diff options
| author |  Matt Colyer | 2008-08-19 09:48:24 -0700 |
|---|---|---|
| committer | Matt Colyer | 2008-08-19 09:48:24 -0700 |
| commit | a55c3e762bceab49be53a76381ad28f818fb70b6 (patch) | |
| tree | 241c56c92c32ca8ead393f0f4e4fa19705a89659 /src/lockdown.c | |
| parent | bc68ec7c3b8d37a2d3b8127e5591e9b505fd14cd (diff) | |
| download | libimobiledevice-a55c3e762bceab49be53a76381ad28f818fb70b6.tar.gz libimobiledevice-a55c3e762bceab49be53a76381ad28f818fb70b6.tar.bz2 | |
Put some very elementary error checking to ensure that initconf has been run.
Diffstat (limited to 'src/lockdown.c')
| -rw-r--r-- | src/lockdown.c | 53 |
1 files changed, 33 insertions, 20 deletions
diff --git a/src/lockdown.c b/src/lockdown.c index 7f938fb..cb57ca9 100644 --- a/src/lockdown.c +++ b/src/lockdown.c | |||
| @@ -228,6 +228,9 @@ int lockdownd_get_device_public_key(lockdownd_client *control, char **public_key | |||
| 228 | return success; | 228 | return success; |
| 229 | } | 229 | } |
| 230 | 230 | ||
| 231 | /** | ||
| 232 | * @return 1 on success and 0 on failure | ||
| 233 | */ | ||
| 231 | int lockdownd_init(iPhone *phone, lockdownd_client **control) | 234 | int lockdownd_init(iPhone *phone, lockdownd_client **control) |
| 232 | { | 235 | { |
| 233 | int ret = 0; | 236 | int ret = 0; |
| @@ -251,22 +254,27 @@ int lockdownd_init(iPhone *phone, lockdownd_client **control) | |||
| 251 | 254 | ||
| 252 | if (!is_device_known(public_key)){ | 255 | if (!is_device_known(public_key)){ |
| 253 | ret = lockdownd_pair_device(*control, public_key, host_id); | 256 | ret = lockdownd_pair_device(*control, public_key, host_id); |
| 257 | }else{ | ||
| 258 | ret = 1; | ||
| 254 | } | 259 | } |
| 255 | free(public_key); | 260 | free(public_key); |
| 256 | public_key = NULL; | 261 | public_key = NULL; |
| 257 | 262 | ||
| 258 | if (ret && host_id && !lockdownd_start_SSL_session(*control, host_id)) { | 263 | if (ret && host_id && lockdownd_start_SSL_session(*control, host_id)) { |
| 259 | ret = 1; | 264 | ret = 1; |
| 260 | free(host_id); | 265 | free(host_id); |
| 261 | host_id = NULL; | 266 | host_id = NULL; |
| 262 | } else { | 267 | } else { |
| 263 | ret = 0; | 268 | ret = 0; |
| 264 | fprintf(stderr, "SSL Session opening failed.\n"); | 269 | fprintf(stderr, "lockdownd_init: SSL Session opening failed, has libiphone-initconf been run?\n"); |
| 265 | } | 270 | } |
| 266 | 271 | ||
| 267 | return ret; | 272 | return ret; |
| 268 | } | 273 | } |
| 269 | 274 | ||
| 275 | /** | ||
| 276 | * @return 1 on success and 0 on failure | ||
| 277 | */ | ||
| 270 | int lockdownd_pair_device(lockdownd_client *control, char *public_key_b64, char *host_id) | 278 | int lockdownd_pair_device(lockdownd_client *control, char *public_key_b64, char *host_id) |
| 271 | { | 279 | { |
| 272 | int ret = 0; | 280 | int ret = 0; |
| @@ -282,7 +290,9 @@ int lockdownd_pair_device(lockdownd_client *control, char *public_key_b64, char | |||
| 282 | char* host_cert_b64 = NULL; | 290 | char* host_cert_b64 = NULL; |
| 283 | char* root_cert_b64 = NULL; | 291 | char* root_cert_b64 = NULL; |
| 284 | 292 | ||
| 285 | lockdownd_gen_pair_cert(public_key_b64, &device_cert_b64, &host_cert_b64, &root_cert_b64); | 293 | if(!lockdownd_gen_pair_cert(public_key_b64, &device_cert_b64, &host_cert_b64, &root_cert_b64)){ |
| 294 | return 0; | ||
| 295 | } | ||
| 286 | 296 | ||
| 287 | /* Setup Pair request plist */ | 297 | /* Setup Pair request plist */ |
| 288 | dict = add_child_to_plist(plist, "dict", "\n", NULL, 0); | 298 | dict = add_child_to_plist(plist, "dict", "\n", NULL, 0); |
| @@ -349,9 +359,12 @@ int lockdownd_pair_device(lockdownd_client *control, char *public_key_b64, char | |||
| 349 | return ret; | 359 | return ret; |
| 350 | } | 360 | } |
| 351 | 361 | ||
| 362 | /** | ||
| 363 | * @return 1 on success and 0 on failure. | ||
| 364 | */ | ||
| 352 | int lockdownd_gen_pair_cert(char *public_key_b64, char **device_cert_b64, char **host_cert_b64, char **root_cert_b64) | 365 | int lockdownd_gen_pair_cert(char *public_key_b64, char **device_cert_b64, char **host_cert_b64, char **root_cert_b64) |
| 353 | { | 366 | { |
| 354 | int ret = 0; | 367 | int ret = 0, error = 0; |
| 355 | 368 | ||
| 356 | gnutls_datum_t modulus = {NULL, 0}; | 369 | gnutls_datum_t modulus = {NULL, 0}; |
| 357 | gnutls_datum_t exponent = {NULL, 0}; | 370 | gnutls_datum_t exponent = {NULL, 0}; |
| @@ -415,24 +428,23 @@ int lockdownd_gen_pair_cert(char *public_key_b64, char **device_cert_b64, char * | |||
| 415 | 428 | ||
| 416 | /* get root cert */ | 429 | /* get root cert */ |
| 417 | gnutls_datum_t pem_root_cert = {NULL, 0}; | 430 | gnutls_datum_t pem_root_cert = {NULL, 0}; |
| 418 | ret = get_root_certificate(&pem_root_cert); | 431 | get_root_certificate(&pem_root_cert); |
| 419 | ret = gnutls_x509_crt_import (root_cert, &pem_root_cert, GNUTLS_X509_FMT_PEM); | 432 | ret = gnutls_x509_crt_import(root_cert, &pem_root_cert, GNUTLS_X509_FMT_PEM); |
| 420 | 433 | if (ret != GNUTLS_E_SUCCESS) error = 1; | |
| 421 | 434 | ||
| 422 | /* get host cert */ | 435 | /* get host cert */ |
| 423 | gnutls_datum_t pem_host_cert = {NULL, 0}; | 436 | gnutls_datum_t pem_host_cert = {NULL, 0}; |
| 424 | ret = get_host_certificate(&pem_host_cert); | 437 | get_host_certificate(&pem_host_cert); |
| 425 | ret = gnutls_x509_crt_import (host_cert, &pem_host_cert, GNUTLS_X509_FMT_PEM); | 438 | ret = gnutls_x509_crt_import(host_cert, &pem_host_cert, GNUTLS_X509_FMT_PEM); |
| 426 | 439 | if (ret != GNUTLS_E_SUCCESS) error = 1; | |
| 427 | 440 | ||
| 428 | /* get root private key */ | 441 | /* get root private key */ |
| 429 | gnutls_datum_t pem_root_priv = {NULL, 0}; | 442 | gnutls_datum_t pem_root_priv = {NULL, 0}; |
| 430 | ret = get_root_private_key(&pem_root_priv); | 443 | get_root_private_key(&pem_root_priv); |
| 431 | ret = gnutls_x509_privkey_import (root_privkey, &pem_root_priv, GNUTLS_X509_FMT_PEM); | 444 | ret = gnutls_x509_privkey_import(root_privkey, &pem_root_priv, GNUTLS_X509_FMT_PEM); |
| 432 | 445 | if (ret != GNUTLS_E_SUCCESS) error = 1; | |
| 433 | 446 | ||
| 434 | /* generate device certificate */ | 447 | /* generate device certificate */ |
| 435 | |||
| 436 | gnutls_x509_crt_set_key(dev_cert, fake_privkey); | 448 | gnutls_x509_crt_set_key(dev_cert, fake_privkey); |
| 437 | gnutls_x509_crt_set_serial(dev_cert, "\x00", 1); | 449 | gnutls_x509_crt_set_serial(dev_cert, "\x00", 1); |
| 438 | gnutls_x509_crt_set_version(dev_cert, 3); | 450 | gnutls_x509_crt_set_version(dev_cert, 3); |
| @@ -441,12 +453,8 @@ int lockdownd_gen_pair_cert(char *public_key_b64, char **device_cert_b64, char * | |||
| 441 | gnutls_x509_crt_set_expiration_time(dev_cert, time(NULL) + (60 * 60 * 24 * 365 * 10)); | 453 | gnutls_x509_crt_set_expiration_time(dev_cert, time(NULL) + (60 * 60 * 24 * 365 * 10)); |
| 442 | gnutls_x509_crt_sign(dev_cert, root_cert, root_privkey); | 454 | gnutls_x509_crt_sign(dev_cert, root_cert, root_privkey); |
| 443 | 455 | ||
| 444 | //TODO handle errors | 456 | if (!error) { |
| 445 | ret = 1; | ||
| 446 | |||
| 447 | if (ret) { | ||
| 448 | /* if everything went well, export in PEM format */ | 457 | /* if everything went well, export in PEM format */ |
| 449 | |||
| 450 | gnutls_datum_t dev_pem = {NULL, 0}; | 458 | gnutls_datum_t dev_pem = {NULL, 0}; |
| 451 | size_t crt_size; | 459 | size_t crt_size; |
| 452 | gnutls_x509_crt_export(dev_cert, GNUTLS_X509_FMT_PEM, NULL, &crt_size); | 460 | gnutls_x509_crt_export(dev_cert, GNUTLS_X509_FMT_PEM, NULL, &crt_size); |
| @@ -472,7 +480,12 @@ int lockdownd_gen_pair_cert(char *public_key_b64, char **device_cert_b64, char * | |||
| 472 | 480 | ||
| 473 | gnutls_free(der_pub_key.data); | 481 | gnutls_free(der_pub_key.data); |
| 474 | g_free(pem_pub_key.data); | 482 | g_free(pem_pub_key.data); |
| 475 | return ret; | 483 | |
| 484 | if (error) { | ||
| 485 | return 0; | ||
| 486 | } else { | ||
| 487 | return ret; | ||
| 488 | } | ||
| 476 | } | 489 | } |
| 477 | 490 | ||
| 478 | int lockdownd_start_SSL_session(lockdownd_client *control, const char *HostID) { | 491 | int lockdownd_start_SSL_session(lockdownd_client *control, const char *HostID) { |