| /* |
| * lockdown.c |
| * com.apple.mobile.lockdownd service implementation. |
| * |
| * Copyright (c) 2009-2015 Martin Szulecki All Rights Reserved. |
| * Copyright (c) 2014-2015 Nikias Bassen All Rights Reserved. |
| * Copyright (c) 2010 Bryan Forbes All Rights Reserved. |
| * Copyright (c) 2008 Zach C. All Rights Reserved. |
| * |
| * This library is free software; you can redistribute it and/or |
| * modify it under the terms of the GNU Lesser General Public |
| * License as published by the Free Software Foundation; either |
| * version 2.1 of the License, or (at your option) any later version. |
| * |
| * This library is distributed in the hope that it will be useful, |
| * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
| * Lesser General Public License for more details. |
| * |
| * You should have received a copy of the GNU Lesser General Public |
| * License along with this library; if not, write to the Free Software |
| * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA |
| */ |
| |
| #ifdef HAVE_CONFIG_H |
| #include <config.h> |
| #endif |
| |
| #include <string.h> |
| #include <stdlib.h> |
| #define _GNU_SOURCE 1 |
| #define __USE_GNU 1 |
| #include <stdio.h> |
| #include <ctype.h> |
| #include <unistd.h> |
| #ifdef HAVE_OPENSSL |
| #include <openssl/pem.h> |
| #include <openssl/x509.h> |
| #include <openssl/x509v3.h> |
| #else |
| #include <libtasn1.h> |
| #include <gnutls/x509.h> |
| #include <gnutls/crypto.h> |
| #endif |
| #include <plist/plist.h> |
| |
| #include "property_list_service.h" |
| #include "lockdown.h" |
| #include "idevice.h" |
| #include "common/debug.h" |
| #include "common/userpref.h" |
| #include "common/utils.h" |
| #include "asprintf.h" |
| |
| #ifdef WIN32 |
| #include <windows.h> |
| #define sleep(x) Sleep(x*1000) |
| #endif |
| |
| /** |
| * Convert an error string identifier to a lockdownd_error_t value. |
| * Used internally to get correct error codes from a response. |
| * |
| * @param name The error name to convert. |
| * |
| * @return A matching lockdownd_error_t error code, |
| * LOCKDOWN_E_UNKNOWN_ERROR otherwise. |
| */ |
| static lockdownd_error_t lockdownd_strtoerr(const char* name) |
| { |
| lockdownd_error_t err = LOCKDOWN_E_UNKNOWN_ERROR; |
| |
| if (strcmp(name, "InvalidResponse") == 0) { |
| err = LOCKDOWN_E_INVALID_RESPONSE; |
| } else if (strcmp(name, "MissingKey") == 0) { |
| err = LOCKDOWN_E_MISSING_KEY; |
| } else if (strcmp(name, "MissingValue") == 0) { |
| err = LOCKDOWN_E_MISSING_VALUE; |
| } else if (strcmp(name, "GetProhibited") == 0) { |
| err = LOCKDOWN_E_GET_PROHIBITED; |
| } else if (strcmp(name, "SetProhibited") == 0) { |
| err = LOCKDOWN_E_SET_PROHIBITED; |
| } else if (strcmp(name, "RemoveProhibited") == 0) { |
| err = LOCKDOWN_E_REMOVE_PROHIBITED; |
| } else if (strcmp(name, "ImmutableValue") == 0) { |
| err = LOCKDOWN_E_IMMUTABLE_VALUE; |
| } else if (strcmp(name, "PasswordProtected") == 0) { |
| err = LOCKDOWN_E_PASSWORD_PROTECTED; |
| } else if (strcmp(name, "UserDeniedPairing") == 0) { |
| err = LOCKDOWN_E_USER_DENIED_PAIRING; |
| } else if (strcmp(name, "PairingDialogResponsePending") == 0) { |
| err = LOCKDOWN_E_PAIRING_DIALOG_RESPONSE_PENDING; |
| } else if (strcmp(name, "MissingHostID") == 0) { |
| err = LOCKDOWN_E_MISSING_HOST_ID; |
| } else if (strcmp(name, "InvalidHostID") == 0) { |
| err = LOCKDOWN_E_INVALID_HOST_ID; |
| } else if (strcmp(name, "SessionActive") == 0) { |
| err = LOCKDOWN_E_SESSION_ACTIVE; |
| } else if (strcmp(name, "SessionInactive") == 0) { |
| err = LOCKDOWN_E_SESSION_INACTIVE; |
| } else if (strcmp(name, "MissingSessionID") == 0) { |
| err = LOCKDOWN_E_MISSING_SESSION_ID; |
| } else if (strcmp(name, "InvalidSessionID") == 0) { |
| err = LOCKDOWN_E_INVALID_SESSION_ID; |
| } else if (strcmp(name, "MissingService") == 0) { |
| err = LOCKDOWN_E_MISSING_SERVICE; |
| } else if (strcmp(name, "InvalidService") == 0) { |
| err = LOCKDOWN_E_INVALID_SERVICE; |
| } else if (strcmp(name, "ServiceLimit") == 0) { |
| err = LOCKDOWN_E_SERVICE_LIMIT; |
| } else if (strcmp(name, "MissingPairRecord") == 0) { |
| err = LOCKDOWN_E_MISSING_PAIR_RECORD; |
| } else if (strcmp(name, "SavePairRecordFailed") == 0) { |
| err = LOCKDOWN_E_SAVE_PAIR_RECORD_FAILED; |
| } else if (strcmp(name, "InvalidPairRecord") == 0) { |
| err = LOCKDOWN_E_INVALID_PAIR_RECORD; |
| } else if (strcmp(name, "InvalidActivationRecord") == 0) { |
| err = LOCKDOWN_E_INVALID_ACTIVATION_RECORD; |
| } else if (strcmp(name, "MissingActivationRecord") == 0) { |
| err = LOCKDOWN_E_MISSING_ACTIVATION_RECORD; |
| } else if (strcmp(name, "ServiceProhibited") == 0) { |
| err = LOCKDOWN_E_SERVICE_PROHIBITED; |
| } else if (strcmp(name, "EscrowLocked") == 0) { |
| err = LOCKDOWN_E_ESCROW_LOCKED; |
| } else if (strcmp(name, "PairingProhibitedOverThisConnection") == 0) { |
| err = LOCKDOWN_E_PAIRING_PROHIBITED_OVER_THIS_CONNECTION; |
| } else if (strcmp(name, "FMiPProtected") == 0) { |
| err = LOCKDOWN_E_FMIP_PROTECTED; |
| } else if (strcmp(name, "MCProtected") == 0) { |
| err = LOCKDOWN_E_MC_PROTECTED; |
| } else if (strcmp(name, "MCChallengeRequired") == 0) { |
| err = LOCKDOWN_E_MC_CHALLENGE_REQUIRED; |
| } |
| |
| return err; |
| } |
| |
| /** |
| * Convert a property_list_service_error_t value to a lockdownd_error_t |
| * value. Used internally to get correct error codes. |
| * |
| * @param err A property_list_service_error_t error code |
| * |
| * @return A matching lockdownd_error_t error code, |
| * LOCKDOWND_E_UNKNOWN_ERROR otherwise. |
| */ |
| static lockdownd_error_t lockdownd_error(property_list_service_error_t err) |
| { |
| switch (err) { |
| case PROPERTY_LIST_SERVICE_E_SUCCESS: |
| return LOCKDOWN_E_SUCCESS; |
| case PROPERTY_LIST_SERVICE_E_INVALID_ARG: |
| return LOCKDOWN_E_INVALID_ARG; |
| case PROPERTY_LIST_SERVICE_E_PLIST_ERROR: |
| return LOCKDOWN_E_PLIST_ERROR; |
