6 files changed, 99 insertions, 129 deletions
diff --git a/src/AFC.h b/src/AFC.h
index 90b406a..86a924e 100644
--- a/src/AFC.h
+++ b/src/AFC.h
@@ -59,33 +59,32 @@ struct iphone_afc_file_int {
 enum {
        AFC_ERROR = 0x00000001,
        AFC_SUCCESS_RESPONSE = 0x00000002,
-        AFC_LIST_DIR = 0x00000003,      // ReadDir
+        AFC_LIST_DIR = 0x00000003,      // ReadDir
        // 0x00000004                   // ReadFile
        // 0x00000005                   // WriteFile
        // 0x00000006                   // WritePart
-        AFC_TRUNCATE = 0x00000007,      // Truncate
+        AFC_TRUNCATE = 0x00000007,      // Truncate
-        AFC_DELETE = 0x00000008,        // RemovePath
+        AFC_DELETE = 0x00000008,        // RemovePath
-        AFC_MAKE_DIR = 0x00000009,      // MakeDir
+        AFC_MAKE_DIR = 0x00000009,      // MakeDir
-        AFC_GET_INFO = 0x0000000a,      // GetFileInfo
+        AFC_GET_INFO = 0x0000000a,      // GetFileInfo
-        AFC_GET_DEVINFO = 0x0000000b,   // GetDeviceInfo
+        AFC_GET_DEVINFO = 0x0000000b,   // GetDeviceInfo
        // 0x0000000c  // same as 5, but writes to temp file, then renames it.
-        AFC_FILE_OPEN = 0x0000000d,     // FileRefOpen
+        AFC_FILE_OPEN = 0x0000000d,     // FileRefOpen
-        AFC_FILE_HANDLE = 0x0000000e,   // _unknownPacket
+        AFC_FILE_HANDLE = 0x0000000e,   // _unknownPacket
-        AFC_READ = 0x0000000f,          // FileRefRead
+        AFC_READ = 0x0000000f,          // FileRefRead
-        AFC_WRITE = 0x00000010,         // FileRefWrite
+        AFC_WRITE = 0x00000010,         // FileRefWrite
-        AFC_FILE_SEEK = 0x00000011,     // FileRefSeek
+        AFC_FILE_SEEK = 0x00000011,     // FileRefSeek
-        AFC_FILE_TELL = 0x00000012,     // FileRefTell
+        AFC_FILE_TELL = 0x00000012,     // FileRefTell
        // 0x00000013                   // _unknownPacket
-        AFC_FILE_CLOSE = 0x00000014,    // FileRefClose
+        AFC_FILE_CLOSE = 0x00000014,    // FileRefClose
-        AFC_FILE_TRUNCATE = 0x00000015, // FileRefSetFileSize (ftruncate)
+        AFC_FILE_TRUNCATE = 0x00000015, // FileRefSetFileSize (ftruncate)
        // 0x00000016                   // SetFatalError
        // 0x00000017                   // SetConnectionOptions
-        AFC_RENAME = 0x00000018,        // RenamePath
+        AFC_RENAME = 0x00000018,        // RenamePath
        // 0x00000019                   // SetFSBlockSize (0x800000)
        // 0x0000001A                   // SetBlockSize (0x800000)
-        AFC_FILE_LOCK = 0x0000001B,     // FileRefLock
+        AFC_FILE_LOCK = 0x0000001B,     // FileRefLock
-        AFC_MAKE_LINK = 0x0000001C      // MakeLink
+        AFC_MAKE_LINK = 0x0000001C      // MakeLink
 };
 uint32_t iphone_afc_get_file_handle(iphone_afc_file_t file);
diff --git a/src/MobileSync.c b/src/MobileSync.c
index 839ed2b..b16a51b 100644
--- a/src/MobileSync.c
+++ b/src/MobileSync.c
@@ -50,8 +50,7 @@ iphone_error_t iphone_msync_new_client(iphone_device_t device, int src_port, int
        //first receive version
        ret = iphone_msync_recv(client_loc, &array);
-        plist_t msg_node =
+        plist_t msg_node = plist_find_node_by_string(array, "DLMessageVersionExchange");
-                plist_find_node_by_string(array, "DLMessageVersionExchange");
        plist_t ver_1 = plist_get_next_sibling(msg_node);
        plist_t ver_2 = plist_get_next_sibling(ver_1);
@@ -82,8 +81,7 @@ iphone_error_t iphone_msync_new_client(iphone_device_t device, int src_port, int
                        array = NULL;
                        ret = iphone_msync_recv(client_loc, &array);
-                        plist_t rep_node =
+                        plist_t rep_node = plist_find_node_by_string(array, "DLMessageDeviceReady");
-                                plist_find_node_by_string(array, "DLMessageDeviceReady");
                        if (rep_node) {
                                ret = IPHONE_E_SUCCESS;
@@ -245,8 +243,7 @@ iphone_error_t iphone_msync_get_all_contacts(iphone_msync_client_t client)
        plist_t switch_node;
        contact_node = plist_find_node_by_string(array, "com.apple.Contacts");
-        switch_node =
+        switch_node = plist_find_node_by_string(array, "SDMessageDeviceReadyToReceiveChanges");
-                plist_find_node_by_string(array, "SDMessageDeviceReadyToReceiveChanges");
        while (NULL == switch_node) {
diff --git a/src/NotificationProxy.c b/src/NotificationProxy.c
index eec7857..726852e 100644
--- a/src/NotificationProxy.c
+++ b/src/NotificationProxy.c
@@ -52,7 +52,7 @@ static void np_unlock(iphone_np_client_t client)
 * 
 * @return A handle to the newly-connected client or NULL upon error.
 */
-iphone_error_t iphone_np_new_client ( iphone_device_t device, int src_port, int dst_port, iphone_np_client_t *client )
+iphone_error_t iphone_np_new_client(iphone_device_t device, int src_port, int dst_port, iphone_np_client_t * client)
 {
        int ret = IPHONE_E_SUCCESS;
@@ -75,16 +75,16 @@ iphone_error_t iphone_np_new_client ( iphone_device_t device, int src_port, int
        client_loc->mutex = g_mutex_new();
        *client = client_loc;
-        return IPHONE_E_SUCCESS;        
+        return IPHONE_E_SUCCESS;
 }
 /** Disconnects an NP client from the phone.
