diff options
Diffstat (limited to 'lockdown.c')
| -rw-r--r-- | lockdown.c | 22 |
1 files changed, 18 insertions, 4 deletions
| @@ -149,15 +149,16 @@ int lockdownd_start_SSL_session(lockdownd_client *control, const char *HostID) { | |||
| 149 | for (i = 0; strcmp(dictionary[i], ""); i+=2) { | 149 | for (i = 0; strcmp(dictionary[i], ""); i+=2) { |
| 150 | if (!strcmp(dictionary[i], "Result") && !strcmp(dictionary[i+1], "Success")) { | 150 | if (!strcmp(dictionary[i], "Result") && !strcmp(dictionary[i+1], "Success")) { |
| 151 | // Set up GnuTLS... | 151 | // Set up GnuTLS... |
| 152 | //gnutls_anon_client_credentials_t anoncred; | ||
| 152 | gnutls_certificate_credentials_t xcred; | 153 | gnutls_certificate_credentials_t xcred; |
| 153 | |||
| 154 | if (debug) printf("We started the session OK, now trying GnuTLS\n"); | 154 | if (debug) printf("We started the session OK, now trying GnuTLS\n"); |
| 155 | errno = 0; | 155 | errno = 0; |
| 156 | gnutls_global_init(); | 156 | gnutls_global_init(); |
| 157 | //gnutls_anon_allocate_client_credentials(&anoncred); | ||
| 157 | gnutls_certificate_allocate_credentials(&xcred); | 158 | gnutls_certificate_allocate_credentials(&xcred); |
| 158 | gnutls_certificate_set_x509_trust_file(xcred, "hostcert.pem", GNUTLS_X509_FMT_PEM); | 159 | gnutls_certificate_set_x509_trust_file(xcred, "hostcert.pem", GNUTLS_X509_FMT_PEM); |
| 159 | gnutls_init(control->ssl_session, GNUTLS_CLIENT); | 160 | gnutls_init(control->ssl_session, GNUTLS_CLIENT); |
| 160 | if ((return_me = gnutls_priority_set_direct(*control->ssl_session, "NORMAL:+VERS-SSL3.0", NULL)) < 0) { | 161 | if ((return_me = gnutls_priority_set_direct(*control->ssl_session, "NONE:+VERS-SSL3.0:+ANON-DH:+RSA:+AES-128-CBC:+AES-256-CBC:+SHA1:+SHA256:+SHA512:+MD5:+COMP-NULL", NULL)) < 0) { |
| 161 | printf("oops? bad options?\n"); | 162 | printf("oops? bad options?\n"); |
| 162 | gnutls_perror(return_me); | 163 | gnutls_perror(return_me); |
| 163 | return 0; | 164 | return 0; |
| @@ -214,6 +215,14 @@ ssize_t lockdownd_secuwrite(gnutls_transport_ptr_t transport, char *buffer, size | |||
| 214 | if (debug) printf("pre-send\nlength = %i\n", length); | 215 | if (debug) printf("pre-send\nlength = %i\n", length); |
| 215 | bytes = mux_send(control->iphone, control->connection, buffer, length); | 216 | bytes = mux_send(control->iphone, control->connection, buffer, length); |
| 216 | if (debug) printf("post-send\nsent %i bytes\n", bytes); | 217 | if (debug) printf("post-send\nsent %i bytes\n", bytes); |
| 218 | if (debug) { | ||
| 219 | FILE *my_ssl_packet = fopen("sslpacketwrite.out", "w+"); | ||
| 220 | fwrite(buffer, 1, length, my_ssl_packet); | ||
| 221 | fflush(my_ssl_packet); | ||
| 222 | printf("Wrote SSL packet to drive, too.\n"); | ||
| 223 | fclose(my_ssl_packet); | ||
| 224 | } | ||
| 225 | |||
| 217 | return bytes; | 226 | return bytes; |
| 218 | } | 227 | } |
| 219 | 228 | ||
| @@ -251,11 +260,16 @@ ssize_t lockdownd_securead(gnutls_transport_ptr_t transport, char *buffer, size_ | |||
| 251 | } | 260 | } |
| 252 | } | 261 | } |
| 253 | // End buffering hack! | 262 | // End buffering hack! |
| 254 | char *recv_buffer = (char*)malloc(sizeof(char) * (length * 400)); // ensuring nothing stupid happens | 263 | char *recv_buffer = (char*)malloc(sizeof(char) * (length * 1000)); // ensuring nothing stupid happens |
| 255 | 264 | ||
| 256 | if (debug) printf("pre-read\nclient wants %i bytes\n", length); | 265 | if (debug) printf("pre-read\nclient wants %i bytes\n", length); |
| 257 | bytes = mux_recv(control->iphone, control->connection, recv_buffer, (length * 400)); | 266 | bytes = mux_recv(control->iphone, control->connection, recv_buffer, (length * 1000)); |
| 258 | if (debug) printf("post-read\nwe got %i bytes\n", bytes); | 267 | if (debug) printf("post-read\nwe got %i bytes\n", bytes); |
| 268 | if (debug && bytes < 0) { | ||
| 269 | printf("lockdownd_securead(): uh oh\n"); | ||
| 270 | printf("I believe what we have here is a failure to communicate... libusb says %s but strerror says %s\n", usb_strerror(), strerror(errno)); | ||
| 271 | return bytes + 28; // an errno | ||
| 272 | } | ||
| 259 | if (bytes >= length) { | 273 | if (bytes >= length) { |
| 260 | if (bytes > length) { | 274 | if (bytes > length) { |
| 261 | if (debug) printf("lockdownd_securead: Client deliberately read less data than was there; resorting to GnuTLS buffering hack.\n"); | 275 | if (debug) printf("lockdownd_securead: Client deliberately read less data than was there; resorting to GnuTLS buffering hack.\n"); |
