);
960 if (!bytes) {
961 return PTP_ERROR_IO;
962 }
963 while (curwrite < size) {
964 unsigned long usbwritten = 0;
965 int xwritten;
966
967 towrite = size - curwrite;
968 if (towrite > CONTEXT_BLOCK_SIZE) {
969 towrite = CONTEXT_BLOCK_SIZE;
970 } else {
971 // This magic makes packets the same size that WMP send them.
972 if (towrite > ptp_usb->outep_maxpacket && towrite % ptp_usb->outep_maxpacket != 0) {
973 towrite -= towrite % ptp_usb->outep_maxpacket;
974 }
975 }
976 int getfunc_ret = handler->getfunc(NULL, handler->priv, towrite, bytes, &towrite);
977 if (getfunc_ret != PTP_RC_OK)
978 return getfunc_ret;
979 while (usbwritten < towrite) {
980 /*
981 ret = USB_BULK_WRITE(ptp_usb->handle,
982 ptp_usb->outep,
983 bytes + usbwritten,
984 towrite - usbwritten,
985 &xwritten,
986 ptp_usb->timeout);
987 */
988 bulk.payload = bytes + usbwritten;
989 bulk.length = towrite - usbwritten;
990 bulk.timeout = ptp_usb->timeout;
991 bulk.flags = 0;
992 bulk.next = NULL;
993 ret = openusb_bulk_xfer(*ptp_usb->handle, ptp_usb->interface, ptp_usb->outep, &bulk);
994 xwritten = bulk.result.transferred_bytes;
995
996 LIBMTP_USB_DEBUG("USB OUT==>\n");
997
998 if (ret != OPENUSB_SUCCESS) {
999 return PTP_ERROR_IO;
1000 }
1001 LIBMTP_USB_DATA(bytes + usbwritten, xwritten, 16);
1002 // check for result == 0 perhaps too.
1003 // Increase counters
1004 ptp_usb->current_transfer_complete += xwritten;
1005 curwrite += xwritten;
1006 usbwritten += xwritten;
1007 }
1008 // call callback
1009 if (ptp_usb->callback_active) {
1010 if (ptp_usb->current_transfer_complete >= ptp_usb->current_transfer_total) {
1011 // send last update and disable callback.
1012 ptp_usb->current_transfer_complete = ptp_usb->current_transfer_total;
1013 ptp_usb->callback_active = 0;
1014 }
1015 if (ptp_usb->current_transfer_callback != NULL) {
1016 int ret;
1017 ret = ptp_usb->current_transfer_callback(ptp_usb->current_transfer_complete,
1018 ptp_usb->current_transfer_total,
1019 ptp_usb->current_transfer_callback_data);
1020 if (ret != 0) {
1021 return PTP_ERROR_CANCEL;
1022 }
1023 }
1024 }
1025 if (xwritten < towrite) /* short writes happen */
1026 break;
1027 }
1028 free(bytes);
1029 if (written) {
1030 *written = curwrite;
1031 }
1032
1033 // If this is the last transfer send a zero write if required
1034 if (ptp_usb->current_transfer_complete >= ptp_usb->current_transfer_total) {
1035 if ((towrite % ptp_usb->outep_maxpacket) == 0) {
1036 int xwritten;
1037
1038 LIBMTP_USB_DEBUG("USB OUT==>\n");
1039 LIBMTP_USB_DEBUG("Zero Write\n");
1040
1041 /*
1042 ret = USB_BULK_WRITE(ptp_usb->handle,
1043 ptp_usb->outep,
1044 (unsigned char *) "x",
1045 0,
1046 &xwritten,
1047 ptp_usb->timeout);
1048 */
1049 bulk.payload = (unsigned char *) "x";
1050 bulk.length = 0;
1051 bulk.timeout = ptp_usb->timeout;
1052 bulk.flags = 0;
1053 bulk.next = NULL;
1054 ret = openusb_bulk_xfer(*ptp_usb->handle, ptp_usb->interface, ptp_usb->outep, &bulk);
1055 xwritten = bulk.result.transferred_bytes;
1056 }
1057 }
1058
1059 if (ret != OPENUSB_SUCCESS)
1060 return PTP_ERROR_IO;
1061 return PTP_RC_OK;
1062 }
1063
1064 /* memory data get/put handler */
1065 typedef struct {
1066 unsigned char *data;
1067 unsigned long size, curoff;
1068 } PTPMemHandlerPrivate;
1069
1070 static uint16_t
memory_getfunc(PTPParams * params,void * private,unsigned long wantlen,unsigned char * data,unsigned long * gotlen)1071 memory_getfunc(PTPParams* params, void* private,
1072 unsigned long wantlen, unsigned char *data,
1073 unsigned long *gotlen
1074 ) {
1075 PTPMemHandlerPrivate* priv = (PTPMemHandlerPrivate*) private;
1076 unsigned long tocopy = wantlen;
1077
1078 if (priv->curoff + tocopy > priv->size)
1079 tocopy = priv->size - priv->curoff;
1080 memcpy(data, priv->data + priv->curoff, tocopy);
1081 priv->curoff += tocopy;
1082 *gotlen = tocopy;
1083 return PTP_RC_OK;
1084 }
1085
1086 static uint16_t
memory_putfunc(PTPParams * params,void * private,unsigned long sendlen,unsigned char * data)1087 memory_putfunc(PTPParams* params, void* private,
1088 unsigned long sendlen, unsigned char *data
1089 ) {
1090 PTPMemHandlerPrivate* priv = (PTPMemHandlerPrivate*) private;
1091
1092 if (priv->curoff + sendlen > priv->size) {
1093 priv->data = realloc(priv->data, priv->curoff + sendlen);
1094 priv->size = priv->curoff + sendlen;
1095 }
1096 memcpy(priv->data + priv->curoff, data, sendlen);
1097 priv->curoff += sendlen;
1098 return PTP_RC_OK;
1099 }
1100
1101 /* init private struct for receiving data. */
1102 static uint16_t
ptp_init_recv_memory_handler(PTPDataHandler * handler)1103 ptp_init_recv_memory_handler(PTPDataHandler *handler) {
1104 PTPMemHandlerPrivate* priv;
1105 priv = malloc(sizeof (PTPMemHandlerPrivate));
1106 handler->priv = priv;
1107 handler->getfunc = memory_getfunc;
1108 handler->putfunc = memory_putfunc;
1109 priv->data = NULL;
1110 priv->size = 0;
1111 priv->curoff = 0;
1112 return PTP_RC_OK;
1113 }
1114
1115 /* init private struct and put data in for sending data.
1116 * data is still owned by caller.
1117 */
1118 static uint16_t
ptp_init_send_memory_handler(PTPDataHandler * handler,unsigned char * data,unsigned long len)1119 ptp_init_send_memory_handler(PTPDataHandler *handler,
1120 unsigned char *data, unsigned long len
1121 ) {
1122 PTPMemHandlerPrivate* priv;
1123 priv = malloc(sizeof (PTPMemHandlerPrivate));
1124 if (!priv){
1125 return PTP_RC_GeneralError;
1126 }
1127 handler->priv = priv;
1128 handler->getfunc = memory_getfunc;
1129 handler->putfunc = memory_putfunc;
1130 priv->data = data;
1131 priv->size = len;
1132 priv->curoff = 0;
1133 return PTP_RC_OK;
1134 }
1135
1136 /* free private struct + data */
1137 static uint16_t
ptp_exit_send_memory_handler(PTPDataHandler * handler)1138 ptp_exit_send_memory_handler(PTPDataHandler *handler) {
1139 PTPMemHandlerPrivate* priv = (PTPMemHandlerPrivate*) handler->priv;
1140 /* data is owned by caller */
1141 free(priv);
1142 return PTP_RC_OK;
1143 }
1144
1145 /* hand over our internal data to caller */
1146 static uint16_t
ptp_exit_recv_memory_handler(PTPDataHandler * handler,unsigned char ** data,unsigned long * size)1147 ptp_exit_recv_memory_handler(PTPDataHandler *handler,
1148 unsigned char **data, unsigned long *size
1149 ) {
1150 PTPMemHandlerPrivate* priv = (PTPMemHandlerPrivate*) handler->priv;
1151 *data = priv->data;
1152 *size = priv->size;
1153 free(priv);
1154 return PTP_RC_OK;
1155 }
1156
1157 /* send / receive functions */
1158
1159 uint16_t
ptp_usb_sendreq(PTPParams * params,PTPContainer * req,int dataphase)1160 ptp_usb_sendreq(PTPParams* params, PTPContainer* req, int dataphase) {
1161 uint16_t ret;
1162 PTPUSBBulkContainer usbreq;
1163 PTPDataHandler memhandler;
1164 unsigned long written = 0;
1165 unsigned long towrite;
1166
1167 LIBMTP_USB_DEBUG("REQUEST: 0x%04x, %s\n", req->Code, ptp_get_opcode_name(params, req->Code));
1168
1169 /* build appropriate USB container */
1170 usbreq.length = htod32(PTP_USB_BULK_REQ_LEN -
1171 (sizeof (uint32_t)*(5 - req->Nparam)));
1172 usbreq.type = htod16(PTP_USB_CONTAINER_COMMAND);
1173 usbreq.code = htod16(req->Code);
1174 usbreq.trans_id = htod32(req->Transaction_ID);
1175 usbreq.payload.params.param1 = htod32(req->Param1);
1176 usbreq.payload.params.param2 = htod32(req->Param2);
1177 usbreq.payload.params.param3 = htod32(req->Param3);
1178 usbreq.payload.params.param4 = htod32(req->Param4);
1179 usbreq.payload.params.param5 = htod32(req->Param5);
1180 /* send it to responder */
1181 towrite = PTP_USB_BULK_REQ_LEN - (sizeof (uint32_t)*(5 - req->Nparam));
1182 ptp_init_send_memory_handler(&memhandler, (unsigned char*) &usbreq, towrite);
1183 ret = ptp_write_func(
1184 towrite,
1185 &memhandler,
1186 params->data,
1187 &written
1188 );
1189 ptp_exit_send_memory_handler(&memhandler);
1190 if (ret != PTP_RC_OK && ret != PTP_ERROR_CANCEL) {
1191 ret = PTP_ERROR_IO;
1192 }
1193 if (written != towrite && ret != PTP_ERROR_CANCEL && ret != PTP_ERROR_IO) {
1194 libusb_glue_error(params,
1195 "PTP: request code 0x%04x sending req wrote only %ld bytes instead of %d",
1196 req->Code, written, towrite
1197 );
1198 ret = PTP_ERROR_IO;
1199 }
1200 return ret;
1201 }
1202
1203 uint16_t
ptp_usb_senddata(PTPParams * params,PTPContainer * ptp,uint64_t size,PTPDataHandler * handler)1204 ptp_usb_senddata(PTPParams* params, PTPContainer* ptp,
1205 uint64_t size, PTPDataHandler *handler
1206 ) {
1207 uint16_t ret;
1208 int wlen, datawlen;
1209 unsigned long written;
1210 PTPUSBBulkContainer usbdata;
1211 uint64_t bytes_left_to_transfer;
1212 PTPDataHandler memhandler;
1213 unsigned long packet_size;
1214 PTP_USB *ptp_usb = (PTP_USB *) params->data;
1215
1216 packet_size = ptp_usb->outep_maxpacket;
1217
1218 LIBMTP_USB_DEBUG("SEND DATA PHASE\n");
1219
1220 /* build appropriate USB container */
1221 usbdata.length = htod32(PTP_USB_BULK_HDR_LEN + size);
1222 usbdata.type = htod16(PTP_USB_CONTAINER_DATA);
1223 usbdata.code = htod16(ptp->Code);
1224 usbdata.trans_id = htod32(ptp->Transaction_ID);
1225
1226 ((PTP_USB*) params->data)->current_transfer_complete = 0;
1227 ((PTP_USB*) params->data)->current_transfer_total = size + PTP_USB_BULK_HDR_LEN;
1228
1229 if (params->split_header_data) {
1230 datawlen = 0;
1231 wlen = PTP_USB_BULK_HDR_LEN;
1232 } else {
1233 unsigned long gotlen;
1234 /* For all camera devices. */
1235 datawlen = (size < PTP_USB_BULK_PAYLOAD_LEN_WRITE) ? size : PTP_USB_BULK_PAYLOAD_LEN_WRITE;
1236 wlen = PTP_USB_BULK_HDR_LEN + datawlen;
1237
1238 ret = handler->getfunc(params, handler->priv, datawlen, usbdata.payload.data, &gotlen);
1239 if (ret != PTP_RC_OK){
1240 return ret;
1241 }
1242
1243 if (gotlen != datawlen){
1244 return PTP_RC_GeneralError;
1245 }
1246 }
1247 ptp_init_send_memory_handler(&memhandler, (unsigned char *) &usbdata, wlen);
1248 /* send first part of data */
1249 ret = ptp_write_func(wlen, &memhandler, params->data, &written);
1250 ptp_exit_send_memory_handler(&memhandler);
1251 if (ret != PTP_RC_OK) {
1252 return ret;
1253 }
1254 if (size <= datawlen) return ret;
1255 /* if everything OK send the rest */
1256 bytes_left_to_transfer = size - datawlen;
1257 ret = PTP_RC_OK;
1258 while (bytes_left_to_transfer > 0) {
1259 unsigned long max_long_transfer = ULONG_MAX + 1 - packet_size;
1260 ret = ptp_write_func (bytes_left_to_transfer > max_long_transfer ? max_long_transfer : bytes_left_to_transfer,
1261 handler, params->data, &written);
1262 if (ret != PTP_RC_OK){
1263 break;
1264 }
1265 if (written == 0) {
1266 ret = PTP_ERROR_IO;
1267 break;
1268 }
1269 bytes_left_to_transfer -= written;
1270 }
1271 if (ret != PTP_RC_OK && ret != PTP_ERROR_CANCEL)
1272 ret = PTP_ERROR_IO;
1273 return ret;
1274 }
1275
ptp_usb_getpacket(PTPParams * params,PTPUSBBulkContainer * packet,unsigned long * rlen)1276 static uint16_t ptp_usb_getpacket(PTPParams *params,
1277 PTPUSBBulkContainer *packet, unsigned long *rlen) {
1278 PTPDataHandler memhandler;
1279 uint16_t ret;
1280 unsigned char *x = NULL;
1281 unsigned long packet_size;
1282 PTP_USB *ptp_usb = (PTP_USB *) params->data;
1283
1284 packet_size = ptp_usb->inep_maxpacket;
1285
1286 /* read the header and potentially the first data */
1287 if (params->response_packet_size > 0) {
1288 /* If there is a buffered packet, just use it. */
1289 memcpy(packet, params->response_packet, params->response_packet_size);
1290 *rlen = params->response_packet_size;
1291 free(params->response_packet);
1292 params->response_packet = NULL;
1293 params->response_packet_size = 0;
1294 /* Here this signifies a "virtual read" */
1295 return PTP_RC_OK;
1296 }
1297 ptp_init_recv_memory_handler(&memhandler);
1298 ret = ptp_read_func(packet_size, &memhandler, params->data, rlen, 0);
1299 ptp_exit_recv_memory_handler(&memhandler, &x, rlen);
1300 if (x) {
1301 memcpy(packet, x, *rlen);
1302 free(x);
1303 }
1304 return ret;
1305 }
1306
1307 uint16_t
ptp_usb_getdata(PTPParams * params,PTPContainer * ptp,PTPDataHandler * handler)1308 ptp_usb_getdata(PTPParams* params, PTPContainer* ptp, PTPDataHandler *handler) {
1309 uint16_t ret;
1310 PTPUSBBulkContainer usbdata;
1311 unsigned long written;
1312 PTP_USB *ptp_usb = (PTP_USB *) params->data;
1313 int putfunc_ret;
1314
1315 LIBMTP_USB_DEBUG("GET DATA PHASE\n");
1316
1317 struct openusb_bulk_request bulk;
1318
1319 memset(&usbdata, 0, sizeof (usbdata));
1320 do {
1321 unsigned long len, rlen;
1322
1323 ret = ptp_usb_getpacket(params, &usbdata, &rlen);
1324 if (ret != PTP_RC_OK) {
1325 ret = PTP_ERROR_IO;
1326 break;
1327 }
1328 if (dtoh16(usbdata.type) != PTP_USB_CONTAINER_DATA) {
1329 ret = PTP_ERROR_DATA_EXPECTED;
1330 break;
1331 }
1332 if (dtoh16(usbdata.code) != ptp->Code) {
1333 if (FLAG_IGNORE_HEADER_ERRORS(ptp_usb)) {
1334 libusb_glue_debug(params, "ptp2/ptp_usb_getdata: detected a broken "
1335 "PTP header, code field insane, expect problems! (But continuing)");
1336 // Repair the header, so it won't wreak more havoc, don't just ignore it.
