Context Navigation

source: libfaim/auth.c @ 5d9c664

Visit:

barnowl_perlaimdebianowlrelease-1.10release-1.4release-1.5release-1.6release-1.7release-1.8release-1.9

Last change on this file since 5d9c664 was 862371b, checked in by James M. Kretchmar <kretch@mit.edu>, 22 years ago
* empty log message *
Property mode set to `100644`
File size: 15.1 KB

Line
1	/*
2	* Family 0x0017 - Authentication.
3	*
4	* Deals with the authorizer for SNAC-based login, and also old-style
5	* non-SNAC login.
6	*
7	*/
8
9	#define FAIM_INTERNAL
10	#include <aim.h>
11
12	#include "md5.h"
13
14	static int aim_encode_password(const char password, unsigned char encoded);
15
16	/*
17	* This just pushes the passed cookie onto the passed connection, without
18	* the SNAC header or any of that.
19	*
20	* Very commonly used, as every connection except auth will require this to
21	* be the first thing you send.
22	*
23	*/
24	faim_export int aim_sendcookie(aim_session_t sess, aim_conn_t conn, const fu8_t *chipsahoy)
25	{
26	aim_frame_t *fr;
27	aim_tlvlist_t *tl = NULL;
28
29	if (!(fr = aim_tx_new(sess, conn, AIM_FRAMETYPE_FLAP, 0x0001, 4+2+2+AIM_COOKIELEN)))
30	return -ENOMEM;
31
32	aimbs_put32(&fr->data, 0x00000001);
33	aim_addtlvtochain_raw(&tl, 0x0006, AIM_COOKIELEN, chipsahoy);
34	aim_writetlvchain(&fr->data, &tl);
35	aim_freetlvchain(&tl);
36
37	aim_tx_enqueue(sess, fr);
38
39	return 0;
40	}
41
42	/*
43	* Normally the FLAP version is sent as the first few bytes of the cookie,
44	* meaning you generally never call this.
45	*
46	* But there are times when something might want it seperate. Specifically,
47	* libfaim sends this internally when doing SNAC login.
48	*
49	*/
50	faim_export int aim_sendflapver(aim_session_t sess, aim_conn_t conn)
51	{
52	aim_frame_t *fr;
53
54	if (!(fr = aim_tx_new(sess, conn, AIM_FRAMETYPE_FLAP, 0x01, 4)))
55	return -ENOMEM;
56
57	aimbs_put32(&fr->data, 0x00000001);
58
59	aim_tx_enqueue(sess, fr);
60
61	return 0;
62	}
63
64	/*
65	* This is a bit confusing.
66	*
67	* Normal SNAC login goes like this:
68	* - connect
69	* - server sends flap version
70	* - client sends flap version
71	* - client sends screen name (17/6)
72	* - server sends hash key (17/7)
73	* - client sends auth request (17/2 -- aim_send_login)
74	* - server yells
75	*
76	* XOR login (for ICQ) goes like this:
77	* - connect
78	* - server sends flap version
79	* - client sends auth request which contains flap version (aim_send_login)
80	* - server yells
81	*
82	* For the client API, we make them implement the most complicated version,
83	* and for the simpler version, we fake it and make it look like the more
84	* complicated process.
85	*
86	* This is done by giving the client a faked key, just so we can convince
87	* them to call aim_send_login right away, which will detect the session
88	* flag that says this is XOR login and ignore the key, sending an ICQ
89	* login request instead of the normal SNAC one.
90	*
91	* As soon as AOL makes ICQ log in the same way as AIM, this is /gone/.
92	*
93	* XXX This may cause problems if the client relies on callbacks only
94	* being called from the context of aim_rxdispatch()...
95	*
96	*/
97	static int goddamnicq(aim_session_t sess, aim_conn_t conn, const char *sn)
98	{
99	aim_frame_t fr;
100	aim_rxcallback_t userfunc;
101
102	sess->flags &= ~AIM_SESS_FLAGS_SNACLOGIN;
103	sess->flags \|= AIM_SESS_FLAGS_XORLOGIN;
104
105	fr.conn = conn;
106
107	if ((userfunc = aim_callhandler(sess, conn, 0x0017, 0x0007)))
108	userfunc(sess, &fr, "");
109
110	return 0;
111	}
112
113	/*
114	* In AIM 3.5 protocol, the first stage of login is to request login from the
115	* Authorizer, passing it the screen name for verification. If the name is
116	* invalid, a 0017/0003 is spit back, with the standard error contents. If
117	* valid, a 0017/0007 comes back, which is the signal to send it the main
118	* login command (0017/0002).
