1 /* 2 * Copyright (C) 2007 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #define TRACE_TAG ADB 18 19 #include "sysdeps.h" 20 #include "adb.h" 21 22 #include <ctype.h> 23 #include <errno.h> 24 #include <stdarg.h> 25 #include <stddef.h> 26 #include <stdint.h> 27 #include <stdio.h> 28 #include <stdlib.h> 29 #include <string.h> 30 #include <sys/time.h> 31 #include <time.h> 32 33 #include <string> 34 #include <vector> 35 36 #include <android-base/errors.h> 37 #include <android-base/logging.h> 38 #include <android-base/macros.h> 39 #include <android-base/parsenetaddress.h> 40 #include <android-base/stringprintf.h> 41 #include <android-base/strings.h> 42 43 #include "adb_auth.h" 44 #include "adb_io.h" 45 #include "adb_listeners.h" 46 #include "adb_utils.h" 47 #include "transport.h" 48 49 #define ARRAY_SIZE(a) (sizeof(a) / sizeof((a)[0])) 50 51 #if !ADB_HOST 52 #include <cutils/properties.h> 53 #include <sys/capability.h> 54 #include <sys/mount.h> 55 #endif 56 57 std::string adb_version() { 58 // Don't change the format of this --- it's parsed by ddmlib. 59 return android::base::StringPrintf("Android Debug Bridge version %d.%d.%d\n" 60 "Revision %s\n", 61 ADB_VERSION_MAJOR, ADB_VERSION_MINOR, ADB_SERVER_VERSION, 62 ADB_REVISION); 63 } 64 65 void fatal(const char *fmt, ...) { 66 va_list ap; 67 va_start(ap, fmt); 68 fprintf(stderr, "error: "); 69 vfprintf(stderr, fmt, ap); 70 fprintf(stderr, "\n"); 71 va_end(ap); 72 exit(-1); 73 } 74 75 void fatal_errno(const char* fmt, ...) { 76 va_list ap; 77 va_start(ap, fmt); 78 fprintf(stderr, "error: %s: ", strerror(errno)); 79 vfprintf(stderr, fmt, ap); 80 fprintf(stderr, "\n"); 81 va_end(ap); 82 exit(-1); 83 } 84 85 apacket* get_apacket(void) 86 { 87 apacket* p = reinterpret_cast<apacket*>(malloc(sizeof(apacket))); 88 if (p == nullptr) { 89 fatal("failed to allocate an apacket"); 90 } 91 92 memset(p, 0, sizeof(apacket) - MAX_PAYLOAD); 93 return p; 94 } 95 96 void put_apacket(apacket *p) 97 { 98 free(p); 99 } 100 101 void handle_online(atransport *t) 102 { 103 D("adb: online"); 104 t->online = 1; 105 } 106 107 void handle_offline(atransport *t) 108 { 109 D("adb: offline"); 110 //Close the associated usb 111 t->online = 0; 112 113 // This is necessary to avoid a race condition that occurred when a transport closes 114 // while a client socket is still active. 115 close_all_sockets(t); 116 117 t->RunDisconnects(); 118 } 119 120 #if DEBUG_PACKETS 121 #define DUMPMAX 32 122 void print_packet(const char *label, apacket *p) 123 { 124 char *tag; 125 char *x; 126 unsigned count; 127 128 switch(p->msg.command){ 129 case A_SYNC: tag = "SYNC"; break; 130 case A_CNXN: tag = "CNXN" ; break; 131 case A_OPEN: tag = "OPEN"; break; 132 case A_OKAY: tag = "OKAY"; break; 133 case A_CLSE: tag = "CLSE"; break; 134 case A_WRTE: tag = "WRTE"; break; 135 case A_AUTH: tag = "AUTH"; break; 136 default: tag = "????"; break; 137 } 138 139 fprintf(stderr, "%s: %s %08x %08x %04x \"", 140 label, tag, p->msg.arg0, p->msg.arg1, p->msg.data_length); 141 count = p->msg.data_length; 142 x = (char*) p->data; 143 if(count > DUMPMAX) { 144 count = DUMPMAX; 145 tag = "\n"; 146 } else { 147 tag = "\"\n"; 148 } 149 while(count-- > 0){ 150 if((*x >= ' ') && (*x < 127)) { 151 fputc(*x, stderr); 152 } else { 153 fputc('.', stderr); 154 } 155 x++; 156 } 157 fputs(tag, stderr); 158 } 159 #endif 160 161 static void send_ready(unsigned local, unsigned remote, atransport *t) 162 { 163 D("Calling send_ready"); 164 apacket *p = get_apacket(); 165 p->msg.command = A_OKAY; 166 p->msg.arg0 = local; 167 p->msg.arg1 = remote; 168 send_packet(p, t); 169 } 170 171 static void send_close(unsigned local, unsigned remote, atransport *t) 172 { 173 D("Calling send_close"); 174 apacket *p = get_apacket(); 175 p->msg.command = A_CLSE; 176 p->msg.arg0 = local; 177 p->msg.arg1 = remote; 178 send_packet(p, t); 179 } 180 181 std::string get_connection_string() { 182 std::vector<std::string> connection_properties; 183 184 #if !ADB_HOST 185 static const char* cnxn_props[] = { 186 "ro.product.name", 187 "ro.product.model", 188 "ro.product.device", 189 }; 190 191 for (const auto& prop_name : cnxn_props) { 192 char value[PROPERTY_VALUE_MAX]; 193 property_get(prop_name, value, ""); 194 connection_properties.push_back( 195 android::base::StringPrintf("%s=%s", prop_name, value)); 196 } 197 #endif 198 199 connection_properties.push_back(android::base::StringPrintf( 200 "features=%s", FeatureSetToString(supported_features()).c_str())); 201 202 return android::base::StringPrintf( 203 "%s::%s", adb_device_banner, 204 android::base::Join(connection_properties, ';').c_str()); 205 } 206 207 void send_connect(atransport* t) { 208 D("Calling send_connect"); 209 apacket* cp = get_apacket(); 210 cp->msg.command = A_CNXN; 211 cp->msg.arg0 = t->get_protocol_version(); 212 cp->msg.arg1 = t->get_max_payload(); 213 214 std::string connection_str = get_connection_string(); 215 // Connect and auth packets are limited to MAX_PAYLOAD_V1 because we don't 216 // yet know how much data the other size is willing to accept. 