1337 // Typically these two fields will be broken.
1338 usbdata.code = htod16(ptp->Code);
1339 usbdata.trans_id = htod32(ptp->Transaction_ID);
1340 ret = PTP_RC_OK;
1341 } else {
1342 ret = dtoh16(usbdata.code);
1343 // This filters entirely insane garbage return codes, but still
1344 // makes it possible to return error codes in the code field when
1345 // getting data. It appears Windows ignores the contents of this
1346 // field entirely.
1347 if (ret < PTP_RC_Undefined || ret > PTP_RC_SpecificationOfDestinationUnsupported) {
1348 libusb_glue_debug(params, "ptp2/ptp_usb_getdata: detected a broken "
1349 "PTP header, code field insane.");
1350 ret = PTP_ERROR_IO;
1351 }
1352 break;
1353 }
1354 }
1355 if (rlen == ptp_usb->inep_maxpacket) {
1356 /* Copy first part of data to 'data' */
1357 putfunc_ret =
1358 handler->putfunc(
1359 params, handler->priv, rlen - PTP_USB_BULK_HDR_LEN, usbdata.payload.data
1360 );
1361 if (putfunc_ret != PTP_RC_OK)
1362 return putfunc_ret;
1363
1364 /* stuff data directly to passed data handler */
1365 while (1) {
1366 unsigned long readdata;
1367 uint16_t xret;
1368
1369 xret = ptp_read_func(
1370 0x20000000,
1371 handler,
1372 params->data,
1373 &readdata,
1374 0
1375 );
1376 if (xret != PTP_RC_OK)
1377 return xret;
1378 if (readdata < 0x20000000)
1379 break;
1380 }
1381 return PTP_RC_OK;
1382 }
1383 if (rlen > dtoh32(usbdata.length)) {
1384 /*
1385 * Buffer the surplus response packet if it is >=
1386 * PTP_USB_BULK_HDR_LEN
1387 * (i.e. it is probably an entire package)
1388 * else discard it as erroneous surplus data.
1389 * This will even work if more than 2 packets appear
1390 * in the same transaction, they will just be handled
1391 * iteratively.
1392 *
1393 * Marcus observed stray bytes on iRiver devices;
1394 * these are still discarded.
1395 */
1396 unsigned int packlen = dtoh32(usbdata.length);
1397 unsigned int surplen = rlen - packlen;
1398
1399 if (surplen >= PTP_USB_BULK_HDR_LEN) {
1400 params->response_packet = malloc(surplen);
1401 memcpy(params->response_packet,
1402 (uint8_t *) & usbdata + packlen, surplen);
1403 params->response_packet_size = surplen;
1404 /* Ignore reading one extra byte if device flags have been set */
1405 } else if (!FLAG_NO_ZERO_READS(ptp_usb) &&
1406 (rlen - dtoh32(usbdata.length) == 1)) {
1407 libusb_glue_debug(params, "ptp2/ptp_usb_getdata: read %d bytes "
1408 "too much, expect problems!",
1409 rlen - dtoh32(usbdata.length));
1410 }
1411 rlen = packlen;
1412 }
1413
1414 /* For most PTP devices rlen is 512 == sizeof(usbdata)
1415 * here. For MTP devices splitting header and data it might
1416 * be 12.