119	*
120	*/
121	faim_export int aim_request_login(aim_session_t sess, aim_conn_t conn, const char *sn)
122	{
123	aim_frame_t *fr;
124	aim_snacid_t snacid;
125	aim_tlvlist_t *tl = NULL;
126
127	if (!sess \|\| !conn \|\| !sn)
128	return -EINVAL;
129
130	if ((sn[0] >= '0') && (sn[0] <= '9'))
131	return goddamnicq(sess, conn, sn);
132
133	sess->flags \|= AIM_SESS_FLAGS_SNACLOGIN;
134
135	aim_sendflapver(sess, conn);
136
137	if (!(fr = aim_tx_new(sess, conn, AIM_FRAMETYPE_FLAP, 0x02, 10+2+2+strlen(sn))))
138	return -ENOMEM;
139
140	snacid = aim_cachesnac(sess, 0x0017, 0x0006, 0x0000, NULL, 0);
141	aim_putsnac(&fr->data, 0x0017, 0x0006, 0x0000, snacid);
142
143	aim_addtlvtochain_raw(&tl, 0x0001, strlen(sn), sn);
144	aim_writetlvchain(&fr->data, &tl);
145	aim_freetlvchain(&tl);
146
147	aim_tx_enqueue(sess, fr);
148
149	return 0;
150	}
151
152	/*
153	* Part two of the ICQ hack. Note the ignoring of the key.
154	*/
155	static int goddamnicq2(aim_session_t sess, aim_conn_t conn, const char sn, const char password, struct client_info_s *ci)
156	{
157	aim_frame_t *fr;
158	aim_tlvlist_t *tl = NULL;
159	char *password_encoded;
160
161	if (!(password_encoded = (char *) malloc(strlen(password))))
162	return -ENOMEM;
163
164	if (!(fr = aim_tx_new(sess, conn, AIM_FRAMETYPE_FLAP, 0x01, 1152))) {
165	free(password_encoded);
166	return -ENOMEM;
167	}
168
169	aim_encode_password(password, password_encoded);
170
171	aimbs_put32(&fr->data, 0x00000001); /* FLAP Version */
172	aim_addtlvtochain_raw(&tl, 0x0001, strlen(sn), sn);
173	aim_addtlvtochain_raw(&tl, 0x0002, strlen(password), password_encoded);
174
175	if (ci->clientstring)
176	aim_addtlvtochain_raw(&tl, 0x0003, strlen(ci->clientstring), ci->clientstring);
177	aim_addtlvtochain16(&tl, 0x0016, (fu16_t)ci->clientid);
178	aim_addtlvtochain16(&tl, 0x0017, (fu16_t)ci->major);
179	aim_addtlvtochain16(&tl, 0x0018, (fu16_t)ci->minor);
180	aim_addtlvtochain16(&tl, 0x0019, (fu16_t)ci->point);
181	aim_addtlvtochain16(&tl, 0x001a, (fu16_t)ci->build);
182	aim_addtlvtochain32(&tl, 0x0014, 0x00000055); /* distribution chan */
183	aim_addtlvtochain_raw(&tl, 0x000f, strlen(ci->lang), ci->lang);
184	aim_addtlvtochain_raw(&tl, 0x000e, strlen(ci->country), ci->country);
185
186	aim_writetlvchain(&fr->data, &tl);
187
188	free(password_encoded);
189	aim_freetlvchain(&tl);
190
191	aim_tx_enqueue(sess, fr);
192
193	return 0;
194	}
195
196	/*
197	* send_login(int socket, char sn, char password)
198	*
199	* This is the initial login request packet.
200	*
201	* NOTE!! If you want/need to make use of the aim_sendmemblock() function,
202	* then the client information you send here must exactly match the
203	* executable that you're pulling the data from.