 * 
 * @param client The client to disconnect.
 */
-iphone_error_t iphone_np_free_client ( iphone_np_client_t client )
+iphone_error_t iphone_np_free_client(iphone_np_client_t client)
 {
-        if (!client || !client->connection )
+        if (!client || !client->connection)
                return IPHONE_E_INVALID_ARG;
        iphone_mux_free_client(client->connection);
@@ -101,7 +101,7 @@ iphone_error_t iphone_np_free_client ( iphone_np_client_t client )
 * @param client The client to send to
 * @param notification The notification Message
 */
-iphone_error_t iphone_np_post_notification( iphone_np_client_t client, const char *notification )
+iphone_error_t iphone_np_post_notification(iphone_np_client_t client, const char *notification)
 {
        char *XML_content = NULL;
        uint32_t length = 0;
@@ -126,9 +126,9 @@ iphone_error_t iphone_np_post_notification( iphone_np_client_t client, const cha
        nlen = htonl(length);
-        memcpy(sndbuf+sndlen, &nlen, 4);
+        memcpy(sndbuf + sndlen, &nlen, 4);
        sndlen += 4;
-        memcpy(sndbuf+sndlen, XML_content, length);
+        memcpy(sndbuf + sndlen, XML_content, length);
        sndlen += length;
        plist_free(dict);
@@ -143,11 +143,11 @@ iphone_error_t iphone_np_post_notification( iphone_np_client_t client, const cha
        nlen = htonl(length);
-        memcpy(sndbuf+sndlen, &nlen, 4);
+        memcpy(sndbuf + sndlen, &nlen, 4);
-        sndlen+=4;
+        sndlen += 4;
-        memcpy(sndbuf+sndlen, XML_content, length);
+        memcpy(sndbuf + sndlen, XML_content, length);
-        sndlen+=length;
+        sndlen += length;
        plist_free(dict);
        dict = NULL;
@@ -157,7 +157,7 @@ iphone_error_t iphone_np_post_notification( iphone_np_client_t client, const cha
        log_debug_buffer(sndbuf, sndlen);
        iphone_mux_send(client->connection, sndbuf, sndlen, &bytes);
-        if (bytes <= 0) {
+        if (bytes <= 0) {
                np_unlock(client);
                return bytes;
        }
@@ -181,7 +181,7 @@ iphone_error_t iphone_np_post_notification( iphone_np_client_t client, const cha
 *
 * @param client The client to send to
 */
-iphone_error_t iphone_np_observe_notification( iphone_np_client_t client )
+iphone_error_t iphone_np_observe_notification(iphone_np_client_t client)
 {
        plist_t dict = NULL;
        char *XML_content = NULL;
@@ -191,18 +191,19 @@ iphone_error_t iphone_np_observe_notification( iphone_np_client_t client )
        unsigned char sndbuf[4096];
        int sndlen = 0;
        int nlen = 0;
-        int i=0;
+        int i = 0;
        const char *notifications[10] = {
-            "com.apple.itunes-client.syncCancelRequest",
+                "com.apple.itunes-client.syncCancelRequest",
-            "com.apple.itunes-client.syncSuspendRequest",
+                "com.apple.itunes-client.syncSuspendRequest",
-            "com.apple.itunes-client.syncResumeRequest",
+                "com.apple.itunes-client.syncResumeRequest",
-            "com.apple.mobile.lockdown.phone_number_changed",
+                "com.apple.mobile.lockdown.phone_number_changed",
-            "com.apple.mobile.lockdown.device_name_changed",
+                "com.apple.mobile.lockdown.device_name_changed",
-            "com.apple.springboard.attemptactivation",
+                "com.apple.springboard.attemptactivation",
-            "com.apple.mobile.data_sync.domain_changed",
+                "com.apple.mobile.data_sync.domain_changed",
-            "com.apple.mobile.application_installed",
+                "com.apple.mobile.application_installed",
-            "com.apple.mobile.application_uninstalled",
+                "com.apple.mobile.application_uninstalled",
-            NULL};
+                NULL
+        };
        sndlen = 0;
@@ -221,11 +222,11 @@ iphone_error_t iphone_np_observe_notification( iphone_np_client_t client )
                plist_to_xml(dict, &XML_content, &length);
                nlen = htonl(length);
-                memcpy(sndbuf+sndlen, &nlen, 4);
+                memcpy(sndbuf + sndlen, &nlen, 4);
                sndlen += 4;
-                memcpy(sndbuf+sndlen, XML_content, length);
+                memcpy(sndbuf + sndlen, XML_content, length);
                sndlen += length;
- 
                plist_free(dict);
                dict = NULL;
                free(XML_content);
@@ -239,11 +240,11 @@ iphone_error_t iphone_np_observe_notification( iphone_np_client_t client )
        nlen = htonl(length);
-        memcpy(sndbuf+sndlen, &nlen, 4);
+        memcpy(sndbuf + sndlen, &nlen, 4);
-        sndlen+=4;
+        sndlen += 4;
-        memcpy(sndbuf+sndlen, XML_content, length);
+        memcpy(sndbuf + sndlen, XML_content, length);
-        sndlen+=length;
+        sndlen += length;
        plist_free(dict);
        dict = NULL;
@@ -253,7 +254,7 @@ iphone_error_t iphone_np_observe_notification( iphone_np_client_t client )
        log_debug_buffer(sndbuf, sndlen);
        iphone_mux_send(client->connection, sndbuf, sndlen, &bytes);
-        if (bytes <= 0) {
+        if (bytes <= 0) {
                np_unlock(client);
                return bytes;
        }
diff --git a/src/NotificationProxy.h b/src/NotificationProxy.h
index 57ad751..7b4b48d 100644
--- a/src/NotificationProxy.h
+++ b/src/NotificationProxy.h
@@ -28,4 +28,3 @@ struct iphone_np_client_int {
        iphone_umux_client_t connection;
        GMutex *mutex;
 };
diff --git a/src/lockdown.c b/src/lockdown.c
index 2f48dfd..63f9090 100644
--- a/src/lockdown.c
+++ b/src/lockdown.c
@@ -62,7 +62,6 @@ iphone_lckd_client_t new_lockdownd_client(iphone_device_t phone)
        control->ssl_session = (gnutls_session_t *) malloc(sizeof(gnutls_session_t));
        control->in_SSL = 0;
-        control->gtls_buffer_hack_len = 0;
        return control;
 }
@@ -152,7 +151,6 @@ static void iphone_lckd_stop_SSL_session(iphone_lckd_client_t client)
                free(client->ssl_session);
        }
        client->in_SSL = 0;
-        client->gtls_buffer_hack_len = 0;       // dunno if required?!