| case PROPERTY_LIST_SERVICE_E_MUX_ERROR: |
| return LOCKDOWN_E_MUX_ERROR; |
| case PROPERTY_LIST_SERVICE_E_SSL_ERROR: |
| return LOCKDOWN_E_SSL_ERROR; |
| case PROPERTY_LIST_SERVICE_E_RECEIVE_TIMEOUT: |
| return LOCKDOWN_E_RECEIVE_TIMEOUT; |
| default: |
| break; |
| } |
| return LOCKDOWN_E_UNKNOWN_ERROR; |
| } |
| |
| /** |
| * Internally used function for checking the result from lockdown's answer |
| * plist to a previously sent request. |
| * |
| * @param dict The plist to evaluate. |
| * @param query_match Name of the request to match or NULL if no match is |
| * required. |
| * |
| * @return LOCKDOWN_E_SUCCESS when the result is 'Success', |
| * LOCKDOWN_E_UNKNOWN_ERROR when the result is 'Failure', |
| * or a specific error code if derieved from the result. |
| */ |
| static lockdownd_error_t lockdown_check_result(plist_t dict, const char *query_match) |
| { |
| lockdownd_error_t ret = LOCKDOWN_E_UNKNOWN_ERROR; |
| |
| plist_t query_node = plist_dict_get_item(dict, "Request"); |
| if (!query_node) { |
| return ret; |
| } |
| |
| if (plist_get_node_type(query_node) != PLIST_STRING) { |
| return ret; |
| } else { |
| char *query_value = NULL; |
| |
| plist_get_string_val(query_node, &query_value); |
| if (!query_value) { |
| return ret; |
| } |
| |
| if (query_match && (strcmp(query_value, query_match) != 0)) { |
| free(query_value); |
| return ret; |
| } |
| |
| free(query_value); |
| } |
| |
| plist_t result_node = plist_dict_get_item(dict, "Result"); |
| if (!result_node) { |
| /* iOS 5: the 'Result' key is not present anymore. |
| But we need to check for the 'Error' key. */ |
| plist_t err_node = plist_dict_get_item(dict, "Error"); |
| if (err_node) { |
| if (plist_get_node_type(err_node) == PLIST_STRING) { |
| char *err_value = NULL; |
| |
| plist_get_string_val(err_node, &err_value); |
| if (err_value) { |
| debug_info("ERROR: %s", err_value); |
| ret = lockdownd_strtoerr(err_value); |
| free(err_value); |
| } else { |
| debug_info("ERROR: unknown error occured"); |
| } |
| } |
| return ret; |
| } |
| |
| ret = LOCKDOWN_E_SUCCESS; |
| |
| return ret; |
| } |
| |
| plist_type result_type = plist_get_node_type(result_node); |
| if (result_type == PLIST_STRING) { |
| char *result_value = NULL; |
| |
| plist_get_string_val(result_node, &result_value); |
| if (result_value) { |
| if (!strcmp(result_value, "Success")) { |
| ret = LOCKDOWN_E_SUCCESS; |
| } else if (!strcmp(result_value, "Failure")) { |
| ret = LOCKDOWN_E_UNKNOWN_ERROR; |
| } else { |
| debug_info("ERROR: unknown result value '%s'", result_value); |
| } |
| } |
| |
| if (result_value) |
| free(result_value); |
| } |
| |
| return ret; |
| } |
| |
| /** |
| * Adds a label key with the passed value to a plist dict node. |
| * |
| * @param plist The plist to add the key to |
| * @param label The value for the label key |
| * |
| */ |
| static void plist_dict_add_label(plist_t plist, const char *label) |
| { |
| if (plist && label) { |
| if (plist_get_node_type(plist) == PLIST_DICT) |
| plist_dict_set_item(plist, "Label", plist_new_string(label)); |
| } |
| } |
| |
| LIBIMOBILEDEVICE_API lockdownd_error_t lockdownd_stop_session(lockdownd_client_t client, const char *session_id) |
| { |
| if (!client) |
| return LOCKDOWN_E_INVALID_ARG; |
| |
| if (!session_id) { |
| debug_info("no session_id given, cannot stop session"); |
| return LOCKDOWN_E_INVALID_ARG; |
| } |
| |
| lockdownd_error_t ret = LOCKDOWN_E_UNKNOWN_ERROR; |
| |
| plist_t dict = plist_new_dict(); |
| plist_dict_add_label(dict, client->label); |
| plist_dict_set_item(dict,"Request", plist_new_string("StopSession")); |
| plist_dict_set_item(dict,"SessionID", plist_new_string(session_id)); |
| |
| debug_info("stopping session %s", session_id); |
| |
| ret = lockdownd_send(client, dict); |
| |
| plist_free(dict); |
| dict = NULL; |
| |
| ret = lockdownd_receive(client, &dict); |
| |
| if (!dict) { |
| debug_info("LOCKDOWN_E_PLIST_ERROR"); |
| return LOCKDOWN_E_PLIST_ERROR; |
| } |
| |
| ret = lockdown_check_result(dict, "StopSession"); |
| if (ret == LOCKDOWN_E_SUCCESS) { |
| debug_info("success"); |
| } |
| |
| plist_free(dict); |
| dict = NULL; |
| |
| if (client->session_id) { |
| free(client->session_id); |
| client->session_id = NULL; |
| } |
| |
| if (client->ssl_enabled) { |
| property_list_service_disable_ssl(client->parent); |
| client->ssl_enabled = 0; |
| } |
| |
| return ret; |
| } |
| |
| static lockdownd_error_t lockdownd_client_free_simple(lockdownd_client_t client) |
| { |
| if (!client) |
| return LOCKDOWN_E_INVALID_ARG; |
| |
| lockdownd_error_t ret = LOCKDOWN_E_UNKNOWN_ERROR; |
| |
| if (client->parent) { |
| if (property_list_service_client_free(client->parent) == PROPERTY_LIST_SERVICE_E_SUCCESS) { |
| ret = LOCKDOWN_E_SUCCESS; |
| } |
| } |
| |
| if (client->session_id) { |
| free(client->session_id); |
| client->session_id = NULL; |
| } |
| if (client->udid) { |
| free(client->udid); |
| } |
| if (client->label) { |
| free(client->label); |
| } |
| |
| free(client); |
| client = NULL; |
| |
| return ret; |
| } |
| |
| LIBIMOBILEDEVICE_API lockdownd_error_t lockdownd_client_free(lockdownd_client_t client) |
| { |
| if (!client) |
| return LOCKDOWN_E_INVALID_ARG; |
| |
| lockdownd_error_t ret = LOCKDOWN_E_UNKNOWN_ERROR; |
| |
| if (client->session_id) { |
| lockdownd_stop_session(client, client->session_id); |
| } |
| |
| ret = lockdownd_client_free_simple(client); |
| |
| return ret; |
| } |
| |
| LIBIMOBILEDEVICE_API void lockdownd_client_set_label(lockdownd_client_t client, const char *label) |
| { |
| if (client) { |
| if (client->label) |
| free(client->label); |
| |
| client->label = (label != NULL) ? strdup(label): NULL; |
| } |
| } |
| |
| LIBIMOBILEDEVICE_API lockdownd_error_t lockdownd_receive(lockdownd_client_t client, plist_t *plist) |
| { |
| if (!client || !plist || (plist && *plist)) |
