From 2b05e48cb4a90dfc94ff584124f08e431398bb1a Mon Sep 17 00:00:00 2001 From: Matt Colyer Date: Mon, 1 Sep 2008 15:04:31 -0700 Subject: Enforce a modified kr style. Use "make indent" from now on before committing. --- src/lockdown.c | 586 +++++++++++++++++++++++++++++++++------------------------ 1 file changed, 343 insertions(+), 243 deletions(-) (limited to 'src/lockdown.c') diff --git a/src/lockdown.c b/src/lockdown.c index e5420a3..80974d2 100644 --- a/src/lockdown.c +++ b/src/lockdown.c @@ -32,16 +32,17 @@ extern int debug; -const ASN1_ARRAY_TYPE pkcs1_asn1_tab[]={ - {"PKCS1",536872976,0}, - {0,1073741836,0}, - {"RSAPublicKey",536870917,0}, - {"modulus",1073741827,0}, - {"publicExponent",3,0}, - {0,0,0} +const ASN1_ARRAY_TYPE pkcs1_asn1_tab[] = { + {"PKCS1", 536872976, 0}, + {0, 1073741836, 0}, + {"RSAPublicKey", 536870917, 0}, + {"modulus", 1073741827, 0}, + {"publicExponent", 3, 0}, + {0, 0, 0} }; -int get_rand(int min, int max) { +int get_rand(int min, int max) +{ int retval = (rand() % (max - min)) + min; return retval; } @@ -50,21 +51,22 @@ int get_rand(int min, int max) { * * @param A null terminated string containing a valid HostID. */ -char *lockdownd_generate_hostid() { - char *hostid = (char*)malloc(sizeof(char) * 37); // HostID's are just UUID's, and UUID's are 36 characters long +char *lockdownd_generate_hostid() +{ + char *hostid = (char *) malloc(sizeof(char) * 37); // HostID's are just UUID's, and UUID's are 36 characters long const char *chars = "ABCDEF0123456789"; srand(time(NULL)); int i = 0; - + for (i = 0; i < 36; i++) { if (i == 8 || i == 13 || i == 18 || i == 23) { hostid[i] = '-'; continue; } else { - hostid[i] = chars[get_rand(0,16)]; + hostid[i] = chars[get_rand(0, 16)]; } } - hostid[36] = '\0'; // make it a real string + hostid[36] = '\0'; // make it a real string return hostid; } @@ -74,16 +76,18 @@ char *lockdownd_generate_hostid() { * * @return The lockdownd client. */ -iphone_lckd_client_t new_lockdownd_client(iphone_device_t phone) { - if (!phone) return NULL; - iphone_lckd_client_t control = (iphone_lckd_client_t)malloc(sizeof(struct iphone_lckd_client_int)); +iphone_lckd_client_t new_lockdownd_client(iphone_device_t phone) +{ + if (!phone) + return NULL; + iphone_lckd_client_t control = (iphone_lckd_client_t) malloc(sizeof(struct iphone_lckd_client_int)); - if (IPHONE_E_SUCCESS != iphone_mux_new_client ( phone, 0x0a00, 0xf27e, &control->connection)) { + if (IPHONE_E_SUCCESS != iphone_mux_new_client(phone, 0x0a00, 0xf27e, &control->connection)) { free(control); return NULL; } - - control->ssl_session = (gnutls_session_t*)malloc(sizeof(gnutls_session_t)); + + control->ssl_session = (gnutls_session_t *) malloc(sizeof(gnutls_session_t)); control->in_SSL = 0; control->gtls_buffer_hack_len = 0; return control; @@ -94,15 +98,18 @@ iphone_lckd_client_t new_lockdownd_client(iphone_device_t phone) { * * @param control The lockdown client */ -iphone_error_t iphone_lckd_free_client( iphone_lckd_client_t client ) { - if (!client) return IPHONE_E_INVALID_ARG; +iphone_error_t iphone_lckd_free_client(iphone_lckd_client_t client) +{ + if (!client) + return IPHONE_E_INVALID_ARG; iphone_error_t ret = IPHONE_E_UNKNOWN_ERROR; if (client->connection) { ret = iphone_mux_free_client(client->connection); } - if (client->ssl_session) gnutls_deinit(*client->ssl_session); + if (client->ssl_session) + gnutls_deinit(*client->ssl_session); free(client->ssl_session); free(client); return ret; @@ -116,24 +123,30 @@ iphone_error_t iphone_lckd_free_client( iphone_lckd_client_t client ) { * * @return The number of bytes received */ -iphone_error_t iphone_lckd_recv ( iphone_lckd_client_t client, char **dump_data, uint32_t *recv_bytes ) { - if (!client || !dump_data || !recv_bytes) return IPHONE_E_INVALID_ARG; +iphone_error_t iphone_lckd_recv(iphone_lckd_client_t client, char **dump_data, uint32_t * recv_bytes) +{ + if (!client || !dump_data || !recv_bytes) + return IPHONE_E_INVALID_ARG; iphone_error_t ret = IPHONE_E_UNKNOWN_ERROR; char *receive; uint32 datalen = 0, bytes = 0; - - if (!client->in_SSL) ret = iphone_mux_recv(client->connection, (char *)&datalen, sizeof(datalen), &bytes); + + if (!client->in_SSL) + ret = iphone_mux_recv(client->connection, (char *) &datalen, sizeof(datalen), &bytes); else { bytes = gnutls_record_recv(*client->ssl_session, &datalen, sizeof(datalen)); - if (bytes > 0) ret = IPHONE_E_SUCCESS; + if (bytes > 0) + ret = IPHONE_E_SUCCESS; } datalen = ntohl(datalen); - - receive = (char*)malloc(sizeof(char) * datalen); - if (!client->in_SSL) ret = iphone_mux_recv(client->connection, receive, datalen, &bytes); + + receive = (char *) malloc(sizeof(char) * datalen); + if (!client->in_SSL) + ret = iphone_mux_recv(client->connection, receive, datalen, &bytes); else { bytes = gnutls_record_recv(*client->ssl_session, receive, datalen); - if (bytes > 0) ret = IPHONE_E_SUCCESS; + if (bytes > 0) + ret = IPHONE_E_SUCCESS; } *dump_data = receive; *recv_bytes = bytes; @@ -151,30 +164,34 @@ iphone_error_t iphone_lckd_recv ( iphone_lckd_client_t client, char **dump_data, * * @return The number of bytes sent */ -iphone_error_t iphone_lckd_send ( iphone_lckd_client_t client, char *raw_data, uint32_t length, uint32_t *sent_bytes ) { - if (!client || !raw_data || length == 0 || !sent_bytes) return IPHONE_E_INVALID_ARG; +iphone_error_t iphone_lckd_send(iphone_lckd_client_t client, char *raw_data, uint32_t length, uint32_t * sent_bytes) +{ + if (!client || !raw_data || length == 0 || !sent_bytes) + return IPHONE_E_INVALID_ARG; char *real_query; int bytes; iphone_error_t ret = IPHONE_E_UNKNOWN_ERROR; - real_query = (char*)malloc(sizeof(char) * (length+4)); + real_query = (char *) malloc(sizeof(char) * (length + 4)); length = htonl(length); memcpy(real_query, &length, sizeof(length)); - memcpy(real_query+4, raw_data, ntohl(length)); + memcpy(real_query + 4, raw_data, ntohl(length)); if (debug) { printf("lockdownd_send(): made the query, sending it along\n"); FILE *packet = fopen("grpkt", "w"); - fwrite(real_query, 1, ntohl(length)+4, packet); + fwrite(real_query, 1, ntohl(length) + 4, packet); fclose(packet); packet = NULL; } - - if (!client->in_SSL) ret = iphone_mux_send(client->connection, real_query, ntohl(length)+sizeof(length), &bytes); + + if (!client->in_SSL) + ret = iphone_mux_send(client->connection, real_query, ntohl(length) + sizeof(length), &bytes); else { - gnutls_record_send(*client->ssl_session, real_query, ntohl(length)+sizeof(length)); + gnutls_record_send(*client->ssl_session, real_query, ntohl(length) + sizeof(length)); ret = IPHONE_E_SUCCESS; } - if (debug) printf("lockdownd_send(): sent it!\n"); + if (debug) + printf("lockdownd_send(): sent it!\n"); free(real_query); *sent_bytes = bytes; return ret; @@ -188,46 +205,54 @@ iphone_error_t iphone_lckd_send ( iphone_lckd_client_t client, char *raw_data, u * * @return 1 on success and 0 on failure. */ -iphone_error_t lockdownd_hello(iphone_lckd_client_t control) { - if (!control) return IPHONE_E_INVALID_ARG; +iphone_error_t lockdownd_hello(iphone_lckd_client_t control) +{ + if (!control) + return IPHONE_E_INVALID_ARG; xmlDocPtr plist = new_plist(); xmlNode *dict, *key; char **dictionary; int bytes = 0, i = 0; iphone_error_t ret = IPHONE_E_UNKNOWN_ERROR; - - if (debug) printf("lockdownd_hello() called\n"); + + if (debug) + printf("lockdownd_hello() called\n"); dict = add_child_to_plist(plist, "dict", "\n", NULL, 0); key = add_key_str_dict_element(plist, dict, "Request", "QueryType", 1); char *XML_content; uint32 length; - - xmlDocDumpMemory(plist, (xmlChar **)&XML_content, &length); + + xmlDocDumpMemory(plist, (xmlChar **) & XML_content, &length); ret = iphone_lckd_send(control, XML_content, length, &bytes); - + xmlFree(XML_content); - xmlFreeDoc(plist); plist = NULL; + xmlFreeDoc(plist); + plist = NULL; ret = iphone_lckd_recv(control, &XML_content, &bytes); plist = xmlReadMemory(XML_content, bytes, NULL, NULL, 0); - if (!plist) return IPHONE_E_PLIST_ERROR; + if (!plist) + return IPHONE_E_PLIST_ERROR; dict = xmlDocGetRootElement(plist); for (dict = dict->children; dict; dict = dict->next) { - if (!xmlStrcmp(dict->name, "dict")) break; + if (!xmlStrcmp(dict->name, "dict")) + break; } - if (!dict) return IPHONE_E_DICT_ERROR; + if (!dict) + return IPHONE_E_DICT_ERROR; dictionary = read_dict_element_strings(dict); xmlFreeDoc(plist); - free(XML_content); - - for (i = 0; dictionary[i]; i+=2) { - if (!strcmp(dictionary[i], "Result") && !strcmp(dictionary[i+1], "Success")) { - if (debug) printf("lockdownd_hello(): success\n"); + free(XML_content); + + for (i = 0; dictionary[i]; i += 2) { + if (!strcmp(dictionary[i], "Result") && !strcmp(dictionary[i + 1], "Success")) { + if (debug) + printf("lockdownd_hello(): success\n"); ret = IPHONE_E_SUCCESS; break; } } - + free_dictionary(dictionary); return ret; } @@ -242,7 +267,8 @@ iphone_error_t lockdownd_hello(iphone_lckd_client_t control) { */ iphone_error_t lockdownd_generic_get_value(iphone_lckd_client_t control, char *req_key, char **value) { - if (!control || !req_key || !value || (value && *value)) return IPHONE_E_INVALID_ARG; + if (!control || !req_key || !value || (value && *value)) + return IPHONE_E_INVALID_ARG; xmlDocPtr plist = new_plist(); xmlNode *dict = NULL; xmlNode *key = NULL;; @@ -251,54 +277,61 @@ iphone_error_t lockdownd_generic_get_value(iphone_lckd_client_t control, char *r char *XML_content = NULL; uint32 length = 0; iphone_error_t ret = IPHONE_E_UNKNOWN_ERROR; - + /* Setup DevicePublicKey request plist */ dict = add_child_to_plist(plist, "dict", "\n", NULL, 0); key = add_key_str_dict_element(plist, dict, "Key", req_key, 1); key = add_key_str_dict_element(plist, dict, "Request", "GetValue", 1); - xmlDocDumpMemory(plist, (xmlChar**)&XML_content, &length); + xmlDocDumpMemory(plist, (xmlChar **) & XML_content, &length); /* send to iPhone */ ret = iphone_lckd_send(control, XML_content, length, &bytes); - + xmlFree(XML_content); - xmlFreeDoc(plist); plist = NULL; + xmlFreeDoc(plist); + plist = NULL; - if (ret != IPHONE_E_SUCCESS) return ret; + if (ret != IPHONE_E_SUCCESS) + return ret; /* Now get iPhone's answer */ ret = iphone_lckd_recv(control, &XML_content, &bytes); - if (ret != IPHONE_E_SUCCESS) return ret; + if (ret != IPHONE_E_SUCCESS) + return ret; plist = xmlReadMemory(XML_content, bytes, NULL, NULL, 0); - if (!plist) return IPHONE_E_PLIST_ERROR; + if (!plist) + return IPHONE_E_PLIST_ERROR; dict = xmlDocGetRootElement(plist); for (dict = dict->children; dict; dict = dict->next) { - if (!xmlStrcmp(dict->name, "dict")) break; + if (!xmlStrcmp(dict->name, "dict")) + break; } - if (!dict) return IPHONE_E_DICT_ERROR; - + if (!dict) + return IPHONE_E_DICT_ERROR; + /* Parse xml to check success and to find public key */ dictionary = read_dict_element_strings(dict); xmlFreeDoc(plist); - free(XML_content); - + free(XML_content); + int success = 0; - for (i = 0; dictionary[i]; i+=2) { - if (!strcmp(dictionary[i], "Result") && !strcmp(dictionary[i+1], "Success")) { + for (i = 0; dictionary[i]; i += 2) { + if (!strcmp(dictionary[i], "Result") && !strcmp(dictionary[i + 1], "Success")) { success = 1; } if (!strcmp(dictionary[i], "Value")) { - *value = strdup(dictionary[i+1]); + *value = strdup(dictionary[i + 1]); } } - + if (dictionary) { free_dictionary(dictionary); dictionary = NULL; } - if (success) ret = IPHONE_E_SUCCESS; + if (success) + ret = IPHONE_E_SUCCESS; return ret; } @@ -331,15 +364,15 @@ iphone_error_t lockdownd_get_device_public_key(iphone_lckd_client_t control, cha * * @return 1 on success and 0 on failure */ -iphone_error_t iphone_lckd_new_client ( iphone_device_t device, iphone_lckd_client_t *client ) +iphone_error_t iphone_lckd_new_client(iphone_device_t device, iphone_lckd_client_t * client) { - if (!device || !client || (client && *client) ) + if (!device || !client || (client && *client)) return IPHONE_E_INVALID_ARG; iphone_error_t ret = IPHONE_E_SUCCESS; char *host_id = NULL; - iphone_lckd_client_t client_loc = new_lockdownd_client( device ); - if (IPHONE_E_SUCCESS != lockdownd_hello(client_loc)){ + iphone_lckd_client_t client_loc = new_lockdownd_client(device); + if (IPHONE_E_SUCCESS != lockdownd_hello(client_loc)) { fprintf(stderr, "Hello failed in the lockdownd client.\n"); ret = IPHONE_E_NOT_ENOUGH_DATA; } @@ -347,12 +380,12 @@ iphone_error_t iphone_lckd_new_client ( iphone_device_t device, iphone_lckd_clie char *uid = NULL; ret = lockdownd_get_device_uid(client_loc, &uid); - if(IPHONE_E_SUCCESS != ret){ + if (IPHONE_E_SUCCESS != ret) { fprintf(stderr, "Device refused to send uid.\n"); } host_id = get_host_id(); - if (IPHONE_E_SUCCESS == ret && !host_id){ + if (IPHONE_E_SUCCESS == ret && !host_id) { fprintf(stderr, "No HostID found, run libiphone-initconf.\n"); ret = IPHONE_E_INVALID_CONF; } @@ -366,7 +399,7 @@ iphone_error_t iphone_lckd_new_client ( iphone_device_t device, iphone_lckd_clie } ret = lockdownd_start_SSL_session(client_loc, host_id); - if (IPHONE_E_SUCCESS != ret ) { + if (IPHONE_E_SUCCESS != ret) { ret = IPHONE_E_SSL_ERROR; fprintf(stderr, "SSL Session opening failed.\n"); } @@ -399,19 +432,19 @@ iphone_error_t lockdownd_pair_device(iphone_lckd_client_t control, char *uid, ch char *XML_content = NULL; uint32 length = 0; - char* device_cert_b64 = NULL; - char* host_cert_b64 = NULL; - char* root_cert_b64 = NULL; + char *device_cert_b64 = NULL; + char *host_cert_b64 = NULL; + char *root_cert_b64 = NULL; char *public_key_b64 = NULL; ret = lockdownd_get_device_public_key(control, &public_key_b64); - if(ret != IPHONE_E_SUCCESS){ + if (ret != IPHONE_E_SUCCESS) { fprintf(stderr, "Device refused to send public key.\n"); return ret; } ret = lockdownd_gen_pair_cert(public_key_b64, &device_cert_b64, &host_cert_b64, &root_cert_b64); - if(ret != IPHONE_E_SUCCESS){ + if (ret != IPHONE_E_SUCCESS) { free(public_key_b64); return ret; } @@ -426,51 +459,55 @@ iphone_error_t lockdownd_pair_device(iphone_lckd_client_t control, char *uid, ch add_key_data_dict_element(plist, dictRecord, "RootCertificate", root_cert_b64, 2); add_key_str_dict_element(plist, dict, "Request", "Pair", 1); - xmlDocDumpMemory(plist, (xmlChar**)&XML_content, &length); + xmlDocDumpMemory(plist, (xmlChar **) & XML_content, &length); - printf("XML Pairing request : %s\n",XML_content); + printf("XML Pairing request : %s\n", XML_content); /* send to iPhone */ ret = iphone_lckd_send(control, XML_content, length, &bytes); - + xmlFree(XML_content); - xmlFreeDoc(plist); plist = NULL; + xmlFreeDoc(plist); + plist = NULL; - if (ret != IPHONE_E_SUCCESS) return ret; + if (ret != IPHONE_E_SUCCESS) + return ret; /* Now get iPhone's answer */ ret = iphone_lckd_recv(control, &XML_content, &bytes); - if (ret != IPHONE_E_SUCCESS) return ret; + if (ret != IPHONE_E_SUCCESS) + return ret; if (debug) { printf("lockdown_pair_device: iPhone's response to our pair request:\n"); fwrite(XML_content, 1, bytes, stdout); printf("\n\n"); } - + plist = xmlReadMemory(XML_content, bytes, NULL, NULL, 0); if (!plist) { free(public_key_b64); return IPHONE_E_PLIST_ERROR; - } + } dict = xmlDocGetRootElement(plist); for (dict = dict->children; dict; dict = dict->next) { - if (!xmlStrcmp(dict->name, "dict")) break; + if (!xmlStrcmp(dict->name, "dict")) + break; } if (!dict) { free(public_key_b64); return IPHONE_E_DICT_ERROR; } - + /* Parse xml to check success and to find public key */ dictionary = read_dict_element_strings(dict); xmlFreeDoc(plist); - free(XML_content); - + free(XML_content); + int success = 0; - for (i = 0; dictionary[i]; i+=2) { - if (!strcmp(dictionary[i], "Result") && !strcmp(dictionary[i+1], "Success")) { + for (i = 0; dictionary[i]; i += 2) { + if (!strcmp(dictionary[i], "Result") && !strcmp(dictionary[i + 1], "Success")) { success = 1; } } @@ -482,11 +519,13 @@ iphone_error_t lockdownd_pair_device(iphone_lckd_client_t control, char *uid, ch /* store public key in config if pairing succeeded */ if (success) { - if (debug) printf("lockdownd_pair_device: pair success\n"); + if (debug) + printf("lockdownd_pair_device: pair success\n"); store_device_public_key(uid, public_key_b64); ret = IPHONE_E_SUCCESS; } else { - if (debug) printf("lockdownd_pair_device: pair failure\n"); + if (debug) + printf("lockdownd_pair_device: pair failure\n"); ret = IPHONE_E_PAIRING_FAILED; } free(public_key_b64); @@ -498,24 +537,26 @@ iphone_error_t lockdownd_pair_device(iphone_lckd_client_t control, char *uid, ch * * @return IPHONE_E_SUCCESS on success. */ -iphone_error_t lockdownd_gen_pair_cert(char *public_key_b64, char **device_cert_b64, char **host_cert_b64, char **root_cert_b64) +iphone_error_t lockdownd_gen_pair_cert(char *public_key_b64, char **device_cert_b64, char **host_cert_b64, + char **root_cert_b64) { - if (!public_key_b64 || !device_cert_b64 || !host_cert_b64 || !root_cert_b64) return IPHONE_E_INVALID_ARG; + if (!public_key_b64 || !device_cert_b64 || !host_cert_b64 || !root_cert_b64) + return IPHONE_E_INVALID_ARG; iphone_error_t ret = IPHONE_E_UNKNOWN_ERROR; - gnutls_datum_t modulus = {NULL, 0}; - gnutls_datum_t exponent = {NULL, 0}; + gnutls_datum_t modulus = { NULL, 0 }; + gnutls_datum_t exponent = { NULL, 0 }; /* first decode base64 public_key */ gnutls_datum_t pem_pub_key; gsize decoded_size; - pem_pub_key.data = g_base64_decode (public_key_b64, &decoded_size); + pem_pub_key.data = g_base64_decode(public_key_b64, &decoded_size); pem_pub_key.size = decoded_size; /* now decode the PEM encoded key */ gnutls_datum_t der_pub_key; - if( GNUTLS_E_SUCCESS == gnutls_pem_base64_decode_alloc ("RSA PUBLIC KEY", &pem_pub_key, &der_pub_key) ){ - + if (GNUTLS_E_SUCCESS == gnutls_pem_base64_decode_alloc("RSA PUBLIC KEY", &pem_pub_key, &der_pub_key)) { + /* initalize asn.1 parser */ ASN1_TYPE pkcs1 = ASN1_TYPE_EMPTY; if (ASN1_SUCCESS == asn1_array2tree(pkcs1_asn1_tab, &pkcs1, NULL)) { @@ -526,14 +567,14 @@ iphone_error_t lockdownd_gen_pair_cert(char *public_key_b64, char **device_cert_ if (ASN1_SUCCESS == asn1_der_decoding(&asn1_pub_key, der_pub_key.data, der_pub_key.size, NULL)) { /* get size to read */ - int ret1 = asn1_read_value (asn1_pub_key, "modulus", NULL, &modulus.size); - int ret2 = asn1_read_value (asn1_pub_key, "publicExponent", NULL, &exponent.size); + int ret1 = asn1_read_value(asn1_pub_key, "modulus", NULL, &modulus.size); + int ret2 = asn1_read_value(asn1_pub_key, "publicExponent", NULL, &exponent.size); modulus.data = gnutls_malloc(modulus.size); exponent.data = gnutls_malloc(exponent.size); - ret1 = asn1_read_value (asn1_pub_key, "modulus", modulus.data, &modulus.size); - ret2 = asn1_read_value (asn1_pub_key, "publicExponent", exponent.data, &exponent.size); + ret1 = asn1_read_value(asn1_pub_key, "modulus", modulus.data, &modulus.size); + ret2 = asn1_read_value(asn1_pub_key, "publicExponent", exponent.data, &exponent.size); if (ASN1_SUCCESS == ret1 && ASN1_SUCCESS == ret2) ret = IPHONE_E_SUCCESS; } @@ -548,34 +589,36 @@ iphone_error_t lockdownd_gen_pair_cert(char *public_key_b64, char **device_cert_ if (IPHONE_E_SUCCESS == ret && 0 != modulus.size && 0 != exponent.size) { gnutls_global_init(); - gnutls_datum_t essentially_null = {strdup("abababababababab"), strlen("abababababababab")}; - + gnutls_datum_t essentially_null = { strdup("abababababababab"), strlen("abababababababab") }; + gnutls_x509_privkey_t fake_privkey, root_privkey; gnutls_x509_crt_t dev_cert, root_cert, host_cert; - + gnutls_x509_privkey_init(&fake_privkey); gnutls_x509_crt_init(&dev_cert); gnutls_x509_crt_init(&root_cert); gnutls_x509_crt_init(&host_cert); - if ( GNUTLS_E_SUCCESS == gnutls_x509_privkey_import_rsa_raw(fake_privkey, &modulus, &exponent, &essentially_null, &essentially_null, &essentially_null, &essentially_null) ) { - + if (GNUTLS_E_SUCCESS == + gnutls_x509_privkey_import_rsa_raw(fake_privkey, &modulus, &exponent, &essentially_null, &essentially_null, + &essentially_null, &essentially_null)) { + gnutls_x509_privkey_init(&root_privkey); - + /* get root cert */ - gnutls_datum_t pem_root_cert = {NULL, 0}; + gnutls_datum_t pem_root_cert = { NULL, 0 }; get_root_certificate(&pem_root_cert); if (GNUTLS_E_SUCCESS != gnutls_x509_crt_import(root_cert, &pem_root_cert, GNUTLS_X509_FMT_PEM)) ret = IPHONE_E_SSL_ERROR; /* get host cert */ - gnutls_datum_t pem_host_cert = {NULL, 0}; + gnutls_datum_t pem_host_cert = { NULL, 0 }; get_host_certificate(&pem_host_cert); if (GNUTLS_E_SUCCESS != gnutls_x509_crt_import(host_cert, &pem_host_cert, GNUTLS_X509_FMT_PEM)) ret = IPHONE_E_SSL_ERROR; /* get root private key */ - gnutls_datum_t pem_root_priv = {NULL, 0}; + gnutls_datum_t pem_root_priv = { NULL, 0 }; get_root_private_key(&pem_root_priv); if (GNUTLS_E_SUCCESS != gnutls_x509_privkey_import(root_privkey, &pem_root_priv, GNUTLS_X509_FMT_PEM)) ret = IPHONE_E_SSL_ERROR; @@ -591,7 +634,7 @@ iphone_error_t lockdownd_gen_pair_cert(char *public_key_b64, char **device_cert_ if (IPHONE_E_SUCCESS == ret) { /* if everything went well, export in PEM format */ - gnutls_datum_t dev_pem = {NULL, 0}; + gnutls_datum_t dev_pem = { NULL, 0 }; gnutls_x509_crt_export(dev_cert, GNUTLS_X509_FMT_PEM, NULL, &dev_pem.size); dev_pem.data = gnutls_malloc(dev_pem.size); gnutls_x509_crt_export(dev_cert, GNUTLS_X509_FMT_PEM, dev_pem.data, &dev_pem.size); @@ -623,7 +666,8 @@ iphone_error_t lockdownd_gen_pair_cert(char *public_key_b64, char **device_cert_ * * @return 1 on success and 0 on failure */ -iphone_error_t lockdownd_start_SSL_session(iphone_lckd_client_t control, const char *HostID) { +iphone_error_t lockdownd_start_SSL_session(iphone_lckd_client_t control, const char *HostID) +{ xmlDocPtr plist = new_plist(); xmlNode *dict = add_child_to_plist(plist, "dict", "\n", NULL, 0); xmlNode *key; @@ -631,46 +675,52 @@ iphone_error_t lockdownd_start_SSL_session(iphone_lckd_client_t control, const c uint32 len = 0, bytes = 0, return_me = 0, i = 0; iphone_error_t ret = IPHONE_E_UNKNOWN_ERROR; // end variables - + key = add_key_str_dict_element(plist, dict, "HostID", HostID, 1); if (!key) { - if (debug) printf("Couldn't add a key.\n"); + if (debug) + printf("Couldn't add a key.\n"); xmlFreeDoc(plist); return IPHONE_E_DICT_ERROR; } key = add_key_str_dict_element(plist, dict, "Request", "StartSession", 1); if (!key) { - if (debug) printf("Couldn't add a key.\n"); + if (debug) + printf("Couldn't add a key.\n"); xmlFreeDoc(plist); return IPHONE_E_DICT_ERROR; } - - xmlDocDumpMemory(plist, (xmlChar **)&what2send, &len); + + xmlDocDumpMemory(plist, (xmlChar **) & what2send, &len); ret = iphone_lckd_send(control, what2send, len, &bytes); - + xmlFree(what2send); xmlFreeDoc(plist); - if (ret != IPHONE_E_SUCCESS) return ret; - + if (ret != IPHONE_E_SUCCESS) + return ret; + if (bytes > 0) { ret = iphone_lckd_recv(control, &what2send, &len); plist = xmlReadMemory(what2send, len, NULL, NULL, 0); dict = xmlDocGetRootElement(plist); - if (!dict) return IPHONE_E_DICT_ERROR; + if (!dict) + return IPHONE_E_DICT_ERROR; for (dict = dict->children; dict; dict = dict->next) { - if (!xmlStrcmp(dict->name, "dict")) break; + if (!xmlStrcmp(dict->name, "dict")) + break; } dictionary = read_dict_element_strings(dict); xmlFreeDoc(plist); free(what2send); - for (i = 0; dictionary[i]; i+=2) { - if (!strcmp(dictionary[i], "Result") && !strcmp(dictionary[i+1], "Success")) { + for (i = 0; dictionary[i]; i += 2) { + if (!strcmp(dictionary[i], "Result") && !strcmp(dictionary[i + 1], "Success")) { // Set up GnuTLS... //gnutls_anon_client_credentials_t anoncred; gnutls_certificate_credentials_t xcred; - if (debug) printf("We started the session OK, now trying GnuTLS\n"); + if (debug) + printf("We started the session OK, now trying GnuTLS\n"); errno = 0; gnutls_global_init(); //gnutls_anon_allocate_client_credentials(&anoncred); @@ -678,7 +728,7 @@ iphone_error_t lockdownd_start_SSL_session(iphone_lckd_client_t control, const c gnutls_certificate_set_x509_trust_file(xcred, "hostcert.pem", GNUTLS_X509_FMT_PEM); gnutls_init(control->ssl_session, GNUTLS_CLIENT); { - int protocol_priority[16] = {GNUTLS_SSL3, 0 }; + int protocol_priority[16] = { GNUTLS_SSL3, 0 }; int kx_priority[16] = { GNUTLS_KX_ANON_DH, GNUTLS_KX_RSA, 0 }; int cipher_priority[16] = { GNUTLS_CIPHER_AES_128_CBC, GNUTLS_CIPHER_AES_256_CBC, 0 }; int mac_priority[16] = { GNUTLS_MAC_SHA1, GNUTLS_MAC_MD5, 0 }; @@ -687,30 +737,38 @@ iphone_error_t lockdownd_start_SSL_session(iphone_lckd_client_t control, const c gnutls_cipher_set_priority(*control->ssl_session, cipher_priority); gnutls_compression_set_priority(*control->ssl_session, comp_priority); gnutls_kx_set_priority(*control->ssl_session, kx_priority); - gnutls_protocol_set_priority( *control->ssl_session, protocol_priority); + gnutls_protocol_set_priority(*control->ssl_session, protocol_priority); gnutls_mac_set_priority(*control->ssl_session, mac_priority); } - gnutls_credentials_set(*control->ssl_session, GNUTLS_CRD_CERTIFICATE, xcred); // this part is killing me. - - if (debug) printf("GnuTLS step 1...\n"); + gnutls_credentials_set(*control->ssl_session, GNUTLS_CRD_CERTIFICATE, xcred); // this part is killing me. + + if (debug) + printf("GnuTLS step 1...\n"); gnutls_transport_set_ptr(*control->ssl_session, (gnutls_transport_ptr_t) control); - if (debug) printf("GnuTLS step 2...\n"); - gnutls_transport_set_push_function(*control->ssl_session, (gnutls_push_func)&lockdownd_secuwrite); - if (debug) printf("GnuTLS step 3...\n"); - gnutls_transport_set_pull_function(*control->ssl_session, (gnutls_pull_func)&lockdownd_securead); - if (debug) printf("GnuTLS step 4 -- now handshaking...\n"); - - if (errno && debug) printf("WARN: errno says %s before handshake!\n", strerror(errno)); + if (debug) + printf("GnuTLS step 2...\n"); + gnutls_transport_set_push_function(*control->ssl_session, (gnutls_push_func) & lockdownd_secuwrite); + if (debug) + printf("GnuTLS step 3...\n"); + gnutls_transport_set_pull_function(*control->ssl_session, (gnutls_pull_func) & lockdownd_securead); + if (debug) + printf("GnuTLS step 4 -- now handshaking...\n"); + + if (errno && debug) + printf("WARN: errno says %s before handshake!\n", strerror(errno)); return_me = gnutls_handshake(*control->ssl_session); - if (debug) printf("GnuTLS handshake done...\n"); - + if (debug) + printf("GnuTLS handshake done...\n"); + free_dictionary(dictionary); if (return_me != GNUTLS_E_SUCCESS) { - if (debug) printf("GnuTLS reported something wrong.\n"); + if (debug) + printf("GnuTLS reported something wrong.\n"); gnutls_perror(return_me); - if (debug) printf("oh.. errno says %s\n", strerror(errno)); + if (debug) + printf("oh.. errno says %s\n", strerror(errno)); return IPHONE_E_SSL_ERROR; } else { control->in_SSL = 1; @@ -718,19 +776,20 @@ iphone_error_t lockdownd_start_SSL_session(iphone_lckd_client_t control, const c } } } - + if (debug) { printf("Apparently failed negotiating with lockdownd.\n"); printf("Responding dictionary: \n"); - for (i = 0; dictionary[i]; i+=2) { - printf("\t%s: %s\n", dictionary[i], dictionary[i+1]); + for (i = 0; dictionary[i]; i += 2) { + printf("\t%s: %s\n", dictionary[i], dictionary[i + 1]); } } - + free_dictionary(dictionary); return IPHONE_E_SSL_ERROR; - } else { - if (debug) printf("Didn't get enough bytes.\n"); + } else { + if (debug) + printf("Didn't get enough bytes.\n"); return IPHONE_E_NOT_ENOUGH_DATA; } } @@ -743,14 +802,18 @@ iphone_error_t lockdownd_start_SSL_session(iphone_lckd_client_t control, const c * * @return The number of bytes sent */ -ssize_t lockdownd_secuwrite(gnutls_transport_ptr_t transport, char *buffer, size_t length) { +ssize_t lockdownd_secuwrite(gnutls_transport_ptr_t transport, char *buffer, size_t length) +{ int bytes = 0; iphone_lckd_client_t control; - control = (iphone_lckd_client_t)transport; - if (debug) printf("lockdownd_secuwrite() called\n"); - if (debug) printf("pre-send\nlength = %zi\n", length); + control = (iphone_lckd_client_t) transport; + if (debug) + printf("lockdownd_secuwrite() called\n"); + if (debug) + printf("pre-send\nlength = %zi\n", length); iphone_mux_send(control->connection, buffer, length, &bytes); - if (debug) printf("post-send\nsent %i bytes\n", bytes); + if (debug) + printf("post-send\nsent %i bytes\n", bytes); if (debug) { FILE *my_ssl_packet = fopen("sslpacketwrite.out", "w+"); fwrite(buffer, 1, length, my_ssl_packet); @@ -758,7 +821,7 @@ ssize_t lockdownd_secuwrite(gnutls_transport_ptr_t transport, char *buffer, size printf("Wrote SSL packet to drive, too.\n"); fclose(my_ssl_packet); } - + return bytes; } @@ -770,68 +833,86 @@ ssize_t lockdownd_secuwrite(gnutls_transport_ptr_t transport, char *buffer, size * * @return The number of bytes read */ -ssize_t lockdownd_securead(gnutls_transport_ptr_t transport, char *buffer, size_t length) { +ssize_t lockdownd_securead(gnutls_transport_ptr_t transport, char *buffer, size_t length) +{ int bytes = 0, pos_start_fill = 0; - char *hackhackhack = NULL; + char *hackhackhack = NULL; iphone_lckd_client_t control; - control = (iphone_lckd_client_t)transport; - if (debug) printf("lockdownd_securead() called\nlength = %zi\n", length); + control = (iphone_lckd_client_t) transport; + if (debug) + printf("lockdownd_securead() called\nlength = %zi\n", length); // Buffering hack! Throw what we've got in our "buffer" into the stream first, then get more. if (control->gtls_buffer_hack_len > 0) { - if (length > control->gtls_buffer_hack_len) { // If it's asking for more than we got - length -= control->gtls_buffer_hack_len; // Subtract what we have from their requested length - pos_start_fill = control->gtls_buffer_hack_len; // set the pos to start filling at - memcpy(buffer, control->gtls_buffer_hack, control->gtls_buffer_hack_len); // Fill their buffer partially - free(control->gtls_buffer_hack); // free our memory, it's not chained anymore - control->gtls_buffer_hack_len = 0; // we don't have a hack buffer anymore - if (debug) printf("Did a partial fill to help quench thirst for data\n"); - } else if (length < control->gtls_buffer_hack_len) { // If it's asking for less... - control->gtls_buffer_hack_len -= length; // subtract what they're asking for - memcpy(buffer, control->gtls_buffer_hack, length); // fill their buffer - hackhackhack = (char*)malloc(sizeof(char) * control->gtls_buffer_hack_len); // strndup is NOT a good solution -- concatenates \0!!!! Anyway, make a new "hack" buffer. - memcpy(hackhackhack, control->gtls_buffer_hack+length, control->gtls_buffer_hack_len); // Move what's left into the new one - free(control->gtls_buffer_hack); // Free the old one - control->gtls_buffer_hack = hackhackhack; // And make it the new one. - hackhackhack = NULL; - if (debug) printf("Quenched the thirst for data; new hack length is %i\n", control->gtls_buffer_hack_len); - return length; // hand it over. - } else { // length == hack length - memcpy(buffer, control->gtls_buffer_hack, length); // copy our buffer into theirs - free(control->gtls_buffer_hack); // free our "obligation" - control->gtls_buffer_hack_len = 0; // free our "obligation" - if (debug) printf("Satiated the thirst for data; now we have to eventually receive again.\n"); - return length; // hand it over + if (length > control->gtls_buffer_hack_len) { // If it's asking for more than we got + length -= control->gtls_buffer_hack_len; // Subtract what we have from their requested length + pos_start_fill = control->gtls_buffer_hack_len; // set the pos to start filling at + memcpy(buffer, control->gtls_buffer_hack, control->gtls_buffer_hack_len); // Fill their buffer partially + free(control->gtls_buffer_hack); // free our memory, it's not chained anymore + control->gtls_buffer_hack_len = 0; // we don't have a hack buffer anymore + if (debug) + printf("Did a partial fill to help quench thirst for data\n"); + } else if (length < control->gtls_buffer_hack_len) { // If it's asking for less... + control->gtls_buffer_hack_len -= length; // subtract what they're asking for + memcpy(buffer, control->gtls_buffer_hack, length); // fill their buffer + hackhackhack = (char *) malloc(sizeof(char) * control->gtls_buffer_hack_len); // strndup is NOT a good solution -- concatenates \0!!!! Anyway, make a new "hack" buffer. + memcpy(hackhackhack, control->gtls_buffer_hack + length, control->gtls_buffer_hack_len); // Move what's left into the new one + free(control->gtls_buffer_hack); // Free the old one + control->gtls_buffer_hack = hackhackhack; // And make it the new one. + hackhackhack = NULL; + if (debug) + printf("Quenched the thirst for data; new hack length is %i\n", control->gtls_buffer_hack_len); + return length; // hand it over. + } else { // length == hack length + memcpy(buffer, control->gtls_buffer_hack, length); // copy our buffer into theirs + free(control->gtls_buffer_hack); // free our "obligation" + control->gtls_buffer_hack_len = 0; // free our "obligation" + if (debug) + printf("Satiated the thirst for data; now we have to eventually receive again.\n"); + return length; // hand it over } } // End buffering hack! - char *recv_buffer = (char*)malloc(sizeof(char) * (length * 1000)); // ensuring nothing stupid happens - - if (debug) printf("pre-read\nclient wants %zi bytes\n", length); + char *recv_buffer = (char *) malloc(sizeof(char) * (length * 1000)); // ensuring nothing stupid happens + + if (debug) + printf("pre-read\nclient wants %zi bytes\n", length); iphone_mux_recv(control->connection, recv_buffer, (length * 1000), &bytes); - if (debug) printf("post-read\nwe got %i bytes\n", bytes); + if (debug) + printf("post-read\nwe got %i bytes\n", bytes); if (debug && bytes < 0) { printf("lockdownd_securead(): uh oh\n"); - printf("I believe what we have here is a failure to communicate... libusb says %s but strerror says %s\n", usb_strerror(), strerror(errno)); - return bytes + 28; // an errno + printf("I believe what we have here is a failure to communicate... libusb says %s but strerror says %s\n", + usb_strerror(), strerror(errno)); + return bytes + 28; // an errno } if (bytes >= length) { if (bytes > length) { - if (debug) printf("lockdownd_securead: Client deliberately read less data than was there; resorting to GnuTLS buffering hack.\n"); - if (!control->gtls_buffer_hack_len) { // if there's no hack buffer yet + if (debug) + printf + ("lockdownd_securead: Client deliberately read less data than was there; resorting to GnuTLS buffering hack.\n"); + if (!control->gtls_buffer_hack_len) { // if there's no hack buffer yet //control->gtls_buffer_hack = strndup(recv_buffer+length, bytes-length); // strndup is NOT a good solution! - control->gtls_buffer_hack_len += bytes-length; - control->gtls_buffer_hack = (char*)malloc(sizeof(char) * control->gtls_buffer_hack_len); - memcpy(control->gtls_buffer_hack, recv_buffer+length, control->gtls_buffer_hack_len); - } else { // if there is. - control->gtls_buffer_hack = realloc(control->gtls_buffer_hack, control->gtls_buffer_hack_len + (bytes - length)); - memcpy(control->gtls_buffer_hack+control->gtls_buffer_hack_len, recv_buffer+length, bytes-length); + control->gtls_buffer_hack_len += bytes - length; + control->gtls_buffer_hack = (char *) malloc(sizeof(char) * control->gtls_buffer_hack_len); + memcpy(control->gtls_buffer_hack, recv_buffer + length, control->gtls_buffer_hack_len); + } else { // if there is. + control->gtls_buffer_hack = + realloc(control->gtls_buffer_hack, control->gtls_buffer_hack_len + (bytes - length)); + memcpy(control->gtls_buffer_hack + control->gtls_buffer_hack_len, recv_buffer + length, bytes - length); control->gtls_buffer_hack_len += bytes - length; } } - memcpy(buffer+pos_start_fill, recv_buffer, length); + memcpy(buffer + pos_start_fill, recv_buffer, length); free(recv_buffer); - if (bytes == length) { if (debug) printf("Returning how much we received.\n"); return bytes; } - else { if (debug) printf("Returning what they want to hear.\nHack length: %i\n", control->gtls_buffer_hack_len); return length; } + if (bytes == length) { + if (debug) + printf("Returning how much we received.\n"); + return bytes; + } else { + if (debug) + printf("Returning what they want to hear.\nHack length: %i\n", control->gtls_buffer_hack_len); + return length; + } } return bytes; } @@ -843,12 +924,16 @@ ssize_t lockdownd_securead(gnutls_transport_ptr_t transport, char *buffer, size_ * * @return The port number the service was started on or 0 on failure. */ -iphone_error_t iphone_lckd_start_service ( iphone_lckd_client_t client, const char *service, int *port ) { - if (!client || !service || !port) return IPHONE_E_INVALID_ARG; +iphone_error_t iphone_lckd_start_service(iphone_lckd_client_t client, const char *service, int *port) +{ + if (!client || !service || !port) + return IPHONE_E_INVALID_ARG; - char* host_id = get_host_id(); - if (!host_id) return IPHONE_E_INVALID_CONF; - if (!client->in_SSL && !lockdownd_start_SSL_session(client, host_id)) return IPHONE_E_SSL_ERROR; + char *host_id = get_host_id(); + if (!host_id) + return IPHONE_E_INVALID_CONF; + if (!client->in_SSL && !lockdownd_start_SSL_session(client, host_id)) + return IPHONE_E_SSL_ERROR; char *XML_query, **dictionary; uint32 length, i = 0, port_loc = 0, bytes = 0; @@ -862,63 +947,78 @@ iphone_error_t iphone_lckd_start_service ( iphone_lckd_client_t client, const ch xmlNode *dict = add_child_to_plist(plist, "dict", "\n", NULL, 0); xmlNode *key; key = add_key_str_dict_element(plist, dict, "Request", "StartService", 1); - if (!key) { xmlFreeDoc(plist); return IPHONE_E_UNKNOWN_ERROR; } + if (!key) { + xmlFreeDoc(plist); + return IPHONE_E_UNKNOWN_ERROR; + } key = add_key_str_dict_element(plist, dict, "Service", service, 1); - if (!key) { xmlFreeDoc(plist); return IPHONE_E_UNKNOWN_ERROR; } - - xmlDocDumpMemory(plist, (xmlChar **)&XML_query, &length); - + if (!key) { + xmlFreeDoc(plist); + return IPHONE_E_UNKNOWN_ERROR; + } + + xmlDocDumpMemory(plist, (xmlChar **) & XML_query, &length); + ret = iphone_lckd_send(client, XML_query, length, &bytes); free(XML_query); - if (IPHONE_E_SUCCESS != ret) return ret; - + if (IPHONE_E_SUCCESS != ret) + return ret; + ret = iphone_lckd_recv(client, &XML_query, &bytes); xmlFreeDoc(plist); - if (IPHONE_E_SUCCESS != ret) return ret; - - if (bytes <= 0) return IPHONE_E_NOT_ENOUGH_DATA; + if (IPHONE_E_SUCCESS != ret) + return ret; + + if (bytes <= 0) + return IPHONE_E_NOT_ENOUGH_DATA; else { plist = xmlReadMemory(XML_query, bytes, NULL, NULL, 0); - if (!plist) return IPHONE_E_UNKNOWN_ERROR; + if (!plist) + return IPHONE_E_UNKNOWN_ERROR; dict = xmlDocGetRootElement(plist); - if (!dict) return IPHONE_E_UNKNOWN_ERROR; + if (!dict) + return IPHONE_E_UNKNOWN_ERROR; for (dict = dict->children; dict; dict = dict->next) { - if (!xmlStrcmp(dict->name, "dict")) break; + if (!xmlStrcmp(dict->name, "dict")) + break; } - - if (!dict) return IPHONE_E_UNKNOWN_ERROR; + + if (!dict) + return IPHONE_E_UNKNOWN_ERROR; dictionary = read_dict_element_strings(dict); - - for (i = 0; dictionary[i]; i+=2) { - if (debug) printf("lockdownd_start_service() dictionary %s: %s\n", dictionary[i], dictionary[i+1]); - + + for (i = 0; dictionary[i]; i += 2) { + if (debug) + printf("lockdownd_start_service() dictionary %s: %s\n", dictionary[i], dictionary[i + 1]); + if (!xmlStrcmp(dictionary[i], "Port")) { - port_loc = atoi(dictionary[i+1]); - if (debug) printf("lockdownd_start_service() atoi'd port: %i\n", port); + port_loc = atoi(dictionary[i + 1]); + if (debug) + printf("lockdownd_start_service() atoi'd port: %i\n", port); } - + if (!xmlStrcmp(dictionary[i], "Result")) { - if (!xmlStrcmp(dictionary[i+1], "Success")) { + if (!xmlStrcmp(dictionary[i + 1], "Success")) { result = 1; } } } - + if (debug) { printf("lockdownd_start_service(): DATA RECEIVED:\n\n"); fwrite(XML_query, 1, bytes, stdout); printf("end data received by lockdownd_start_service()\n"); } - + free(XML_query); xmlFreeDoc(plist); free_dictionary(dictionary); if (port && result) { *port = port_loc; return IPHONE_E_SUCCESS; - } - else return IPHONE_E_UNKNOWN_ERROR; + } else + return IPHONE_E_UNKNOWN_ERROR; } - + return IPHONE_E_UNKNOWN_ERROR; } -- cgit v1.1-32-gdbae