        return;
 }
@@ -467,6 +465,10 @@ iphone_error_t iphone_lckd_new_client(iphone_device_t device, iphone_lckd_client
        char *host_id = NULL;
        iphone_lckd_client_t client_loc = new_lockdownd_client(device);
+        if (!client_loc) {
+                log_debug_msg("FATAL: lockdownd client could not be created!\n");
+                return IPHONE_E_UNKNOWN_ERROR;
+        }
        if (IPHONE_E_SUCCESS != lockdownd_hello(client_loc)) {
                log_debug_msg("Hello failed in the lockdownd client.\n");
                ret = IPHONE_E_NOT_ENOUGH_DATA;
@@ -801,7 +803,7 @@ iphone_error_t lockdownd_gen_pair_cert(gnutls_datum_t public_key, gnutls_datum_t
 iphone_error_t lockdownd_start_SSL_session(iphone_lckd_client_t control, const char *HostID)
 {
        plist_t dict = NULL;
-        uint32_t  return_me = 0;
+        uint32_t return_me = 0;
        iphone_error_t ret = IPHONE_E_UNKNOWN_ERROR;
        control->session_id[0] = '\0';
@@ -956,79 +958,53 @@ ssize_t lockdownd_secuwrite(gnutls_transport_ptr_t transport, char *buffer, size
 ssize_t lockdownd_securead(gnutls_transport_ptr_t transport, char *buffer, size_t length)
 {
        int bytes = 0, pos_start_fill = 0;
-        char *hackhackhack = NULL;
+        int tbytes = 0;
+        int this_len = length;
+        iphone_error_t res;
        iphone_lckd_client_t control;
        control = (iphone_lckd_client_t) transport;
-        log_dbg_msg(DBGMASK_LOCKDOWND, "lockdownd_securead() called\nlength = %zi\n", length);
+        char *recv_buffer;
-        // Buffering hack! Throw what we've got in our "buffer" into the stream first, then get more.
-        if (control->gtls_buffer_hack_len > 0) {
+        log_debug_msg("lockdownd_securead() called\nlength = %zi\n", length);
-                if (length > control->gtls_buffer_hack_len) {   // If it's asking for more than we got
-                        length -= control->gtls_buffer_hack_len;        // Subtract what we have from their requested length
+        log_debug_msg("pre-read\nclient wants %zi bytes\n", length);
-                        pos_start_fill = control->gtls_buffer_hack_len; // set the pos to start filling at
-                        memcpy(buffer, control->gtls_buffer_hack, control->gtls_buffer_hack_len);       // Fill their buffer partially
+        recv_buffer = (char *) malloc(sizeof(char) * this_len);
-                        free(control->gtls_buffer_hack);        // free our memory, it's not chained anymore
-                        control->gtls_buffer_hack_len = 0;      // we don't have a hack buffer anymore
+        // repeat until we have the full data or an error occurs.
-                        log_dbg_msg(DBGMASK_LOCKDOWND, "Did a partial fill to help quench thirst for data\n");
+        do {
-                } else if (length < control->gtls_buffer_hack_len) {    // If it's asking for less...
+                if ((res = iphone_mux_recv(control->connection, recv_buffer, this_len, &bytes)) != IPHONE_E_SUCCESS) {
-                        control->gtls_buffer_hack_len -= length;        // subtract what they're asking for
+                        log_debug_msg("%s: ERROR: iphone_mux_recv returned %d\n", __func__, res);
-                        memcpy(buffer, control->gtls_buffer_hack, length);      // fill their buffer
+                        return res;
-                        hackhackhack = (char *) malloc(sizeof(char) * control->gtls_buffer_hack_len);   // strndup is NOT a good solution -- concatenates \0!!!! Anyway, make a new "hack" buffer.
-                        memcpy(hackhackhack, control->gtls_buffer_hack + length, control->gtls_buffer_hack_len);        // Move what's left into the new one
-                        free(control->gtls_buffer_hack);        // Free the old one
-                        control->gtls_buffer_hack = hackhackhack;       // And make it the new one.
-                        hackhackhack = NULL;
-                        log_dbg_msg(DBGMASK_LOCKDOWND, "Quenched the thirst for data; new hack length is %i\n",
-                                                control->gtls_buffer_hack_len);
-                        return length;          // hand it over.
-                } else {                                // length == hack length
-                        memcpy(buffer, control->gtls_buffer_hack, length);      // copy our buffer into theirs
-                        free(control->gtls_buffer_hack);        // free our "obligation"
-                        control->gtls_buffer_hack_len = 0;      // free our "obligation"
-                        log_dbg_msg(DBGMASK_LOCKDOWND, "Satiated the thirst for data; now we have to eventually receive again.\n");
-                        return length;          // hand it over
                }
-        }
+                log_debug_msg("post-read\nwe got %i bytes\n", bytes);
-        // End buffering hack!
