* Purple's oscar protocol plugin * This file is the legal property of its developers. * Please see the AUTHORS file distributed alongside this file. * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2 of the License, or (at your option) any later version. * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * You should have received a copy of the GNU Lesser General Public * License along with this library; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02111-1301 USA * Family 0x0017 - Authentication. * Deals with the authorizer for SNAC-based login, and also old-style /* #define USE_XOR_FOR_ICQ */ * Encode a password using old XOR method * This takes a const pointer to a (null terminated) string * containing the unencoded password. It also gets passed * an already allocated buffer to store the encoded password. * This buffer should be the exact length of the password without * the null. The encoded password buffer /is not %NULL terminated/. * The encoding_table seems to be a fixed set of values. We'll * hope it doesn't change over time! * This is only used for the XOR method, not the better MD5 method. * @param password Incoming password. * @param encoded Buffer to put encoded password. aim_encode_password ( const char * password , guint8 * encoded ) guint8 encoding_table [] = { for ( i = 0 ; i < strlen ( password ); i ++ ) encoded [ i ] = ( password [ i ] ^ encoding_table [ i ]); aim_encode_password_md5 ( const char * password , size_t password_len , const char * key , guint8 * digest ) PurpleCipherContext * context ; context = purple_cipher_context_new_by_name ( "md5" , NULL ); purple_cipher_context_append ( context , ( const guchar * ) key , strlen ( key )); purple_cipher_context_append ( context , ( const guchar * ) password , password_len ); purple_cipher_context_append ( context , ( const guchar * ) AIM_MD5_STRING , strlen ( AIM_MD5_STRING )); purple_cipher_context_digest ( context , 16 , digest , NULL ); purple_cipher_context_destroy ( context ); aim_encode_password_md5 ( const char * password , size_t password_len , const char * key , guint8 * digest ) PurpleCipherContext * context ; cipher = purple_ciphers_find_cipher ( "md5" ); context = purple_cipher_context_new ( cipher , NULL ); purple_cipher_context_append ( context , ( const guchar * ) password , password_len ); purple_cipher_context_digest ( context , 16 , passdigest , NULL ); purple_cipher_context_destroy ( context ); context = purple_cipher_context_new ( cipher , NULL ); purple_cipher_context_append ( context , ( const guchar * ) key , strlen ( key )); purple_cipher_context_append ( context , passdigest , 16 ); purple_cipher_context_append ( context , ( const guchar * ) AIM_MD5_STRING , strlen ( AIM_MD5_STRING )); purple_cipher_context_digest ( context , 16 , digest , NULL ); purple_cipher_context_destroy ( context ); * Part two of the ICQ hack. Note the ignoring of the key. goddamnicq2 ( OscarData * od , FlapConnection * conn , const char * sn , const char * password , ClientInfo * ci ) guint8 * password_encoded ; passwdlen = strlen ( password ); password_encoded = ( guint8 * ) g_malloc ( passwdlen + 1 ); if ( passwdlen > MAXICQPASSLEN ) passwdlen = MAXICQPASSLEN ; frame = flap_frame_new ( od , 0x01 , 1152 ); aim_encode_password ( password , password_encoded ); distrib = oscar_get_ui_info_int ( od -> icq ? "prpl-icq-distid" : "prpl-aim-distid" , byte_stream_put32 ( & frame -> data , 0x00000001 ); /* FLAP Version */ aim_tlvlist_add_str ( & tlvlist , 0x0001 , sn ); aim_tlvlist_add_raw ( & tlvlist , 0x0002 , passwdlen , password_encoded ); if ( ci -> clientstring != NULL ) aim_tlvlist_add_str ( & tlvlist , 0x0003 , ci -> clientstring ); gchar * clientstring = oscar_get_clientstring (); aim_tlvlist_add_str ( & tlvlist , 0x0003 , clientstring ); aim_tlvlist_add_16 ( & tlvlist , 0x0016 , ( guint16 ) ci -> clientid ); aim_tlvlist_add_16 ( & tlvlist , 0x0017 , ( guint16 ) ci -> major ); aim_tlvlist_add_16 ( & tlvlist , 0x0018 , ( guint16 ) ci -> minor ); aim_tlvlist_add_16 ( & tlvlist , 0x0019 , ( guint16 ) ci -> point ); aim_tlvlist_add_16 ( & tlvlist , 0x001a , ( guint16 ) ci -> build ); aim_tlvlist_add_32 ( & tlvlist , 0x0014 , distrib ); /* distribution chan */ aim_tlvlist_add_str ( & tlvlist , 0x000f , ci -> lang ); aim_tlvlist_add_str ( & tlvlist , 0x000e , ci -> country ); aim_tlvlist_write ( & frame -> data , & tlvlist ); g_free ( password_encoded ); aim_tlvlist_free ( tlvlist ); flap_connection_send ( conn , frame ); * This is the initial login request packet. * NOTE!! If you want/need to make use of the aim_sendmemblock() function, * then the client information you send here must exactly match the * executable that you're pulling the data from. * clientstring = "AOL Instant Messenger (TM) version 1.1.19 for Java built 03/24/98, freeMem 215871 totalMem 1048567, i686, Linus, #2 SMP Sun Feb 11 03:41:17 UTC 2001 2.4.1-ac9, IBM Corporation, 1.1.8, 45.3, Tue Mar 27 12:09:17 PST 2001" * clientstring = "AOL Instant Messenger (SM)" * @param truncate_pass Truncate the password to 8 characters. This * usually happens for AOL accounts. We are told that we * should truncate it if the 0x0017/0x0007 SNAC contains * a TLV of type 0x0026 with data 0x0000. * @param allow_multiple_logins Allow multiple logins? If TRUE, the AIM * server will prompt the user when multiple logins occur. If * FALSE, existing connections (on other clients) will be * disconnected automatically as we connect. aim_send_login ( OscarData * od , FlapConnection * conn , const char * sn , const char * password , gboolean truncate_pass , ClientInfo * ci , const char * key , gboolean allow_multiple_logins ) if ( ! ci || ! sn || ! password ) /* If we're signing on an ICQ account then use the older, XOR login method */ return goddamnicq2 ( od , conn , sn , password , ci ); frame = flap_frame_new ( od , 0x02 , 1152 ); snacid = aim_cachesnac ( od , SNAC_FAMILY_AUTH , 0x0002 , 0x0000 , NULL , 0 ); aim_putsnac ( & frame -> data , SNAC_FAMILY_AUTH , 0x0002 , snacid ); aim_tlvlist_add_str ( & tlvlist , 0x0001 , sn ); /* Truncate ICQ and AOL passwords, if necessary */ password_len = strlen ( password ); if ( oscar_util_valid_name_icq ( sn ) && ( password_len > MAXICQPASSLEN )) password_len = MAXICQPASSLEN ; else if ( truncate_pass && password_len > 8 ) aim_encode_password_md5 ( password , password_len , key , digest ); distrib = oscar_get_ui_info_int ( od -> icq ? "prpl-icq-distid" : "prpl-aim-distid" , aim_tlvlist_add_raw ( & tlvlist , 0x0025 , 16 , digest ); aim_tlvlist_add_noval ( & tlvlist , 0x004c ); if ( ci -> clientstring != NULL ) aim_tlvlist_add_str ( & tlvlist , 0x0003 , ci -> clientstring ); gchar * clientstring = oscar_get_clientstring (); aim_tlvlist_add_str ( & tlvlist , 0x0003 , clientstring ); aim_tlvlist_add_16 ( & tlvlist , 0x0016 , ( guint16 ) ci -> clientid ); aim_tlvlist_add_16 ( & tlvlist , 0x0017 , ( guint16 ) ci -> major ); aim_tlvlist_add_16 ( & tlvlist , 0x0018 , ( guint16 ) ci -> minor ); aim_tlvlist_add_16 ( & tlvlist , 0x0019 , ( guint16 ) ci -> point ); aim_tlvlist_add_16 ( & tlvlist , 0x001a , ( guint16 ) ci -> build ); aim_tlvlist_add_32 ( & tlvlist , 0x0014 , distrib ); aim_tlvlist_add_str ( & tlvlist , 0x000f , ci -> lang ); aim_tlvlist_add_str ( & tlvlist , 0x000e , ci -> country ); * If set, old-fashioned buddy lists will not work. You will need aim_tlvlist_add_8 ( & tlvlist , 0x004a , ( allow_multiple_logins ? 0x01 : 0x03 )); aim_tlvlist_write ( & frame -> data , & tlvlist ); aim_tlvlist_free ( tlvlist ); flap_connection_send ( conn , frame ); * This is sent back as a general response to the login command. * It can be either an error or a success, depending on the * presence of certain TLVs. * The client should check the value passed as errorcode. If * its nonzero, there was an error. parse ( OscarData * od , FlapConnection * conn , aim_module_t * mod , FlapFrame * frame , aim_modsnac_t * snac , ByteStream * bs ) aim_rxcallback_t userfunc ; struct aim_authresp_info * info ; info = g_new0 ( struct aim_authresp_info , 1 ); * Read block of TLVs. All further data is derived * from what is parsed here. tlvlist = aim_tlvlist_read ( bs ); * No matter what, we should have a username. if ( aim_tlv_gettlv ( tlvlist , 0x0001 , 1 )) { info -> bn = aim_tlv_getstr ( tlvlist , 0x0001 , 1 ); purple_connection_set_display_name ( od -> gc , info -> bn ); * Check for an error code. If so, we should also if ( aim_tlv_gettlv ( tlvlist , 0x0008 , 1 )) info -> errorcode = aim_tlv_get16 ( tlvlist , 0x0008 , 1 ); if ( aim_tlv_gettlv ( tlvlist , 0x0004 , 1 )) info -> errorurl = aim_tlv_getstr ( tlvlist , 0x0004 , 1 ); if ( aim_tlv_gettlv ( tlvlist , 0x0005 , 1 )) info -> bosip = aim_tlv_getstr ( tlvlist , 0x0005 , 1 ); if ( aim_tlv_gettlv ( tlvlist , 0x0006 , 1 )) { tmptlv = aim_tlv_gettlv ( tlvlist , 0x0006 , 1 ); info -> cookielen = tmptlv -> length ; info -> cookie = tmptlv -> value ; * The email address attached to this account * Not available for ICQ or @mac.com logins. * If you receive this TLV, then you are allowed to use * family 0x0018 to check the status of your email. if ( aim_tlv_gettlv ( tlvlist , 0x0011 , 1 )) info -> email = aim_tlv_getstr ( tlvlist , 0x0011 , 1 ); * The registration status. (Not real sure what it means.) * Not available for ICQ or @mac.com logins. * This has to do with whether your email address is available * to other users or not. AFAIK, this feature is no longer used. * Means you can use the admin family? (0x0007) if ( aim_tlv_gettlv ( tlvlist , 0x0013 , 1 )) info -> regstatus = aim_tlv_get16 ( tlvlist , 0x0013 , 1 ); if ( aim_tlv_gettlv ( tlvlist , 0x0040 , 1 )) info -> latestbeta . build = aim_tlv_get32 ( tlvlist , 0x0040 , 1 ); if ( aim_tlv_gettlv ( tlvlist , 0x0041 , 1 )) info -> latestbeta . url = aim_tlv_getstr ( tlvlist , 0x0041 , 1 ); if ( aim_tlv_gettlv ( tlvlist , 0x0042 , 1 )) info -> latestbeta . info = aim_tlv_getstr ( tlvlist , 0x0042 , 1 ); if ( aim_tlv_gettlv ( tlvlist , 0x0043 , 1 )) info -> latestbeta . name = aim_tlv_getstr ( tlvlist , 0x0043 , 1 ); if ( aim_tlv_gettlv ( tlvlist , 0x0044 , 1 )) info -> latestrelease . build = aim_tlv_get32 ( tlvlist , 0x0044 , 1 ); if ( aim_tlv_gettlv ( tlvlist , 0x0045 , 1 )) info -> latestrelease . url = aim_tlv_getstr ( tlvlist , 0x0045 , 1 ); if ( aim_tlv_gettlv ( tlvlist , 0x0046 , 1 )) info -> latestrelease . info = aim_tlv_getstr ( tlvlist , 0x0046 , 1 ); if ( aim_tlv_gettlv ( tlvlist , 0x0047 , 1 )) info -> latestrelease . name = aim_tlv_getstr ( tlvlist , 0x0047 , 1 ); * URL to change password. if ( aim_tlv_gettlv ( tlvlist , 0x0054 , 1 )) info -> chpassurl = aim_tlv_getstr ( tlvlist , 0x0054 , 1 ); if (( userfunc = aim_callhandler ( od , snac ? snac -> family : SNAC_FAMILY_AUTH , snac ? snac -> subtype : 0x0003 ))) ret = userfunc ( od , conn , frame , info ); aim_tlvlist_free ( tlvlist ); * Subtype 0x0007 (kind of) - Send a fake type 0x0007 SNAC to the client * This is a bit confusing. * Normal SNAC login goes like this: * - server sends flap version * - client sends flap version * - client sends username (17/6) * - server sends hash key (17/7) * - client sends auth request (17/2 -- aim_send_login) * XOR login (for ICQ) goes like this: * - server sends flap version * - client sends auth request which contains flap version (aim_send_login) * For the client API, we make them implement the most complicated version, * and for the simpler version, we fake it and make it look like the more * This is done by giving the client a faked key, just so we can convince * them to call aim_send_login right away, which will detect the session * flag that says this is XOR login and ignore the key, sending an ICQ * login request instead of the normal SNAC one. * As soon as AOL makes ICQ log in the same way as AIM, this is /gone/. goddamnicq ( OscarData * od , FlapConnection * conn , const char * sn ) aim_rxcallback_t userfunc ; if (( userfunc = aim_callhandler ( od , SNAC_FAMILY_AUTH , 0x0007 ))) userfunc ( od , conn , & frame , "" ); * In AIM 3.5 protocol, the first stage of login is to request login from the * Authorizer, passing it the username for verification. If the name is * invalid, a 0017/0003 is spit back, with the standard error contents. If * valid, a 0017/0007 comes back, which is the signal to send it the main * login command (0017/0002). aim_request_login ( OscarData * od , FlapConnection * conn , const char * sn ) return goddamnicq ( od , conn , sn ); frame = flap_frame_new ( od , 0x02 , 10 + 2 + 2 + strlen ( sn ) + 8 ); snacid = aim_cachesnac ( od , SNAC_FAMILY_AUTH , 0x0006 , 0x0000 , NULL , 0 ); aim_putsnac ( & frame -> data , SNAC_FAMILY_AUTH , 0x0006 , snacid ); aim_tlvlist_add_str ( & tlvlist , 0x0001 , sn ); /* Tell the server we support SecurID logins. */ aim_tlvlist_add_noval ( & tlvlist , 0x004b ); /* Unknown. Sent in recent WinAIM clients.