Context Navigation

source: protocols/oscar/auth.c @ 61fc056

Last change on this file since 61fc056 was a39ede7, checked in by dequis <dx@…>, at 2018-03-31T02:04:45Z

oscar: remove old_icq_auth (XOR login, default off since 2010)

Holy crap this login method is *bad*

Property mode set to 100644

File size: 10.7 KB

Rev	Line
[b7d3cc34]	1	/*
	2	* Deals with the authorizer (group 0x0017=23, and old-style non-SNAC login).
	3	*
	4	*/
	5
[5ebff60]	6	#include <aim.h>
[b7d3cc34]	7
	8	#include "md5.h"
	9
[5ebff60]	10	/*
[b7d3cc34]	11	* This just pushes the passed cookie onto the passed connection, without
	12	* the SNAC header or any of that.
	13	*
	14	* Very commonly used, as every connection except auth will require this to
	15	* be the first thing you send.
	16	*
	17	*/
	18	int aim_sendcookie(aim_session_t sess, aim_conn_t conn, const guint8 *chipsahoy)
	19	{
	20	aim_frame_t *fr;
	21	aim_tlvlist_t *tl = NULL;
	22
[5ebff60]	23	if (!(fr = aim_tx_new(sess, conn, AIM_FRAMETYPE_FLAP, 0x0001, 4 + 2 + 2 + AIM_COOKIELEN))) {
[b7d3cc34]	24	return -ENOMEM;
[5ebff60]	25	}
[b7d3cc34]	26
	27	aimbs_put32(&fr->data, 0x00000001);
[5ebff60]	28	aim_addtlvtochain_raw(&tl, 0x0006, AIM_COOKIELEN, chipsahoy);
[b7d3cc34]	29	aim_writetlvchain(&fr->data, &tl);
	30	aim_freetlvchain(&tl);
	31
	32	aim_tx_enqueue(sess, fr);
	33
	34	return 0;
	35	}
	36
	37	/*
	38	* Normally the FLAP version is sent as the first few bytes of the cookie,
	39	* meaning you generally never call this.
	40	*
[e88fe7da]	41	* But there are times when something might want it separate. Specifically,
[b7d3cc34]	42	* libfaim sends this internally when doing SNAC login.
	43	*
	44	*/
	45	int aim_sendflapver(aim_session_t sess, aim_conn_t conn)
	46	{
	47	aim_frame_t *fr;
	48
[5ebff60]	49	if (!(fr = aim_tx_new(sess, conn, AIM_FRAMETYPE_FLAP, 0x01, 4))) {
[b7d3cc34]	50	return -ENOMEM;
[5ebff60]	51	}
[b7d3cc34]	52
	53	aimbs_put32(&fr->data, 0x00000001);
	54
	55	aim_tx_enqueue(sess, fr);
	56
	57	return 0;
	58	}
	59
	60	/*
[5ebff60]	61	* In AIM 3.5 protocol, the first stage of login is to request login from the
	62	* Authorizer, passing it the screen name for verification. If the name is
	63	* invalid, a 0017/0003 is spit back, with the standard error contents. If
	64	* valid, a 0017/0007 comes back, which is the signal to send it the main
	65	* login command (0017/0002).
[b7d3cc34]	66	*
	67	*/
	68	int aim_request_login(aim_session_t sess, aim_conn_t conn, const char *sn)
	69	{
	70	aim_frame_t *fr;
	71	aim_snacid_t snacid;
	72	aim_tlvlist_t *tl = NULL;
[5ebff60]	73
	74	if (!sess \|\| !conn \|\| !sn) {
[b7d3cc34]	75	return -EINVAL;
[5ebff60]	76	}
[b7d3cc34]	77
	78	sess->flags \|= AIM_SESS_FLAGS_SNACLOGIN;
	79
	80	aim_sendflapver(sess, conn);
	81