-        char *recv_buffer = (char *) malloc(sizeof(char) * (length * 1000));    // ensuring nothing stupid happens
+                if (bytes < 0) {
+                        log_debug_msg("lockdownd_securead(): uh oh\n");
-        log_dbg_msg(DBGMASK_LOCKDOWND, "pre-read\nclient wants %zi bytes\n", length);
+                        log_debug_msg
-        iphone_mux_recv(control->connection, recv_buffer, (length * 1000), &bytes);
+                                ("I believe what we have here is a failure to communicate... libusb says %s but strerror says %s\n",
-        log_dbg_msg(DBGMASK_LOCKDOWND, "post-read\nwe got %i bytes\n", bytes);
+                                 usb_strerror(), strerror(errno));
-        if (bytes < 0) {
+                        return bytes;           // + 28;      // an errno
-                log_dbg_msg(DBGMASK_LOCKDOWND, "lockdownd_securead(): uh oh\n");
-                log_dbg_msg(DBGMASK_LOCKDOWND,
-                                        "I believe what we have here is a failure to communicate... libusb says %s but strerror says %s\n",
-                                        usb_strerror(), strerror(errno));
-                return bytes + 28;              // an errno
-        }
-        if (bytes >= length) {
-                if (bytes > length) {
-                        log_dbg_msg(DBGMASK_LOCKDOWND,
-                                                "lockdownd_securead: Client deliberately read less data than was there; resorting to GnuTLS buffering hack.\n");
-                        if (!control->gtls_buffer_hack_len) {   // if there's no hack buffer yet
-                                //control->gtls_buffer_hack = strndup(recv_buffer+length, bytes-length); // strndup is NOT a good solution!
-                                control->gtls_buffer_hack_len += bytes - length;
-                                control->gtls_buffer_hack = (char *) malloc(sizeof(char) * control->gtls_buffer_hack_len);
-                                memcpy(control->gtls_buffer_hack, recv_buffer + length, control->gtls_buffer_hack_len);
-                        } else {                        // if there is. 
-                                control->gtls_buffer_hack =
-                                        realloc(control->gtls_buffer_hack, control->gtls_buffer_hack_len + (bytes - length));
-                                memcpy(control->gtls_buffer_hack + control->gtls_buffer_hack_len, recv_buffer + length, bytes - length);
-                                control->gtls_buffer_hack_len += bytes - length;
-                        }
                }
-                memcpy(buffer + pos_start_fill, recv_buffer, length);
+                // increase read count
-                free(recv_buffer);
+                tbytes += bytes;
-                if (bytes == length) {
-                        log_dbg_msg(DBGMASK_LOCKDOWND, "Returning how much we received.\n");
+                // fill the buffer with what we got right now
-                        return bytes;
+                memcpy(buffer + pos_start_fill, recv_buffer, bytes);
-                } else {
+                pos_start_fill += bytes;
-                        log_dbg_msg(DBGMASK_LOCKDOWND, "Returning what they want to hear.\nHack length: %i\n",
-                                                control->gtls_buffer_hack_len);
+                if (tbytes >= length) {
-                        return length;
+                        break;
                }
+                this_len = length - tbytes;
+                log_debug_msg("re-read\ntrying to read missing %i bytes\n", this_len);
+        } while (tbytes < length);
+        if (recv_buffer) {
+                free(recv_buffer);
        }
-        return bytes;
+        return tbytes;
 }
 /** Command to start the desired service
diff --git a/src/lockdown.h b/src/lockdown.h
index 2f2a4b9..cad06a3 100644
--- a/src/lockdown.h
+++ b/src/lockdown.h
@@ -35,8 +35,6 @@ struct iphone_lckd_client_int {
        iphone_umux_client_t connection;
        gnutls_session_t *ssl_session;
        int in_SSL;
-        char *gtls_buffer_hack;
-        int gtls_buffer_hack_len;
        char session_id[40];
 };

diff --git a/src/AFC.h b/src/AFC.h index 90b406a..86a924e 100644 --- a/src/AFC.h +++ b/src/AFC.h
@@ -59,33 +59,32 @@ struct iphone_afc_file_int {
59	enum {	59	enum {
60	AFC_ERROR = 0x00000001,	60	AFC_ERROR = 0x00000001,
61	AFC_SUCCESS_RESPONSE = 0x00000002,	61	AFC_SUCCESS_RESPONSE = 0x00000002,
62	AFC_LIST_DIR = 0x00000003, // ReadDir	62	AFC_LIST_DIR = 0x00000003, // ReadDir
63	// 0x00000004 // ReadFile	63	// 0x00000004 // ReadFile
64	// 0x00000005 // WriteFile	64	// 0x00000005 // WriteFile
65	// 0x00000006 // WritePart	65	// 0x00000006 // WritePart
66	AFC_TRUNCATE = 0x00000007, // Truncate	66	AFC_TRUNCATE = 0x00000007, // Truncate
67	AFC_DELETE = 0x00000008, // RemovePath	67	AFC_DELETE = 0x00000008, // RemovePath
68	AFC_MAKE_DIR = 0x00000009, // MakeDir	68	AFC_MAKE_DIR = 0x00000009, // MakeDir
69	AFC_GET_INFO = 0x0000000a, // GetFileInfo	69	AFC_GET_INFO = 0x0000000a, // GetFileInfo
70	AFC_GET_DEVINFO = 0x0000000b, // GetDeviceInfo	70	AFC_GET_DEVINFO = 0x0000000b, // GetDeviceInfo
71	// 0x0000000c // same as 5, but writes to temp file, then renames it.	71	// 0x0000000c // same as 5, but writes to temp file, then renames it.
