]> andersk Git - libfaim.git/blame - src/login.c
andersk / libfaim.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
- Sat Aug 25 18:35:13 PDT 2001
[libfaim.git] / src / login.c
CommitLineData
9de3ca7e 1/*
2 * aim_login.c
3 *
4 * This contains all the functions needed to actually login.
5 *
6 */
7
37ee990e 8#define FAIM_INTERNAL
dd60ff8b 9#include <aim.h>
9de3ca7e 10
b5bc2a8c 11#include "md5.h"
12
5daacaa3 13static int aim_encode_password(const char *password, unsigned char *encoded);
9de3ca7e 14
355229fe 15faim_export int aim_sendflapver(struct aim_session_t *sess, struct aim_conn_t *conn)
01b59e1e 16{
355229fe 17 int curbyte=0;
01b59e1e 18
355229fe 19 struct command_tx_struct *newpacket;
01b59e1e 20
355229fe 21 if (!(newpacket = aim_tx_new(sess, conn, AIM_FRAMETYPE_OSCAR, 0x0001, 4)))
22 return -ENOMEM;
01b59e1e 23
355229fe 24 newpacket->lock = 1;
25
26 curbyte += aimutil_put16(newpacket->data+curbyte, 0x0000);
27 curbyte += aimutil_put16(newpacket->data+curbyte, 0x0001);
28
29 newpacket->lock = 0;
30
31 return aim_tx_enqueue(sess, newpacket);
01b59e1e 32}
33
01b59e1e 34/*
35 * In AIM 3.5 protocol, the first stage of login is to request
36 * login from the Authorizer, passing it the screen name
37 * for verification. If the name is invalid, a 0017/0003
38 * is spit back, with the standard error contents. If valid,
39 * a 0017/0007 comes back, which is the signal to send
40 * it the main login command (0017/0002).
41 */
355229fe 42faim_export int aim_request_login(struct aim_session_t *sess, struct aim_conn_t *conn, const char *sn)
01b59e1e 43{
355229fe 44 int curbyte;
45 struct command_tx_struct *newpacket;
46
47 if (!sess || !conn || !sn)
48 return -EINVAL;
49
50 /*
51 * For ICQ, we enable the ancient horrible login and stuff
52 * a key packet into the queue to make it look like we got
53 * a reply back. This is so the client doesn't know we're
54 * really not doing MD5 login.
55 *
56 * This may sound stupid, but I'm not in the best of moods and
57 * I don't plan to keep support for this crap around much longer.
58 * Its all AOL's fault anyway, really. I hate AOL. Really. They
59 * always seem to be able to piss me off by doing the dumbest little
60 * things. Like disabling MD5 logins for ICQ UINs, or adding
61 * purposefully wrong TLV lengths, or adding superfluous information
62 * to host strings, or... I'll stop.
63 *
64 */
65 if ((sn[0] >= '0') && (sn[0] <= '9')) {
66 struct command_rx_struct *newrx;
67 int i;
68
69 /* XXX Uhm why doesn't this use aim_tx_new? */
70 if (!(newrx = (struct command_rx_struct *)malloc(sizeof(struct command_rx_struct))))
71 return -ENOMEM;
72
73 memset(newrx, 0x00, sizeof(struct command_rx_struct));
74 newrx->lock = 1;
75 newrx->hdrtype = AIM_FRAMETYPE_OSCAR;
76 newrx->hdr.oscar.type = 0x02;
77 newrx->hdr.oscar.seqnum = 0;
78 newrx->commandlen = 10+2+1;
79 newrx->nofree = 0;
80
81 if (!(newrx->data = malloc(newrx->commandlen))) {
82 free(newrx);
83 return -ENOMEM;
84 }
85
86 i = aim_putsnac(newrx->data, 0x0017, 0x0007, 0x0000, 0x0000);
87 i += aimutil_put16(newrx->data+i, 0x01);
88 i += aimutil_putstr(newrx->data+i, "0", 1);
89
90 newrx->conn = conn;
91
92 newrx->next = sess->queue_incoming;
93 sess->queue_incoming = newrx;
94
95 newrx->lock = 0;
96
97 sess->flags &= ~AIM_SESS_FLAGS_SNACLOGIN;
98
99 return 0;
100 }
101
102 sess->flags |= AIM_SESS_FLAGS_SNACLOGIN;
103
104 aim_sendflapver(sess, conn);
105
106 if (!(newpacket = aim_tx_new(sess, conn, AIM_FRAMETYPE_OSCAR, 0x0002, 10+2+2+strlen(sn))))
107 return -ENOMEM;
108
109 newpacket->lock = 1;
110
111 curbyte = aim_putsnac(newpacket->data, 0x0017, 0x0006, 0x0000, 0x00010000);
112 curbyte += aim_puttlv_str(newpacket->data+curbyte, 0x0001, strlen(sn), sn);
113
114 newpacket->commandlen = curbyte;
115 newpacket->lock = 0;
116
117 return aim_tx_enqueue(sess, newpacket);
01b59e1e 118}
01b59e1e 119
9de3ca7e 120/*
24286d93 121 * send_login(int socket, char *sn, char *password)
9de3ca7e 122 *
123 * This is the initial login request packet.
124 *
b1eac25a 125 * NOTE!! If you want/need to make use of the aim_sendmemblock() function,
126 * then the client information you send here must exactly match the
127 * executable that you're pulling the data from.
9de3ca7e 128 *
355982c5 129 * Latest WinAIM:
130 * clientstring = "AOL Instant Messenger (SM), version 4.3.2188/WIN32"
131 * major2 = 0x0109
132 * major = 0x0400
133 * minor = 0x0003
134 * minor2 = 0x0000
135 * build = 0x088c
136 * unknown = 0x00000086
137 * lang = "en"
138 * country = "us"
139 * unknown4a = 0x01
154b4093 140 *
141 * Latest WinAIM that libfaim can emulate without server-side buddylists:
b1eac25a 142 * clientstring = "AOL Instant Messenger (SM), version 4.1.2010/WIN32"
143 * major2 = 0x0004
144 * major = 0x0004
145 * minor = 0x0001
146 * minor2 = 0x0000
147 * build = 0x07da
148 * unknown= 0x0000004b
149 *
150 * WinAIM 3.5.1670:
154b4093 151 * clientstring = "AOL Instant Messenger (SM), version 3.5.1670/WIN32"
152 * major2 = 0x0004
153 * major = 0x0003
154 * minor = 0x0005
155 * minor2 = 0x0000
156 * build = 0x0686
157 * unknown =0x0000002a
158 *
d32954e7 159 * Java AIM 1.1.19:
160 * clientstring = "AOL Instant Messenger (TM) version 1.1.19 for Java built 03/24/98, freeMem 215871 totalMem 1048567, i686, Linus, #2 SMP Sun Feb 11 03:41:17 UTC 2001 2.4.1-ac9, IBM Corporation, 1.1.8, 45.3, Tue Mar 27 12:09:17 PST 2001"
161 * major2 = 0x0001
162 * major = 0x0001
163 * minor = 0x0001
164 * minor2 = (not sent)
165 * build = 0x0013
166 * unknown= (not sent)
167 *
168 * AIM for Linux 1.1.112:
169 * clientstring = "AOL Instant Messenger (SM)"
170 * major2 = 0x1d09
171 * major = 0x0001
172 * minor = 0x0001
173 * minor2 = 0x0001
174 * build = 0x0070
175 * unknown= 0x0000008b
176 * serverstore = 0x01
177 *
9de3ca7e 178 */
355229fe 179faim_export int aim_send_login (struct aim_session_t *sess, struct aim_conn_t *conn, char *sn, char *password, struct client_info_s *clientinfo, char *key)
9de3ca7e 180{
355229fe 181 int curbyte=0;
182 struct command_tx_struct *newpacket;
183
184 if (!clientinfo || !sn || !password)
185 return -EINVAL;
186
187 if (!(newpacket = aim_tx_new(sess, conn, AIM_FRAMETYPE_OSCAR, 0x0002, 1152)))
188 return -ENOMEM;
189
190 newpacket->lock = 1;
191
192 newpacket->hdr.oscar.type = (sess->flags & AIM_SESS_FLAGS_SNACLOGIN)?0x02:0x01;
193
194 if (sess->flags & AIM_SESS_FLAGS_SNACLOGIN)
195 curbyte = aim_putsnac(newpacket->data, 0x0017, 0x0002, 0x0000, 0x00010000);
196 else {
197 curbyte = aimutil_put16(newpacket->data, 0x0000);
198 curbyte += aimutil_put16(newpacket->data+curbyte, 0x0001);
199 }
200
201 curbyte += aim_puttlv_str(newpacket->data+curbyte, 0x0001, strlen(sn), sn);
202
203 if (sess->flags & AIM_SESS_FLAGS_SNACLOGIN) {
204 unsigned char digest[16];
205
206 aim_encode_password_md5(password, key, digest);
207 curbyte+= aim_puttlv_str(newpacket->data+curbyte, 0x0025, 16, (char *)digest);
208 } else {
209 char *password_encoded;
210
211 password_encoded = (char *) malloc(strlen(password));
212 aim_encode_password(password, password_encoded);
213 curbyte += aim_puttlv_str(newpacket->data+curbyte, 0x0002, strlen(password), password_encoded);
214 free(password_encoded);
215 }
216
217 curbyte += aim_puttlv_str(newpacket->data+curbyte, 0x0003, strlen(clientinfo->clientstring), clientinfo->clientstring);
218
219 if (sess->flags & AIM_SESS_FLAGS_SNACLOGIN) {
220
221 curbyte += aim_puttlv_16(newpacket->data+curbyte, 0x0016, (unsigned short)clientinfo->major2);
222 curbyte += aim_puttlv_16(newpacket->data+curbyte, 0x0017, (unsigned short)clientinfo->major);
223 curbyte += aim_puttlv_16(newpacket->data+curbyte, 0x0018, (unsigned short)clientinfo->minor);
224 curbyte += aim_puttlv_16(newpacket->data+curbyte, 0x0019, (unsigned short)clientinfo->minor2);
225 curbyte += aim_puttlv_16(newpacket->data+curbyte, 0x001a, (unsigned short)clientinfo->build);
226
227 } else {
228 /* Use very specific version numbers, to further indicate the hack. */
229 curbyte += aim_puttlv_16(newpacket->data+curbyte, 0x0016, 0x010a);
230 curbyte += aim_puttlv_16(newpacket->data+curbyte, 0x0017, 0x0004);
231 curbyte += aim_puttlv_16(newpacket->data+curbyte, 0x0018, 0x003c);
232 curbyte += aim_puttlv_16(newpacket->data+curbyte, 0x0019, 0x0001);
233 curbyte += aim_puttlv_16(newpacket->data+curbyte, 0x001a, 0x0cce);
234 curbyte += aim_puttlv_32(newpacket->data+curbyte, 0x0014, 0x00000055);
235 }
236
237 curbyte += aim_puttlv_str(newpacket->data+curbyte, 0x000e, strlen(clientinfo->country), clientinfo->country);
238 curbyte += aim_puttlv_str(newpacket->data+curbyte, 0x000f, strlen(clientinfo->lang), clientinfo->lang);
239
240 if (sess->flags & AIM_SESS_FLAGS_SNACLOGIN) {
241 curbyte += aim_puttlv_32(newpacket->data+curbyte, 0x0014, clientinfo->unknown);
242 curbyte += aim_puttlv_16(newpacket->data+curbyte, 0x0009, 0x0015);
243 }
244
245 newpacket->commandlen = curbyte;
246 newpacket->lock = 0;
247
248 return aim_tx_enqueue(sess, newpacket);
9de3ca7e 249}
9de3ca7e 250
9f1a4013 251faim_export int aim_encode_password_md5(const char *password, const char *key, unsigned char *digest)
b5bc2a8c 252{
355229fe 253 md5_state_t state;
b5bc2a8c 254
355229fe 255 md5_init(&state);
256 md5_append(&state, (const md5_byte_t *)key, strlen(key));
257 md5_append(&state, (const md5_byte_t *)password, strlen(password));
258 md5_append(&state, (const md5_byte_t *)AIM_MD5_STRING, strlen(AIM_MD5_STRING));
259 md5_finish(&state, (md5_byte_t *)digest);
b5bc2a8c 260
355229fe 261 return 0;
b5bc2a8c 262}
263
5daacaa3 264/**
265 * aim_encode_password - Encode a password using old XOR method
266 * @password: incoming password
267 * @encoded: buffer to put encoded password
9de3ca7e 268 *
269 * This takes a const pointer to a (null terminated) string
270 * containing the unencoded password. It also gets passed
271 * an already allocated buffer to store the encoded password.
272 * This buffer should be the exact length of the password without
5daacaa3 273 * the null. The encoded password buffer /is not %NULL terminated/.
9de3ca7e 274 *
275 * The encoding_table seems to be a fixed set of values. We'll
276 * hope it doesn't change over time!
277 *
5daacaa3 278 * This is only used for the XOR method, not the better MD5 method.
b5bc2a8c 279 *
9de3ca7e 280 */
b5bc2a8c 281static int aim_encode_password(const char *password, unsigned char *encoded)
9de3ca7e 282{
355229fe 283 unsigned char encoding_table[] = {
b69540e3 284#if 0 /* old v1 table */
355229fe 285 0xf3, 0xb3, 0x6c, 0x99,
286 0x95, 0x3f, 0xac, 0xb6,
287 0xc5, 0xfa, 0x6b, 0x63,
288 0x69, 0x6c, 0xc3, 0x9f
b69540e3 289#else /* v2.1 table, also works for ICQ */
355229fe 290 0xf3, 0x26, 0x81, 0xc4,
291 0x39, 0x86, 0xdb, 0x92,
292 0x71, 0xa3, 0xb9, 0xe6,
293 0x53, 0x7a, 0x95, 0x7c
b69540e3 294#endif
355229fe 295 };
296 int i;
5e02cf44 297
355229fe 298 for (i = 0; i < strlen(password); i++)
299 encoded[i] = (password[i] ^ encoding_table[i]);
5e02cf44 300
355229fe 301 return 0;
5e02cf44 302}
303
e6b05d80 304/*
305 * Generate an authorization response.
306 *
307 * You probably don't want this unless you're writing an AIM server.
308 *
309 */
78b3fb13 310faim_export unsigned long aim_sendauthresp(struct aim_session_t *sess,
311 struct aim_conn_t *conn,
355982c5 312 char *sn, int errorcode,
313 char *errorurl, char *bosip,
78b3fb13 314 char *cookie, char *email,
315 int regstatus)
e6b05d80 316{
355229fe 317 struct command_tx_struct *tx;
318 struct aim_tlvlist_t *tlvlist = NULL;
319
320 if (!(tx = aim_tx_new(sess, conn, AIM_FRAMETYPE_OSCAR, 0x0004, 1152)))
321 return -ENOMEM;
322
323 tx->lock = 1;
324
325 if (sn)
326 aim_addtlvtochain_str(&tlvlist, 0x0001, sn, strlen(sn));
327 else
328 aim_addtlvtochain_str(&tlvlist, 0x0001, sess->sn, strlen(sess->sn));
329
330 if (errorcode) {
331 aim_addtlvtochain16(&tlvlist, 0x0008, errorcode);
332 aim_addtlvtochain_str(&tlvlist, 0x0004, errorurl, strlen(errorurl));
333 } else {
334 aim_addtlvtochain_str(&tlvlist, 0x0005, bosip, strlen(bosip));
335 aim_addtlvtochain_str(&tlvlist, 0x0006, cookie, AIM_COOKIELEN);
336 aim_addtlvtochain_str(&tlvlist, 0x0011, email, strlen(email));
337 aim_addtlvtochain16(&tlvlist, 0x0013, (unsigned short)regstatus);
338 }
339
340 tx->commandlen = aim_writetlvchain(tx->data, tx->commandlen, &tlvlist);
341 tx->lock = 0;
342
343 return aim_tx_enqueue(sess, tx);
e6b05d80 344}
345
346/*
347 * Generate a random cookie. (Non-client use only)
348 */
78b3fb13 349faim_export int aim_gencookie(unsigned char *buf)
e6b05d80 350{
355229fe 351 int i;
e6b05d80 352
355229fe 353 srand(time(NULL));
e6b05d80 354
355229fe 355 for (i=0; i < AIM_COOKIELEN; i++)
356 buf[i] = 1+(int) (256.0*rand()/(RAND_MAX+0.0));
e6b05d80 357
355229fe 358 return i;
e6b05d80 359}
360
361/*
362 * Send Server Ready. (Non-client)
363 */
78b3fb13 364faim_export int aim_sendserverready(struct aim_session_t *sess, struct aim_conn_t *conn)
e6b05d80 365{
355229fe 366 struct command_tx_struct *tx;
367 int i;
368
369 if (!(tx = aim_tx_new(sess, conn, AIM_FRAMETYPE_OSCAR, 0x0002, 10+0x22)))
370 return -ENOMEM;
371
372 tx->lock = 1;
373
374 i = aim_putsnac(tx->data, 0x0001, 0x0003, 0x0000, sess->snac_nextid++);
375
376 i += aimutil_put16(tx->data+i, 0x0001);
377 i += aimutil_put16(tx->data+i, 0x0002);
378 i += aimutil_put16(tx->data+i, 0x0003);
379 i += aimutil_put16(tx->data+i, 0x0004);
380 i += aimutil_put16(tx->data+i, 0x0006);
381 i += aimutil_put16(tx->data+i, 0x0008);
382 i += aimutil_put16(tx->data+i, 0x0009);
383 i += aimutil_put16(tx->data+i, 0x000a);
384 i += aimutil_put16(tx->data+i, 0x000b);
385 i += aimutil_put16(tx->data+i, 0x000c);
386 i += aimutil_put16(tx->data+i, 0x0013);
387 i += aimutil_put16(tx->data+i, 0x0015);
388
389 tx->commandlen = i;
390 tx->lock = 0;
391
392 return aim_tx_enqueue(sess, tx);
e6b05d80 393}
394
395
396/*
397 * Send service redirect. (Non-Client)
398 */
355229fe 399faim_export unsigned long aim_sendredirect(struct aim_session_t *sess, struct aim_conn_t *conn, unsigned short servid, char *ip, char *cookie)
e6b05d80 400{
355229fe 401 struct command_tx_struct *tx;
402 struct aim_tlvlist_t *tlvlist = NULL;
403 int i;
404
405 if (!(tx = aim_tx_new(sess, conn, AIM_FRAMETYPE_OSCAR, 0x0002, 1152)))
406 return -ENOMEM;
e6b05d80 407
355229fe 408 tx->lock = 1;
5b79dc93 409
355229fe 410 i = aim_putsnac(tx->data, 0x0001, 0x0005, 0x0000, 0x00000000);
e6b05d80 411
355229fe 412 aim_addtlvtochain16(&tlvlist, 0x000d, servid);
413 aim_addtlvtochain_str(&tlvlist, 0x0005, ip, strlen(ip));
414 aim_addtlvtochain_str(&tlvlist, 0x0006, cookie, AIM_COOKIELEN);
e6b05d80 415
355229fe 416 tx->commandlen = aim_writetlvchain(tx->data+i, tx->commandlen-i, &tlvlist)+i;
417 aim_freetlvchain(&tlvlist);
e6b05d80 418
355229fe 419 tx->lock = 0;
420
421 return aim_tx_enqueue(sess, tx);
e6b05d80 422}
00ef5271 423
424
425static int hostonline(struct aim_session_t *sess, aim_module_t *mod, struct command_rx_struct *rx, aim_modsnac_t *snac, unsigned char *data, int datalen)