[5ebff60]	82	if (!(fr = aim_tx_new(sess, conn, AIM_FRAMETYPE_FLAP, 0x02, 10 + 2 + 2 + strlen(sn)))) {
[b7d3cc34]	83	return -ENOMEM;
[5ebff60]	84	}
[b7d3cc34]	85
	86	snacid = aim_cachesnac(sess, 0x0017, 0x0006, 0x0000, NULL, 0);
	87	aim_putsnac(&fr->data, 0x0017, 0x0006, 0x0000, snacid);
	88
[5ebff60]	89	aim_addtlvtochain_raw(&tl, 0x0001, strlen(sn), (guint8 *) sn);
[b7d3cc34]	90	aim_writetlvchain(&fr->data, &tl);
	91	aim_freetlvchain(&tl);
	92
	93	aim_tx_enqueue(sess, fr);
	94
	95	return 0;
	96	}
	97
	98	/*
	99	* send_login(int socket, char sn, char password)
[5ebff60]	100	*
[b7d3cc34]	101	* This is the initial login request packet.
	102	*
	103	* NOTE!! If you want/need to make use of the aim_sendmemblock() function,
	104	* then the client information you send here must exactly match the
	105	* executable that you're pulling the data from.
	106	*
	107	* WinAIM 4.8.2540
	108	* clientstring = "AOL Instant Messenger (SM), version 4.8.2540/WIN32"
	109	* clientid = 0x0109
	110	* major = 0x0004
	111	* minor = 0x0008
	112	* point = 0x0000
	113	* build = 0x09ec
	114	* t(0x0014) = 0x000000af
	115	* t(0x004a) = 0x01
	116	*
	117	* WinAIM 4.3.2188:
	118	* clientstring = "AOL Instant Messenger (SM), version 4.3.2188/WIN32"
	119	* clientid = 0x0109
	120	* major = 0x0400
	121	* minor = 0x0003
	122	* point = 0x0000
	123	* build = 0x088c
	124	* unknown = 0x00000086
	125	* lang = "en"
	126	* country = "us"
	127	* unknown4a = 0x01
	128	*
	129	* Latest WinAIM that libfaim can emulate without server-side buddylists:
	130	* clientstring = "AOL Instant Messenger (SM), version 4.1.2010/WIN32"
	131	* clientid = 0x0004
	132	* major = 0x0004
	133	* minor = 0x0001
	134	* point = 0x0000
	135	* build = 0x07da
	136	* unknown= 0x0000004b
	137	*
	138	* WinAIM 3.5.1670:
	139	* clientstring = "AOL Instant Messenger (SM), version 3.5.1670/WIN32"
	140	* clientid = 0x0004
	141	* major = 0x0003
	142	* minor = 0x0005
	143	* point = 0x0000
	144	* build = 0x0686
	145	* unknown =0x0000002a
	146	*
	147	* Java AIM 1.1.19:
	148	* clientstring = "AOL Instant Messenger (TM) version 1.1.19 for Java built 03/24/98, freeMem 215871 totalMem 1048567, i686, Linus, #2 SMP Sun Feb 11 03:41:17 UTC 2001 2.4.1-ac9, IBM Corporation, 1.1.8, 45.3, Tue Mar 27 12:09:17 PST 2001"
	149	* clientid = 0x0001
	150	* major = 0x0001
	151	* minor = 0x0001
	152	* point = (not sent)
	153	* build = 0x0013
	154	* unknown= (not sent)
[5ebff60]	155	*
[b7d3cc34]	156	* AIM for Linux 1.1.112:
	157	* clientstring = "AOL Instant Messenger (SM)"
	158	* clientid = 0x1d09
	159	* major = 0x0001
	160	* minor = 0x0001
	161	* point = 0x0001
	162	* build = 0x0070
	163	* unknown= 0x0000008b
	164	* serverstore = 0x01
	165	*
	166	*/
[5ebff60]	167	int aim_send_login(aim_session_t sess, aim_conn_t conn, const char sn, const char password,