1417 */
1418 /* Evaluate full data length. */
1419 len = dtoh32(usbdata.length) - PTP_USB_BULK_HDR_LEN;
1420
1421 /* autodetect split header/data MTP devices */
1422 if (dtoh32(usbdata.length) > 12 && (rlen == 12))
1423 params->split_header_data = 1;
1424
1425 /* Copy first part of data to 'data' */
1426 putfunc_ret =
1427 handler->putfunc(
1428 params, handler->priv, rlen - PTP_USB_BULK_HDR_LEN,
1429 usbdata.payload.data
1430 );
1431 if (putfunc_ret != PTP_RC_OK)
1432 return putfunc_ret;
1433
1434 if (FLAG_NO_ZERO_READS(ptp_usb) &&
1435 len + PTP_USB_BULK_HDR_LEN == ptp_usb->inep_maxpacket) {
1436
1437 LIBMTP_USB_DEBUG("Reading in extra terminating byte\n");
1438
1439 // need to read in extra byte and discard it
1440 int result = 0, xread;
1441 unsigned char byte = 0;
1442
1443 /*
1444 result = USB_BULK_READ(ptp_usb->handle,
1445 ptp_usb->inep,
1446 &byte,
1447 1,
1448 &xread,
1449 ptp_usb->timeout);
1450 */
1451
1452 bulk.payload = &byte;
1453 bulk.length = 1;
1454 bulk.timeout = ptp_usb->timeout;
1455 bulk.flags = 0;
1456 bulk.next = NULL;
1457 result = openusb_bulk_xfer(*ptp_usb->handle, ptp_usb->interface, ptp_usb->inep, &bulk);
1458 xread = bulk.result.transferred_bytes;
1459
1460 if (result != 1)
1461 LIBMTP_INFO("Could not read in extra byte for %d bytes long file, return value 0x%04x\n", ptp_usb->inep_maxpacket, result);
1462 } else if (len + PTP_USB_BULK_HDR_LEN == ptp_usb->inep_maxpacket && params->split_header_data == 0) {
1463 int zeroresult = 0, xread;
1464 unsigned char zerobyte = 0;
1465
1466 LIBMTP_INFO("Reading in zero packet after header\n");
1467 /*
1468 zeroresult = USB_BULK_READ(ptp_usb->handle,
1469 ptp_usb->inep,
1470 &zerobyte,
1471 0,
1472 &xread,
1473 ptp_usb->timeout);
1474 */
1475
1476 bulk.payload = &zerobyte;
1477 bulk.length = 0;
1478 bulk.timeout = ptp_usb->timeout;
1479 bulk.flags = 0;
1480 bulk.next = NULL;
1481 zeroresult = openusb_bulk_xfer(*ptp_usb->handle, ptp_usb->interface, ptp_usb->inep, &bulk);
1482 xread = bulk.result.transferred_bytes;
1483
1484 if (zeroresult != 0)
1485 LIBMTP_INFO("LIBMTP panic: unable to read in zero packet, response 0x%04x", zeroresult);
1486 }
1487
1488 /* Is that all of data? */
1489 if (len + PTP_USB_BULK_HDR_LEN <= rlen) {
1490 break;
1491 }
1492
1493 ret = ptp_read_func(len - (rlen - PTP_USB_BULK_HDR_LEN),
1494 handler,
1495 params->data, &rlen, 1);
1496
1497 if (ret != PTP_RC_OK) {
1498 break;
1499 }
1500 } while (0);
1501 return ret;
1502 }
1503
1504 uint16_t
ptp_usb_getresp(PTPParams * params,PTPContainer * resp)1505 ptp_usb_getresp(PTPParams* params, PTPContainer* resp) {
1506 uint16_t ret;
1507 unsigned long rlen;
1508 PTPUSBBulkContainer usbresp;
1509 PTP_USB *ptp_usb = (PTP_USB *) (params->data);
1510
1511
1512 LIBMTP_USB_DEBUG("RESPONSE: ");
1513 memset(&usbresp, 0, sizeof (usbresp));
1514 /* read response, it should never be longer than sizeof(usbresp) */
1515 ret = ptp_usb_getpacket(params, &usbresp, &rlen);
1516 // Fix for bevahiour reported by Scott Snyder on Samsung YP-U3. The player
1517 // sends a packet containing just zeroes of length 2 (up to 4 has been seen too)
1518 // after a NULL packet when it should send the response. This code ignores
1519 // such illegal packets.
1520 while (ret == PTP_RC_OK && rlen < PTP_USB_BULK_HDR_LEN && usbresp.length == 0) {
1521 libusb_glue_debug(params, "ptp_usb_getresp: detected short response "
1522 "of %d bytes, expect problems! (re-reading "
1523 "response), rlen");
1524 ret = ptp_usb_getpacket(params, &usbresp, &rlen);
1525 }
1526 if (ret != PTP_RC_OK) {
1527 ret = PTP_ERROR_IO;
1528 } else
1529 if (dtoh16(usbresp.type) != PTP_USB_CONTAINER_RESPONSE) {
1530 ret = PTP_ERROR_RESP_EXPECTED;
1531 } else
1532 if (dtoh16(usbresp.code) != resp->Code) {
1533 ret = dtoh16(usbresp.code);
1534 }
1535
1536 LIBMTP_USB_DEBUG("%04x\n", ret);
1537 if (ret != PTP_RC_OK) {
1538 /* libusb_glue_error (params,
1539 "PTP: request code 0x%04x getting resp error 0x%04x",
1540 resp->Code, ret);*/
1541 return ret;
1542 }
1543 /* build an appropriate PTPContainer */
1544 resp->Code = dtoh16(usbresp.code);
1545 resp->SessionID = params->session_id;
1546 resp->Transaction_ID = dtoh32(usbresp.trans_id);
1547 if (FLAG_IGNORE_HEADER_ERRORS(ptp_usb)) {
1548 if (resp->Transaction_ID != params->transaction_id - 1) {
1549 libusb_glue_debug(params, "ptp_usb_getresp: detected a broken "
1550 "PTP header, transaction ID insane, expect "
1551 "problems! (But continuing)");
1552 // Repair the header, so it won't wreak more havoc.
1553 resp->Transaction_ID = params->transaction_id - 1;
1554 }
1555 }
1556 resp->Param1 = dtoh32(usbresp.payload.params.param1);
1557 resp->Param2 = dtoh32(usbresp.payload.params.param2);
1558 resp->Param3 = dtoh32(usbresp.payload.params.param3);
1559 resp->Param4 = dtoh32(usbresp.payload.params.param4);
1560 resp->Param5 = dtoh32(usbresp.payload.params.param5);
1561 return ret;
1562 }
1563
1564 /* Event handling functions */
1565
1566 /* PTP Events wait for or check mode */
1567 #define PTP_EVENT_CHECK 0x0000 /* waits for */
1568 #define PTP_EVENT_CHECK_FAST 0x0001 /* checks */
1569
1570 static inline uint16_t
ptp_usb_event(PTPParams * params,PTPContainer * event,int wait)1571 ptp_usb_event(PTPParams* params, PTPContainer* event, int wait) {
1572 uint16_t ret;
1573 int result, xread;
1574 unsigned long rlen;
1575 PTPUSBEventContainer usbevent;
1576 PTP_USB *ptp_usb = (PTP_USB *) (params->data);
1577
1578 struct openusb_bulk_request bulk;
1579
1580 memset(&usbevent, 0, sizeof (usbevent));
1581
1582 if ((params == NULL) || (event == NULL))
1583 return PTP_ERROR_BADPARAM;
1584 ret = PTP_RC_OK;
1585 switch (wait) {
1586 case PTP_EVENT_CHECK:
1587
1588 /*
1589 result = USB_BULK_READ(ptp_usb->handle,
1590 ptp_usb->intep,
1591 (unsigned char *) &usbevent,
1592 sizeof (usbevent),
1593 &xread,
1594 0);
1595 */
1596 bulk.payload = (unsigned char *) &usbevent;
1597 bulk.length = sizeof (usbevent);
1598 bulk.timeout = ptp_usb->timeout;
1599 bulk.flags = 0;
1600 bulk.next = NULL;
1601 result = openusb_bulk_xfer(*ptp_usb->handle, ptp_usb->interface, ptp_usb->intep, &bulk);
1602 xread = bulk.result.transferred_bytes;
1603
1604 if (result == 0) {
1605 /*
1606 result = USB_BULK_READ(ptp_usb->handle,
1607 ptp_usb->intep,
1608 (unsigned char *) &usbevent,
1609 sizeof (usbevent),
1610 &xread,
1611 0);
1612 */
1613 bulk.payload = (unsigned char *) &usbevent;
1614 bulk.length = sizeof (usbevent);
1615 bulk.timeout = ptp_usb->timeout;
1616 bulk.flags = 0;
1617 bulk.next = NULL;
1618 result = openusb_bulk_xfer(*ptp_usb->handle, ptp_usb->interface, ptp_usb->intep, &bulk);
1619 xread = bulk.result.transferred_bytes;
1620 }
1621 if (result < 0) ret = PTP_ERROR_IO;
1622 break;
1623 case PTP_EVENT_CHECK_FAST:
1624 /*
1625 result = USB_BULK_READ(ptp_usb->handle,
1626 ptp_usb->intep,
1627 (unsigned char *) &usbevent,
1628 sizeof (usbevent),
1629 &xread,
1630 ptp_usb->timeout);
1631 */
1632 bulk.payload = (unsigned char *) &usbevent;
1633 bulk.length = sizeof (usbevent);
1634 bulk.timeout = ptp_usb->timeout;
1635 bulk.flags = 0;
1636 bulk.next = NULL;
1637 result = openusb_bulk_xfer(*ptp_usb->handle, ptp_usb->interface, ptp_usb->intep, &bulk);
1638 xread = bulk.result.transferred_bytes;
1639
1640 if (result == 0) {
1641 /*
1642 result = USB_BULK_READ(ptp_usb->handle,
1643 ptp_usb->intep,
1644 (unsigned char *) &usbevent,
1645 sizeof (usbevent),
1646 &xread,
1647 ptp_usb->timeout);
1648 */
1649 bulk.payload = (unsigned char *) &usbevent;
1650 bulk.length = sizeof (usbevent);
1651 bulk.timeout = ptp_usb->timeout;
1652 bulk.flags = 0;
1653 bulk.next = NULL;
1654 result = openusb_bulk_xfer(*ptp_usb->handle, ptp_usb->interface, ptp_usb->intep, &bulk);
1655 xread = bulk.result.transferred_bytes;
1656 }
1657 if (result < 0) ret = PTP_ERROR_IO;
1658 break;
1659 default:
1660 ret = PTP_ERROR_BADPARAM;
1661 break;
1662 }
1663 if (ret != PTP_RC_OK) {
1664 libusb_glue_error(params,
1665 "PTP: reading event an error 0x%04x occurred", ret);
1666 return PTP_ERROR_IO;
1667 }
1668 rlen = result;
1669 if (rlen < 8) {
1670 libusb_glue_error(params,
1671 "PTP: reading event an short read of %ld bytes occurred", rlen);
1672 return PTP_ERROR_IO;
1673 }
1674 /* if we read anything over interrupt endpoint it must be an event */
1675 /* build an appropriate PTPContainer */
1676 event->Code = dtoh16(usbevent.code);
1677 event->SessionID = params->session_id;
1678 event->Transaction_ID = dtoh32(usbevent.trans_id);
1679 event->Param1 = dtoh32(usbevent.param1);
1680 event->Param2 = dtoh32(usbevent.param2);
1681 event->Param3 = dtoh32(usbevent.param3);
1682 return ret;
1683 }
1684
1685 uint16_t
ptp_usb_event_check(PTPParams * params,PTPContainer * event)1686 ptp_usb_event_check(PTPParams* params, PTPContainer* event) {
1687
1688 return ptp_usb_event(params, event, PTP_EVENT_CHECK_FAST);
1689 }
1690
1691 uint16_t
ptp_usb_event_wait(PTPParams * params,PTPContainer * event)1692 ptp_usb_event_wait(PTPParams* params, PTPContainer* event) {
1693
1694 return ptp_usb_event(params, event, PTP_EVENT_CHECK);
1695 }
1696
1697 uint16_t
ptp_usb_event_async(PTPParams * params,PTPEventCbFn cb,void * user_data)1698 ptp_usb_event_async (PTPParams* params, PTPEventCbFn cb, void *user_data) {
1699 /* Unsupported */
1700 return PTP_ERROR_CANCEL;
1701 }
1702
LIBMTP_Handle_Events_Timeout_Completed(struct timeval * tv,int * completed)1703 int LIBMTP_Handle_Events_Timeout_Completed(struct timeval *tv, int *completed) {
1704 /* Unsupported */
1705 return -12;
1706 }
1707
1708 uint16_t
ptp_usb_control_cancel_request(PTPParams * params,uint32_t transactionid)1709 ptp_usb_control_cancel_request(PTPParams *params, uint32_t transactionid) {
1710 PTP_USB *ptp_usb = (PTP_USB *) (params->data);
1711 int ret;
1712 unsigned char buffer[6];
1713
1714 htod16a(&buffer[0], PTP_EC_CancelTransaction);
1715 htod32a(&buffer[2], transactionid);
1716 /*
1717 ret = libusb_control_transfer(ptp_usb->handle,
1718 LIBUSB_REQUEST_TYPE_CLASS | LIBUSB_RECIPIENT_INTERFACE,
1719 0x64, 0x0000, 0x0000,
1720 buffer,
1721 sizeof(buffer),
1722 ptp_usb->timeout);
1723 */
1724 struct openusb_ctrl_request ctrl;
1725 ctrl.setup.bmRequestType = USB_REQ_TYPE_CLASS | USB_RECIP_INTERFACE;
1726 ctrl.setup.bRequest = 0x64;
1727 ctrl.setup.wValue = 0;
1728 ctrl.setup.wIndex = 0;
1729 ctrl.payload = (unsigned char *)&buffer; // Out
1730 ctrl.length = sizeof (buffer);
1731 ctrl.timeout = ptp_usb->timeout;
1732 ctrl.next = NULL;
1733 ctrl.flags = 0;
1734
1735 ret = openusb_ctrl_xfer(*ptp_usb->handle, ptp_usb->interface, ptp_usb->outep, &ctrl);
1736 if (ctrl.result.transferred_bytes < sizeof (buffer))
1737 return PTP_ERROR_IO;
1738 return PTP_RC_OK;
1739 }
1740
init_ptp_usb(PTPParams * params,PTP_USB * ptp_usb,openusb_dev_handle_t * dev)1741 static int init_ptp_usb(PTPParams* params, PTP_USB* ptp_usb, openusb_dev_handle_t* dev) {
1742 openusb_dev_handle_t device_handle;
1743 unsigned char buf[255];
1744 int ret, usbresult;
1745
1746 params->sendreq_func = ptp_usb_sendreq;
1747 params->senddata_func = ptp_usb_senddata;
1748 params->getresp_func = ptp_usb_getresp;
1749 params->getdata_func = ptp_usb_getdata;
1750 params->cancelreq_func = ptp_usb_control_cancel_request;
1751 params->data = ptp_usb;
1752 params->transaction_id = 0;
1753 /*
1754 * This is hardcoded here since we have no devices whatsoever that are BE.
1755 * Change this the day we run into our first BE device (if ever).
1756 */
1757 params->byteorder = PTP_DL_LE;
1758
1759 ptp_usb->timeout = get_timeout(ptp_usb);
1760
1761 ret = openusb_open_device(libmtp_openusb_handle, *dev, USB_INIT_DEFAULT, &device_handle);
1762 if (ret != OPENUSB_SUCCESS) {
1763 perror("usb_open()");
1764 return -1;
1765 }
1766 ptp_usb->handle = malloc(sizeof(openusb_dev_handle_t));
1767 *ptp_usb->handle = device_handle;
1768 /*
1769 * If this device is known to be wrongfully claimed by other kernel
1770 * drivers (such as mass storage), then try to unload it to make it
1771 * accessible from user space.
1772 * Note: OpenUSB doesn't support this type of operation?
1773 */
1774 /*
1775 if (FLAG_UNLOAD_DRIVER(ptp_usb) &&
1776 libusb_kernel_driver_active (device_handle, ptp_usb->interface)
1777 ) {
1778 if (OPENUSB_SUCCESS != libusb_detach_kernel_driver (device_handle, ptp_usb->interface)) {
1779 return -1;
1780 }
1781 }
1782 */
1783 // It seems like on kernel 2.6.31 if we already have it open on another
1784 // pthread in our app, we'll get an error if we try to claim it again,
1785 // but that error is harmless because our process already claimed the interface
1786 usbresult = openusb_claim_interface(device_handle, ptp_usb->interface, USB_INIT_DEFAULT);
1787
1788 if (usbresult != 0)
1789 fprintf(stderr, "ignoring usb_claim_interface = %d", usbresult);
1790
1791 if (FLAG_SWITCH_MODE_BLACKBERRY(ptp_usb)) {
1792 int ret;
1793
1794 // FIXME : Only for BlackBerry Storm
1795 // What does it mean? Maybe switch mode...
1796 // This first control message is absolutely necessary
1797 usleep(1000);
1798 /*
1799 ret = libusb_control_transfer(device_handle,
1800 LIBUSB_REQUEST_TYPE_VENDOR | LIBUSB_RECIPIENT_DEVICE | LIBUSB_ENDPOINT_IN,
1801 0xaa, 0x00, 0x04, buf, 0x40, 1000);
1802 */
1803 struct openusb_ctrl_request ctrl;
1804 ctrl.setup.bmRequestType = USB_REQ_TYPE_VENDOR | USB_RECIP_DEVICE | USB_ENDPOINT_IN;
1805 ctrl.setup.bRequest = 0xaa;
1806 ctrl.setup.wValue = 0;
1807 ctrl.setup.wIndex = 4;
1808 ctrl.payload = (unsigned char *)&buf; // Out
1809 ctrl.length = 0x40;
1810 ctrl.timeout = 1000;
1811 ctrl.next = NULL;
1812 ctrl.flags = 0;
1813
1814 ret = openusb_ctrl_xfer(device_handle, ptp_usb->interface, ptp_usb->outep, &ctrl);
1815 LIBMTP_USB_DEBUG("BlackBerry magic part 1:\n");
1816 LIBMTP_USB_DATA(buf, ctrl.result.transferred_bytes, 16);
1817
1818 usleep(1000);
1819 // This control message is unnecessary
1820 /*
1821 ret = libusb_control_transfer(device_handle,
1822 LIBUSB_REQUEST_TYPE_VENDOR | LIBUSB_RECIPIENT_DEVICE | LIBUSB_ENDPOINT_IN,
1823 0xa5, 0x00, 0x01, buf, 0x02, 1000);
1824 */
1825 ctrl.setup.bmRequestType = USB_REQ_TYPE_VENDOR | USB_RECIP_DEVICE | USB_ENDPOINT_IN;
1826 ctrl.setup.bRequest = 0xa5;
1827 ctrl.setup.wValue = 0;
1828 ctrl.setup.wIndex = 1;
1829 ctrl.payload = (unsigned char *)&buf; // Out
1830 ctrl.length = 0x02;
1831 ctrl.timeout = 1000;
1832 ctrl.next = NULL;
1833 ctrl.flags = 0;
1834
1835 ret = openusb_ctrl_xfer(device_handle, ptp_usb->interface, ptp_usb->outep, &ctrl);
1836 LIBMTP_USB_DEBUG("BlackBerry magic part 2:\n");
1837 LIBMTP_USB_DATA(buf, ctrl.result.transferred_bytes, 16);
1838
1839 usleep(1000);
1840 // This control message is unnecessary
1841 /*
1842 ret = libusb_control_transfer(device_handle,
1843 LIBUSB_REQUEST_TYPE_VENDOR | LIBUSB_RECIPIENT_DEVICE | LIBUSB_ENDPOINT_IN,
1844 0xa8, 0x00, 0x01, buf, 0x05, 1000);
1845 */
1846 ctrl.setup.bmRequestType = USB_REQ_TYPE_VENDOR | USB_RECIP_DEVICE | USB_ENDPOINT_IN;
1847 ctrl.setup.bRequest = 0xa8;
1848 ctrl.setup.wValue = 0;
1849 ctrl.setup.wIndex = 1;
1850 ctrl.payload = (unsigned char *)&buf; // Out
1851 ctrl.length = 0x05;
1852 ctrl.timeout = 1000;
1853 ctrl.next = NULL;
1854 ctrl.flags = 0;
1855
1856 ret = openusb_ctrl_xfer(device_handle, ptp_usb->interface, ptp_usb->outep, &ctrl);
1857 LIBMTP_USB_DEBUG("BlackBerry magic part 3:\n");
1858 LIBMTP_USB_DATA(buf, ctrl.result.transferred_bytes, 16);
1859
1860 usleep(1000);
1861 // This control message is unnecessary
1862 /*
1863 ret = libusb_control_transfer(device_handle,
1864 LIBUSB_REQUEST_TYPE_VENDOR | LIBUSB_RECIPIENT_DEVICE | LIBUSB_ENDPOINT_IN,
1865 0xa8, 0x00, 0x01, buf, 0x11, 1000);
1866 */
1867 ctrl.setup.bmRequestType = USB_REQ_TYPE_VENDOR | USB_RECIP_DEVICE | USB_ENDPOINT_IN;
1868 ctrl.setup.bRequest = 0xa8;
1869 ctrl.setup.wValue = 0;
1870 ctrl.setup.wIndex = 1;
1871 ctrl.payload = (unsigned char *)&buf; // Out
1872 ctrl.length = 0x11;
1873 ctrl.timeout = 1000;
1874 ctrl.next = NULL;
1875 ctrl.flags = 0;
1876
1877 ret = openusb_ctrl_xfer(device_handle, ptp_usb->interface, ptp_usb->outep, &ctrl);
1878 LIBMTP_USB_DEBUG("BlackBerry magic part 4:\n");
1879 LIBMTP_USB_DATA(buf, ctrl.result.transferred_bytes, 16);
1880
1881 usleep(1000);
1882 }
1883 return 0;
1884 }
1885
clear_stall(PTP_USB * ptp_usb)1886 static void clear_stall(PTP_USB* ptp_usb) {
1887 uint16_t status;
1888 int ret;
1889
1890 /* check the inep status */
1891 /*
1892 status = 0;
1893 ret = usb_get_endpoint_status(ptp_usb, ptp_usb->inep, &status);
1894 if (ret < 0) {
1895 perror("inep: usb_get_endpoint_status()");
1896 } else if (status) {
1897 LIBMTP_INFO("Clearing stall on IN endpoint\n");
1898 ret = libusb_clear_halt(ptp_usb->handle, ptp_usb->inep);
1899 if (ret != OPENUSB_SUCCESS) {
1900 perror("usb_clear_stall_feature()");
1901 }
1902 }
1903
1904 /* check the outep status */
1905 /*status = 0;
1906 ret = usb_get_endpoint_status(ptp_usb, ptp_usb->outep, &status);
1907 if (ret < 0) {
1908 perror("outep: usb_get_endpoint_status()");
1909 } else if (status) {
1910 LIBMTP_INFO("Clearing stall on OUT endpoint\n");
1911 ret = libusb_clear_halt(ptp_usb->handle, ptp_usb->outep);
1912 if (ret != OPENUSB_SUCCESS) {
1913 perror("usb_clear_stall_feature()");
1914 }
1915 }
1916 */
1917
1918 /* TODO: do we need this for INTERRUPT (ptp_usb->intep) too? */
1919 }
1920
clear_halt(PTP_USB * ptp_usb)1921 static void clear_halt(PTP_USB* ptp_usb) {
1922 int ret;
1923
1924 /*
1925 ret = libusb_clear_halt(ptp_usb->handle, ptp_usb->inep);
1926 if (ret < 0) {
1927 perror("usb_clear_halt() on IN endpoint");
1928 }
1929 ret = libusb_clear_halt(ptp_usb->handle, ptp_usb->outep);
1930 if (ret < 0) {
1931 perror("usb_clear_halt() on OUT endpoint");
1932 }
1933 ret = libusb_clear_halt(ptp_usb->handle, ptp_usb->intep);
1934 if (ret < 0) {
1935 perror("usb_clear_halt() on INTERRUPT endpoint");
1936 }
1937 */
1938 }
1939
close_usb(PTP_USB * ptp_usb)1940 static void close_usb(PTP_USB* ptp_usb) {
1941 if (!FLAG_NO_RELEASE_INTERFACE(ptp_usb)) {
1942 /*
1943 * Clear any stalled endpoints
1944 * On misbehaving devices designed for Windows/Mac, quote from:
1945 * http://www2.one-eyed-alien.net/~mdharm/linux-usb/target_offenses.txt
1946 * Device does Bad Things(tm) when it gets a GET_STATUS after CLEAR_HALT
1947 * (...) Windows, when clearing a stall, only sends the CLEAR_HALT command,
1948 * and presumes that the stall has cleared. Some devices actually choke
1949 * if the CLEAR_HALT is followed by a GET_STATUS (used to determine if the
1950 * STALL is persistant or not).
