#include "md5.h"
-static int aim_encode_password_md5(const char *password, const char *key, md5_byte_t *digest);
static int aim_encode_password(const char *password, unsigned char *encoded);
-faim_export int aim_sendconnack(struct aim_session_t *sess,
- struct aim_conn_t *conn)
+faim_export int aim_sendflapver(aim_session_t *sess, aim_conn_t *conn)
{
- int curbyte=0;
-
- struct command_tx_struct *newpacket;
+ aim_frame_t *fr;
- if (!(newpacket = aim_tx_new(sess, conn, AIM_FRAMETYPE_OSCAR, 0x0001, 4)))
- return -1;
+ if (!(fr = aim_tx_new(sess, conn, AIM_FRAMETYPE_FLAP, 0x01, 4)))
+ return -ENOMEM;
- newpacket->lock = 1;
-
- curbyte += aimutil_put16(newpacket->data+curbyte, 0x0000);
- curbyte += aimutil_put16(newpacket->data+curbyte, 0x0001);
+ aimbs_put32(&fr->data, 0x00000001);
- newpacket->lock = 0;
- return aim_tx_enqueue(sess, newpacket);
+ aim_tx_enqueue(sess, fr);
+
+ return 0;
+}
+
+/*
+ * This is a bit confusing.
+ *
+ * Normal SNAC login goes like this:
+ * - connect
+ * - server sends flap version
+ * - client sends flap version
+ * - client sends screen name (17/6)
+ * - server sends hash key (17/7)
+ * - client sends auth request (17/2 -- aim_send_login)
+ * - server yells
+ *
+ * XOR login (for ICQ) goes like this:
+ * - connect
+ * - server sends flap version
+ * - client sends auth request which contains flap version (aim_send_login)
+ * - server yells
+ *
+ * For the client API, we make them implement the most complicated version,
+ * and for the simpler version, we fake it and make it look like the more
+ * complicated process.
+ *
+ * This is done by giving the client a faked key, just so we can convince
+ * them to call aim_send_login right away, which will detect the session
+ * flag that says this is XOR login and ignore the key, sending an ICQ
+ * login request instead of the normal SNAC one.
+ *
+ * As soon as AOL makes ICQ log in the same way as AIM, this is /gone/.
+ *
+ * XXX This may cause problems if the client relies on callbacks only
+ * being called from the context of aim_rxdispatch()...
+ *
+ */
+static int goddamnicq(aim_session_t *sess, aim_conn_t *conn, const char *sn)
+{
+ aim_frame_t fr;
+ aim_rxcallback_t userfunc;
+
+ sess->flags &= ~AIM_SESS_FLAGS_SNACLOGIN;
+ sess->flags |= AIM_SESS_FLAGS_XORLOGIN;
+
+ fr.conn = conn;
+
+ if ((userfunc = aim_callhandler(sess, conn, 0x0017, 0x0007)))
+ userfunc(sess, &fr, "");
+
+ return 0;
}
/*
- * In AIM 3.5 protocol, the first stage of login is to request
- * login from the Authorizer, passing it the screen name
- * for verification. If the name is invalid, a 0017/0003
- * is spit back, with the standard error contents. If valid,
- * a 0017/0007 comes back, which is the signal to send
- * it the main login command (0017/0002).
+ * In AIM 3.5 protocol, the first stage of login is to request login from the
+ * Authorizer, passing it the screen name for verification. If the name is
+ * invalid, a 0017/0003 is spit back, with the standard error contents. If
+ * valid, a 0017/0007 comes back, which is the signal to send it the main
+ * login command (0017/0002).
+ *
*/
-faim_export int aim_request_login(struct aim_session_t *sess,
- struct aim_conn_t *conn,
- char *sn)
+faim_export int aim_request_login(aim_session_t *sess, aim_conn_t *conn, const char *sn)
{
- int curbyte;
- struct command_tx_struct *newpacket;
-
- if (!sess || !conn || !sn)
- return -1;
-
- /*
- * For ICQ, we enable the ancient horrible login and stuff
- * a key packet into the queue to make it look like we got
- * a reply back. This is so the client doesn't know we're
- * really not doing MD5 login.
- *
- * This may sound stupid, but I'm not in the best of moods and
- * I don't plan to keep support for this crap around much longer.
- * Its all AOL's fault anyway, really. I hate AOL. Really. They
- * always seem to be able to piss me off by doing the dumbest little
- * things. Like disabling MD5 logins for ICQ UINs, or adding purposefully
- * wrong TLV lengths, or adding superfluous information to host strings,
- * or... I'll stop.
- *
- */
- if ((sn[0] >= '0') && (sn[0] <= '9')) {
- struct command_rx_struct *newrx;
- int i;
-
- if (!(newrx = (struct command_rx_struct *)malloc(sizeof(struct command_rx_struct))))
- return -1;
- memset(newrx, 0x00, sizeof(struct command_rx_struct));
- newrx->lock = 1;
- newrx->hdrtype = AIM_FRAMETYPE_OSCAR;
- newrx->hdr.oscar.type = 0x02;
- newrx->hdr.oscar.seqnum = 0;
- newrx->commandlen = 10+2+1;
- newrx->nofree = 0;
- if (!(newrx->data = malloc(newrx->commandlen))) {
- free(newrx);
- return -1;
- }
-
- i = aim_putsnac(newrx->data, 0x0017, 0x0007, 0x0000, 0x0000);
- i += aimutil_put16(newrx->data+i, 0x01);
- i += aimutil_putstr(newrx->data+i, "0", 1);
-
- newrx->conn = conn;
-
- newrx->next = sess->queue_incoming;
- sess->queue_incoming = newrx;
-
- newrx->lock = 0;
-
- sess->flags &= ~AIM_SESS_FLAGS_SNACLOGIN;
-
- return 0;
- }
-
- sess->flags |= AIM_SESS_FLAGS_SNACLOGIN;
-
- aim_sendconnack(sess, conn);
-
- if (!(newpacket = aim_tx_new(sess, conn, AIM_FRAMETYPE_OSCAR, 0x0002, 10+2+2+strlen(sn))))
- return -1;
-
- newpacket->lock = 1;
-
- curbyte = aim_putsnac(newpacket->data, 0x0017, 0x0006, 0x0000, 0x00010000);
- curbyte += aim_puttlv_str(newpacket->data+curbyte, 0x0001, strlen(sn), sn);
-
- newpacket->commandlen = curbyte;
- newpacket->lock = 0;
-
- return aim_tx_enqueue(sess, newpacket);
+ aim_frame_t *fr;
+ aim_snacid_t snacid;
+ aim_tlvlist_t *tl = NULL;
+
+ if (!sess || !conn || !sn)
+ return -EINVAL;
+
+ if ((sn[0] >= '0') && (sn[0] <= '9'))
+ return goddamnicq(sess, conn, sn);
+
+ sess->flags |= AIM_SESS_FLAGS_SNACLOGIN;
+
+ aim_sendflapver(sess, conn);
+
+ if (!(fr = aim_tx_new(sess, conn, AIM_FRAMETYPE_FLAP, 0x02, 10+2+2+strlen(sn))))
+ return -ENOMEM;
+
+ snacid = aim_cachesnac(sess, 0x0017, 0x0006, 0x0000, NULL, 0);
+ aim_putsnac(&fr->data, 0x0017, 0x0006, 0x0000, snacid);
+
+ aim_addtlvtochain_raw(&tl, 0x0001, strlen(sn), sn);
+ aim_writetlvchain(&fr->data, &tl);
+ aim_freetlvchain(&tl);
+
+ aim_tx_enqueue(sess, fr);
+
+ return 0;
+}
+
+/*
+ * Part two of the ICQ hack. Note the ignoring of the key and clientinfo.
+ */
+static int goddamnicq2(aim_session_t *sess, aim_conn_t *conn, const char *sn, const char *password)
+{
+ static const char clientstr[] = {"ICQ Inc. - Product of ICQ (TM) 2000b.4.65.1.3281.85"};
+ static const char lang[] = {"en"};
+ static const char country[] = {"us"};
+ aim_frame_t *fr;
+ aim_tlvlist_t *tl = NULL;
+ char *password_encoded;
+
+ if (!(password_encoded = (char *) malloc(strlen(password))))
+ return -ENOMEM;
+
+ if (!(fr = aim_tx_new(sess, conn, AIM_FRAMETYPE_FLAP, 0x01, 1152))) {
+ free(password_encoded);
+ return -ENOMEM;
+ }
+
+ aim_encode_password(password, password_encoded);
+
+ aimbs_put32(&fr->data, 0x00000001);
+ aim_addtlvtochain_raw(&tl, 0x0001, strlen(sn), sn);
+ aim_addtlvtochain_raw(&tl, 0x0002, strlen(password), password_encoded);
+ aim_addtlvtochain_raw(&tl, 0x0003, strlen(clientstr), clientstr);
+ aim_addtlvtochain16(&tl, 0x0016, 0x010a);
+ aim_addtlvtochain16(&tl, 0x0017, 0x0004);
+ aim_addtlvtochain16(&tl, 0x0018, 0x0041);
+ aim_addtlvtochain16(&tl, 0x0019, 0x0001);
+ aim_addtlvtochain16(&tl, 0x001a, 0x0cd1);
+ aim_addtlvtochain32(&tl, 0x0014, 0x00000055);
+ aim_addtlvtochain_raw(&tl, 0x000f, strlen(lang), lang);
+ aim_addtlvtochain_raw(&tl, 0x000e, strlen(country), country);
+
+ aim_writetlvchain(&fr->data, &tl);
+
+ free(password_encoded);
+ aim_freetlvchain(&tl);
+
+ aim_tx_enqueue(sess, fr);
+
+ return 0;
}
/*
*
* This is the initial login request packet.
*
- * The password is encoded before transmition, as per
- * encode_password(). See that function for their
- * stupid method of doing it.
+ * NOTE!! If you want/need to make use of the aim_sendmemblock() function,
+ * then the client information you send here must exactly match the
+ * executable that you're pulling the data from.
*
* Latest WinAIM:
* clientstring = "AOL Instant Messenger (SM), version 4.3.2188/WIN32"
* lang = "en"
* country = "us"
* unknown4a = 0x01
+ *
+ * Latest WinAIM that libfaim can emulate without server-side buddylists:
+ * clientstring = "AOL Instant Messenger (SM), version 4.1.2010/WIN32"
+ * major2 = 0x0004
+ * major = 0x0004
+ * minor = 0x0001
+ * minor2 = 0x0000
+ * build = 0x07da
+ * unknown= 0x0000004b
+ *
+ * WinAIM 3.5.1670:
+ * clientstring = "AOL Instant Messenger (SM), version 3.5.1670/WIN32"
+ * major2 = 0x0004
+ * major = 0x0003
+ * minor = 0x0005
+ * minor2 = 0x0000
+ * build = 0x0686
+ * unknown =0x0000002a
+ *
+ * Java AIM 1.1.19:
+ * clientstring = "AOL Instant Messenger (TM) version 1.1.19 for Java built 03/24/98, freeMem 215871 totalMem 1048567, i686, Linus, #2 SMP Sun Feb 11 03:41:17 UTC 2001 2.4.1-ac9, IBM Corporation, 1.1.8, 45.3, Tue Mar 27 12:09:17 PST 2001"
+ * major2 = 0x0001
+ * major = 0x0001
+ * minor = 0x0001
+ * minor2 = (not sent)
+ * build = 0x0013
+ * unknown= (not sent)
+ *
+ * AIM for Linux 1.1.112:
+ * clientstring = "AOL Instant Messenger (SM)"
+ * major2 = 0x1d09
+ * major = 0x0001
+ * minor = 0x0001
+ * minor2 = 0x0001
+ * build = 0x0070
+ * unknown= 0x0000008b
+ * serverstore = 0x01
+ *
*/
-faim_export int aim_send_login (struct aim_session_t *sess,
- struct aim_conn_t *conn,
- char *sn, char *password,
- struct client_info_s *clientinfo,
- char *key)
+faim_export int aim_send_login(aim_session_t *sess, aim_conn_t *conn, const char *sn, const char *password, struct client_info_s *clientinfo, const char *key)
{
- int curbyte=0;
- struct command_tx_struct *newpacket;
-
- if (!clientinfo || !sn || !password)
- return -1;
-
- if (!(newpacket = aim_tx_new(sess, conn, AIM_FRAMETYPE_OSCAR, 0x0002, 1152)))
- return -1;
-
- newpacket->lock = 1;
-
- newpacket->hdr.oscar.type = (sess->flags & AIM_SESS_FLAGS_SNACLOGIN)?0x02:0x01;
-
- if (sess->flags & AIM_SESS_FLAGS_SNACLOGIN)
- curbyte = aim_putsnac(newpacket->data, 0x0017, 0x0002, 0x0000, 0x00010000);
- else {
- curbyte = aimutil_put16(newpacket->data, 0x0000);
- curbyte += aimutil_put16(newpacket->data+curbyte, 0x0001);
- }
-
- curbyte += aim_puttlv_str(newpacket->data+curbyte, 0x0001, strlen(sn), sn);
-
- if (sess->flags & AIM_SESS_FLAGS_SNACLOGIN) {
- md5_byte_t digest[16];
-
- aim_encode_password_md5(password, key, digest);
- curbyte+= aim_puttlv_str(newpacket->data+curbyte, 0x0025, 16, (char *)digest);
- } else {
- char *password_encoded;
-
- password_encoded = (char *) malloc(strlen(password));
- aim_encode_password(password, password_encoded);
- curbyte += aim_puttlv_str(newpacket->data+curbyte, 0x0002, strlen(password), password_encoded);
- free(password_encoded);
- }
-
- /* XXX is clientstring required by oscar? */
- if (strlen(clientinfo->clientstring))
- curbyte += aim_puttlv_str(newpacket->data+curbyte, 0x0003, strlen(clientinfo->clientstring), clientinfo->clientstring);
-
- if (sess->flags & AIM_SESS_FLAGS_SNACLOGIN) {
- curbyte += aim_puttlv_16(newpacket->data+curbyte, 0x0016, (unsigned short)clientinfo->major2);
- curbyte += aim_puttlv_16(newpacket->data+curbyte, 0x0017, (unsigned short)clientinfo->major);
- curbyte += aim_puttlv_16(newpacket->data+curbyte, 0x0018, (unsigned short)clientinfo->minor);
- curbyte += aim_puttlv_16(newpacket->data+curbyte, 0x0019, (unsigned short)clientinfo->minor2);
- curbyte += aim_puttlv_16(newpacket->data+curbyte, 0x001a, (unsigned short)clientinfo->build);