426{
355229fe 427 aim_rxcallback_t userfunc;
428 int ret = 0;
429 unsigned short *families;
430 int famcount, i;
00ef5271 431
355229fe 432 famcount = datalen/2;
00ef5271 433
355229fe 434 if (!(families = malloc(datalen)))
435 return 0;
00ef5271 436
355229fe 437 for (i = 0; i < famcount; i++)
438 families[i] = aimutil_get16(data+(i*2));
00ef5271 439
355229fe 440 if ((userfunc = aim_callhandler(sess, rx->conn, snac->family, snac->subtype)))
441 ret = userfunc(sess, rx, famcount, families);
00ef5271 442
355229fe 443 free(families);
00ef5271 444
355229fe 445 return ret;
00ef5271 446}
447
448static int redirect(struct aim_session_t *sess, aim_module_t *mod, struct command_rx_struct *rx, aim_modsnac_t *snac, unsigned char *data, int datalen)
449{
355229fe 450 int serviceid;
451 unsigned char *cookie;
452 char *ip;
453 aim_rxcallback_t userfunc;
454 struct aim_tlvlist_t *tlvlist;
455 char *chathack = NULL;
456 int chathackex = 0;
457 int ret = 0;
458
459 tlvlist = aim_readtlvchain(data, datalen);
460
461 if (!aim_gettlv(tlvlist, 0x000d, 1) ||
462 !aim_gettlv(tlvlist, 0x0005, 1) ||
463 !aim_gettlv(tlvlist, 0x0006, 1)) {
464 aim_freetlvchain(&tlvlist);
465 return 0;
466 }
467
468 serviceid = aim_gettlv16(tlvlist, 0x000d, 1);
469 ip = aim_gettlv_str(tlvlist, 0x0005, 1);
470 cookie = aim_gettlv_str(tlvlist, 0x0006, 1);
471
472 /*
473 * Chat hack.
474 */
475 if ((serviceid == AIM_CONN_TYPE_CHAT) && sess->pendingjoin) {
476 chathack = sess->pendingjoin;
477 chathackex = sess->pendingjoinexchange;
478 sess->pendingjoin = NULL;
479 sess->pendingjoinexchange = 0;
480 }
481
482 if ((userfunc = aim_callhandler(sess, rx->conn, snac->family, snac->subtype)))
483 ret = userfunc(sess, rx, serviceid, ip, cookie, chathack, chathackex);
484
485 free(ip);
486 free(cookie);
487 free(chathack);
488
489 aim_freetlvchain(&tlvlist);
490
491 return ret;
00ef5271 492}
493
494/*
495 * The Rate Limiting System, An Abridged Guide to Nonsense.
496 *
497 * OSCAR defines several 'rate classes'. Each class has seperate
498 * rate limiting properties (limit level, alert level, disconnect
499 * level, etc), and a set of SNAC family/type pairs associated with
500 * it. The rate classes, their limiting properties, and the definitions
501 * of which SNACs are belong to which class, are defined in the
502 * Rate Response packet at login to each host.
503 *
504 * Logically, all rate offenses within one class count against further
505 * offenses for other SNACs in the same class (ie, sending messages
506 * too fast will limit the number of user info requests you can send,
507 * since those two SNACs are in the same rate class).
508 *
509 * Since the rate classes are defined dynamically at login, the values
510 * below may change. But they seem to be fairly constant.
511 *
512 * Currently, BOS defines five rate classes, with the commonly used
513 * members as follows...
514 *
515 * Rate class 0x0001:
516 * - Everything thats not in any of the other classes
517 *
518 * Rate class 0x0002:
519 * - Buddy list add/remove
520 * - Permit list add/remove
521 * - Deny list add/remove
522 *
523 * Rate class 0x0003:
524 * - User information requests
525 * - Outgoing ICBMs
526 *
527 * Rate class 0x0004:
528 * - A few unknowns: 2/9, 2/b, and f/2
529 *
530 * Rate class 0x0005:
531 * - Chat room create
532 * - Outgoing chat ICBMs
533 *
534 * The only other thing of note is that class 5 (chat) has slightly looser
535 * limiting properties than class 3 (normal messages). But thats just a
536 * small bit of trivia for you.
537 *
538 * The last thing that needs to be learned about the rate limiting
539 * system is how the actual numbers relate to the passing of time. This
540 * seems to be a big mystery.
541 *
542 */
543
544/* XXX parse this */
545static int rateresp(struct aim_session_t *sess, aim_module_t *mod, struct command_rx_struct *rx, aim_modsnac_t *snac, unsigned char *data, int datalen)
546{
355229fe 547 aim_rxcallback_t userfunc;
00ef5271 548
355229fe 549 if ((userfunc = aim_callhandler(sess, rx->conn, snac->family, snac->subtype)))
550 return userfunc(sess, rx);
00ef5271 551
355229fe 552 return 0;
00ef5271 553}
554
555static int ratechange(struct aim_session_t *sess, aim_module_t *mod, struct command_rx_struct *rx, aim_modsnac_t *snac, unsigned char *data, int datalen)
556{
355229fe 557 aim_rxcallback_t userfunc;
558 int i = 0, code;
559 unsigned long currentavg, maxavg;
560 unsigned long rateclass, windowsize, clear, alert, limit, disconnect;
561
562 code = aimutil_get16(data+i);
563 i += 2;
564
565 rateclass = aimutil_get16(data+i);
566 i += 2;
567
568 windowsize = aimutil_get32(data+i);
569 i += 4;
570 clear = aimutil_get32(data+i);
571 i += 4;
572 alert = aimutil_get32(data+i);
573 i += 4;
574 limit = aimutil_get32(data+i);
575 i += 4;
576 disconnect = aimutil_get32(data+i);
577 i += 4;
578 currentavg = aimutil_get32(data+i);
579 i += 4;
580 maxavg = aimutil_get32(data+i);
581 i += 4;
582
583 if ((userfunc = aim_callhandler(sess, rx->conn, snac->family, snac->subtype)))
584 return userfunc(sess, rx, code, rateclass, windowsize, clear, alert, limit, disconnect, currentavg, maxavg);
585
586 return 0;
00ef5271 587}
588
589/* XXX parse this */
590static int selfinfo(struct aim_session_t *sess, aim_module_t *mod, struct command_rx_struct *rx, aim_modsnac_t *snac, unsigned char *data, int datalen)
591{
355229fe 592 aim_rxcallback_t userfunc;
00ef5271 593
355229fe 594 if ((userfunc = aim_callhandler(sess, rx->conn, snac->family, snac->subtype)))
595 return userfunc(sess, rx);
00ef5271 596
355229fe 597 return 0;
00ef5271 598}
599
600static int evilnotify(struct aim_session_t *sess, aim_module_t *mod, struct command_rx_struct *rx, aim_modsnac_t *snac, unsigned char *data, int datalen)
601{
355229fe 602 aim_rxcallback_t userfunc = NULL;
603 int i = 0;
604 unsigned short newevil;
605 struct aim_userinfo_s userinfo;
606
607 newevil = aimutil_get16(data);
608 i += 2;
00ef5271 609
355229fe 610 memset(&userinfo, 0, sizeof(struct aim_userinfo_s));
00ef5271 611
355229fe 612 if (datalen-i)
613 i += aim_extractuserinfo(sess, data+i, &userinfo);
00ef5271 614
355229fe 615 if ((userfunc = aim_callhandler(sess, rx->conn, snac->family, snac->subtype)))
616 return userfunc(sess, rx, newevil, &userinfo);
00ef5271 617
355229fe 618 return 0;
00ef5271 619}
620
621static int motd(struct aim_session_t *sess, aim_module_t *mod, struct command_rx_struct *rx, aim_modsnac_t *snac, unsigned char *data, int datalen)
622{
355229fe 623 aim_rxcallback_t userfunc;
624 char *msg = NULL;
625 int ret = 0;
626 struct aim_tlvlist_t *tlvlist;
627 unsigned short id;
628
629 /*
630 * Code.
631 *
632 * Valid values:
633 * 1 Mandatory upgrade
634 * 2 Advisory upgrade
635 * 3 System bulletin
636 * 4 Nothing's wrong ("top o the world" -- normal)
637 *
638 */
639 id = aimutil_get16(data);
640
641 /*
642 * TLVs follow
643 */
644 if ((tlvlist = aim_readtlvchain(data+2, datalen-2)))
645 msg = aim_gettlv_str(tlvlist, 0x000b, 1);
646
647 if ((userfunc = aim_callhandler(sess, rx->conn, snac->family, snac->subtype)))
648 ret = userfunc(sess, rx, id, msg);
649
650 free(msg);
651
652 aim_freetlvchain(&tlvlist);
653
654 return ret;
00ef5271 655}
656
657static int hostversions(struct aim_session_t *sess, aim_module_t *mod, struct command_rx_struct *rx, aim_modsnac_t *snac, unsigned char *data, int datalen)
658{
355229fe 659 aim_rxcallback_t userfunc;
660 int vercount;
00ef5271 661
355229fe 662 vercount = datalen/4;
00ef5271 663
355229fe 664 if ((userfunc = aim_callhandler(sess, rx->conn, snac->family, snac->subtype)))
665 return userfunc(sess, rx, vercount, data);
666
667 return 0;
00ef5271 668}
b1eac25a 669
d32954e7 670/*
b1eac25a 671 * Starting this past week (26 Mar 2001, say), AOL has started sending
672 * this nice little extra SNAC. AFAIK, it has never been used until now.
673 *
674 * The request contains eight bytes. The first four are an offset, the
675 * second four are a length.
d32954e7 676 *
b1eac25a 677 * The offset is an offset into aim.exe when it is mapped during execution
678 * on Win32. So far, AOL has only been requesting bytes in static regions
679 * of memory. (I won't put it past them to start requesting data in
680 * less static regions -- regions that are initialized at run time, but still
681 * before the client recieves this request.)
682 *
683 * When the client recieves the request, it adds it to the current ds
684 * (0x00400000) and dereferences it, copying the data into a buffer which
685 * it then runs directly through the MD5 hasher. The 16 byte output of
686 * the hash is then sent back to the server.
687 *
688 * If the client does not send any data back, or the data does not match
689 * the data that the specific client should have, the client will get the
690 * following message from "AOL Instant Messenger":
691 * "You have been disconnected from the AOL Instant Message Service (SM)
692 * for accessing the AOL network using unauthorized software. You can
693 * download a FREE, fully featured, and authorized client, here
694 * http://www.aol.com/aim/download2.html"
695 * The connection is then closed, recieving disconnect code 1, URL
696 * http://www.aim.aol.com/errors/USER_LOGGED_OFF_NEW_LOGIN.html.
697 *
698 * Note, however, that numerous inconsistencies can cause the above error,
699 * not just sending back a bad hash. Do not immediatly suspect this code
700 * if you get disconnected. AOL and the open/free software community have
701 * played this game for a couple years now, generating the above message
702 * on numerous ocassions.
703 *
704 * Anyway, neener. We win again.
d32954e7 705 *
706 */
707static int memrequest(struct aim_session_t *sess, aim_module_t *mod, struct command_rx_struct *rx, aim_modsnac_t *snac, unsigned char *data, int datalen)
708{
355229fe 709 aim_rxcallback_t userfunc;
710 unsigned long offset, len;
711 int i = 0;
712 struct aim_tlvlist_t *list;
713 char *modname = NULL;
b1eac25a 714
355229fe 715 offset = aimutil_get32(data);
716 i += 4;
5ac961d5 717
355229fe 718 len = aimutil_get32(data+4);
719 i += 4;
b1eac25a 720
355229fe 721 list = aim_readtlvchain(data+i, datalen-i);
328837f7 722
355229fe 723 if (aim_gettlv(list, 0x0001, 1))
724 modname = aim_gettlv_str(list, 0x0001, 1);
5ac961d5 725
355229fe 726 faimdprintf(sess, 1, "data at 0x%08lx (%d bytes) of requested\n", offset, len, modname ? modname : "aim.exe");
b1eac25a 727
355229fe 728 if ((userfunc = aim_callhandler(sess, rx->conn, snac->family, snac->subtype)))
729 return userfunc(sess, rx, offset, len, modname);
b1eac25a 730
355229fe 731 free(modname);
732 aim_freetlvchain(&list);
5ac961d5 733
355229fe 734 return 0;
b1eac25a 735}
736
001c9b80 737static void dumpbox(struct aim_session_t *sess, unsigned char *buf, int len)
738{
355229fe 739 int i;
740
741 if (!sess || !buf || !len)
742 return;
001c9b80 743
355229fe 744 faimdprintf(sess, 1, "\nDump of %d bytes at %p:", len, buf);
001c9b80 745
355229fe 746 for (i = 0; i < len; i++) {
747 if ((i % 8) == 0)
748 faimdprintf(sess, 1, "\n\t");
001c9b80 749
355229fe 750 faimdprintf(sess, 1, "0x%2x ", buf[i]);
751 }
001c9b80 752
355229fe 753 faimdprintf(sess, 1, "\n\n");
001c9b80 754
355229fe 755 return;
001c9b80 756}
757
d2698e03 758faim_export int aim_sendmemblock(struct aim_session_t *sess, struct aim_conn_t *conn, unsigned long offset, unsigned long len, const unsigned char *buf, unsigned char flag)
b1eac25a 759{
355229fe 760 struct command_tx_struct *tx;
761 int i = 0;
b1eac25a 762
355229fe 763 if (!sess || !conn)
764 return -EINVAL;
b1eac25a 765
355229fe 766 if (!(tx = aim_tx_new(sess, conn, AIM_FRAMETYPE_OSCAR, 0x0002, 10+2+16)))
767 return -ENOMEM;
b1eac25a 768
355229fe 769 tx->lock = 1;
b1eac25a 770
355229fe 771 i = aim_putsnac(tx->data, 0x0001, 0x0020, 0x0000, sess->snac_nextid++);
772 i += aimutil_put16(tx->data+i, 0x0010); /* md5 is always 16 bytes */
b1eac25a 773
355229fe 774 if ((flag == AIM_SENDMEMBLOCK_FLAG_ISHASH) && buf && (len == 0x10)) { /* we're getting a hash */
d2698e03 775
355229fe 776 memcpy(tx->data+i, buf, 0x10);
777 i += 0x10;
d2698e03 778
355229fe 779 } else if (buf && (len > 0)) { /* use input buffer */
780 md5_state_t state;
b1eac25a 781
355229fe 782 md5_init(&state);
783 md5_append(&state, (const md5_byte_t *)buf, len);
784 md5_finish(&state, (md5_byte_t *)(tx->data+i));
785 i += 0x10;
b1eac25a 786
355229fe 787 } else if (len == 0) { /* no length, just hash NULL (buf is optional) */
788 md5_state_t state;
789 unsigned char nil = '\0';
001c9b80 790
355229fe 791 /*
792 * These MD5 routines are stupid in that you have to have
793 * at least one append. So thats why this doesn't look
794 * real logical.
