Context Navigation

-                      r5e53c4a
+                      r862371b
 LDFLAGS=@LDFLAGS@
 RANLIB=@RANLIB@
 OBJS=admin.o adverts.o auth.o bos.o buddylist.o \
      chat.o chatnav.o conn.o ft.o icq.o im.o \
      info.o invite.o md5.o meta.o misc.o msgcookie.o \
+OBJS=admin.o adverts.o auth.o bos.o buddylist.o bstream.o \
+     chat.o chatnav.o conn.o email.o ft.o icq.o im.o \
+     info.o invite.o md5.o meta.o misc.o msgcookie.o newsearch.o \
      popups.o rxhandlers.o rxqueue.o search.o service.o \
      snac.o ssi.o stats.o tlv.o translate.o txqueue.o \

libfaim/admin.c

-                      r5e53c4a
+                      r862371b
+/*
+ * Family 0x0007 - Account Administration.
+ *
+ * Used for stuff like changing the formating of your screen name, changing your
+ * email address, requesting an account confirmation email, getting account info,
+ *
+ */
 #define FAIM_INTERNAL
 #include <aim.h>
+/* called for both reply and change-reply */
+/*
+ * Subtype 0x0002 - Request a bit of account info.
+ *
+ * Info should be one of the following:
+ * 0x0001 - Screen name formatting
+ * 0x0011 - Email address
+ * 0x0013 - Unknown
+ *
+ */
+faim_export int aim_admin_getinfo(aim_session_t *sess, aim_conn_t *conn, fu16_t info)
+{
+        aim_frame_t *fr;
+        aim_snacid_t snacid;
+        if (!(fr = aim_tx_new(sess, conn, AIM_FRAMETYPE_FLAP, 0x02, 14)))
+                return -ENOMEM;
+        snacid = aim_cachesnac(sess, 0x0007, 0x0002, 0x0000, NULL, 0);
+        aim_putsnac(&fr->data, 0x0007, 0x0002, 0x0000, snacid);
+        aimbs_put16(&fr->data, info);
+        aimbs_put16(&fr->data, 0x0000);
+        aim_tx_enqueue(sess, fr);
+        return 0;
+}
+/*
+ * Subtypes 0x0003 and 0x0005 - Parse account info.
+ *
+ * Called in reply to both an information request (subtype 0x0002) and
+ * an information change (subtype 0x0004).
+ *
+ */
 static int infochange(aim_session_t *sess, aim_module_t *mod, aim_frame_t *rx, aim_modsnac_t *snac, aim_bstream_t *bs)
+{
+        /*
+         * struct {
+         *    unsigned short perms;
+         *    unsigned short tlvcount;
+         *    aim_tlv_t tlvs[tlvcount];
+         *  } admin_info[n];
+         */
+        while (aim_bstream_empty(bs)) {
+                fu16_t perms, tlvcount;
+                perms = aimbs_get16(bs);
+                tlvcount = aimbs_get16(bs);
+                while (tlvcount && aim_bstream_empty(bs)) {
+                        aim_rxcallback_t userfunc;
+                        fu16_t type, len;
+                        fu8_t *val;
+                        int str = 0;
+                        type = aimbs_get16(bs);
+                        len = aimbs_get16(bs);
+                        if ((type == 0x0011) || (type == 0x0004))
+                                str = 1;
+                        if (str)
+                                val = aimbs_getstr(bs, len);
+                        else
+                                val = aimbs_getraw(bs, len);
+                        /* XXX fix so its only called once for the entire packet */
+                        if ((userfunc = aim_callhandler(sess, rx->conn, snac->family, snac->subtype)))
+                                userfunc(sess, rx, (snac->subtype == 0x0005) ? 1 : 0, perms, type, len, val, str);
+                        free(val);
+                        tlvcount--;
+        aim_rxcallback_t userfunc;
+        char *url=NULL, *sn=NULL, *email=NULL;
+        fu16_t perms, tlvcount, err=0;
+        perms = aimbs_get16(bs);
+        tlvcount = aimbs_get16(bs);
+        while (tlvcount && aim_bstream_empty(bs)) {
+                fu16_t type, length;
+                type = aimbs_get16(bs);
+                length = aimbs_get16(bs);
+                switch (type) {
+                        case 0x0001: {
+                                sn = aimbs_getstr(bs, length);
+                        } break;
+                        case 0x0004: {
+                                url = aimbs_getstr(bs, length);
+                        } break;
+                        case 0x0008: {
+                                err = aimbs_get16(bs);
+                        } break;
+                        case 0x0011: {
+                                if (length == 0) {
+                                        email = (char*)malloc(13*sizeof(char));
+                                        strcpy(email, "*suppressed*");
+                                } else
+                                        email = aimbs_getstr(bs, length);
+                        } break;
+                }
+                tlvcount--;
+        }
+        if ((userfunc = aim_callhandler(sess, rx->conn, snac->family, snac->subtype)))
+                userfunc(sess, rx, (snac->subtype == 0x0005) ? 1 : 0, perms, err, url, sn, email);
+        if (sn) free(sn);
+        if (url) free(url);
+        if (email) free(email);
         return 1;
+}
+/*
+ * Subtype 0x0004 - Set screenname formatting.
+ *
+ */
+faim_export int aim_admin_setnick(aim_session_t *sess, aim_conn_t *conn, const char *newnick)
+{
+        aim_frame_t *fr;
+        aim_snacid_t snacid;
+        aim_tlvlist_t *tl = NULL;
+        if (!(fr = aim_tx_new(sess, conn, AIM_FRAMETYPE_FLAP, 0x02, 10+2+2+strlen(newnick))))
+                return -ENOMEM;
+        snacid = aim_cachesnac(sess, 0x0007, 0x0004, 0x0000, NULL, 0);
+        aim_putsnac(&fr->data, 0x0007, 0x0004, 0x0000, snacid);
+        aim_addtlvtochain_raw(&tl, 0x0001, strlen(newnick), newnick);
+        aim_writetlvchain(&fr->data, &tl);
+        aim_freetlvchain(&tl);
+        aim_tx_enqueue(sess, fr);
+        return 0;
+}
+/*
+ * Subtype 0x0004 - Change password.
+ *
