faim_internal int aim_addtlvtochain_userinfo(aim_tlvlist_t **list, fu16_t type, aim_userinfo_t *ui)
{
fu8_t buf[1024]; /* bleh */
aim_bstream_t bs;
aim_bstream_init(&bs, buf, sizeof(buf));
aim_putuserinfo(&bs, ui);
return aim_addtlvtochain_raw(list, type, aim_bstream_curpos(&bs), buf);
}
/**
* aim_addtlvtochain_caps - Add a capability block to a TLV chain
* @list: Destination chain
* @type: TLV type to add
* @caps: Bitfield of capability flags to send
*
* Adds a block of capability blocks to a TLV chain. The bitfield
* passed in should be a bitwise %OR of any of the %AIM_CAPS constants:
*
* %AIM_CAPS_BUDDYICON Supports Buddy Icons
*
* %AIM_CAPS_VOICE Supports Voice Chat
*
* %AIM_CAPS_IMIMAGE Supports DirectIM/IMImage
*
* %AIM_CAPS_CHAT Supports Chat
*
* %AIM_CAPS_GETFILE Supports Get File functions
*
* %AIM_CAPS_SENDFILE Supports Send File functions
*
*/
faim_internal int aim_addtlvtochain_caps(aim_tlvlist_t **list, const fu16_t t, const fu16_t caps)
{
fu8_t buf[16*16]; /* icky fixed length buffer */
aim_bstream_t bs;
if (!caps)
return 0; /* nothing there anyway */
aim_bstream_init(&bs, buf, sizeof(buf));
aim_putcap(&bs, caps);
return aim_addtlvtochain_raw(list, t, aim_bstream_curpos(&bs), buf);
}
/*
* Note that the inner TLV chain will not be modifiable as a tlvchain once
* it is written using this. Or rather, it can be, but updates won't be
* made to this.
*
* XXX should probably support sublists for real.
*
* This is so neat.
*
*/
faim_internal int aim_addtlvtochain_frozentlvlist(aim_tlvlist_t **list, fu16_t type, aim_tlvlist_t **tl)
{
fu8_t *buf;
int buflen;
aim_bstream_t bs;
buflen = aim_sizetlvchain(tl);
if (buflen <= 0)
return 0;
if (!(buf = malloc(buflen)))
return 0;
aim_bstream_init(&bs, buf, buflen);
aim_writetlvchain(&bs, tl);
aim_addtlvtochain_raw(list, type, aim_bstream_curpos(&bs), buf);
free(buf);
return buflen;
}
static int aim_addtlvtochain_chatroom(aim_tlvlist_t **list, fu16_t type, fu16_t exchange, const char *roomname, fu16_t instance)
{
fu8_t *buf;
int buflen;
aim_bstream_t bs;
buflen = 2 + 1 + strlen(roomname) + 2;
if (!(buf = malloc(buflen)))
return 0;
aim_bstream_init(&bs, buf, buflen);
aimbs_put16(&bs, exchange);
aimbs_put8(&bs, strlen(roomname));
aimbs_putraw(&bs, roomname, strlen(roomname));
aimbs_put16(&bs, instance);
aim_addtlvtochain_raw(list, type, aim_bstream_curpos(&bs), buf);
free(buf);
return 0;
}
/*
* AIM is fairly regular about providing user info. This is a generic
* routine to extract it in its standard form.
*/
faim_internal int aim_extractuserinfo(aim_session_t *sess, aim_bstream_t *bs, aim_userinfo_t *outinfo)
{
int curtlv, tlvcnt;
fu8_t snlen;
if (!bs || !outinfo)
return -EINVAL;
/* Clear out old data first */
memset(outinfo, 0x00, sizeof(aim_userinfo_t));
/*
* Screen name. Stored as an unterminated string prepended with a
* byte containing its length.
*/
snlen = aimbs_get8(bs);
aimbs_getrawbuf(bs, outinfo->sn, snlen);
/*
* Warning Level. Stored as an unsigned short.
*/
outinfo->warnlevel = aimbs_get16(bs);
/*
* TLV Count. Unsigned short representing the number of
* Type-Length-Value triples that follow.
*/
tlvcnt = aimbs_get16(bs);
/*
* Parse out the Type-Length-Value triples as they're found.
*/
for (curtlv = 0; curtlv < tlvcnt; curtlv++) {
int endpos;
fu16_t type, length;
type = aimbs_get16(bs);
length = aimbs_get16(bs);
endpos = aim_bstream_curpos(bs) + length;
if (type == 0x0001) {
/*
* Type = 0x0001: User flags
*
* Specified as any of the following ORed together:
* 0x0001 Trial (user less than 60days)
* 0x0002 Unknown bit 2
* 0x0004 AOL Main Service user
* 0x0008 Unknown bit 4
* 0x0010 Free (AIM) user
* 0x0020 Away
* 0x0400 ActiveBuddy
*
*/
outinfo->flags = aimbs_get16(bs);
outinfo->present |= AIM_USERINFO_PRESENT_FLAGS;
} else if (type == 0x0002) {
/*
* Type = 0x0002: Account creation time.
*
* The time/date that the user originally registered for
* the service, stored in time_t format.
*
* I'm not sure how this differs from type 5 ("member
* since").
*
* Note: This is the field formerly known as "member
* since". All these years and I finally found out
* that I got the name wrong.
*/
outinfo->createtime = aimbs_get32(bs);
outinfo->present |= AIM_USERINFO_PRESENT_CREATETIME;
} else if (type == 0x0003) {
/*
* Type = 0x0003: On-Since date.
*
* The time/date that the user started their current
* session, stored in time_t format.
*/
outinfo->onlinesince = aimbs_get32(bs);
outinfo->present |= AIM_USERINFO_PRESENT_ONLINESINCE;
} else if (type == 0x0004) {
/*
* Type = 0x0004: Idle time.
*
* Number of seconds since the user actively used the
* service.
*
* Note that the client tells the server when to start
* counting idle times, so this may or may not be
* related to reality.
*/
outinfo->idletime = aimbs_get16(bs);
outinfo->present |= AIM_USERINFO_PRESENT_IDLE;
} else if (type == 0x0005) {
/*
* Type = 0x0005: Member since date.
*
* The time/date that the user originally registered for
* the service, stored in time_t format.
*
* This is sometimes sent instead of type 2 ("account
* creation time"), particularly in the self-info.
*/
outinfo->membersince = aimbs_get32(bs);
outinfo->present |= AIM_USERINFO_PRESENT_MEMBERSINCE;
} else if (type == 0x0006) {
/*
* Type = 0x0006: ICQ Online Status
*
* ICQ's Away/DND/etc "enriched" status. Some decoding
* of values done by Scott <*****@*****.**>
*/
aimbs_get16(bs);
outinfo->icqinfo.status = aimbs_get16(bs);
outinfo->present |= AIM_USERINFO_PRESENT_ICQEXTSTATUS;
} else if (type == 0x000a) {
/*
* Type = 0x000a
*
* ICQ User IP Address.
* Ahh, the joy of ICQ security.
*/
outinfo->icqinfo.ipaddr = aimbs_get32(bs);
outinfo->present |= AIM_USERINFO_PRESENT_ICQIPADDR;
} else if (type == 0x000c) {
/*
* Type = 0x000c
*
* random crap containing the IP address,
* apparently a port number, and some Other Stuff.
*
*/
aimbs_getrawbuf(bs, outinfo->icqinfo.crap, 0x25);
outinfo->present |= AIM_USERINFO_PRESENT_ICQDATA;
} else if (type == 0x000d) {
/*
* Type = 0x000d
*
* Capability information.
*
*/
outinfo->capabilities = aim_getcap(sess, bs, length);
outinfo->present |= AIM_USERINFO_PRESENT_CAPABILITIES;
} else if (type == 0x000e) {
/*
* Type = 0x000e
*
* Unknown. Always of zero length, and always only
* on AOL users.
*
* Ignore.
*
*/
} else if ((type == 0x000f) || (type == 0x0010)) {
/*
* Type = 0x000f: Session Length. (AIM)
* Type = 0x0010: Session Length. (AOL)
*
* The duration, in seconds, of the user's current
* session.
*
* Which TLV type this comes in depends on the
* service the user is using (AIM or AOL).
*
*/
outinfo->sessionlen = aimbs_get32(bs);
outinfo->present |= AIM_USERINFO_PRESENT_SESSIONLEN;
} else if (type == 0x001d) {
/*
* Type 29: Unknown.
*
* Currently very rare. Always 18 bytes of mostly zero.
*/
} else if (type == 0x001e) {
/*
* Type 30: Unknown.
*
* Always four bytes, but it doesn't look like an int.
*/
} else {
/*
* Reaching here indicates that either AOL has
* added yet another TLV for us to deal with,
* or the parsing has gone Terribly Wrong.
*
* Either way, inform the owner and attempt
* recovery.
*
*/
faimdprintf(sess, 0, "userinfo: **warning: unexpected TLV:\n");
faimdprintf(sess, 0, "userinfo: sn =%s\n", outinfo->sn);
dumptlv(sess, type, bs, length);
}
/* Save ourselves. */
aim_bstream_setpos(bs, endpos);
}
return 0;
}
/*
* conn must be a BOS connection!
*/
faim_export int aim_chat_invite(aim_session_t *sess, aim_conn_t *conn, const char *sn, const char *msg, fu16_t exchange, const char *roomname, fu16_t instance)
{
int i;
aim_frame_t *fr;
aim_msgcookie_t *cookie;
struct aim_invite_priv *priv;
fu8_t ckstr[8];
aim_snacid_t snacid;
aim_tlvlist_t *otl = NULL, *itl = NULL;
fu8_t *hdr;
int hdrlen;
aim_bstream_t hdrbs;
if (!sess || !conn || !sn || !msg || !roomname)
return -EINVAL;
if (conn->type != AIM_CONN_TYPE_BOS)
return -EINVAL;
if (!(fr = aim_tx_new(sess, conn, AIM_FRAMETYPE_FLAP, 0x02, 1152+strlen(sn)+strlen(roomname)+strlen(msg))))
return -ENOMEM;
snacid = aim_cachesnac(sess, 0x0004, 0x0006, 0x0000, sn, strlen(sn)+1);
aim_putsnac(&fr->data, 0x0004, 0x0006, 0x0000, snacid);
/*
* Cookie
*/
for (i = 0; i < sizeof(ckstr); i++)
aimutil_put8(ckstr, (fu8_t) rand());
/* XXX should be uncached by an unwritten 'invite accept' handler */
if ((priv = malloc(sizeof(struct aim_invite_priv)))) {
priv->sn = strdup(sn);
priv->roomname = strdup(roomname);
priv->exchange = exchange;
priv->instance = instance;
}
if ((cookie = aim_mkcookie(ckstr, AIM_COOKIETYPE_INVITE, priv)))
aim_cachecookie(sess, cookie);
else
free(priv);
for (i = 0; i < sizeof(ckstr); i++)
aimbs_put8(&fr->data, ckstr[i]);
/*
* Channel (2)
*/
aimbs_put16(&fr->data, 0x0002);
/*
* Dest sn
*/
aimbs_put8(&fr->data, strlen(sn));
aimbs_putraw(&fr->data, sn, strlen(sn));
/*
* TLV t(0005)
*
* Everything else is inside this TLV.
*
* Sigh. AOL was rather inconsistent right here. So we have
* to play some minor tricks. Right inside the type 5 is some
* raw data, followed by a series of TLVs.
*
*/
hdrlen = 2+8+16+6+4+4+strlen(msg)+4+2+1+strlen(roomname)+2;
hdr = malloc(hdrlen);
aim_bstream_init(&hdrbs, hdr, hdrlen);
aimbs_put16(&hdrbs, 0x0000); /* Unknown! */
aimbs_putraw(&hdrbs, ckstr, sizeof(ckstr)); /* I think... */
aim_putcap(&hdrbs, AIM_CAPS_CHAT);
aim_addtlvtochain16(&itl, 0x000a, 0x0001);
aim_addtlvtochain_noval(&itl, 0x000f);
aim_addtlvtochain_raw(&itl, 0x000c, strlen(msg), msg);
aim_addtlvtochain_chatroom(&itl, 0x2711, exchange, roomname, instance);
aim_writetlvchain(&hdrbs, &itl);
aim_addtlvtochain_raw(&otl, 0x0005, aim_bstream_curpos(&hdrbs), hdr);
aim_writetlvchain(&fr->data, &otl);
free(hdr);
aim_freetlvchain(&itl);
aim_freetlvchain(&otl);
aim_tx_enqueue(sess, fr);
return 0;
}
/*
* AIM is fairly regular about providing user info. This is a generic
* routine to extract it in its standard form.
*/
faim_internal int aim_extractuserinfo(aim_session_t *sess, aim_bstream_t *bs, aim_userinfo_t *outinfo)
{
int curtlv, tlvcnt;
fu8_t snlen;
if (!bs || !outinfo)
return -EINVAL;
/* Clear out old data first */
memset(outinfo, 0x00, sizeof(aim_userinfo_t));
/*
* Screen name. Stored as an unterminated string prepended with a
* byte containing its length.
*/
snlen = aimbs_get8(bs);
aimbs_getrawbuf(bs, outinfo->sn, snlen);
/*
* Warning Level. Stored as an unsigned short.
*/
outinfo->warnlevel = aimbs_get16(bs);
/*
* TLV Count. Unsigned short representing the number of
* Type-Length-Value triples that follow.
*/
tlvcnt = aimbs_get16(bs);
/*
* Parse out the Type-Length-Value triples as they're found.
*/
for (curtlv = 0; curtlv < tlvcnt; curtlv++) {
int endpos;
fu16_t type, length;
type = aimbs_get16(bs);
length = aimbs_get16(bs);
endpos = aim_bstream_curpos(bs) + length;
if (type == 0x0001) {
/*
* Type = 0x0001: User flags
*
* Specified as any of the following ORed together:
* 0x0001 Trial (user less than 60days)
* 0x0002 Unknown bit 2
* 0x0004 AOL Main Service user
* 0x0008 Unknown bit 4
* 0x0010 Free (AIM) user
* 0x0020 Away
* 0x0400 ActiveBuddy
*
*/
outinfo->flags = aimbs_get16(bs);
} else if (type == 0x0002) {
/*
* Type = 0x0002: Member-Since date.
*
* The time/date that the user originally registered for
* the service, stored in time_t format.
*/
outinfo->membersince = aimbs_get32(bs);
} else if (type == 0x0003) {
/*
* Type = 0x0003: On-Since date.
*
* The time/date that the user started their current
* session, stored in time_t format.
*/
outinfo->onlinesince = aimbs_get32(bs);
} else if (type == 0x0004) {
/*
* Type = 0x0004: Idle time.
*
* Number of seconds since the user actively used the
* service.
*
* Note that the client tells the server when to start
* counting idle times, so this may or may not be
* related to reality.
*/
outinfo->idletime = aimbs_get16(bs);
} else if (type == 0x0006) {
/*
* Type = 0x0006: ICQ Online Status
*
* ICQ's Away/DND/etc "enriched" status. Some decoding
* of values done by Scott <*****@*****.**>
*/
aimbs_get16(bs);
outinfo->icqinfo.status = aimbs_get16(bs);
} else if (type == 0x000a) {
/*
* Type = 0x000a
*
* ICQ User IP Address.
* Ahh, the joy of ICQ security.
*/
outinfo->icqinfo.ipaddr = aimbs_get32(bs);
} else if (type == 0x000c) {
/*
* Type = 0x000c
*
* random crap containing the IP address,
* apparently a port number, and some Other Stuff.
*
*/
aimbs_getrawbuf(bs, outinfo->icqinfo.crap, 0x25);
} else if (type == 0x000d) {
/*
* Type = 0x000d
*
* Capability information.
*
*/
outinfo->capabilities = aim_getcap(sess, bs, length);
outinfo->capspresent = 1;
} else if (type == 0x000e) {
/*
* Type = 0x000e
*
* Unknown. Always of zero length, and always only
* on AOL users.
*
* Ignore.
*
*/
} else if ((type == 0x000f) || (type == 0x0010)) {
/*
* Type = 0x000f: Session Length. (AIM)
* Type = 0x0010: Session Length. (AOL)
*
* The duration, in seconds, of the user's current
* session.
*
* Which TLV type this comes in depends on the
* service the user is using (AIM or AOL).
*
*/
outinfo->sessionlen = aimbs_get32(bs);
} else {
/*
* Reaching here indicates that either AOL has
* added yet another TLV for us to deal with,
* or the parsing has gone Terribly Wrong.
*
* Either way, inform the owner and attempt
* recovery.
*
*/
faimdprintf(sess, 0, "userinfo: **warning: unexpected TLV:\n");
faimdprintf(sess, 0, "userinfo: sn =%s\n", outinfo->sn);
faimdprintf(sess, 0, "userinfo: type =0x%04x\n",type);
faimdprintf(sess, 0, "userinfo: length=0x%04x\n", length);
}
/* Save ourselves. */
aim_bstream_setpos(bs, endpos);
}
return 0;
}
static int incomingim_ch1(aim_session_t *sess, aim_module_t *mod, aim_frame_t *rx, aim_modsnac_t *snac, guint16 channel, aim_userinfo_t *userinfo, aim_bstream_t *bs, guint8 *cookie)
{
guint16 type, length;
aim_rxcallback_t userfunc;
int ret = 0;
struct aim_incomingim_ch1_args args;
int endpos;
memset(&args, 0, sizeof(args));
aim_mpmsg_init(sess, &args.mpmsg);
/*
* This used to be done using tlvchains. For performance reasons,
* I've changed it to process the TLVs in-place. This avoids lots
* of per-IM memory allocations.
*/
while (aim_bstream_empty(bs)) {
type = aimbs_get16(bs);
length = aimbs_get16(bs);
endpos = aim_bstream_curpos(bs) + length;
if (type == 0x0002) { /* Message Block */
/*
* This TLV consists of the following:
* - 0501 -- Unknown
* - Features: Don't know how to interpret these
* - 0101 -- Unknown
* - Message
*
*/
aimbs_get8(bs); /* 05 */
aimbs_get8(bs); /* 01 */
args.featureslen = aimbs_get16(bs);
/* XXX XXX this is all evil! */
args.features = bs->data + bs->offset;
aim_bstream_advance(bs, args.featureslen);
args.icbmflags |= AIM_IMFLAGS_CUSTOMFEATURES;
/*
* The rest of the TLV contains one or more message
* blocks...
*/
incomingim_ch1_parsemsgs(sess, bs->data + bs->offset /* XXX evil!!! */, length - 2 - 2 - args.featureslen, &args);
} else if (type == 0x0003) { /* Server Ack Requested */
args.icbmflags |= AIM_IMFLAGS_ACK;
} else if (type == 0x0004) { /* Message is Auto Response */
args.icbmflags |= AIM_IMFLAGS_AWAY;
} else if (type == 0x0006) { /* Message was received offline. */
/* XXX not sure if this actually gets sent. */
args.icbmflags |= AIM_IMFLAGS_OFFLINE;
} else if (type == 0x0008) { /* I-HAVE-A-REALLY-PURTY-ICON Flag */
args.iconlen = aimbs_get32(bs);
aimbs_get16(bs); /* 0x0001 */
args.iconsum = aimbs_get16(bs);
args.iconstamp = aimbs_get32(bs);
/*
* This looks to be a client bug. MacAIM 4.3 will
* send this tag, but with all zero values, in the
* first message of a conversation. This makes no
* sense whatsoever, so I'm going to say its a bug.
*
* You really shouldn't advertise a zero-length icon
* anyway.
*
*/
if (args.iconlen)
args.icbmflags |= AIM_IMFLAGS_HASICON;
} else if (type == 0x0009) {
args.icbmflags |= AIM_IMFLAGS_BUDDYREQ;
} else if (type == 0x0017) {
args.extdatalen = length;
args.extdata = aimbs_getraw(bs, args.extdatalen);
} else {
// imcb_error(sess->aux_data, "Unknown TLV encountered");
}
/*
* This is here to protect ourselves from ourselves. That
* is, if something above doesn't completly parse its value
* section, or, worse, overparses it, this will set the
* stream where it needs to be in order to land on the next
* TLV when the loop continues.
*
*/
aim_bstream_setpos(bs, endpos);
}
if ((userfunc = aim_callhandler(sess, rx->conn, snac->family, snac->subtype)))
ret = userfunc(sess, rx, channel, userinfo, &args);
aim_mpmsg_free(sess, &args.mpmsg);
g_free(args.extdata);
return ret;
}
