diff options
Diffstat (limited to 'src/lockdown.c')
| -rw-r--r-- | src/lockdown.c | 37 |
1 files changed, 18 insertions, 19 deletions
diff --git a/src/lockdown.c b/src/lockdown.c index b69fab7..3bfd16f 100644 --- a/src/lockdown.c +++ b/src/lockdown.c | |||
| @@ -172,12 +172,11 @@ static lockdownd_error_t lockdownd_stop_ssl_session(lockdownd_client_t client) | |||
| 172 | log_dbg_msg(DBGMASK_LOCKDOWND, "%s: stopping SSL session\n", __func__); | 172 | log_dbg_msg(DBGMASK_LOCKDOWND, "%s: stopping SSL session\n", __func__); |
| 173 | ret = lockdownd_stop_session(client, client->session_id); | 173 | ret = lockdownd_stop_session(client, client->session_id); |
| 174 | log_dbg_msg(DBGMASK_LOCKDOWND, "%s: sending SSL close notify\n", __func__); | 174 | log_dbg_msg(DBGMASK_LOCKDOWND, "%s: sending SSL close notify\n", __func__); |
| 175 | gnutls_bye(*client->ssl_session, GNUTLS_SHUT_RDWR); | 175 | gnutls_bye(client->ssl_session, GNUTLS_SHUT_RDWR); |
| 176 | } | 176 | } |
| 177 | if (client->ssl_session) { | 177 | if (client->ssl_session) { |
| 178 | gnutls_deinit(*client->ssl_session); | 178 | gnutls_deinit(client->ssl_session); |
| 179 | free(client->ssl_session); | 179 | } |
| 180 | } | ||
| 181 | if (client->ssl_certificate) { | 180 | if (client->ssl_certificate) { |
| 182 | gnutls_certificate_free_credentials(client->ssl_certificate); | 181 | gnutls_certificate_free_credentials(client->ssl_certificate); |
| 183 | } | 182 | } |
| @@ -232,7 +231,7 @@ lockdownd_error_t lockdownd_recv(lockdownd_client_t client, plist_t *plist) | |||
| 232 | if (!client->in_SSL) | 231 | if (!client->in_SSL) |
| 233 | ret = iphone_device_recv(client->connection, (char *) &datalen, sizeof(datalen), &bytes); | 232 | ret = iphone_device_recv(client->connection, (char *) &datalen, sizeof(datalen), &bytes); |
| 234 | else { | 233 | else { |
| 235 | ssize_t res = gnutls_record_recv(*client->ssl_session, &datalen, sizeof(datalen)); | 234 | ssize_t res = gnutls_record_recv(client->ssl_session, &datalen, sizeof(datalen)); |
| 236 | if (res < 0) { | 235 | if (res < 0) { |
| 237 | log_dbg_msg(DBGMASK_LOCKDOWND, "gnutls_record_recv: Error occured: %s\n", gnutls_strerror(res)); | 236 | log_dbg_msg(DBGMASK_LOCKDOWND, "gnutls_record_recv: Error occured: %s\n", gnutls_strerror(res)); |
| 238 | return LOCKDOWN_E_SSL_ERROR; | 237 | return LOCKDOWN_E_SSL_ERROR; |
| @@ -255,7 +254,7 @@ lockdownd_error_t lockdownd_recv(lockdownd_client_t client, plist_t *plist) | |||
| 255 | } else { | 254 | } else { |
| 256 | ssize_t res = 0; | 255 | ssize_t res = 0; |
| 257 | while ((received_bytes < datalen) && (ret == LOCKDOWN_E_SUCCESS)) { | 256 | while ((received_bytes < datalen) && (ret == LOCKDOWN_E_SUCCESS)) { |
| 258 | res = gnutls_record_recv(*client->ssl_session, receive + received_bytes, datalen - received_bytes); | 257 | res = gnutls_record_recv(client->ssl_session, receive + received_bytes, datalen - received_bytes); |
| 259 | if (res < 0) { | 258 | if (res < 0) { |
| 260 | log_dbg_msg(DBGMASK_LOCKDOWND, "gnutls_record_recv: Error occured: %s\n", gnutls_strerror(res)); | 259 | log_dbg_msg(DBGMASK_LOCKDOWND, "gnutls_record_recv: Error occured: %s\n", gnutls_strerror(res)); |