72	AFC_FILE_OPEN = 0x0000000d, // FileRefOpen	72	AFC_FILE_OPEN = 0x0000000d, // FileRefOpen
73	AFC_FILE_HANDLE = 0x0000000e, // _unknownPacket	73	AFC_FILE_HANDLE = 0x0000000e, // _unknownPacket
74	AFC_READ = 0x0000000f, // FileRefRead	74	AFC_READ = 0x0000000f, // FileRefRead
75	AFC_WRITE = 0x00000010, // FileRefWrite	75	AFC_WRITE = 0x00000010, // FileRefWrite
76	AFC_FILE_SEEK = 0x00000011, // FileRefSeek	76	AFC_FILE_SEEK = 0x00000011, // FileRefSeek
77	AFC_FILE_TELL = 0x00000012, // FileRefTell	77	AFC_FILE_TELL = 0x00000012, // FileRefTell
78	// 0x00000013 // _unknownPacket	78	// 0x00000013 // _unknownPacket
79	AFC_FILE_CLOSE = 0x00000014, // FileRefClose	79	AFC_FILE_CLOSE = 0x00000014, // FileRefClose
80	AFC_FILE_TRUNCATE = 0x00000015, // FileRefSetFileSize (ftruncate)	80	AFC_FILE_TRUNCATE = 0x00000015, // FileRefSetFileSize (ftruncate)
81	// 0x00000016 // SetFatalError	81	// 0x00000016 // SetFatalError
82	// 0x00000017 // SetConnectionOptions	82	// 0x00000017 // SetConnectionOptions
83	AFC_RENAME = 0x00000018, // RenamePath	83	AFC_RENAME = 0x00000018, // RenamePath
84	// 0x00000019 // SetFSBlockSize (0x800000)	84	// 0x00000019 // SetFSBlockSize (0x800000)
85	// 0x0000001A // SetBlockSize (0x800000)	85	// 0x0000001A // SetBlockSize (0x800000)
86	AFC_FILE_LOCK = 0x0000001B, // FileRefLock	86	AFC_FILE_LOCK = 0x0000001B, // FileRefLock
87	AFC_MAKE_LINK = 0x0000001C // MakeLink	87	AFC_MAKE_LINK = 0x0000001C // MakeLink
88	};	88	};
89		89
90
91	uint32_t iphone_afc_get_file_handle(iphone_afc_file_t file);	90	uint32_t iphone_afc_get_file_handle(iphone_afc_file_t file);


diff --git a/src/MobileSync.c b/src/MobileSync.c index 839ed2b..b16a51b 100644 --- a/src/MobileSync.c +++ b/src/MobileSync.c
@@ -50,8 +50,7 @@ iphone_error_t iphone_msync_new_client(iphone_device_t device, int src_port, int
50	//first receive version	50	//first receive version
51	ret = iphone_msync_recv(client_loc, &array);	51	ret = iphone_msync_recv(client_loc, &array);
52		52
53	plist_t msg_node =	53	plist_t msg_node = plist_find_node_by_string(array, "DLMessageVersionExchange");
54	plist_find_node_by_string(array, "DLMessageVersionExchange");
55	plist_t ver_1 = plist_get_next_sibling(msg_node);	54	plist_t ver_1 = plist_get_next_sibling(msg_node);
56	plist_t ver_2 = plist_get_next_sibling(ver_1);	55	plist_t ver_2 = plist_get_next_sibling(ver_1);
57		56
@@ -82,8 +81,7 @@ iphone_error_t iphone_msync_new_client(iphone_device_t device, int src_port, int
82	array = NULL;	81	array = NULL;
83		82
84	ret = iphone_msync_recv(client_loc, &array);	83	ret = iphone_msync_recv(client_loc, &array);
85	plist_t rep_node =	84	plist_t rep_node = plist_find_node_by_string(array, "DLMessageDeviceReady");
86	plist_find_node_by_string(array, "DLMessageDeviceReady");
87		85
88	if (rep_node) {	86	if (rep_node) {
89	ret = IPHONE_E_SUCCESS;	87	ret = IPHONE_E_SUCCESS;
@@ -245,8 +243,7 @@ iphone_error_t iphone_msync_get_all_contacts(iphone_msync_client_t client)
245	plist_t switch_node;	243	plist_t switch_node;
246		244
247	contact_node = plist_find_node_by_string(array, "com.apple.Contacts");	245	contact_node = plist_find_node_by_string(array, "com.apple.Contacts");
248	switch_node =	246	switch_node = plist_find_node_by_string(array, "SDMessageDeviceReadyToReceiveChanges");
249	plist_find_node_by_string(array, "SDMessageDeviceReadyToReceiveChanges");
250		247
251	while (NULL == switch_node) {	248	while (NULL == switch_node) {
252		249


diff --git a/src/NotificationProxy.c b/src/NotificationProxy.c index eec7857..726852e 100644 --- a/src/NotificationProxy.c +++ b/src/NotificationProxy.c
@@ -52,7 +52,7 @@ static void np_unlock(iphone_np_client_t client)
52	*	52	*
53	* @return A handle to the newly-connected client or NULL upon error.	53	* @return A handle to the newly-connected client or NULL upon error.
54	*/	54	*/
55	iphone_error_t iphone_np_new_client ( iphone_device_t device, int src_port, int dst_port, iphone_np_client_t *client )	55	iphone_error_t iphone_np_new_client(iphone_device_t device, int src_port, int dst_port, iphone_np_client_t * client)
56	{	56	{
57	int ret = IPHONE_E_SUCCESS;	57	int ret = IPHONE_E_SUCCESS;
58		58
@@ -75,16 +75,16 @@ iphone_error_t iphone_np_new_client ( iphone_device_t device, int src_port, int
75	client_loc->mutex = g_mutex_new();	75	client_loc->mutex = g_mutex_new();
76		76
77	*client = client_loc;	77	*client = client_loc;
78	return IPHONE_E_SUCCESS;	78	return IPHONE_E_SUCCESS;
79	}	79	}
80		80
81	/** Disconnects an NP client from the phone.	81	/** Disconnects an NP client from the phone.
82	*	82	*
83	* @param client The client to disconnect.	83	* @param client The client to disconnect.
