summaryrefslogtreecommitdiffstats
path: root/src/lockdown.c
diff options
context:
space:
mode:
authorGravatar Martin Szulecki2009-11-18 20:03:44 +0100
committerGravatar Martin Szulecki2009-11-18 20:03:44 +0100
commitb15705c7b8cf85df53d610bbe5dd34654cdadc6f (patch)
tree057f33e097c4d6ee1538b7f752b5120d0a77bad4 /src/lockdown.c
parentfea0152549d5e77f914f75c0ac315f30f9e26426 (diff)
parent91f9e449f7432d8b609d5550a2abae47bb7b9aff (diff)
downloadlibimobiledevice-b15705c7b8cf85df53d610bbe5dd34654cdadc6f.tar.gz
libimobiledevice-b15705c7b8cf85df53d610bbe5dd34654cdadc6f.tar.bz2
Merge branch 'master' of git://github.com/MattColyer/libiphone into martin
Diffstat (limited to 'src/lockdown.c')
-rw-r--r--src/lockdown.c47
1 files changed, 23 insertions, 24 deletions
diff --git a/src/lockdown.c b/src/lockdown.c
index 80a89dc..3bfd16f 100644
--- a/src/lockdown.c
+++ b/src/lockdown.c
@@ -172,12 +172,14 @@ static lockdownd_error_t lockdownd_stop_ssl_session(lockdownd_client_t client)
172 log_dbg_msg(DBGMASK_LOCKDOWND, "%s: stopping SSL session\n", __func__); 172 log_dbg_msg(DBGMASK_LOCKDOWND, "%s: stopping SSL session\n", __func__);
173 ret = lockdownd_stop_session(client, client->session_id); 173 ret = lockdownd_stop_session(client, client->session_id);
174 log_dbg_msg(DBGMASK_LOCKDOWND, "%s: sending SSL close notify\n", __func__); 174 log_dbg_msg(DBGMASK_LOCKDOWND, "%s: sending SSL close notify\n", __func__);
175 gnutls_bye(*client->ssl_session, GNUTLS_SHUT_RDWR); 175 gnutls_bye(client->ssl_session, GNUTLS_SHUT_RDWR);
176 } 176 }
177 if (client->ssl_session) { 177 if (client->ssl_session) {
178 gnutls_deinit(*client->ssl_session); 178 gnutls_deinit(client->ssl_session);
179 free(client->ssl_session); 179 }
180 } 180 if (client->ssl_certificate) {
181 gnutls_certificate_free_credentials(client->ssl_certificate);
182 }
181 client->in_SSL = 0; 183 client->in_SSL = 0;
182 184
183 return ret; 185 return ret;
@@ -229,7 +231,7 @@ lockdownd_error_t lockdownd_recv(lockdownd_client_t client, plist_t *plist)
229 if (!client->in_SSL) 231 if (!client->in_SSL)
230 ret = iphone_device_recv(client->connection, (char *) &datalen, sizeof(datalen), &bytes); 232 ret = iphone_device_recv(client->connection, (char *) &datalen, sizeof(datalen), &bytes);
231 else { 233 else {
232 ssize_t res = gnutls_record_recv(*client->ssl_session, &datalen, sizeof(datalen)); 234 ssize_t res = gnutls_record_recv(client->ssl_session, &datalen, sizeof(datalen));
233 if (res < 0) { 235 if (res < 0) {
234 log_dbg_msg(DBGMASK_LOCKDOWND, "gnutls_record_recv: Error occured: %s\n", gnutls_strerror(res)); 236 log_dbg_msg(DBGMASK_LOCKDOWND, "gnutls_record_recv: Error occured: %s\n", gnutls_strerror(res));
235 return LOCKDOWN_E_SSL_ERROR; 237 return LOCKDOWN_E_SSL_ERROR;
@@ -252,7 +254,7 @@ lockdownd_error_t lockdownd_recv(lockdownd_client_t client, plist_t *plist)
252 } else { 254 } else {
253 ssize_t res = 0; 255 ssize_t res = 0;
254 while ((received_bytes < datalen) && (ret == LOCKDOWN_E_SUCCESS)) { 256 while ((received_bytes < datalen) && (ret == LOCKDOWN_E_SUCCESS)) {
255 res = gnutls_record_recv(*client->ssl_session, receive + received_bytes, datalen - received_bytes); 257 res = gnutls_record_recv(client->ssl_session, receive + received_bytes, datalen - received_bytes);
256 if (res < 0) { 258 if (res < 0) {