| 261 | ret = LOCKDOWN_E_SSL_ERROR; | 260 | ret = LOCKDOWN_E_SSL_ERROR; |
| @@ -319,7 +318,7 @@ lockdownd_error_t lockdownd_send(lockdownd_client_t client, plist_t plist) | |||
| 319 | if (!client->in_SSL) | 318 | if (!client->in_SSL) |
| 320 | ret = iphone_device_send(client->connection, real_query, ntohl(length) + sizeof(length), (uint32_t*)&bytes); | 319 | ret = iphone_device_send(client->connection, real_query, ntohl(length) + sizeof(length), (uint32_t*)&bytes); |
| 321 | else { | 320 | else { |
| 322 | ssize_t res = gnutls_record_send(*client->ssl_session, real_query, ntohl(length) + sizeof(length)); | 321 | ssize_t res = gnutls_record_send(client->ssl_session, real_query, ntohl(length) + sizeof(length)); |
| 323 | if (res < 0) { | 322 | if (res < 0) { |
| 324 | log_dbg_msg(DBGMASK_LOCKDOWND, "gnutls_record_send: Error occured: %s\n", gnutls_strerror(res)); | 323 | log_dbg_msg(DBGMASK_LOCKDOWND, "gnutls_record_send: Error occured: %s\n", gnutls_strerror(res)); |
| 325 | ret = LOCKDOWN_E_SSL_ERROR; | 324 | ret = LOCKDOWN_E_SSL_ERROR; |
| @@ -640,7 +639,7 @@ lockdownd_error_t lockdownd_client_new(iphone_device_t device, lockdownd_client_ | |||
| 640 | 639 | ||
| 641 | lockdownd_client_t client_loc = (lockdownd_client_t) malloc(sizeof(struct lockdownd_client_int)); | 640 | lockdownd_client_t client_loc = (lockdownd_client_t) malloc(sizeof(struct lockdownd_client_int)); |
| 642 | client_loc->connection = connection; | 641 | client_loc->connection = connection; |
| 643 | client_loc->ssl_session = (gnutls_session_t *) malloc(sizeof(gnutls_session_t)); | 642 | client_loc->ssl_session = NULL; |
| 644 | client_loc->in_SSL = 0; | 643 | client_loc->in_SSL = 0; |
| 645 | 644 | ||
| 646 | if (LOCKDOWN_E_SUCCESS != lockdownd_query_type(client_loc)) { | 645 | if (LOCKDOWN_E_SUCCESS != lockdownd_query_type(client_loc)) { |
| @@ -1046,7 +1045,7 @@ lockdownd_error_t lockdownd_start_ssl_session(lockdownd_client_t client, const c | |||
| 1046 | //gnutls_anon_allocate_client_credentials(&anoncred); | 1045 | //gnutls_anon_allocate_client_credentials(&anoncred); |
| 1047 | gnutls_certificate_allocate_credentials(&client->ssl_certificate); | 1046 | gnutls_certificate_allocate_credentials(&client->ssl_certificate); |
| 1048 | gnutls_certificate_set_x509_trust_file(client->ssl_certificate, "hostcert.pem", GNUTLS_X509_FMT_PEM); | 1047 | gnutls_certificate_set_x509_trust_file(client->ssl_certificate, "hostcert.pem", GNUTLS_X509_FMT_PEM); |
| 1049 | gnutls_init(client->ssl_session, GNUTLS_CLIENT); | 1048 | gnutls_init(&client->ssl_session, GNUTLS_CLIENT); |
| 1050 | { | 1049 | { |
| 1051 | int protocol_priority[16] = { GNUTLS_SSL3, 0 }; | 1050 | int protocol_priority[16] = { GNUTLS_SSL3, 0 }; |
| 1052 | int kx_priority[16] = { GNUTLS_KX_ANON_DH, GNUTLS_KX_RSA, 0 }; | 1051 | int kx_priority[16] = { GNUTLS_KX_ANON_DH, GNUTLS_KX_RSA, 0 }; |
| @@ -1054,24 +1053,24 @@ lockdownd_error_t lockdownd_start_ssl_session(lockdownd_client_t client, const c | |||
| 1054 | int mac_priority[16] = { GNUTLS_MAC_SHA1, GNUTLS_MAC_MD5, 0 }; | 1053 | int mac_priority[16] = { GNUTLS_MAC_SHA1, GNUTLS_MAC_MD5, 0 }; |
