commit 83dee8e4e5346553f435626b46487d51b1e0ff2d
author Benoit Goby <benoit@android.com> Mon Jan 28 23:33:27 2013 +0000
committer Android (Google) Code Review <android-gerrit@google.com> Mon Jan 28 23:33:28 2013 +0000
tree a9a76c2db72dabfc093f3df2df99422e241f46a4
parent 078ca5e30d04b10e2d6f6811a149643d255d4dc1
parent 345cb066d2e0c774c877a85d3035f298df1daf16

Merge "adb: Read secure adb keys on every auth request"

adb/adb_auth.h

diff --git a/adb/adb_auth.h b/adb/adb_auth.h
index 1fffa49..96f637b 100644
--- a/adb/adb_auth.h
+++ b/adb/adb_auth.h
@@ -36,7 +36,6 @@
 static inline int adb_auth_generate_token(void *token, size_t token_size) { return 0; }
 static inline int adb_auth_verify(void *token, void *sig, int siglen) { return 0; }
 static inline void adb_auth_confirm_key(unsigned char *data, size_t len, atransport *t) { }
-static inline void adb_auth_reload_keys(void) { }
 
 #else // !ADB_HOST
 
@@ -47,7 +46,6 @@
 int adb_auth_generate_token(void *token, size_t token_size);
 int adb_auth_verify(void *token, void *sig, int siglen);
 void adb_auth_confirm_key(unsigned char *data, size_t len, atransport *t);
-void adb_auth_reload_keys(void);
 
 #endif // ADB_HOST
 

adb/adb_auth_client.c

diff --git a/adb/adb_auth_client.c b/adb/adb_auth_client.c
index 0b4913e..a4ad18f 100644
--- a/adb/adb_auth_client.c
+++ b/adb/adb_auth_client.c
@@ -34,8 +34,6 @@
     RSAPublicKey key;
 };
 
-static struct listnode key_list;
-
 static char *key_paths[] = {
     "/adb_keys",
     "/data/misc/adb/adb_keys",
@@ -102,18 +100,18 @@
     }
 }
 
-void adb_auth_reload_keys(void)
+static void load_keys(struct listnode *list)
 {
     char *path;
     char **paths = key_paths;
     struct stat buf;
 
-    free_keys(&key_list);
+    list_init(list);
 
     while ((path = *paths++)) {
         if (!stat(path, &buf)) {
             D("Loading keys from '%s'\n", path);
-            read_keys(path, &key_list);
+            read_keys(path, list);
         }
     }
 }
@@ -137,19 +135,24 @@
 {
     struct listnode *item;
     struct adb_public_key *key;
-    int ret;
+    struct listnode key_list;
+    int ret = 0;
 
     if (siglen != RSANUMBYTES)
         return 0;
 
+    load_keys(&key_list);
+
     list_for_each(item, &key_list) {
         key = node_to_item(item, struct adb_public_key, node);
         ret = RSA_verify(&key->key, sig, siglen, token);
         if (ret)
-            return 1;
+            break;
     }
 
-    return 0;
+    free_keys(&key_list);
+
+    return ret;
 }
 
 static void adb_auth_event(int fd, unsigned events, void *data)
@@ -166,7 +169,6 @@
             framework_fd = -1;
         }
         else if (ret == 2 && response[0] == 'O' && response[1] == 'K') {
-            adb_auth_reload_keys();
             adb_auth_verified(t);
         }
     }
@@ -225,9 +227,6 @@
 {
     int fd, ret;
 
-    list_init(&key_list);
-    adb_auth_reload_keys();
-
     fd = android_get_control_socket("adbd");
     if (fd < 0) {
         D("Failed to get adbd socket\n");