257 log_dbg_msg(DBGMASK_LOCKDOWND, "gnutls_record_recv: Error occured: %s\n", gnutls_strerror(res)); 259 log_dbg_msg(DBGMASK_LOCKDOWND, "gnutls_record_recv: Error occured: %s\n", gnutls_strerror(res));
258 ret = LOCKDOWN_E_SSL_ERROR; 260 ret = LOCKDOWN_E_SSL_ERROR;
@@ -316,7 +318,7 @@ lockdownd_error_t lockdownd_send(lockdownd_client_t client, plist_t plist)
316 if (!client->in_SSL) 318 if (!client->in_SSL)
317 ret = iphone_device_send(client->connection, real_query, ntohl(length) + sizeof(length), (uint32_t*)&bytes); 319 ret = iphone_device_send(client->connection, real_query, ntohl(length) + sizeof(length), (uint32_t*)&bytes);
318 else { 320 else {
319 ssize_t res = gnutls_record_send(*client->ssl_session, real_query, ntohl(length) + sizeof(length)); 321 ssize_t res = gnutls_record_send(client->ssl_session, real_query, ntohl(length) + sizeof(length));
320 if (res < 0) { 322 if (res < 0) {
321 log_dbg_msg(DBGMASK_LOCKDOWND, "gnutls_record_send: Error occured: %s\n", gnutls_strerror(res)); 323 log_dbg_msg(DBGMASK_LOCKDOWND, "gnutls_record_send: Error occured: %s\n", gnutls_strerror(res));
322 ret = LOCKDOWN_E_SSL_ERROR; 324 ret = LOCKDOWN_E_SSL_ERROR;
@@ -637,7 +639,7 @@ lockdownd_error_t lockdownd_client_new(iphone_device_t device, lockdownd_client_
637 639
638 lockdownd_client_t client_loc = (lockdownd_client_t) malloc(sizeof(struct lockdownd_client_int)); 640 lockdownd_client_t client_loc = (lockdownd_client_t) malloc(sizeof(struct lockdownd_client_int));
639 client_loc->connection = connection; 641 client_loc->connection = connection;
640 client_loc->ssl_session = (gnutls_session_t *) malloc(sizeof(gnutls_session_t)); 642 client_loc->ssl_session = NULL;
641 client_loc->in_SSL = 0; 643 client_loc->in_SSL = 0;
642 644
643 if (LOCKDOWN_E_SUCCESS != lockdownd_query_type(client_loc)) { 645 if (LOCKDOWN_E_SUCCESS != lockdownd_query_type(client_loc)) {
@@ -1037,16 +1039,13 @@ lockdownd_error_t lockdownd_start_ssl_session(lockdownd_client_t client, const c
1037 ret = LOCKDOWN_E_SSL_ERROR; 1039 ret = LOCKDOWN_E_SSL_ERROR;
1038 if (lockdown_check_result(dict, "StartSession") == RESULT_SUCCESS) { 1040 if (lockdown_check_result(dict, "StartSession") == RESULT_SUCCESS) {
1039 // Set up GnuTLS... 1041 // Set up GnuTLS...
1040 //gnutls_anon_client_credentials_t anoncred;
1041 gnutls_certificate_credentials_t xcred;
1042
1043 log_dbg_msg(DBGMASK_LOCKDOWND, "%s: started the session OK, now trying GnuTLS\n", __func__); 1042 log_dbg_msg(DBGMASK_LOCKDOWND, "%s: started the session OK, now trying GnuTLS\n", __func__);
1044 errno = 0; 1043 errno = 0;
1045 gnutls_global_init(); 1044 gnutls_global_init();
1046 //gnutls_anon_allocate_client_credentials(&anoncred); 1045 //gnutls_anon_allocate_client_credentials(&anoncred);
1047 gnutls_certificate_allocate_credentials(&xcred); 1046 gnutls_certificate_allocate_credentials(&client->ssl_certificate);
1048 gnutls_certificate_set_x509_trust_file(xcred, "hostcert.pem", GNUTLS_X509_FMT_PEM); 1047 gnutls_certificate_set_x509_trust_file(client->ssl_certificate, "hostcert.pem", GNUTLS_X509_FMT_PEM);
1049 gnutls_init(client->ssl_session, GNUTLS_CLIENT); 1048 gnutls_init(&client->ssl_session, GNUTLS_CLIENT);
1050 { 1049 {
1051 int protocol_priority[16] = { GNUTLS_SSL3, 0 }; 1050 int protocol_priority[16] = { GNUTLS_SSL3, 0 };
1052 int kx_priority[16] = { GNUTLS_KX_ANON_DH, GNUTLS_KX_RSA, 0 }; 1051 int kx_priority[16] = { GNUTLS_KX_ANON_DH, GNUTLS_KX_RSA, 0 };
@@ -1054,24 +1053,24 @@ lockdownd_error_t lockdownd_start_ssl_session(lockdownd_client_t client, const c
1054 int mac_priority[16] = { GNUTLS_MAC_SHA1, GNUTLS_MAC_MD5, 0 }; 1053 int mac_priority[16] = { GNUTLS_MAC_SHA1, GNUTLS_MAC_MD5, 0 };
1055 int comp_priority[16] = { GNUTLS_COMP_NULL, 0 }; 1054 int comp_priority[16] = { GNUTLS_COMP_NULL, 0 };
1056 1055
1057 gnutls_cipher_set_priority(*client->ssl_session, cipher_priority); 1056 gnutls_cipher_set_priority(client->ssl_session, cipher_priority);
1058 gnutls_compression_set_priority(*client->ssl_session, comp_priority); 1057 gnutls_compression_set_priority(client->ssl_session, comp_priority);
1059 gnutls_kx_set_priority(*client->ssl_session, kx_priority); 1058 gnutls_kx_set_priority(client->ssl_session, kx_priority);
1060 gnutls_protocol_set_priority(*client->ssl_session, protocol_priority); 1059 gnutls_protocol_set_priority(client->ssl_session, protocol_priority);
1061 gnutls_mac_set_priority(*client->ssl_session, mac_priority); 1060 gnutls_mac_set_priority(client->ssl_session, mac_priority);
1062 } 1061 }
1063 gnutls_credentials_set(*client->ssl_session, GNUTLS_CRD_CERTIFICATE, xcred); // this part is killing me. 1062 gnutls_credentials_set(client->ssl_session, GNUTLS_CRD_CERTIFICATE, client->ssl_certificate); // this part is killing me.
1064 1063
1065 log_dbg_msg(DBGMASK_LOCKDOWND, "%s: GnuTLS step 1...\n", __func__); 1064 log_dbg_msg(DBGMASK_LOCKDOWND, "%s: GnuTLS step 1...\n", __func__);
1066 gnutls_transport_set_ptr(*client->ssl_session, (gnutls_transport_ptr_t) client); 1065 gnutls_transport_set_ptr(client->ssl_session, (gnutls_transport_ptr_t) client);
1067 log_dbg_msg(DBGMASK_LOCKDOWND, "%s: GnuTLS step 2...\n", __func__); 1066 log_dbg_msg(DBGMASK_LOCKDOWND, "%s: GnuTLS step 2...\n", __func__);
1068 gnutls_transport_set_push_function(*client->ssl_session, (gnutls_push_func) & lockdownd_secuwrite); 1067 gnutls_transport_set_push_function(client->ssl_session, (gnutls_push_func) & lockdownd_secuwrite);
1069 log_dbg_msg(DBGMASK_LOCKDOWND, "%s: GnuTLS step 3...\n", __func__); 1068 log_dbg_msg(DBGMASK_LOCKDOWND, "%s: GnuTLS step 3...\n", __func__);
1070 gnutls_transport_set_pull_function(*client->ssl_session, (gnutls_pull_func) & lockdownd_securead); 1069 gnutls_transport_set_pull_function(client->ssl_session, (gnutls_pull_func) & lockdownd_securead);
1071 log_dbg_msg(DBGMASK_LOCKDOWND, "%s: GnuTLS step 4 -- now handshaking...\n", __func__); 1070 log_dbg_msg(DBGMASK_LOCKDOWND, "%s: GnuTLS step 4 -- now handshaking...\n", __func__);
1072 if (errno) 1071 if (errno)
1073 log_dbg_msg(DBGMASK_LOCKDOWND, "%s: WARN: errno says %s before handshake!\n", __func__, strerror(errno)); 1072 log_dbg_msg(DBGMASK_LOCKDOWND, "%s: WARN: errno says %s before handshake!\n", __func__, strerror(errno));
1074 return_me = gnutls_handshake(*client->ssl_session); 1073 return_me = gnutls_handshake(client->ssl_session);
1075 log_dbg_msg(DBGMASK_LOCKDOWND, "%s: GnuTLS handshake done...\n", __func__); 1074 log_dbg_msg(DBGMASK_LOCKDOWND, "%s: GnuTLS handshake done...\n", __func__);
1076 1075
1077 if (return_me != GNUTLS_E_SUCCESS) { 1076 if (return_me != GNUTLS_E_SUCCESS) {
© 2009-2020 sukimashita.com - Generated by cgit - Icons from Tango - Uses Google Analytics