*/ aim_tlvlist_add_noval ( & tlvlist , 0x005a ); aim_tlvlist_write ( & frame -> data , & tlvlist ); aim_tlvlist_free ( tlvlist ); flap_connection_send ( conn , frame ); * Middle handler for 0017/0007 SNACs. Contains the auth key prefixed * by only its length in a two byte word. * Calls the client, which should then use the value to call aim_send_login. keyparse ( OscarData * od , FlapConnection * conn , aim_module_t * mod , FlapFrame * frame , aim_modsnac_t * snac , ByteStream * bs ) aim_rxcallback_t userfunc ; keylen = byte_stream_get16 ( bs ); keystr = byte_stream_getstr ( bs , keylen ); tlvlist = aim_tlvlist_read ( bs ); * If the truncate_pass TLV exists then we should truncate the * user's password to 8 characters. This flag is sent to us * when logging in with an AOL user's username. truncate_pass = aim_tlv_gettlv ( tlvlist , 0x0026 , 1 ) != NULL ; /* XXX - When GiantGrayPanda signed on AIM I got a thing asking me to register * for the netscape network. This SNAC had a type 0x0058 TLV with length 10. * Data is 0x0007 0004 3e19 ae1e 0006 0004 0000 0005 */ if (( userfunc = aim_callhandler ( od , snac -> family , snac -> subtype ))) ret = userfunc ( od , conn , frame , keystr , ( int ) truncate_pass ); aim_tlvlist_free ( tlvlist ); * Receive SecurID request. got_securid_request ( OscarData * od , FlapConnection * conn , aim_module_t * mod , FlapFrame * frame , aim_modsnac_t * snac , ByteStream * bs ) aim_rxcallback_t userfunc ; if (( userfunc = aim_callhandler ( od , snac -> family , snac -> subtype ))) ret = userfunc ( od , conn , frame ); aim_auth_securid_send ( OscarData * od , const char * securid ) if ( ! od || ! ( conn = flap_connection_getbytype_all ( od , SNAC_FAMILY_AUTH )) || ! securid ) frame = flap_frame_new ( od , 0x02 , 10 + 2 + len ); snacid = aim_cachesnac ( od , SNAC_FAMILY_AUTH , SNAC_SUBTYPE_AUTH_SECURID_RESPONSE , 0x0000 , NULL , 0 ); aim_putsnac ( & frame -> data , SNAC_FAMILY_AUTH , SNAC_SUBTYPE_AUTH_SECURID_RESPONSE , 0 ); byte_stream_put16 ( & frame -> data , len ); byte_stream_putstr ( & frame -> data , securid ); flap_connection_send ( conn , frame ); auth_shutdown ( OscarData * od , aim_module_t * mod ) if ( od -> authinfo != NULL ) g_free ( od -> authinfo -> bn ); g_free ( od -> authinfo -> bosip ); g_free ( od -> authinfo -> errorurl ); g_free ( od -> authinfo -> email ); g_free ( od -> authinfo -> chpassurl ); g_free ( od -> authinfo -> latestrelease . name ); g_free ( od -> authinfo -> latestrelease . url ); g_free ( od -> authinfo -> latestrelease . info ); g_free ( od -> authinfo -> latestbeta . name ); g_free ( od -> authinfo -> latestbeta . url ); g_free ( od -> authinfo -> latestbeta . info ); snachandler ( OscarData * od , FlapConnection * conn , aim_module_t * mod , FlapFrame * frame , aim_modsnac_t * snac , ByteStream * bs ) if ( snac -> subtype == 0x0003 ) return parse ( od , conn , mod , frame , snac , bs ); else if ( snac -> subtype == 0x0007 ) return keyparse ( od , conn , mod , frame , snac , bs ); else if ( snac -> subtype == 0x000a ) return got_securid_request ( od , conn , mod , frame , snac , bs ); auth_modfirst ( OscarData * od , aim_module_t * mod ) mod -> family = SNAC_FAMILY_AUTH ; strncpy ( mod -> name , "auth" , sizeof ( mod -> name )); mod -> snachandler = snachandler ; mod -> shutdown = auth_shutdown ;