diff options
| author |  Martin Szulecki | 2014-03-21 00:16:29 +0100 |
|---|---|---|
| committer | Martin Szulecki | 2014-03-21 00:16:29 +0100 |
| commit | d1ccd4eeebc94dac11140ae77b73392d0763d3a4 (patch) | |
| tree | fb5fa6cab2bdaf55b28004921960d331db59bf7b /src/idevice.c | |
| parent | 88ce6113593158944630435678e689bf155d9a03 (diff) | |
| download | libimobiledevice-d1ccd4eeebc94dac11140ae77b73392d0763d3a4.tar.gz libimobiledevice-d1ccd4eeebc94dac11140ae77b73392d0763d3a4.tar.bz2 | |
Refactor pair record handling to use new usbmuxd pair record interface
This refactoring is mandatory as libimobiledevice should not interact with
the pair record configuration directory which is owned by the usbmuxd user.
This change also adds compatibility for the native usbmuxd and thus pair
records saved by iTunes.
Diffstat (limited to 'src/idevice.c')
| -rw-r--r-- | src/idevice.c | 31 |
1 files changed, 18 insertions, 13 deletions
diff --git a/src/idevice.c b/src/idevice.c index d01aa8f..c656517 100644 --- a/src/idevice.c +++ b/src/idevice.c | |||
| @@ -511,7 +511,7 @@ static ssize_t internal_ssl_read(gnutls_transport_ptr_t transport, char *buffer, | |||
| 511 | 511 | ||
| 512 | debug_info("pre-read client wants %zi bytes", length); | 512 | debug_info("pre-read client wants %zi bytes", length); |
| 513 | 513 | ||
| 514 | recv_buffer = (char *) malloc(sizeof(char) * this_len); | 514 | recv_buffer = (char *)malloc(sizeof(char) * this_len); |
| 515 | 515 | ||
| 516 | /* repeat until we have the full data or an error occurs */ | 516 | /* repeat until we have the full data or an error occurs */ |
| 517 | do { | 517 | do { |
| @@ -637,12 +637,12 @@ static const char *errorstring(int e) | |||
| 637 | /** | 637 | /** |
| 638 | * Internally used gnutls callback function that gets called during handshake. | 638 | * Internally used gnutls callback function that gets called during handshake. |
| 639 | */ | 639 | */ |
| 640 | static int internal_cert_callback (gnutls_session_t session, const gnutls_datum_t * req_ca_rdn, int nreqs, const gnutls_pk_algorithm_t * sign_algos, int sign_algos_length, gnutls_retr_st * st) | 640 | static int internal_cert_callback(gnutls_session_t session, const gnutls_datum_t * req_ca_rdn, int nreqs, const gnutls_pk_algorithm_t * sign_algos, int sign_algos_length, gnutls_retr_st * st) |
| 641 | { | 641 | { |
| 642 | int res = -1; | 642 | int res = -1; |
| 643 | gnutls_certificate_type_t type = gnutls_certificate_type_get (session); | 643 | gnutls_certificate_type_t type = gnutls_certificate_type_get(session); |
| 644 | if (type == GNUTLS_CRT_X509) { | 644 | if (type == GNUTLS_CRT_X509) { |
| 645 | ssl_data_t ssl_data = (ssl_data_t)gnutls_session_get_ptr (session); | 645 | ssl_data_t ssl_data = (ssl_data_t)gnutls_session_get_ptr(session); |
| 646 | if (ssl_data && ssl_data->host_privkey && ssl_data->host_cert) { | 646 | if (ssl_data && ssl_data->host_privkey && ssl_data->host_cert) { |
| 647 | debug_info("Passing certificate"); | 647 | debug_info("Passing certificate"); |
| 648 | st->type = type; | 648 | st->type = type; |
| @@ -673,15 +673,20 @@ idevice_error_t idevice_connection_enable_ssl(idevice_connection_t connection) | |||
| 673 | 673 | ||
| 674 | idevice_error_t ret = IDEVICE_E_SSL_ERROR; | 674 | idevice_error_t ret = IDEVICE_E_SSL_ERROR; |
| 675 | uint32_t return_me = 0; | 675 | uint32_t return_me = 0; |
| 676 | plist_t pair_record = NULL; | ||
| 677 | |||
| 678 | userpref_read_pair_record(connection->udid, &pair_record); | ||
| 679 | if (!pair_record) { | ||
| 680 | debug_info("ERROR: Failed enabling SSL. Unable to read pair record for udid %s.", connection->udid); | ||
| 681 | return ret; | ||
| 682 | } | ||
| 676 | 683 | ||
| 677 | #ifdef HAVE_OPENSSL | 684 | #ifdef HAVE_OPENSSL |
| 678 | key_data_t root_cert = { NULL, 0 }; | 685 | key_data_t root_cert = { NULL, 0 }; |
| 679 | key_data_t root_privkey = { NULL, 0 }; | 686 | key_data_t root_privkey = { NULL, 0 }; |
| 680 | 687 | ||
| 681 | userpref_error_t uerr = userpref_device_record_get_keys_and_certs(connection->udid, &root_privkey, &root_cert, NULL, NULL); | 688 | pair_record_import_key_with_name(pair_record, USERPREF_ROOT_CERTIFICATE_KEY, &root_cert); |
| 682 | if (uerr != USERPREF_E_SUCCESS) { | 689 | pair_record_import_key_with_name(pair_record, USERPREF_ROOT_PRIVATE_KEY_KEY, &root_privkey); |
| 683 | debug_info("Error %d when loading keys and certificates! %d", uerr); | ||
| 684 | } | ||
| 685 | 690 | ||
| 686 | /* Set up OpenSSL */ | 691 | /* Set up OpenSSL */ |
| 687 | if (openssl_init_done == 0) { | 692 | if (openssl_init_done == 0) { |
| @@ -756,7 +761,7 @@ idevice_error_t idevice_connection_enable_ssl(idevice_connection_t connection) | |||
| 756 | errno = 0; | 761 | errno = 0; |
| 757 | gnutls_global_init(); | 762 | gnutls_global_init(); |
| 758 | gnutls_certificate_allocate_credentials(&ssl_data_loc->certificate); | 763 | gnutls_certificate_allocate_credentials(&ssl_data_loc->certificate); |
| 759 | gnutls_certificate_client_set_retrieve_function (ssl_data_loc->certificate, internal_cert_callback); | 764 | gnutls_certificate_client_set_retrieve_function(ssl_data_loc->certificate, internal_cert_callback); |
| 760 | gnutls_init(&ssl_data_loc->session, GNUTLS_CLIENT); | 765 | gnutls_init(&ssl_data_loc->session, GNUTLS_CLIENT); |
| 761 | gnutls_priority_set_direct(ssl_data_loc->session, "NONE:+VERS-SSL3.0:+ANON-DH:+RSA:+AES-128-CBC:+AES-256-CBC:+SHA1:+MD5:+COMP-NULL", NULL); | 766 | gnutls_priority_set_direct(ssl_data_loc->session, "NONE:+VERS-SSL3.0:+ANON-DH:+RSA:+AES-128-CBC:+AES-256-CBC:+SHA1:+MD5:+COMP-NULL", NULL); |
| 762 | gnutls_credentials_set(ssl_data_loc->session, GNUTLS_CRD_CERTIFICATE, ssl_data_loc->certificate); | 767 | gnutls_credentials_set(ssl_data_loc->session, GNUTLS_CRD_CERTIFICATE, ssl_data_loc->certificate); |
| @@ -767,10 +772,10 @@ idevice_error_t idevice_connection_enable_ssl(idevice_connection_t connection) | |||
| 767 | gnutls_x509_privkey_init(&ssl_data_loc->root_privkey); | 772 | gnutls_x509_privkey_init(&ssl_data_loc->root_privkey); |
| 768 | gnutls_x509_privkey_init(&ssl_data_loc->host_privkey); | 773 | gnutls_x509_privkey_init(&ssl_data_loc->host_privkey); |
| 769 | 774 | ||
| 770 | userpref_error_t uerr = userpref_device_record_get_keys_and_certs(connection->udid, ssl_data_loc->root_privkey, ssl_data_loc->root_cert, ssl_data_loc->host_privkey, ssl_data_loc->host_cert); | 775 | pair_record_import_key_with_name(pair_record, USERPREF_ROOT_CERTIFICATE_KEY, ssl_data_loc->root_cert); |
| 771 | if (uerr != USERPREF_E_SUCCESS) { | 776 | pair_record_import_key_with_name(pair_record, USERPREF_HOST_CERTIFICATE_KEY, ssl_data_loc->host_cert); |
| 772 | debug_info("Error %d when loading keys and certificates! %d", uerr); | 777 | pair_record_import_key_with_name(pair_record, USERPREF_ROOT_PRIVATE_KEY_KEY, ssl_data_loc->root_privkey); |
| 773 | } | 778 | pair_record_import_key_with_name(pair_record, USERPREF_HOST_PRIVATE_KEY_KEY, ssl_data_loc->host_privkey); |
| 774 | 779 | ||
| 775 | debug_info("GnuTLS step 1..."); | 780 | debug_info("GnuTLS step 1..."); |
| 776 | gnutls_transport_set_ptr(ssl_data_loc->session, (gnutls_transport_ptr_t)connection); | 781 | gnutls_transport_set_ptr(ssl_data_loc->session, (gnutls_transport_ptr_t)connection); |