+ */
+faim_export int aim_admin_changepasswd(aim_session_t *sess, aim_conn_t *conn, const char *newpw, const char *curpw)
+{
+        aim_frame_t *fr;
+        aim_tlvlist_t *tl = NULL;
+        aim_snacid_t snacid;
+        if (!(fr = aim_tx_new(sess, conn, AIM_FRAMETYPE_FLAP, 0x02, 10+4+strlen(curpw)+4+strlen(newpw))))
+                return -ENOMEM;
+        snacid = aim_cachesnac(sess, 0x0007, 0x0004, 0x0000, NULL, 0);
+        aim_putsnac(&fr->data, 0x0007, 0x0004, 0x0000, snacid);
+        /* new password TLV t(0002) */
+        aim_addtlvtochain_raw(&tl, 0x0002, strlen(newpw), newpw);
+        /* current password TLV t(0012) */
+        aim_addtlvtochain_raw(&tl, 0x0012, strlen(curpw), curpw);
+        aim_writetlvchain(&fr->data, &tl);
+        aim_freetlvchain(&tl);
+        aim_tx_enqueue(sess, fr);
+        return 0;
+}
+/*
+ * Subtype 0x0004 - Change email address.
+ *
+ */
+faim_export int aim_admin_setemail(aim_session_t *sess, aim_conn_t *conn, const char *newemail)
+{
+        aim_frame_t *fr;
+        aim_snacid_t snacid;
+        aim_tlvlist_t *tl = NULL;
+        if (!(fr = aim_tx_new(sess, conn, AIM_FRAMETYPE_FLAP, 0x02, 10+2+2+strlen(newemail))))
+                return -ENOMEM;
+        snacid = aim_cachesnac(sess, 0x0007, 0x0004, 0x0000, NULL, 0);
+        aim_putsnac(&fr->data, 0x0007, 0x0004, 0x0000, snacid);
+        aim_addtlvtochain_raw(&tl, 0x0011, strlen(newemail), newemail);
+        aim_writetlvchain(&fr->data, &tl);
+        aim_freetlvchain(&tl);
+        aim_tx_enqueue(sess, fr);
+        return 0;
+}
+/*
+ * Subtype 0x0006 - Request account confirmation.
+ *
+ * This will cause an email to be sent to the address associated with
+ * the account.  By following the instructions in the mail, you can
+ * get the TRIAL flag removed from your account.
+ *
+ */
+faim_export int aim_admin_reqconfirm(aim_session_t *sess, aim_conn_t *conn)
+{
+        return aim_genericreq_n(sess, conn, 0x0007, 0x0006);
+}
+/*
+ * Subtype 0x0007 - Account confirmation request acknowledgement.
+ *
+ */
 static int accountconfirm(aim_session_t *sess, aim_module_t *mod, aim_frame_t *rx, aim_modsnac_t *snac, aim_bstream_t *bs)
+{
         aim_rxcallback_t userfunc;
         fu16_t status;
+        aim_tlvlist_t *tl;
         status = aimbs_get16(bs);
+        /* This is 0x0013 if unable to confirm at this time */
+        tl = aim_readtlvchain(bs);
         if ((userfunc = aim_callhandler(sess, rx->conn, snac->family, snac->subtype)))
 …
         return 0;
+}
-faim_export int aim_admin_changepasswd(aim_session_t *sess, aim_conn_t *conn, const char *newpw, const char *curpw)
+{
-        aim_frame_t *tx;
-        aim_tlvlist_t *tl = NULL;
-        aim_snacid_t snacid;
-        if (!(tx = aim_tx_new(sess, conn, AIM_FRAMETYPE_FLAP, 0x02, 10+4+strlen(curpw)+4+strlen(newpw))))
-                return -ENOMEM;
-        snacid = aim_cachesnac(sess, 0x0007, 0x0004, 0x0000, NULL, 0);
-        aim_putsnac(&tx->data, 0x0007, 0x0004, 0x0000, snacid);
-        /* new password TLV t(0002) */
-        aim_addtlvtochain_raw(&tl, 0x0002, strlen(newpw), newpw);
-        /* current password TLV t(0012) */
-        aim_addtlvtochain_raw(&tl, 0x0012, strlen(curpw), curpw);
-        aim_writetlvchain(&tx->data, &tl);
-        aim_freetlvchain(&tl);
-        aim_tx_enqueue(sess, tx);
-        return 0;
+}
-/*
- * Request account confirmation.
+ *
- * This will cause an email to be sent to the address associated with
- * the account.  By following the instructions in the mail, you can
- * get the TRIAL flag removed from your account.
+ *
- */
-faim_export int aim_admin_reqconfirm(aim_session_t *sess, aim_conn_t *conn)
+{
-        return aim_genericreq_n(sess, conn, 0x0007, 0x0006);
+}
-/*
- * Request a bit of account info.
+ *
- * The only known valid tag is 0x0011 (email address).
+ *
- */
-faim_export int aim_admin_getinfo(aim_session_t *sess, aim_conn_t *conn, fu16_t info)
+{
-        aim_frame_t *tx;
-        aim_snacid_t snacid;
-        if (!(tx = aim_tx_new(sess, conn, AIM_FRAMETYPE_FLAP, 0x02, 14)))
-                return -ENOMEM;
-        snacid = aim_cachesnac(sess, 0x0002, 0x0002, 0x0000, NULL, 0);
-        aim_putsnac(&tx->data, 0x0007, 0x0002, 0x0000, snacid);
-        aimbs_put16(&tx->data, info);
-        aimbs_put16(&tx->data, 0x0000);
-        aim_tx_enqueue(sess, tx);
-        return 0;
+}
-faim_export int aim_admin_setemail(aim_session_t *sess, aim_conn_t *conn, const char *newemail)
+{
-        aim_frame_t *tx;
-        aim_snacid_t snacid;
-        aim_tlvlist_t *tl = NULL;
-        if (!(tx = aim_tx_new(sess, conn, AIM_FRAMETYPE_FLAP, 0x02, 10+2+2+strlen(newemail))))
-                return -ENOMEM;
-        snacid = aim_cachesnac(sess, 0x0007, 0x0004, 0x0000, NULL, 0);
-        aim_putsnac(&tx->data, 0x0007, 0x0004, 0x0000, snacid);
-        aim_addtlvtochain_raw(&tl, 0x0011, strlen(newemail), newemail);
-        aim_writetlvchain(&tx->data, &tl);
-        aim_freetlvchain(&tl);
-        aim_tx_enqueue(sess, tx);
-        return 0;
+}
-faim_export int aim_admin_setnick(aim_session_t *sess, aim_conn_t *conn, const char *newnick)
+{
-        aim_frame_t *tx;
-        aim_snacid_t snacid;
-        aim_tlvlist_t *tl = NULL;
-        if (!(tx = aim_tx_new(sess, conn, AIM_FRAMETYPE_FLAP, 0x02, 10+2+2+strlen(newnick))))
-                return -ENOMEM;
-        snacid = aim_cachesnac(sess, 0x0007, 0x0004, 0x0000, NULL, 0);
-        aim_putsnac(&tx->data, 0x0007, 0x0004, 0x0000, snacid);
-        aim_addtlvtochain_raw(&tl, 0x0001, strlen(newnick), newnick);
-        aim_writetlvchain(&tx->data, &tl);
-        aim_freetlvchain(&tl);
-        aim_tx_enqueue(sess, tx);
-        return 0;
+}