| return LOCKDOWN_E_INVALID_ARG; |
| |
| return lockdownd_error(property_list_service_receive_plist(client->parent, plist)); |
| } |
| |
| LIBIMOBILEDEVICE_API lockdownd_error_t lockdownd_send(lockdownd_client_t client, plist_t plist) |
| { |
| if (!client || !plist) |
| return LOCKDOWN_E_INVALID_ARG; |
| |
| return lockdownd_error(property_list_service_send_xml_plist(client->parent, plist)); |
| } |
| |
| LIBIMOBILEDEVICE_API lockdownd_error_t lockdownd_query_type(lockdownd_client_t client, char **type) |
| { |
| if (!client) |
| return LOCKDOWN_E_INVALID_ARG; |
| |
| lockdownd_error_t ret = LOCKDOWN_E_UNKNOWN_ERROR; |
| |
| plist_t dict = plist_new_dict(); |
| plist_dict_add_label(dict, client->label); |
| plist_dict_set_item(dict,"Request", plist_new_string("QueryType")); |
| |
| debug_info("called"); |
| ret = lockdownd_send(client, dict); |
| |
| plist_free(dict); |
| dict = NULL; |
| |
| ret = lockdownd_receive(client, &dict); |
| |
| if (LOCKDOWN_E_SUCCESS != ret) |
| return ret; |
| |
| ret = LOCKDOWN_E_UNKNOWN_ERROR; |
| plist_t type_node = plist_dict_get_item(dict, "Type"); |
| if (type_node && (plist_get_node_type(type_node) == PLIST_STRING)) { |
| char* typestr = NULL; |
| plist_get_string_val(type_node, &typestr); |
| debug_info("success with type %s", typestr); |
| /* return the type if requested */ |
| if (type != NULL) { |
| *type = typestr; |
| } else { |
| free(typestr); |
| } |
| ret = LOCKDOWN_E_SUCCESS; |
| } else { |
| debug_info("hmm. QueryType response does not contain a type?!"); |
| debug_plist(dict); |
| } |
| plist_free(dict); |
| dict = NULL; |
| |
| return ret; |
| } |
| |
| LIBIMOBILEDEVICE_API lockdownd_error_t lockdownd_get_value(lockdownd_client_t client, const char *domain, const char *key, plist_t *value) |
| { |
| if (!client) |
| return LOCKDOWN_E_INVALID_ARG; |
| |
| plist_t dict = NULL; |
| lockdownd_error_t ret = LOCKDOWN_E_UNKNOWN_ERROR; |
| |
| /* setup request plist */ |
| dict = plist_new_dict(); |
| plist_dict_add_label(dict, client->label); |
| if (domain) { |
| plist_dict_set_item(dict,"Domain", plist_new_string(domain)); |
| } |
| if (key) { |
| plist_dict_set_item(dict,"Key", plist_new_string(key)); |
| } |
| plist_dict_set_item(dict,"Request", plist_new_string("GetValue")); |
| |
| /* send to device */ |
| ret = lockdownd_send(client, dict); |
| |
| plist_free(dict); |
| dict = NULL; |
| |
| if (ret != LOCKDOWN_E_SUCCESS) |
| return ret; |
| |
| /* Now get device's answer */ |
| ret = lockdownd_receive(client, &dict); |
| if (ret != LOCKDOWN_E_SUCCESS) |
| return ret; |
| |
| ret = lockdown_check_result(dict, "GetValue"); |
| if (ret == LOCKDOWN_E_SUCCESS) { |
| debug_info("success"); |
| } |
| |
| if (ret != LOCKDOWN_E_SUCCESS) { |
| plist_free(dict); |
| return ret; |
| } |
| |
| plist_t value_node = plist_dict_get_item(dict, "Value"); |
| |
| if (value_node) { |
| debug_info("has a value"); |
| *value = plist_copy(value_node); |
| } |
| |
| plist_free(dict); |
| return ret; |
| } |
| |
| LIBIMOBILEDEVICE_API lockdownd_error_t lockdownd_set_value(lockdownd_client_t client, const char *domain, const char *key, plist_t value) |
| { |
| if (!client || !value) |
| return LOCKDOWN_E_INVALID_ARG; |
| |
| plist_t dict = NULL; |
| lockdownd_error_t ret = LOCKDOWN_E_UNKNOWN_ERROR; |
| |
| /* setup request plist */ |
| dict = plist_new_dict(); |
| plist_dict_add_label(dict, client->label); |
| if (domain) { |
| plist_dict_set_item(dict,"Domain", plist_new_string(domain)); |
| } |
| if (key) { |
| plist_dict_set_item(dict,"Key", plist_new_string(key)); |
| } |
| plist_dict_set_item(dict,"Request", plist_new_string("SetValue")); |
| plist_dict_set_item(dict,"Value", value); |
| |
| /* send to device */ |
| ret = lockdownd_send(client, dict); |
| |
| plist_free(dict); |
| dict = NULL; |
| |
| if (ret != LOCKDOWN_E_SUCCESS) |
| return ret; |
| |
| /* Now get device's answer */ |
| ret = lockdownd_receive(client, &dict); |
| if (ret != LOCKDOWN_E_SUCCESS) |
| return ret; |
| |
| ret = lockdown_check_result(dict, "SetValue"); |
| if (ret == LOCKDOWN_E_SUCCESS) { |
| debug_info("success"); |
| } |
| |
| if (ret != LOCKDOWN_E_SUCCESS) { |
| plist_free(dict); |
| return ret; |
| } |
| |
| plist_free(dict); |
| return ret; |
| } |
| |
| LIBIMOBILEDEVICE_API lockdownd_error_t lockdownd_remove_value(lockdownd_client_t client, const char *domain, const char *key) |
| { |
| if (!client) |
| return LOCKDOWN_E_INVALID_ARG; |
| |
| plist_t dict = NULL; |
| lockdownd_error_t ret = LOCKDOWN_E_UNKNOWN_ERROR; |
| |
| /* setup request plist */ |
| dict = plist_new_dict(); |
| plist_dict_add_label(dict, client->label); |
| if (domain) { |
| plist_dict_set_item(dict,"Domain", plist_new_string(domain)); |
| } |
| if (key) { |
| plist_dict_set_item(dict,"Key", plist_new_string(key)); |
| } |
| plist_dict_set_item(dict,"Request", plist_new_string("RemoveValue")); |
| |
| /* send to device */ |
| ret = lockdownd_send(client, dict); |
| |
| plist_free(dict); |
| dict = NULL; |
| |
| if (ret != LOCKDOWN_E_SUCCESS) |
| return ret; |
| |
| /* Now get device's answer */ |
| ret = lockdownd_receive(client, &dict); |
| if (ret != LOCKDOWN_E_SUCCESS) |
| return ret; |
| |
| ret = lockdown_check_result(dict, "RemoveValue"); |
| if (ret == LOCKDOWN_E_SUCCESS) { |
| debug_info("success"); |
| } |
| |
| if (ret != LOCKDOWN_E_SUCCESS) { |
| plist_free(dict); |
| return ret; |
| } |
| |
| plist_free(dict); |
| return ret; |
| } |
| |
| LIBIMOBILEDEVICE_API lockdownd_error_t lockdownd_get_device_udid(lockdownd_client_t client, char **udid) |
| { |
| lockdownd_error_t ret = LOCKDOWN_E_UNKNOWN_ERROR; |
| plist_t value = NULL; |
| |
| ret = lockdownd_get_value(client, NULL, "UniqueDeviceID", &value); |
| if (ret != LOCKDOWN_E_SUCCESS) { |
| return ret; |
| } |
| plist_get_string_val(value, udid); |
| |
| plist_free(value); |
| value = NULL; |
| return ret; |
