view libpurple/protocols/oscar/family_oservice.c @ 31807:b24babbae157

Bounds-check stringref copies (which are safe anyway)
author Ethan Blanton <elb@pidgin.im>
date Wed, 17 Aug 2011 23:54:59 +0000
parents a453690ba4f4
children
line wrap: on
line source

/*
 * Purple's oscar protocol plugin
 * This file is the legal property of its developers.
 * Please see the AUTHORS file distributed alongside this file.
 *
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
 * version 2 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with this library; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02111-1301  USA
*/

/*
 * Family 0x0001 - This is a very special group.  All connections support
 * this group, as it does some particularly good things (like rate limiting).
 */

#include "oscar.h"

#include "cipher.h"

/*
 * Each time we make a FLAP connection to an oscar server the server gives
 * us a list of rate classes.  Each rate class has different properties for
 * how frequently we can send SNACs in that rate class before we become
 * throttled or disconnected.
 *
 * The server also gives us a list of every available SNAC and tells us which
 * rate class it's in.  There are a lot of different SNACs, so this list can be
 * fairly large.  One important characteristic of these rate classes is that
 * currently (and since at least 2004) most SNACs are in the same rate class.
 *
 * One optimization we can do to save memory is to only keep track of SNACs
 * that are in classes other than this default rate class.  So if we try to
 * look up a SNAC and it's not in our hash table then we can assume that it's
 * in the default rate class.
 */
#define OSCAR_DEFAULT_RATECLASS 1

/* Subtype 0x0002 - Client Online */
void
aim_srv_clientready(OscarData *od, FlapConnection *conn)
{
	ByteStream bs;
	aim_snacid_t snacid;
	GSList *cur;

	byte_stream_new(&bs, 1142);

	/*
	 * Send only the tool versions that the server cares about (that it
	 * marked as supporting in the server ready SNAC).
	 */
	for (cur = conn->groups; cur != NULL; cur = cur->next)
	{
		aim_module_t *mod;

		if ((mod = aim__findmodulebygroup(od, GPOINTER_TO_UINT(cur->data))))
		{
			byte_stream_put16(&bs, mod->family);
			byte_stream_put16(&bs, mod->version);
			byte_stream_put16(&bs, mod->toolid);
			byte_stream_put16(&bs, mod->toolversion);
		}
	}

	snacid = aim_cachesnac(od, SNAC_FAMILY_OSERVICE, 0x0002, 0x0000, NULL, 0);
	flap_connection_send_snac(od, conn, SNAC_FAMILY_OSERVICE, 0x0002, snacid, &bs);

	byte_stream_destroy(&bs);
}

/*
 * Subtype 0x0003 - Host Online
 *
 * See comments in conn.c about how the group associations are supposed
 * to work, and how they really work.
 *
 * This info probably doesn't even need to make it to the client.
 *
 * We don't actually call the client here.  This starts off the connection
 * initialization routine required by all AIM connections.  The next time
 * the client is called is the CONNINITDONE callback, which should be
 * shortly after the rate information is acknowledged.
 *
 */
static int
hostonline(OscarData *od, FlapConnection *conn, aim_module_t *mod, FlapFrame *frame, aim_modsnac_t *snac, ByteStream *bs)
{
	int group;

	while (byte_stream_bytes_left(bs))
	{
		group = byte_stream_get16(bs);
		conn->groups = g_slist_prepend(conn->groups, GUINT_TO_POINTER(group));
	}

	/*
	 * Next step is in the Host Versions handler.
	 *
	 * Note that we must send this before we request rates, since
	 * the format of the rate information depends on the versions we
	 * give it.
	 *
	 */
	aim_srv_setversions(od, conn);

	return 1;
}

/* Subtype 0x0004 - Service request */
void
aim_srv_requestnew(OscarData *od, guint16 serviceid)
{
	FlapConnection *conn;
	ByteStream bs;
	aim_snacid_t snacid;
	GSList *tlvlist = NULL;

	conn = flap_connection_findbygroup(od, SNAC_FAMILY_BOS);
	if(!conn)
		return;

	byte_stream_new(&bs, 6);

	byte_stream_put16(&bs, serviceid);

	if (od->use_ssl)
		/* Request SSL Connection */
		aim_tlvlist_add_noval(&tlvlist, 0x008c);

	aim_tlvlist_write(&bs, &tlvlist);
	aim_tlvlist_free(tlvlist);

	snacid = aim_cachesnac(od, SNAC_FAMILY_OSERVICE, 0x0004, 0x0000, NULL, 0);
	flap_connection_send_snac(od, conn, SNAC_FAMILY_OSERVICE, 0x0004, snacid, &bs);

	byte_stream_destroy(&bs);
}

/*
 * Join a room of name roomname.  This is the first step to joining an
 * already created room.  It's basically a Service Request for
 * family 0x000e, with a little added on to specify the exchange and room
 * name.
 */
int
aim_chat_join(OscarData *od, guint16 exchange, const char *roomname, guint16 instance)
{
	FlapConnection *conn;
	ByteStream bs;
	aim_snacid_t snacid;
	GSList *tlvlist = NULL;
	struct chatsnacinfo csi;

	conn = flap_connection_findbygroup(od, SNAC_FAMILY_BOS);
	if (!conn || !roomname || roomname[0] == '\0')
		return -EINVAL;

	byte_stream_new(&bs, 506);

	memset(&csi, 0, sizeof(csi));
	csi.exchange = exchange;
	g_strlcpy(csi.name, roomname, sizeof(csi.name));
	csi.instance = instance;