-
- curbyte += aim_puttlv_32(newpacket->data+curbyte, 0x0014, clientinfo->unknown);
- curbyte += aim_puttlv_16(newpacket->data+curbyte, 0x0009, 0x0015);
- curbyte += aim_puttlv_8(newpacket->data+curbyte, 0x004a, 0x00);
- } else {
- /* Use very specific version numbers, to further indicate the hack. */
- curbyte += aim_puttlv_16(newpacket->data+curbyte, 0x0016, 0x010a);
- curbyte += aim_puttlv_16(newpacket->data+curbyte, 0x0017, 0x0004);
- curbyte += aim_puttlv_16(newpacket->data+curbyte, 0x0018, 0x003c);
- curbyte += aim_puttlv_16(newpacket->data+curbyte, 0x0019, 0x0001);
- curbyte += aim_puttlv_16(newpacket->data+curbyte, 0x001a, 0x0cce);
- curbyte += aim_puttlv_32(newpacket->data+curbyte, 0x0014, 0x00000055);
- }
-
- if (strlen(clientinfo->country))
- curbyte += aim_puttlv_str(newpacket->data+curbyte, 0x000e, strlen(clientinfo->country), clientinfo->country);
- else
- curbyte += aim_puttlv_str(newpacket->data+curbyte, 0x000e, 2, "us");
-
- if (strlen(clientinfo->lang))
- curbyte += aim_puttlv_str(newpacket->data+curbyte, 0x000f, strlen(clientinfo->lang), clientinfo->lang);
- else
- curbyte += aim_puttlv_str(newpacket->data+curbyte, 0x000f, 2, "en");
-
- newpacket->commandlen = curbyte;
-
- newpacket->lock = 0;
- return aim_tx_enqueue(sess, newpacket);
+ aim_frame_t *fr;
+ aim_tlvlist_t *tl = NULL;
+ fu8_t digest[16];
+ aim_snacid_t snacid;
+
+ if (!clientinfo || !sn || !password)
+ return -EINVAL;
+
+ if (sess->flags & AIM_SESS_FLAGS_XORLOGIN)
+ return goddamnicq2(sess, conn, sn, password);
+
+ if (!(fr = aim_tx_new(sess, conn, AIM_FRAMETYPE_FLAP, 0x02, 1152)))
+ return -ENOMEM;
+
+ if (sess->flags & AIM_SESS_FLAGS_XORLOGIN) {
+ fr->hdr.flap.type = 0x01;
+
+ /* Use very specific version numbers to further indicate hack */
+ clientinfo->major2 = 0x010a;
+ clientinfo->major = 0x0004;
+ clientinfo->minor = 0x003c;
+ clientinfo->minor2 = 0x0001;
+ clientinfo->build = 0x0cce;
+ clientinfo->unknown = 0x00000055;
+ }
+
+ snacid = aim_cachesnac(sess, 0x0017, 0x0002, 0x0000, NULL, 0);
+ aim_putsnac(&fr->data, 0x0017, 0x0002, 0x0000, snacid);
+
+ aim_addtlvtochain_raw(&tl, 0x0001, strlen(sn), sn);
+
+ aim_encode_password_md5(password, key, digest);
+ aim_addtlvtochain_raw(&tl, 0x0025, 16, digest);
+
+ aim_addtlvtochain_raw(&tl, 0x0003, strlen(clientinfo->clientstring), clientinfo->clientstring);
+ aim_addtlvtochain16(&tl, 0x0016, (fu16_t)clientinfo->major2);
+ aim_addtlvtochain16(&tl, 0x0017, (fu16_t)clientinfo->major);
+ aim_addtlvtochain16(&tl, 0x0018, (fu16_t)clientinfo->minor);
+ aim_addtlvtochain16(&tl, 0x0019, (fu16_t)clientinfo->minor2);
+ aim_addtlvtochain16(&tl, 0x001a, (fu16_t)clientinfo->build);
+ aim_addtlvtochain_raw(&tl, 0x000e, strlen(clientinfo->country), clientinfo->country);
+ aim_addtlvtochain_raw(&tl, 0x000f, strlen(clientinfo->lang), clientinfo->lang);
+ aim_addtlvtochain16(&tl, 0x0009, 0x0015);
+
+ aim_writetlvchain(&fr->data, &tl);
+
+ aim_freetlvchain(&tl);
+
+ aim_tx_enqueue(sess, fr);
+
+ return 0;
}
-static int aim_encode_password_md5(const char *password, const char *key, md5_byte_t *digest)
+faim_export int aim_encode_password_md5(const char *password, const char *key, fu8_t *digest)
{
- md5_state_t state;
+ md5_state_t state;
- md5_init(&state);
- md5_append(&state, (const md5_byte_t *)key, strlen(key));
- md5_append(&state, (const md5_byte_t *)password, strlen(password));
- md5_append(&state, (const md5_byte_t *)AIM_MD5_STRING, strlen(AIM_MD5_STRING));
- md5_finish(&state, (md5_byte_t *)digest);
+ md5_init(&state);
+ md5_append(&state, (const md5_byte_t *)key, strlen(key));
+ md5_append(&state, (const md5_byte_t *)password, strlen(password));
+ md5_append(&state, (const md5_byte_t *)AIM_MD5_STRING, strlen(AIM_MD5_STRING));
+ md5_finish(&state, (md5_byte_t *)digest);
- return 0;
+ return 0;
}
/**
* This is only used for the XOR method, not the better MD5 method.
*
*/
-static int aim_encode_password(const char *password, unsigned char *encoded)
+static int aim_encode_password(const char *password, fu8_t *encoded)
{
- u_char encoding_table[] = {
+ fu8_t encoding_table[] = {
#if 0 /* old v1 table */
- 0xf3, 0xb3, 0x6c, 0x99,
- 0x95, 0x3f, 0xac, 0xb6,
- 0xc5, 0xfa, 0x6b, 0x63,
- 0x69, 0x6c, 0xc3, 0x9f
+ 0xf3, 0xb3, 0x6c, 0x99,
+ 0x95, 0x3f, 0xac, 0xb6,
+ 0xc5, 0xfa, 0x6b, 0x63,
+ 0x69, 0x6c, 0xc3, 0x9f
#else /* v2.1 table, also works for ICQ */
- 0xf3, 0x26, 0x81, 0xc4,
- 0x39, 0x86, 0xdb, 0x92,
- 0x71, 0xa3, 0xb9, 0xe6,
- 0x53, 0x7a, 0x95, 0x7c
+ 0xf3, 0x26, 0x81, 0xc4,
+ 0x39, 0x86, 0xdb, 0x92,
+ 0x71, 0xa3, 0xb9, 0xe6,
+ 0x53, 0x7a, 0x95, 0x7c
#endif
- };
+ };
+ int i;
- int i;
-
- for (i = 0; i < strlen(password); i++)
- encoded[i] = (password[i] ^ encoding_table[i]);
+ for (i = 0; i < strlen(password); i++)
+ encoded[i] = (password[i] ^ encoding_table[i]);
- return 0;
+ return 0;
}
/*
- * This is sent back as a general response to the login command.
- * It can be either an error or a success, depending on the
- * precense of certain TLVs.
+ * Generate an authorization response.
+ *
+ * You probably don't want this unless you're writing an AIM server. Which
+ * I hope you're not doing. Because it's far more difficult than it looks.
*
- * The client should check the value passed as errorcode. If
- * its nonzero, there was an error.
+ */
+faim_export int aim_sendauthresp(aim_session_t *sess, aim_conn_t *conn, const char *sn, int errorcode, const char *errorurl, const char *bosip, const char *cookie, const char *email, int regstatus)
+{
+ aim_tlvlist_t *tlvlist = NULL;
+ aim_frame_t *fr;
+
+ if (!(fr = aim_tx_new(sess, conn, AIM_FRAMETYPE_FLAP, 0x04, 1152)))
+ return -ENOMEM;
+
+ if (sn)
+ aim_addtlvtochain_raw(&tlvlist, 0x0001, strlen(sn), sn);
+ else
+ aim_addtlvtochain_raw(&tlvlist, 0x0001, strlen(sess->sn), sess->sn);
+
+ if (errorcode) {
+ aim_addtlvtochain16(&tlvlist, 0x0008, errorcode);
+ aim_addtlvtochain_raw(&tlvlist, 0x0004, strlen(errorurl), errorurl);
+ } else {
+ aim_addtlvtochain_raw(&tlvlist, 0x0005, strlen(bosip), bosip);
+ aim_addtlvtochain_raw(&tlvlist, 0x0006, AIM_COOKIELEN, cookie);
+ aim_addtlvtochain_raw(&tlvlist, 0x0011, strlen(email), email);
+ aim_addtlvtochain16(&tlvlist, 0x0013, (fu16_t)regstatus);
+ }
+
+ aim_writetlvchain(&fr->data, &tlvlist);
+ aim_freetlvchain(&tlvlist);
+
+ aim_tx_enqueue(sess, fr);
+
+ return 0;
+}
+
+/*
+ * Generate a random cookie. (Non-client use only)
+ */
+faim_export int aim_gencookie(fu8_t *buf)
+{
+ int i;
+
+ srand(time(NULL));
+
+ for (i = 0; i < AIM_COOKIELEN; i++)
+ buf[i] = 1+(int) (256.0*rand()/(RAND_MAX+0.0));
+
+ return i;
+}
+
+/*
+ * Send Server Ready. (Non-client)
+ *
+ * XXX If anyone cares, this should be made to use the conn-stored group
+ * system.
*
*/
-faim_internal int aim_authparse(struct aim_session_t *sess,
- struct command_rx_struct *command)
+faim_export int aim_sendserverready(aim_session_t *sess, aim_conn_t *conn)
{
- struct aim_tlvlist_t *tlvlist;
- int ret = 1;
- rxcallback_t userfunc = NULL;
- char *sn = NULL, *bosip = NULL, *errurl = NULL, *email = NULL;
- unsigned char *cookie = NULL;
- int errorcode = 0, regstatus = 0;
- int latestbuild = 0, latestbetabuild = 0;
- char *latestrelease = NULL, *latestbeta = NULL;
- char *latestreleaseurl = NULL, *latestbetaurl = NULL;
- char *latestreleaseinfo = NULL, *latestbetainfo = NULL;
-
- /*
- * Read block of TLVs. All further data is derived
- * from what is parsed here.
- *
- * For SNAC login, there's a 17/3 SNAC header in front.
- *
- */
- if (sess->flags & AIM_SESS_FLAGS_SNACLOGIN)
- tlvlist = aim_readtlvchain(command->data+10, command->commandlen-10);
- else
- tlvlist = aim_readtlvchain(command->data, command->commandlen);
-
- /*
- * No matter what, we should have a screen name.
- */
- memset(sess->sn, 0, sizeof(sess->sn));
- if (aim_gettlv(tlvlist, 0x0001, 1)) {
- sn = aim_gettlv_str(tlvlist, 0x0001, 1);
- strncpy(sess->sn, sn, sizeof(sess->sn));
- }
-
- /*
- * Check for an error code. If so, we should also
- * have an error url.
- */
- if (aim_gettlv(tlvlist, 0x0008, 1))
- errorcode = aim_gettlv16(tlvlist, 0x0008, 1);
- if (aim_gettlv(tlvlist, 0x0004, 1))
- errurl = aim_gettlv_str(tlvlist, 0x0004, 1);
-
- /*
- * BOS server address.
- */
- if (aim_gettlv(tlvlist, 0x0005, 1))
- bosip = aim_gettlv_str(tlvlist, 0x0005, 1);
-
- /*
- * Authorization cookie.
- */
- if (aim_gettlv(tlvlist, 0x0006, 1)) {
- struct aim_tlv_t *tmptlv;
-
- tmptlv = aim_gettlv(tlvlist, 0x0006, 1);
-
- if ((cookie = malloc(tmptlv->length)))
- memcpy(cookie, tmptlv->value, tmptlv->length);
- }
-
- /*
- * The email address attached to this account
- * Not available for ICQ logins.
- */
- if (aim_gettlv(tlvlist, 0x0011, 1))
- email = aim_gettlv_str(tlvlist, 0x0011, 1);
-
- /*
- * The registration status. (Not real sure what it means.)
- * Not available for ICQ logins.
- *
- * 1 = No disclosure
- * 2 = Limited disclosure
- * 3 = Full disclosure
- *
- * This has to do with whether your email address is available
- * to other users or not. AFAIK, this feature is no longer used.
- *
- */
- if (aim_gettlv(tlvlist, 0x0013, 1))
- regstatus = aim_gettlv16(tlvlist, 0x0013, 1);
-
- if (aim_gettlv(tlvlist, 0x0040, 1))
- latestbetabuild = aim_gettlv32(tlvlist, 0x0040, 1);
- if (aim_gettlv(tlvlist, 0x0041, 1))
- latestbetaurl = aim_gettlv_str(tlvlist, 0x0041, 1);
- if (aim_gettlv(tlvlist, 0x0042, 1))
- latestbetainfo = aim_gettlv_str(tlvlist, 0x0042, 1);
- if (aim_gettlv(tlvlist, 0x0043, 1))
- latestbeta = aim_gettlv_str(tlvlist, 0x0043, 1);
- if (aim_gettlv(tlvlist, 0x0048, 1))
- ; /* no idea what this is */
-
- if (aim_gettlv(tlvlist, 0x0044, 1))
- latestbuild = aim_gettlv32(tlvlist, 0x0044, 1);
- if (aim_gettlv(tlvlist, 0x0045, 1))
- latestreleaseurl = aim_gettlv_str(tlvlist, 0x0045, 1);
- if (aim_gettlv(tlvlist, 0x0046, 1))
- latestreleaseinfo = aim_gettlv_str(tlvlist, 0x0046, 1);
- if (aim_gettlv(tlvlist, 0x0047, 1))
- latestrelease = aim_gettlv_str(tlvlist, 0x0047, 1);
- if (aim_gettlv(tlvlist, 0x0049, 1))
- ; /* no idea what this is */
-
-
- if ((userfunc = aim_callhandler(sess, command->conn, 0x0017, 0x0003)))
- ret = userfunc(sess, command, sn, errorcode, errurl, regstatus, email, bosip, cookie, latestrelease, latestbuild, latestreleaseurl, latestreleaseinfo, latestbeta, latestbetabuild, latestbetaurl, latestbetainfo);
-
-
- if (sn)
- free(sn);
- if (bosip)
- free(bosip);
- if (errurl)
- free(errurl);
- if (email)
- free(email);
- if (cookie)
- free(cookie);
- if (latestrelease)
- free(latestrelease);
- if (latestreleaseurl)
- free(latestreleaseurl);
- if (latestbeta)
- free(latestbeta);
- if (latestbetaurl)
- free(latestbetaurl);
- if (latestreleaseinfo)
- free(latestreleaseinfo);
- if (latestbetainfo)
- free(latestbetainfo);
-
- aim_freetlvchain(&tlvlist);
-
- return ret;
+ aim_frame_t *fr;
+ aim_snacid_t snacid;
+
+ if (!(fr = aim_tx_new(sess, conn, AIM_FRAMETYPE_FLAP, 0x02, 10+0x22)))
+ return -ENOMEM;
+
+ snacid = aim_cachesnac(sess, 0x0001, 0x0003, 0x0000, NULL, 0);
+
+ aim_putsnac(&fr->data, 0x0001, 0x0003, 0x0000, snacid);
+ aimbs_put16(&fr->data, 0x0001);
+ aimbs_put16(&fr->data, 0x0002);
+ aimbs_put16(&fr->data, 0x0003);
+ aimbs_put16(&fr->data, 0x0004);
+ aimbs_put16(&fr->data, 0x0006);
+ aimbs_put16(&fr->data, 0x0008);
+ aimbs_put16(&fr->data, 0x0009);
+ aimbs_put16(&fr->data, 0x000a);
+ aimbs_put16(&fr->data, 0x000b);
+ aimbs_put16(&fr->data, 0x000c);
+ aimbs_put16(&fr->data, 0x0013);
+ aimbs_put16(&fr->data, 0x0015);
+
+ aim_tx_enqueue(sess, fr);
+
+ return 0;
+}
+
+/*
+ * Send service redirect. (Non-Client)
+ */
+faim_export int aim_sendredirect(aim_session_t *sess, aim_conn_t *conn, fu16_t servid, const char *ip, const char *cookie)
+{
+ aim_tlvlist_t *tlvlist = NULL;
+ aim_frame_t *fr;
+ aim_snacid_t snacid;
+
+ if (!(fr = aim_tx_new(sess, conn, AIM_FRAMETYPE_FLAP, 0x02, 1152)))
+ return -ENOMEM;
+
+ snacid = aim_cachesnac(sess, 0x0001, 0x0005, 0x0000, NULL, 0);
+ aim_putsnac(&fr->data, 0x0001, 0x0005, 0x0000, snacid);
+
+ aim_addtlvtochain16(&tlvlist, 0x000d, servid);
+ aim_addtlvtochain_raw(&tlvlist, 0x0005, strlen(ip), ip);
+ aim_addtlvtochain_raw(&tlvlist, 0x0006, AIM_COOKIELEN, cookie);
+
+ aim_writetlvchain(&fr->data, &tlvlist);
+ aim_freetlvchain(&tlvlist);
+
+ aim_tx_enqueue(sess, fr);
+
+ return 0;
}
/*
- * Middle handler for 0017/0007 SNACs. Contains the auth key prefixed
- * by only its length in a two byte word.
+ * See comments in conn.c about how the group associations are supposed
+ * to work, and how they really work.
*
- * Calls the client, which should then use the value to call aim_send_login.
+ * This info probably doesn't even need to make it to the client.
*
*/
-faim_internal int aim_authkeyparse(struct aim_session_t *sess, struct command_rx_struct *command)
+static int hostonline(aim_session_t *sess, aim_module_t *mod, aim_frame_t *rx, aim_modsnac_t *snac, aim_bstream_t *bs)
{
- unsigned char *key;
- int keylen;
- int ret = 1;
- rxcallback_t userfunc;
-
- keylen = aimutil_get16(command->data+10);
- if (!(key = malloc(keylen+1)))
- return ret;
- memcpy(key, command->data+12, keylen);
- key[keylen] = '\0';
-
- if ((userfunc = aim_callhandler(sess, command->conn, 0x0017, 0x0007)))
- ret = userfunc(sess, command, (char *)key);
-
- free(key);
-
- return ret;
+ aim_rxcallback_t userfunc;
+ int ret = 0;
+ fu16_t *families;
+ int famcount;
+
+ if (!(families = malloc(aim_bstream_empty(bs))))
+ return 0;
+
+ for (famcount = 0; aim_bstream_empty(bs); famcount++) {
+ families[famcount] = aimbs_get16(bs);
+ aim_conn_addgroup(rx->conn, families[famcount]);
+ }
+
+ if ((userfunc = aim_callhandler(sess, rx->conn, snac->family, snac->subtype)))
+ ret = userfunc(sess, rx, famcount, families);
+
+ free(families);
+
+ return ret;
+}
+
+static int redirect(aim_session_t *sess, aim_module_t *mod, aim_frame_t *rx, aim_modsnac_t *snac, aim_bstream_t *bs)
+{
+ int serviceid;
+ fu8_t *cookie;
+ char *ip;
+ aim_rxcallback_t userfunc;
+ aim_tlvlist_t *tlvlist;
+ char *chathack = NULL;
+ int chathackex = 0;
+ int ret = 0;
+
+ tlvlist = aim_readtlvchain(bs);
+
+ if (!aim_gettlv(tlvlist, 0x000d, 1) ||
+ !aim_gettlv(tlvlist, 0x0005, 1) ||
+ !aim_gettlv(tlvlist, 0x0006, 1)) {
+ aim_freetlvchain(&tlvlist);
+ return 0;
+ }
+
+ serviceid = aim_gettlv16(tlvlist, 0x000d, 1);
+ ip = aim_gettlv_str(tlvlist, 0x0005, 1);
+ cookie = aim_gettlv_str(tlvlist, 0x0006, 1);
+
+ /*
+ * Chat hack.
+ */
+ if ((serviceid == AIM_CONN_TYPE_CHAT) && sess->pendingjoin) {
+ chathack = sess->pendingjoin;
+ chathackex = sess->pendingjoinexchange;
+ sess->pendingjoin = NULL;
+ sess->pendingjoinexchange = 0;
+ }
+
+ if ((userfunc = aim_callhandler(sess, rx->conn, snac->family, snac->subtype)))
+ ret = userfunc(sess, rx, serviceid, ip, cookie, chathack, chathackex);
+
+ free(ip);
+ free(cookie);
+ free(chathack);
+
+ aim_freetlvchain(&tlvlist);
+
+ return ret;
}
/*
- * Generate an authorization response.
+ * The Rate Limiting System, An Abridged Guide to Nonsense.
+ *
+ * OSCAR defines several 'rate classes'. Each class has seperate
+ * rate limiting properties (limit level, alert level, disconnect
+ * level, etc), and a set of SNAC family/type pairs associated with
+ * it. The rate classes, their limiting properties, and the definitions
+ * of which SNACs are belong to which class, are defined in the
+ * Rate Response packet at login to each host.
+ *
+ * Logically, all rate offenses within one class count against further
+ * offenses for other SNACs in the same class (ie, sending messages
+ * too fast will limit the number of user info requests you can send,
+ * since those two SNACs are in the same rate class).
+ *
+ * Since the rate classes are defined dynamically at login, the values
+ * below may change. But they seem to be fairly constant.
+ *
+ * Currently, BOS defines five rate classes, with the commonly used
+ * members as follows...
+ *
+ * Rate class 0x0001:
+ * - Everything thats not in any of the other classes
*
- * You probably don't want this unless you're writing an AIM server.
+ * Rate class 0x0002:
+ * - Buddy list add/remove
+ * - Permit list add/remove
+ * - Deny list add/remove
*
+ * Rate class 0x0003:
+ * - User information requests
+ * - Outgoing ICBMs
+ *
+ * Rate class 0x0004:
+ * - A few unknowns: 2/9, 2/b, and f/2
+ *
+ * Rate class 0x0005:
+ * - Chat room create
+ * - Outgoing chat ICBMs
+ *
+ * The only other thing of note is that class 5 (chat) has slightly looser
+ * limiting properties than class 3 (normal messages). But thats just a
+ * small bit of trivia for you.
+ *
+ * The last thing that needs to be learned about the rate limiting
+ * system is how the actual numbers relate to the passing of time. This
+ * seems to be a big mystery.
+ *
*/
-faim_export unsigned long aim_sendauthresp(struct aim_session_t *sess,
- struct aim_conn_t *conn,
- char *sn, int errorcode,
- char *errorurl, char *bosip,
- char *cookie, char *email,
- int regstatus)
-{
- struct command_tx_struct *tx;
- struct aim_tlvlist_t *tlvlist = NULL;
-
- if (!(tx = aim_tx_new(sess, conn, AIM_FRAMETYPE_OSCAR, 0x0004, 1152)))
- return -1;
-
- tx->lock = 1;
-
- if (sn)
- aim_addtlvtochain_str(&tlvlist, 0x0001, sn, strlen(sn));
- else
- aim_addtlvtochain_str(&tlvlist, 0x0001, sess->sn, strlen(sess->sn));
-
- if (errorcode) {
- aim_addtlvtochain16(&tlvlist, 0x0008, errorcode);
- aim_addtlvtochain_str(&tlvlist, 0x0004, errorurl, strlen(errorurl));
- } else {
- aim_addtlvtochain_str(&tlvlist, 0x0005, bosip, strlen(bosip));
- aim_addtlvtochain_str(&tlvlist, 0x0006, cookie, AIM_COOKIELEN);
- aim_addtlvtochain_str(&tlvlist, 0x0011, email, strlen(email));
- aim_addtlvtochain16(&tlvlist, 0x0013, (unsigned short)regstatus);
- }
-
- tx->commandlen = aim_writetlvchain(tx->data, tx->commandlen, &tlvlist);
- tx->lock = 0;
-
- return aim_tx_enqueue(sess, tx);
+
+/* XXX parse this */
+static int rateresp(aim_session_t *sess, aim_module_t *mod, aim_frame_t *rx, aim_modsnac_t *snac, aim_bstream_t *bs)
+{
+ aim_rxcallback_t userfunc;
+
+ if ((userfunc = aim_callhandler(sess, rx->conn, snac->family, snac->subtype)))
+ return userfunc(sess, rx);
+
+ return 0;
+}
+
+static int ratechange(aim_session_t *sess, aim_module_t *mod, aim_frame_t *rx, aim_modsnac_t *snac, aim_bstream_t *bs)
+{
+ aim_rxcallback_t userfunc;
+ fu16_t code, rateclass;
+ fu32_t currentavg, maxavg, windowsize, clear, alert, limit, disconnect;
+
+ code = aimbs_get16(bs);
+ rateclass = aimbs_get16(bs);
+
+ windowsize = aimbs_get32(bs);
+ clear = aimbs_get32(bs);
+ alert = aimbs_get32(bs);
+ limit = aimbs_get32(bs);
+ disconnect = aimbs_get32(bs);
+ currentavg = aimbs_get32(bs);
+ maxavg = aimbs_get32(bs);
+
+ if ((userfunc = aim_callhandler(sess, rx->conn, snac->family, snac->subtype)))
+ return userfunc(sess, rx, code, rateclass, windowsize, clear, alert, limit, disconnect, currentavg, maxavg);
+
+ return 0;
+}
+
+static int selfinfo(aim_session_t *sess, aim_module_t *mod, aim_frame_t *rx, aim_modsnac_t *snac, aim_bstream_t *bs)
+{
+ aim_rxcallback_t userfunc;
+ aim_userinfo_t userinfo;
+
+ aim_extractuserinfo(sess, bs, &userinfo);
+
+ if ((userfunc = aim_callhandler(sess, rx->conn, snac->family, snac->subtype)))
+ return userfunc(sess, rx, &userinfo);
+
+ return 0;
+}
+
+static int evilnotify(aim_session_t *sess, aim_module_t *mod, aim_frame_t *rx, aim_modsnac_t *snac, aim_bstream_t *bs)
+{
+ aim_rxcallback_t userfunc;
+ fu16_t newevil;
+ aim_userinfo_t userinfo;
+
+ memset(&userinfo, 0, sizeof(aim_userinfo_t));
+
+ newevil = aimbs_get16(bs);
+
+ if (aim_bstream_empty(bs))
+ aim_extractuserinfo(sess, bs, &userinfo);
+
+ if ((userfunc = aim_callhandler(sess, rx->conn, snac->family, snac->subtype)))
+ return userfunc(sess, rx, newevil, &userinfo);
+
+ return 0;
}
/*
- * Generate a random cookie. (Non-client use only)
+ * How Migrations work.
+ *
+ * The server sends a Server Pause message, which the client should respond to
+ * with a Server Pause Ack, which contains the families it needs on this
+ * connection. The server will send a Migration Notice with an IP address, and
+ * then disconnect. Next the client should open the connection and send the
+ * cookie. Repeat the normal login process and pretend this never happened.
+ *
+ * The Server Pause contains no data.
+ *
*/
-faim_export int aim_gencookie(unsigned char *buf)
+static int serverpause(aim_session_t *sess, aim_module_t *mod, aim_frame_t *rx, aim_modsnac_t *snac, aim_bstream_t *bs)
{
- int i;
+ aim_rxcallback_t userfunc;
+
+ if ((userfunc = aim_callhandler(sess, rx->conn, snac->family, snac->subtype)))
+ return userfunc(sess, rx);
- srand(time(NULL));
+ return 0;
+}
- for (i=0; i < AIM_COOKIELEN; i++)
- buf[i] = 1+(int) (256.0*rand()/(RAND_MAX+0.0));
+/*
+ * It is rather important that aim_sendpauseack() gets called for the exact
+ * same connection that the Server Pause callback was called for, since
+ * libfaim extracts the data for the SNAC from the connection structure.
+ *
+ * Of course, if you don't do that, more bad things happen than just what
+ * libfaim can cause.
+ *
+ */
+faim_export int aim_sendpauseack(aim_session_t *sess, aim_conn_t *conn)
+{
+ aim_frame_t *fr;
+ aim_snacid_t snacid;
+ aim_conn_inside_t *ins = (aim_conn_inside_t *)conn->inside;
+ struct snacgroup *sg;
- return i;
+ if (!(fr = aim_tx_new(sess, conn, AIM_FRAMETYPE_FLAP, 0x02, 1024)))
+ return -ENOMEM;
+
+ snacid = aim_cachesnac(sess, 0x0001, 0x000c, 0x0000, NULL, 0);
+ aim_putsnac(&fr->data, 0x0001, 0x000c, 0x0000, snacid);
+
+ /*
+ * This list should have all the groups that the original
+ * Host Online / Server Ready said this host supports. And
+ * we want them all back after the migration.
+ */
+ for (sg = ins->groups; sg; sg = sg->next)
+ aimbs_put16(&fr->data, sg->group);
+
+ aim_tx_enqueue(sess, fr);
+
+ return 0;
}
/*
- * Send Server Ready. (Non-client)
+ * This is the final SNAC sent on the original connection during a migration.
+ * It contains the IP and cookie used to connect to the new server, and
+ * optionally a list of the SNAC groups being migrated.
+ *
*/
-faim_export int aim_sendserverready(struct aim_session_t *sess, struct aim_conn_t *conn)
+static int migrate(aim_session_t *sess, aim_module_t *mod, aim_frame_t *rx, aim_modsnac_t *snac, aim_bstream_t *bs)
{
- struct command_tx_struct *tx;
- int i = 0;
-
- if (!(tx = aim_tx_new(sess, conn, AIM_FRAMETYPE_OSCAR, 0x0002, 10+0x22)))
- return -1;
-
- tx->lock = 1;
-
- i += aim_putsnac(tx->data, 0x0001, 0x0003, 0x0000, sess->snac_nextid++);
-
- i += aimutil_put16(tx->data+i, 0x0001);
- i += aimutil_put16(tx->data+i, 0x0002);
- i += aimutil_put16(tx->data+i, 0x0003);
- i += aimutil_put16(tx->data+i, 0x0004);
- i += aimutil_put16(tx->data+i, 0x0006);
- i += aimutil_put16(tx->data+i, 0x0008);
- i += aimutil_put16(tx->data+i, 0x0009);
- i += aimutil_put16(tx->data+i, 0x000a);
- i += aimutil_put16(tx->data+i, 0x000b);
- i += aimutil_put16(tx->data+i, 0x000c);
- i += aimutil_put16(tx->data+i, 0x0013);
- i += aimutil_put16(tx->data+i, 0x0015);
-
- tx->commandlen = i;
- tx->lock = 0;
- return aim_tx_enqueue(sess, tx);
+ aim_rxcallback_t userfunc;
+ int ret = 0;
+ fu16_t groupcount, i;
+ aim_tlvlist_t *tl;
+ char *ip = NULL;
+ aim_tlv_t *cktlv;
+
+ /*
+ * Apparently there's some fun stuff that can happen right here. The
+ * migration can actually be quite selective about what groups it
+ * moves to the new server. When not all the groups for a connection
+ * are migrated, or they are all migrated but some groups are moved
+ * to a different server than others, it is called a bifurcated
+ * migration.
+ *
+ * Let's play dumb and not support that.
+ *
+ */
+ groupcount = aimbs_get16(bs);
+ for (i = 0; i < groupcount; i++) {
+ fu16_t group;
+
+ group = aimbs_get16(bs);
+
+ faimdprintf(sess, 0, "bifurcated migration unsupported -- group 0x%04x\n", group);
+ }
+
+ tl = aim_readtlvchain(bs);
+
+ if (aim_gettlv(tl, 0x0005, 1))
+ ip = aim_gettlv_str(tl, 0x0005, 1);
+
+ cktlv = aim_gettlv(tl, 0x0006, 1);
+
+ if ((userfunc = aim_callhandler(sess, rx->conn, snac->family, snac->subtype)))
+ ret = userfunc(sess, rx, ip, cktlv ? cktlv->value : NULL);
+
+ aim_freetlvchain(&tl);
+ free(ip);
+
+ return ret;
}
+static int motd(aim_session_t *sess, aim_module_t *mod, aim_frame_t *rx, aim_modsnac_t *snac, aim_bstream_t *bs)
+{
+ aim_rxcallback_t userfunc;
+ char *msg = NULL;
+ int ret = 0;
+ aim_tlvlist_t *tlvlist;
+ fu16_t id;
+
+ /*
+ * Code.
+ *
+ * Valid values:
+ * 1 Mandatory upgrade
+ * 2 Advisory upgrade
+ * 3 System bulletin
+ * 4 Nothing's wrong ("top o the world" -- normal)
+ * 5 Lets-break-something.
+ *
+ */
+ id = aimbs_get16(bs);
+
+ /*
+ * TLVs follow
+ */
+ tlvlist = aim_readtlvchain(bs);
+
+ msg = aim_gettlv_str(tlvlist, 0x000b, 1);
+
+ if ((userfunc = aim_callhandler(sess, rx->conn, snac->family, snac->subtype)))
+ ret = userfunc(sess, rx, id, msg);
+
+ free(msg);
+
+ aim_freetlvchain(&tlvlist);
+
+ return ret;
+}
-/*
- * Send service redirect. (Non-Client)
+static int hostversions(aim_session_t *sess, aim_module_t *mod, aim_frame_t *rx, aim_modsnac_t *snac, aim_bstream_t *bs)
+{
+ aim_rxcallback_t userfunc;
+ int vercount;
+ fu8_t *versions;
+ int ret = 0;
+
+ vercount = aim_bstream_empty(bs)/4;
+ versions = aimbs_getraw(bs, aim_bstream_empty(bs));
+
+ if ((userfunc = aim_callhandler(sess, rx->conn, snac->family, snac->subtype)))
+ ret = userfunc(sess, rx, vercount, versions);
+
+ free(versions);
+
+ return ret;
+}
+
+/*
+ * Starting this past week (26 Mar 2001, say), AOL has started sending
+ * this nice little extra SNAC. AFAIK, it has never been used until now.
+ *
+ * The request contains eight bytes. The first four are an offset, the
+ * second four are a length.
+ *
+ * The offset is an offset into aim.exe when it is mapped during execution
+ * on Win32. So far, AOL has only been requesting bytes in static regions
+ * of memory. (I won't put it past them to start requesting data in
+ * less static regions -- regions that are initialized at run time, but still
+ * before the client recieves this request.)
+ *
+ * When the client recieves the request, it adds it to the current ds
+ * (0x00400000) and dereferences it, copying the data into a buffer which
+ * it then runs directly through the MD5 hasher. The 16 byte output of
+ * the hash is then sent back to the server.
+ *
+ * If the client does not send any data back, or the data does not match
+ * the data that the specific client should have, the client will get the
+ * following message from "AOL Instant Messenger":
+ * "You have been disconnected from the AOL Instant Message Service (SM)
+ * for accessing the AOL network using unauthorized software. You can
+ * download a FREE, fully featured, and authorized client, here
+ * http://www.aol.com/aim/download2.html"
+ * The connection is then closed, recieving disconnect code 1, URL
+ * http://www.aim.aol.com/errors/USER_LOGGED_OFF_NEW_LOGIN.html.
+ *
+ * Note, however, that numerous inconsistencies can cause the above error,
+ * not just sending back a bad hash. Do not immediatly suspect this code
+ * if you get disconnected. AOL and the open/free software community have
+ * played this game for a couple years now, generating the above message
+ * on numerous ocassions.
+ *
+ * Anyway, neener. We win again.
+ *
*/
-faim_export unsigned long aim_sendredirect(struct aim_session_t *sess,
- struct aim_conn_t *conn,
- unsigned short servid,
- char *ip,
- char *cookie)
-{
- struct command_tx_struct *tx;
- struct aim_tlvlist_t *tlvlist = NULL;
- int i = 0;
+static int memrequest(aim_session_t *sess, aim_module_t *mod, aim_frame_t *rx, aim_modsnac_t *snac, aim_bstream_t *bs)
+{
+ aim_rxcallback_t userfunc;
+ fu32_t offset, len;
+ aim_tlvlist_t *list;
+ char *modname;
+
+ offset = aimbs_get32(bs);
+ len = aimbs_get32(bs);
+ list = aim_readtlvchain(bs);
- if (!(tx = aim_tx_new(sess, conn, AIM_FRAMETYPE_OSCAR, 0x0002, 1152)))
- return -1;
+ modname = aim_gettlv_str(list, 0x0001, 1);
- tx->lock = 1;
+ faimdprintf(sess, 1, "data at 0x%08lx (%d bytes) of requested\n", offset, len, modname ? modname : "aim.exe");
- i += aim_putsnac(tx->data+i, 0x0001, 0x0005, 0x0000, 0x00000000);
-
- aim_addtlvtochain16(&tlvlist, 0x000d, servid);
- aim_addtlvtochain_str(&tlvlist, 0x0005, ip, strlen(ip));
- aim_addtlvtochain_str(&tlvlist, 0x0006, cookie, AIM_COOKIELEN);
+ if ((userfunc = aim_callhandler(sess, rx->conn, snac->family, snac->subtype)))
+ return userfunc(sess, rx, offset, len, modname);
- tx->commandlen = aim_writetlvchain(tx->data+i, tx->commandlen-i, &tlvlist)+i;
- aim_freetlvchain(&tlvlist);
+ free(modname);
+ aim_freetlvchain(&list);
- tx->lock = 0;
- return aim_tx_enqueue(sess, tx);
+ return 0;
}
+
+#if 0
+static void dumpbox(aim_session_t *sess, unsigned char *buf, int len)
+{
+ int i;
+
+ if (!sess || !buf || !len)
+ return;
+
+ faimdprintf(sess, 1, "\nDump of %d bytes at %p:", len, buf);
+
+ for (i = 0; i < len; i++) {
+ if ((i % 8) == 0)
+ faimdprintf(sess, 1, "\n\t");
+
+ faimdprintf(sess, 1, "0x%2x ", buf[i]);
+ }
+
+ faimdprintf(sess, 1, "\n\n");
+
+ return;
+}
+#endif
+
+faim_export int aim_sendmemblock(aim_session_t *sess, aim_conn_t *conn, fu32_t offset, fu32_t len, const fu8_t *buf, fu8_t flag)
+{
+ aim_frame_t *fr;
+ aim_snacid_t snacid;
+
+ if (!sess || !conn)
+ return -EINVAL;
+
+ if (!(fr = aim_tx_new(sess, conn, AIM_FRAMETYPE_FLAP, 0x02, 10+2+16)))
+ return -ENOMEM;
+
+ snacid = aim_cachesnac(sess, 0x0001, 0x0020, 0x0000, NULL, 0);
+
+ aim_putsnac(&fr->data, 0x0001, 0x0020, 0x0000, snacid);
+ aimbs_put16(&fr->data, 0x0010); /* md5 is always 16 bytes */
+
+ if ((flag == AIM_SENDMEMBLOCK_FLAG_ISHASH) && buf && (len == 0x10)) { /* we're getting a hash */
+
+ aimbs_putraw(&fr->data, buf, 0x10);
+
+ } else if (buf && (len > 0)) { /* use input buffer */
+ md5_state_t state;
+ md5_byte_t digest[0x10];
+
+ md5_init(&state);
+ md5_append(&state, (const md5_byte_t *)buf, len);
+ md5_finish(&state, digest);
+
+ aimbs_putraw(&fr->data, (fu8_t *)digest, 0x10);
+
+ } else if (len == 0) { /* no length, just hash NULL (buf is optional) */
+ md5_state_t state;
+ fu8_t nil = '\0';
+ md5_byte_t digest[0x10];
+
+ /*
+ * These MD5 routines are stupid in that you have to have
+ * at least one append. So thats why this doesn't look
+ * real logical.
+ */
+ md5_init(&state);
+ md5_append(&state, (const md5_byte_t *)&nil, 0);
+ md5_finish(&state, digest);
+
+ aimbs_putraw(&fr->data, (fu8_t *)digest, 0x10);
+
+ } else {
+
+ /*
+ * This data is correct for AIM 3.5.1670.
+ *
+ * Using these blocks is as close to "legal" as you can get
+ * without using an AIM binary.
+ *
+ */
+ if ((offset == 0x03ffffff) && (len == 0x03ffffff)) {
+
+#if 1 /* with "AnrbnrAqhfzcd" */
+ aimbs_put32(&fr->data, 0x44a95d26);
+ aimbs_put32(&fr->data, 0xd2490423);
+ aimbs_put32(&fr->data, 0x93b8821f);
+ aimbs_put32(&fr->data, 0x51c54b01);
+#else /* no filename */
+ aimbs_put32(&fr->data, 0x1df8cbae);
+ aimbs_put32(&fr->data, 0x5523b839);
+ aimbs_put32(&fr->data, 0xa0e10db3);
+ aimbs_put32(&fr->data, 0xa46d3b39);
+#endif
+
+ } else if ((offset == 0x00001000) && (len == 0x00000000)) {
+
+ aimbs_put32(&fr->data, 0xd41d8cd9);
+ aimbs_put32(&fr->data, 0x8f00b204);
+ aimbs_put32(&fr->data, 0xe9800998);
+ aimbs_put32(&fr->data, 0xecf8427e);
+
+ } else
+ faimdprintf(sess, 0, "sendmemblock: WARNING: unknown hash request\n");
+
+ }
+
+ aim_tx_enqueue(sess, fr);
+
+ return 0;
+}
+
+static int snachandler(aim_session_t *sess, aim_module_t *mod, aim_frame_t *rx, aim_modsnac_t *snac, aim_bstream_t *bs)
+{
+
+ if (snac->subtype == 0x0003)
+ return hostonline(sess, mod, rx, snac, bs);
+ else if (snac->subtype == 0x0005)
+ return redirect(sess, mod, rx, snac, bs);
+ else if (snac->subtype == 0x0007)
+ return rateresp(sess, mod, rx, snac, bs);
+ else if (snac->subtype == 0x000a)
+ return ratechange(sess, mod, rx, snac, bs);
+ else if (snac->subtype == 0x000b)
+ return serverpause(sess, mod, rx, snac, bs);
+ else if (snac->subtype == 0x000f)
+ return selfinfo(sess, mod, rx, snac, bs);
+ else if (snac->subtype == 0x0010)
+ return evilnotify(sess, mod, rx, snac, bs);
+ else if (snac->subtype == 0x0012)
+ return migrate(sess, mod, rx, snac, bs);
+ else if (snac->subtype == 0x0013)
+ return motd(sess, mod, rx, snac, bs);
+ else if (snac->subtype == 0x0018)
+ return hostversions(sess, mod, rx, snac, bs);
+ else if (snac->subtype == 0x001f)
+ return memrequest(sess, mod, rx, snac, bs);
+
+ return 0;
+}
+
+faim_internal int general_modfirst(aim_session_t *sess, aim_module_t *mod)
+{
+
+ mod->family = 0x0001;
+ mod->version = 0x0000;
+ mod->flags = 0;
+ strncpy(mod->name, "general", sizeof(mod->name));
+ mod->snachandler = snachandler;
+
+ return 0;
+}
+