	168	struct client_info_s ci, const char key)
[b7d3cc34]	169	{
	170	aim_frame_t *fr;
	171	aim_tlvlist_t *tl = NULL;
	172	guint8 digest[16];
	173	aim_snacid_t snacid;
	174
[5ebff60]	175	if (!ci \|\| !sn \|\| !password) {
[b7d3cc34]	176	return -EINVAL;
[5ebff60]	177	}
[b7d3cc34]	178
[5ebff60]	179	if (!(fr = aim_tx_new(sess, conn, AIM_FRAMETYPE_FLAP, 0x02, 1152))) {
[b7d3cc34]	180	return -ENOMEM;
[5ebff60]	181	}
[b7d3cc34]	182
	183	snacid = aim_cachesnac(sess, 0x0017, 0x0002, 0x0000, NULL, 0);
	184	aim_putsnac(&fr->data, 0x0017, 0x0002, 0x0000, snacid);
	185
[5ebff60]	186	aim_addtlvtochain_raw(&tl, 0x0001, strlen(sn), (guint8 *) sn);
[b7d3cc34]	187
	188	aim_encode_password_md5(password, key, digest);
	189	aim_addtlvtochain_raw(&tl, 0x0025, 16, digest);
	190
	191	/*
	192	* Newer versions of winaim have an empty type x004c TLV here.
	193	*/
	194
[5ebff60]	195	if (ci->clientstring) {
	196	aim_addtlvtochain_raw(&tl, 0x0003, strlen(ci->clientstring), (guint8 *) ci->clientstring);
	197	}
	198	aim_addtlvtochain16(&tl, 0x0016, (guint16) ci->clientid);
	199	aim_addtlvtochain16(&tl, 0x0017, (guint16) ci->major);
	200	aim_addtlvtochain16(&tl, 0x0018, (guint16) ci->minor);
	201	aim_addtlvtochain16(&tl, 0x0019, (guint16) ci->point);
	202	aim_addtlvtochain16(&tl, 0x001a, (guint16) ci->build);
	203	aim_addtlvtochain_raw(&tl, 0x000e, strlen(ci->country), (guint8 *) ci->country);
	204	aim_addtlvtochain_raw(&tl, 0x000f, strlen(ci->lang), (guint8 *) ci->lang);
[b7d3cc34]	205
	206	/*
	207	* If set, old-fashioned buddy lists will not work. You will need
	208	* to use SSI.
	209	*/
	210	aim_addtlvtochain8(&tl, 0x004a, 0x01);
	211
	212	aim_writetlvchain(&fr->data, &tl);
	213
	214	aim_freetlvchain(&tl);
[5ebff60]	215
[b7d3cc34]	216	aim_tx_enqueue(sess, fr);
	217
	218	return 0;
	219	}
	220
	221	int aim_encode_password_md5(const char password, const char key, guint8 *digest)
	222	{
	223	md5_state_t state;
	224
[5ebff60]	225	md5_init(&state);
	226	md5_append(&state, (const md5_byte_t *) key, strlen(key));
	227	md5_append(&state, (const md5_byte_t *) password, strlen(password));
	228	md5_append(&state, (const md5_byte_t *) AIM_MD5_STRING, strlen(AIM_MD5_STRING));
	229	md5_finish(&state, (md5_byte_t *) digest);
[b7d3cc34]	230
	231	return 0;
	232	}
	233
	234	/*
	235	* This is sent back as a general response to the login command.
	236	* It can be either an error or a success, depending on the
[5ebff60]	237	* precense of certain TLVs.
[b7d3cc34]	238	*
	239	* The client should check the value passed as errorcode. If
	240	* its nonzero, there was an error.
	241	*
	242	*/
	243	static int parse(aim_session_t sess, aim_module_t mod, aim_frame_t rx, aim_modsnac_t snac, aim_bstream_t *bs)
	244	{
	245	aim_tlvlist_t *tlvlist;
