4 * This contains all the functions needed to actually login.
13 static int aim_encode_password(const char *password, unsigned char *encoded);
15 faim_export int aim_sendconnack(struct aim_session_t *sess,
16 struct aim_conn_t *conn)
20 struct command_tx_struct *newpacket;
22 if (!(newpacket = aim_tx_new(sess, conn, AIM_FRAMETYPE_OSCAR, 0x0001, 4)))
27 curbyte += aimutil_put16(newpacket->data+curbyte, 0x0000);
28 curbyte += aimutil_put16(newpacket->data+curbyte, 0x0001);
31 return aim_tx_enqueue(sess, newpacket);
35 * In AIM 3.5 protocol, the first stage of login is to request
36 * login from the Authorizer, passing it the screen name
37 * for verification. If the name is invalid, a 0017/0003
38 * is spit back, with the standard error contents. If valid,
39 * a 0017/0007 comes back, which is the signal to send
40 * it the main login command (0017/0002).
42 faim_export int aim_request_login(struct aim_session_t *sess,
43 struct aim_conn_t *conn,
47 struct command_tx_struct *newpacket;
49 if (!sess || !conn || !sn)
53 * For ICQ, we enable the ancient horrible login and stuff
54 * a key packet into the queue to make it look like we got
55 * a reply back. This is so the client doesn't know we're
56 * really not doing MD5 login.
58 * This may sound stupid, but I'm not in the best of moods and
59 * I don't plan to keep support for this crap around much longer.
60 * Its all AOL's fault anyway, really. I hate AOL. Really. They
61 * always seem to be able to piss me off by doing the dumbest little
62 * things. Like disabling MD5 logins for ICQ UINs, or adding purposefully
63 * wrong TLV lengths, or adding superfluous information to host strings,
67 if ((sn[0] >= '0') && (sn[0] <= '9')) {
68 struct command_rx_struct *newrx;
71 if (!(newrx = (struct command_rx_struct *)malloc(sizeof(struct command_rx_struct))))
73 memset(newrx, 0x00, sizeof(struct command_rx_struct));
75 newrx->hdrtype = AIM_FRAMETYPE_OSCAR;
76 newrx->hdr.oscar.type = 0x02;
77 newrx->hdr.oscar.seqnum = 0;
78 newrx->commandlen = 10+2+1;
80 if (!(newrx->data = malloc(newrx->commandlen))) {
85 i = aim_putsnac(newrx->data, 0x0017, 0x0007, 0x0000, 0x0000);
86 i += aimutil_put16(newrx->data+i, 0x01);
87 i += aimutil_putstr(newrx->data+i, "0", 1);
91 newrx->next = sess->queue_incoming;
92 sess->queue_incoming = newrx;
96 sess->flags &= ~AIM_SESS_FLAGS_SNACLOGIN;
101 sess->flags |= AIM_SESS_FLAGS_SNACLOGIN;
103 aim_sendconnack(sess, conn);
105 if (!(newpacket = aim_tx_new(sess, conn, AIM_FRAMETYPE_OSCAR, 0x0002, 10+2+2+strlen(sn))))
110 curbyte = aim_putsnac(newpacket->data, 0x0017, 0x0006, 0x0000, 0x00010000);
111 curbyte += aim_puttlv_str(newpacket->data+curbyte, 0x0001, strlen(sn), sn);
113 newpacket->commandlen = curbyte;
116 return aim_tx_enqueue(sess, newpacket);
120 * send_login(int socket, char *sn, char *password)
122 * This is the initial login request packet.
124 * The password is encoded before transmition, as per
125 * encode_password(). See that function for their
126 * stupid method of doing it.
129 * clientstring = "AOL Instant Messenger (SM), version 4.3.2188/WIN32"
135 * unknown = 0x00000086
140 * Latest WinAIM that libfaim can emulate without server-side buddylists:
141 * clientstring = "AOL Instant Messenger (SM), version 3.5.1670/WIN32"
147 * unknown =0x0000002a
150 * clientstring = "AOL Instant Messenger (TM) version 1.1.19 for Java built 03/24/98, freeMem 215871 totalMem 1048567, i686, Linus, #2 SMP Sun Feb 11 03:41:17 UTC 2001 2.4.1-ac9, IBM Corporation, 1.1.8, 45.3, Tue Mar 27 12:09:17 PST 2001"
154 * minor2 = (not sent)
156 * unknown= (not sent)
158 * AIM for Linux 1.1.112:
159 * clientstring = "AOL Instant Messenger (SM)"
165 * unknown= 0x0000008b
169 faim_export int aim_send_login (struct aim_session_t *sess,
170 struct aim_conn_t *conn,
171 char *sn, char *password,
172 struct client_info_s *clientinfo,
176 struct command_tx_struct *newpacket;
178 if (!clientinfo || !sn || !password)
181 if (!(newpacket = aim_tx_new(sess, conn, AIM_FRAMETYPE_OSCAR, 0x0002, 1152)))
186 newpacket->hdr.oscar.type = (sess->flags & AIM_SESS_FLAGS_SNACLOGIN)?0x02:0x01;
188 if (sess->flags & AIM_SESS_FLAGS_SNACLOGIN)
189 curbyte = aim_putsnac(newpacket->data, 0x0017, 0x0002, 0x0000, 0x00010000);
191 curbyte = aimutil_put16(newpacket->data, 0x0000);
192 curbyte += aimutil_put16(newpacket->data+curbyte, 0x0001);
195 curbyte += aim_puttlv_str(newpacket->data+curbyte, 0x0001, strlen(sn), sn);
197 if (sess->flags & AIM_SESS_FLAGS_SNACLOGIN) {
198 unsigned char digest[16];
200 aim_encode_password_md5(password, key, digest);
201 curbyte+= aim_puttlv_str(newpacket->data+curbyte, 0x0025, 16, (char *)digest);
203 char *password_encoded;
205 password_encoded = (char *) malloc(strlen(password));
206 aim_encode_password(password, password_encoded);
207 curbyte += aim_puttlv_str(newpacket->data+curbyte, 0x0002, strlen(password), password_encoded);
208 free(password_encoded);
211 curbyte += aim_puttlv_str(newpacket->data+curbyte, 0x0003, strlen(clientinfo->clientstring), clientinfo->clientstring);
213 if (sess->flags & AIM_SESS_FLAGS_SNACLOGIN) {
215 curbyte += aim_puttlv_16(newpacket->data+curbyte, 0x0016, (unsigned short)clientinfo->major2);
216 curbyte += aim_puttlv_16(newpacket->data+curbyte, 0x0017, (unsigned short)clientinfo->major);
217 curbyte += aim_puttlv_16(newpacket->data+curbyte, 0x0018, (unsigned short)clientinfo->minor);
218 curbyte += aim_puttlv_16(newpacket->data+curbyte, 0x0019, (unsigned short)clientinfo->minor2);
219 curbyte += aim_puttlv_16(newpacket->data+curbyte, 0x001a, (unsigned short)clientinfo->build);
222 /* Use very specific version numbers, to further indicate the hack. */
223 curbyte += aim_puttlv_16(newpacket->data+curbyte, 0x0016, 0x010a);
224 curbyte += aim_puttlv_16(newpacket->data+curbyte, 0x0017, 0x0004);
225 curbyte += aim_puttlv_16(newpacket->data+curbyte, 0x0018, 0x003c);
226 curbyte += aim_puttlv_16(newpacket->data+curbyte, 0x0019, 0x0001);
227 curbyte += aim_puttlv_16(newpacket->data+curbyte, 0x001a, 0x0cce);
228 curbyte += aim_puttlv_32(newpacket->data+curbyte, 0x0014, 0x00000055);
231 curbyte += aim_puttlv_str(newpacket->data+curbyte, 0x000e, strlen(clientinfo->country), clientinfo->country);
232 curbyte += aim_puttlv_str(newpacket->data+curbyte, 0x000f, strlen(clientinfo->lang), clientinfo->lang);
234 if (sess->flags & AIM_SESS_FLAGS_SNACLOGIN) {
235 curbyte += aim_puttlv_32(newpacket->data+curbyte, 0x0014, clientinfo->unknown);
236 curbyte += aim_puttlv_16(newpacket->data+curbyte, 0x0009, 0x0015);
239 newpacket->commandlen = curbyte;
242 return aim_tx_enqueue(sess, newpacket);
245 faim_export int aim_encode_password_md5(const char *password, const char *key, unsigned char *digest)
250 md5_append(&state, (const md5_byte_t *)key, strlen(key));
251 md5_append(&state, (const md5_byte_t *)password, strlen(password));
252 md5_append(&state, (const md5_byte_t *)AIM_MD5_STRING, strlen(AIM_MD5_STRING));
253 md5_finish(&state, (md5_byte_t *)digest);
259 * aim_encode_password - Encode a password using old XOR method
260 * @password: incoming password
261 * @encoded: buffer to put encoded password
263 * This takes a const pointer to a (null terminated) string
264 * containing the unencoded password. It also gets passed
265 * an already allocated buffer to store the encoded password.
266 * This buffer should be the exact length of the password without
267 * the null. The encoded password buffer /is not %NULL terminated/.
269 * The encoding_table seems to be a fixed set of values. We'll
270 * hope it doesn't change over time!
272 * This is only used for the XOR method, not the better MD5 method.
275 static int aim_encode_password(const char *password, unsigned char *encoded)
277 u_char encoding_table[] = {
278 #if 0 /* old v1 table */
279 0xf3, 0xb3, 0x6c, 0x99,
280 0x95, 0x3f, 0xac, 0xb6,
281 0xc5, 0xfa, 0x6b, 0x63,
282 0x69, 0x6c, 0xc3, 0x9f
283 #else /* v2.1 table, also works for ICQ */
284 0xf3, 0x26, 0x81, 0xc4,
285 0x39, 0x86, 0xdb, 0x92,
286 0x71, 0xa3, 0xb9, 0xe6,
287 0x53, 0x7a, 0x95, 0x7c
293 for (i = 0; i < strlen(password); i++)
294 encoded[i] = (password[i] ^ encoding_table[i]);
300 * Generate an authorization response.
302 * You probably don't want this unless you're writing an AIM server.
305 faim_export unsigned long aim_sendauthresp(struct aim_session_t *sess,
306 struct aim_conn_t *conn,
307 char *sn, int errorcode,
308 char *errorurl, char *bosip,
309 char *cookie, char *email,
312 struct command_tx_struct *tx;
313 struct aim_tlvlist_t *tlvlist = NULL;
315 if (!(tx = aim_tx_new(sess, conn, AIM_FRAMETYPE_OSCAR, 0x0004, 1152)))
321 aim_addtlvtochain_str(&tlvlist, 0x0001, sn, strlen(sn));
323 aim_addtlvtochain_str(&tlvlist, 0x0001, sess->sn, strlen(sess->sn));
326 aim_addtlvtochain16(&tlvlist, 0x0008, errorcode);
327 aim_addtlvtochain_str(&tlvlist, 0x0004, errorurl, strlen(errorurl));
329 aim_addtlvtochain_str(&tlvlist, 0x0005, bosip, strlen(bosip));
330 aim_addtlvtochain_str(&tlvlist, 0x0006, cookie, AIM_COOKIELEN);
331 aim_addtlvtochain_str(&tlvlist, 0x0011, email, strlen(email));
332 aim_addtlvtochain16(&tlvlist, 0x0013, (unsigned short)regstatus);
335 tx->commandlen = aim_writetlvchain(tx->data, tx->commandlen, &tlvlist);
338 return aim_tx_enqueue(sess, tx);
342 * Generate a random cookie. (Non-client use only)
344 faim_export int aim_gencookie(unsigned char *buf)
350 for (i=0; i < AIM_COOKIELEN; i++)
351 buf[i] = 1+(int) (256.0*rand()/(RAND_MAX+0.0));
357 * Send Server Ready. (Non-client)
359 faim_export int aim_sendserverready(struct aim_session_t *sess, struct aim_conn_t *conn)
361 struct command_tx_struct *tx;
364 if (!(tx = aim_tx_new(sess, conn, AIM_FRAMETYPE_OSCAR, 0x0002, 10+0x22)))
369 i += aim_putsnac(tx->data, 0x0001, 0x0003, 0x0000, sess->snac_nextid++);
371 i += aimutil_put16(tx->data+i, 0x0001);
372 i += aimutil_put16(tx->data+i, 0x0002);
373 i += aimutil_put16(tx->data+i, 0x0003);
374 i += aimutil_put16(tx->data+i, 0x0004);
375 i += aimutil_put16(tx->data+i, 0x0006);
376 i += aimutil_put16(tx->data+i, 0x0008);
377 i += aimutil_put16(tx->data+i, 0x0009);
378 i += aimutil_put16(tx->data+i, 0x000a);
379 i += aimutil_put16(tx->data+i, 0x000b);
380 i += aimutil_put16(tx->data+i, 0x000c);
381 i += aimutil_put16(tx->data+i, 0x0013);
382 i += aimutil_put16(tx->data+i, 0x0015);
386 return aim_tx_enqueue(sess, tx);
391 * Send service redirect. (Non-Client)
393 faim_export unsigned long aim_sendredirect(struct aim_session_t *sess,
394 struct aim_conn_t *conn,
395 unsigned short servid,
399 struct command_tx_struct *tx;
400 struct aim_tlvlist_t *tlvlist = NULL;
403 if (!(tx = aim_tx_new(sess, conn, AIM_FRAMETYPE_OSCAR, 0x0002, 1152)))
408 i += aim_putsnac(tx->data+i, 0x0001, 0x0005, 0x0000, 0x00000000);
410 aim_addtlvtochain16(&tlvlist, 0x000d, servid);