204	*
205	* WinAIM 4.8.2540
206	* clientstring = "AOL Instant Messenger (SM), version 4.8.2540/WIN32"
207	* clientid = 0x0109
208	* major = 0x0004
209	* minor = 0x0008
210	* point = 0x0000
211	* build = 0x09ec
212	* t(0x0014) = 0x000000af
213	* t(0x004a) = 0x01
214	*
215	* WinAIM 4.3.2188:
216	* clientstring = "AOL Instant Messenger (SM), version 4.3.2188/WIN32"
217	* clientid = 0x0109
218	* major = 0x0400
219	* minor = 0x0003
220	* point = 0x0000
221	* build = 0x088c
222	* unknown = 0x00000086
223	* lang = "en"
224	* country = "us"
225	* unknown4a = 0x01
226	*
227	* Latest WinAIM that libfaim can emulate without server-side buddylists:
228	* clientstring = "AOL Instant Messenger (SM), version 4.1.2010/WIN32"
229	* clientid = 0x0004
230	* major = 0x0004
231	* minor = 0x0001
232	* point = 0x0000
233	* build = 0x07da
234	* unknown= 0x0000004b
235	*
236	* WinAIM 3.5.1670:
237	* clientstring = "AOL Instant Messenger (SM), version 3.5.1670/WIN32"
238	* clientid = 0x0004
239	* major = 0x0003
240	* minor = 0x0005
241	* point = 0x0000
242	* build = 0x0686
243	* unknown =0x0000002a
244	*
245	* Java AIM 1.1.19:
246	* clientstring = "AOL Instant Messenger (TM) version 1.1.19 for Java built 03/24/98, freeMem 215871 totalMem 1048567, i686, Linus, #2 SMP Sun Feb 11 03:41:17 UTC 2001 2.4.1-ac9, IBM Corporation, 1.1.8, 45.3, Tue Mar 27 12:09:17 PST 2001"
247	* clientid = 0x0001
248	* major = 0x0001
249	* minor = 0x0001
250	* point = (not sent)
251	* build = 0x0013
252	* unknown= (not sent)
253	*
254	* AIM for Linux 1.1.112:
255	* clientstring = "AOL Instant Messenger (SM)"
256	* clientid = 0x1d09
257	* major = 0x0001
258	* minor = 0x0001
259	* point = 0x0001
260	* build = 0x0070
261	* unknown= 0x0000008b
262	* serverstore = 0x01
263	*
264	*/
265	faim_export int aim_send_login(aim_session_t sess, aim_conn_t conn, const char sn, const char password, struct client_info_s ci, const char key)
266	{
267	aim_frame_t *fr;
268	aim_tlvlist_t *tl = NULL;
269	fu8_t digest[16];
270	aim_snacid_t snacid;
271
272	if (!ci \|\| !sn \|\| !password)
273	return -EINVAL;
274
275	/*
276	* What the XORLOGIN flag _really_ means is that its an ICQ login,
277	* which is really stupid and painful, so its not done here.
278	*
279	*/
280	if (sess->flags & AIM_SESS_FLAGS_XORLOGIN)
281	return goddamnicq2(sess, conn, sn, password, ci);
282
283
284	if (!(fr = aim_tx_new(sess, conn, AIM_FRAMETYPE_FLAP, 0x02, 1152)))
285	return -ENOMEM;
286
287	snacid = aim_cachesnac(sess, 0x0017, 0x0002, 0x0000, NULL, 0);
288	aim_putsnac(&fr->data, 0x0017, 0x0002, 0x0000, snacid);
289
290	aim_addtlvtochain_raw(&tl, 0x0001, strlen(sn), sn);
291
292	aim_encode_password_md5(password, key, digest);
293	aim_addtlvtochain_raw(&tl, 0x0025, 16, digest);
294
295	/*
296	* Newer versions of winaim have an empty type x004c TLV here.
297	*/
298
299	if (ci->clientstring)
300	aim_addtlvtochain_raw(&tl, 0x0003, strlen(ci->clientstring), ci->clientstring);
301	aim_addtlvtochain16(&tl, 0x0016, (fu16_t)ci->clientid);
302	aim_addtlvtochain16(&tl, 0x0017, (fu16_t)ci->major);
303	aim_addtlvtochain16(&tl, 0x0018, (fu16_t)ci->minor);
304	aim_addtlvtochain16(&tl, 0x0019, (fu16_t)ci->point);
305	aim_addtlvtochain16(&tl, 0x001a, (fu16_t)ci->build);
306	aim_addtlvtochain_raw(&tl, 0x000e, strlen(ci->country), ci->country);
307	aim_addtlvtochain_raw(&tl, 0x000f, strlen(ci->lang), ci->lang);
308
309	/*
310	* If set, old-fashioned buddy lists will not work. You will need
311	* to use SSI.
312	*/
313	aim_addtlvtochain8(&tl, 0x004a, 0x01);
314
315	aim_writetlvchain(&fr->data, &tl);
316
317	aim_freetlvchain(&tl);
318
319	aim_tx_enqueue(sess, fr);
320
321	return 0;
322	}
323
324	faim_export int aim_encode_password_md5(const char password, const char key, fu8_t *digest)
325	{
326	md5_state_t state;
327
328	md5_init(&state);
329	md5_append(&state, (const md5_byte_t *)key, strlen(key));
330	md5_append(&state, (const md5_byte_t *)password, strlen(password));
331	md5_append(&state, (const md5_byte_t *)AIM_MD5_STRING, strlen(AIM_MD5_STRING));
332	md5_finish(&state, (md5_byte_t *)digest);
333
334	return 0;
335	}
336
337	/**
338	* aim_encode_password - Encode a password using old XOR method
339	* @password: incoming password
340	* @encoded: buffer to put encoded password
341	*
342	* This takes a const pointer to a (null terminated) string
343	* containing the unencoded password. It also gets passed
344	* an already allocated buffer to store the encoded password.
345	* This buffer should be the exact length of the password without
346	* the null. The encoded password buffer /is not %NULL terminated/.
347	*
348	* The encoding_table seems to be a fixed set of values. We'll
349	* hope it doesn't change over time!
350	*
351	* This is only used for the XOR method, not the better MD5 method.
352	*
353	*/
354	static int aim_encode_password(const char password, fu8_t encoded)
355	{
356	fu8_t encoding_table[] = {
357	#if 0 /* old v1 table */
358	0xf3, 0xb3, 0x6c, 0x99,
359	0x95, 0x3f, 0xac, 0xb6,
360	0xc5, 0xfa, 0x6b, 0x63,
361	0x69, 0x6c, 0xc3, 0x9f
362	#else /* v2.1 table, also works for ICQ */
363	0xf3, 0x26, 0x81, 0xc4,
364	0x39, 0x86, 0xdb, 0x92,
365	0x71, 0xa3, 0xb9, 0xe6,
366	0x53, 0x7a, 0x95, 0x7c
367	#endif
368	};
369	int i;
370
371	for (i = 0; i < strlen(password); i++)
372	encoded[i] = (password[i] ^ encoding_table[i]);
373
374	return 0;
375	}
376
377	/*
378	* This is sent back as a general response to the login command.
379	* It can be either an error or a success, depending on the
380	* precense of certain TLVs.
381	*
382	* The client should check the value passed as errorcode. If
383	* its nonzero, there was an error.
384	*
385	*/
386	static int parse(aim_session_t sess, aim_module_t mod, aim_frame_t rx, aim_modsnac_t snac, aim_bstream_t *bs)
387	{
388	aim_tlvlist_t *tlvlist;
389	aim_rxcallback_t userfunc;
390	struct aim_authresp_info info;
391	int ret = 0;
392
393	memset(&info, 0, sizeof(info));
394
395	/*
396	* Read block of TLVs. All further data is derived
397	* from what is parsed here.
398	*/
399	tlvlist = aim_readtlvchain(bs);
400
401	/*
402	* No matter what, we should have a screen name.
403	*/
404	memset(sess->sn, 0, sizeof(sess->sn));
405	if (aim_gettlv(tlvlist, 0x0001, 1)) {
406	info.sn = aim_gettlv_str(tlvlist, 0x0001, 1);
407	strncpy(sess->sn, info.sn, sizeof(sess->sn));
408	}
409
410	/*
411	* Check for an error code. If so, we should also
412	* have an error url.
413	*/
414	if (aim_gettlv(tlvlist, 0x0008, 1))
415	info.errorcode = aim_gettlv16(tlvlist, 0x0008, 1);
416	if (aim_gettlv(tlvlist, 0x0004, 1))
417	info.errorurl = aim_gettlv_str(tlvlist, 0x0004, 1);
418
419	/*
420	* BOS server address.
421	*/
422	if (aim_gettlv(tlvlist, 0x0005, 1))
423	info.bosip = aim_gettlv_str(tlvlist, 0x0005, 1);
424
425	/*
426	* Authorization cookie.
427	*/
428	if (aim_gettlv(tlvlist, 0x0006, 1)) {
429	aim_tlv_t *tmptlv;
430
431	tmptlv = aim_gettlv(tlvlist, 0x0006, 1);
432
433	info.cookie = tmptlv->value;
434	}
435
436	/*
437	* The email address attached to this account
438	* Not available for ICQ logins.
439	*/
440	if (aim_gettlv(tlvlist, 0x0011, 1))
441	info.email = aim_gettlv_str(tlvlist, 0x0011, 1);
442
443	/*
444	* The registration status. (Not real sure what it means.)