libfaim/adverts.c

r5e53c4a	r862371b
1	1	/*
2		*
	2	* Family 0x0005 - Advertisements.
3	3	*
4	4	*/
…	…
30	30	return 0;
31	31	}
32
33

libfaim/aim.h

-                      r5e53c4a
+                      r862371b
 #define FAIM_VERSION_MAJOR 0
 #define FAIM_VERSION_MINOR 99
 #define FAIM_VERSION_MINORMINOR 4
+#define FAIM_VERSION_MINORMINOR 1
 #include <faimconfig.h>
 …
 #include <time.h>
+#ifdef _WIN32
+#include <windows.h>
+#include <io.h>
+#else
+#ifndef _WIN32
 #include <sys/time.h>
 #include <unistd.h>
 #include <netinet/in.h>
 #include <sys/socket.h>
+#else
+#include <winsock.h>
 #endif
 …
 typedef fu32_t aim_snacid_t;
 typedef fu16_t flap_seqnum_t;
-/* Portability stuff (DMP) */
-#ifdef _WIN32
-#define sleep(x) Sleep((x)*1000)
-#define snprintf _snprintf /* I'm not sure whats wrong with Microsoft here */
-#define close(x) closesocket(x) /* no comment */
-#endif
 #if defined(mach) && defined(__APPLE__)
 …
 };
 #define AIM_CLIENTINFO_KNOWNGOOD_3_5_1670 { \
+#define CLIENTINFO_AIM_3_5_1670 { \
         "AOL Instant Messenger (SM), version 3.5.1670/WIN32", \
 x0004, \
 …
+}
 #define AIM_CLIENTINFO_KNOWNGOOD_4_1_2010 { \
+#define CLIENTINFO_AIM_4_1_2010 { \
           "AOL Instant Messenger (SM), version 4.1.2010/WIN32", \
 x0004, \
 …
+}
+#define CLIENTINFO_AIM_5_0_2938 { \
+          "AOL Instant Messenger, version 5.0.2938/WIN32", \
+x0109, \
+x0005, \
+x0000, \
+x0000, \
+x0b7a, \
+          "us", \
+          "en", \
+}
+#define CLIENTINFO_ICQ_4_65_3281 { \
+        "ICQ Inc. - Product of ICQ (TM) 2000b.4.65.1.3281.85", \
+x010a, \
+x0004, \
+x0041, \
+x0001, \
+x0cd1, \
+        "us", \
+        "en", \
+}
+#define CLIENTINFO_ICQ_5_34_3728 { \
+        "ICQ Inc. - Product of ICQ (TM).2002a.5.34.1.3728.85", \
+x010a, \
+x0005, \
+x0022, \
+x0001, \
+x0e8f, \
+        "us", \
+        "en", \
+}
 /*
  * I would make 4.1.2010 the default, but they seem to have found
 …
+ *
  * 3.5.1670 should work fine, however, you will be subjected to the
  * memory test, which may require you to have a WinAIM binary laying
+ * memory test, which may require you to have a WinAIM binary lying
  * around. (see login.c::memrequest())
  */
+#define AIM_CLIENTINFO_KNOWNGOOD AIM_CLIENTINFO_KNOWNGOOD_3_5_1670
+#define CLIENTINFO_AIM_KNOWNGOOD CLIENTINFO_AIM_3_5_1670
+#define CLIENTINFO_ICQ_KNOWNGOOD CLIENTINFO_ICQ_4_65_3281
 #ifndef TRUE
 …
 #define AIM_CONN_TYPE_CHAT          0x000e
 #define AIM_CONN_TYPE_CHATNAV       0x000d
+#define AIM_CONN_TYPE_SEARCH        0x000f
+#define AIM_CONN_TYPE_EMAIL         0x0018
 /* they start getting arbitrary in rendezvous stuff =) */
 …
 typedef struct aim_bstream_s {
         fu8_t *data;
         fu16_t len;
         fu16_t offset;
+        fu32_t len;
+        fu32_t offset;
 } aim_bstream_t;
 …
                 } flap;
                 struct {
+                        fu8_t magic[4]; /* ODC2 OFT2 */
+                        fu16_t hdrlen;
                         fu16_t type;
+                        fu8_t magic[4]; /* ODC2 OFT2 */
+                        fu16_t hdr2len;
+                        fu8_t *hdr2; /* rest of bloated header */
+                } oft;
+                } rend;
         } hdr;
         aim_bstream_t data;     /* payload stream */
 …
         /* ---- Internal Use Only ------------------------ */
+        /* Server-stored information (ssi) */
+        struct {
+                int received_data;
+                fu16_t revision;
+                struct aim_ssi_item *items;
+                time_t timestamp;
+                int waiting_for_ack;
+                aim_frame_t *holding_queue;
+        } ssi;
+        struct aim_emailinfo *emailinfo;
         /* Connection information */
 …
         fu32_t membersince; /* time_t */
         fu32_t onlinesince; /* time_t */
         fu32_t sessionlen; /* in seconds */
+        fu32_t sessionlen;  /* in seconds */
         fu32_t capabilities;
         struct {
 …
 /* TLV list handling. */
 faim_internal aim_tlvlist_t *aim_readtlvchain(aim_bstream_t *bs);
+faim_internal aim_tlvlist_t *aim_readtlvchain_num(aim_bstream_t *bs, fu16_t num);
 faim_internal void aim_freetlvchain(aim_tlvlist_t **list);
 faim_internal aim_tlv_t *aim_gettlv(aim_tlvlist_t *, fu16_t t, const int n);
 …
         char *bosip;
         fu8_t *cookie;
+        char *chpassurl;
         struct aim_clientrelease latestrelease;
         struct aim_clientrelease latestbeta;
 …
 faim_export aim_conn_t *aim_getconn_fd(aim_session_t *, int fd);
 /* aim_misc.c */
+/* misc.c */
 #define AIM_VISIBILITYCHANGE_PERMITADD    0x05
 …
 faim_export int aim_ads_requestads(aim_session_t *sess, aim_conn_t *conn);
 /* aim_im.c */
+/* im.c */
 struct aim_fileheader_t {
 …
 };
+struct aim_filetransfer_priv {
+        char sn[MAXSNLEN];
+        char cookie[8];
+        char ip[30];
+        int state;
+        struct aim_fileheader_t fh;
+};
+#define AIM_OFT_SUBTYPE_SEND_FILE 0x0001