411 aim_addtlvtochain_str(&tlvlist, 0x0005, ip, strlen(ip));
412 aim_addtlvtochain_str(&tlvlist, 0x0006, cookie, AIM_COOKIELEN);
414 tx->commandlen = aim_writetlvchain(tx->data+i, tx->commandlen-i, &tlvlist)+i;
415 aim_freetlvchain(&tlvlist);
418 return aim_tx_enqueue(sess, tx);
422 static int hostonline(struct aim_session_t *sess, aim_module_t *mod, struct command_rx_struct *rx, aim_modsnac_t *snac, unsigned char *data, int datalen)
424 rxcallback_t userfunc;
426 unsigned short *families;
429 famcount = datalen/2;
431 if (!(families = malloc(datalen)))
434 for (i = 0; i < famcount; i++)
435 families[i] = aimutil_get16(data+(i*2));
437 if ((userfunc = aim_callhandler(sess, rx->conn, snac->family, snac->subtype)))
438 ret = userfunc(sess, rx, famcount, families);
445 static int redirect(struct aim_session_t *sess, aim_module_t *mod, struct command_rx_struct *rx, aim_modsnac_t *snac, unsigned char *data, int datalen)
448 unsigned char *cookie;
450 rxcallback_t userfunc;
451 struct aim_tlvlist_t *tlvlist;
452 char *chathack = NULL;
456 tlvlist = aim_readtlvchain(data, datalen);
458 if (!aim_gettlv(tlvlist, 0x000d, 1) ||
459 !aim_gettlv(tlvlist, 0x0005, 1) ||
460 !aim_gettlv(tlvlist, 0x0006, 1)) {
461 aim_freetlvchain(&tlvlist);
465 serviceid = aim_gettlv16(tlvlist, 0x000d, 1);
466 ip = aim_gettlv_str(tlvlist, 0x0005, 1);
467 cookie = aim_gettlv_str(tlvlist, 0x0006, 1);
473 if ((serviceid == AIM_CONN_TYPE_CHAT) && sess->pendingjoin) {
474 chathack = sess->pendingjoin;
475 chathackex = sess->pendingjoinexchange;
476 sess->pendingjoin = NULL;
477 sess->pendingjoinexchange = 0;
480 if ((userfunc = aim_callhandler(sess, rx->conn, snac->family, snac->subtype)))
481 ret = userfunc(sess, rx, serviceid, ip, cookie, chathack, chathackex);
487 aim_freetlvchain(&tlvlist);
493 * The Rate Limiting System, An Abridged Guide to Nonsense.
495 * OSCAR defines several 'rate classes'. Each class has seperate
496 * rate limiting properties (limit level, alert level, disconnect
497 * level, etc), and a set of SNAC family/type pairs associated with
498 * it. The rate classes, their limiting properties, and the definitions
499 * of which SNACs are belong to which class, are defined in the
500 * Rate Response packet at login to each host.
502 * Logically, all rate offenses within one class count against further
503 * offenses for other SNACs in the same class (ie, sending messages
504 * too fast will limit the number of user info requests you can send,
505 * since those two SNACs are in the same rate class).
507 * Since the rate classes are defined dynamically at login, the values
508 * below may change. But they seem to be fairly constant.
510 * Currently, BOS defines five rate classes, with the commonly used
511 * members as follows...
514 * - Everything thats not in any of the other classes
517 * - Buddy list add/remove
518 * - Permit list add/remove
519 * - Deny list add/remove
522 * - User information requests
526 * - A few unknowns: 2/9, 2/b, and f/2
530 * - Outgoing chat ICBMs
532 * The only other thing of note is that class 5 (chat) has slightly looser
533 * limiting properties than class 3 (normal messages). But thats just a
534 * small bit of trivia for you.
536 * The last thing that needs to be learned about the rate limiting
537 * system is how the actual numbers relate to the passing of time. This
538 * seems to be a big mystery.
543 static int rateresp(struct aim_session_t *sess, aim_module_t *mod, struct command_rx_struct *rx, aim_modsnac_t *snac, unsigned char *data, int datalen)
545 rxcallback_t userfunc;
547 if ((userfunc = aim_callhandler(sess, rx->conn, snac->family, snac->subtype)))
548 return userfunc(sess, rx);
553 static int ratechange(struct aim_session_t *sess, aim_module_t *mod, struct command_rx_struct *rx, aim_modsnac_t *snac, unsigned char *data, int datalen)
555 rxcallback_t userfunc;
557 unsigned long currentavg, maxavg;
558 unsigned long rateclass, windowsize, clear, alert, limit, disconnect;
560 code = aimutil_get16(data+i);
563 rateclass = aimutil_get16(data+i);
566 windowsize = aimutil_get32(data+i);
568 clear = aimutil_get32(data+i);
570 alert = aimutil_get32(data+i);
572 limit = aimutil_get32(data+i);
574 disconnect = aimutil_get32(data+i);
576 currentavg = aimutil_get32(data+i);
578 maxavg = aimutil_get32(data+i);
581 if ((userfunc = aim_callhandler(sess, rx->conn, snac->family, snac->subtype)))
582 return userfunc(sess, rx, code, rateclass, windowsize, clear, alert, limit, disconnect, currentavg, maxavg);
588 static int selfinfo(struct aim_session_t *sess, aim_module_t *mod, struct command_rx_struct *rx, aim_modsnac_t *snac, unsigned char *data, int datalen)
590 rxcallback_t userfunc;
592 if ((userfunc = aim_callhandler(sess, rx->conn, snac->family, snac->subtype)))
593 return userfunc(sess, rx);
598 static int evilnotify(struct aim_session_t *sess, aim_module_t *mod, struct command_rx_struct *rx, aim_modsnac_t *snac, unsigned char *data, int datalen)
600 rxcallback_t userfunc = NULL;
602 unsigned short newevil;
603 struct aim_userinfo_s userinfo;
605 newevil = aimutil_get16(data);
608 memset(&userinfo, 0, sizeof(struct aim_userinfo_s));
611 i += aim_extractuserinfo(sess, data+i, &userinfo);
613 if ((userfunc = aim_callhandler(sess, rx->conn, snac->family, snac->subtype)))
614 return userfunc(sess, rx, newevil, &userinfo);
619 static int motd(struct aim_session_t *sess, aim_module_t *mod, struct command_rx_struct *rx, aim_modsnac_t *snac, unsigned char *data, int datalen)
621 rxcallback_t userfunc;
624 struct aim_tlvlist_t *tlvlist;
631 * 1 Mandatory upgrade
634 * 4 Nothing's wrong ("top o the world" -- normal)
637 id = aimutil_get16(data);
642 if ((tlvlist = aim_readtlvchain(data+2, datalen-2)))
643 msg = aim_gettlv_str(tlvlist, 0x000b, 1);
645 if ((userfunc = aim_callhandler(sess, rx->conn, snac->family, snac->subtype)))
646 ret = userfunc(sess, rx, id, msg);
650 aim_freetlvchain(&tlvlist);
655 static int hostversions(struct aim_session_t *sess, aim_module_t *mod, struct command_rx_struct *rx, aim_modsnac_t *snac, unsigned char *data, int datalen)
657 rxcallback_t userfunc;
660 vercount = datalen/4;
662 if ((userfunc = aim_callhandler(sess, rx->conn, snac->family, snac->subtype)))
663 return userfunc(sess, rx, vercount, data);
668 * Stay tuned. I have an explanation for here.
672 static int memrequest(struct aim_session_t *sess, aim_module_t *mod, struct command_rx_struct *rx, aim_modsnac_t *snac, unsigned char *data, int datalen)
677 static int snachandler(struct aim_session_t *sess, aim_module_t *mod, struct command_rx_struct *rx, aim_modsnac_t *snac, unsigned char *data, int datalen)
680 if (snac->subtype == 0x0003)
681 return hostonline(sess, mod, rx, snac, data, datalen);
682 else if (snac->subtype == 0x0005)
683 return redirect(sess, mod, rx, snac, data, datalen);
684 else if (snac->subtype == 0x0007)
685 return rateresp(sess, mod, rx, snac, data, datalen);
686 else if (snac->subtype == 0x000a)
687 return ratechange(sess, mod, rx, snac, data, datalen);
688 else if (snac->subtype == 0x000f)
689 return selfinfo(sess, mod, rx, snac, data, datalen);
690 else if (snac->subtype == 0x0010)
691 return evilnotify(sess, mod, rx, snac, data, datalen);
692 else if (snac->subtype == 0x0013)
693 return motd(sess, mod, rx, snac, data, datalen);
694 else if (snac->subtype == 0x0018)
695 return hostversions(sess, mod, rx, snac, data, datalen);
696 else if (snac->subtype == 0x001f)
697 return memrequest(sess, mod, rx, snac, data, datalen);
702 faim_internal int general_modfirst(struct aim_session_t *sess, aim_module_t *mod)
705 mod->family = 0x0001;
706 mod->version = 0x0000;
708 strncpy(mod->name, "general", sizeof(mod->name));
709 mod->snachandler = snachandler;