	/*
	 * Requesting service chat (0x000e)
	 */
	byte_stream_put16(&bs, 0x000e);

	aim_tlvlist_add_chatroom(&tlvlist, 0x0001, exchange, roomname, instance);

	if (od->use_ssl)
		/* Request SSL Connection */
		aim_tlvlist_add_noval(&tlvlist, 0x008c);

	aim_tlvlist_write(&bs, &tlvlist);
	aim_tlvlist_free(tlvlist);

	snacid = aim_cachesnac(od, SNAC_FAMILY_OSERVICE, 0x0004, 0x0000, &csi, sizeof(csi));
	flap_connection_send_snac(od, conn, SNAC_FAMILY_OSERVICE, 0x0004, snacid, &bs);

	byte_stream_destroy(&bs);

	return 0;
}

/* Subtype 0x0005 - Redirect */
static int
redirect(OscarData *od, FlapConnection *conn, aim_module_t *mod, FlapFrame *frame, aim_modsnac_t *snac, ByteStream *bs)
{
	struct aim_redirect_data redir;
	aim_rxcallback_t userfunc;
	GSList *tlvlist;
	aim_snac_t *origsnac = NULL;
	int ret = 0;

	memset(&redir, 0, sizeof(redir));

	tlvlist = aim_tlvlist_read(bs);

	if (!aim_tlv_gettlv(tlvlist, 0x000d, 1) ||
			!aim_tlv_gettlv(tlvlist, 0x0005, 1) ||
			!aim_tlv_gettlv(tlvlist, 0x0006, 1)) {
		aim_tlvlist_free(tlvlist);
		return 0;
	}

	redir.group = aim_tlv_get16(tlvlist, 0x000d, 1);
	redir.ip = aim_tlv_getstr(tlvlist, 0x0005, 1);
	redir.cookielen = aim_tlv_gettlv(tlvlist, 0x0006, 1)->length;
	redir.cookie = (guchar *)aim_tlv_getstr(tlvlist, 0x0006, 1);
	redir.ssl_cert_cn = aim_tlv_getstr(tlvlist, 0x008d, 1);
	redir.use_ssl = aim_tlv_get8(tlvlist, 0x008e, 1);

	/* Fetch original SNAC so we can get csi if needed */
	origsnac = aim_remsnac(od, snac->id);

	if ((redir.group == SNAC_FAMILY_CHAT) && origsnac) {
		struct chatsnacinfo *csi = (struct chatsnacinfo *)origsnac->data;

		redir.chat.exchange = csi->exchange;
		redir.chat.room = csi->name;
		redir.chat.instance = csi->instance;
	}

	if ((userfunc = aim_callhandler(od, snac->family, snac->subtype)))
		ret = userfunc(od, conn, frame, &redir);

	g_free((void *)redir.ip);
	g_free((void *)redir.cookie);
	g_free((void *)redir.ssl_cert_cn);

	if (origsnac)
		g_free(origsnac->data);
	g_free(origsnac);

	aim_tlvlist_free(tlvlist);

	return ret;
}

/* Subtype 0x0006 - Request Rate Information. */
void
aim_srv_reqrates(OscarData *od, FlapConnection *conn)
{
	aim_genericreq_n_snacid(od, conn, SNAC_FAMILY_OSERVICE, 0x0006);
}

/*
 * OSCAR defines several 'rate classes'.  Each class has separate
 * rate limiting properties (limit level, alert level, disconnect
 * level, etc), and a set of SNAC family/type pairs associated with
 * it.  The rate classes, their limiting properties, and the definitions
 * of which SNACs belong to which class are defined in the
 * Rate Response packet at login to each host.
 *
 * Logically, all rate offenses within one class count against further
 * offenses for other SNACs in the same class (ie, sending messages
 * too fast will limit the number of user info requests you can send,
 * since those two SNACs are in the same rate class).
 *
 * Since the rate classes are defined dynamically at login, the values
 * below may change. But they seem to be fairly constant.
 *
 * Currently, BOS defines five rate classes, with the commonly used
 * members as follows...
 *
 *  Rate class 0x0001:
 *	- Everything thats not in any of the other classes
 *
 *  Rate class 0x0002:
 *	- Buddy list add/remove
 *	- Permit list add/remove
 *	- Deny list add/remove
 *
 *  Rate class 0x0003:
 *	- User information requests
 *	- Outgoing ICBMs
 *
 *  Rate class 0x0004:
 *	- A few unknowns: 2/9, 2/b, and f/2
 *
 *  Rate class 0x0005:
 *	- Chat room create
 *	- Outgoing chat ICBMs
 *
 * The only other thing of note is that class 5 (chat) has slightly looser
 * limiting properties than class 3 (normal messages).  But thats just a
 * small bit of trivia for you.
 *
 * The last thing that needs to be learned about the rate limiting
 * system is how the actual numbers relate to the passing of time.  This
 * seems to be a big mystery.
 *
 * See joscar's javadoc for the RateClassInfo class for a great
 * explanation.  You might be able to find it at
 * http://dscoder.com/RateClassInfo.html
 */

static struct rateclass *
rateclass_find(GSList *rateclasses, guint16 id)
{
	GSList *tmp;

	for (tmp = rateclasses; tmp != NULL; tmp = tmp->next)
	{
		struct rateclass *rateclass;
		rateclass = tmp->data;
		if (rateclass->classid == id)
			return rateclass;
	}

	return NULL;
}

/* Subtype 0x0007 - Rate Parameters */
static int
rateresp(OscarData *od, FlapConnection *conn, aim_module_t *mod, FlapFrame *frame, aim_modsnac_t *snac, ByteStream *bs)
{
	guint16 numclasses, i;
	aim_rxcallback_t userfunc;

	/*
	 * First are the parameters for each rate class.
	 */
	numclasses = byte_stream_get16(bs);
	for (i = 0; i < numclasses; i++)
	{
		struct rateclass *rateclass;
		guint32 delta;
		struct timeval now;

		gettimeofday(&now, NULL);
		rateclass = g_new(struct rateclass, 1);

		rateclass->classid = byte_stream_get16(bs);
		rateclass->windowsize = byte_stream_get32(bs);
		rateclass->clear = byte_stream_get32(bs);
		rateclass->alert = byte_stream_get32(bs);
		rateclass->limit = byte_stream_get32(bs);
		rateclass->disconnect = byte_stream_get32(bs);
		rateclass->current = byte_stream_get32(bs);
		rateclass->max = byte_stream_get32(bs);
		if (mod->version >= 3) {
			delta = byte_stream_get32(bs);
			rateclass->dropping_snacs = byte_stream_get8(bs);
		} else {
			delta = 0;
			rateclass->dropping_snacs = 0;
		}

		rateclass->last.tv_sec = now.tv_sec - delta / 1000;
		rateclass->last.tv_usec = now.tv_usec - (delta % 1000) * 1000;

		conn->rateclasses = g_slist_prepend(conn->rateclasses, rateclass);

		if (rateclass->classid == OSCAR_DEFAULT_RATECLASS)
			conn->default_rateclass = rateclass;
	}
	conn->rateclasses = g_slist_reverse(conn->rateclasses);

	/*
	 * Then the members of each class.
	 */
	for (i = 0; i < numclasses; i++)
	{
		guint16 classid, count;
		struct rateclass *rateclass;
		int j;

		classid = byte_stream_get16(bs);
		count = byte_stream_get16(bs);

		if (classid == OSCAR_DEFAULT_RATECLASS) {
			/*
			 * Don't bother adding these SNACs to the hash table.  See the
			 * comment for OSCAR_DEFAULT_RATECLASS at the top of this file.
			 */
			byte_stream_advance(bs, 4 * count);
			continue;
		}

		rateclass = rateclass_find(conn->rateclasses, classid);

		for (j = 0; j < count; j++)
		{
			guint16 group, subtype;

			group = byte_stream_get16(bs);
			subtype = byte_stream_get16(bs);

			if (rateclass != NULL)
				g_hash_table_insert(conn->rateclass_members,
						GUINT_TO_POINTER((group << 16) + subtype),
						rateclass);
		}
	}

	/*
	 * We don't pass the rate information up to the client, as it really
	 * doesn't care.  The information is stored in the connection, however
	 * so that we can do rate limiting management when sending SNACs.
	 */

	/*
	 * Subscribe to rate change information for all rate classes.
	 */
	aim_srv_rates_addparam(od, conn);

	/*
	 * Finally, tell the client it's ready to go...
	 */
	if ((userfunc = aim_callhandler(od, AIM_CB_FAM_SPECIAL, AIM_CB_SPECIAL_CONNINITDONE)))
		userfunc(od, conn, frame);

	return 1;
}

/* Subtype 0x0008 - Add Rate Parameter */
void
aim_srv_rates_addparam(OscarData *od, FlapConnection *conn)
{
	ByteStream bs;
	aim_snacid_t snacid;
	GSList *tmp;

	byte_stream_new(&bs, 502);

	for (tmp = conn->rateclasses; tmp != NULL; tmp = tmp->next)
	{
		struct rateclass *rateclass;
		rateclass = tmp->data;
		byte_stream_put16(&bs, rateclass->classid);
	}

	snacid = aim_cachesnac(od, SNAC_FAMILY_OSERVICE, 0x0008, 0x0000, NULL, 0);
	flap_connection_send_snac(od, conn, SNAC_FAMILY_OSERVICE, 0x0008, snacid, &bs);

	byte_stream_destroy(&bs);
}

/* Subtype 0x000a - Rate Change */
static int
ratechange(OscarData *od, FlapConnection *conn, aim_module_t *mod, FlapFrame *frame, aim_modsnac_t *snac, ByteStream *bs)
{
	guint16 code, classid;
	struct rateclass *rateclass;
	guint32 delta;
	struct timeval now;
	static const char *codes[5] = {
		"invalid",
		"change",
		"warning",
		"limit",
		"limit cleared",
	};

	gettimeofday(&now, NULL);
	code = byte_stream_get16(bs);
	classid = byte_stream_get16(bs);

	rateclass = rateclass_find(conn->rateclasses, classid);
	if (rateclass == NULL)
		/* This should never really happen */
		return 0;

	rateclass->windowsize = byte_stream_get32(bs);
	rateclass->clear = byte_stream_get32(bs);
	rateclass->alert = byte_stream_get32(bs);
	rateclass->limit = byte_stream_get32(bs);
	rateclass->disconnect = byte_stream_get32(bs);
	rateclass->current = byte_stream_get32(bs);
	rateclass->max = byte_stream_get32(bs);
	if (mod->version >= 3) {
		delta = byte_stream_get32(bs);
		rateclass->dropping_snacs = byte_stream_get8(bs);
	} else {
		delta = 0;
		rateclass->dropping_snacs = 0;
	}

	rateclass->last.tv_sec = now.tv_sec - delta / 1000;
	rateclass->last.tv_usec = now.tv_usec - (delta % 1000) * 1000;

	purple_debug_misc("oscar", "rate %s (param ID 0x%04hx): curavg = %u, "
			"maxavg = %u, alert at %u, clear warning at %u, limit at %u, "
			"disconnect at %u, delta is %u, dropping is %u (window size = %u)\n",
			(code < 5) ? codes[code] : codes[0], rateclass->classid,
			rateclass->current, rateclass->max, rateclass->alert,
			rateclass->clear, rateclass->limit, rateclass->disconnect,
			delta, rateclass->dropping_snacs, rateclass->windowsize);

	if (code == AIM_RATE_CODE_LIMIT) {
		purple_debug_warning("oscar",  "The last action you attempted "
				"could not be performed because you are over the rate "
				"limit. Please wait 10 seconds and try again.\n");
	}

	return 1;
}

/*
 * How Migrations work.
 *
 * The server sends a Server Pause message, which the client should respond to
 * with a Server Pause Ack, which contains the families it needs on this
 * connection. The server will send a Migration Notice with an IP address, and
 * then disconnect. Next the client should open the connection and send the
 * cookie.  Repeat the normal login process and pretend this never happened.
 *
 * The Server Pause contains no data.
 *
 */

/* Subtype 0x000b - Service Pause */
static int
serverpause(OscarData *od, FlapConnection *conn, aim_module_t *mod, FlapFrame *frame, aim_modsnac_t *snac, ByteStream *bs)
{
	int ret = 0;
	aim_rxcallback_t userfunc;

	if ((userfunc = aim_callhandler(od, snac->family, snac->subtype)))
		ret = userfunc(od, conn, frame);

	return ret;
}

/* Subtype 0x000d - Service Resume */
static int
serverresume(OscarData *od, FlapConnection *conn, aim_module_t *mod, FlapFrame *frame, aim_modsnac_t *snac, ByteStream *bs)
{
	int ret = 0;
	aim_rxcallback_t userfunc;

	if ((userfunc = aim_callhandler(od, snac->family, snac->subtype)))
		ret = userfunc(od, conn, frame);

	return ret;
}

/* Subtype 0x000e - Request self-info */
void
aim_srv_reqpersonalinfo(OscarData *od, FlapConnection *conn)
{
	aim_genericreq_n_snacid(od, conn, SNAC_FAMILY_OSERVICE, 0x000e);
}

/* Subtype 0x000f - Self User Info */
static int
selfinfo(OscarData *od, FlapConnection *conn, aim_module_t *mod, FlapFrame *frame, aim_modsnac_t *snac, ByteStream *bs)
{
	int ret = 0;
	aim_rxcallback_t userfunc;
	aim_userinfo_t userinfo;

	aim_info_extract(od, bs, &userinfo);

	if ((userfunc = aim_callhandler(od, snac->family, snac->subtype)))
		ret = userfunc(od, conn, frame, &userinfo);

	aim_info_free(&userinfo);

	return ret;
}

/* Subtype 0x0010 - Evil Notification */
static int
evilnotify(OscarData *od, FlapConnection *conn, aim_module_t *mod, FlapFrame *frame, aim_modsnac_t *snac, ByteStream *bs)
{
	int ret = 0;
	aim_rxcallback_t userfunc;
	guint16 newevil;
	aim_userinfo_t userinfo;

	memset(&userinfo, 0, sizeof(aim_userinfo_t));

	newevil = byte_stream_get16(bs);

	if (byte_stream_bytes_left(bs))
		aim_info_extract(od, bs, &userinfo);

	if ((userfunc = aim_callhandler(od, snac->family, snac->subtype)))
		ret = userfunc(od, conn, frame, newevil, &userinfo);

	aim_info_free(&userinfo);

	return ret;
}

/*
 * Subtype 0x0011 - Idle Notification
 *
 * Should set your current idle time in seconds.  Note that this should
 * never be called consecutively with a non-zero idle time.  That makes
 * OSCAR do funny things.  Instead, just set it once you go idle, and then
 * call it again with zero when you're back.
 *
 */
void
aim_srv_setidle(OscarData *od, guint32 idletime)
{
	FlapConnection *conn;

	conn = flap_connection_findbygroup(od, SNAC_FAMILY_BOS);
	if(!conn)
		return;

	aim_genericreq_l(od, conn, SNAC_FAMILY_OSERVICE, 0x0011, &idletime);
}

/*
 * Subtype 0x0012 - Service Migrate
 *
 * This is the final SNAC sent on the original connection during a migration.
 * It contains the IP and cookie used to connect to the new server, and
 * optionally a list of the SNAC groups being migrated.
 *
 */
static int
migrate(OscarData *od, FlapConnection *conn, aim_module_t *mod, FlapFrame *frame, aim_modsnac_t *snac, ByteStream *bs)
{
	aim_rxcallback_t userfunc;
	int ret = 0;
	guint16 groupcount, i;
	GSList *tlvlist;
	char *ip = NULL;
	aim_tlv_t *cktlv;

	/*
	 * Apparently there's some fun stuff that can happen right here. The
	 * migration can actually be quite selective about what groups it
	 * moves to the new server.  When not all the groups for a connection
	 * are migrated, or they are all migrated but some groups are moved
	 * to a different server than others, it is called a bifurcated
	 * migration.
	 *
	 * Let's play dumb and not support that.
	 *
	 */
	groupcount = byte_stream_get16(bs);
	for (i = 0; i < groupcount; i++) {
		guint16 group;

		group = byte_stream_get16(bs);

		purple_debug_misc("oscar", "bifurcated migration unsupported -- group 0x%04x\n", group);
	}

	tlvlist = aim_tlvlist_read(bs);

	if (aim_tlv_gettlv(tlvlist, 0x0005, 1))
		ip = aim_tlv_getstr(tlvlist, 0x0005, 1);

	cktlv = aim_tlv_gettlv(tlvlist, 0x0006, 1);

	if ((userfunc = aim_callhandler(od, snac->family, snac->subtype)))
		ret = userfunc(od, conn, frame, ip, cktlv ? cktlv->value : NULL);

	aim_tlvlist_free(tlvlist);
	g_free(ip);

	return ret;
}

/* Subtype 0x0013 - Message of the Day */
static int
motd(OscarData *od, FlapConnection *conn, aim_module_t *mod, FlapFrame *frame, aim_modsnac_t *snac, ByteStream *bs)
{
	aim_rxcallback_t userfunc;
	char *msg = NULL;
	int ret = 0;
	GSList *tlvlist;
	guint16 id;

	/*
	 * Code.
	 *
	 * Valid values:
	 *   1 Mandatory upgrade
	 *   2 Advisory upgrade
	 *   3 System bulletin
	 *   4 Nothing's wrong ("top o the world" -- normal)
	 *   5 Lets-break-something.
	 *
	 */
	id = byte_stream_get16(bs);

	/*
	 * TLVs follow
	 */
	tlvlist = aim_tlvlist_read(bs);

	msg = aim_tlv_getstr(tlvlist, 0x000b, 1);

	if ((userfunc = aim_callhandler(od, snac->family, snac->subtype)))
		ret = userfunc(od, conn, frame, id, msg);

	g_free(msg);

	aim_tlvlist_free(tlvlist);

	return ret;
}

/*
 * Subtype 0x0017 - Set client versions
 *
 * If you've seen the clientonline/clientready SNAC you're probably
 * wondering what the point of this one is.  And that point seems to be
 * that the versions in the client online SNAC are sent too late for the
 * server to be able to use them to change the protocol for the earlier
 * login packets (client versions are sent right after Host Online is
 * received, but client online versions aren't sent until quite a bit later).
 * We can see them already making use of this by changing the format of
 * the rate information based on what version of group 1 we advertise here.
 *
 */
void
aim_srv_setversions(OscarData *od, FlapConnection *conn)
{
	ByteStream bs;
	aim_snacid_t snacid;
	GSList *cur;

	byte_stream_new(&bs, 1142);

	/*
	 * Send only the versions that the server cares about (that it
	 * marked as supporting in the server ready SNAC).
	 */
	for (cur = conn->groups; cur != NULL; cur = cur->next)
	{
		aim_module_t *mod;

		if ((mod = aim__findmodulebygroup(od, GPOINTER_TO_UINT(cur->data))))
		{
			byte_stream_put16(&bs, mod->family);
			byte_stream_put16(&bs, mod->version);
		}
	}

	snacid = aim_cachesnac(od, SNAC_FAMILY_OSERVICE, 0x0017, 0x0000, NULL, 0);
	flap_connection_send_snac(od, conn, SNAC_FAMILY_OSERVICE, 0x0017, snacid, &bs);

	byte_stream_destroy(&bs);
}

/* Subtype 0x0018 - Host versions */
static int
hostversions(OscarData *od, FlapConnection *conn, aim_module_t *mod, FlapFrame *frame, aim_modsnac_t *snac, ByteStream *bs)
{
	int vercount;
	guint8 *versions;

	/* This is frivolous. (Thank you SmarterChild.) */
	vercount = byte_stream_bytes_left(bs)/4;
	versions = byte_stream_getraw(bs, byte_stream_bytes_left(bs));
	g_free(versions);

	/*
	 * Now request rates.
	 */
	aim_srv_reqrates(od, conn);

	return 1;
}

/**
 * Subtype 0x001e - Extended Status/Extra Info.
 *
 * These settings are transient, not server-stored (i.e. they only
 * apply to this session, and must be re-set the next time you sign
 * on).
 *
 * You can set your ICQ status (available, away, do not disturb,
 * etc.), or whether your IP address should be hidden or not, or
 * if your status is visible on ICQ web sites, and you can set
 * your IP address info and what not.
 *
 * You can also set your "available" message.  This is currently
 * only supported by iChat, Purple and other 3rd party clients.
 *
 * These are the same TLVs seen in user info.  You can
 * also set 0x0008 and 0x000c.
 */
int
aim_srv_setextrainfo(OscarData *od,
		gboolean seticqstatus, guint32 icqstatus,
		gboolean setstatusmsg, const char *statusmsg, const char *itmsurl)
{
	FlapConnection *conn;
	ByteStream bs;
	aim_snacid_t snacid;
	GSList *tlvlist = NULL;

	if (!od || !(conn = flap_connection_findbygroup(od, SNAC_FAMILY_ICBM)))
		return -EINVAL;

	if (seticqstatus)
	{
		aim_tlvlist_add_32(&tlvlist, 0x0006, icqstatus |
				AIM_ICQ_STATE_HIDEIP | AIM_ICQ_STATE_DIRECTREQUIREAUTH);
	}

	if (setstatusmsg)
	{
		size_t statusmsglen, itmsurllen;
		ByteStream tmpbs;

		statusmsglen = (statusmsg != NULL) ? strlen(statusmsg) : 0;
		itmsurllen = (itmsurl != NULL) ? strlen(itmsurl) : 0;

		byte_stream_new(&tmpbs, statusmsglen + 8 + itmsurllen + 8);
		byte_stream_put_bart_asset_str(&tmpbs, 0x0002, statusmsg);
		byte_stream_put_bart_asset_str(&tmpbs, 0x0009, itmsurl);

		aim_tlvlist_add_raw(&tlvlist, 0x001d,
				byte_stream_curpos(&tmpbs), tmpbs.data);
		byte_stream_destroy(&tmpbs);
	}

	byte_stream_new(&bs, aim_tlvlist_size(tlvlist));

	aim_tlvlist_write(&bs, &tlvlist);
	aim_tlvlist_free(tlvlist);

	snacid = aim_cachesnac(od, SNAC_FAMILY_OSERVICE, 0x001e, 0x0000, NULL, 0);
	flap_connection_send_snac(od, conn, SNAC_FAMILY_OSERVICE, 0x001e, snacid, &bs);

	byte_stream_destroy(&bs);

	return 0;
}

/* Send dummy DC (direct connect) information to the server.
 * Direct connect is ICQ's counterpart for AIM's DirectIM,
 * as far as I can tell. Anyway, we don't support it;
 * the reason to send this packet is that some clients
 * (Miranda, QIP) won't send us channel 2 ICBM messages
 * unless we specify DC version >= 8.
 *
 * See #12044 for more information.
 */
void
aim_srv_set_dc_info(OscarData *od)
{
	ByteStream bs, tlv0c;
	aim_snacid_t snacid;
	GSList *tlvlist = NULL;

	/* http://iserverd.khstu.ru/oscar/snac_01_1e.html has a nice analysis of what goes in 0xc tlv.
	 * Kopete sends a dummy DC info, too, so I just copied the values from them.
	 */
	byte_stream_new(&tlv0c, 4*2 + 1 + 2 + 4*6 + 2);
	byte_stream_put32(&tlv0c, 0x0);
	byte_stream_put32(&tlv0c, 0x0);
	byte_stream_put8(&tlv0c, 0x0); /* We don't support DC */
	byte_stream_put16(&tlv0c, 8); /* DC version */
	byte_stream_put32(&tlv0c, 0x0);
	byte_stream_put32(&tlv0c, 0x50);
	byte_stream_put32(&tlv0c, 0x3);
	byte_stream_put32(&tlv0c, 0x0);
	byte_stream_put32(&tlv0c, 0x0);
	byte_stream_put32(&tlv0c, 0x0);
	byte_stream_put16(&tlv0c, 0x0);
	aim_tlvlist_add_raw(&tlvlist, 0x000c, byte_stream_curpos(&tlv0c), tlv0c.data);
	byte_stream_destroy(&tlv0c);

	byte_stream_new(&bs, aim_tlvlist_size(tlvlist));
	aim_tlvlist_write(&bs, &tlvlist);
	aim_tlvlist_free(tlvlist);

	snacid = aim_cachesnac(od, SNAC_FAMILY_OSERVICE, 0x001e, 0x0000, NULL, 0);
	flap_connection_send_snac(od, flap_connection_findbygroup(od, SNAC_FAMILY_ICBM), SNAC_FAMILY_OSERVICE, 0x001e, snacid, &bs);

	byte_stream_destroy(&bs);
}

/**
 * Starting this past week (26 Mar 2001, say), AOL has started sending
 * this nice little extra SNAC.  AFAIK, it has never been used until now.
 *
 * The request contains eight bytes.  The first four are an offset, the
 * second four are a length.
 *
 * The offset is an offset into aim.exe when it is mapped during execution
 * on Win32.  So far, AOL has only been requesting bytes in static regions
 * of memory.  (I won't put it past them to start requesting data in
 * less static regions -- regions that are initialized at run time, but still
 * before the client receives this request.)
 *
 * When the client receives the request, it adds it to the current ds
 * (0x00400000) and dereferences it, copying the data into a buffer which
 * it then runs directly through the MD5 hasher.  The 16 byte output of
 * the hash is then sent back to the server.
 *
 * If the client does not send any data back, or the data does not match
 * the data that the specific client should have, the client will get the
 * following message from "AOL Instant Messenger":
 *    "You have been disconnected from the AOL Instant Message Service (SM)
 *     for accessing the AOL network using unauthorized software.  You can
 *     download a FREE, fully featured, and authorized client, here
 *     http://www.aol.com/aim/download2.html"
 * The connection is then closed, receiving disconnect code 1, URL
 * http://www.aim.aol.com/errors/USER_LOGGED_OFF_NEW_LOGIN.html.
 *
 * Note, however, that numerous inconsistencies can cause the above error,
 * not just sending back a bad hash.  Do not immediatly suspect this code
 * if you get disconnected.  AOL and the open/free software community have
 * played this game for a couple years now, generating the above message
 * on numerous ocassions.
 *
 * Anyway, neener.  We win again.
 *
 */
/* Subtype 0x001f - Client verification */
static int
memrequest(OscarData *od, FlapConnection *conn, aim_module_t *mod, FlapFrame *frame, aim_modsnac_t *snac, ByteStream *bs)
{
	int ret = 0;
	aim_rxcallback_t userfunc;
	guint32 offset, len;
	GSList *tlvlist;
	char *modname;

	offset = byte_stream_get32(bs);
	len = byte_stream_get32(bs);
	tlvlist = aim_tlvlist_read(bs);

	modname = aim_tlv_getstr(tlvlist, 0x0001, 1);

	purple_debug_info("oscar", "Got memory request for data at 0x%08x (%u bytes) of requested %s\n", offset, len, modname ? modname : "aim.exe");

	if ((userfunc = aim_callhandler(od, snac->family, snac->subtype)))
		ret = userfunc(od, conn, frame, offset, len, modname);

	g_free(modname);
	aim_tlvlist_free(tlvlist);

	return ret;
}

/* Subtype 0x0020 - Client verification reply */
int
aim_sendmemblock(OscarData *od, FlapConnection *conn, guint32 offset, guint32 len, const guint8 *buf, guint8 flag)
{
	ByteStream bs;
	aim_snacid_t snacid;

	if (!od || !conn)
		return -EINVAL;

	byte_stream_new(&bs, 2+16);

	byte_stream_put16(&bs, 0x0010); /* md5 is always 16 bytes */

	if ((flag == AIM_SENDMEMBLOCK_FLAG_ISHASH) && buf && (len == 0x10)) { /* we're getting a hash */

		byte_stream_putraw(&bs, buf, 0x10);

	} else if (buf && (len > 0)) { /* use input buffer */
		PurpleCipherContext *context;
		guchar digest[16];

		context = purple_cipher_context_new_by_name("md5", NULL);
		purple_cipher_context_append(context, buf, len);
		purple_cipher_context_digest(context, 16, digest, NULL);
		purple_cipher_context_destroy(context);

		byte_stream_putraw(&bs, digest, 0x10);

	} else if (len == 0) { /* no length, just hash NULL (buf is optional) */
		PurpleCipherContext *context;
		guchar digest[16];
		guint8 nil = '\0';

		/*
		 * I'm not sure if we really need the empty append with the
		 * new MD5 functions, so I'll leave it in, just in case.
		 */
		context = purple_cipher_context_new_by_name("md5", NULL);
		purple_cipher_context_append(context, &nil, 0);
		purple_cipher_context_digest(context, 16, digest, NULL);
		purple_cipher_context_destroy(context);

		byte_stream_putraw(&bs, digest, 0x10);

	} else {

		/*
		 * This data is correct for AIM 3.5.1670.
		 *
		 * Using these blocks is as close to "legal" as you can get
		 * without using an AIM binary.
		 *
		 */
		if ((offset == 0x03ffffff) && (len == 0x03ffffff)) {

#if 1 /* with "AnrbnrAqhfzcd" */
			byte_stream_put32(&bs, 0x44a95d26);
			byte_stream_put32(&bs, 0xd2490423);
			byte_stream_put32(&bs, 0x93b8821f);
			byte_stream_put32(&bs, 0x51c54b01);
#else /* no filename */
			byte_stream_put32(&bs, 0x1df8cbae);
			byte_stream_put32(&bs, 0x5523b839);
			byte_stream_put32(&bs, 0xa0e10db3);
			byte_stream_put32(&bs, 0xa46d3b39);
#endif

		} else
			purple_debug_warning("oscar", "sendmemblock: unknown hash request\n");

	}

	snacid = aim_cachesnac(od, SNAC_FAMILY_OSERVICE, 0x0020, 0x0000, NULL, 0);
	flap_connection_send_snac(od, conn, SNAC_FAMILY_OSERVICE, 0x0020, snacid, &bs);

	byte_stream_destroy(&bs);

	return 0;
}

/*
 * Subtype 0x0021 - Receive our extended status
 *
 * This is used for iChat's "available" messages, and maybe ICQ extended
 * status messages?  It's also used to tell the client whether or not it
 * needs to upload an SSI buddy icon... who engineers this stuff, anyway?
 */
static int
aim_parse_extstatus(OscarData *od, FlapConnection *conn, aim_module_t *mod, FlapFrame *frame, aim_modsnac_t *snac, ByteStream *bs)
{
	guint16 type = byte_stream_get16(bs);
	if (type == 0x0000 || type == 0x0001) {
		/* buddy icon checksum */
		/* not sure what the difference between 1 and 0 is */
		guint8 flags = byte_stream_get8(bs);
		guint8 length = byte_stream_get8(bs);
		guint8 *md5 = byte_stream_getraw(bs, length);

		if ((flags == 0x00) || (flags == 0x41)) {
			if (!flap_connection_getbytype(od, SNAC_FAMILY_BART) && !od->iconconnecting) {
				od->iconconnecting = TRUE;
				od->set_icon = TRUE;
				aim_srv_requestnew(od, SNAC_FAMILY_BART);
			} else {
				PurpleAccount *account = purple_connection_get_account(od->gc);
				PurpleStoredImage *img = purple_buddy_icons_find_account_icon(account);
				if (img == NULL) {
					aim_ssi_delicon(od);
				} else {

					purple_debug_info("oscar",
									"Uploading icon to icon server\n");
					aim_bart_upload(od, purple_imgstore_get_data(img),
							purple_imgstore_get_size(img));
					purple_imgstore_unref(img);
				}
			}
		} else if (flags == 0x81) {
			PurpleAccount *account = purple_connection_get_account(od->gc);
			PurpleStoredImage *img = purple_buddy_icons_find_account_icon(account);
			if (img == NULL)
				aim_ssi_delicon(od);
			else {
				aim_ssi_seticon(od, md5, length);
				purple_imgstore_unref(img);
			}
		}

		g_free(md5);
	}

	return 0;
}

static int
snachandler(OscarData *od, FlapConnection *conn, aim_module_t *mod, FlapFrame *frame, aim_modsnac_t *snac, ByteStream *bs)
{
	if (snac->subtype == 0x0003)
		return hostonline(od, conn, mod, frame, snac, bs);
	else if (snac->subtype == 0x0005)
		return redirect(od, conn, mod, frame, snac, bs);
	else if (snac->subtype == 0x0007)
		return rateresp(od, conn, mod, frame, snac, bs);
	else if (snac->subtype == 0x000a)
		return ratechange(od, conn, mod, frame, snac, bs);
	else if (snac->subtype == 0x000b)
		return serverpause(od, conn, mod, frame, snac, bs);
	else if (snac->subtype == 0x000d)
		return serverresume(od, conn, mod, frame, snac, bs);
	else if (snac->subtype == 0x000f)
		return selfinfo(od, conn, mod, frame, snac, bs);
	else if (snac->subtype == 0x0010)
		return evilnotify(od, conn, mod, frame, snac, bs);
	else if (snac->subtype == 0x0012)
		return migrate(od, conn, mod, frame, snac, bs);
	else if (snac->subtype == 0x0013)
		return motd(od, conn, mod, frame, snac, bs);
	else if (snac->subtype == 0x0018)
		return hostversions(od, conn, mod, frame, snac, bs);
	else if (snac->subtype == 0x001f)
		return memrequest(od, conn, mod, frame, snac, bs);
	else if (snac->subtype == 0x0021)
		return aim_parse_extstatus(od, conn, mod, frame, snac, bs);

	return 0;
}

int service_modfirst(OscarData *od, aim_module_t *mod)
{
	mod->family = SNAC_FAMILY_OSERVICE;
	mod->version = 0x0003;
	mod->toolid = 0x0110;
	mod->toolversion = 0x0629;
	mod->flags = 0;
	strncpy(mod->name, "oservice", sizeof(mod->name));
	mod->snachandler = snachandler;

	return 0;
}