217 if (connection_str.length() > MAX_PAYLOAD_V1) { 218 LOG(FATAL) << "Connection banner is too long (length = " 219 << connection_str.length() << ")"; 220 } 221 222 memcpy(cp->data, connection_str.c_str(), connection_str.length()); 223 cp->msg.data_length = connection_str.length(); 224 225 send_packet(cp, t); 226 } 227 228 // qual_overwrite is used to overwrite a qualifier string. dst is a 229 // pointer to a char pointer. It is assumed that if *dst is non-NULL, it 230 // was malloc'ed and needs to freed. *dst will be set to a dup of src. 231 // TODO: switch to std::string for these atransport fields instead. 232 static void qual_overwrite(char** dst, const std::string& src) { 233 free(*dst); 234 *dst = strdup(src.c_str()); 235 } 236 237 void parse_banner(const std::string& banner, atransport* t) { 238 D("parse_banner: %s", banner.c_str()); 239 240 // The format is something like: 241 // "device::ro.product.name=x;ro.product.model=y;ro.product.device=z;". 242 std::vector<std::string> pieces = android::base::Split(banner, ":"); 243 244 // Reset the features list or else if the server sends no features we may 245 // keep the existing feature set (http://b/24405971). 246 t->SetFeatures(""); 247 248 if (pieces.size() > 2) { 249 const std::string& props = pieces[2]; 250 for (const auto& prop : android::base::Split(props, ";")) { 251 // The list of properties was traditionally ;-terminated rather than ;-separated. 252 if (prop.empty()) continue; 253 254 std::vector<std::string> key_value = android::base::Split(prop, "="); 255 if (key_value.size() != 2) continue; 256 257 const std::string& key = key_value[0]; 258 const std::string& value = key_value[1]; 259 if (key == "ro.product.name") { 260 qual_overwrite(&t->product, value); 261 } else if (key == "ro.product.model") { 262 qual_overwrite(&t->model, value); 263 } else if (key == "ro.product.device") { 264 qual_overwrite(&t->device, value); 265 } else if (key == "features") { 266 t->SetFeatures(value); 267 } 268 } 269 } 270 271 const std::string& type = pieces[0]; 272 if (type == "bootloader") { 273 D("setting connection_state to kCsBootloader"); 274 t->connection_state = kCsBootloader; 275 update_transports(); 276 } else if (type == "device") { 277 D("setting connection_state to kCsDevice"); 278 t->connection_state = kCsDevice; 279 update_transports(); 280 } else if (type == "recovery") { 281 D("setting connection_state to kCsRecovery"); 282 t->connection_state = kCsRecovery; 283 update_transports(); 284 } else if (type == "sideload") { 285 D("setting connection_state to kCsSideload"); 286 t->connection_state = kCsSideload; 287 update_transports(); 288 } else { 289 D("setting connection_state to kCsHost"); 290 t->connection_state = kCsHost; 291 } 292 } 293 294 static void handle_new_connection(atransport* t, apacket* p) { 295 if (t->connection_state != kCsOffline) { 296 t->connection_state = kCsOffline; 297 handle_offline(t); 298 } 299 300 t->update_version(p->msg.arg0, p->msg.arg1); 301 std::string banner(reinterpret_cast<const char*>(p->data), 302 p->msg.data_length); 303 parse_banner(banner, t); 304 305 #if ADB_HOST 306 handle_online(t); 307 #else 308 if (!auth_required) { 309 handle_online(t); 310 send_connect(t); 311 } else { 312 send_auth_request(t); 313 } 314 #endif 315 } 316 317 void handle_packet(apacket *p, atransport *t) 318 { 319 asocket *s; 320 321 D("handle_packet() %c%c%c%c", ((char*) (&(p->msg.command)))[0], 322 ((char*) (&(p->msg.command)))[1], 323 ((char*) (&(p->msg.command)))[2], 324 ((char*) (&(p->msg.command)))[3]); 325 print_packet("recv", p); 326 327 switch(p->msg.command){ 328 case A_SYNC: 329 if(p->msg.arg0){ 330 send_packet(p, t); 331 #if ADB_HOST 332 send_connect(t); 333 #endif 334 } else { 335 t->connection_state = kCsOffline; 336 handle_offline(t); 337 send_packet(p, t); 338 } 339 return; 340 341 case A_CNXN: // CONNECT(version, maxdata, "system-id-string") 342 handle_new_connection(t, p); 343 break; 344 345 case A_AUTH: 346 if (p->msg.arg0 == ADB_AUTH_TOKEN) { 347 t->connection_state = kCsUnauthorized; 348 t->key = adb_auth_nextkey(t->key); 349 if (t->key) { 350 send_auth_response(p->data, p->msg.data_length, t); 351 } else { 352 /* No more private keys to try, send the public key */ 353 send_auth_publickey(t); 354 } 355 } else if (p->msg.arg0 == ADB_AUTH_SIGNATURE) { 356 if (adb_auth_verify(t->token, p->data, p->msg.data_length)) { 357 adb_auth_verified(t); 358 t->failed_auth_attempts = 0; 359 } else { 360 if (t->failed_auth_attempts++ > 10) 361 adb_sleep_ms(1000); 362 send_auth_request(t); 363 } 364 } else if (p->msg.arg0 == ADB_AUTH_RSAPUBLICKEY) { 365 adb_auth_confirm_key(p->data, p->msg.data_length, t); 366 } 367 break; 368 369 case A_OPEN: /* OPEN(local-id, 0, "destination") */ 370 if (t->online && p->msg.arg0 != 0 && p->msg.arg1 == 0) { 371 char *name = (char*) p->data; 372 name[p->msg.data_length > 0 ? p->msg.data_length - 1 : 0] = 0; 373 s = create_local_service_socket(name, t); 374 if(s == 0) { 375 send_close(0, p->msg.arg0, t); 376 } else { 377 s->peer = create_remote_socket(p->msg.arg0, t); 378 s->peer->peer = s; 379 send_ready(s->id, s->peer->id, t); 380 s->ready(s); 381 } 382 } 383 break; 384 385 case A_OKAY: /* READY(local-id, remote-id, "") */ 386 if (t->online && p->msg.arg0 != 0 && p->msg.arg1 != 0) { 387 if((s = find_local_socket(p->msg.arg1, 0))) { 388 if(s->peer == 0) { 389 /* On first READY message, create the connection. */ 390 s->peer = create_remote_socket(p->msg.arg0, t); 391 s->peer->peer = s; 392 s->ready(s); 393 } else if (s->peer->id == p->msg.arg0) { 394 /* Other READY messages must use the same local-id */ 395 s->ready(s); 396 } else { 397 D("Invalid A_OKAY(%d,%d), expected A_OKAY(%d,%d) on transport %s", 398 p->msg.arg0, p->msg.arg1, s->peer->id, p->msg.arg1, t->serial); 399 } 400 } else { 401 // When receiving A_OKAY from device for A_OPEN request, the host server may 402 // have closed the local socket because of client disconnection. Then we need 403 // to send A_CLSE back to device to close the service on device. 404 send_close(p->msg.arg1, p->msg.arg0, t); 405 } 406 } 407 break; 408 409 case A_CLSE: /* CLOSE(local-id, remote-id, "") or CLOSE(0, remote-id, "") */ 410 if (t->online && p->msg.arg1 != 0) { 411 if((s = find_local_socket(p->msg.arg1, p->msg.arg0))) { 412 /* According to protocol.txt, p->msg.arg0 might be 0 to indicate 413 * a failed OPEN only. However, due to a bug in previous ADB 414 * versions, CLOSE(0, remote-id, "") was also used for normal 415 * CLOSE() operations. 416 * 417 * This is bad because it means a compromised adbd could 418 * send packets to close connections between the host and 419 * other devices. To avoid this, only allow this if the local 420 * socket has a peer on the same transport. 421 */ 422 if (p->msg.arg0 == 0 && s->peer && s->peer->transport != t) { 423 D("Invalid A_CLSE(0, %u) from transport %s, expected transport %s", 424 p->msg.arg1, t->serial, s->peer->transport->serial); 425 } else { 426 s->close(s); 427 } 428 } 429 } 430 break; 431 432 case A_WRTE: /* WRITE(local-id, remote-id, <data>) */ 433 if (t->online && p->msg.arg0 != 0 && p->msg.arg1 != 0) { 434 if((s = find_local_socket(p->msg.arg1, p->msg.arg0))) { 435 unsigned rid = p->msg.arg0; 436 p->len = p->msg.data_length; 437 438 if(s->enqueue(s, p) == 0) { 439 D("Enqueue the socket"); 440 send_ready(s->id, rid, t); 441 } 442 return; 443 } 444 } 445 break; 446 447 default: 448 printf("handle_packet: what is %08x?!\n", p->msg.command); 449 } 450 451 put_apacket(p); 452 } 453 454 #if ADB_HOST 455 456 #ifdef _WIN32 457 458 // Try to make a handle non-inheritable and if there is an error, don't output 459 // any error info, but leave GetLastError() for the caller to read. This is 460 // convenient if the caller is expecting that this may fail and they'd like to 461 // ignore such a failure. 462 static bool _try_make_handle_noninheritable(HANDLE h) { 463 if (h != INVALID_HANDLE_VALUE && h != NULL) { 464 return SetHandleInformation(h, HANDLE_FLAG_INHERIT, 0) ? true : false; 465 } 466 467 return true; 468 } 469 470 // Try to make a handle non-inheritable with the expectation that this should 471 // succeed, so if this fails, output error info. 472 static bool _make_handle_noninheritable(HANDLE h) { 473 if (!_try_make_handle_noninheritable(h)) { 474 // Show the handle value to give us a clue in case we have problems 475 // with pseudo-handle values. 476 fprintf(stderr, "Cannot make handle 0x%p non-inheritable: %s\n", 477 h, android::base::SystemErrorCodeToString(GetLastError()).c_str()); 478 return false; 479 } 480 481 return true; 482 } 483 484 // Create anonymous pipe, preventing inheritance of the read pipe and setting 485 // security of the write pipe to sa. 486 static bool _create_anonymous_pipe(unique_handle* pipe_read_out, 487 unique_handle* pipe_write_out, 488 SECURITY_ATTRIBUTES* sa) { 489 HANDLE pipe_read_raw = NULL; 490 HANDLE pipe_write_raw = NULL; 491 if (!CreatePipe(&pipe_read_raw, &pipe_write_raw, sa, 0)) { 492 fprintf(stderr, "Cannot create pipe: %s\n", 493 android::base::SystemErrorCodeToString(GetLastError()).c_str()); 494 return false; 495 } 496 497 unique_handle pipe_read(pipe_read_raw); 498 pipe_read_raw = NULL; 499 unique_handle pipe_write(pipe_write_raw); 500 pipe_write_raw = NULL; 501 502 if (!_make_handle_noninheritable(pipe_read.get())) { 503 return false; 504 } 505 506 *pipe_read_out = std::move(pipe_read); 507 *pipe_write_out = std::move(pipe_write); 508 509 return true; 510 } 511 512 // Read from a pipe (that we take ownership of) and write the result to stdout/stderr. Return on 513 // error or when the pipe is closed. Internally makes inheritable handles, so this should not be 514 // called if subprocesses may be started concurrently. 515 static unsigned _redirect_pipe_thread(HANDLE h, DWORD nStdHandle) { 516 // Take ownership of the HANDLE and close when we're done. 517 unique_handle read_pipe(h); 518 const char* output_name = nStdHandle == STD_OUTPUT_HANDLE ? "stdout" : "stderr"; 519 const int original_fd = fileno(nStdHandle == STD_OUTPUT_HANDLE ? stdout : stderr); 520 std::unique_ptr<FILE, decltype(&fclose)> stream(nullptr, fclose); 521 522 if (original_fd == -1) { 523 fprintf(stderr, "Failed to get file descriptor for %s: %s\n", output_name, strerror(errno)); 524 return EXIT_FAILURE; 525 } 526 527 // If fileno() is -2, stdout/stderr is not associated with an output stream, so we should read, 528 // but don't write. Otherwise, make a FILE* identical to stdout/stderr except that it is in 529 // binary mode with no CR/LR translation since we're reading raw. 530 if (original_fd >= 0) { 531 // This internally makes a duplicate file handle that is inheritable, so callers should not 532 // call this function if subprocesses may be started concurrently. 533 const int fd = dup(original_fd); 534 if (fd == -1) { 535 fprintf(stderr, "Failed to duplicate file descriptor for %s: %s\n", output_name, 536 strerror(errno)); 537 return EXIT_FAILURE; 538 } 539 540 // Note that although we call fdopen() below with a binary flag, it may not adhere to that 541 // flag, so we have to set the mode manually. 542 if (_setmode(fd, _O_BINARY) == -1) { 543 fprintf(stderr, "Failed to set binary mode for duplicate of %s: %s\n", output_name, 544 strerror(errno)); 545 unix_close(fd); 546 return EXIT_FAILURE; 547 } 548 549 stream.reset(fdopen(fd, "wb")); 550 if (stream.get() == nullptr) { 551 fprintf(stderr, "Failed to open duplicate stream for %s: %s\n", output_name, 552 strerror(errno)); 553 unix_close(fd); 554 return EXIT_FAILURE; 555 } 556 557 // Unbuffer the stream because it will be buffered by default and we want subprocess output 558 // to be shown immediately. 559 if (setvbuf(stream.get(), NULL, _IONBF, 0) == -1) { 560 fprintf(stderr, "Failed to unbuffer %s: %s\n", output_name, strerror(errno)); 561 return EXIT_FAILURE; 562 } 563 564 // fd will be closed when stream is closed. 565 } 566 567 while (true) { 568 char buf[64 * 1024]; 569 DWORD bytes_read = 0; 570 if (!ReadFile(read_pipe.get(), buf, sizeof(buf), &bytes_read, NULL)) { 571 const DWORD err = GetLastError(); 572 // ERROR_BROKEN_PIPE is expected when the subprocess closes 573 // the other end of the pipe. 574 if (err == ERROR_BROKEN_PIPE) { 575 return EXIT_SUCCESS; 576 } else { 577 fprintf(stderr, "Failed to read from %s: %s\n", output_name, 578 android::base::SystemErrorCodeToString(err).c_str()); 579 return EXIT_FAILURE; 580 } 581 } 582 583 // Don't try to write if our stdout/stderr was not setup by the parent process. 584 if (stream) { 585 // fwrite() actually calls adb_fwrite() which can write UTF-8 to the console. 586 const size_t bytes_written = fwrite(buf, 1, bytes_read, stream.get()); 587 if (bytes_written != bytes_read) { 588 fprintf(stderr, "Only wrote %zu of %lu bytes to %s\n", bytes_written, bytes_read, 589 output_name); 590 return EXIT_FAILURE; 591 } 592 } 593 } 594 } 595 596 static unsigned __stdcall _redirect_stdout_thread(HANDLE h) { 597 adb_thread_setname("stdout redirect"); 598 return _redirect_pipe_thread(h, STD_OUTPUT_HANDLE); 599 } 600 601 static unsigned __stdcall _redirect_stderr_thread(HANDLE h) { 602 adb_thread_setname("stderr redirect"); 603 return _redirect_pipe_thread(h, STD_ERROR_HANDLE); 604 } 605 606 #endif 607 608 int launch_server(int server_port) 609 { 610 #if defined(_WIN32) 611 /* we need to start the server in the background */ 612 /* we create a PIPE that will be used to wait for the server's "OK" */ 613 /* message since the pipe handles must be inheritable, we use a */ 614 /* security attribute */ 615 SECURITY_ATTRIBUTES sa; 616 sa.nLength = sizeof(sa); 617 sa.lpSecurityDescriptor = NULL; 618 sa.bInheritHandle = TRUE; 619 620 // Redirect stdin to Windows /dev/null. If we instead pass an original 621 // stdin/stdout/stderr handle and it is a console handle, when the adb 622 // server starts up, the C Runtime will see a console handle for a process 623 // that isn't connected to a console and it will configure 624 // stdin/stdout/stderr to be closed. At that point, freopen() could be used 625 // to reopen stderr/out, but it would take more massaging to fixup the file 626 // descriptor number that freopen() uses. It's simplest to avoid all of this 627 // complexity by just redirecting stdin to `nul' and then the C Runtime acts 628 // as expected. 629 unique_handle nul_read(CreateFileW(L"nul", GENERIC_READ, 630 FILE_SHARE_READ | FILE_SHARE_WRITE, &sa, OPEN_EXISTING, 631 FILE_ATTRIBUTE_NORMAL, NULL)); 632 if (nul_read.get() == INVALID_HANDLE_VALUE) { 633 fprintf(stderr, "Cannot open 'nul': %s\n", 634 android::base::SystemErrorCodeToString(GetLastError()).c_str()); 635 return -1; 636 } 637 638 // Create pipes with non-inheritable read handle, inheritable write handle. We need to connect 639 // the subprocess to pipes instead of just letting the subprocess inherit our existing 640 // stdout/stderr handles because a DETACHED_PROCESS cannot write to a console that it is not 641 // attached to. 642 unique_handle ack_read, ack_write; 643 if (!_create_anonymous_pipe(&ack_read, &ack_write, &sa)) { 644 return -1; 645 } 646 unique_handle stdout_read, stdout_write; 647 if (!_create_anonymous_pipe(&stdout_read, &stdout_write, &sa)) { 648 return -1; 649 } 650 unique_handle stderr_read, stderr_write; 651 if (!_create_anonymous_pipe(&stderr_read, &stderr_write, &sa)) { 652 return -1; 653 } 654 655 /* Some programs want to launch an adb command and collect its output by 656 * calling CreateProcess with inheritable stdout/stderr handles, then 657 * using read() to get its output. When this happens, the stdout/stderr 658 * handles passed to the adb client process will also be inheritable. 659 * When starting the adb server here, care must be taken to reset them 660 * to non-inheritable. 661 * Otherwise, something bad happens: even if the adb command completes, 662 * the calling process is stuck while read()-ing from the stdout/stderr 663 * descriptors, because they're connected to corresponding handles in the 664 * adb server process (even if the latter never uses/writes to them). 665 * Note that even if we don't pass these handles in the STARTUPINFO struct, 666 * if they're marked inheritable, they're still inherited, requiring us to 667 * deal with this. 668 * 669 * If we're still having problems with inheriting random handles in the 670 * future, consider using PROC_THREAD_ATTRIBUTE_HANDLE_LIST to explicitly 671 * specify which handles should be inherited: http://blogs.msdn.com/b/oldnewthing/archive/2011/12/16/10248328.aspx 672 * 673 * Older versions of Windows return console pseudo-handles that cannot be 674 * made non-inheritable, so ignore those failures. 675 */ 676 _try_make_handle_noninheritable(GetStdHandle(STD_INPUT_HANDLE)); 677 _try_make_handle_noninheritable(GetStdHandle(STD_OUTPUT_HANDLE)); 678 _try_make_handle_noninheritable(GetStdHandle(STD_ERROR_HANDLE)); 679 680 STARTUPINFOW startup; 681 ZeroMemory( &startup, sizeof(startup) ); 682 startup.cb = sizeof(startup); 683 startup.hStdInput = nul_read.get(); 684 startup.hStdOutput = stdout_write.get(); 685 startup.hStdError = stderr_write.get(); 686 startup.dwFlags = STARTF_USESTDHANDLES; 687 688 // Verify that the pipe_write handle value can be passed on the command line 689 // as %d and that the rest of adb code can pass it around in an int. 690 const int ack_write_as_int = cast_handle_to_int(ack_write.get()); 691 if (cast_int_to_handle(ack_write_as_int) != ack_write.get()) { 692 // If this fires, either handle values are larger than 32-bits or else 693 // there is a bug in our casting. 694 // https://msdn.microsoft.com/en-us/library/windows/desktop/aa384203%28v=vs.85%29.aspx 695 fprintf(stderr, "Cannot fit pipe handle value into 32-bits: 0x%p\n", 696 ack_write.get()); 697 return -1; 698 } 699 700 // get path of current program 701 WCHAR program_path[MAX_PATH]; 702 const DWORD module_result = GetModuleFileNameW(NULL, program_path, 703 arraysize(program_path)); 704 if ((module_result >= arraysize(program_path)) || (module_result == 0)) { 705 // String truncation or some other error. 706 fprintf(stderr, "Cannot get executable path: %s\n", 707 android::base::SystemErrorCodeToString(GetLastError()).c_str()); 708 return -1; 709 } 710 711 WCHAR args[64]; 712 snwprintf(args, arraysize(args), 713 L"adb -P %d fork-server server --reply-fd %d", server_port, 714 ack_write_as_int); 715 716 PROCESS_INFORMATION pinfo; 717 ZeroMemory(&pinfo, sizeof(pinfo)); 718 719 if (!CreateProcessW( 720 program_path, /* program path */ 721 args, 722 /* the fork-server argument will set the 723 debug = 2 in the child */ 724 NULL, /* process handle is not inheritable */ 725 NULL, /* thread handle is not inheritable */ 726 TRUE, /* yes, inherit some handles */ 727 DETACHED_PROCESS, /* the new process doesn't have a console */ 728 NULL, /* use parent's environment block */ 729 NULL, /* use parent's starting directory */ 730 &startup, /* startup info, i.e. std handles */ 731 &pinfo )) { 732 fprintf(stderr, "Cannot create process: %s\n", 733 android::base::SystemErrorCodeToString(GetLastError()).c_str()); 734 return -1; 735 } 736 737 unique_handle process_handle(pinfo.hProcess); 738 pinfo.hProcess = NULL; 739 740 // Close handles that we no longer need to complete the rest. 741 CloseHandle(pinfo.hThread); 742 pinfo.hThread = NULL; 743 744 nul_read.reset(); 745 ack_write.reset(); 746 stdout_write.reset(); 747 stderr_write.reset(); 748 749 // Start threads to read from subprocess stdout/stderr and write to ours to make subprocess 750 // errors easier to diagnose. Note that the threads internally create inheritable handles, but 751 // that is ok because we've already spawned the subprocess. 752 753 // In the past, reading from a pipe before the child process's C Runtime 754 // started up and called GetFileType() caused a hang: http://blogs.msdn.com/b/oldnewthing/archive/2011/12/02/10243553.aspx#10244216 755 // This is reportedly fixed in Windows Vista: https://support.microsoft.com/en-us/kb/2009703 756 // I was unable to reproduce the problem on Windows XP. It sounds like a 757 // Windows Update may have fixed this: https://www.duckware.com/tech/peeknamedpipe.html 758 unique_handle stdout_thread(reinterpret_cast<HANDLE>( 759 _beginthreadex(NULL, 0, _redirect_stdout_thread, stdout_read.get(), 760 0, NULL))); 761 if (stdout_thread.get() == nullptr) { 762 fprintf(stderr, "Cannot create thread: %s\n", strerror(errno)); 763 return -1; 764 } 765 stdout_read.release(); // Transfer ownership to new thread 766 767 unique_handle stderr_thread(reinterpret_cast<HANDLE>( 768 _beginthreadex(NULL, 0, _redirect_stderr_thread, stderr_read.get(), 769 0, NULL))); 770 if (stderr_thread.get() == nullptr) { 771 fprintf(stderr, "Cannot create thread: %s\n", strerror(errno)); 772 return -1; 773 } 774 stderr_read.release(); // Transfer ownership to new thread 775 776 bool got_ack = false; 777 778 // Wait for the "OK\n" message, for the pipe to be closed, or other error. 779 { 780 char temp[3]; 781 DWORD count = 0; 782 783 if (ReadFile(ack_read.get(), temp, sizeof(temp), &count, NULL)) { 784 const CHAR expected[] = "OK\n"; 785 const DWORD expected_length = arraysize(expected) - 1; 786 if (count == expected_length && 787 memcmp(temp, expected, expected_length) == 0) { 788 got_ack = true; 789 } else { 790 fprintf(stderr, "ADB server didn't ACK\n"); 791 } 792 } else { 793 const DWORD err = GetLastError(); 794 // If the ACK was not written and the process exited, GetLastError() 795 // is probably ERROR_BROKEN_PIPE, in which case that info is not 796 // useful to the user. 797 fprintf(stderr, "could not read ok from ADB Server%s\n", 798 err == ERROR_BROKEN_PIPE ? "" : 799 android::base::StringPrintf(": %s", 800 android::base::SystemErrorCodeToString(err).c_str()).c_str()); 801 } 802 } 803 804 // Always try to wait a bit for threads reading stdout/stderr to finish. 805 // If the process started ok, it should close the pipes causing the threads 806 // to finish. If the process had an error, it should exit, also causing 807 // the pipes to be closed. In that case we want to read all of the output 808 // and write it out so that the user can diagnose failures. 809 const DWORD thread_timeout_ms = 15 * 1000; 810 const HANDLE threads[] = { stdout_thread.get(), stderr_thread.get() }; 811 const DWORD wait_result = WaitForMultipleObjects(arraysize(threads), 812 threads, TRUE, thread_timeout_ms); 813 if (wait_result == WAIT_TIMEOUT) { 814 // Threads did not finish after waiting a little while. Perhaps the 815 // server didn't close pipes, or it is hung. 816 fprintf(stderr, "Timed-out waiting for threads to finish reading from " 817 "ADB Server\n"); 818 // Process handles are signaled when the process exits, so if we wait 819 // on the handle for 0 seconds and it returns 'timeout', that means that 820 // the process is still running. 821 if (WaitForSingleObject(process_handle.get(), 0) == WAIT_TIMEOUT) { 822 // We could TerminateProcess(), but that seems somewhat presumptive. 823 fprintf(stderr, "ADB Server is running: process id %lu\n", 824 pinfo.dwProcessId); 825 } 826 return -1; 827 } 828 829 if (wait_result != WAIT_OBJECT_0) { 830 fprintf(stderr, "Unexpected result waiting for threads: %lu: %s\n", 831 wait_result, android::base::SystemErrorCodeToString(GetLastError()).c_str()); 832 return -1; 833 } 834 835 // For now ignore the thread exit codes and assume they worked properly. 836 837 if (!got_ack) { 838 return -1; 839 } 840 #else /* !defined(_WIN32) */ 841 char path[PATH_MAX]; 842 int fd[2]; 843 844 // set up a pipe so the child can tell us when it is ready. 845 // fd[0] will be parent's end, and the child will write on fd[1] 846 if (pipe(fd)) { 847 fprintf(stderr, "pipe failed in launch_server, errno: %d\n", errno); 848 return -1; 849 } 850 get_my_path(path, PATH_MAX); 851 pid_t pid = fork(); 852 if(pid < 0) return -1; 853 854 if (pid == 0) { 855 // child side of the fork 856 857 adb_close(fd[0]); 858 859 char str_port[30]; 860 snprintf(str_port, sizeof(str_port), "%d", server_port); 861 char reply_fd[30]; 862 snprintf(reply_fd, sizeof(reply_fd), "%d", fd[1]); 863 // child process 864 int result = execl(path, "adb", "-P", str_port, "fork-server", "server", "--reply-fd", reply_fd, NULL); 865 // this should not return 866 fprintf(stderr, "OOPS! execl returned %d, errno: %d\n", result, errno); 867 } else { 868 // parent side of the fork 869 870 char temp[3]; 871 872 temp[0] = 'A'; temp[1] = 'B'; temp[2] = 'C'; 873 // wait for the "OK\n" message 874 adb_close(fd[1]); 875 int ret = adb_read(fd[0], temp, 3); 876 int saved_errno = errno; 877 adb_close(fd[0]); 878 if (ret < 0) { 879 fprintf(stderr, "could not read ok from ADB Server, errno = %d\n", saved_errno); 880 return -1; 881 } 882 if (ret != 3 || temp[0] != 'O' || temp[1] != 'K' || temp[2] != '\n') { 883 fprintf(stderr, "ADB server didn't ACK\n" ); 884 return -1; 885 } 886 } 887 #endif /* !defined(_WIN32) */ 888 return 0; 889 } 890 #endif /* ADB_HOST */ 891 892 // Try to handle a network forwarding request. 893 // This returns 1 on success, 0 on failure, and -1 to indicate this is not 894 // a forwarding-related request. 895 int handle_forward_request(const char* service, TransportType type, const char* serial, int reply_fd) 896 { 897 if (!strcmp(service, "list-forward")) { 898 // Create the list of forward redirections. 899 std::string listeners = format_listeners(); 900 #if ADB_HOST 901 SendOkay(reply_fd); 902 #endif 903 return SendProtocolString(reply_fd, listeners); 904 } 905 906 if (!strcmp(service, "killforward-all")) { 907 remove_all_listeners(); 908 #if ADB_HOST 909 /* On the host: 1st OKAY is connect, 2nd OKAY is status */ 910 SendOkay(reply_fd); 911 #endif 912 SendOkay(reply_fd); 913 return 1; 914 } 915 916 if (!strncmp(service, "forward:", 8) || !strncmp(service, "killforward:", 12)) { 917 // killforward:local 918 // forward:(norebind:)?local;remote 919 bool kill_forward = false; 920 bool no_rebind = false; 921 if (android::base::StartsWith(service, "killforward:")) { 922 kill_forward = true; 923 service += 12; 924 } else { 925 service += 8; // skip past "forward:" 926 if (android::base::StartsWith(service, "norebind:")) { 927 no_rebind = true; 928 service += 9; 929 } 930 } 931 932 std::vector<std::string> pieces = android::base::Split(service, ";"); 933 934 if (kill_forward) { 935 // Check killforward: parameter format: '<local>' 936 if (pieces.size() != 1 || pieces[0].empty()) { 937 SendFail(reply_fd, android::base::StringPrintf("bad killforward: %s", service)); 938 return 1; 939 } 940 } else { 941 // Check forward: parameter format: '<local>;<remote>' 942 if (pieces.size() != 2 || pieces[0].empty() || pieces[1].empty() || pieces[1][0] == '*') { 943 SendFail(reply_fd, android::base::StringPrintf("bad forward: %s", service)); 944 return 1; 945 } 946 } 947 948 std::string error_msg; 949 atransport* transport = acquire_one_transport(type, serial, nullptr, &error_msg); 950 if (!transport) { 951 SendFail(reply_fd, error_msg); 952 return 1; 953 } 954 955 std::string error; 956 InstallStatus r; 957 if (kill_forward) { 958 r = remove_listener(pieces[0].c_str(), transport); 959 } else { 960 r = install_listener(pieces[0], pieces[1].c_str(), transport, 961 no_rebind, &error); 962 } 963 if (r == INSTALL_STATUS_OK) { 964 #if ADB_HOST 965 /* On the host: 1st OKAY is connect, 2nd OKAY is status */ 966 SendOkay(reply_fd); 967 #endif 968 SendOkay(reply_fd); 969 return 1; 970 } 971 972 std::string message; 973 switch (r) { 974 case INSTALL_STATUS_OK: message = "success (!)"; break; 975 case INSTALL_STATUS_INTERNAL_ERROR: message = "internal error"; break; 976 case INSTALL_STATUS_CANNOT_BIND: 977 message = android::base::StringPrintf("cannot bind listener: %s", 978 error.c_str()); 979 break; 980 case INSTALL_STATUS_CANNOT_REBIND: 981 message = android::base::StringPrintf("cannot rebind existing socket"); 982 break; 983 case INSTALL_STATUS_LISTENER_NOT_FOUND: 984 message = android::base::StringPrintf("listener '%s' not found", service); 985 break; 986 } 987 SendFail(reply_fd, message); 988 return 1; 989 } 990 return 0; 991 } 992 993 #if ADB_HOST 994 static int SendOkay(int fd, const std::string& s) { 995 SendOkay(fd); 996 SendProtocolString(fd, s); 997 return 0; 998 } 999 #endif 1000 1001 int handle_host_request(const char* service, TransportType type, 1002 const char* serial, int reply_fd, asocket* s) { 1003 if (strcmp(service, "kill") == 0) { 1004 fprintf(stderr, "adb server killed by remote request\n"); 1005 fflush(stdout); 1006 SendOkay(reply_fd); 1007 1008 // On Windows, if the process exits with open sockets that 1009 // shutdown(SD_SEND) has not been called on, TCP RST segments will be 1010 // sent to the peers which will cause their next recv() to error-out 1011 // with WSAECONNRESET. In the case of this code, that means the client 1012 // may not read the OKAY sent above. 1013 adb_shutdown(reply_fd); 1014 1015 exit(0); 1016 } 1017 1018 #if ADB_HOST 1019 // "transport:" is used for switching transport with a specified serial number 1020 // "transport-usb:" is used for switching transport to the only USB transport 1021 // "transport-local:" is used for switching transport to the only local transport 1022 // "transport-any:" is used for switching transport to the only transport 1023 if (!strncmp(service, "transport", strlen("transport"))) { 1024 TransportType type = kTransportAny; 1025 1026 if (!strncmp(service, "transport-usb", strlen("transport-usb"))) { 1027 type = kTransportUsb; 1028 } else if (!strncmp(service, "transport-local", strlen("transport-local"))) { 1029 type = kTransportLocal; 1030 } else if (!strncmp(service, "transport-any", strlen("transport-any"))) { 1031 type = kTransportAny; 1032 } else if (!strncmp(service, "transport:", strlen("transport:"))) { 1033 service += strlen("transport:"); 1034 serial = service; 1035 } 1036 1037 std::string error; 1038 atransport* t = acquire_one_transport(type, serial, nullptr, &error); 1039 if (t != nullptr) { 1040 s->transport = t; 1041 SendOkay(reply_fd); 1042 } else { 1043 SendFail(reply_fd, error); 1044 } 1045 return 1; 1046 } 1047 1048 // return a list of all connected devices 1049 if (!strncmp(service, "devices", 7)) { 1050 bool long_listing = (strcmp(service+7, "-l") == 0); 1051 if (long_listing || service[7] == 0) { 1052 D("Getting device list..."); 1053 std::string device_list = list_transports(long_listing); 1054 D("Sending device list..."); 1055 return SendOkay(reply_fd, device_list); 1056 } 1057 return 1; 1058 } 1059 1060 if (!strcmp(service, "features")) { 1061 std::string error; 1062 atransport* t = acquire_one_transport(type, serial, nullptr, &error); 1063 if (t != nullptr) { 1064 SendOkay(reply_fd, FeatureSetToString(t->features())); 1065 } else { 1066 SendFail(reply_fd, error); 1067 } 1068 return 0; 1069 } 1070 1071 // remove TCP transport 1072 if (!strncmp(service, "disconnect:", 11)) { 1073 const std::string address(service + 11); 1074 if (address.empty()) { 1075 kick_all_tcp_devices(); 1076 return SendOkay(reply_fd, "disconnected everything"); 1077 } 1078 1079 std::string serial; 1080 std::string host; 1081 int port = DEFAULT_ADB_LOCAL_TRANSPORT_PORT; 1082 std::string error; 1083 if (!android::base::ParseNetAddress(address, &host, &port, &serial, &error)) { 1084 return SendFail(reply_fd, android::base::StringPrintf("couldn't parse '%s': %s", 1085 address.c_str(), error.c_str())); 1086 } 1087 atransport* t = find_transport(serial.c_str()); 1088 if (t == nullptr) { 1089 return SendFail(reply_fd, android::base::StringPrintf("no such device '%s'", 1090 serial.c_str())); 1091 } 1092 kick_transport(t); 1093 return SendOkay(reply_fd, android::base::StringPrintf("disconnected %s", address.c_str())); 1094 } 1095 1096 // Returns our value for ADB_SERVER_VERSION. 1097 if (!strcmp(service, "version")) { 1098 return SendOkay(reply_fd, android::base::StringPrintf("%04x", ADB_SERVER_VERSION)); 1099 } 1100 1101 // These always report "unknown" rather than the actual error, for scripts. 1102 if (!strcmp(service, "get-serialno")) { 1103 std::string error; 1104 atransport* t = acquire_one_transport(type, serial, nullptr, &error); 1105 if (t) { 1106 return SendOkay(reply_fd, t->serial ? t->serial : "unknown"); 1107 } else { 1108 return SendFail(reply_fd, error); 1109 } 1110 } 1111 if (!strcmp(service, "get-devpath")) { 1112 std::string error; 1113 atransport* t = acquire_one_transport(type, serial, nullptr, &error); 1114 if (t) { 1115 return SendOkay(reply_fd, t->devpath ? t->devpath : "unknown"); 1116 } else { 1117 return SendFail(reply_fd, error); 1118 } 1119 } 1120 if (!strcmp(service, "get-state")) { 1121 std::string error; 1122 atransport* t = acquire_one_transport(type, serial, nullptr, &error); 1123 if (t) { 1124 return SendOkay(reply_fd, t->connection_state_name()); 1125 } else { 1126 return SendFail(reply_fd, error); 1127 } 1128 } 1129 1130 // Indicates a new emulator instance has started. 1131 if (!strncmp(service, "emulator:", 9)) { 1132 int port = atoi(service+9); 1133 local_connect(port); 1134 /* we don't even need to send a reply */ 1135 return 0; 1136 } 1137 1138 if (!strcmp(service, "reconnect")) { 1139 if (s->transport != nullptr) { 1140 kick_transport(s->transport); 1141 } 1142 return SendOkay(reply_fd, "done"); 1143 } 1144 #endif // ADB_HOST 1145 1146 int ret = handle_forward_request(service, type, serial, reply_fd); 1147 if (ret >= 0) 1148 return ret - 1; 1149 return -1; 1150 } 1151
