+ return ret;
+}
+
+static int incomingim_ch1(struct aim_session_t *sess, aim_module_t *mod, struct command_rx_struct *rx, aim_modsnac_t *snac, unsigned short channel, struct aim_userinfo_s *userinfo, struct aim_tlvlist_t *tlvlist, unsigned char *cookie)
+{
+ rxcallback_t userfunc;
+ int i, j = 0, y = 0, z = 0, ret = 0;
+ char *msg = NULL;
+ unsigned long icbmflags = 0;
+ struct aim_tlv_t *msgblocktlv;
+ unsigned char *msgblock;
+ unsigned short flag1, flag2;
+ int finlen = 0;
+ unsigned char fingerprint[10];
+ unsigned short wastebits;
+
+ /*
+ * Check Autoresponse status. If it is an autoresponse,
+ * it will contain a type 0x0004 TLV, with zero length.
+ */
+ if (aim_gettlv(tlvlist, 0x0004, 1))
+ icbmflags |= AIM_IMFLAGS_AWAY;
+
+ /*
+ * Check Ack Request status.
+ */
+ if (aim_gettlv(tlvlist, 0x0003, 1))
+ icbmflags |= AIM_IMFLAGS_ACK;
+
+ /*
+ * Message block.
+ */
+ msgblocktlv = aim_gettlv(tlvlist, 0x0002, 1);
+ if (!msgblocktlv || !(msgblock = msgblocktlv->value)) {
+ faimdprintf(sess, 0, "icbm: major error! no message block TLV found!\n");
+ return 0;
+ }
+
+ /*
+ * Extracting the message from the unknown cruft.
+ *
+ * This is a bit messy, and I'm not really qualified,
+ * even as the author, to comment on it. At least
+ * its not as bad as a while loop shooting into infinity.
+ *
+ * "Do you believe in magic?"
+ *
+ */
+
+ wastebits = aimutil_get8(msgblock+j++);
+ wastebits = aimutil_get8(msgblock+j++);
+
+ y = aimutil_get16(msgblock+j);
+ j += 2;
+ for (z = 0; z < y; z++)
+ wastebits = aimutil_get8(msgblock+j++);
+ wastebits = aimutil_get8(msgblock+j++);
+ wastebits = aimutil_get8(msgblock+j++);
+
+ finlen = j;
+ if (finlen > sizeof(fingerprint))
+ finlen = sizeof(fingerprint);
+ memcpy(fingerprint, msgblocktlv->value, finlen);
+
+ /*
+ * Message string length, including flag words.
+ */
+ i = aimutil_get16(msgblock+j);
+ j += 2;
+
+ /*
+ * Flag words.
+ *
+ * Its rumored that these can kick in some funky
+ * 16bit-wide char stuff that used to really kill
+ * libfaim. Hopefully the latter is no longer true.
+ *
+ * Though someone should investiagte the former.
+ *
+ */
+ flag1 = aimutil_get16(msgblock+j);
+ j += 2;
+ flag2 = aimutil_get16(msgblock+j);
+ j += 2;
+
+ if (flag1 || flag2)
+ faimdprintf(sess, 0, "icbm: **warning: encoding flags are being used! {%04x, %04x}\n", flag1, flag2);
+
+ /*
+ * Message string.
+ */
+ i -= 4;
+ msg = (char *)malloc(i+1);
+ memcpy(msg, msgblock+j, i);
+ msg[i] = '\0';
+
+ if ((userfunc = aim_callhandler(sess, rx->conn, snac->family, snac->subtype)))
+ ret = userfunc(sess, rx, channel, userinfo, msg, icbmflags, flag1, flag2, finlen, fingerprint);
+
+ free(msg);
+
+ return ret;
+}
+
+static int incomingim_ch2(struct aim_session_t *sess, aim_module_t *mod, struct command_rx_struct *rx, aim_modsnac_t *snac, unsigned short channel, struct aim_userinfo_s *userinfo, struct aim_tlvlist_t *tlvlist, unsigned char *cookie)
+{
+ rxcallback_t userfunc;
+ struct aim_tlv_t *block1;
+ struct aim_tlvlist_t *list2;
+ unsigned short reqclass = 0;
+ unsigned short status = 0;
+ int ret = 0;
+
+ /*
+ * There's another block of TLVs embedded in the type 5 here.
+ */
+ block1 = aim_gettlv(tlvlist, 0x0005, 1);
+ if (!block1 || !block1->value) {
+ faimdprintf(sess, 0, "no tlv 0x0005 in rendezvous transaction!\n");
+ return 0;
+ }
+
+ /*
+ * First two bytes represent the status of the connection.
+ *
+ * 0 is a request, 2 is an accept
+ */
+ status = aimutil_get16(block1->value+0);
+
+ /*
+ * Next comes the cookie. Should match the ICBM cookie.
+ */
+ if (memcmp(block1->value+2, cookie, 8) != 0)
+ faimdprintf(sess, 0, "rend: warning cookies don't match!\n");
+
+ /*
+ * The next 16bytes are a capability block so we can
+ * identify what type of rendezvous this is.
+ *
+ * Thanks to Eric Warmenhoven <warmenhoven@linux.com> (of GAIM)
+ * for pointing some of this out to me. In fact, a lot of
+ * the client-to-client info comes from the work of the GAIM
+ * developers. Thanks!
+ *
+ * Read off one capability string and we should have it ID'd.
+ *
+ */
+ reqclass = aim_getcap(sess, block1->value+2+8, 0x10);
+ if (reqclass == 0x0000) {
+ faimdprintf(sess, 0, "rend: no ID block\n");
+ return 0;
+ }
+
+ /*
+ * What follows may be TLVs or nothing, depending on the
+ * purpose of the message.
+ *
+ * Ack packets for instance have nothing more to them.
+ */
+ list2 = aim_readtlvchain(block1->value+2+8+16, block1->length-2-8-16);
+
+ if (!list2 || ((reqclass != AIM_CAPS_IMIMAGE) && !(aim_gettlv(list2, 0x2711, 1)))) {
+ struct aim_msgcookie_t *cook;
+ int type;
+
+ type = aim_msgcookie_gettype(reqclass); /* XXX: fix this shitty code */
+
+ if ((cook = aim_checkcookie(sess, cookie, type)) == NULL) {
+ faimdprintf(sess, 0, "non-data rendezvous thats not in cache %d/%s!\n", type, cookie);
+ aim_freetlvchain(&list2);
+ return 0;
+ }
+
+ if (cook->type == AIM_COOKIETYPE_OFTGET) {
+ struct aim_filetransfer_priv *ft;
+
+ if (cook->data) {
+ int errorcode = -1; /* XXX shouldnt this be 0? */
+
+ ft = (struct aim_filetransfer_priv *)cook->data;
+
+ if(status != 0x0002) {
+ if (aim_gettlv(list2, 0x000b, 1))
+ errorcode = aim_gettlv16(list2, 0x000b, 1);
+
+ /* XXX this should make it up to the client, you know.. */
+ if (errorcode)
+ faimdprintf(sess, 0, "transfer from %s (%s) for %s cancelled (error code %d)\n", ft->sn, ft->ip, ft->fh.name, errorcode);
+ }
+ } else {
+ faimdprintf(sess, 0, "no data attached to file transfer\n");
+ }
+ } else if (cook->type == AIM_CAPS_VOICE) {
+ faimdprintf(sess, 0, "voice request cancelled\n");
+ } else {
+ faimdprintf(sess, 0, "unknown cookie cache type %d\n", cook->type);
+ }
+
+ aim_freetlvchain(&list2);
+
+ return 1;
+ }
+
+ /*
+ * The rest of the handling depends on what type it is.
+ */
+ if (reqclass & AIM_CAPS_BUDDYICON) {
+
+ /* XXX implement this (its in ActiveBuddy...) */
+ if ((userfunc = aim_callhandler(sess, rx->conn, snac->family, snac->subtype)))
+ ret = userfunc(sess, rx, channel, reqclass, userinfo);
+
+ } else if (reqclass & AIM_CAPS_VOICE) {
+ struct aim_msgcookie_t *cachedcook;
+
+ faimdprintf(sess, 0, "rend: voice!\n");
+
+ if(!(cachedcook = (struct aim_msgcookie_t*)calloc(1, sizeof(struct aim_msgcookie_t)))) {
+ aim_freetlvchain(&list2);
+ return 0;
+ }
+
+ memcpy(cachedcook->cookie, cookie, 8);
+ cachedcook->type = AIM_COOKIETYPE_OFTVOICE;
+ cachedcook->data = NULL;
+
+ if (aim_cachecookie(sess, cachedcook) == -1)
+ faimdprintf(sess, 0, "ERROR caching message cookie\n");
+
+ /* XXX: implement all this */
+
+ if ((userfunc = aim_callhandler(sess, rx->conn, snac->family, snac->subtype)))
+ ret = userfunc(sess, rx, channel, reqclass, &userinfo);
+
+ } else if ((reqclass & AIM_CAPS_IMIMAGE) ||
+ (reqclass & AIM_CAPS_BUDDYICON)) {
+ char ip[30];
+ struct aim_directim_priv *priv;
+
+ memset(ip, 0, sizeof(ip));
+
+ if (aim_gettlv(list2, 0x0003, 1) && aim_gettlv(list2, 0x0005, 1)) {
+ struct aim_tlv_t *iptlv, *porttlv;
+
+ iptlv = aim_gettlv(list2, 0x0003, 1);
+ porttlv = aim_gettlv(list2, 0x0005, 1);
+
+ snprintf(ip, 30, "%d.%d.%d.%d:%d",
+ aimutil_get8(iptlv->value+0),
+ aimutil_get8(iptlv->value+1),
+ aimutil_get8(iptlv->value+2),
+ aimutil_get8(iptlv->value+3),
+ 4443 /*aimutil_get16(porttlv->value)*/);
+ }
+
+ faimdprintf(sess, 0, "rend: directIM request from %s (%s)\n",
+ userinfo->sn, ip);
+
+ /*
+ * XXX: there are a couple of different request packets for
+ * different things
+ */
+
+ priv = (struct aim_directim_priv *)calloc(1, sizeof(struct aim_directim_priv));
+ memcpy(priv->ip, ip, sizeof(priv->ip));
+ memcpy(priv->sn, userinfo->sn, sizeof(priv->sn));
+ memcpy(priv->cookie, cookie, sizeof(priv->cookie));
+
+ if ((userfunc = aim_callhandler(sess, rx->conn, snac->family, snac->subtype)))
+ ret = userfunc(sess, rx, channel, reqclass, userinfo, priv);
+
+ } else if (reqclass & AIM_CAPS_CHAT) {
+ struct aim_tlv_t *miscinfo;
+ struct aim_chat_roominfo roominfo;
+ char *msg=NULL,*encoding=NULL,*lang=NULL;
+
+ miscinfo = aim_gettlv(list2, 0x2711, 1);
+ aim_chat_readroominfo(miscinfo->value, &roominfo);
+
+ if (aim_gettlv(list2, 0x000c, 1))
+ msg = aim_gettlv_str(list2, 0x000c, 1);
+
+ if (aim_gettlv(list2, 0x000d, 1))
+ encoding = aim_gettlv_str(list2, 0x000d, 1);
+
+ if (aim_gettlv(list2, 0x000e, 1))
+ lang = aim_gettlv_str(list2, 0x000e, 1);
+
+ if ((userfunc = aim_callhandler(sess, rx->conn, snac->family, snac->subtype)))
+ ret = userfunc(sess, rx, channel, reqclass, userinfo, &roominfo, msg, encoding?encoding+1:NULL, lang?lang+1:NULL);
+
+ free(roominfo.name);
+ free(msg);
+ free(encoding);
+ free(lang);
+
+ } else if (reqclass & AIM_CAPS_GETFILE) {
+ char ip[30];
+ struct aim_msgcookie_t *cachedcook;
+ struct aim_tlv_t *miscinfo;
+ struct aim_tlv_t *iptlv, *porttlv;
+
+ memset(ip, 0, 30);
+
+ if (!(cachedcook = calloc(1, sizeof(struct aim_msgcookie_t)))) {
+ aim_freetlvchain(&list2);
+ return 0;
+ }
+
+ if (!(miscinfo = aim_gettlv(list2, 0x2711, 1)) ||
+ !(iptlv = aim_gettlv(list2, 0x0003, 1)) ||
+ !(porttlv = aim_gettlv(list2, 0x0005, 1))) {
+ faimdprintf(sess, 0, "rend: badly damaged file get request from %s...\n", userinfo->sn);
+ aim_cookie_free(sess, cachedcook);
+ aim_freetlvchain(&list2);
+ return 0;
+ }
+
+ snprintf(ip, 30, "%d.%d.%d.%d:%d",
+ aimutil_get8(iptlv->value+0),
+ aimutil_get8(iptlv->value+1),
+ aimutil_get8(iptlv->value+2),
+ aimutil_get8(iptlv->value+3),
+ aimutil_get16(porttlv->value));
+
+ faimdprintf(sess, 0, "rend: file get request from %s (%s)\n", userinfo->sn, ip);
+ if ((userfunc = aim_callhandler(sess, rx->conn, snac->family, snac->subtype)))
+ ret = userfunc(sess, rx, channel, reqclass, userinfo, ip, cookie);
+
+ } else if (reqclass & AIM_CAPS_SENDFILE) {
+#if 0
+ char ip[30];
+ struct aim_msgcookie_t *cachedcook;
+ struct aim_tlv_t *miscinfo;
+ struct aim_tlv_t *iptlv, *porttlv;
+
+ memset(ip, 0, 30);
+
+ if (!(cachedcook = calloc(1, sizeof(struct aim_msgcookie_t)))) {
+ aim_freetlvchain(&list2);
+ return 0;
+ }
+
+ if (!(miscinfo = aim_gettlv(list2, 0x2711, 1)) ||
+ !(iptlv = aim_gettlv(list2, 0x0003, 1)) ||
+ !(porttlv = aim_gettlv(list2, 0x0005, 1))) {
+ faimdprintf(sess, 0, "rend: badly damaged file get request from %s...\n", userinfo->sn);
+ aim_cookie_free(sess, cachedcook);
+ aim_freetlvchain(&list2);
+ return 0;
+ }
+
+ snprintf(ip, 30, "%d.%d.%d.%d:%d",
+ aimutil_get8(iptlv->value+0),
+ aimutil_get8(iptlv->value+1),
+ aimutil_get8(iptlv->value+2),
+ aimutil_get8(iptlv->value+3),
+ aimutil_get16(porttlv->value));
+
+ if (aim_gettlv(list2, 0x000c, 1))
+ desc = aim_gettlv_str(list2, 0x000c, 1);
+
+ faimdprintf(sess, 0, "rend: file transfer request from %s for %s: %s (%s)\n",
+ userinfo->sn, miscinfo->value+8,
+ desc, ip);
+
+ memcpy(cachedcook->cookie, cookie, 8);
+
+ ft = malloc(sizeof(struct aim_filetransfer_priv));
+ strncpy(ft->sn, userinfo.sn, sizeof(ft->sn));
+ strncpy(ft->ip, ip, sizeof(ft->ip));
+ strncpy(ft->fh.name, miscinfo->value+8, sizeof(ft->fh.name));
+ cachedcook->type = AIM_COOKIETYPE_OFTSEND;
+ cachedcook->data = ft;
+
+ if (aim_cachecookie(sess, cachedcook) == -1)
+ faimdprintf(sess, 0, "ERROR caching message cookie\n");
+
+ aim_accepttransfer(sess, rx->conn, ft->sn, cookie, AIM_CAPS_SENDFILE);
+
+ if (desc)
+ free(desc);
+
+ if ((userfunc = aim_callhandler(sess, rx->conn, snac->family, snac->subtype)))
+ ret = userfunc(sess, rx, channel, reqclass, userinfo);
+
+#endif
+ } else
+ faimdprintf(sess, 0, "rend: unknown rendezvous 0x%04x\n", reqclass);
+
+ aim_freetlvchain(&list2);
+
+ return ret;