84	*/	84	*/
85	iphone_error_t iphone_np_free_client ( iphone_np_client_t client )	85	iphone_error_t iphone_np_free_client(iphone_np_client_t client)
86	{	86	{
87	if (!client \|\| !client->connection )	87	if (!client \|\| !client->connection)
88	return IPHONE_E_INVALID_ARG;	88	return IPHONE_E_INVALID_ARG;
89		89
90	iphone_mux_free_client(client->connection);	90	iphone_mux_free_client(client->connection);
@@ -101,7 +101,7 @@ iphone_error_t iphone_np_free_client ( iphone_np_client_t client )
101	* @param client The client to send to	101	* @param client The client to send to
102	* @param notification The notification Message	102	* @param notification The notification Message
103	*/	103	*/
104	iphone_error_t iphone_np_post_notification( iphone_np_client_t client, const char *notification )	104	iphone_error_t iphone_np_post_notification(iphone_np_client_t client, const char *notification)
105	{	105	{
106	char *XML_content = NULL;	106	char *XML_content = NULL;
107	uint32_t length = 0;	107	uint32_t length = 0;
@@ -126,9 +126,9 @@ iphone_error_t iphone_np_post_notification( iphone_np_client_t client, const cha
126		126
127	nlen = htonl(length);	127	nlen = htonl(length);
128		128
129	memcpy(sndbuf+sndlen, &nlen, 4);	129	memcpy(sndbuf + sndlen, &nlen, 4);
130	sndlen += 4;	130	sndlen += 4;
131	memcpy(sndbuf+sndlen, XML_content, length);	131	memcpy(sndbuf + sndlen, XML_content, length);
132	sndlen += length;	132	sndlen += length;
133		133
134	plist_free(dict);	134	plist_free(dict);
@@ -143,11 +143,11 @@ iphone_error_t iphone_np_post_notification( iphone_np_client_t client, const cha
143		143
144	nlen = htonl(length);	144	nlen = htonl(length);
145		145
146	memcpy(sndbuf+sndlen, &nlen, 4);	146	memcpy(sndbuf + sndlen, &nlen, 4);
147	sndlen+=4;	147	sndlen += 4;
148		148
149	memcpy(sndbuf+sndlen, XML_content, length);	149	memcpy(sndbuf + sndlen, XML_content, length);
150	sndlen+=length;	150	sndlen += length;
151		151
152	plist_free(dict);	152	plist_free(dict);
153	dict = NULL;	153	dict = NULL;
@@ -157,7 +157,7 @@ iphone_error_t iphone_np_post_notification( iphone_np_client_t client, const cha
157	log_debug_buffer(sndbuf, sndlen);	157	log_debug_buffer(sndbuf, sndlen);
158		158
159	iphone_mux_send(client->connection, sndbuf, sndlen, &bytes);	159	iphone_mux_send(client->connection, sndbuf, sndlen, &bytes);
160	if (bytes <= 0) {	160	if (bytes <= 0) {
161	np_unlock(client);	161	np_unlock(client);
162	return bytes;	162	return bytes;
163	}	163	}
@@ -181,7 +181,7 @@ iphone_error_t iphone_np_post_notification( iphone_np_client_t client, const cha
181	*	181	*
182	* @param client The client to send to	182	* @param client The client to send to
183	*/	183	*/
184	iphone_error_t iphone_np_observe_notification( iphone_np_client_t client )	184	iphone_error_t iphone_np_observe_notification(iphone_np_client_t client)
185	{	185	{
186	plist_t dict = NULL;	186	plist_t dict = NULL;
187	char *XML_content = NULL;	187	char *XML_content = NULL;
@@ -191,18 +191,19 @@ iphone_error_t iphone_np_observe_notification( iphone_np_client_t client )
191	unsigned char sndbuf[4096];	191	unsigned char sndbuf[4096];
192	int sndlen = 0;	192	int sndlen = 0;
193	int nlen = 0;	193	int nlen = 0;
194	int i=0;	194	int i = 0;
195	const char *notifications[10] = {	195	const char *notifications[10] = {
196	"com.apple.itunes-client.syncCancelRequest",	196	"com.apple.itunes-client.syncCancelRequest",
197	"com.apple.itunes-client.syncSuspendRequest",	197	"com.apple.itunes-client.syncSuspendRequest",
198	"com.apple.itunes-client.syncResumeRequest",	198	"com.apple.itunes-client.syncResumeRequest",
199	"com.apple.mobile.lockdown.phone_number_changed",	199	"com.apple.mobile.lockdown.phone_number_changed",
200	"com.apple.mobile.lockdown.device_name_changed",	200	"com.apple.mobile.lockdown.device_name_changed",
201	"com.apple.springboard.attemptactivation",	201	"com.apple.springboard.attemptactivation",
202	"com.apple.mobile.data_sync.domain_changed",	202	"com.apple.mobile.data_sync.domain_changed",
203	"com.apple.mobile.application_installed",	203	"com.apple.mobile.application_installed",
204	"com.apple.mobile.application_uninstalled",	204	"com.apple.mobile.application_uninstalled",
205	NULL};	205	NULL
		206	};
206		207
207	sndlen = 0;	208	sndlen = 0;
208		209
@@ -221,11 +222,11 @@ iphone_error_t iphone_np_observe_notification( iphone_np_client_t client )
221	plist_to_xml(dict, &XML_content, &length);	222	plist_to_xml(dict, &XML_content, &length);
222		223
223	nlen = htonl(length);	224	nlen = htonl(length);
224	memcpy(sndbuf+sndlen, &nlen, 4);	225	memcpy(sndbuf + sndlen, &nlen, 4);
225	sndlen += 4;	226	sndlen += 4;
226	memcpy(sndbuf+sndlen, XML_content, length);	227	memcpy(sndbuf + sndlen, XML_content, length);
227	sndlen += length;	228	sndlen += length;
228		229
229	plist_free(dict);	230	plist_free(dict);
230	dict = NULL;	231	dict = NULL;
231	free(XML_content);	232	free(XML_content);
@@ -239,11 +240,11 @@ iphone_error_t iphone_np_observe_notification( iphone_np_client_t client )
239		240
240	nlen = htonl(length);	241	nlen = htonl(length);