795 */
796 md5_init(&state);
797 md5_append(&state, (const md5_byte_t *)&nil, 0);
798 md5_finish(&state, (md5_byte_t *)(tx->data+i));
799 i += 0x10;
001c9b80 800
355229fe 801 } else {
b1eac25a 802
355229fe 803 /*
804 * This data is correct for AIM 3.5.1670.
805 *
806 * Using these blocks is as close to "legal" as you can get
807 * without using an AIM binary.
808 *
809 */
810 if ((offset == 0x03ffffff) && (len == 0x03ffffff)) {
fa358732 811
812#if 1 /* with "AnrbnrAqhfzcd" */
355229fe 813 i += aimutil_put32(tx->data+i, 0x44a95d26);
814 i += aimutil_put32(tx->data+i, 0xd2490423);
815 i += aimutil_put32(tx->data+i, 0x93b8821f);
816 i += aimutil_put32(tx->data+i, 0x51c54b01);
fa358732 817#else /* no filename */
355229fe 818 i += aimutil_put32(tx->data+i, 0x1df8cbae);
819 i += aimutil_put32(tx->data+i, 0x5523b839);
820 i += aimutil_put32(tx->data+i, 0xa0e10db3);
821 i += aimutil_put32(tx->data+i, 0xa46d3b39);
fa358732 822#endif
823
355229fe 824 } else if ((offset == 0x00001000) && (len == 0x00000000)) {
fa358732 825
355229fe 826 i += aimutil_put32(tx->data+i, 0xd41d8cd9);
827 i += aimutil_put32(tx->data+i, 0x8f00b204);
828 i += aimutil_put32(tx->data+i, 0xe9800998);
829 i += aimutil_put32(tx->data+i, 0xecf8427e);
fa358732 830
355229fe 831 } else
832 faimdprintf(sess, 0, "sendmemblock: WARNING: unknown hash request\n");
b1eac25a 833
355229fe 834 }
b1eac25a 835
355229fe 836 tx->commandlen = i;
837 tx->lock = 0;
838 aim_tx_enqueue(sess, tx);
b1eac25a 839
355229fe 840 return 0;
d32954e7 841}
00ef5271 842
843static int snachandler(struct aim_session_t *sess, aim_module_t *mod, struct command_rx_struct *rx, aim_modsnac_t *snac, unsigned char *data, int datalen)
844{
845
355229fe 846 if (snac->subtype == 0x0003)
847 return hostonline(sess, mod, rx, snac, data, datalen);
848 else if (snac->subtype == 0x0005)
849 return redirect(sess, mod, rx, snac, data, datalen);
850 else if (snac->subtype == 0x0007)
851 return rateresp(sess, mod, rx, snac, data, datalen);
852 else if (snac->subtype == 0x000a)
853 return ratechange(sess, mod, rx, snac, data, datalen);
854 else if (snac->subtype == 0x000f)
855 return selfinfo(sess, mod, rx, snac, data, datalen);
856 else if (snac->subtype == 0x0010)
857 return evilnotify(sess, mod, rx, snac, data, datalen);
858 else if (snac->subtype == 0x0013)
859 return motd(sess, mod, rx, snac, data, datalen);
860 else if (snac->subtype == 0x0018)
861 return hostversions(sess, mod, rx, snac, data, datalen);
862 else if (snac->subtype == 0x001f)
863 return memrequest(sess, mod, rx, snac, data, datalen);
864
865 return 0;
00ef5271 866}
867
868faim_internal int general_modfirst(struct aim_session_t *sess, aim_module_t *mod)
869{
870
355229fe 871 mod->family = 0x0001;
872 mod->version = 0x0000;
873 mod->flags = 0;
874 strncpy(mod->name, "general", sizeof(mod->name));
875 mod->snachandler = snachandler;
00ef5271 876
355229fe 877 return 0;
00ef5271 878}
355229fe 879
git-cvsimport mirror of libfaim
This page took 0.231206 seconds and 5 git commands to generate.