+#define AIM_OFT_SUBTYPE_SEND_DIR 0x0002
+#define AIM_OFT_SUBTYPE_GET_FILE 0x0011
+#define AIM_OPT_SUBTYPE_GET_LIST 0x0012
 struct aim_chat_roominfo {
 …
 #define AIM_IMFLAGS_MULTIPART           0x0400 /* ->mpmsg section valid */
 #define AIM_IMFLAGS_OFFLINE             0x0800 /* send to offline user */
+#define AIM_IMFLAGS_TYPINGNOT           0x1000 /* typing notification */
 /*
 …
                         const char *rtfmsg;
                 } rtfmsg;
+                struct {
+                        fu16_t subtype;
+                        fu16_t totfiles;
+                        fu32_t totsize;
+                        char *filename;
+                } sendfile;
         } info;
         void *destructor; /* used internally only */
+};
+/* Valid values for channel 4 args->type */
+#define AIM_ICQMSG_AUTHREQUEST 0x0006
+#define AIM_ICQMSG_AUTHDENIED 0x0007
+#define AIM_ICQMSG_AUTHGRANTED 0x0008
+struct aim_incomingim_ch4_args {
+        fu32_t uin; /* Of the sender of the ICBM */
+        fu16_t type;
+        char *msg; /* Reason for auth request, deny, or accept */
 };
 …
 faim_export int aim_send_icon(aim_session_t *sess, const char *sn, const fu8_t *icon, int iconlen, time_t stamp, fu16_t iconsum);
 faim_export fu16_t aim_iconsum(const fu8_t *buf, int buflen);
+faim_export int aim_send_im_direct(aim_session_t *, aim_conn_t *, const char *msg);
+faim_export int aim_send_typing(aim_session_t *sess, aim_conn_t *conn, int typing);
+faim_export int aim_send_im_direct(aim_session_t *, aim_conn_t *, const char *msg, int len, int encoding);
 faim_export const char *aim_directim_getsn(aim_conn_t *conn);
 faim_export aim_conn_t *aim_directim_initiate(aim_session_t *, const char *destsn);
 faim_export aim_conn_t *aim_directim_connect(aim_session_t *, const char *sn, const char *addr, const fu8_t *cookie);
+faim_export aim_conn_t *aim_sendfile_initiate(aim_session_t *, const char *destsn, const char *filename, fu16_t numfiles, fu32_t totsize);
+faim_export int aim_send_im_ch2_geticqmessage(aim_session_t *sess, const char *sn, int type);
+faim_export aim_conn_t *aim_sendfile_initiate(aim_session_t *, const char *destsn, const char *filename, fu16_t numfiles, fu32_t totsize, char *cookret);
+faim_export int aim_send_im_ch4(aim_session_t *sess, char *sn, fu16_t type, fu8_t *message);
+faim_export int aim_mtn_send(aim_session_t *sess, fu16_t type1, char *sn, fu16_t type2);
 faim_export aim_conn_t *aim_getfile_initiate(aim_session_t *sess, aim_conn_t *conn, const char *destsn);
 faim_export int aim_oft_getfile_request(aim_session_t *sess, aim_conn_t *conn, const char *name, int size);
+faim_export int aim_oft_sendfile_request(aim_session_t *sess, aim_conn_t *conn,
+                const char *name, int filesdone, int numfiles, int size,
+                int totsize);
 faim_export int aim_oft_getfile_ack(aim_session_t *sess, aim_conn_t *conn);
 faim_export int aim_oft_getfile_end(aim_session_t *sess, aim_conn_t *conn);
 /* aim_info.c */
+faim_export int aim_oft_end(aim_session_t *sess, aim_conn_t *conn);
+/* info.c */
 #define AIM_CAPS_BUDDYICON      0x00000001
 #define AIM_CAPS_VOICE          0x00000002
 …
 #define AIM_TRANSFER_DENY_NOTACCEPTING 0x0002
 faim_export int aim_denytransfer(aim_session_t *sess, const char *sender, const char *cookie, unsigned short code);
+faim_export aim_conn_t *aim_accepttransfer(aim_session_t *sess, aim_conn_t *conn, const char *sn, const fu8_t *cookie, const fu8_t *ip, fu16_t listingfiles, fu16_t listingtotsize, fu16_t listingsize, fu32_t listingchecksum, fu16_t rendid);
+faim_export aim_conn_t *aim_accepttransfer(aim_session_t *sess, aim_conn_t *conn, const char *sn, const fu8_t *cookie, const fu8_t *ip, fu16_t port, fu16_t rendid, ...);
+faim_export int aim_canceltransfer(aim_session_t *sess, aim_conn_t *conn,
+                                const char *cookie, const char *sn, int rendid);
+faim_export fu32_t aim_update_checksum(aim_session_t *sess, aim_conn_t *conn,
+                                const unsigned char *buffer, int bufferlen);
 faim_export int aim_getinfo(aim_session_t *, aim_conn_t *, const char *, unsigned short);
 …
 struct aim_icbmparameters {
         unsigned short maxchan;
         unsigned long flags; /* AIM_IMPARAM_FLAG_ */
         unsigned short maxmsglen; /* message size that you will accept */
         unsigned short maxsenderwarn; /* this and below are *10 (999=99.9%) */
         unsigned short maxrecverwarn;
         unsigned long minmsginterval; /* in milliseconds? */
+        fu16_t maxchan;
+        fu32_t flags; /* AIM_IMPARAM_FLAG_ */
+        fu16_t maxmsglen; /* message size that you will accept */
+        fu16_t maxsenderwarn; /* this and below are *10 (999=99.9%) */
+        fu16_t maxrecverwarn;
+        fu32_t minmsginterval; /* in milliseconds? */
 };
 …
 faim_export int aim_admin_setnick(aim_session_t *sess, aim_conn_t *conn, const char *newnick);
 /* aim_buddylist.c */
+/* buddylist.c */
 faim_export int aim_add_buddy(aim_session_t *, aim_conn_t *, const char *);
 faim_export int aim_remove_buddy(aim_session_t *, aim_conn_t *, const char *);
 /* aim_search.c */
+/* search.c */
 faim_export int aim_usersearch_address(aim_session_t *, aim_conn_t *, const char *);
+/* newsearch.c */
+struct aim_usersearch {
+        char *first;
+        char *last;
+        char *middle;
+        char *maiden;
+        char *email;
+        char *country;
+        char *state;
+        char *city;
+        char *sn;
+        char *interest;
+        char *nick;
+        char *zip;
+        char *region;
+        char *address;
+        struct aim_usersearch *next;
+};
+faim_export int aim_usersearch_email(aim_session_t *, const char *, const char *);
+faim_export int aim_usersearch_name(aim_session_t *, const char *, const char *, const char *, const char *, const char *, const char *, const char *, const char *, const char *, const char *, const char *);
+faim_export int aim_usersearch_interest(aim_session_t *, const char *, const char *);
 /* These apply to exchanges as well. */
 …
 #define AIM_SSI_TYPE_BUDDY         0x0000
 #define AIM_SSI_TYPE_GROUP         0x0001
 #define AIM_SSI_TYPE_PERMITLIST    0x0002
 #define AIM_SSI_TYPE_DENYLIST      0x0003
+#define AIM_SSI_TYPE_PERMIT        0x0002
+#define AIM_SSI_TYPE_DENY          0x0003
 #define AIM_SSI_TYPE_PDINFO        0x0004
 #define AIM_SSI_TYPE_PRESENCEPREFS 0x0005
 …
 };
+/* These build the actual SNACs and queue them to be sent */
 faim_export int aim_ssi_reqrights(aim_session_t *sess, aim_conn_t *conn);
 faim_export int aim_ssi_reqdata(aim_session_t *sess, aim_conn_t *conn, time_t localstamp, fu16_t localrev);
 faim_export int aim_ssi_enable(aim_session_t *sess, aim_conn_t *conn);
+faim_export int aim_ssi_addmoddel(aim_session_t *sess, aim_conn_t *conn, struct aim_ssi_item **items, unsigned int num, fu16_t subtype);
 faim_export int aim_ssi_modbegin(aim_session_t *sess, aim_conn_t *conn);
 faim_export int aim_ssi_modend(aim_session_t *sess, aim_conn_t *conn);
+/* These handle the local variables */
+faim_export struct aim_ssi_item *aim_ssi_itemlist_find(struct aim_ssi_item *list, fu16_t gid, fu16_t bid);
+faim_export struct aim_ssi_item *aim_ssi_itemlist_finditem(struct aim_ssi_item *list, const char *gn, const char *sn, fu16_t type);
+faim_export struct aim_ssi_item *aim_ssi_itemlist_findparent(struct aim_ssi_item *list, char *sn);
+faim_export int aim_ssi_getpermdeny(struct aim_ssi_item *list);
+faim_export fu32_t aim_ssi_getpresence(struct aim_ssi_item *list);
+faim_export int aim_ssi_cleanlist(aim_session_t *sess, aim_conn_t *conn);
+faim_export int aim_ssi_addbuddies(aim_session_t *sess, aim_conn_t *conn, const char *gn, const char **sn, unsigned int num);
+faim_export int aim_ssi_addmastergroup(aim_session_t *sess, aim_conn_t *conn);
+faim_export int aim_ssi_addgroups(aim_session_t *sess, aim_conn_t *conn, const char **gn, unsigned int num);
+faim_export int aim_ssi_addpord(aim_session_t *sess, aim_conn_t *conn, const char **sn, unsigned int num, fu16_t type);
+faim_export int aim_ssi_movebuddy(aim_session_t *sess, aim_conn_t *conn, const char *oldgn, const char *newgn, const char *sn);
+faim_export int aim_ssi_rename_group(aim_session_t *sess, aim_conn_t *conn, const char *oldgn, const char *newgn);
+faim_export int aim_ssi_delbuddies(aim_session_t *sess, aim_conn_t *conn, const char *gn, char **sn, unsigned int num);
+faim_export int aim_ssi_delmastergroup(aim_session_t *sess, aim_conn_t *conn);
+faim_export int aim_ssi_delgroups(aim_session_t *sess, aim_conn_t *conn, char **gn, unsigned int num);
+faim_export int aim_ssi_deletelist(aim_session_t *sess, aim_conn_t *conn);
+faim_export int aim_ssi_delpord(aim_session_t *sess, aim_conn_t *conn, const char **sn, unsigned int num, fu16_t type);
+faim_export int aim_ssi_setpermdeny(aim_session_t *sess, aim_conn_t *conn, fu8_t permdeny, fu32_t vismask);
+faim_export int aim_ssi_setpresence(aim_session_t *sess, aim_conn_t *conn, fu32_t presence);
 struct aim_icq_offlinemsg {
 …
 faim_export int aim_icq_getsimpleinfo(aim_session_t *sess, const char *uin);
+/* aim_util.c */
+/* email.c */
+struct aim_emailinfo {
+        fu8_t *cookie16;
+        fu8_t *cookie8;
+        char *url;
+        fu16_t nummsgs;
+        fu8_t unread;
+        char *domain;
+        fu16_t flag;
+        struct aim_emailinfo *next;
+};
+faim_export int aim_email_sendcookies(aim_session_t *sess, aim_conn_t *conn);
+faim_export int aim_email_activate(aim_session_t *sess, aim_conn_t *conn);
+/* util.c */
 /*
  * These are really ugly.  You'd think this was LISP.  I wish it was.
 …
 faim_export char *aim_strsep(char **pp, const char *delim);
 /* aim_meta.c */
+/* meta.c */
 faim_export char *aim_getbuilddate(void);
 faim_export char *aim_getbuildtime(void);

libfaim/aim_cbtypes.h

-                      r5e53c4a
+                      r862371b
 #define AIM_CB_FAM_CTN 0x000d /* ChatNav */
 #define AIM_CB_FAM_CHT 0x000e /* Chat */
+#define AIM_CB_FAM_SCH 0x000f /* "New" search */
+#define AIM_CB_FAM_SSI 0x0013 /* Server stored information */
 #define AIM_CB_FAM_ICQ 0x0015
 #define AIM_CB_FAM_ATH 0x0017
+#define AIM_CB_FAM_EML 0x0018
 #define AIM_CB_FAM_OFT 0xfffe /* OFT/Rvous */
 #define AIM_CB_FAM_SPECIAL 0xffff /* Internal libfaim use */
 …
 #define AIM_CB_MSG_EVIL 0x0009
 #define AIM_CB_MSG_MISSEDCALL 0x000a
 #define AIM_CB_MSG_CLIENTERROR 0x000b
+#define AIM_CB_MSG_CLIENTAUTORESP 0x000b
 #define AIM_CB_MSG_ACK 0x000c
+#define AIM_CB_MSG_MTN 0x0014
 #define AIM_CB_MSG_DEFAULT 0xffff
 …
 /*
+ * SNAC Family: "New" Search
+ *
+ * Most of these are actually special.
+ */
+#define AIM_CB_SCH_ERROR 0x0001
+#define AIM_CB_SCH_SEARCH 0x0002
+#define AIM_CB_SCH_RESULTS 0x0003
+/*
  * SNAC Family: ICQ
+ *
 …
 /*
+ * SNAC Family: Server-Stored Buddy Lists
+ */
+#define AIM_CB_SSI_ERROR 0x0001
+#define AIM_CB_SSI_REQRIGHTS 0x0002
+#define AIM_CB_SSI_RIGHTSINFO 0x0003
+#define AIM_CB_SSI_REQLIST 0x0005
+#define AIM_CB_SSI_LIST 0x0006
+#define AIM_CB_SSI_ACTIVATE 0x0007
+#define AIM_CB_SSI_ADD 0x0008
+#define AIM_CB_SSI_MOD 0x0009
+#define AIM_CB_SSI_DEL 0x000A
+#define AIM_CB_SSI_SRVACK 0x000E
+#define AIM_CB_SSI_NOLIST 0x000F
+#define AIM_CB_SSI_EDITSTART 0x0011
+#define AIM_CB_SSI_EDITSTOP 0x0012
+/*
  * SNAC Family: Authorizer
+ *
 …
 /*
+ * SNAC Family: Email
+ *
+ * Used for getting information on the email address
+ * associated with your screen name.
+ *
+ */
+#define AIM_CB_EML_ERROR 0x0001
+#define AIM_CB_EML_SENDCOOKIES 0x0006
+#define AIM_CB_EML_MAILSTATUS 0x0007
+#define AIM_CB_EML_INIT 0x0016
+/*
  * OFT Services
+ *
 …
 #define AIM_CB_OFT_DIRECTIMINITIATE 0x0005
+/* had been removed, put back by kretch */
 #define AIM_CB_OFT_GETFILECONNECTREQ 0x0006 /* connect request -- actually an OSCAR CAP*/
 #define AIM_CB_OFT_GETFILELISTINGREQ 0x0007 /* OFT listing.txt request */
 …
 #define AIM_CB_OFT_GETFILESTATE4 0x0010
+#define AIM_CB_OFT_SENDFILEDISCONNECT 0x0020   /* OFT connection disconnected.*/
+#define AIM_CB_OFT_SENDFILEFILEREQ 0x0011 /* started receiving file */
+#define AIM_CB_OFT_SENDFILEFILESEND 0x0012 /* buddy ready to for us to send */
+#define AIM_CB_OFT_SENDFILECOMPLETE 0x0013 /* send to buddy complete */
+#define AIM_CB_OFT_SENDFILEINITIATE 0x0014 /* connection to buddy initiated */
 …
 #define AIM_CB_SPECIAL_FLAPVER 0x0005
 #define AIM_CB_SPECIAL_CONNINITDONE 0x0006
+#define AIM_CB_SPECIAL_IMAGETRANSFER 0x007
+#define AIM_CB_SPECIAL_MSGTIMEOUT 0x008
 #define AIM_CB_SPECIAL_UNKNOWN 0xffff
 #define AIM_CB_SPECIAL_DEFAULT AIM_CB_SPECIAL_UNKNOWN
+/* SNAC flags */
+#define AIM_SNACFLAGS_DESTRUCTOR 0x0001
 #endif/*__AIM_CBTYPES_H__ */

libfaim/aim_internal.h

-                      r5e53c4a
+                      r862371b
         char name[AIM_MODULENAME_MAXLEN+1];
         int (*snachandler)(aim_session_t *sess, struct aim_module_s *mod, aim_frame_t *rx, aim_modsnac_t *snac, aim_bstream_t *bs);
+        int (*snacdestructor)(aim_session_t *sess, aim_conn_t *conn, aim_modsnac_t *snac, void *data);
         void (*shutdown)(aim_session_t *sess, struct aim_module_s *mod);
         void *priv;
 …
 faim_internal int adverts_modfirst(aim_session_t *sess, aim_module_t *mod);
 faim_internal int icq_modfirst(aim_session_t *sess, aim_module_t *mod);
+faim_internal int email_modfirst(aim_session_t *sess, aim_module_t *mod);
+faim_internal int newsearch_modfirst(aim_session_t *sess, aim_module_t *mod);
 faim_internal int aim_genericreq_n(aim_session_t *, aim_conn_t *conn, fu16_t family, fu16_t subtype);
 …
 #define AIMBS_CURPOSPAIR(x) ((x)->data + (x)->offset), ((x)->len - (x)->offset)
+faim_internal void aim_rxqueue_cleanbyconn(aim_session_t *sess, aim_conn_t *conn);
+faim_internal int aim_recv(int fd, void *buf, size_t count);
+faim_internal int aim_bstream_recv(aim_bstream_t *bs, int fd, size_t count);
+/* bstream.c */
 faim_internal int aim_bstream_init(aim_bstream_t *bs, fu8_t *data, int len);
 faim_internal int aim_bstream_empty(aim_bstream_t *bs);
 …
 faim_internal int aimbs_putbs(aim_bstream_t *bs, aim_bstream_t *srcbs, int len);
+faim_internal int aim_get_command_rendezvous(aim_session_t *sess, aim_conn_t *conn);
+faim_internal int aim_tx_sendframe(aim_session_t *sess, aim_frame_t *cur);
+faim_internal flap_seqnum_t aim_get_next_txseqnum(aim_conn_t *);
+faim_internal aim_frame_t *aim_tx_new(aim_session_t *sess, aim_conn_t *conn, fu8_t framing, fu8_t chan, int datalen);
+faim_internal void aim_frame_destroy(aim_frame_t *);
+faim_internal int aim_tx_enqueue(aim_session_t *, aim_frame_t *);
+faim_internal int aim_tx_printqueue(aim_session_t *);
+faim_internal void aim_tx_cleanqueue(aim_session_t *, aim_conn_t *);
+/* conn.c */
+faim_internal aim_conn_t *aim_cloneconn(aim_session_t *sess, aim_conn_t *src);
+/* ft.c */
+faim_internal int aim_rxdispatch_rendezvous(aim_session_t *sess, aim_frame_t *fr);
+/* rxhandlers.c */
 faim_internal aim_rxcallback_t aim_callhandler(aim_session_t *sess, aim_conn_t *conn, u_short family, u_short type);
 faim_internal int aim_callhandler_noparam(aim_session_t *sess, aim_conn_t *conn, fu16_t family, fu16_t type, aim_frame_t *ptr);
+faim_internal int aim_parse_unknown(aim_session_t *, aim_frame_t *, ...);
+faim_internal void aim_clonehandlers(aim_session_t *sess, aim_conn_t *dest, aim_conn_t *src);
+/* rxqueue.c */
+faim_internal int aim_recv(int fd, void *buf, size_t count);
+faim_internal int aim_bstream_recv(aim_bstream_t *bs, int fd, size_t count);
+faim_internal void aim_rxqueue_cleanbyconn(aim_session_t *sess, aim_conn_t *conn);
+faim_internal void aim_frame_destroy(aim_frame_t *);
+/* txqueue.c */
+faim_internal aim_frame_t *aim_tx_new(aim_session_t *sess, aim_conn_t *conn, fu8_t framing, fu16_t chan, int datalen);
+faim_internal int aim_tx_enqueue(aim_session_t *, aim_frame_t *);
+faim_internal flap_seqnum_t aim_get_next_txseqnum(aim_conn_t *);
+faim_internal int aim_tx_sendframe(aim_session_t *sess, aim_frame_t *cur);
+faim_internal void aim_tx_cleanqueue(aim_session_t *, aim_conn_t *);
+/* XXX - What is this?   faim_internal int aim_tx_printqueue(aim_session_t *); */
 /*
 …
 } aim_snac_t;
+struct aim_snac_destructor {
+        aim_conn_t *conn;
+        void *data;
+};
+/* snac.c */
 faim_internal void aim_initsnachash(aim_session_t *sess);
 faim_internal aim_snacid_t aim_newsnac(aim_session_t *, aim_snac_t *newsnac);
 …
 faim_internal void aim_cleansnacs(aim_session_t *, int maxage);
 faim_internal int aim_putsnac(aim_bstream_t *, fu16_t family, fu16_t type, fu16_t flags, aim_snacid_t id);
-faim_internal aim_conn_t *aim_cloneconn(aim_session_t *sess, aim_conn_t *src);
-faim_internal void aim_clonehandlers(aim_session_t *sess, aim_conn_t *dest, aim_conn_t *src);
-faim_internal int aim_oft_buildheader(unsigned char *,struct aim_fileheader_t *);
-faim_internal int aim_parse_unknown(aim_session_t *, aim_frame_t *, ...);
 /* Stored in ->priv of the service request SNAC for chats. */

libfaim/auth.c

-                      r5e53c4a
+                      r862371b
 /*
+ * Deals with the authorizer (group 0x0017=23, and old-style non-SNAC login).
+ * Family 0x0017 - Authentication.
+ *
+ * Deals with the authorizer for SNAC-based login, and also old-style
+ * non-SNAC login.
+ *
  */
 …
 /*
+ * Part two of the ICQ hack.  Note the ignoring of the key and clientinfo.
+ */
+static int goddamnicq2(aim_session_t *sess, aim_conn_t *conn, const char *sn, const char *password)
+{
+        static const char clientstr[] = {"ICQ Inc. - Product of ICQ (TM) 2000b.4.65.1.3281.85"};
+        static const char lang[] = {"en"};
+        static const char country[] = {"us"};
+ * Part two of the ICQ hack.  Note the ignoring of the key.
+ */
+static int goddamnicq2(aim_session_t *sess, aim_conn_t *conn, const char *sn, const char *password, struct client_info_s *ci)
+{
         aim_frame_t *fr;
         aim_tlvlist_t *tl = NULL;
 …
         aim_encode_password(password, password_encoded);
         aimbs_put32(&fr->data, 0x00000001);
+        aimbs_put32(&fr->data, 0x00000001); /* FLAP Version */
         aim_addtlvtochain_raw(&tl, 0x0001, strlen(sn), sn);
         aim_addtlvtochain_raw(&tl, 0x0002, strlen(password), password_encoded);
+        aim_addtlvtochain_raw(&tl, 0x0003, strlen(clientstr), clientstr);
+        aim_addtlvtochain16(&tl, 0x0016, 0x010a); /* cliend ID */
+        aim_addtlvtochain16(&tl, 0x0017, 0x0004); /* major version */
+        aim_addtlvtochain16(&tl, 0x0018, 0x0041); /* minor version */
+        aim_addtlvtochain16(&tl, 0x0019, 0x0001); /* point version */
+        aim_addtlvtochain16(&tl, 0x001a, 0x0cd1); /* build */
+        if (ci->clientstring)
+                aim_addtlvtochain_raw(&tl, 0x0003, strlen(ci->clientstring), ci->clientstring);
+        aim_addtlvtochain16(&tl, 0x0016, (fu16_t)ci->clientid);
+        aim_addtlvtochain16(&tl, 0x0017, (fu16_t)ci->major);
+        aim_addtlvtochain16(&tl, 0x0018, (fu16_t)ci->minor);
+        aim_addtlvtochain16(&tl, 0x0019, (fu16_t)ci->point);
+        aim_addtlvtochain16(&tl, 0x001a, (fu16_t)ci->build);
         aim_addtlvtochain32(&tl, 0x0014, 0x00000055); /* distribution chan */
         aim_addtlvtochain_raw(&tl, 0x000f, strlen(lang), lang);
         aim_addtlvtochain_raw(&tl, 0x000e, strlen(country), country);
+        aim_addtlvtochain_raw(&tl, 0x000f, strlen(ci->lang), ci->lang);
+        aim_addtlvtochain_raw(&tl, 0x000e, strlen(ci->country), ci->country);
         aim_writetlvchain(&fr->data, &tl);
 …
          */
         if (sess->flags & AIM_SESS_FLAGS_XORLOGIN)
                 return goddamnicq2(sess, conn, sn, password);
+                return goddamnicq2(sess, conn, sn, password, ci);
 …
         aim_encode_password_md5(password, key, digest);
         aim_addtlvtochain_raw(&tl, 0x0025, 16, digest);
+        /*
+         * Newer versions of winaim have an empty type x004c TLV here.
+         */
         if (ci->clientstring)
 …
          * to use SSI.
          */
+        if (0)
+                aim_addtlvtochain8(&tl, 0x004a, 0x01);
+        aim_addtlvtochain8(&tl, 0x004a, 0x01);
         aim_writetlvchain(&fr->data, &tl);
 …
                 ; /* no idea what this is */
+        /*
+         * URL to change password.
+         */
+        if (aim_gettlv(tlvlist, 0x0054, 1))
+                info.chpassurl = aim_gettlv_str(tlvlist, 0x0054, 1);
         if ((userfunc = aim_callhandler(sess, rx->conn, snac ? snac->family : 0x0017, snac ? snac->subtype : 0x0003)))
 …
         free(info.errorurl);
         free(info.email);
+        free(info.chpassurl);
         free(info.latestrelease.name);
         free(info.latestrelease.url);
 …
         return 0;
+}

