summaryrefslogtreecommitdiffstats
path: root/src/lockdown.c
AgeCommit message (Collapse)AuthorFilesLines
2014-08-06lockdown: Only set SystemBUID in pair_record_generate() if it actually ↵Gravatar Nikias Bassen1-1/+2
contains a value This will prevent a crash in libplist when plist_new_string() will be called with a NULL pointer.
2014-08-06lockdown: Silence compiler warning about ignored return value from asprintf()Gravatar Nikias Bassen1-8/+10
2014-05-05lockdown: cleanup: remove pointless gotoGravatar Andreas Henriksson1-4/+0
Minor cleanup. Drop useless code. We're already at "leave", so there's no need to (conditionally!) goto it.
2014-05-05lockdown: avoid crashing when getting system buid failsGravatar Andreas Henriksson1-2/+3
When userpref_read_system_buid fails to retrieve the buid, systembuid will be set to NULL. It was then unconditionally passed to plist_new_string - which will crash with a NULL argument. See https://bugs.debian.org/730756 for people reporting this happening in the real world. See https://github.com/libimobiledevice/libimobiledevice/commit/1331f6baa1799e41003aa812c0d1bf36193535ea ("lockdown: Make sure to set SystemBUID in generated pair records") for the commit where this problem was introduced.
2014-03-27Moved Doxygen comments from source files to public headers.Gravatar Aaron Burghardt1-278/+1
Conflicts: include/libimobiledevice/afc.h
2014-03-27lockdown: Return error if getting a lockdown value failed to fix segfaultGravatar Martin Szulecki1-0/+2
https://github.com/libimobiledevice/libimobiledevice/issues/67 The lockdownd_get_value() function is not properly handling an error situation. The code logic always returned success as long as the lockdown response was properly received. Thanks to Aaron Burghardt for spotting this.
2014-03-24lockdown: Prevent libplist assertion by checking result of ↵Gravatar Nikias Bassen1-4/+10
userpref_read_pair_record()
2014-03-22Update copyright in various filesGravatar Martin Szulecki1-0/+2
2014-03-21lockdown: Fix starting unsecure services as needed during trust dialog pairingGravatar Martin Szulecki1-14/+0
2014-03-21lockdown: Fix fetching WiFi address for pair record after trust dialog pairingGravatar Martin Szulecki1-12/+20
2014-03-21lockdown: Correct a few comments within pair generation codeGravatar Martin Szulecki1-1/+2
2014-03-21lockdown: Move HostID generation closer to code setting it in pair recordGravatar Martin Szulecki1-2/+1
2014-03-21lockdown: Read HostID again after pairing to fix first pair workflowGravatar Martin Szulecki1-0/+7
2014-03-21userpref: merge pair_record_generate_from_device_public_key() into ↵Gravatar Nikias Bassen1-15/+1
pair_record_generate_keys_and_certs()
2014-03-21lockdown: Make sure failed pairing validation works with correct error codeGravatar Martin Szulecki1-1/+1
2014-03-21lockdown: Plug memory leak due to missing free of public_keyGravatar Martin Szulecki1-0/+3
2014-03-21lockdown: Make sure to set SystemBUID in generated pair recordsGravatar Martin Szulecki1-1/+2
2014-03-21lockdown: Fix wrong pointer dereference of pair_record plistGravatar Martin Szulecki1-3/+3
2014-03-21lockdown: Remove obsolete debug outputGravatar Martin Szulecki1-6/+0
2014-03-21Refactor pair record handling to use new usbmuxd pair record interfaceGravatar Martin Szulecki1-418/+112
This refactoring is mandatory as libimobiledevice should not interact with the pair record configuration directory which is owned by the usbmuxd user. This change also adds compatibility for the native usbmuxd and thus pair records saved by iTunes.
2014-03-20Bump dependency to libplist 1.11 and remove use of "plist_dict_insert_item()"Gravatar Martin Szulecki1-39/+39
2014-03-18lockdown: make sure type is always free'd in lockdownd_client_new_with_handshakeGravatar Nikias Bassen1-2/+2
2014-03-10lockdown: disable SSL in lockdownd_stop_session()Gravatar Nikias Bassen1-0/+5
2014-03-10lockdown: removed outdated call to lockdownd_goodbye() in lockdown_client_free()Gravatar Nikias Bassen1-4/+0
2014-01-25Revert "lockdown: do not send Goodbye when SSL session was active"Gravatar Nikias Bassen1-2/+2
This reverts commit 56392428a49543bab4b12431451ec04bb799c411. Actually I committed this because of usbmuxd complaining about a TCP RST. But lockdownd is now complaining since it waits for the Goodbye packet (which I apparently didn't see during testing).
2014-01-15lockdown: do not send Goodbye when SSL session was activeGravatar Nikias Bassen1-2/+2
2013-11-30lockdown: Make sure to free client->session_id for sureGravatar Martin Szulecki1-0/+4
2013-11-30Fix possible memory corruption by ensuring client pointers NULL'd after freeGravatar Martin Szulecki1-0/+1
2013-11-30lockdown: Do not free session_id again after stop_session already didGravatar Martin Szulecki1-1/+0
2013-11-08lockdown: fix possible invalid free in GnuTLS cert generation codeGravatar Nikias Bassen1-3/+3
2013-11-04Convert stray spaces to corresponding tabsGravatar Martin Szulecki1-0/+1
2013-10-09Remove duplicate newline from debug messages as one is added automaticallyGravatar Martin Szulecki1-1/+1
2013-10-09lockdown: Plug few possible memory leaks in generate_pair_record_plist()Gravatar Martin Szulecki1-16/+6
2013-09-24lockdown: improve lockdownd_query_type result checkingGravatar Nikias Bassen1-4/+11
2013-09-23lockdown: Remove EscrowBag feature for now as it caused services to not startGravatar Martin Szulecki1-7/+0
2013-09-21lockdown: Only sent EscrowBag if we are running in a secure sessionGravatar Martin Szulecki1-2/+6
2013-09-21lockdown: Send EscrowBag when starting service for automatic unlockingGravatar Martin Szulecki1-0/+3
2013-09-19lockdown: Remove pairing code which is obsoleted by usbmuxd's preflight handlerGravatar Martin Szulecki1-53/+0
2013-09-19lockdown: Don't shutdown SSL during StopSession already or device complainsGravatar Martin Szulecki1-7/+6
2013-09-17lockdownd: remove unused udid variable in reconnect functionGravatar Nikias Bassen1-4/+0
2013-09-17lockdown: Refactor pair record generation/loading logic a bit for efficiencyGravatar Martin Szulecki1-42/+47
The current code always requests the public key and set's the SystemBUID, even if a pair record already exists which has these values ready. The change moves logic to only do that during generation of new certificates.
2013-09-17lockdown: Fix debug message during reconnect to show correct udidGravatar Martin Szulecki1-1/+1
2013-09-17lockdown: Fix generation of x509 subject key identifier extension for GnuTLSGravatar Martin Szulecki1-7/+12
2013-09-17Make sure to re-use the DeviceCertificate instead of generating a new one ↵Gravatar Nikias Bassen1-8/+15
every time This prevented iTunes from using a pairing made by libimobiledevice giving an error that the device sent invalid data.
2013-09-17lockdown: Add missing x509 extensions to match other platforms using GnuTLSGravatar Martin Szulecki1-0/+8
2013-09-17Fix broken build of GnuTLS and silence two compiler warningsGravatar Martin Szulecki1-2/+2
2013-09-17lockdown: Add missing x509 extensions to match other platforms using OpenSSLGravatar Martin Szulecki1-2/+18
2013-09-17lockdown: Allow starting services without the need for a running SSL sessionGravatar Martin Szulecki1-2/+2
2013-09-17Refactor userpref logic to use plist format and implement trust dialog handlingGravatar Martin Szulecki1-47/+210
iOS 7 introduced a new pairing workflow which increases security by showing a trust dialog to the user before pairing with the host is allowed. The userpref system was refactored to use the native plist format, too. Configuration files of the native implementations are used on each platform. Former configuration files are no longer in use and can be deleted.
2013-06-30Fixed memory leak in lockdownd_gen_pair_cert() by freeing X509_EXTENSION ↵Gravatar Aaron Burghardt1-0/+1
object when using OpenSSL.