| } |
| |
| /** |
| * Retrieves the public key of the device from lockdownd. |
| * |
| * @param client An initialized lockdownd client. |
| * @param public_key Holds the public key of the device. The caller is |
| * responsible for freeing the memory. |
| * |
| * @return LOCKDOWN_E_SUCCESS on success |
| */ |
| static lockdownd_error_t lockdownd_get_device_public_key_as_key_data(lockdownd_client_t client, key_data_t *public_key) |
| { |
| lockdownd_error_t ret = LOCKDOWN_E_UNKNOWN_ERROR; |
| plist_t value = NULL; |
| char *value_value = NULL; |
| uint64_t size = 0; |
| |
| ret = lockdownd_get_value(client, NULL, "DevicePublicKey", &value); |
| if (ret != LOCKDOWN_E_SUCCESS) { |
| return ret; |
| } |
| plist_get_data_val(value, &value_value, &size); |
| public_key->data = (unsigned char*)value_value; |
| public_key->size = size; |
| |
| plist_free(value); |
| value = NULL; |
| |
| return ret; |
| } |
| |
| LIBIMOBILEDEVICE_API lockdownd_error_t lockdownd_get_device_name(lockdownd_client_t client, char **device_name) |
| { |
| lockdownd_error_t ret = LOCKDOWN_E_UNKNOWN_ERROR; |
| plist_t value = NULL; |
| |
| ret = lockdownd_get_value(client, NULL, "DeviceName", &value); |
| if (ret != LOCKDOWN_E_SUCCESS) { |
| return ret; |
| } |
| plist_get_string_val(value, device_name); |
| |
| plist_free(value); |
| value = NULL; |
| |
| return ret; |
| } |
| |
| LIBIMOBILEDEVICE_API lockdownd_error_t lockdownd_client_new(idevice_t device, lockdownd_client_t *client, const char *label) |
| { |
| if (!device || !client) |
| return LOCKDOWN_E_INVALID_ARG; |
| |
| static struct lockdownd_service_descriptor service = { |
| .port = 0xf27e, |
| .ssl_enabled = 0 |
| }; |
| |
| property_list_service_client_t plistclient = NULL; |
| if (property_list_service_client_new(device, (lockdownd_service_descriptor_t)&service, &plistclient) != PROPERTY_LIST_SERVICE_E_SUCCESS) { |
| debug_info("could not connect to lockdownd (device %s)", device->udid); |
| return LOCKDOWN_E_MUX_ERROR; |
| } |
| |
| lockdownd_client_t client_loc = (lockdownd_client_t) malloc(sizeof(struct lockdownd_client_private)); |
| client_loc->parent = plistclient; |
| client_loc->ssl_enabled = 0; |
| client_loc->session_id = NULL; |
| client_loc->mux_id = device->mux_id; |
| |
| if (idevice_get_udid(device, &client_loc->udid) != IDEVICE_E_SUCCESS) { |
| debug_info("failed to get device udid."); |
| } |
| debug_info("device udid: %s", client_loc->udid); |
| |
| client_loc->label = label ? strdup(label) : NULL; |
| |
| *client = client_loc; |
| |
| return LOCKDOWN_E_SUCCESS; |
| } |
| |
| LIBIMOBILEDEVICE_API lockdownd_error_t lockdownd_client_new_with_handshake(idevice_t device, lockdownd_client_t *client, const char *label) |
| { |
| if (!client) |
| return LOCKDOWN_E_INVALID_ARG; |
| |
| lockdownd_error_t ret = LOCKDOWN_E_SUCCESS; |
| lockdownd_client_t client_loc = NULL; |
| plist_t pair_record = NULL; |
| char *host_id = NULL; |
| char *type = NULL; |
| |
| ret = lockdownd_client_new(device, &client_loc, label); |
| if (LOCKDOWN_E_SUCCESS != ret) { |
| debug_info("failed to create lockdownd client."); |
| return ret; |
| } |
| |
| /* perform handshake */ |
| ret = lockdownd_query_type(client_loc, &type); |
| if (LOCKDOWN_E_SUCCESS != ret) { |
| debug_info("QueryType failed in the lockdownd client."); |
| } else if (strcmp("com.apple.mobile.lockdown", type)) { |
| debug_info("Warning QueryType request returned \"%s\".", type); |
| } |
| free(type); |
| |
| if (device->version == 0) { |
| plist_t p_version = NULL; |
| if (lockdownd_get_value(client_loc, NULL, "ProductVersion", &p_version) == LOCKDOWN_E_SUCCESS) { |
| int vers[3] = {0, 0, 0}; |
| char *s_version = NULL; |
| plist_get_string_val(p_version, &s_version); |
| if (s_version && sscanf(s_version, "%d.%d.%d", &vers[0], &vers[1], &vers[2]) >= 2) { |
| device->version = ((vers[0] & 0xFF) << 16) | ((vers[1] & 0xFF) << 8) | (vers[2] & 0xFF); |
| } |
| free(s_version); |
| } |
| plist_free(p_version); |
| } |
| |
| userpref_read_pair_record(client_loc->udid, &pair_record); |
| if (pair_record) { |
| pair_record_get_host_id(pair_record, &host_id); |
| } |
| if (LOCKDOWN_E_SUCCESS == ret && pair_record && !host_id) { |
| ret = LOCKDOWN_E_INVALID_CONF; |
| } |
| |
| if (LOCKDOWN_E_SUCCESS == ret && !pair_record) { |
| /* attempt pairing */ |
| ret = lockdownd_pair(client_loc, NULL); |
| } |
| |
| plist_free(pair_record); |
| pair_record = NULL; |
| |
| if (device->version < 0x070000) { |
| /* for older devices, we need to validate pairing to receive trusted host status */ |
| ret = lockdownd_validate_pair(client_loc, NULL); |
| |
| /* if not paired yet, let's do it now */ |
| if (LOCKDOWN_E_INVALID_HOST_ID == ret) { |
| free(host_id); |
| host_id = NULL; |
| ret = lockdownd_pair(client_loc, NULL); |
| if (LOCKDOWN_E_SUCCESS == ret) { |
| ret = lockdownd_validate_pair(client_loc, NULL); |
| } |
| } |
| } |
| |
| if (LOCKDOWN_E_SUCCESS == ret) { |
| if (!host_id) { |
| userpref_read_pair_record(client_loc->udid, &pair_record); |
| if (pair_record) { |
| pair_record_get_host_id(pair_record, &host_id); |
| plist_free(pair_record); |
| } |
| } |
| |
| ret = lockdownd_start_session(client_loc, host_id, NULL, NULL); |
| if (LOCKDOWN_E_SUCCESS != ret) { |
| debug_info("Session opening failed."); |
| } |
| |
| } |
| |
| if (LOCKDOWN_E_SUCCESS == ret) { |
| *client = client_loc; |
| } else { |
| lockdownd_client_free(client_loc); |
| } |
| free(host_id); |
| return ret; |
| } |
| |
| /** |
| * Returns a new plist from the supplied lockdownd pair record. The caller is |
| * responsible for freeing the plist. |
| * |
| * @param pair_record The pair record to create a plist from. |
| * |
| * @return A pair record plist from the device, NULL if pair_record is not set |
| */ |
| static plist_t lockdownd_pair_record_to_plist(lockdownd_pair_record_t pair_record) |
| { |
| if (!pair_record) |
| return NULL; |
| |
| /* setup request plist */ |
| plist_t dict = plist_new_dict(); |
| plist_dict_set_item(dict, "DeviceCertificate", plist_new_data(pair_record->device_certificate, strlen(pair_record->device_certificate))); |
| plist_dict_set_item(dict, "HostCertificate", plist_new_data(pair_record->host_certificate, strlen(pair_record->host_certificate))); |
| plist_dict_set_item(dict, "HostID", plist_new_string(pair_record->host_id)); |
| plist_dict_set_item(dict, "RootCertificate", plist_new_data(pair_record->root_certificate, strlen(pair_record->root_certificate))); |
| plist_dict_set_item(dict, "SystemBUID", plist_new_string(pair_record->system_buid)); |
| |
| return dict; |
| } |
| |
| /** |
| * Generates a pair record plist with required certificates for a specific |
| * device. If a pairing exists, it is loaded from the computer instead of being |
| * generated. |
| * |
| * @param pair_record_plist Holds the pair record. |
| * |
| * @return LOCKDOWN_E_SUCCESS on success |
| */ |
| static lockdownd_error_t pair_record_generate(lockdownd_client_t client, plist_t *pair_record) |
| { |
| lockdownd_error_t ret = LOCKDOWN_E_UNKNOWN_ERROR; |
| |
| key_data_t public_key = { NULL, 0 }; |
| char* host_id = NULL; |
| char* system_buid = NULL; |
| |
| /* retrieve device public key */ |
| ret = lockdownd_get_device_public_key_as_key_data(client, &public_key); |
| if (ret != LOCKDOWN_E_SUCCESS) { |
| debug_info("device refused to send public key."); |
| goto leave; |
| } |
| debug_info("device public key follows:\n%.*s", public_key.size, public_key.data); |
| |
| *pair_record = plist_new_dict(); |
| |
| /* generate keys and certificates into pair record */ |
| userpref_error_t uret = USERPREF_E_SUCCESS; |
| uret = pair_record_generate_keys_and_certs(*pair_record, public_key); |
| switch(uret) { |
| case USERPREF_E_INVALID_ARG: |
| ret = LOCKDOWN_E_INVALID_ARG; |
| break; |
| case USERPREF_E_INVALID_CONF: |
| ret = LOCKDOWN_E_INVALID_CONF; |
| break; |
| case USERPREF_E_SSL_ERROR: |
| ret = LOCKDOWN_E_SSL_ERROR; |
| default: |
| break; |
| } |
| |
| /* set SystemBUID */ |
| userpref_read_system_buid(&system_buid); |
| if (system_buid) { |
| plist_dict_set_item(*pair_record, USERPREF_SYSTEM_BUID_KEY, plist_new_string(system_buid)); |
| } |
| |
| /* set HostID */ |
| host_id = generate_uuid(); |
| pair_record_set_host_id(*pair_record, host_id); |
| |
| leave: |
| if (host_id) |
| free(host_id); |
| if (system_buid) |
| free(system_buid); |
| if (public_key.data) |
| free(public_key.data); |
| |
| return ret; |
| } |
| |
| /** |
| * Function used internally by lockdownd_pair() and lockdownd_validate_pair() |
| * |
| * @param client The lockdown client |
| * @param pair_record The pair record to use for pairing. If NULL is passed, then |
| * the pair records from the current machine are used. New records will be |
| * generated automatically when pairing is done for the first time. |
| * @param verb This is either "Pair", "ValidatePair" or "Unpair". |
| * @param options The pairing options to pass. |
| * @param response If non-NULL a pointer to lockdownd's response dictionary is returned. |
| * |
| * @return LOCKDOWN_E_SUCCESS on success, NP_E_INVALID_ARG when client is NULL, |
| * LOCKDOWN_E_PLIST_ERROR if the pair_record certificates are wrong, |
| * LOCKDOWN_E_PAIRING_FAILED if the pairing failed, |
| * LOCKDOWN_E_PASSWORD_PROTECTED if the device is password protected, |
| * LOCKDOWN_E_INVALID_HOST_ID if the device does not know the caller's host id |
| */ |
| static lockdownd_error_t lockdownd_do_pair(lockdownd_client_t client, lockdownd_pair_record_t pair_record, const char *verb, plist_t options, plist_t *result) |
| { |
| if (!client) |
| return LOCKDOWN_E_INVALID_ARG; |
| |
| lockdownd_error_t ret = LOCKDOWN_E_UNKNOWN_ERROR; |
| plist_t dict = NULL; |
| plist_t pair_record_plist = NULL; |
| plist_t wifi_node = NULL; |
| int pairing_mode = 0; /* 0 = libimobiledevice, 1 = external */ |
| |
| if (pair_record && pair_record->system_buid && pair_record->host_id) { |
| /* valid pair_record passed? */ |
| if (!pair_record->device_certificate || !pair_record->host_certificate || !pair_record->root_certificate) { |
| return LOCKDOWN_E_PLIST_ERROR; |
| } |
| |
| /* use passed pair_record */ |
| pair_record_plist = lockdownd_pair_record_to_plist(pair_record); |
| |
| pairing_mode = 1; |
| } else { |
| /* generate a new pair record if pairing */ |
| if (!strcmp("Pair", verb)) { |
| ret = pair_record_generate(client, &pair_record_plist); |
| |
| if (ret != LOCKDOWN_E_SUCCESS) { |
| if (pair_record_plist) |
| plist_free(pair_record_plist); |
| return ret; |
| } |
| |
| /* get wifi mac now, if we get it later we fail on iOS 7 which causes a reconnect */ |
| lockdownd_get_value(client, NULL, "WiFiAddress", &wifi_node); |
| } else { |
| /* use existing pair record */ |
| userpref_read_pair_record(client->udid, &pair_record_plist); |
| if (!pair_record_plist) { |
| return LOCKDOWN_E_INVALID_HOST_ID; |
| } |
| } |
| } |
| |
| plist_t request_pair_record = plist_copy(pair_record_plist); |
| |
| /* remove stuff that is private */ |
| plist_dict_remove_item(request_pair_record, USERPREF_ROOT_PRIVATE_KEY_KEY); |
| plist_dict_remove_item(request_pair_record, USERPREF_HOST_PRIVATE_KEY_KEY); |
| |
| /* setup pair request plist */ |
| dict = plist_new_dict(); |
| plist_dict_add_label(dict, client->label); |
| plist_dict_set_item(dict, "PairRecord", request_pair_record); |
| plist_dict_set_item(dict, "Request", plist_new_string(verb)); |
| plist_dict_set_item(dict, "ProtocolVersion", plist_new_string(LOCKDOWN_PROTOCOL_VERSION)); |
| |
| if (options) { |
| plist_dict_set_item(dict, "PairingOptions", plist_copy(options)); |
| } |
| |
| /* send to device */ |
| ret = lockdownd_send(client, dict); |
| plist_free(dict); |
| dict = NULL; |
| |
| if (ret != LOCKDOWN_E_SUCCESS) { |
| plist_free(pair_record_plist); |
| if (wifi_node) |
| plist_free(wifi_node); |
| return ret; |
| } |
| |
| /* Now get device's answer */ |
| ret = lockdownd_receive(client, &dict); |
| |
| if (ret != LOCKDOWN_E_SUCCESS) { |
| plist_free(pair_record_plist); |
| if (wifi_node) |
| plist_free(wifi_node); |
| return ret; |
| } |
| |
| if (strcmp(verb, "Unpair") == 0) { |
| /* workaround for Unpair giving back ValidatePair, |
| * seems to be a bug in the device's fw */ |
| if (lockdown_check_result(dict, NULL) != LOCKDOWN_E_SUCCESS) { |
| ret = LOCKDOWN_E_PAIRING_FAILED; |
| } |
| } else { |
| if (lockdown_check_result(dict, verb) != LOCKDOWN_E_SUCCESS) { |
| ret = LOCKDOWN_E_PAIRING_FAILED; |
| } |
| } |
| |
| /* if pairing succeeded */ |
| if (ret == LOCKDOWN_E_SUCCESS) { |
| debug_info("%s success", verb); |
| if (!pairing_mode) { |
| debug_info("internal pairing mode"); |
| if (!strcmp("Unpair", verb)) { |
| /* remove public key from config */ |
| userpref_delete_pair_record(client->udid); |
| } else { |
| if (!strcmp("Pair", verb)) { |
| /* add returned escrow bag if available */ |
| plist_t extra_node = plist_dict_get_item(dict, USERPREF_ESCROW_BAG_KEY); |
| if (extra_node && plist_get_node_type(extra_node) == PLIST_DATA) { |
| debug_info("Saving EscrowBag from response in pair record"); |
| plist_dict_set_item(pair_record_plist, USERPREF_ESCROW_BAG_KEY, plist_copy(extra_node)); |
| } |
| |
| /* save previously retrieved wifi mac address in pair record */ |
| if (wifi_node) { |
| debug_info("Saving WiFiAddress from device in pair record"); |
| plist_dict_set_item(pair_record_plist, USERPREF_WIFI_MAC_ADDRESS_KEY, plist_copy(wifi_node)); |
| plist_free(wifi_node); |
| wifi_node = NULL; |
| } |
| |
| userpref_save_pair_record(client->udid, client->mux_id, pair_record_plist); |
| } |
| } |
| } else { |
| debug_info("external pairing mode"); |
| } |
| } else { |
| debug_info("%s failure", verb); |
| plist_t error_node = NULL; |
| /* verify error condition */ |
| error_node = plist_dict_get_item(dict, "Error"); |
| if (error_node) { |
| char *value = NULL; |
| plist_get_string_val(error_node, &value); |
| if (value) { |
| /* the first pairing fails if the device is password protected */ |
| ret = lockdownd_strtoerr(value); |
| free(value); |
| } |
| } |
| } |
| |
| if (pair_record_plist) { |
| plist_free(pair_record_plist); |
| pair_record_plist = NULL; |
| } |
| |
| if (wifi_node) { |
| plist_free(wifi_node); |
| wifi_node = NULL; |
| } |
| |
| if (result) { |
| *result = dict; |
| } else { |
| plist_free(dict); |
| dict = NULL; |
| } |
| |
| return ret; |
| } |
| |
| LIBIMOBILEDEVICE_API lockdownd_error_t lockdownd_pair(lockdownd_client_t client, lockdownd_pair_record_t pair_record) |
| { |
| |
| plist_t options = plist_new_dict(); |
| plist_dict_set_item(options, "ExtendedPairingErrors", plist_new_bool(1)); |
| |
| lockdownd_error_t ret = lockdownd_do_pair(client, pair_record, "Pair", options, NULL); |
| |
| plist_free(options); |
| |
| return ret; |
| } |
| |
| LIBIMOBILEDEVICE_API lockdownd_error_t lockdownd_pair_with_options(lockdownd_client_t client, lockdownd_pair_record_t pair_record, plist_t options, plist_t *response) |
| { |
| return lockdownd_do_pair(client, pair_record, "Pair", options, response); |
| } |
| |
| LIBIMOBILEDEVICE_API lockdownd_error_t lockdownd_validate_pair(lockdownd_client_t client, lockdownd_pair_record_t pair_record) |
| { |
| return lockdownd_do_pair(client, pair_record, "ValidatePair", NULL, NULL); |
| } |
| |
| LIBIMOBILEDEVICE_API lockdownd_error_t lockdownd_unpair(lockdownd_client_t client, lockdownd_pair_record_t pair_record) |
| { |
| return lockdownd_do_pair(client, pair_record, "Unpair", NULL, NULL); |
| } |
| |
| LIBIMOBILEDEVICE_API lockdownd_error_t lockdownd_enter_recovery(lockdownd_client_t client) |
| { |
| if (!client) |
| return LOCKDOWN_E_INVALID_ARG; |
| |
| lockdownd_error_t ret = LOCKDOWN_E_UNKNOWN_ERROR; |
| |
| plist_t dict = plist_new_dict(); |
| plist_dict_add_label(dict, client->label); |
| plist_dict_set_item(dict,"Request", plist_new_string("EnterRecovery")); |
| |
| debug_info("telling device to enter recovery mode"); |
| |
| ret = lockdownd_send(client, dict); |
| plist_free(dict); |
| dict = NULL; |
| |
| ret = lockdownd_receive(client, &dict); |
| |
| ret = lockdown_check_result(dict, "EnterRecovery"); |
| if (ret == LOCKDOWN_E_SUCCESS) { |
| debug_info("success"); |
| } |
| |
| plist_free(dict); |
| dict = NULL; |
| |
| return ret; |
| } |
| |
| LIBIMOBILEDEVICE_API lockdownd_error_t lockdownd_goodbye(lockdownd_client_t client) |
| { |
| if (!client) |
| return LOCKDOWN_E_INVALID_ARG; |
| |
| lockdownd_error_t ret = LOCKDOWN_E_UNKNOWN_ERROR; |
| |
| plist_t dict = plist_new_dict(); |
| plist_dict_add_label(dict, client->label); |
| plist_dict_set_item(dict,"Request", plist_new_string("Goodbye")); |
| |
| debug_info("called"); |
| |
| ret = lockdownd_send(client, dict); |
| plist_free(dict); |
| dict = NULL; |
| |
| ret = lockdownd_receive(client, &dict); |
| if (!dict) { |
| debug_info("did not get goodbye response back"); |
| return LOCKDOWN_E_PLIST_ERROR; |
| } |
| |
| ret = lockdown_check_result(dict, "Goodbye"); |
| if (ret == LOCKDOWN_E_SUCCESS) { |
| debug_info("success"); |
| } |
| |
| plist_free(dict); |
| dict = NULL; |
| |
| return ret; |
| } |
| |
| LIBIMOBILEDEVICE_API lockdownd_error_t lockdownd_start_session(lockdownd_client_t client, const char *host_id, char **session_id, int *ssl_enabled) |
| { |
| lockdownd_error_t ret = LOCKDOWN_E_SUCCESS; |
| plist_t dict = NULL; |
| |
| if (!client || !host_id) |
| ret = LOCKDOWN_E_INVALID_ARG; |
| |
| /* if we have a running session, stop current one first */ |
| if (client->session_id) { |
| lockdownd_stop_session(client, client->session_id); |
| } |
| |
| /* setup request plist */ |
| dict = plist_new_dict(); |
| plist_dict_add_label(dict, client->label); |
| plist_dict_set_item(dict,"Request", plist_new_string("StartSession")); |
| |
| /* add host id */ |
| if (host_id) { |
| plist_dict_set_item(dict, "HostID", plist_new_string(host_id)); |
| } |
| |
| /* add system buid */ |
| char *system_buid = NULL; |
| userpref_read_system_buid(&system_buid); |
| if (system_buid) { |
| plist_dict_set_item(dict, "SystemBUID", plist_new_string(system_buid)); |
| if (system_buid) { |
| free(system_buid); |
| system_buid = NULL; |
| } |
| } |
| |
| ret = lockdownd_send(client, dict); |
| plist_free(dict); |
| dict = NULL; |
| |
| if (ret != LOCKDOWN_E_SUCCESS) |
| return ret; |
| |
| ret = lockdownd_receive(client, &dict); |
| |
| if (!dict) |
| return LOCKDOWN_E_PLIST_ERROR; |
| |
| ret = lockdown_check_result(dict, "StartSession"); |
| if (ret == LOCKDOWN_E_SUCCESS) { |
| uint8_t use_ssl = 0; |
| |
| plist_t enable_ssl = plist_dict_get_item(dict, "EnableSessionSSL"); |
| if (enable_ssl && (plist_get_node_type(enable_ssl) == PLIST_BOOLEAN)) { |
| plist_get_bool_val(enable_ssl, &use_ssl); |
| } |
| debug_info("Session startup OK"); |
| |
| if (ssl_enabled != NULL) |
| *ssl_enabled = use_ssl; |
| |
| /* store session id, we need it for StopSession */ |
| plist_t session_node = plist_dict_get_item(dict, "SessionID"); |
| if (session_node && (plist_get_node_type(session_node) == PLIST_STRING)) { |
| plist_get_string_val(session_node, &client->session_id); |
| } |
| |
| if (client->session_id) { |
| debug_info("SessionID: %s", client->session_id); |
| if (session_id != NULL) |
| *session_id = strdup(client->session_id); |
| } else { |
| debug_info("Failed to get SessionID!"); |
| } |
| |
| debug_info("Enable SSL Session: %s", (use_ssl ? "true" : "false")); |
| |
| if (use_ssl) { |
| ret = lockdownd_error(property_list_service_enable_ssl(client->parent)); |
| client->ssl_enabled = (ret == LOCKDOWN_E_SUCCESS ? 1 : 0); |
| } else { |
| ret = LOCKDOWN_E_SUCCESS; |
| client->ssl_enabled = 0; |
| } |
| } |
| |
| plist_free(dict); |
| dict = NULL; |
| |
| return ret; |
| } |
| |
| /** |
| * Internal function used by lockdownd_do_start_service to create the |
| * StartService request's plist. |
| * |
| * @param client The lockdownd client |
| * @param identifier The identifier of the service to start |
| * @param send_escrow_bag Should we send the device's escrow bag with the request |
| * @param request The request's plist on success, NULL on failure |
| * |
| * @return LOCKDOWN_E_SUCCESS on success, LOCKDOWN_E_INVALID_CONF on failure |
| * to read the escrow bag from the device's record (when used). |
| */ |
| static lockdownd_error_t lockdownd_build_start_service_request(lockdownd_client_t client, const char *identifier, int send_escrow_bag, plist_t *request) |
| { |
| plist_t dict = plist_new_dict(); |
| |
| /* create the basic request params */ |
| plist_dict_add_label(dict, client->label); |
| plist_dict_set_item(dict, "Request", plist_new_string("StartService")); |
| plist_dict_set_item(dict, "Service", plist_new_string(identifier)); |
| |
| /* if needed - get the escrow bag for the device and send it with the request */ |
| if (send_escrow_bag) { |
| /* get the pairing record */ |
| plist_t pair_record = NULL; |
| userpref_read_pair_record(client->udid, &pair_record); |
| if (!pair_record) { |
| debug_info("ERROR: failed to read pair record for device: %s", client->udid); |
| plist_free(dict); |
| return LOCKDOWN_E_INVALID_CONF; |
| } |
| |
| /* try to read the escrow bag from the record */ |
| plist_t escrow_bag = plist_dict_get_item(pair_record, USERPREF_ESCROW_BAG_KEY); |
| if (!escrow_bag || (PLIST_DATA != plist_get_node_type(escrow_bag))) { |
| debug_info("ERROR: Failed to retrieve the escrow bag from the device's record"); |
| plist_free(dict); |
| plist_free(pair_record); |
| return LOCKDOWN_E_INVALID_CONF; |
| } |
| |
| debug_info("Adding escrow bag to StartService for %s", identifier); |
| plist_dict_set_item(dict, USERPREF_ESCROW_BAG_KEY, plist_copy(escrow_bag)); |
| plist_free(pair_record); |
| } |
| |
| *request = dict; |
| return LOCKDOWN_E_SUCCESS; |
| } |
| |
| /** |
| * Function used internally by lockdownd_start_service and lockdownd_start_service_with_escrow_bag. |
| * |
| * @param client The lockdownd client |
| * @param identifier The identifier of the service to start |
| * @param send_escrow_bag Should we send the device's escrow bag with the request |
| * @param descriptor The service descriptor on success or NULL on failure |
| * |
| * @return LOCKDOWN_E_SUCCESS on success, LOCKDOWN_E_INVALID_ARG if a parameter |
| * is NULL, LOCKDOWN_E_INVALID_SERVICE if the requested service is not known |
| * by the device, LOCKDOWN_E_START_SERVICE_FAILED if the service could not because |
| * started by the device, LOCKDOWN_E_INVALID_CONF if the host id or escrow bag (when |
| * used) are missing from the device record. |
| */ |
| static lockdownd_error_t lockdownd_do_start_service(lockdownd_client_t client, const char *identifier, int send_escrow_bag, lockdownd_service_descriptor_t *service) |
| { |
| if (!client || !identifier || !service) |
| return LOCKDOWN_E_INVALID_ARG; |
| |
| if (*service) { |
| // reset fields if service descriptor is reused |
| (*service)->port = 0; |
| (*service)->ssl_enabled = 0; |
| } |
| |
| plist_t dict = NULL; |
| uint16_t port_loc = 0; |
| lockdownd_error_t ret = LOCKDOWN_E_UNKNOWN_ERROR; |
| |
| /* create StartService request */ |
| ret = lockdownd_build_start_service_request(client, identifier, send_escrow_bag, &dict); |
| if (LOCKDOWN_E_SUCCESS != ret) |
| return ret; |
| |
| /* send to device */ |
| ret = lockdownd_send(client, dict); |
| plist_free(dict); |
| dict = NULL; |
| |
| if (LOCKDOWN_E_SUCCESS != ret) |
| return ret; |
| |
| ret = lockdownd_receive(client, &dict); |
| |
| if (LOCKDOWN_E_SUCCESS != ret) |
| return ret; |
| |
| if (!dict) |
| return LOCKDOWN_E_PLIST_ERROR; |
| |
| ret = lockdown_check_result(dict, "StartService"); |
| if (ret == LOCKDOWN_E_SUCCESS) { |
| if (*service == NULL) |
| *service = (lockdownd_service_descriptor_t)malloc(sizeof(struct lockdownd_service_descriptor)); |
| (*service)->port = 0; |
| (*service)->ssl_enabled = 0; |
| |
| /* read service port number */ |
| plist_t node = plist_dict_get_item(dict, "Port"); |
| if (node && (plist_get_node_type(node) == PLIST_UINT)) { |
| uint64_t port_value = 0; |
| plist_get_uint_val(node, &port_value); |
| |
| if (port_value) { |
| port_loc = port_value; |
| ret = LOCKDOWN_E_SUCCESS; |
| } |
| if (port_loc && ret == LOCKDOWN_E_SUCCESS) { |
| (*service)->port = port_loc; |
| } |
| } |
| |
| /* check if the service requires SSL */ |
| node = plist_dict_get_item(dict, "EnableServiceSSL"); |
| if (node && (plist_get_node_type(node) == PLIST_BOOLEAN)) { |
| uint8_t b = 0; |
| plist_get_bool_val(node, &b); |
| (*service)->ssl_enabled = b; |
| } |
| } else { |
| plist_t error_node = plist_dict_get_item(dict, "Error"); |
| if (error_node && PLIST_STRING == plist_get_node_type(error_node)) { |
| char *error = NULL; |
| plist_get_string_val(error_node, &error); |
| ret = lockdownd_strtoerr(error); |
| free(error); |
| } |
| } |
| |
| plist_free(dict); |
| dict = NULL; |
| |
| return ret; |
| } |
| |
| LIBIMOBILEDEVICE_API lockdownd_error_t lockdownd_start_service(lockdownd_client_t client, const char *identifier, lockdownd_service_descriptor_t *service) |
| { |
| return lockdownd_do_start_service(client, identifier, 0, service); |
| } |
| |
| LIBIMOBILEDEVICE_API lockdownd_error_t lockdownd_start_service_with_escrow_bag(lockdownd_client_t client, const char *identifier, lockdownd_service_descriptor_t *service) |
| { |
| return lockdownd_do_start_service(client, identifier, 1, service); |
| } |
| |
| LIBIMOBILEDEVICE_API lockdownd_error_t lockdownd_activate(lockdownd_client_t client, plist_t activation_record) |
| { |
| if (!client) |
| return LOCKDOWN_E_INVALID_ARG; |
| |
| if (!client->session_id) |
| return LOCKDOWN_E_NO_RUNNING_SESSION; |
| |
| if (!activation_record) |
| return LOCKDOWN_E_INVALID_ARG; |
| |
| lockdownd_error_t ret = LOCKDOWN_E_UNKNOWN_ERROR; |
| |
| plist_t dict = plist_new_dict(); |
| plist_dict_add_label(dict, client->label); |
| plist_dict_set_item(dict,"Request", plist_new_string("Activate")); |
| plist_dict_set_item(dict,"ActivationRecord", plist_copy(activation_record)); |
| |
| ret = lockdownd_send(client, dict); |
| plist_free(dict); |
| dict = NULL; |
| |
| ret = lockdownd_receive(client, &dict); |
| if (!dict) { |
| debug_info("LOCKDOWN_E_PLIST_ERROR"); |
| return LOCKDOWN_E_PLIST_ERROR; |
| } |
| |
| ret = lockdown_check_result(dict, "Activate"); |
| if (ret == LOCKDOWN_E_SUCCESS) { |
| debug_info("success"); |
| } |
| |
| plist_free(dict); |
| dict = NULL; |
| |
| return ret; |
| } |
| |
| LIBIMOBILEDEVICE_API lockdownd_error_t lockdownd_deactivate(lockdownd_client_t client) |
| { |
| if (!client) |
| return LOCKDOWN_E_INVALID_ARG; |
| |
| if (!client->session_id) |
| return LOCKDOWN_E_NO_RUNNING_SESSION; |
| |
| lockdownd_error_t ret = LOCKDOWN_E_UNKNOWN_ERROR; |
| |
| plist_t dict = plist_new_dict(); |
| plist_dict_add_label(dict, client->label); |
| plist_dict_set_item(dict,"Request", plist_new_string("Deactivate")); |
| |
| ret = lockdownd_send(client, dict); |
| plist_free(dict); |
| dict = NULL; |
| |
| ret = lockdownd_receive(client, &dict); |
| if (!dict) { |
| debug_info("LOCKDOWN_E_PLIST_ERROR"); |
| return LOCKDOWN_E_PLIST_ERROR; |
| } |
| |
| ret = lockdown_check_result(dict, "Deactivate"); |
| if (ret == LOCKDOWN_E_SUCCESS) { |
| debug_info("success"); |
| } |
| |
| plist_free(dict); |
| dict = NULL; |
| |
| return ret; |
| } |
| |
| static void str_remove_spaces(char *source) |
| { |
| char *dest = source; |
| while (*source != 0) { |
| if (!isspace(*source)) { |
| *dest++ = *source; /* copy */ |
| } |
| source++; |
| } |
| *dest = 0; |
| } |
| |
| LIBIMOBILEDEVICE_API lockdownd_error_t lockdownd_get_sync_data_classes(lockdownd_client_t client, char ***classes, int *count) |
| { |
| if (!client) |
| return LOCKDOWN_E_INVALID_ARG; |
| |
| if (!client->session_id) |
| return LOCKDOWN_E_NO_RUNNING_SESSION; |
| |
| plist_t dict = NULL; |
| lockdownd_error_t err = LOCKDOWN_E_UNKNOWN_ERROR; |
| |
| plist_t value = NULL; |
| |
| char **newlist = NULL; |
| char *val = NULL; |
| |
| *classes = NULL; |
| *count = 0; |
| |
| err = lockdownd_get_value(client, "com.apple.mobile.iTunes", "SyncDataClasses", &dict); |
| if (err != LOCKDOWN_E_SUCCESS) { |
| if (dict) { |
| plist_free(dict); |
| } |
| return err; |
| } |
| |
| if (plist_get_node_type(dict) != PLIST_ARRAY) { |
| plist_free(dict); |
| return LOCKDOWN_E_PLIST_ERROR; |
| } |
| |
| while((value = plist_array_get_item(dict, *count)) != NULL) { |
| plist_get_string_val(value, &val); |
| newlist = realloc(*classes, sizeof(char*) * (*count+1)); |
| str_remove_spaces(val); |
| if (asprintf(&newlist[*count], "com.apple.%s", val) < 0) { |
| debug_info("ERROR: asprintf failed"); |
| } |
| free(val); |
| val = NULL; |
| *classes = newlist; |
| *count = *count+1; |
| } |
| |
| newlist = realloc(*classes, sizeof(char*) * (*count+1)); |
| newlist[*count] = NULL; |
| *classes = newlist; |
| |
| if (dict) { |
| plist_free(dict); |
| } |
| return LOCKDOWN_E_SUCCESS; |
| } |
| |
| LIBIMOBILEDEVICE_API lockdownd_error_t lockdownd_data_classes_free(char **classes) |
| { |
| if (classes) { |
| int i = 0; |
| while (classes[i++]) { |
| free(classes[i]); |
| } |
| free(classes); |
| } |
| return LOCKDOWN_E_SUCCESS; |
| } |
| |
| LIBIMOBILEDEVICE_API lockdownd_error_t lockdownd_service_descriptor_free(lockdownd_service_descriptor_t service) |
| { |
| if (service) |
| free(service); |
| |
| return LOCKDOWN_E_SUCCESS; |
| } |