summaryrefslogtreecommitdiffstats
path: root/adb/adb_auth.h
Commit message (Collapse)AuthorAgeFilesLines
* Remove extern "C" barriers to using C++.Elliott Hughes2015-04-171-8/+0
| | | | Change-Id: Ic046d6aa540738cb46b54531bc59ba3b47b0136d
* File header cleanup.Dan Albert2015-03-191-0/+2
| | | | | | | | | * sysdeps.h should always be included first. * TRACE_TAG needs to be defined before anything is included. * Some files were missing copyright headers. * Save precious bytes on my SSD by removing useless whitespace. Change-Id: I88980e6e00b5be1093806cf286740d9e4a033b94
* Fix file descriptor leakage in adbdPavel Labath2015-03-171-1/+3
| | | | | | | | | | | | | | adb_auth_init in adb_auth_client.cpp sets FD_CLOEXEC on the control socket, which prevents the leakage. However if ro.adb.secure property is unset (as it is on the emulator), adb_auth_init is not invoked, which results in the control socket fd leaking into any process started by the deamon (specifically, any command executed through adb shell). Split the fd cleanup into a separate function that is called unconditionally. Change-Id: I73ea84977542ddfc4ac20599593ecf3745ae9108
* Move adb to C++.Dan Albert2015-03-091-3/+7
| | | | | | | | | | | | | | | | | I keep trying to clean things up and needing std::strings. Might as well just do this now. usb_linux_client.c is going to stay as C because GCC isn't smart enough to deal with the designated initializers it uses (though for some reason it is in C mode). The Darwin files are staying as C because I don't have a way to test that they build. The Windows files are staying as C because while I can actually build for them, it's slow and painful. Change-Id: I75367d29205a9049d34460032b3bb36384f43941
* Move adb_main to its own file.Dan Albert2015-02-181-0/+2
| | | | Change-Id: If6e98c089b39f73bd8f4a878a82669bfeee367f3
* Move the adb auth code into its own file.Dan Albert2015-02-181-0/+2
| | | | Change-Id: I84cf0bd7777f0147119e7c6afc4096c2e93156a2
* Add extern "C" to all the adb headers.Dan Albert2015-02-181-0/+8
| | | | Change-Id: Iaefa3e18d6ee2e065eb97271a796613b2a8e7d6e
* Introduce "adb keygen"Nick Kralevich2014-12-081-0/+1
| | | | | | | | | | | | | | | | | | | | | | | Introduce the "adb keygen" command. Usage: adb keygen <filename> This command creates an adb public/private key pair in a user specified file. This can be used to create new adb keys, or rotate existing keys. Modify adb's key generation routines to use the HOSTNAME/LOGNAME environment variables if available. This allows someone to override the username/hostname embedded within the adb public key file if desired. Fallback to the old mechanisms if those environment variables aren't available. Bug: 18342715 Change-Id: Ibccee6088d4609aa05ad6687d3a1d8a8689d3e8a (cherry picked from commit af782b9f2ac4fb817ded80d4317a45345bb3f992) Change-Id: Ic76ffc9412171dddc879af0bbf6e20fbe1a8f057
* adb: Fix secure adb when booting with usb attachedBenoit Goby2013-02-021-0/+2
| | | | | | | | When booting with usb attached, the secure adb authentication happens long before the framework is done booting, so adb can't notify the framework to install the public key. Change-Id: Id2af6cebece345022f56cb0c4b5af24e1d7a425c
* adb: Read secure adb keys on every auth requestBenoit Goby2013-01-151-2/+0
| | | | | | | | | | The framework can now clear the user key list, so we need to reload the key list on every auth request instead of loading it once when adbd starts. This also fixes issues with encrypted devices, where the user key file is only readable after the user has unlocked the device. Change-Id: I350c5aab986f8ca86b95f316398d03012553e581
* adb: Add public key authentificationBenoit Goby2012-08-231-0/+54
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
* Revert "adb: Add public key authentification"Benoit Goby2012-08-201-54/+0
| | | | This reverts commit f4ed516643ee8ed3a59ad1a8048f7ce5f47f93fb.
* adb: Add public key authentificationBenoit Goby2012-08-161-0/+54
Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a ;-separated list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: Idce931a7bfe4ce878428eaa47838e5184ac6073f