view libpurple/protocols/oscar/family_oservice.c @ 25557:fbcb4088d923

Make sure that the chat room name is NUL-terminated when it is truncated or exactly 128 chars. This came out of the veracode analysis.
author Daniel Atallah <daniel.atallah@gmail.com>
date Sat, 02 May 2009 19:21:11 +0000
parents f6ef3a9534db
children c7ec8f3b39d3
line wrap: on
line source

/*
 * Purple's oscar protocol plugin
 * This file is the legal property of its developers.
 * Please see the AUTHORS file distributed alongside this file.
 *
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
 * version 2 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with this library; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02111-1301  USA
*/

/*
 * Family 0x0001 - This is a very special group.  All connections support
 * this group, as it does some particularly good things (like rate limiting).
 */

#include "oscar.h"

#include "cipher.h"

/* Subtype 0x0002 - Client Online */
void
aim_srv_clientready(OscarData *od, FlapConnection *conn)
{
	ByteStream bs;
	aim_snacid_t snacid;
	GSList *cur;

	byte_stream_new(&bs, 1142);

	/*
	 * Send only the tool versions that the server cares about (that it
	 * marked as supporting in the server ready SNAC).
	 */
	for (cur = conn->groups; cur != NULL; cur = cur->next)
	{
		aim_module_t *mod;

		if ((mod = aim__findmodulebygroup(od, GPOINTER_TO_UINT(cur->data))))
		{
			byte_stream_put16(&bs, mod->family);
			byte_stream_put16(&bs, mod->version);
			byte_stream_put16(&bs, mod->toolid);
			byte_stream_put16(&bs, mod->toolversion);
		}
	}

	snacid = aim_cachesnac(od, SNAC_FAMILY_OSERVICE, 0x0002, 0x0000, NULL, 0);
	flap_connection_send_snac(od, conn, SNAC_FAMILY_OSERVICE, 0x0002, 0x0000, snacid, &bs);

	byte_stream_destroy(&bs);
}

/*
 * Subtype 0x0003 - Host Online
 *
 * See comments in conn.c about how the group associations are supposed
 * to work, and how they really work.
 *
 * This info probably doesn't even need to make it to the client.
 *
 * We don't actually call the client here.  This starts off the connection
 * initialization routine required by all AIM connections.  The next time
 * the client is called is the CONNINITDONE callback, which should be
 * shortly after the rate information is acknowledged.
 *
 */
static int
hostonline(OscarData *od, FlapConnection *conn, aim_module_t *mod, FlapFrame *frame, aim_modsnac_t *snac, ByteStream *bs)
{
	int group;

	while (byte_stream_empty(bs))
	{
		group = byte_stream_get16(bs);
		conn->groups = g_slist_prepend(conn->groups, GUINT_TO_POINTER(group));
	}

	/*
	 * Next step is in the Host Versions handler.
	 *
	 * Note that we must send this before we request rates, since
	 * the format of the rate information depends on the versions we
	 * give it.
	 *
	 */
	aim_srv_setversions(od, conn);

	return 1;
}

/* Subtype 0x0004 - Service request */
void
aim_srv_requestnew(OscarData *od, guint16 serviceid)
{
	FlapConnection *conn;
	ByteStream bs;
	aim_snacid_t snacid;
	GSList *tlvlist = NULL;

	conn = flap_connection_findbygroup(od, SNAC_FAMILY_BOS);
	if(!conn)
		return;

	byte_stream_new(&bs, 6);

	byte_stream_put16(&bs, serviceid);

	if (od->use_ssl)
		/* Request SSL Connection */
		aim_tlvlist_add_noval(&tlvlist, 0x008c);

	aim_tlvlist_write(&bs, &tlvlist);
	aim_tlvlist_free(tlvlist);

	snacid = aim_cachesnac(od, SNAC_FAMILY_OSERVICE, 0x0004, 0x0000, NULL, 0);
	flap_connection_send_snac(od, conn, SNAC_FAMILY_OSERVICE, 0x0004, 0x0000, snacid, &bs);

	byte_stream_destroy(&bs);
}

/*
 * Join a room of name roomname.  This is the first step to joining an
 * already created room.  It's basically a Service Request for
 * family 0x000e, with a little added on to specify the exchange and room
 * name.
 */
int
aim_chat_join(OscarData *od, guint16 exchange, const char *roomname, guint16 instance)
{
	FlapConnection *conn;
	ByteStream bs;
	aim_snacid_t snacid;
	GSList *tlvlist = NULL;
	struct chatsnacinfo csi;

	conn = flap_connection_findbygroup(od, SNAC_FAMILY_BOS);
	if (!conn || !roomname || roomname[0] == '\0')
		return -EINVAL;

	byte_stream_new(&bs, 506);

	memset(&csi, 0, sizeof(csi));
	csi.exchange = exchange;
	strncpy(csi.name, roomname, sizeof(csi.name) - 1);
	csi.name[sizeof(csi.name) - 1] = '\0';
	csi.instance = instance;

	/*
	 * Requesting service chat (0x000e)
	 */
	byte_stream_put16(&bs, 0x000e);

	aim_tlvlist_add_chatroom(&tlvlist, 0x0001, exchange, roomname, instance);

	if (od->use_ssl)
		/* Request SSL Connection */
		aim_tlvlist_add_noval(&tlvlist, 0x008c);

	aim_tlvlist_write(&bs, &tlvlist);
	aim_tlvlist_free(tlvlist);

	snacid = aim_cachesnac(od, SNAC_FAMILY_OSERVICE, 0x0004, 0x0000, &csi, sizeof(csi));
	flap_connection_send_snac(od, conn, SNAC_FAMILY_OSERVICE, 0x0004, 0x0000, snacid, &bs);

	byte_stream_destroy(&bs);

	return 0;
}

/* Subtype 0x0005 - Redirect */
static int
redirect(OscarData *od, FlapConnection *conn, aim_module_t *mod, FlapFrame *frame, aim_modsnac_t *snac, ByteStream *bs)
{
	struct aim_redirect_data redir;
	aim_rxcallback_t userfunc;
	GSList *tlvlist;
	aim_snac_t *origsnac = NULL;
	int ret = 0;

	memset(&redir, 0, sizeof(redir));

	tlvlist = aim_tlvlist_read(bs);

	if (!aim_tlv_gettlv(tlvlist, 0x000d, 1) ||
			!aim_tlv_gettlv(tlvlist, 0x0005, 1) ||
			!aim_tlv_gettlv(tlvlist, 0x0006, 1)) {
		aim_tlvlist_free(tlvlist);
		return 0;
	}

	redir.group = aim_tlv_get16(tlvlist, 0x000d, 1);
	redir.ip = aim_tlv_getstr(tlvlist, 0x0005, 1);
	redir.cookielen = aim_tlv_gettlv(tlvlist, 0x0006, 1)->length;
	redir.cookie = (guchar *)aim_tlv_getstr(tlvlist, 0x0006, 1);
	redir.ssl_cert_cn = aim_tlv_getstr(tlvlist, 0x008d, 1);
	redir.use_ssl = aim_tlv_get8(tlvlist, 0x008e, 1);

	/* Fetch original SNAC so we can get csi if needed */
	origsnac = aim_remsnac(od, snac->id);

	if ((redir.group == SNAC_FAMILY_CHAT) && origsnac) {
		struct chatsnacinfo *csi = (struct chatsnacinfo *)origsnac->data;

		redir.chat.exchange = csi->exchange;
		redir.chat.room = csi->name;
		redir.chat.instance = csi->instance;
	}

	if ((userfunc = aim_callhandler(od, snac->family, snac->subtype)))
		ret = userfunc(od, conn, frame, &redir);

	g_free((void *)redir.ip);
	g_free((void *)redir.cookie);
	g_free((void *)redir.ssl_cert_cn);

	if (origsnac)
		g_free(origsnac->data);
	g_free(origsnac);

	aim_tlvlist_free(tlvlist);

	return ret;
}

/* Subtype 0x0006 - Request Rate Information. */
void
aim_srv_reqrates(OscarData *od, FlapConnection *conn)
{
	aim_genericreq_n_snacid(od, conn, SNAC_FAMILY_OSERVICE, 0x0006);
}

/*
 * OSCAR defines several 'rate classes'.  Each class has separate
 * rate limiting properties (limit level, alert level, disconnect
 * level, etc), and a set of SNAC family/type pairs associated with
 * it.  The rate classes, their limiting properties, and the definitions
 * of which SNACs belong to which class are defined in the
 * Rate Response packet at login to each host.
 *
 * Logically, all rate offenses within one class count against further
 * offenses for other SNACs in the same class (ie, sending messages
 * too fast will limit the number of user info requests you can send,
 * since those two SNACs are in the same rate class).
 *
 * Since the rate classes are defined dynamically at login, the values
 * below may change. But they seem to be fairly constant.
 *
 * Currently, BOS defines five rate classes, with the commonly used
 * members as follows...
 *
 *  Rate class 0x0001:
 *	- Everything thats not in any of the other classes
 *
 *  Rate class 0x0002:
 *	- Buddy list add/remove
 *	- Permit list add/remove
 *	- Deny list add/remove
 *
 *  Rate class 0x0003:
 *	- User information requests
 *	- Outgoing ICBMs
 *
 *  Rate class 0x0004:
 *	- A few unknowns: 2/9, 2/b, and f/2
 *
 *  Rate class 0x0005:
 *	- Chat room create
 *	- Outgoing chat ICBMs
 *
 * The only other thing of note is that class 5 (chat) has slightly looser
 * limiting properties than class 3 (normal messages).  But thats just a
 * small bit of trivia for you.
 *
 * The last thing that needs to be learned about the rate limiting
 * system is how the actual numbers relate to the passing of time.  This
 * seems to be a big mystery.
 *
 * See joscar's javadoc for the RateClassInfo class for a great
 * explanation.  You might be able to find it at
 * http://dscoder.com/RateClassInfo.html
 */

static struct rateclass *
rateclass_find(GSList *rateclasses, guint16 id)
{
	GSList *tmp;

	for (tmp = rateclasses; tmp != NULL; tmp = tmp->next)
	{
		struct rateclass *rateclass;
		rateclass = tmp->data;
		if (rateclass->classid == id)
			return rateclass;
	}

	return NULL;
}

/* Subtype 0x0007 - Rate Parameters */
static int
rateresp(OscarData *od, FlapConnection *conn, aim_module_t *mod, FlapFrame *frame, aim_modsnac_t *snac, ByteStream *bs)
{
	guint16 numclasses, i;
	aim_rxcallback_t userfunc;

	/*
	 * First are the parameters for each rate class.
	 */
	numclasses = byte_stream_get16(bs);
	for (i = 0; i < numclasses; i++)
	{
		struct rateclass *rateclass;

		rateclass = g_new0(struct rateclass, 1);

		rateclass->classid = byte_stream_get16(bs);
		rateclass->windowsize = byte_stream_get32(bs);
		rateclass->clear = byte_stream_get32(bs);
		rateclass->alert = byte_stream_get32(bs);
		rateclass->limit = byte_stream_get32(bs);
		rateclass->disconnect = byte_stream_get32(bs);
		rateclass->current = byte_stream_get32(bs);
		rateclass->max = byte_stream_get32(bs);

		/*
		 * The server will send an extra five bytes of parameters
		 * depending on the version we advertised in 1/17.  If we
		 * didn't send 1/17 (evil!), then this will crash and you
		 * die, as it will default to the old version but we have
		 * the new version hardcoded here.
		 */
		if (mod->version >= 3)
			byte_stream_getrawbuf(bs, rateclass->unknown, sizeof(rateclass->unknown));

		rateclass->members = g_hash_table_new(g_direct_hash, g_direct_equal);
		rateclass->last.tv_sec = 0;
		rateclass->last.tv_usec = 0;
		conn->rateclasses = g_slist_prepend(conn->rateclasses, rateclass);
	}
	conn->rateclasses = g_slist_reverse(conn->rateclasses);

	/*
	 * Then the members of each class.
	 */
	for (i = 0; i < numclasses; i++)
	{
		guint16 classid, count;
		struct rateclass *rateclass;
		int j;

		classid = byte_stream_get16(bs);
		count = byte_stream_get16(bs);

		rateclass = rateclass_find(conn->rateclasses, classid);

		for (j = 0; j < count; j++)
		{
			guint16 group, subtype;

			group = byte_stream_get16(bs);
			subtype = byte_stream_get16(bs);

			if (rateclass != NULL)
				g_hash_table_insert(rateclass->members,
						GUINT_TO_POINTER((group << 16) + subtype),
						GUINT_TO_POINTER(TRUE));
		}
	}

	/*
	 * We don't pass the rate information up to the client, as it really
	 * doesn't care.  The information is stored in the connection, however
	 * so that we can do rate limiting management when sending SNACs.
	 */

	/*
	 * Last step in the conn init procedure is to acknowledge that we
	 * agree to these draconian limitations.
	 */
	aim_srv_rates_addparam(od, conn);

	/*
	 * Finally, tell the client it's ready to go...
	 */
	if ((userfunc = aim_callhandler(od, AIM_CB_FAM_SPECIAL, AIM_CB_SPECIAL_CONNINITDONE)))
		userfunc(od, conn, frame);

	return 1;
}

/* Subtype 0x0008 - Add Rate Parameter */
void
aim_srv_rates_addparam(OscarData *od, FlapConnection *conn)
{
	ByteStream bs;
	aim_snacid_t snacid;
	GSList *tmp;

	byte_stream_new(&bs, 502);

	for (tmp = conn->rateclasses; tmp != NULL; tmp = tmp->next)
	{
		struct rateclass *rateclass;
		rateclass = tmp->data;
		byte_stream_put16(&bs, rateclass->classid);
	}

	snacid = aim_cachesnac(od, SNAC_FAMILY_OSERVICE, 0x0008, 0x0000, NULL, 0);
	flap_connection_send_snac(od, conn, SNAC_FAMILY_OSERVICE, 0x0008, 0x0000, snacid, &bs);

	byte_stream_destroy(&bs);
}

/* Subtype 0x0009 - Delete Rate Parameter */
void
aim_srv_rates_delparam(OscarData *od, FlapConnection *conn)
{
	ByteStream bs;
	aim_snacid_t snacid;
	GSList *tmp;

	byte_stream_new(&bs, 502);

	for (tmp = conn->rateclasses; tmp != NULL; tmp = tmp->next)
	{
		struct rateclass *rateclass;
		rateclass = tmp->data;
		byte_stream_put16(&bs, rateclass->classid);
	}

	snacid = aim_cachesnac(od, SNAC_FAMILY_OSERVICE, 0x0009, 0x0000, NULL, 0);
	flap_connection_send_snac(od, conn, SNAC_FAMILY_OSERVICE, 0x0009, 0x0000, snacid, &bs);

	byte_stream_destroy(&bs);
}

/* Subtype 0x000a - Rate Change */
static int
ratechange(OscarData *od, FlapConnection *conn, aim_module_t *mod, FlapFrame *frame, aim_modsnac_t *snac, ByteStream *bs)
{
	int ret = 0;
	aim_rxcallback_t userfunc;
	guint16 code, classid;
	struct rateclass *rateclass;

	code = byte_stream_get16(bs);
	classid = byte_stream_get16(bs);

	rateclass = rateclass_find(conn->rateclasses, classid);
	if (rateclass == NULL)
		/* This should never really happen */
		return 0;

	rateclass->windowsize = byte_stream_get32(bs);
	rateclass->clear = byte_stream_get32(bs);
	rateclass->alert = byte_stream_get32(bs);
	rateclass->limit = byte_stream_get32(bs);
	rateclass->disconnect = byte_stream_get32(bs);
	rateclass->current = byte_stream_get32(bs);
	rateclass->max = byte_stream_get32(bs);

	if ((userfunc = aim_callhandler(od, snac->family, snac->subtype)))
		ret = userfunc(od, conn, frame, code, classid, rateclass->windowsize, rateclass->clear, rateclass->alert, rateclass->limit, rateclass->disconnect, rateclass->current, rateclass->max);

	return ret;
}

/*
 * How Migrations work.
 *
 * The server sends a Server Pause message, which the client should respond to
 * with a Server Pause Ack, which contains the families it needs on this
 * connection. The server will send a Migration Notice with an IP address, and
 * then disconnect. Next the client should open the connection and send the
 * cookie.  Repeat the normal login process and pretend this never happened.
 *
 * The Server Pause contains no data.
 *
 */

/* Subtype 0x000b - Service Pause */
static int
serverpause(OscarData *od, FlapConnection *conn, aim_module_t *mod, FlapFrame *frame, aim_modsnac_t *snac, ByteStream *bs)
{
	int ret = 0;
	aim_rxcallback_t userfunc;

	if ((userfunc = aim_callhandler(od, snac->family, snac->subtype)))
		ret = userfunc(od, conn, frame);

	return ret;
}

/*
 * Subtype 0x000c - Service Pause Acknowledgement
 *
 * It is rather important that aim_srv_sendpauseack() gets called for the exact
 * same connection that the Server Pause callback was called for, since
 * libfaim extracts the data for the SNAC from the connection structure.
 *
 * Of course, if you don't do that, more bad things happen than just what
 * libfaim can cause.
 *
 */
void
aim_srv_sendpauseack(OscarData *od, FlapConnection *conn)
{
	ByteStream bs;
	aim_snacid_t snacid;
	GSList *cur;

	byte_stream_new(&bs, 1014);

	/*
	 * This list should have all the groups that the original
	 * Host Online / Server Ready said this host supports.  And
	 * we want them all back after the migration.
	 */
	for (cur = conn->groups; cur != NULL; cur = cur->next)
		byte_stream_put16(&bs, GPOINTER_TO_UINT(cur->data));

	snacid = aim_cachesnac(od, SNAC_FAMILY_OSERVICE, 0x000c, 0x0000, NULL, 0);
	flap_connection_send_snac(od, conn, SNAC_FAMILY_OSERVICE, 0x000c, 0x0000, snacid, &bs);

	byte_stream_destroy(&bs);
}

/* Subtype 0x000d - Service Resume */
static int
serverresume(OscarData *od, FlapConnection *conn, aim_module_t *mod, FlapFrame *frame, aim_modsnac_t *snac, ByteStream *bs)
{
	int ret = 0;
	aim_rxcallback_t userfunc;

	if ((userfunc = aim_callhandler(od, snac->family, snac->subtype)))
		ret = userfunc(od, conn, frame);

	return ret;
}

/* Subtype 0x000e - Request self-info */
void
aim_srv_reqpersonalinfo(OscarData *od, FlapConnection *conn)
{
	aim_genericreq_n_snacid(od, conn, SNAC_FAMILY_OSERVICE, 0x000e);
}

/* Subtype 0x000f - Self User Info */
static int
selfinfo(OscarData *od, FlapConnection *conn, aim_module_t *mod, FlapFrame *frame, aim_modsnac_t *snac, ByteStream *bs)
{
	int ret = 0;
	aim_rxcallback_t userfunc;
	aim_userinfo_t userinfo;

	aim_info_extract(od, bs, &userinfo);

	if ((userfunc = aim_callhandler(od, snac->family, snac->subtype)))
		ret = userfunc(od, conn, frame, &userinfo);

	aim_info_free(&userinfo);

	return ret;
}

/* Subtype 0x0010 - Evil Notification */
static int
evilnotify(OscarData *od, FlapConnection *conn, aim_module_t *mod, FlapFrame *frame, aim_modsnac_t *snac, ByteStream *bs)
{
	int ret = 0;
	aim_rxcallback_t userfunc;
	guint16 newevil;
	aim_userinfo_t userinfo;

	memset(&userinfo, 0, sizeof(aim_userinfo_t));

	newevil = byte_stream_get16(bs);

	if (byte_stream_empty(bs))
		aim_info_extract(od, bs, &userinfo);

	if ((userfunc = aim_callhandler(od, snac->family, snac->subtype)))
		ret = userfunc(od, conn, frame, newevil, &userinfo);

	aim_info_free(&userinfo);

	return ret;
}

/*
 * Subtype 0x0011 - Idle Notification
 *
 * Should set your current idle time in seconds.  Note that this should
 * never be called consecutively with a non-zero idle time.  That makes
 * OSCAR do funny things.  Instead, just set it once you go idle, and then
 * call it again with zero when you're back.
 *
 */
void
aim_srv_setidle(OscarData *od, guint32 idletime)
{
	FlapConnection *conn;

	conn = flap_connection_findbygroup(od, SNAC_FAMILY_BOS);
	if(!conn)
		return;

	aim_genericreq_l(od, conn, SNAC_FAMILY_OSERVICE, 0x0011, &idletime);
}

/*
 * Subtype 0x0012 - Service Migrate
 *
 * This is the final SNAC sent on the original connection during a migration.
 * It contains the IP and cookie used to connect to the new server, and
 * optionally a list of the SNAC groups being migrated.
 *
 */
static int
migrate(OscarData *od, FlapConnection *conn, aim_module_t *mod, FlapFrame *frame, aim_modsnac_t *snac, ByteStream *bs)
{
	aim_rxcallback_t userfunc;
	int ret = 0;
	guint16 groupcount, i;
	GSList *tlvlist;
	char *ip = NULL;
	aim_tlv_t *cktlv;

	/*
	 * Apparently there's some fun stuff that can happen right here. The
	 * migration can actually be quite selective about what groups it
	 * moves to the new server.  When not all the groups for a connection
	 * are migrated, or they are all migrated but some groups are moved
	 * to a different server than others, it is called a bifurcated
	 * migration.
	 *
	 * Let's play dumb and not support that.
	 *
	 */
	groupcount = byte_stream_get16(bs);
	for (i = 0; i < groupcount; i++) {
		guint16 group;

		group = byte_stream_get16(bs);

		purple_debug_misc("oscar", "bifurcated migration unsupported -- group 0x%04x\n", group);
	}

	tlvlist = aim_tlvlist_read(bs);

	if (aim_tlv_gettlv(tlvlist, 0x0005, 1))
		ip = aim_tlv_getstr(tlvlist, 0x0005, 1);

	cktlv = aim_tlv_gettlv(tlvlist, 0x0006, 1);

	if ((userfunc = aim_callhandler(od, snac->family, snac->subtype)))
		ret = userfunc(od, conn, frame, ip, cktlv ? cktlv->value : NULL);

	aim_tlvlist_free(tlvlist);
	g_free(ip);

	return ret;
}

/* Subtype 0x0013 - Message of the Day */
static int
motd(OscarData *od, FlapConnection *conn, aim_module_t *mod, FlapFrame *frame, aim_modsnac_t *snac, ByteStream *bs)
{
	aim_rxcallback_t userfunc;
	char *msg = NULL;
	int ret = 0;
	GSList *tlvlist;
	guint16 id;

	/*
	 * Code.
	 *
	 * Valid values:
	 *   1 Mandatory upgrade
	 *   2 Advisory upgrade
	 *   3 System bulletin
	 *   4 Nothing's wrong ("top o the world" -- normal)
	 *   5 Lets-break-something.
	 *
	 */
	id = byte_stream_get16(bs);

	/*
	 * TLVs follow
	 */
	tlvlist = aim_tlvlist_read(bs);

	msg = aim_tlv_getstr(tlvlist, 0x000b, 1);

	if ((userfunc = aim_callhandler(od, snac->family, snac->subtype)))
		ret = userfunc(od, conn, frame, id, msg);

	g_free(msg);

	aim_tlvlist_free(tlvlist);

	return ret;
}

/*
 * Subtype 0x0014 - Set privacy flags
 *
 * Normally 0x03.
 *
 *  Bit 1:  Allows other AIM users to see how long you've been idle.
 *  Bit 2:  Allows other AIM users to see how long you've been a member.
 *
 */
void
aim_srv_setprivacyflags(OscarData *od, FlapConnection *conn, guint32 flags)
{
	aim_genericreq_l(od, conn, SNAC_FAMILY_OSERVICE, 0x0014, &flags);
}

/*
 * Subtype 0x0016 - No-op
 *
 * WinAIM sends these every 4min or so to keep the connection alive.  Its not
 * really necessary.
 *
 * Wha?  No?  Since when?  I think WinAIM sends an empty channel 5
 * FLAP as a no-op...
 */
void
aim_srv_nop(OscarData *od, FlapConnection *conn)
{
	aim_genericreq_n(od, conn, SNAC_FAMILY_OSERVICE, 0x0016);
}

/*
 * Subtype 0x0017 - Set client versions
 *
 * If you've seen the clientonline/clientready SNAC you're probably
 * wondering what the point of this one is.  And that point seems to be
 * that the versions in the client online SNAC are sent too late for the
 * server to be able to use them to change the protocol for the earlier
 * login packets (client versions are sent right after Host Online is
 * received, but client online versions aren't sent until quite a bit later).
 * We can see them already making use of this by changing the format of
 * the rate information based on what version of group 1 we advertise here.
 *
 */
void
aim_srv_setversions(OscarData *od, FlapConnection *conn)
{
	ByteStream bs;
	aim_snacid_t snacid;
	GSList *cur;

	byte_stream_new(&bs, 1142);

	/*
	 * Send only the versions that the server cares about (that it
	 * marked as supporting in the server ready SNAC).
	 */
	for (cur = conn->groups; cur != NULL; cur = cur->next)
	{
		aim_module_t *mod;

		if ((mod = aim__findmodulebygroup(od, GPOINTER_TO_UINT(cur->data))))
		{
			byte_stream_put16(&bs, mod->family);
			byte_stream_put16(&bs, mod->version);
		}
	}

	snacid = aim_cachesnac(od, SNAC_FAMILY_OSERVICE, 0x0017, 0x0000, NULL, 0);
	flap_connection_send_snac(od, conn, SNAC_FAMILY_OSERVICE, 0x0017, 0x0000, snacid, &bs);

	byte_stream_destroy(&bs);
}

/* Subtype 0x0018 - Host versions */
static int
hostversions(OscarData *od, FlapConnection *conn, aim_module_t *mod, FlapFrame *frame, aim_modsnac_t *snac, ByteStream *bs)
{
	int vercount;
	guint8 *versions;

	/* This is frivolous. (Thank you SmarterChild.) */
	vercount = byte_stream_empty(bs)/4;
	versions = byte_stream_getraw(bs, byte_stream_empty(bs));
	g_free(versions);

	/*
	 * Now request rates.
	 */
	aim_srv_reqrates(od, conn);

	return 1;
}

/**
 * Subtype 0x001e - Extended Status/Extra Info.
 *
 * These settings are transient, not server-stored (i.e. they only
 * apply to this session, and must be re-set the next time you sign
 * on).
 *
 * You can set your ICQ status (available, away, do not disturb,
 * etc.), or whether your IP address should be hidden or not, or
 * if your status is visible on ICQ web sites, and you can set
 * your IP address info and what not.
 *
 * You can also set your "available" message.  This is currently
 * only supported by iChat, Purple and other 3rd party clients.
 *
 * These are the same TLVs seen in user info.  You can
 * also set 0x0008 and 0x000c.
 */
int
aim_srv_setextrainfo(OscarData *od,
		gboolean seticqstatus, guint32 icqstatus,
		gboolean setavailmsg, const char *availmsg, const char *itmsurl)
{
	FlapConnection *conn;
	ByteStream bs;
	aim_snacid_t snacid;
	GSList *tlvlist = NULL;

	if (!od || !(conn = flap_connection_findbygroup(od, SNAC_FAMILY_ICBM)))
		return -EINVAL;

	if (seticqstatus)
	{
		aim_tlvlist_add_32(&tlvlist, 0x0006, icqstatus |
				AIM_ICQ_STATE_HIDEIP | AIM_ICQ_STATE_DIRECTREQUIREAUTH);
	}

#if 0
	if (other_stuff_that_isnt_implemented)
	{
		aim_tlvlist_add_raw(&tlvlist, 0x000c, 0x0025,
				chunk_of_x25_bytes_with_ip_address_etc);
		aim_tlvlist_add_raw(&tlvlist, 0x0011, 0x0005, unknown 0x01 61 10 f6 41);
		aim_tlvlist_add_16(&tlvlist, 0x0012, unknown 0x00 00);
	}
#endif

	if (setavailmsg)
	{
		int availmsglen, itmsurllen;
		ByteStream tmpbs;

		availmsglen = (availmsg != NULL) ? strlen(availmsg) : 0;
		itmsurllen = (itmsurl != NULL) ? strlen(itmsurl) : 0;

		byte_stream_new(&tmpbs, availmsglen + 8 + itmsurllen + 8);
		byte_stream_put16(&tmpbs, 0x0002);
		byte_stream_put8(&tmpbs, 0x04); /* Flags */
		byte_stream_put8(&tmpbs, availmsglen + 4);
		byte_stream_put16(&tmpbs, availmsglen);
		if (availmsglen > 0)
			byte_stream_putstr(&tmpbs, availmsg);
		byte_stream_put16(&tmpbs, 0x0000);

		byte_stream_put16(&tmpbs, 0x0009);
		byte_stream_put8(&tmpbs, 0x04); /* Flags */
		byte_stream_put8(&tmpbs, itmsurllen + 4);
		byte_stream_put16(&tmpbs, itmsurllen);
		if (itmsurllen > 0)
			byte_stream_putstr(&tmpbs, itmsurl);
		byte_stream_put16(&tmpbs, 0x0000);

		aim_tlvlist_add_raw(&tlvlist, 0x001d,
				byte_stream_curpos(&tmpbs), tmpbs.data);
		byte_stream_destroy(&tmpbs);
	}

	byte_stream_new(&bs, aim_tlvlist_size(tlvlist));

	aim_tlvlist_write(&bs, &tlvlist);
	aim_tlvlist_free(tlvlist);

	snacid = aim_cachesnac(od, SNAC_FAMILY_OSERVICE, 0x001e, 0x0000, NULL, 0);
	flap_connection_send_snac(od, conn, SNAC_FAMILY_OSERVICE, 0x001e, 0x0000, snacid, &bs);

	byte_stream_destroy(&bs);

	return 0;
}

/**
 * Starting this past week (26 Mar 2001, say), AOL has started sending
 * this nice little extra SNAC.  AFAIK, it has never been used until now.
 *
 * The request contains eight bytes.  The first four are an offset, the
 * second four are a length.
 *
 * The offset is an offset into aim.exe when it is mapped during execution
 * on Win32.  So far, AOL has only been requesting bytes in static regions
 * of memory.  (I won't put it past them to start requesting data in
 * less static regions -- regions that are initialized at run time, but still
 * before the client receives this request.)
 *
 * When the client receives the request, it adds it to the current ds
 * (0x00400000) and dereferences it, copying the data into a buffer which
 * it then runs directly through the MD5 hasher.  The 16 byte output of
 * the hash is then sent back to the server.
 *
 * If the client does not send any data back, or the data does not match
 * the data that the specific client should have, the client will get the
 * following message from "AOL Instant Messenger":
 *    "You have been disconnected from the AOL Instant Message Service (SM)
 *     for accessing the AOL network using unauthorized software.  You can
 *     download a FREE, fully featured, and authorized client, here
 *     http://www.aol.com/aim/download2.html"
 * The connection is then closed, receiving disconnect code 1, URL
 * http://www.aim.aol.com/errors/USER_LOGGED_OFF_NEW_LOGIN.html.
 *
 * Note, however, that numerous inconsistencies can cause the above error,
 * not just sending back a bad hash.  Do not immediatly suspect this code
 * if you get disconnected.  AOL and the open/free software community have
 * played this game for a couple years now, generating the above message
 * on numerous ocassions.
 *
 * Anyway, neener.  We win again.
 *
 */
/* Subtype 0x001f - Client verification */
static int
memrequest(OscarData *od, FlapConnection *conn, aim_module_t *mod, FlapFrame *frame, aim_modsnac_t *snac, ByteStream *bs)
{
	int ret = 0;
	aim_rxcallback_t userfunc;
	guint32 offset, len;
	GSList *tlvlist;
	char *modname;

	offset = byte_stream_get32(bs);
	len = byte_stream_get32(bs);
	tlvlist = aim_tlvlist_read(bs);

	modname = aim_tlv_getstr(tlvlist, 0x0001, 1);

	purple_debug_info("oscar", "Got memory request for data at 0x%08x (%u bytes) of requested %s\n", offset, len, modname ? modname : "aim.exe");

	if ((userfunc = aim_callhandler(od, snac->family, snac->subtype)))
		ret = userfunc(od, conn, frame, offset, len, modname);

	g_free(modname);
	aim_tlvlist_free(tlvlist);

	return ret;
}

/* Subtype 0x0020 - Client verification reply */
int
aim_sendmemblock(OscarData *od, FlapConnection *conn, guint32 offset, guint32 len, const guint8 *buf, guint8 flag)
{
	ByteStream bs;
	aim_snacid_t snacid;

	if (!od || !conn)
		return -EINVAL;

	byte_stream_new(&bs, 2+16);

	byte_stream_put16(&bs, 0x0010); /* md5 is always 16 bytes */

	if ((flag == AIM_SENDMEMBLOCK_FLAG_ISHASH) && buf && (len == 0x10)) { /* we're getting a hash */

		byte_stream_putraw(&bs, buf, 0x10);

	} else if (buf && (len > 0)) { /* use input buffer */
		PurpleCipherContext *context;
		guchar digest[16];

		context = purple_cipher_context_new_by_name("md5", NULL);
		purple_cipher_context_append(context, buf, len);
		purple_cipher_context_digest(context, 16, digest, NULL);
		purple_cipher_context_destroy(context);

		byte_stream_putraw(&bs, digest, 0x10);

	} else if (len == 0) { /* no length, just hash NULL (buf is optional) */
		PurpleCipherContext *context;
		guchar digest[16];
		guint8 nil = '\0';

		/*
		 * I'm not sure if we really need the empty append with the
		 * new MD5 functions, so I'll leave it in, just in case.
		 */
		context = purple_cipher_context_new_by_name("md5", NULL);
		purple_cipher_context_append(context, &nil, 0);
		purple_cipher_context_digest(context, 16, digest, NULL);
		purple_cipher_context_destroy(context);

		byte_stream_putraw(&bs, digest, 0x10);

	} else {

		/*
		 * This data is correct for AIM 3.5.1670.
		 *
		 * Using these blocks is as close to "legal" as you can get
		 * without using an AIM binary.
		 *
		 */
		if ((offset == 0x03ffffff) && (len == 0x03ffffff)) {

#if 1 /* with "AnrbnrAqhfzcd" */
			byte_stream_put32(&bs, 0x44a95d26);
			byte_stream_put32(&bs, 0xd2490423);
			byte_stream_put32(&bs, 0x93b8821f);
			byte_stream_put32(&bs, 0x51c54b01);
#else /* no filename */
			byte_stream_put32(&bs, 0x1df8cbae);
			byte_stream_put32(&bs, 0x5523b839);
			byte_stream_put32(&bs, 0xa0e10db3);
			byte_stream_put32(&bs, 0xa46d3b39);
#endif

		} else
			purple_debug_warning("oscar", "sendmemblock: unknown hash request\n");

	}

	snacid = aim_cachesnac(od, SNAC_FAMILY_OSERVICE, 0x0020, 0x0000, NULL, 0);
	flap_connection_send_snac(od, conn, SNAC_FAMILY_OSERVICE, 0x0020, 0x0000, snacid, &bs);

	byte_stream_destroy(&bs);

	return 0;
}

/*
 * Subtype 0x0021 - Receive our extended status
 *
 * This is used for iChat's "available" messages, and maybe ICQ extended
 * status messages?  It's also used to tell the client whether or not it
 * needs to upload an SSI buddy icon... who engineers this stuff, anyway?
 */
static int
aim_parse_extstatus(OscarData *od, FlapConnection *conn, aim_module_t *mod, FlapFrame *frame, aim_modsnac_t *snac, ByteStream *bs)
{
	int ret = 0;
	aim_rxcallback_t userfunc;
	guint16 type;
	guint8 flags, length;

	type = byte_stream_get16(bs);
	flags = byte_stream_get8(bs);
	length = byte_stream_get8(bs);

	/*
	 * A flag of 0x01 could mean "this is the checksum we have for you"
	 * A flag of 0x40 could mean "I don't have your icon, upload it"
	 */

	if ((userfunc = aim_callhandler(od, snac->family, snac->subtype))) {
		switch (type) {
		case 0x0000:
		case 0x0001: { /* buddy icon checksum */
			/* not sure what the difference between 1 and 0 is */
			guint8 *md5 = byte_stream_getraw(bs, length);
			ret = userfunc(od, conn, frame, type, flags, length, md5);
			g_free(md5);
			} break;
		case 0x0002: { /* available message */
			/* there is a second length that is just for the message */
			char *msg = byte_stream_getstr(bs, byte_stream_get16(bs));
			ret = userfunc(od, conn, frame, msg);
			g_free(msg);
			} break;
		}
	}

	return ret;
}

static int
snachandler(OscarData *od, FlapConnection *conn, aim_module_t *mod, FlapFrame *frame, aim_modsnac_t *snac, ByteStream *bs)
{
	if (snac->subtype == 0x0003)
		return hostonline(od, conn, mod, frame, snac, bs);
	else if (snac->subtype == 0x0005)
		return redirect(od, conn, mod, frame, snac, bs);
	else if (snac->subtype == 0x0007)
		return rateresp(od, conn, mod, frame, snac, bs);
	else if (snac->subtype == 0x000a)
		return ratechange(od, conn, mod, frame, snac, bs);
	else if (snac->subtype == 0x000b)
		return serverpause(od, conn, mod, frame, snac, bs);
	else if (snac->subtype == 0x000d)
		return serverresume(od, conn, mod, frame, snac, bs);
	else if (snac->subtype == 0x000f)
		return selfinfo(od, conn, mod, frame, snac, bs);
	else if (snac->subtype == 0x0010)
		return evilnotify(od, conn, mod, frame, snac, bs);
	else if (snac->subtype == 0x0012)
		return migrate(od, conn, mod, frame, snac, bs);
	else if (snac->subtype == 0x0013)
		return motd(od, conn, mod, frame, snac, bs);
	else if (snac->subtype == 0x0018)
		return hostversions(od, conn, mod, frame, snac, bs);
	else if (snac->subtype == 0x001f)
		return memrequest(od, conn, mod, frame, snac, bs);
	else if (snac->subtype == 0x0021)
		return aim_parse_extstatus(od, conn, mod, frame, snac, bs);

	return 0;
}

int service_modfirst(OscarData *od, aim_module_t *mod)
{
	mod->family = SNAC_FAMILY_OSERVICE;
	mod->version = 0x0003;
	mod->toolid = 0x0110;
	mod->toolversion = 0x0629;
	mod->flags = 0;
	strncpy(mod->name, "oservice", sizeof(mod->name));
	mod->snachandler = snachandler;

	return 0;
}