445	* Not available for ICQ logins.
446	*
447	* 1 = No disclosure
448	* 2 = Limited disclosure
449	* 3 = Full disclosure
450	*
451	* This has to do with whether your email address is available
452	* to other users or not. AFAIK, this feature is no longer used.
453	*
454	*/
455	if (aim_gettlv(tlvlist, 0x0013, 1))
456	info.regstatus = aim_gettlv16(tlvlist, 0x0013, 1);
457
458	if (aim_gettlv(tlvlist, 0x0040, 1))
459	info.latestbeta.build = aim_gettlv32(tlvlist, 0x0040, 1);
460	if (aim_gettlv(tlvlist, 0x0041, 1))
461	info.latestbeta.url = aim_gettlv_str(tlvlist, 0x0041, 1);
462	if (aim_gettlv(tlvlist, 0x0042, 1))
463	info.latestbeta.info = aim_gettlv_str(tlvlist, 0x0042, 1);
464	if (aim_gettlv(tlvlist, 0x0043, 1))
465	info.latestbeta.name = aim_gettlv_str(tlvlist, 0x0043, 1);
466	if (aim_gettlv(tlvlist, 0x0048, 1))
467	; /* no idea what this is */
468
469	if (aim_gettlv(tlvlist, 0x0044, 1))
470	info.latestrelease.build = aim_gettlv32(tlvlist, 0x0044, 1);
471	if (aim_gettlv(tlvlist, 0x0045, 1))
472	info.latestrelease.url = aim_gettlv_str(tlvlist, 0x0045, 1);
473	if (aim_gettlv(tlvlist, 0x0046, 1))
474	info.latestrelease.info = aim_gettlv_str(tlvlist, 0x0046, 1);
475	if (aim_gettlv(tlvlist, 0x0047, 1))
476	info.latestrelease.name = aim_gettlv_str(tlvlist, 0x0047, 1);
477	if (aim_gettlv(tlvlist, 0x0049, 1))
478	; /* no idea what this is */
479
480	/*
481	* URL to change password.
482	*/
483	if (aim_gettlv(tlvlist, 0x0054, 1))
484	info.chpassurl = aim_gettlv_str(tlvlist, 0x0054, 1);
485
486	if ((userfunc = aim_callhandler(sess, rx->conn, snac ? snac->family : 0x0017, snac ? snac->subtype : 0x0003)))
487	ret = userfunc(sess, rx, &info);
488
489	free(info.sn);
490	free(info.bosip);
491	free(info.errorurl);
492	free(info.email);
493	free(info.chpassurl);
494	free(info.latestrelease.name);
495	free(info.latestrelease.url);
496	free(info.latestrelease.info);
497	free(info.latestbeta.name);
498	free(info.latestbeta.url);
499	free(info.latestbeta.info);
500
501	aim_freetlvchain(&tlvlist);
502
503	return ret;
504	}
505
506	/*
507	* Middle handler for 0017/0007 SNACs. Contains the auth key prefixed
508	* by only its length in a two byte word.
509	*
510	* Calls the client, which should then use the value to call aim_send_login.
511	*
512	*/
513	static int keyparse(aim_session_t sess, aim_module_t mod, aim_frame_t rx, aim_modsnac_t snac, aim_bstream_t *bs)
514	{
515	int keylen, ret = 1;
516	aim_rxcallback_t userfunc;
517	char *keystr;
518
519	keylen = aimbs_get16(bs);
520	keystr = aimbs_getstr(bs, keylen);
521
522	if ((userfunc = aim_callhandler(sess, rx->conn, snac->family, snac->subtype)))
523	ret = userfunc(sess, rx, keystr);
524
525	free(keystr);
526
527	return ret;
528	}
529
530	static int snachandler(aim_session_t sess, aim_module_t mod, aim_frame_t rx, aim_modsnac_t snac, aim_bstream_t *bs)
531	{
532
533	if (snac->subtype == 0x0003)
534	return parse(sess, mod, rx, snac, bs);
535	else if (snac->subtype == 0x0007)
536	return keyparse(sess, mod, rx, snac, bs);
537
538	return 0;
539	}
540
541	faim_internal int auth_modfirst(aim_session_t sess, aim_module_t mod)
542	{
543
544	mod->family = 0x0017;
545	mod->version = 0x0000;
546	mod->flags = 0;
547	strncpy(mod->name, "auth", sizeof(mod->name));
548	mod->snachandler = snachandler;
549
550	return 0;
551	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: