static void
flap_connection_send_byte_stream(ByteStream *bs, FlapConnection *conn, size_t count)
{
if (conn == NULL)
return;
/* Make sure we don't send past the end of the bs */
if (count > byte_stream_empty(bs))
count = byte_stream_empty(bs); /* truncate to remaining space */
if (count == 0)
return;
/* Add everything to our outgoing buffer */
purple_circ_buffer_append(conn->buffer_outgoing, bs->data, count);
/* If we haven't already started writing stuff, then start the cycle */
if (conn->watcher_outgoing == 0)
{
if (conn->gsc) {
conn->watcher_outgoing = purple_input_add(conn->gsc->fd,
PURPLE_INPUT_WRITE, send_cb, conn);
send_cb(conn, -1, 0);
} else if (conn->fd >= 0) {
conn->watcher_outgoing = purple_input_add(conn->fd,
PURPLE_INPUT_WRITE, send_cb, conn);
send_cb(conn, -1, 0);
}
}
}
int byte_stream_putbs(ByteStream *bs, ByteStream *srcbs, int len)
{
if (byte_stream_empty(srcbs) < len)
return 0; /* XXX throw exception (underrun) */
if (byte_stream_empty(bs) < len)
return 0; /* XXX throw exception (overflow) */
memcpy(bs->data + bs->offset, srcbs->data + srcbs->offset, len);
bs->offset += len;
srcbs->offset += len;
return len;
}
guint32
aim_locate_getcaps_short(OscarData *od, ByteStream *bs, int len)
{
guint32 flags = 0;
int offset;
for (offset = 0; byte_stream_empty(bs) && (offset < len); offset += 0x02) {
guint8 *cap;
int i, identified;
cap = byte_stream_getraw(bs, 0x02);
for (i = 0, identified = 0; !(aim_caps[i].flag & OSCAR_CAPABILITY_LAST); i++) {
if (memcmp(&aim_caps[i].data[2], cap, 0x02) == 0) {
flags |= aim_caps[i].flag;
identified++;
break; /* should only match once... */
}
}
if (!identified)
purple_debug_misc("oscar", "unknown short capability: {%02x%02x}\n", cap[0], cap[1]);
g_free(cap);
}
return flags;
}
int byte_stream_getrawbuf(ByteStream *bs, guint8 *buf, int len)
{
if (byte_stream_empty(bs) < len)
return 0;
byte_stream_getrawbuf_nocheck(bs, buf, len);
return len;
}
guint32 byte_stream_getle32(ByteStream *bs)
{
if (byte_stream_empty(bs) < 4)
return 0; /* XXX throw an exception */
bs->offset += 4;
return aimutil_getle32(bs->data + bs->offset - 4);
}
int byte_stream_putle16(ByteStream *bs, guint16 v)
{
if (byte_stream_empty(bs) < 2)
return 0; /* XXX throw an exception */
bs->offset += aimutil_putle16(bs->data + bs->offset, v);
return 2;
}
int byte_stream_putle32(ByteStream *bs, guint32 v)
{
if (byte_stream_empty(bs) < 4)
return 0; /* XXX throw an exception */
bs->offset += aimutil_putle32(bs->data + bs->offset, v);
return 1;
}
/*
* N can be negative, which can be used for going backwards
* in a bstream. I'm not sure if libfaim actually does
* this anywhere...
*/
int byte_stream_advance(ByteStream *bs, int n)
{
if ((byte_stream_curpos(bs) + n < 0) || (byte_stream_empty(bs) < n))
return 0; /* XXX throw an exception */
bs->offset += n;
return n;
}
guint16 byte_stream_getle16(ByteStream *bs)
{
if (byte_stream_empty(bs) < 2)
return 0; /* XXX throw an exception */
bs->offset += 2;
return aimutil_getle16(bs->data + bs->offset - 2);
}
guint8 byte_stream_get8(ByteStream *bs)
{
if (byte_stream_empty(bs) < 1)
return 0; /* XXX throw an exception */
bs->offset++;
return aimutil_get8(bs->data + bs->offset - 1);
}
int byte_stream_getrawbuf(ByteStream *bs, guint8 *buf, int len)
{
if (byte_stream_empty(bs) < len)
return 0;
memcpy(buf, bs->data + bs->offset, len);
bs->offset += len;
return len;
}
int byte_stream_putraw(ByteStream *bs, const guint8 *v, int len)
{
if (byte_stream_empty(bs) < len)
return 0; /* XXX throw an exception */
memcpy(bs->data + bs->offset, v, len);
bs->offset += len;
return len;
}
/**
* Read a TLV chain from a buffer.
*
* Reads and parses a series of TLV patterns from a data buffer; the
* returned structure is manipulatable with the rest of the TLV
* routines. When done with a TLV chain, aim_tlvlist_free() should
* be called to free the dynamic substructures.
*
* TODO: There should be a flag setable here to have the tlvlist contain
* bstream references, so that at least the ->value portion of each
* element doesn't need to be malloc/memcpy'd. This could prove to be
* just as efficient as the in-place TLV parsing used in a couple places
* in libfaim.
*
* @param bs Input bstream
* @return Return the TLV chain read
*/
GSList *aim_tlvlist_read(ByteStream *bs)
{
GSList *list = NULL;
while (byte_stream_empty(bs) > 0) {
list = aim_tlv_read(list, bs);
if (list == NULL)
return NULL;
}
return g_slist_reverse(list);
}
guint8 *byte_stream_getraw(ByteStream *bs, int len)
{
guint8 *ob;
if (byte_stream_empty(bs) < len)
return NULL;
ob = g_malloc(len);
byte_stream_getrawbuf_nocheck(bs, ob, len);
return ob;
}
/**
* Read a TLV chain from a buffer.
*
* Reads and parses a series of TLV patterns from a data buffer; the
* returned structure is manipulatable with the rest of the TLV
* routines. When done with a TLV chain, aim_tlvlist_free() should
* be called to free the dynamic substructures.
*
* TODO: There should be a flag setable here to have the tlvlist contain
* bstream references, so that at least the ->value portion of each
* element doesn't need to be malloc/memcpy'd. This could prove to be
* just as efficient as the in-place TLV parsing used in a couple places
* in libfaim.
*
* @param bs Input bstream
* @param num The max number of TLVs that will be read, or -1 if unlimited.
* There are a number of places where you want to read in a tlvchain,
* but the chain is not at the end of the SNAC, and the chain is
* preceded by the number of TLVs. So you can limit that with this.
* @return Return the TLV chain read
*/
GSList *aim_tlvlist_readnum(ByteStream *bs, guint16 num)
{
GSList *list = NULL;
while ((byte_stream_empty(bs) > 0) && (num != 0)) {
list = aim_tlv_read(list, bs);
if (list == NULL)
return NULL;
num--;
}
return g_slist_reverse(list);
}
/**
* Read a TLV chain from a buffer.
*
* Reads and parses a series of TLV patterns from a data buffer; the
* returned structure is manipulatable with the rest of the TLV
* routines. When done with a TLV chain, aim_tlvlist_free() should
* be called to free the dynamic substructures.
*
* TODO: There should be a flag setable here to have the tlvlist contain
* bstream references, so that at least the ->value portion of each
* element doesn't need to be malloc/memcpy'd. This could prove to be
* just as efficient as the in-place TLV parsing used in a couple places
* in libfaim.
*
* @param bs Input bstream
* @param len The max length in bytes that will be read.
* There are a number of places where you want to read in a tlvchain,
* but the chain is not at the end of the SNAC, and the chain is
* preceded by the length of the TLVs. So you can limit that with this.
* @return Return the TLV chain read
*/
GSList *aim_tlvlist_readlen(ByteStream *bs, guint16 len)
{
GSList *list = NULL;
while ((byte_stream_empty(bs) > 0) && (len > 0)) {
list = aim_tlv_read(list, bs);
if (list == NULL)
return NULL;
len -= 2 + 2 + ((aim_tlv_t *)list->data)->length;
}
return g_slist_reverse(list);
}
char *byte_stream_getstr(ByteStream *bs, int len)
{
char *ob;
if (byte_stream_empty(bs) < len)
return NULL;
ob = g_malloc(len + 1);
byte_stream_getrawbuf_nocheck(bs, (guint8 *)ob, len);
ob[len] = '\0';
return ob;
}
static GSList *
aim_tlv_read(GSList *list, ByteStream *bs)
{
guint16 type, length;
aim_tlv_t *tlv;
type = byte_stream_get16(bs);
length = byte_stream_get16(bs);
#if 0
/*
* This code hasn't been needed in years. It's been commented
* out since 2003, at the latest. It seems likely that it was
* just a bug in their server code that has since been fixed.
* In any case, here's the orignal comment, kept for historical
* purposes:
*
* Okay, so now AOL has decided that any TLV of
* type 0x0013 can only be two bytes, despite
* what the actual given length is. So here
* we dump any invalid TLVs of that sort. Hopefully
* there's no special cases to this special case.
* - mid (30jun2000)
*/
if ((type == 0x0013) && (length != 0x0002)) {
length = 0x0002;
return list;
}
#endif
if (length > byte_stream_empty(bs)) {
aim_tlvlist_free(list);
return NULL;
}
tlv = createtlv(type, length, NULL);
if (tlv->length > 0) {
tlv->value = byte_stream_getraw(bs, length);
if (!tlv->value) {
freetlv(tlv);
aim_tlvlist_free(list);
return NULL;
}
}
return g_slist_prepend(list, tlv);
}
static void
parse_snac(OscarData *od, FlapConnection *conn, FlapFrame *frame)
{
aim_module_t *cur;
aim_modsnac_t snac;
if (byte_stream_empty(&frame->data) < 10)
return;
snac.family = byte_stream_get16(&frame->data);
snac.subtype = byte_stream_get16(&frame->data);
snac.flags = byte_stream_get16(&frame->data);
snac.id = byte_stream_get32(&frame->data);
/* SNAC flags are apparently uniform across all SNACs, so we handle them here */
if (snac.flags & 0x0001) {
/*
* This means the SNAC will be followed by another SNAC with
* related information. We don't need to do anything about
* this here.
*/
}
if (snac.flags & 0x8000) {
/*
* This packet contains the version of the family that this SNAC is
* in. You get this when your SSI module is version 2 or higher.
* For now we have no need for this, but you could always save
* it as a part of aim_modnsac_t, or something. The format is...
* 2 byte length of total mini-header (which is 6 bytes), then TLV
* of type 0x0001, length 0x0002, value is the 2 byte version
* number
*/
byte_stream_advance(&frame->data, byte_stream_get16(&frame->data));
}
for (cur = (aim_module_t *)od->modlistv; cur; cur = cur->next) {
if (!(cur->flags & AIM_MODFLAG_MULTIFAMILY) &&
(cur->family != snac.family))
continue;
if (cur->snachandler(od, conn, cur, frame, &snac, &frame->data))
return;
}
}
int
byte_stream_putcaps(ByteStream *bs, guint32 caps)
{
int i;
if (!bs)
return -EINVAL;
for (i = 0; byte_stream_empty(bs); i++) {
if (aim_caps[i].flag == OSCAR_CAPABILITY_LAST)
break;
if (caps & aim_caps[i].flag)
byte_stream_putraw(bs, aim_caps[i].data, 0x10);
}
return 0;
}
static void
parse_flap_ch4(OscarData *od, FlapConnection *conn, FlapFrame *frame)
{
GSList *tlvlist;
char *msg = NULL;
if (byte_stream_empty(&frame->data) == 0) {
/* XXX should do something with this */
return;
}
/* An ICQ account is logging in */
if (conn->type == SNAC_FAMILY_AUTH)
{
parse_fakesnac(od, conn, frame, 0x0017, 0x0003);
return;
}
tlvlist = aim_tlvlist_read(&frame->data);
if (aim_tlv_gettlv(tlvlist, 0x0009, 1))
conn->disconnect_code = aim_tlv_get16(tlvlist, 0x0009, 1);
if (aim_tlv_gettlv(tlvlist, 0x000b, 1))
msg = aim_tlv_getstr(tlvlist, 0x000b, 1);
/*
* The server ended this FLAP connnection, so let's be nice and
* close the physical TCP connection
*/
flap_connection_schedule_destroy(conn,
OSCAR_DISCONNECT_REMOTE_CLOSED, msg);
aim_tlvlist_free(tlvlist);
g_free(msg);
}
/*
* AIM is fairly regular about providing user info. This is a generic
* routine to extract it in its standard form.
*/
int
aim_info_extract(OscarData *od, ByteStream *bs, aim_userinfo_t *outinfo)
{
int curtlv, tlvcnt;
guint8 bnlen;
if (!bs || !outinfo)
return -EINVAL;
/* Clear out old data first */
memset(outinfo, 0x00, sizeof(aim_userinfo_t));
/*
* Username. Stored as an unterminated string prepended with a
* byte containing its length.
*/
bnlen = byte_stream_get8(bs);
outinfo->bn = byte_stream_getstr(bs, bnlen);
/*
* Warning Level. Stored as an unsigned short.
*/
outinfo->warnlevel = byte_stream_get16(bs);
/*
* TLV Count. Unsigned short representing the number of
* Type-Length-Value triples that follow.
*/
tlvcnt = byte_stream_get16(bs);
/*
* Parse out the Type-Length-Value triples as they're found.
*/
for (curtlv = 0; curtlv < tlvcnt; curtlv++) {
guint16 type, length;
int endpos;
type = byte_stream_get16(bs);
length = byte_stream_get16(bs);
endpos = byte_stream_curpos(bs) + MIN(length, byte_stream_empty(bs));
if (type == 0x0001) {
/*
* User flags
*
* Specified as any of the following ORed together:
* 0x0001 Unconfirmed account
* 0x0002 Unknown bit 2
* 0x0004 AOL Main Service user
* 0x0008 Unknown bit 4
* 0x0010 Free (AIM) user
* 0x0020 Away
* 0x0040 ICQ user (AIM bit also set)
* 0x0080 Mobile device
* 0x0400 Bot (like ActiveBuddy)
*/
outinfo->flags = byte_stream_get16(bs);
outinfo->present |= AIM_USERINFO_PRESENT_FLAGS;
} else if (type == 0x0002) {
/*
* Account creation time
*
* The time/date that the user originally registered for
* the service, stored in time_t format.
*
* I'm not sure how this differs from type 5 ("member
* since").
*
* Note: This is the field formerly known as "member
* since". All these years and I finally found out
* that I got the name wrong.
*/
outinfo->createtime = byte_stream_get32(bs);
outinfo->present |= AIM_USERINFO_PRESENT_CREATETIME;
} else if (type == 0x0003) {
/*
* On-Since date
*
* The time/date that the user started their current
* session, stored in time_t format.
*/
outinfo->onlinesince = byte_stream_get32(bs);
outinfo->present |= AIM_USERINFO_PRESENT_ONLINESINCE;
} else if (type == 0x0004) {
/*
* Idle time
*
* Number of minutes since the user actively used the
* service.
*
* Note that the client tells the server when to start
* counting idle times, so this may or may not be
* related to reality.
*/
outinfo->idletime = byte_stream_get16(bs);
outinfo->present |= AIM_USERINFO_PRESENT_IDLE;
} else if (type == 0x0005) {
/*
* Member since date
*
* The time/date that the user originally registered for
* the service, stored in time_t format.
*
* This is sometimes sent instead of type 2 ("account
* creation time"), particularly in the self-info.
* And particularly for ICQ?
*/
outinfo->membersince = byte_stream_get32(bs);
outinfo->present |= AIM_USERINFO_PRESENT_MEMBERSINCE;
} else if (type == 0x0006) {
/*
* ICQ Online Status
*
* ICQ's Away/DND/etc "enriched" status. Some decoding
* of values done by Scott <*****@*****.**>
*/
byte_stream_get16(bs);
outinfo->icqinfo.status = byte_stream_get16(bs);
outinfo->present |= AIM_USERINFO_PRESENT_ICQEXTSTATUS;
} else if (type == 0x0008) {
/*
* Client type, or some such.
*/
} else if (type == 0x000a) {
/*
* ICQ User IP Address
*
* Ahh, the joy of ICQ security.
*/
outinfo->icqinfo.ipaddr = byte_stream_get32(bs);
outinfo->present |= AIM_USERINFO_PRESENT_ICQIPADDR;
} else if (type == 0x000c) {
/*
* Random crap containing the IP address,
* apparently a port number, and some Other Stuff.
*
* Format is:
* 4 bytes - Our IP address, 0xc0 a8 01 2b for 192.168.1.43
*/
byte_stream_getrawbuf(bs, outinfo->icqinfo.crap, 0x25);
outinfo->present |= AIM_USERINFO_PRESENT_ICQDATA;
} else if (type == 0x000d) {
/*
* OSCAR Capability information
*/
outinfo->capabilities |= aim_locate_getcaps(od, bs, length);
outinfo->present |= AIM_USERINFO_PRESENT_CAPABILITIES;
} else if (type == 0x000e) {
/*
* AOL capability information
*/
} else if ((type == 0x000f) || (type == 0x0010)) {
/*
* Type = 0x000f: Session Length. (AIM)
* Type = 0x0010: Session Length. (AOL)
*
* The duration, in seconds, of the user's current
* session.
*
* Which TLV type this comes in depends on the
* service the user is using (AIM or AOL).
*/
outinfo->sessionlen = byte_stream_get32(bs);
outinfo->present |= AIM_USERINFO_PRESENT_SESSIONLEN;
} else if (type == 0x0014) {
/*
* My instance number.
*/
guint8 instance_number;
instance_number = byte_stream_get8(bs);
} else if (type == 0x0019) {
/*
* OSCAR short capability information. A shortened
* form of the normal capabilities.
*/
outinfo->capabilities |= aim_locate_getcaps_short(od, bs, length);
outinfo->present |= AIM_USERINFO_PRESENT_CAPABILITIES;
} else if (type == 0x001a) {
/*
* Type = 0x001a
*
* AOL short capability information. A shortened
* form of the normal capabilities.
*/
} else if (type == 0x001b) {
/*
* Encryption certification MD5 checksum.
*/
} else if (type == 0x001d) {
/*
* Buddy icon information and status/available messages.
*
* This almost seems like the AIM protocol guys gave
* the iChat guys a Type, and the iChat guys tried to
* cram as much cool shit into it as possible. Then
* the Windows AIM guys were like, "hey, that's
* pretty neat, let's copy those prawns."
*
* In that spirit, this can contain a custom message,
* kind of like an away message, but you're not away
* (it's called an "available" message). Or it can
* contain information about the buddy icon the user
* has stored on the server.
*/
guint16 type2;
guint8 number2, length2;
int endpos2;
/*
* Continue looping as long as we're able to read type2,
* number2, and length2.
*/
while (byte_stream_curpos(bs) + 4 <= endpos) {
type2 = byte_stream_get16(bs);
number2 = byte_stream_get8(bs);
length2 = byte_stream_get8(bs);
endpos2 = byte_stream_curpos(bs) + MIN(length2, byte_stream_empty(bs));
switch (type2) {
case 0x0000: { /* This is an official buddy icon? */
/* This is always 5 bytes of "0x02 01 d2 04 72"? */
} break;
case 0x0001: { /* A buddy icon checksum */
if ((length2 > 0) && ((number2 == 0x00) || (number2 == 0x01))) {
g_free(outinfo->iconcsum);
outinfo->iconcsumtype = number2;
outinfo->iconcsum = byte_stream_getraw(bs, length2);
outinfo->iconcsumlen = length2;
}
} break;
case 0x0002: { /* A status/available message */
g_free(outinfo->status);
g_free(outinfo->status_encoding);
if (length2 >= 4) {
outinfo->status_len = byte_stream_get16(bs);
outinfo->status = byte_stream_getstr(bs, outinfo->status_len);
if (byte_stream_get16(bs) == 0x0001) { /* We have an encoding */
byte_stream_get16(bs);
outinfo->status_encoding = byte_stream_getstr(bs, byte_stream_get16(bs));
} else {
/* No explicit encoding, client should use UTF-8 */
outinfo->status_encoding = NULL;
}
} else {
byte_stream_advance(bs, length2);
outinfo->status_len = 0;
outinfo->status = g_strdup("");
outinfo->status_encoding = NULL;
}
} break;
case 0x0009: { /* An iTunes Music Store link */
g_free(outinfo->itmsurl);
g_free(outinfo->itmsurl_encoding);
if (length2 >= 4) {
outinfo->itmsurl_len = byte_stream_get16(bs);
outinfo->itmsurl = byte_stream_getstr(bs, outinfo->itmsurl_len);
if (byte_stream_get16(bs) == 0x0001) {
/* We have an encoding */
byte_stream_get16(bs);
outinfo->itmsurl_encoding = byte_stream_getstr(bs, byte_stream_get16(bs));
} else {
/* No explicit encoding, client should use UTF-8 */
outinfo->itmsurl_encoding = NULL;
}
} else {
byte_stream_advance(bs, length2);
outinfo->itmsurl_len = 0;
outinfo->itmsurl = g_strdup("");
outinfo->itmsurl_encoding = NULL;
}
} break;
}
/* Save ourselves. */
byte_stream_setpos(bs, endpos2);
}
} else if (type == 0x001e) {
/*
* Always four bytes, but it doesn't look like an int.
*/
} else if (type == 0x001f) {
/*
* Upper bytes of user flags. Can be any size
*
* Seen on a buddy using DeadAIM. Data was 4 bytes:
* 0x00 00 00 10
*/
} else if (type == 0x0023) {
/*
* Last Buddy Feed update time, in seconds since the epoch.
*/
} else if (type == 0x0026) {
/*
* Time that the profile was set, in seconds since the epoch.
*/
} else if (type == 0x0027) {
/*
* Time that the away message was set, in seconds since the epoch.
*/
} else if (type == 0x002a) {
/*
* Country code based on GeoIP data.
*/
} else {
/*
* Reaching here indicates that either AOL has
* added yet another TLV for us to deal with,
* or the parsing has gone Terribly Wrong.
*
* Either way, inform the owner and attempt
* recovery.
*
*/
#ifdef LOG_UNKNOWN_TLV
purple_debug_misc("oscar", "userinfo: **warning: unexpected TLV:\n");
purple_debug_misc("oscar", "userinfo: bn =%s\n", outinfo->bn);
dumptlv(od, type, bs, length);
#endif
}
/* Save ourselves. */
byte_stream_setpos(bs, endpos);
}
aim_locate_adduserinfo(od, outinfo);
return 0;
}
/**
* Handle an incoming peer proxy negotiation frame.
*/
static void
peer_proxy_recv_frame(PeerConnection *conn, ProxyFrame *frame)
{
purple_debug_info("oscar", "Incoming peer proxy frame with "
"type=0x%04hx, unknown=0x%08x, "
"flags=0x%04hx, and payload length=%hd\n", frame->type,
frame->unknown, frame->flags, frame->payload.len);
if (frame->type == PEER_PROXY_TYPE_CREATED)
{
/*
* Read in 2 byte port then 4 byte IP and tell the
* remote user to connect to it by sending an ICBM.
*/
guint16 pin;
int i;
guint8 ip[4];
pin = byte_stream_get16(&frame->payload);
for (i = 0; i < 4; i++)
ip[i] = byte_stream_get8(&frame->payload);
if (conn->type == OSCAR_CAPABILITY_DIRECTIM)
aim_im_sendch2_odc_requestproxy(conn->od,
conn->cookie,
conn->bn, ip, pin, ++conn->lastrequestnumber);
else if (conn->type == OSCAR_CAPABILITY_SENDFILE)
{
aim_im_sendch2_sendfile_requestproxy(conn->od,
conn->cookie, conn->bn,
ip, pin, ++conn->lastrequestnumber,
(const gchar *)conn->xferdata.name,
conn->xferdata.size, conn->xferdata.totfiles);
}
}
else if (frame->type == PEER_PROXY_TYPE_READY)
{
purple_input_remove(conn->watcher_incoming);
conn->watcher_incoming = 0;
peer_connection_finalize_connection(conn);
}
else if (frame->type == PEER_PROXY_TYPE_ERROR)
{
if (byte_stream_empty(&frame->payload) >= 2)
{
guint16 error;
const char *msg;
error = byte_stream_get16(&frame->payload);
if (error == 0x000d)
msg = "bad request";
else if (error == 0x0010)
msg = "initial request timed out";
else if (error == 0x001a)
msg ="accept period timed out";
else
msg = "unknown reason";
purple_debug_info("oscar", "Proxy negotiation failed with "
"error 0x%04hx: %s\n", error, msg);
}
else
{
purple_debug_warning("oscar", "Proxy negotiation failed with "
"an unknown error\n");
}
peer_connection_trynext(conn);
}
else
{
purple_debug_warning("oscar", "Unknown peer proxy frame type 0x%04hx.\n",
frame->type);
}
}