	246	aim_rxcallback_t userfunc;
	247	struct aim_authresp_info info;
	248	int ret = 0;
	249
	250	memset(&info, 0, sizeof(info));
	251
	252	/*
	253	* Read block of TLVs. All further data is derived
	254	* from what is parsed here.
	255	*/
	256	tlvlist = aim_readtlvchain(bs);
	257
	258	/*
	259	* No matter what, we should have a screen name.
	260	*/
	261	memset(sess->sn, 0, sizeof(sess->sn));
	262	if (aim_gettlv(tlvlist, 0x0001, 1)) {
	263	info.sn = aim_gettlv_str(tlvlist, 0x0001, 1);
	264	strncpy(sess->sn, info.sn, sizeof(sess->sn));
	265	}
	266
	267	/*
	268	* Check for an error code. If so, we should also
	269	* have an error url.
	270	*/
[5ebff60]	271	if (aim_gettlv(tlvlist, 0x0008, 1)) {
[b7d3cc34]	272	info.errorcode = aim_gettlv16(tlvlist, 0x0008, 1);
[5ebff60]	273	}
	274	if (aim_gettlv(tlvlist, 0x0004, 1)) {
[b7d3cc34]	275	info.errorurl = aim_gettlv_str(tlvlist, 0x0004, 1);
[5ebff60]	276	}
[b7d3cc34]	277
	278	/*
	279	* BOS server address.
	280	*/
[5ebff60]	281	if (aim_gettlv(tlvlist, 0x0005, 1)) {
[b7d3cc34]	282	info.bosip = aim_gettlv_str(tlvlist, 0x0005, 1);
[5ebff60]	283	}
[b7d3cc34]	284
	285	/*
	286	* Authorization cookie.
	287	*/
	288	if (aim_gettlv(tlvlist, 0x0006, 1)) {
	289	aim_tlv_t *tmptlv;
	290
	291	tmptlv = aim_gettlv(tlvlist, 0x0006, 1);
	292
	293	info.cookie = tmptlv->value;
	294	}
	295
	296	/*
	297	* The email address attached to this account
	298	* Not available for ICQ logins.
	299	*/
[5ebff60]	300	if (aim_gettlv(tlvlist, 0x0011, 1)) {
[b7d3cc34]	301	info.email = aim_gettlv_str(tlvlist, 0x0011, 1);
[5ebff60]	302	}
[b7d3cc34]	303
	304	/*
	305	* The registration status. (Not real sure what it means.)
	306	* Not available for ICQ logins.
	307	*
	308	* 1 = No disclosure
	309	* 2 = Limited disclosure
	310	* 3 = Full disclosure
	311	*
	312	* This has to do with whether your email address is available
	313	* to other users or not. AFAIK, this feature is no longer used.
	314	*
	315	*/
[5ebff60]	316	if (aim_gettlv(tlvlist, 0x0013, 1)) {
[b7d3cc34]	317	info.regstatus = aim_gettlv16(tlvlist, 0x0013, 1);
[5ebff60]	318	}
[b7d3cc34]	319
[5ebff60]	320	if (aim_gettlv(tlvlist, 0x0040, 1)) {
[b7d3cc34]	321	info.latestbeta.build = aim_gettlv32(tlvlist, 0x0040, 1);
[5ebff60]	322	}
	323	if (aim_gettlv(tlvlist, 0x0041, 1)) {
[b7d3cc34]	324	info.latestbeta.url = aim_gettlv_str(tlvlist, 0x0041, 1);
[5ebff60]	325	}
	326	if (aim_gettlv(tlvlist, 0x0042, 1)) {
[b7d3cc34]	327	info.latestbeta.info = aim_gettlv_str(tlvlist, 0x0042, 1);
[5ebff60]	328	}
	329	if (aim_gettlv(tlvlist, 0x0043, 1)) {
[b7d3cc34]	330	info.latestbeta.name = aim_gettlv_str(tlvlist, 0x0043, 1);
[5ebff60]	331	}
	332	if (aim_gettlv(tlvlist, 0x0048, 1)) {
[b7d3cc34]	333	; /* no idea what this is */
	334
[5ebff60]	335	}
	336	if (aim_gettlv(tlvlist, 0x0044, 1)) {
[b7d3cc34]	337	info.latestrelease.build = aim_gettlv32(tlvlist, 0x0044, 1);
[5ebff60]	338	}
	339	if (aim_gettlv(tlvlist, 0x0045, 1)) {
[b7d3cc34]	340	info.latestrelease.url = aim_gettlv_str(tlvlist, 0x0045, 1);
[5ebff60]	341	}
	342	if (aim_gettlv(tlvlist, 0x0046, 1)) {
[b7d3cc34]	343	info.latestrelease.info = aim_gettlv_str(tlvlist, 0x0046, 1);
[5ebff60]	344	}
	345	if (aim_gettlv(tlvlist, 0x0047, 1)) {
[b7d3cc34]	346	info.latestrelease.name = aim_gettlv_str(tlvlist, 0x0047, 1);
[5ebff60]	347	}
	348	if (aim_gettlv(tlvlist, 0x0049, 1)) {
[b7d3cc34]	349	; /* no idea what this is */
	350
	351
[5ebff60]	352	}
	353	if ((userfunc = aim_callhandler(sess, rx->conn, snac ? snac->family : 0x0017, snac ? snac->subtype : 0x0003))) {
[b7d3cc34]	354	ret = userfunc(sess, rx, &info);
[5ebff60]	355	}
[b7d3cc34]	356
	357	g_free(info.sn);
	358	g_free(info.bosip);
	359	g_free(info.errorurl);
	360	g_free(info.email);
	361	g_free(info.latestrelease.name);
	362	g_free(info.latestrelease.url);
	363	g_free(info.latestrelease.info);
	364	g_free(info.latestbeta.name);
	365	g_free(info.latestbeta.url);
	366	g_free(info.latestbeta.info);
	367
	368	aim_freetlvchain(&tlvlist);
	369
	370	return ret;
	371	}
	372
	373	/*
	374	* Middle handler for 0017/0007 SNACs. Contains the auth key prefixed
	375	* by only its length in a two byte word.
	376	*
	377	* Calls the client, which should then use the value to call aim_send_login.
	378	*
	379	*/
	380	static int keyparse(aim_session_t sess, aim_module_t mod, aim_frame_t rx, aim_modsnac_t snac, aim_bstream_t *bs)
	381	{
	382	int keylen, ret = 1;
	383	aim_rxcallback_t userfunc;
	384	char *keystr;
	385
	386	keylen = aimbs_get16(bs);
	387	keystr = aimbs_getstr(bs, keylen);
	388
[5ebff60]	389	if ((userfunc = aim_callhandler(sess, rx->conn, snac->family, snac->subtype))) {
[b7d3cc34]	390	ret = userfunc(sess, rx, keystr);
[5ebff60]	391	}
[b7d3cc34]	392
[5ebff60]	393	g_free(keystr);
[b7d3cc34]	394
	395	return ret;
	396	}
	397
	398	static int snachandler(aim_session_t sess, aim_module_t mod, aim_frame_t rx, aim_modsnac_t snac, aim_bstream_t *bs)
	399	{
	400
[5ebff60]	401	if (snac->subtype == 0x0003) {
[b7d3cc34]	402	return parse(sess, mod, rx, snac, bs);
[5ebff60]	403	} else if (snac->subtype == 0x0007) {
[b7d3cc34]	404	return keyparse(sess, mod, rx, snac, bs);
[5ebff60]	405	}
[b7d3cc34]	406
	407	return 0;
	408	}
	409
	410	int auth_modfirst(aim_session_t sess, aim_module_t mod)
	411	{
	412
	413	mod->family = 0x0017;
	414	mod->version = 0x0000;
	415	mod->flags = 0;
	416	strncpy(mod->name, "auth", sizeof(mod->name));
	417	mod->snachandler = snachandler;
	418
	419	return 0;
	420	}
	421

Note: See TracBrowser for help on using the repository browser.

Download in other formats: