summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--common/userpref.c15
-rw-r--r--common/userpref.h2
-rw-r--r--src/lockdown.c23
3 files changed, 30 insertions, 10 deletions
diff --git a/common/userpref.c b/common/userpref.c
index 571b660..55ab9c4 100644
--- a/common/userpref.c
+++ b/common/userpref.c
@@ -1115,7 +1115,7 @@ userpref_error_t userpref_device_record_get_keys_and_certs(const char *udid, gnu
*
* @return 1 if the certificates were successfully retrieved, 0 otherwise
*/
-userpref_error_t userpref_device_record_get_certs_as_pem(const char *udid, key_data_t *pem_root_cert, key_data_t *pem_host_cert)
+userpref_error_t userpref_device_record_get_certs_as_pem(const char *udid, key_data_t *pem_root_cert, key_data_t *pem_host_cert, key_data_t *pem_device_cert)
{
if (!udid || !pem_root_cert || !pem_host_cert)
return USERPREF_E_INVALID_ARG;
@@ -1124,6 +1124,7 @@ userpref_error_t userpref_device_record_get_certs_as_pem(const char *udid, key_d
uint64_t length = 0;
plist_t root_cert = NULL;
plist_t host_cert = NULL;
+ plist_t dev_cert = NULL;
if (userpref_device_record_get_value(udid, USERPREF_HOST_CERTIFICATE_KEY, &host_cert) &&
userpref_device_record_get_value(udid, USERPREF_ROOT_CERTIFICATE_KEY, &root_cert)) {
if (host_cert && plist_get_node_type(host_cert) == PLIST_DATA) {
@@ -1143,6 +1144,18 @@ userpref_error_t userpref_device_record_get_certs_as_pem(const char *udid, key_d
buffer = NULL;
}
+ if (pem_device_cert) {
+ userpref_device_record_get_value(udid, USERPREF_DEVICE_CERTIFICATE_KEY, &dev_cert);
+ if (dev_cert && plist_get_node_type(dev_cert) == PLIST_DATA) {
+ plist_get_data_val(dev_cert, &buffer, &length);
+ pem_device_cert->data = (unsigned char*)malloc(length);
+ memcpy(pem_device_cert->data, buffer, length);
+ pem_device_cert->size = length;
+ free(buffer);
+ buffer = NULL;
+ }
+ }
+
return USERPREF_E_SUCCESS;
} else {
if (pem_root_cert->data) {
diff --git a/common/userpref.h b/common/userpref.h
index 8e38136..da9d454 100644
--- a/common/userpref.h
+++ b/common/userpref.h
@@ -75,7 +75,7 @@ LIBIMOBILEDEVICE_INTERNAL userpref_error_t userpref_device_record_get_keys_and_c
LIBIMOBILEDEVICE_INTERNAL userpref_error_t userpref_device_record_get_keys_and_certs(const char *udid, gnutls_x509_privkey_t root_privkey, gnutls_x509_crt_t root_crt, gnutls_x509_privkey_t host_privkey, gnutls_x509_crt_t host_crt);
#endif
LIBIMOBILEDEVICE_INTERNAL userpref_error_t userpref_device_record_set_keys_and_certs(const char *udid, key_data_t * root_key, key_data_t * root_cert, key_data_t * host_key, key_data_t * host_cert);
-LIBIMOBILEDEVICE_INTERNAL userpref_error_t userpref_device_record_get_certs_as_pem(const char *udid, key_data_t *pem_root_cert, key_data_t *pem_host_cert);
+LIBIMOBILEDEVICE_INTERNAL userpref_error_t userpref_device_record_get_certs_as_pem(const char *udid, key_data_t *pem_root_cert, key_data_t *pem_host_cert, key_data_t *pem_device_cert);
LIBIMOBILEDEVICE_INTERNAL userpref_error_t userpref_set_device_record(const char *udid, plist_t device_record);
userpref_error_t userpref_remove_device_record(const char *udid);
diff --git a/src/lockdown.c b/src/lockdown.c
index c0ea645..2b0ab89 100644
--- a/src/lockdown.c
+++ b/src/lockdown.c
@@ -890,7 +890,13 @@ static lockdownd_error_t generate_pair_record_plist(const char *udid, char* syst
key_data_t host_cert = { NULL, 0 };
key_data_t root_cert = { NULL, 0 };
- ret = lockdownd_gen_pair_cert_for_udid(udid, public_key, &device_cert, &host_cert, &root_cert);
+ userpref_error_t uret = userpref_device_record_get_certs_as_pem(udid, &root_cert, &host_cert, &device_cert);
+ if ((uret == USERPREF_E_SUCCESS) && (root_cert.size > 0) && (host_cert.size > 0) && (device_cert.size > 0)) {
+ ret = LOCKDOWN_E_SUCCESS;
+ }
+
+ if (ret != LOCKDOWN_E_SUCCESS)
+ ret = lockdownd_gen_pair_cert_for_udid(udid, public_key, &device_cert, &host_cert, &root_cert);
if (ret != LOCKDOWN_E_SUCCESS) {
return ret;
}
@@ -1059,6 +1065,12 @@ static lockdownd_error_t lockdownd_do_pair(lockdownd_client_t client, lockdownd_
plist_free(escrow_bag);
escrow_bag = NULL;
}
+
+ /* store DeviceCertificate upon successful pairing */
+ plist_t devcrt = plist_dict_get_item(dict_record, USERPREF_DEVICE_CERTIFICATE_KEY);
+ if (devcrt && plist_get_node_type(devcrt) == PLIST_DATA) {
+ userpref_device_record_set_value(client->udid, USERPREF_DEVICE_CERTIFICATE_KEY, plist_copy(devcrt));
+ }
}
}
} else {
@@ -1366,7 +1378,7 @@ lockdownd_error_t lockdownd_gen_pair_cert_for_udid(const char *udid, key_data_t
key_data_t pem_root_cert = { NULL, 0 };
key_data_t pem_host_cert = { NULL, 0 };
- uret = userpref_device_record_get_certs_as_pem(udid, &pem_root_cert, &pem_host_cert);
+ uret = userpref_device_record_get_certs_as_pem(udid, &pem_root_cert, &pem_host_cert, NULL);
if (USERPREF_E_SUCCESS == uret) {
/* copy buffer for output */
membp = BIO_new(BIO_s_mem());
@@ -1505,7 +1517,7 @@ lockdownd_error_t lockdownd_gen_pair_cert_for_udid(const char *udid, key_data_t
gnutls_datum_t pem_root_cert = { NULL, 0 };
gnutls_datum_t pem_host_cert = { NULL, 0 };
- uret = userpref_device_record_get_certs_as_pem(udid, &pem_root_cert, &pem_host_cert);
+ uret = userpref_device_record_get_certs_as_pem(udid, &pem_root_cert, &pem_host_cert, NULL);
if (USERPREF_E_SUCCESS == uret) {
/* copy buffer for output */
@@ -1560,11 +1572,6 @@ lockdownd_error_t lockdownd_gen_pair_cert_for_udid(const char *udid, key_data_t
gnutls_free(der_pub_key.data);
#endif
- /* save device cert in config */
- if (odevice_cert->size) {
- userpref_device_record_set_value(udid, USERPREF_DEVICE_CERTIFICATE_KEY, plist_new_data((char*)odevice_cert->data, (uint64_t)odevice_cert->size));
- }
-
return ret;
}