diff options
| -rw-r--r-- | src/lockdown.c | 183 | 
1 files changed, 90 insertions, 93 deletions
| diff --git a/src/lockdown.c b/src/lockdown.c index 3d39fbd..55e2e65 100644 --- a/src/lockdown.c +++ b/src/lockdown.c @@ -662,113 +662,110 @@ iphone_error_t lockdownd_gen_pair_cert(char *public_key_b64, char **device_cert_   */  iphone_error_t lockdownd_start_SSL_session(iphone_lckd_client_t control, const char *HostID)  { -	xmlDocPtr plist = new_plist(); -	xmlNode *dict = add_child_to_plist(plist, "dict", "\n", NULL, 0); -	xmlNode *key; -	char *what2send = NULL, **dictionary = NULL; -	uint32_t len = 0, bytes = 0, return_me = 0, i = 0; +	plist_t plist = NULL; +	dict_t dict = NULL; +	char *XML_content = NULL; +	uint32_t length = 0, bytes = 0, return_me = 0; +  	iphone_error_t ret = IPHONE_E_UNKNOWN_ERROR; -	// end variables -	key = add_key_str_dict_element(plist, dict, "HostID", HostID, 1); -	if (!key) { -		log_debug_msg("Couldn't add a key.\n"); -		xmlFreeDoc(plist); -		return IPHONE_E_DICT_ERROR; -	} -	key = add_key_str_dict_element(plist, dict, "Request", "StartSession", 1); -	if (!key) { -		log_debug_msg("Couldn't add a key.\n"); -		xmlFreeDoc(plist); -		return IPHONE_E_DICT_ERROR; -	} +	/* Setup DevicePublicKey request plist */ +	plist_new_plist(&plist); +	plist_new_dict_in_plist(plist, &dict); +	plist_add_dict_element(dict, "HostID", PLIST_STRING, (void *) HostID); +	plist_add_dict_element(dict, "Request", PLIST_STRING, (void *) "StartSession"); +	plist_to_xml(plist, &XML_content, &length); +	log_debug_msg("Send msg :\nsize : %i\nxml : %s", length, XML_content); -	xmlDocDumpMemory(plist, (xmlChar **) & what2send, &len); -	ret = iphone_lckd_send(control, what2send, len, &bytes); +	ret = iphone_lckd_send(control, XML_content, length, &bytes); -	xmlFree(what2send); -	xmlFreeDoc(plist); +	xmlFree(XML_content); +	XML_content = NULL; +	plist_free(plist); +	plist = NULL;  	if (ret != IPHONE_E_SUCCESS)  		return ret;  	if (bytes > 0) { -		ret = iphone_lckd_recv(control, &what2send, &len); -		plist = xmlReadMemory(what2send, len, NULL, NULL, 0); -		dict = xmlDocGetRootElement(plist); -		if (!dict) -			return IPHONE_E_DICT_ERROR; -		for (dict = dict->children; dict; dict = dict->next) { -			if (!xmlStrcmp(dict->name, "dict")) -				break; -		} -		dictionary = read_dict_element_strings(dict); -		xmlFreeDoc(plist); -		free(what2send); -		for (i = 0; dictionary[i]; i += 2) { -			if (!strcmp(dictionary[i], "Result") && !strcmp(dictionary[i + 1], "Success")) { -				// Set up GnuTLS... -				//gnutls_anon_client_credentials_t anoncred; -				gnutls_certificate_credentials_t xcred; - -				log_debug_msg("We started the session OK, now trying GnuTLS\n"); -				errno = 0; -				gnutls_global_init(); -				//gnutls_anon_allocate_client_credentials(&anoncred); -				gnutls_certificate_allocate_credentials(&xcred); -				gnutls_certificate_set_x509_trust_file(xcred, "hostcert.pem", GNUTLS_X509_FMT_PEM); -				gnutls_init(control->ssl_session, GNUTLS_CLIENT); -				{ -					int protocol_priority[16] = { GNUTLS_SSL3, 0 }; -					int kx_priority[16] = { GNUTLS_KX_ANON_DH, GNUTLS_KX_RSA, 0 }; -					int cipher_priority[16] = { GNUTLS_CIPHER_AES_128_CBC, GNUTLS_CIPHER_AES_256_CBC, 0 }; -					int mac_priority[16] = { GNUTLS_MAC_SHA1, GNUTLS_MAC_MD5, 0 }; -					int comp_priority[16] = { GNUTLS_COMP_NULL, 0 }; - -					gnutls_cipher_set_priority(*control->ssl_session, cipher_priority); -					gnutls_compression_set_priority(*control->ssl_session, comp_priority); -					gnutls_kx_set_priority(*control->ssl_session, kx_priority); -					gnutls_protocol_set_priority(*control->ssl_session, protocol_priority); -					gnutls_mac_set_priority(*control->ssl_session, mac_priority); - -				} -				gnutls_credentials_set(*control->ssl_session, GNUTLS_CRD_CERTIFICATE, xcred);	// this part is killing me. - -				log_debug_msg("GnuTLS step 1...\n"); -				gnutls_transport_set_ptr(*control->ssl_session, (gnutls_transport_ptr_t) control); -				log_debug_msg("GnuTLS step 2...\n"); -				gnutls_transport_set_push_function(*control->ssl_session, (gnutls_push_func) & lockdownd_secuwrite); -				log_debug_msg("GnuTLS step 3...\n"); -				gnutls_transport_set_pull_function(*control->ssl_session, (gnutls_pull_func) & lockdownd_securead); -				log_debug_msg("GnuTLS step 4 -- now handshaking...\n"); - -				if (errno) -					log_debug_msg("WARN: errno says %s before handshake!\n", strerror(errno)); -				return_me = gnutls_handshake(*control->ssl_session); -				log_debug_msg("GnuTLS handshake done...\n"); - -				free_dictionary(dictionary); - -				if (return_me != GNUTLS_E_SUCCESS) { -					log_debug_msg("GnuTLS reported something wrong.\n"); -					gnutls_perror(return_me); -					log_debug_msg("oh.. errno says %s\n", strerror(errno)); -					return IPHONE_E_SSL_ERROR; -				} else { -					control->in_SSL = 1; -					return IPHONE_E_SUCCESS; -				} +		ret = iphone_lckd_recv(control, &XML_content, &bytes); +		log_debug_msg("Receive msg :\nsize : %i\nxml : %s", bytes, XML_content); +		xml_to_plist(XML_content, bytes, &plist); +		if (!plist) +			return IPHONE_E_PLIST_ERROR; + +		plist_t query_node = find_query_node(plist, "Request", "StartSession"); +		plist_t result_key_node = g_node_next_sibling(query_node); +		plist_t result_value_node = g_node_next_sibling(result_key_node); + +		plist_type result_key_type; +		plist_type result_value_type; +		char *result_key = NULL; +		char *result_value = NULL; + +		get_type_and_value(result_key_node, &result_key_type, (void *) (&result_key)); +		get_type_and_value(result_value_node, &result_value_type, (void *) (&result_value)); + +		xmlFree(XML_content); +		XML_content = NULL; +		plist_free(plist); +		plist = NULL; + +		if (result_key_type == PLIST_KEY && +			result_value_type == PLIST_STRING && !strcmp(result_key, "Result") && !strcmp(result_value, "Success")) { +			// Set up GnuTLS... +			//gnutls_anon_client_credentials_t anoncred; +			gnutls_certificate_credentials_t xcred; + +			log_debug_msg("We started the session OK, now trying GnuTLS\n"); +			errno = 0; +			gnutls_global_init(); +			//gnutls_anon_allocate_client_credentials(&anoncred); +			gnutls_certificate_allocate_credentials(&xcred); +			gnutls_certificate_set_x509_trust_file(xcred, "hostcert.pem", GNUTLS_X509_FMT_PEM); +			gnutls_init(control->ssl_session, GNUTLS_CLIENT); +			{ +				int protocol_priority[16] = { GNUTLS_SSL3, 0 }; +				int kx_priority[16] = { GNUTLS_KX_ANON_DH, GNUTLS_KX_RSA, 0 }; +				int cipher_priority[16] = { GNUTLS_CIPHER_AES_128_CBC, GNUTLS_CIPHER_AES_256_CBC, 0 }; +				int mac_priority[16] = { GNUTLS_MAC_SHA1, GNUTLS_MAC_MD5, 0 }; +				int comp_priority[16] = { GNUTLS_COMP_NULL, 0 }; + +				gnutls_cipher_set_priority(*control->ssl_session, cipher_priority); +				gnutls_compression_set_priority(*control->ssl_session, comp_priority); +				gnutls_kx_set_priority(*control->ssl_session, kx_priority); +				gnutls_protocol_set_priority(*control->ssl_session, protocol_priority); +				gnutls_mac_set_priority(*control->ssl_session, mac_priority); + +			} +			gnutls_credentials_set(*control->ssl_session, GNUTLS_CRD_CERTIFICATE, xcred);	// this part is killing me. + +			log_debug_msg("GnuTLS step 1...\n"); +			gnutls_transport_set_ptr(*control->ssl_session, (gnutls_transport_ptr_t) control); +			log_debug_msg("GnuTLS step 2...\n"); +			gnutls_transport_set_push_function(*control->ssl_session, (gnutls_push_func) & lockdownd_secuwrite); +			log_debug_msg("GnuTLS step 3...\n"); +			gnutls_transport_set_pull_function(*control->ssl_session, (gnutls_pull_func) & lockdownd_securead); +			log_debug_msg("GnuTLS step 4 -- now handshaking...\n"); + +			if (errno) +				log_debug_msg("WARN: errno says %s before handshake!\n", strerror(errno)); +			return_me = gnutls_handshake(*control->ssl_session); +			log_debug_msg("GnuTLS handshake done...\n"); + +			if (return_me != GNUTLS_E_SUCCESS) { +				log_debug_msg("GnuTLS reported something wrong.\n"); +				gnutls_perror(return_me); +				log_debug_msg("oh.. errno says %s\n", strerror(errno)); +				return IPHONE_E_SSL_ERROR; +			} else { +				control->in_SSL = 1; +				return IPHONE_E_SUCCESS;  			}  		}  		log_debug_msg("Apparently failed negotiating with lockdownd.\n");  		log_debug_msg("Responding dictionary: \n"); -		for (i = 0; dictionary[i]; i += 2) { -			log_debug_msg("\t%s: %s\n", dictionary[i], dictionary[i + 1]); -		} - - -		free_dictionary(dictionary);  		return IPHONE_E_SSL_ERROR;  	} else {  		log_debug_msg("Didn't get enough bytes.\n"); | 