241		242
242	memcpy(sndbuf+sndlen, &nlen, 4);	243	memcpy(sndbuf + sndlen, &nlen, 4);
243	sndlen+=4;	244	sndlen += 4;
244		245
245	memcpy(sndbuf+sndlen, XML_content, length);	246	memcpy(sndbuf + sndlen, XML_content, length);
246	sndlen+=length;	247	sndlen += length;
247		248
248	plist_free(dict);	249	plist_free(dict);
249	dict = NULL;	250	dict = NULL;
@@ -253,7 +254,7 @@ iphone_error_t iphone_np_observe_notification( iphone_np_client_t client )
253	log_debug_buffer(sndbuf, sndlen);	254	log_debug_buffer(sndbuf, sndlen);
254		255
255	iphone_mux_send(client->connection, sndbuf, sndlen, &bytes);	256	iphone_mux_send(client->connection, sndbuf, sndlen, &bytes);
256	if (bytes <= 0) {	257	if (bytes <= 0) {
257	np_unlock(client);	258	np_unlock(client);
258	return bytes;	259	return bytes;
259	}	260	}


diff --git a/src/NotificationProxy.h b/src/NotificationProxy.h index 57ad751..7b4b48d 100644 --- a/src/NotificationProxy.h +++ b/src/NotificationProxy.h
@@ -28,4 +28,3 @@ struct iphone_np_client_int {
28	iphone_umux_client_t connection;	28	iphone_umux_client_t connection;
29	GMutex *mutex;	29	GMutex *mutex;
30	};	30	};
31


diff --git a/src/lockdown.c b/src/lockdown.c index 2f48dfd..63f9090 100644 --- a/src/lockdown.c +++ b/src/lockdown.c
@@ -62,7 +62,6 @@ iphone_lckd_client_t new_lockdownd_client(iphone_device_t phone)
62		62
63	control->ssl_session = (gnutls_session_t *) malloc(sizeof(gnutls_session_t));	63	control->ssl_session = (gnutls_session_t *) malloc(sizeof(gnutls_session_t));
64	control->in_SSL = 0;	64	control->in_SSL = 0;
65	control->gtls_buffer_hack_len = 0;
66	return control;	65	return control;
67	}	66	}
68		67
@@ -152,7 +151,6 @@ static void iphone_lckd_stop_SSL_session(iphone_lckd_client_t client)
152	free(client->ssl_session);	151	free(client->ssl_session);
153	}	152	}
154	client->in_SSL = 0;	153	client->in_SSL = 0;
155	client->gtls_buffer_hack_len = 0; // dunno if required?!
156		154
157	return;	155	return;
158	}	156	}
@@ -467,6 +465,10 @@ iphone_error_t iphone_lckd_new_client(iphone_device_t device, iphone_lckd_client
467	char *host_id = NULL;	465	char *host_id = NULL;
468		466
469	iphone_lckd_client_t client_loc = new_lockdownd_client(device);	467	iphone_lckd_client_t client_loc = new_lockdownd_client(device);
		468	if (!client_loc) {
		469	log_debug_msg("FATAL: lockdownd client could not be created!\n");
		470	return IPHONE_E_UNKNOWN_ERROR;
		471	}
470	if (IPHONE_E_SUCCESS != lockdownd_hello(client_loc)) {	472	if (IPHONE_E_SUCCESS != lockdownd_hello(client_loc)) {
471	log_debug_msg("Hello failed in the lockdownd client.\n");	473	log_debug_msg("Hello failed in the lockdownd client.\n");
472	ret = IPHONE_E_NOT_ENOUGH_DATA;	474	ret = IPHONE_E_NOT_ENOUGH_DATA;
@@ -801,7 +803,7 @@ iphone_error_t lockdownd_gen_pair_cert(gnutls_datum_t public_key, gnutls_datum_t
801	iphone_error_t lockdownd_start_SSL_session(iphone_lckd_client_t control, const char *HostID)	803	iphone_error_t lockdownd_start_SSL_session(iphone_lckd_client_t control, const char *HostID)
802	{	804	{
803	plist_t dict = NULL;	805	plist_t dict = NULL;
804	uint32_t return_me = 0;	806	uint32_t return_me = 0;
805		807
806	iphone_error_t ret = IPHONE_E_UNKNOWN_ERROR;	808	iphone_error_t ret = IPHONE_E_UNKNOWN_ERROR;
807	control->session_id[0] = '\0';	809	control->session_id[0] = '\0';
@@ -956,79 +958,53 @@ ssize_t lockdownd_secuwrite(gnutls_transport_ptr_t transport, char *buffer, size
956	ssize_t lockdownd_securead(gnutls_transport_ptr_t transport, char *buffer, size_t length)	958	ssize_t lockdownd_securead(gnutls_transport_ptr_t transport, char *buffer, size_t length)
957	{	959	{
958	int bytes = 0, pos_start_fill = 0;	960	int bytes = 0, pos_start_fill = 0;
959	char *hackhackhack = NULL;	961	int tbytes = 0;
		962	int this_len = length;
		963	iphone_error_t res;
960	iphone_lckd_client_t control;	964	iphone_lckd_client_t control;
961	control = (iphone_lckd_client_t) transport;	965	control = (iphone_lckd_client_t) transport;
962	log_dbg_msg(DBGMASK_LOCKDOWND, "lockdownd_securead() called\nlength = %zi\n", length);	966	char *recv_buffer;
963	// Buffering hack! Throw what we've got in our "buffer" into the stream first, then get more.	967
964	if (control->gtls_buffer_hack_len > 0) {	968	log_debug_msg("lockdownd_securead() called\nlength = %zi\n", length);
965	if (length > control->gtls_buffer_hack_len) { // If it's asking for more than we got	969
966	length -= control->gtls_buffer_hack_len; // Subtract what we have from their requested length	970	log_debug_msg("pre-read\nclient wants %zi bytes\n", length);
967	pos_start_fill = control->gtls_buffer_hack_len; // set the pos to start filling at	971
968	memcpy(buffer, control->gtls_buffer_hack, control->gtls_buffer_hack_len); // Fill their buffer partially	972	recv_buffer = (char ) malloc(sizeof(char) this_len);
969	free(control->gtls_buffer_hack); // free our memory, it's not chained anymore	973
970	control->gtls_buffer_hack_len = 0; // we don't have a hack buffer anymore	974	// repeat until we have the full data or an error occurs.