1951 */
1952 clear_stall(ptp_usb);
1953 // Clear halts on any endpoints
1954 clear_halt(ptp_usb);
1955 // Added to clear some stuff on the OUT endpoint
1956 // TODO: is this good on the Mac too?
1957 // HINT: some devices may need that you comment these two out too.
1958 //libusb_clear_halt(ptp_usb->handle, ptp_usb->outep);
1959 //libusb_release_interface(ptp_usb->handle, (int) ptp_usb->interface);
1960 }
1961 if (FLAG_FORCE_RESET_ON_CLOSE(ptp_usb)) {
1962 /*
1963 * Some devices really love to get reset after being
1964 * disconnected. Again, since Windows never disconnects
1965 * a device closing behaviour is seldom or never exercised
1966 * on devices when engineered and often error prone.
1967 * Reset may help some.
1968 */
1969 openusb_reset(*ptp_usb->handle);
1970 }
1971 openusb_close_device(*ptp_usb->handle);
1972 }
1973
1974 /**
1975 * Self-explanatory?
1976 */
find_interface_and_endpoints(openusb_dev_handle_t * dev,uint8_t * conf,uint8_t * interface,uint8_t * altsetting,int * inep,int * inep_maxpacket,int * outep,int * outep_maxpacket,int * intep)1977 static int find_interface_and_endpoints(openusb_dev_handle_t *dev,
1978 uint8_t *conf,
1979 uint8_t *interface,
1980 uint8_t *altsetting,
1981 int* inep,
1982 int* inep_maxpacket,
1983 int* outep,
1984 int *outep_maxpacket,
1985 int* intep) {
1986 uint8_t i;
1987 int ret;
1988 struct usb_device_desc desc;
1989
1990 ret = openusb_parse_device_desc(libmtp_openusb_handle, *dev, NULL, 0, &desc);
1991 if (ret != OPENUSB_SUCCESS) return -1;
1992
1993 // Loop over the device configurations
1994 for (i = 0; i < desc.bNumConfigurations; i++) {
1995 uint8_t j;
1996 struct usb_config_desc config;
1997
1998 ret = openusb_parse_config_desc(libmtp_openusb_handle, *dev, NULL, 0, i, &config);
1999 if (ret != OPENUSB_SUCCESS) continue;
2000 *conf = desc.bConfigurationValue;
2001 // Loop over each configurations interfaces
2002 for (j = 0; j < config.bNumInterfaces; j++) {
2003 uint8_t k;
2004 uint8_t no_ep;
2005 int found_inep = 0;
2006 int found_outep = 0;
2007 int found_intep = 0;
2008 struct usb_endpoint_desc ep;
2009 struct usb_interface_desc ifcdesc;
2010 openusb_parse_interface_desc(libmtp_openusb_handle, *dev, NULL, 0, i, j, 0, &ifcdesc);
2011 // MTP devices shall have 3 endpoints, ignore those interfaces
2012 // that haven't.
2013 no_ep = ifcdesc.bNumEndpoints;
2014 if (no_ep != 3)
2015 continue;
2016 *interface = ifcdesc.bInterfaceNumber;
2017 *altsetting = ifcdesc.bAlternateSetting;
2018 // Loop over the three endpoints to locate two bulk and
2019 // one interrupt endpoint and FAIL if we cannot, and continue.
2020 for (k = 0; k < no_ep; k++) {
2021 openusb_parse_endpoint_desc(libmtp_openusb_handle, *dev, NULL, 0, i, j, 0, k, &ep);
2022 if (ep.bmAttributes == USB_ENDPOINT_TYPE_BULK) {
2023 if ((ep.bEndpointAddress & USB_ENDPOINT_DIR_MASK) ==
2024 USB_ENDPOINT_DIR_MASK) {
2025 *inep = ep.bEndpointAddress;
2026 *inep_maxpacket = ep.wMaxPacketSize;
2027 found_inep = 1;
2028 }
2029 if ((ep.bEndpointAddress & USB_ENDPOINT_DIR_MASK) == 0) {
2030 *outep = ep.bEndpointAddress;
2031 *outep_maxpacket = ep.wMaxPacketSize;
2032 found_outep = 1;
2033 }
2034 } else if (ep.bmAttributes == USB_ENDPOINT_TYPE_INTERRUPT) {
2035 if ((ep.bEndpointAddress & USB_ENDPOINT_DIR_MASK) ==
2036 USB_ENDPOINT_DIR_MASK) {
2037 *intep = ep.bEndpointAddress;
2038 found_intep = 1;
2039 }
2040 }
2041 }
2042 if (found_inep && found_outep && found_intep) {
2043 // We assigned the endpoints so return here.
2044 return 0;
2045 }
2046 // Else loop to next interface/config
2047 }
2048 }
2049 return -1;
2050 }
2051
2052 /**
2053 * This function assigns params and usbinfo given a raw device
2054 * as input.
2055 * @param device the device to be assigned.
2056 * @param usbinfo a pointer to the new usbinfo.
2057 * @return an error code.
2058 */
configure_usb_device(LIBMTP_raw_device_t * device,PTPParams * params,void ** usbinfo)2059 LIBMTP_error_number_t configure_usb_device(LIBMTP_raw_device_t *device,
2060 PTPParams *params,
2061 void **usbinfo) {
2062 PTP_USB *ptp_usb;
2063 openusb_devid_t *ldevice;
2064 uint16_t ret = 0;
2065 int err, found = 0, i;
2066 unsigned int nrofdevs;
2067 openusb_devid_t *devs = NULL;
2068 struct usb_device_desc desc;
2069
2070 /* See if we can find this raw device again... */
2071 init_usb();
2072
2073 openusb_get_devids_by_bus(libmtp_openusb_handle, 0, &devs, &nrofdevs);
2074 for (i = 0; i < nrofdevs; i++) {
2075 /*
2076 if (libusb_get_bus_number(devs[i]) != device->bus_location)
2077 continue;
2078 if (libusb_get_device_address(devs[i]) != device->devnum)
2079 continue;
2080 */
2081
2082 ret = openusb_parse_device_desc(libmtp_openusb_handle, devs[i], NULL, 0, &desc);
2083 if (ret != OPENUSB_SUCCESS) continue;
2084
2085 if (desc.idVendor == device->device_entry.vendor_id &&
2086 desc.idProduct == device->device_entry.product_id) {
2087 ldevice = &devs[i];
2088 found = 1;
2089 break;
2090 }
2091 }
2092 /* Device has gone since detecting raw devices! */
2093 if (!found) {
2094 openusb_free_devid_list(devs);
2095 return LIBMTP_ERROR_NO_DEVICE_ATTACHED;
2096 }
2097
2098 /* Allocate structs */
2099 ptp_usb = (PTP_USB *) malloc(sizeof (PTP_USB));
2100 if (ptp_usb == NULL) {
2101 openusb_free_devid_list(devs);
2102 return LIBMTP_ERROR_MEMORY_ALLOCATION;
2103 }
2104 /* Start with a blank slate (includes setting device_flags to 0) */
2105 memset(ptp_usb, 0, sizeof (PTP_USB));
2106
2107 /* Copy the raw device */
2108 memcpy(&ptp_usb->rawdevice, device, sizeof (LIBMTP_raw_device_t));
2109
2110 /*
2111 * Some devices must have their "OS Descriptor" massaged in order
2112 * to work.
