+static int incomingim_ch2_imimage(aim_session_t *sess, aim_module_t *mod, aim_frame_t *rx, aim_modsnac_t *snac, struct aim_userinfo_s *userinfo, struct aim_incomingim_ch2_args *args, aim_tlvlist_t *list2)
+{
+ aim_rxcallback_t userfunc;
+ int ret = 0;
+
+ /* Primary IP address */
+ if (aim_gettlv(list2, 0x0003, 1)) {
+ aim_tlv_t *tlv;
+
+ tlv = aim_gettlv(list2, 0x0003, 1);
+
+ snprintf(args->info.imimage.ip, sizeof(args->info.imimage.ip),
+ "%d.%d.%d.%d:4443",
+ tlv->value[0],
+ tlv->value[1],
+ tlv->value[2],
+ tlv->value[3]);
+ }
+
+ /*
+ * Alternate IP address
+ *
+ * Sort of. The peer doesn't send this -- the OSCAR
+ * server does. So it will be the IP address that the
+ * peer is directly connected to the internet with, which
+ * may not be the same as the IP above. If these two
+ * values differ, it's rather unlikely that this
+ * rendezvous is going to happen...
+ *
+ */
+ if (aim_gettlv(list2, 0x0004, 1))
+ ;
+
+ /* Port number (not correct -- ignore) */
+ if (aim_gettlv(list2, 0x0005, 1))
+ ;
+
+ /* Unknown -- two bytes = 0x0001 */
+ if (aim_gettlv(list2, 0x000a, 1))
+ ;
+
+ /* Unknown -- no value */
+ if (aim_gettlv(list2, 0x000f, 1))
+ ;
+
+ faimdprintf(sess, 1, "rend: directIM request from %s (%s)\n", userinfo->sn, args->info.imimage.ip);
+
+ /*
+ * XXX: there are a couple of different request packets for
+ * different things
+ */
+
+ if ((userfunc = aim_callhandler(sess, rx->conn, snac->family, snac->subtype)))
+ ret = userfunc(sess, rx, 0x0002, userinfo, args);
+
+ return ret;
+}
+
+/* XXX Ugh. I think its obvious. */
+static int incomingim_ch2(aim_session_t *sess, aim_module_t *mod, aim_frame_t *rx, aim_modsnac_t *snac, fu16_t channel, struct aim_userinfo_s *userinfo, aim_tlvlist_t *tlvlist, fu8_t *cookie)
+{
+ aim_rxcallback_t userfunc;
+ aim_tlv_t *block1;
+ aim_tlvlist_t *list2;
+ int ret = 0;
+ struct aim_incomingim_ch2_args args;
+ aim_bstream_t bbs;
+ fu8_t *cookie2;
+
+ memset(&args, 0, sizeof(args));
+
+ /*
+ * There's another block of TLVs embedded in the type 5 here.
+ */
+ if (!(block1 = aim_gettlv(tlvlist, 0x0005, 1)) || !block1->value) {
+ faimdprintf(sess, 0, "no tlv 0x0005 in rendezvous transaction!\n");
+ return 0;
+ }
+
+ aim_bstream_init(&bbs, block1->value, block1->length);
+
+ /*
+ * First two bytes represent the status of the connection.
+ *
+ * 0 is a request, 2 is an accept
+ */
+ args.status = aimbs_get16(&bbs);
+
+ /*
+ * Next comes the cookie. Should match the ICBM cookie.
+ */
+ cookie2 = aimbs_getraw(&bbs, 8);
+ if (memcmp(cookie, cookie2, 8) != 0)
+ faimdprintf(sess, 0, "rend: warning cookies don't match!\n");
+ memcpy(args.cookie, cookie2, 8);
+ free(cookie2);
+
+ /*
+ * The next 16bytes are a capability block so we can
+ * identify what type of rendezvous this is.
+ *
+ * Thanks to Eric Warmenhoven <warmenhoven@linux.com> (of GAIM)
+ * for pointing some of this out to me. In fact, a lot of
+ * the client-to-client info comes from the work of the GAIM
+ * developers. Thanks!
+ *
+ * Read off one capability string and we should have it ID'd.
+ *
+ */
+ if ((args.reqclass = aim_getcap(sess, &bbs, 0x10)) == 0x0000) {
+ faimdprintf(sess, 0, "rend: no ID block\n");
+ return 0;
+ }
+
+ /*
+ * What follows may be TLVs or nothing, depending on the
+ * purpose of the message.
+ *
+ * Ack packets for instance have nothing more to them.
+ */
+ list2 = aim_readtlvchain(&bbs);
+
+#if 0 /* this should be in the per-type blocks */
+ if (!list2 || ((args.reqclass != AIM_CAPS_IMIMAGE) && !(aim_gettlv(list2, 0x2711, 1)))) {
+ aim_msgcookie_t *cook;
+ int type;
+
+ type = aim_msgcookie_gettype(args.reqclass); /* XXX: fix this shitty code */
+
+ if ((cook = aim_checkcookie(sess, cookie, type)) == NULL) {
+ faimdprintf(sess, 0, "non-data rendezvous thats not in cache (type %d)\n", type);
+ aim_freetlvchain(&list2);
+ return 1;
+ }
+
+ if (cook->type == AIM_COOKIETYPE_OFTGET) {
+ struct aim_filetransfer_priv *ft;
+
+ if (cook->data) {
+ int errorcode = -1; /* XXX shouldnt this be 0? */
+
+ ft = (struct aim_filetransfer_priv *)cook->data;
+
+ if (args.status != 0x0002) {
+
+ if (aim_gettlv(list2, 0x000b, 1))
+ errorcode = aim_gettlv16(list2, 0x000b, 1);
+
+ /* XXX this should make it up to the client, you know.. */
+ if (errorcode)
+ faimdprintf(sess, 0, "transfer from %s (%s) for %s cancelled (error code %d)\n", ft->sn, ft->ip, ft->fh.name, errorcode);
+ } /* args.status != 0x0002 */
+
+ } else {
+ faimdprintf(sess, 0, "no data attached to file transfer\n");
+ } /* !cook->data */
+
+ } else if (cook->type == AIM_CAPS_VOICE) {
+
+ faimdprintf(sess, 0, "voice request cancelled\n");
+
+ } else {
+
+ faimdprintf(sess, 0, "unknown cookie cache type %d\n", cook->type);
+ }
+
+ aim_freetlvchain(&list2);
+
+ return 1;
+ }
+#endif
+
+ /*
+ * The rest of the handling depends on what type it is.
+ */
+ if (args.reqclass & AIM_CAPS_BUDDYICON) {
+
+ ret = incomingim_ch2_buddyicon(sess, mod, rx, snac, userinfo, &args, list2);
+
+ } else if (args.reqclass & AIM_CAPS_VOICE) {
+ aim_msgcookie_t *cachedcook;
+
+ faimdprintf(sess, 1, "rend: voice!\n");
+
+ if(!(cachedcook = (aim_msgcookie_t*)calloc(1, sizeof(aim_msgcookie_t)))) {
+ aim_freetlvchain(&list2);
+ return 0;
+ }
+
+ memcpy(cachedcook->cookie, cookie, 8);
+ cachedcook->type = AIM_COOKIETYPE_OFTVOICE;
+ cachedcook->data = NULL;
+
+ if (aim_cachecookie(sess, cachedcook) == -1)
+ faimdprintf(sess, 0, "ERROR caching message cookie\n");
+
+ /* XXX: implement all this */
+
+ if ((userfunc = aim_callhandler(sess, rx->conn, snac->family, snac->subtype)))
+ ret = userfunc(sess, rx, channel, userinfo, &args);
+
+ } else if (args.reqclass & AIM_CAPS_IMIMAGE) {
+
+ ret = incomingim_ch2_imimage(sess, mod, rx, snac, userinfo, &args, list2);
+
+ } else if (args.reqclass & AIM_CAPS_CHAT) {
+ aim_tlv_t *miscinfo;
+ aim_bstream_t tbs;
+
+ miscinfo = aim_gettlv(list2, 0x2711, 1);
+
+ aim_bstream_init(&tbs, miscinfo->value, miscinfo->length);
+
+ aim_chat_readroominfo(&tbs, &args.info.chat.roominfo);
+
+ if (aim_gettlv(list2, 0x000c, 1))
+ args.info.chat.msg = aim_gettlv_str(list2, 0x000c, 1);
+
+ if (aim_gettlv(list2, 0x000d, 1))
+ args.info.chat.encoding = aim_gettlv_str(list2, 0x000d, 1);
+
+ if (aim_gettlv(list2, 0x000e, 1))
+ args.info.chat.lang = aim_gettlv_str(list2, 0x000e, 1);
+
+ if ((userfunc = aim_callhandler(sess, rx->conn, snac->family, snac->subtype)))
+ ret = userfunc(sess, rx, channel, userinfo, &args);
+
+ free(args.info.chat.roominfo.name);
+ free(args.info.chat.msg);
+ free(args.info.chat.encoding);
+ free(args.info.chat.lang);
+
+ } else if (args.reqclass & AIM_CAPS_GETFILE) {
+ char ip[30];
+ aim_msgcookie_t *cachedcook;
+ aim_tlv_t *miscinfo;
+ aim_tlv_t *iptlv, *porttlv;
+
+ memset(ip, 0, 30);
+
+ if (!(cachedcook = calloc(1, sizeof(aim_msgcookie_t)))) {
+ aim_freetlvchain(&list2);
+ return 0;
+ }
+
+ if (!(miscinfo = aim_gettlv(list2, 0x2711, 1)) ||
+ !(iptlv = aim_gettlv(list2, 0x0003, 1)) ||
+ !(porttlv = aim_gettlv(list2, 0x0005, 1))) {
+
+ faimdprintf(sess, 0, "rend: badly damaged file get request from %s...\n", userinfo->sn);
+ aim_cookie_free(sess, cachedcook);
+ aim_freetlvchain(&list2);
+
+ return 0;
+ }
+
+ snprintf(ip, 30, "%d.%d.%d.%d:%d",
+ aimutil_get8(iptlv->value+0),
+ aimutil_get8(iptlv->value+1),
+ aimutil_get8(iptlv->value+2),
+ aimutil_get8(iptlv->value+3),
+ aimutil_get16(porttlv->value));
+
+ faimdprintf(sess, 0, "rend: file get request from %s (%s)\n", userinfo->sn, ip);
+
+ args.info.getfile.ip = ip;
+ args.info.getfile.cookie = cookie;
+
+ if ((userfunc = aim_callhandler(sess, rx->conn, snac->family, snac->subtype)))
+ ret = userfunc(sess, rx, channel, userinfo, &args);
+
+ } else if (args.reqclass & AIM_CAPS_SENDFILE) {
+#if 0
+ char ip[30];
+ aim_msgcookie_t *cachedcook;
+ aim_tlv_t *miscinfo;
+ aim_tlv_t *iptlv, *porttlv;
+
+ memset(ip, 0, 30);
+
+ if (!(cachedcook = calloc(1, sizeof(aim_msgcookie_t)))) {
+ aim_freetlvchain(&list2);
+ return 0;
+ }
+
+ if (!(miscinfo = aim_gettlv(list2, 0x2711, 1)) ||
+ !(iptlv = aim_gettlv(list2, 0x0003, 1)) ||
+ !(porttlv = aim_gettlv(list2, 0x0005, 1))) {
+
+ faimdprintf(sess, 0, "rend: badly damaged file get request from %s...\n", userinfo->sn);
+ aim_cookie_free(sess, cachedcook);
+ aim_freetlvchain(&list2);
+
+ return 0;
+ }
+
+ snprintf(ip, 30, "%d.%d.%d.%d:%d",
+ aimutil_get8(iptlv->value+0),
+ aimutil_get8(iptlv->value+1),
+ aimutil_get8(iptlv->value+2),
+ aimutil_get8(iptlv->value+3),
+ aimutil_get16(porttlv->value));
+
+ if (aim_gettlv(list2, 0x000c, 1))
+ desc = aim_gettlv_str(list2, 0x000c, 1);
+
+ faimdprintf(sess, 0, "rend: file transfer request from %s: %s (%s)\n",
+ userinfo->sn, desc, ip);
+
+ memcpy(cachedcook->cookie, cookie, 8);
+
+ ft = malloc(sizeof(struct aim_filetransfer_priv)); /* XXX */
+ strncpy(ft->sn, userinfo.sn, sizeof(ft->sn));
+ strncpy(ft->ip, ip, sizeof(ft->ip));
+ strncpy(ft->fh.name, miscinfo->value+8, sizeof(ft->fh.name));
+ cachedcook->type = AIM_COOKIETYPE_OFTSEND;
+ cachedcook->data = ft;
+
+ if (aim_cachecookie(sess, cachedcook) == -1)
+ faimdprintf(sess, 0, "ERROR caching message cookie\n");
+
+ aim_accepttransfer(sess, rx->conn, ft->sn, cookie, AIM_CAPS_SENDFILE);
+
+ if (desc)
+ free(desc);
+
+ if ((userfunc = aim_callhandler(sess, rx->conn, snac->family, snac->subtype)))
+ ret = userfunc(sess, rx, channel, userinfo, &args);