| 1055 | int comp_priority[16] = { GNUTLS_COMP_NULL, 0 }; | 1054 | int comp_priority[16] = { GNUTLS_COMP_NULL, 0 }; |
| 1056 | 1055 | ||
| 1057 | gnutls_cipher_set_priority(*client->ssl_session, cipher_priority); | 1056 | gnutls_cipher_set_priority(client->ssl_session, cipher_priority); |
| 1058 | gnutls_compression_set_priority(*client->ssl_session, comp_priority); | 1057 | gnutls_compression_set_priority(client->ssl_session, comp_priority); |
| 1059 | gnutls_kx_set_priority(*client->ssl_session, kx_priority); | 1058 | gnutls_kx_set_priority(client->ssl_session, kx_priority); |
| 1060 | gnutls_protocol_set_priority(*client->ssl_session, protocol_priority); | 1059 | gnutls_protocol_set_priority(client->ssl_session, protocol_priority); |
| 1061 | gnutls_mac_set_priority(*client->ssl_session, mac_priority); | 1060 | gnutls_mac_set_priority(client->ssl_session, mac_priority); |
| 1062 | } | 1061 | } |
| 1063 | gnutls_credentials_set(*client->ssl_session, GNUTLS_CRD_CERTIFICATE, client->ssl_certificate); // this part is killing me. | 1062 | gnutls_credentials_set(client->ssl_session, GNUTLS_CRD_CERTIFICATE, client->ssl_certificate); // this part is killing me. |
| 1064 | 1063 | ||
| 1065 | log_dbg_msg(DBGMASK_LOCKDOWND, "%s: GnuTLS step 1...\n", __func__); | 1064 | log_dbg_msg(DBGMASK_LOCKDOWND, "%s: GnuTLS step 1...\n", __func__); |
| 1066 | gnutls_transport_set_ptr(*client->ssl_session, (gnutls_transport_ptr_t) client); | 1065 | gnutls_transport_set_ptr(client->ssl_session, (gnutls_transport_ptr_t) client); |
| 1067 | log_dbg_msg(DBGMASK_LOCKDOWND, "%s: GnuTLS step 2...\n", __func__); | 1066 | log_dbg_msg(DBGMASK_LOCKDOWND, "%s: GnuTLS step 2...\n", __func__); |
| 1068 | gnutls_transport_set_push_function(*client->ssl_session, (gnutls_push_func) & lockdownd_secuwrite); | 1067 | gnutls_transport_set_push_function(client->ssl_session, (gnutls_push_func) & lockdownd_secuwrite); |
| 1069 | log_dbg_msg(DBGMASK_LOCKDOWND, "%s: GnuTLS step 3...\n", __func__); | 1068 | log_dbg_msg(DBGMASK_LOCKDOWND, "%s: GnuTLS step 3...\n", __func__); |
| 1070 | gnutls_transport_set_pull_function(*client->ssl_session, (gnutls_pull_func) & lockdownd_securead); | 1069 | gnutls_transport_set_pull_function(client->ssl_session, (gnutls_pull_func) & lockdownd_securead); |
| 1071 | log_dbg_msg(DBGMASK_LOCKDOWND, "%s: GnuTLS step 4 -- now handshaking...\n", __func__); | 1070 | log_dbg_msg(DBGMASK_LOCKDOWND, "%s: GnuTLS step 4 -- now handshaking...\n", __func__); |
| 1072 | if (errno) | 1071 | if (errno) |
| 1073 | log_dbg_msg(DBGMASK_LOCKDOWND, "%s: WARN: errno says %s before handshake!\n", __func__, strerror(errno)); | 1072 | log_dbg_msg(DBGMASK_LOCKDOWND, "%s: WARN: errno says %s before handshake!\n", __func__, strerror(errno)); |
| 1074 | return_me = gnutls_handshake(*client->ssl_session); | 1073 | return_me = gnutls_handshake(client->ssl_session); |
| 1075 | log_dbg_msg(DBGMASK_LOCKDOWND, "%s: GnuTLS handshake done...\n", __func__); | 1074 | log_dbg_msg(DBGMASK_LOCKDOWND, "%s: GnuTLS handshake done...\n", __func__); |
| 1076 | 1075 | ||
| 1077 | if (return_me != GNUTLS_E_SUCCESS) { | 1076 | if (return_me != GNUTLS_E_SUCCESS) { |