2113 */
2114 if (FLAG_ALWAYS_PROBE_DESCRIPTOR(ptp_usb)) {
2115 // Massage the device descriptor
2116 (void) probe_device_descriptor(ldevice, NULL);
2117 }
2118
2119
2120 /* Assign interface and endpoints to usbinfo... */
2121 err = find_interface_and_endpoints(ldevice,
2122 &ptp_usb->conf,
2123 &ptp_usb->interface,
2124 &ptp_usb->altsetting,
2125 &ptp_usb->inep,
2126 &ptp_usb->inep_maxpacket,
2127 &ptp_usb->outep,
2128 &ptp_usb->outep_maxpacket,
2129 &ptp_usb->intep);
2130
2131 if (err) {
2132 openusb_free_devid_list(devs);
2133 LIBMTP_ERROR("LIBMTP PANIC: Unable to find interface & endpoints of device\n");
2134 return LIBMTP_ERROR_CONNECTING;
2135 }
2136
2137 /* Copy USB version number */
2138 ptp_usb->bcdusb = desc.bcdUSB;
2139
2140 /* Attempt to initialize this device */
2141 if (init_ptp_usb(params, ptp_usb, ldevice) < 0) {
2142 LIBMTP_ERROR("LIBMTP PANIC: Unable to initialize device\n");
2143 return LIBMTP_ERROR_CONNECTING;
2144 }
2145
2146 /*
2147 * This works in situations where previous bad applications
2148 * have not used LIBMTP_Release_Device on exit
2149 */
2150 if ((ret = ptp_opensession(params, 1)) == PTP_ERROR_IO) {
2151 LIBMTP_ERROR("PTP_ERROR_IO: failed to open session, trying again after resetting USB interface\n");
2152 LIBMTP_ERROR("LIBMTP libusb: Attempt to reset device\n");
2153 openusb_reset(*ptp_usb->handle);
2154 close_usb(ptp_usb);
2155
2156 if (init_ptp_usb(params, ptp_usb, ldevice) < 0) {
2157 LIBMTP_ERROR("LIBMTP PANIC: Could not init USB on second attempt\n");
2158 return LIBMTP_ERROR_CONNECTING;
2159 }
2160
2161 /* Device has been reset, try again */
2162 if ((ret = ptp_opensession(params, 1)) == PTP_ERROR_IO) {
2163 LIBMTP_ERROR("LIBMTP PANIC: failed to open session on second attempt\n");
2164 return LIBMTP_ERROR_CONNECTING;
2165 }
2166 }
2167
2168 /* Was the transaction id invalid? Try again */
2169 if (ret == PTP_RC_InvalidTransactionID) {
2170 LIBMTP_ERROR("LIBMTP WARNING: Transaction ID was invalid, increment and try again\n");
2171 params->transaction_id += 10;
2172 ret = ptp_opensession(params, 1);
2173 }
2174
2175 if (ret != PTP_RC_SessionAlreadyOpened && ret != PTP_RC_OK) {
2176 LIBMTP_ERROR("LIBMTP PANIC: Could not open session! "
2177 "(Return code %d)\n Try to reset the device.\n",
2178 ret);
2179 openusb_release_interface(*ptp_usb->handle, ptp_usb->interface);
2180 return LIBMTP_ERROR_CONNECTING;
2181 }
2182
2183 /* OK configured properly */
2184 *usbinfo = (void *) ptp_usb;
2185 return LIBMTP_ERROR_NONE;
2186 }
2187
close_device(PTP_USB * ptp_usb,PTPParams * params)2188 void close_device(PTP_USB *ptp_usb, PTPParams *params) {
2189 if (ptp_closesession(params) != PTP_RC_OK)
2190 LIBMTP_ERROR("ERROR: Could not close session!\n");
2191 close_usb(ptp_usb);
2192 }
2193
set_usb_device_timeout(PTP_USB * ptp_usb,int timeout)2194 void set_usb_device_timeout(PTP_USB *ptp_usb, int timeout) {
2195 ptp_usb->timeout = timeout;
2196 }
2197
get_usb_device_timeout(PTP_USB * ptp_usb,int * timeout)2198 void get_usb_device_timeout(PTP_USB *ptp_usb, int *timeout) {
2199 *timeout = ptp_usb->timeout;
2200 }
2201
guess_usb_speed(PTP_USB * ptp_usb)2202 int guess_usb_speed(PTP_USB *ptp_usb) {
2203 int bytes_per_second;
2204
2205 /*
2206 * We don't know the actual speeds so these are rough guesses
2207 * from the info you can find here:
2208 * http://en.wikipedia.org/wiki/USB#Transfer_rates
2209 * http://www.barefeats.com/usb2.html
2210 */
2211 switch (ptp_usb->bcdusb & 0xFF00) {
2212 case 0x0100:
2213 /* 1.x USB versions let's say 1MiB/s */
2214 bytes_per_second = 1 * 1024 * 1024;
2215 break;
2216 case 0x0200:
2217 case 0x0300:
2218 /* USB 2.0 nominal speed 18MiB/s */
2219 /* USB 3.0 won't be worse? */
2220 bytes_per_second = 18 * 1024 * 1024;
2221 break;
2222 default:
2223 /* Half-guess something? */
2224 bytes_per_second = 1 * 1024 * 1024;
2225 break;
2226 }
2227 return bytes_per_second;
2228 }
2229
usb_get_endpoint_status(PTP_USB * ptp_usb,int ep,uint16_t * status)2230 static int usb_get_endpoint_status(PTP_USB* ptp_usb, int ep, uint16_t* status) {
2231 /*
2232 return libusb_control_transfer(ptp_usb->handle,
2233 LIBUSB_ENDPOINT_IN|LIBUSB_RECIPIENT_ENDPOINT,
2234 LIBUSB_REQUEST_GET_STATUS,
2235 USB_FEATURE_HALT,
2236 ep,
2237 (unsigned char *) status,
2238 2,
2239 ptp_usb->timeout);
2240 */
2241 struct openusb_ctrl_request ctrl;
2242 ctrl.flags = 0;
2243 ctrl.length = 2;
2244 ctrl.payload = (unsigned char *)status;
2245 ctrl.timeout = ptp_usb->timeout;
2246 ctrl.next = NULL;
2247 ctrl.setup.bRequest = USB_REQ_GET_STATUS;
2248 ctrl.setup.bmRequestType = USB_ENDPOINT_IN | USB_RECIP_ENDPOINT;
2249 ctrl.setup.wIndex = ep;
2250 ctrl.setup.wValue = USB_FEATURE_HALT;
2251 openusb_ctrl_xfer(*ptp_usb->handle, ptp_usb->interface, ep, &ctrl);
2252 return ctrl.result.status;
2253
2254 }
2255