971	log_dbg_msg(DBGMASK_LOCKDOWND, "Did a partial fill to help quench thirst for data\n");	975	do {
972	} else if (length < control->gtls_buffer_hack_len) { // If it's asking for less...	976	if ((res = iphone_mux_recv(control->connection, recv_buffer, this_len, &bytes)) != IPHONE_E_SUCCESS) {
973	control->gtls_buffer_hack_len -= length; // subtract what they're asking for	977	log_debug_msg("%s: ERROR: iphone_mux_recv returned %d\n", __func__, res);
974	memcpy(buffer, control->gtls_buffer_hack, length); // fill their buffer	978	return res;
975	hackhackhack = (char ) malloc(sizeof(char) control->gtls_buffer_hack_len); // strndup is NOT a good solution -- concatenates \0!!!! Anyway, make a new "hack" buffer.
976	memcpy(hackhackhack, control->gtls_buffer_hack + length, control->gtls_buffer_hack_len); // Move what's left into the new one
977	free(control->gtls_buffer_hack); // Free the old one
978	control->gtls_buffer_hack = hackhackhack; // And make it the new one.
979	hackhackhack = NULL;
980	log_dbg_msg(DBGMASK_LOCKDOWND, "Quenched the thirst for data; new hack length is %i\n",
981	control->gtls_buffer_hack_len);
982	return length; // hand it over.
983	} else { // length == hack length
984	memcpy(buffer, control->gtls_buffer_hack, length); // copy our buffer into theirs
985	free(control->gtls_buffer_hack); // free our "obligation"
986	control->gtls_buffer_hack_len = 0; // free our "obligation"
987	log_dbg_msg(DBGMASK_LOCKDOWND, "Satiated the thirst for data; now we have to eventually receive again.\n");
988	return length; // hand it over
989	}	979	}
990	}	980	log_debug_msg("post-read\nwe got %i bytes\n", bytes);
991	// End buffering hack!	981
992	char recv_buffer = (char ) malloc(sizeof(char) * (length * 1000)); // ensuring nothing stupid happens	982	if (bytes < 0) {
993		983	log_debug_msg("lockdownd_securead(): uh oh\n");
994	log_dbg_msg(DBGMASK_LOCKDOWND, "pre-read\nclient wants %zi bytes\n", length);	984	log_debug_msg
995	iphone_mux_recv(control->connection, recv_buffer, (length * 1000), &bytes);	985	("I believe what we have here is a failure to communicate... libusb says %s but strerror says %s\n",
996	log_dbg_msg(DBGMASK_LOCKDOWND, "post-read\nwe got %i bytes\n", bytes);	986	usb_strerror(), strerror(errno));
997	if (bytes < 0) {	987	return bytes; // + 28; // an errno
998	log_dbg_msg(DBGMASK_LOCKDOWND, "lockdownd_securead(): uh oh\n");
999	log_dbg_msg(DBGMASK_LOCKDOWND,
1000	"I believe what we have here is a failure to communicate... libusb says %s but strerror says %s\n",
1001	usb_strerror(), strerror(errno));
1002	return bytes + 28; // an errno
1003	}
1004	if (bytes >= length) {
1005	if (bytes > length) {
1006	log_dbg_msg(DBGMASK_LOCKDOWND,
1007	"lockdownd_securead: Client deliberately read less data than was there; resorting to GnuTLS buffering hack.\n");
1008	if (!control->gtls_buffer_hack_len) { // if there's no hack buffer yet
1009	//control->gtls_buffer_hack = strndup(recv_buffer+length, bytes-length); // strndup is NOT a good solution!
1010	control->gtls_buffer_hack_len += bytes - length;
1011	control->gtls_buffer_hack = (char ) malloc(sizeof(char) control->gtls_buffer_hack_len);
1012	memcpy(control->gtls_buffer_hack, recv_buffer + length, control->gtls_buffer_hack_len);
1013	} else { // if there is.
1014	control->gtls_buffer_hack =
1015	realloc(control->gtls_buffer_hack, control->gtls_buffer_hack_len + (bytes - length));
1016	memcpy(control->gtls_buffer_hack + control->gtls_buffer_hack_len, recv_buffer + length, bytes - length);
1017	control->gtls_buffer_hack_len += bytes - length;
1018	}
1019	}	988	}
1020	memcpy(buffer + pos_start_fill, recv_buffer, length);	989	// increase read count
1021	free(recv_buffer);	990	tbytes += bytes;
1022	if (bytes == length) {	991
1023	log_dbg_msg(DBGMASK_LOCKDOWND, "Returning how much we received.\n");	992	// fill the buffer with what we got right now
1024	return bytes;	993	memcpy(buffer + pos_start_fill, recv_buffer, bytes);
1025	} else {	994	pos_start_fill += bytes;
1026	log_dbg_msg(DBGMASK_LOCKDOWND, "Returning what they want to hear.\nHack length: %i\n",	995
1027	control->gtls_buffer_hack_len);	996	if (tbytes >= length) {
1028	return length;	997	break;
1029	}	998	}
		999
		1000	this_len = length - tbytes;
		1001	log_debug_msg("re-read\ntrying to read missing %i bytes\n", this_len);
		1002	} while (tbytes < length);
		1003	if (recv_buffer) {
		1004	free(recv_buffer);
1030	}	1005	}
1031	return bytes;	1006
		1007	return tbytes;
1032	}	1008	}
1033		1009
1034	/** Command to start the desired service	1010	/** Command to start the desired service


diff --git a/src/lockdown.h b/src/lockdown.h index 2f2a4b9..cad06a3 100644 --- a/src/lockdown.h +++ b/src/lockdown.h
@@ -35,8 +35,6 @@ struct iphone_lckd_client_int {
35	iphone_umux_client_t connection;	35	iphone_umux_client_t connection;
36	gnutls_session_t *ssl_session;	36	gnutls_session_t *ssl_session;
37	int in_SSL;	37	int in_SSL;
38	char *gtls_buffer_hack;
39	int gtls_buffer_hack_len;
40	char session_id[40];	38	char session_id[40];
41	};	39	};
42		40