libfaim/bos.c

-                      r5e53c4a
+                      r862371b
+/*
+ * Family 0x0009 - Basic Oscar Service.
+ *
+ */
 #define FAIM_INTERNAL
 #include <aim.h>
 /* Request BOS rights (group 9, type 2) */
+/* Subtype 0x0002 - Request BOS rights. */
 faim_export int aim_bos_reqrights(aim_session_t *sess, aim_conn_t *conn)
+{
 …
+}
 /* BOS Rights (group 9, type 3) */
+/* Subtype 0x0003 - BOS Rights. */
 static int rights(aim_session_t *sess, aim_module_t *mod, aim_frame_t *rx, aim_modsnac_t *snac, aim_bstream_t *bs)
+{
 …
 /*
  * Set group permisson mask (group 9, type 4)
+ * Subtype 0x0004 - Set group permisson mask.
+ *
  * Normally 0x1f (all classes).
 …
 /*
  * Modify permit/deny lists (group 9, types 5, 6, 7, and 8)
+ * Stubtypes 0x0005, 0x0006, 0x0007, and 0x0008 - Modify permit/deny lists.
+ *
  * Changes your visibility depending on changetype:
 …
         return 0;
+}

libfaim/buddylist.c

-                      r5e53c4a
+                      r862371b
+/*
+ * Family 0x0003 - Old-style Buddylist Management (non-SSI).
+ *
+ */
 #define FAIM_INTERNAL
 …
 /*
+ * Oncoming Buddy notifications contain a subset of the
+ * user information structure.  Its close enough to run
+ * through aim_extractuserinfo() however.
+ *
+ * Although the offgoing notification contains no information,
+ * it is still in a format parsable by extractuserinfo.
+ *
+ */
+static int buddychange(aim_session_t *sess, aim_module_t *mod, aim_frame_t *rx, aim_modsnac_t *snac, aim_bstream_t *bs)
+{
+        aim_userinfo_t userinfo;
+        aim_rxcallback_t userfunc;
+        aim_extractuserinfo(sess, bs, &userinfo);
+        if ((userfunc = aim_callhandler(sess, rx->conn, snac->family, snac->subtype)))
+                return userfunc(sess, rx, &userinfo);
+        return 0;
+}
+ * Subtype 0x0002 - Request rights.
+ *
+ * Request Buddy List rights.
+ *
+ */
+faim_export int aim_bos_reqbuddyrights(aim_session_t *sess, aim_conn_t *conn)
+{
+        return aim_genericreq_n(sess, conn, 0x0003, 0x0002);
+}
+/*
+ * Subtype 0x0003 - Rights.
+ *
+ */
 static int rights(aim_session_t *sess, aim_module_t *mod, aim_frame_t *rx, aim_modsnac_t *snac, aim_bstream_t *bs)
+{
 …
                 maxwatchers = aim_gettlv16(tlvlist, 0x0002, 1);
+        /*
+         * TLV type 0x0003: Unknown.
+         *
+         * ICQ only?
+         */
         if ((userfunc = aim_callhandler(sess, rx->conn, snac->family, snac->subtype)))
                 ret = userfunc(sess, rx, maxbuddies, maxwatchers);
 …
         return ret;
+}
+/*
+ * Subtype 0x0004 - Add buddy to list.
+ *
+ * Adds a single buddy to your buddy list after login.
+ * XXX This should just be an extension of setbuddylist()
+ *
+ */
+faim_export int aim_add_buddy(aim_session_t *sess, aim_conn_t *conn, const char *sn)
+{
+        aim_frame_t *fr;
+        aim_snacid_t snacid;
+        if (!sn || !strlen(sn))
+                return -EINVAL;
+        if (!(fr = aim_tx_new(sess, conn, AIM_FRAMETYPE_FLAP, 0x02, 10+1+strlen(sn))))
+                return -ENOMEM;
+        snacid = aim_cachesnac(sess, 0x0003, 0x0004, 0x0000, sn, strlen(sn)+1);
+        aim_putsnac(&fr->data, 0x0003, 0x0004, 0x0000, snacid);
+        aimbs_put8(&fr->data, strlen(sn));
+        aimbs_putraw(&fr->data, sn, strlen(sn));
+        aim_tx_enqueue(sess, fr);
+        return 0;
+}
+/*
+ * Subtype 0x0004 - Add multiple buddies to your buddy list.
+ *
+ * This just builds the "set buddy list" command then queues it.
+ *
+ * buddy_list = "Screen Name One&ScreenNameTwo&";
+ *
+ * XXX Clean this up.
+ *
+ */
+faim_export int aim_bos_setbuddylist(aim_session_t *sess, aim_conn_t *conn, const char *buddy_list)
+{
+        aim_frame_t *fr;
+        aim_snacid_t snacid;
+        int len = 0;
+        char *localcpy = NULL;
+        char *tmpptr = NULL;
+        if (!buddy_list || !(localcpy = strdup(buddy_list)))
+                return -EINVAL;
+        for (tmpptr = strtok(localcpy, "&"); tmpptr; ) {
+                faimdprintf(sess, 2, "---adding: %s (%d)\n", tmpptr, strlen(tmpptr));
+                len += 1 + strlen(tmpptr);
+                tmpptr = strtok(NULL, "&");
+        }
+        if (!(fr = aim_tx_new(sess, conn, AIM_FRAMETYPE_FLAP, 0x02, 10+len)))
+                return -ENOMEM;
+        snacid = aim_cachesnac(sess, 0x0003, 0x0004, 0x0000, NULL, 0);
+        aim_putsnac(&fr->data, 0x0003, 0x0004, 0x0000, snacid);
+        strncpy(localcpy, buddy_list, strlen(buddy_list) + 1);
+        for (tmpptr = strtok(localcpy, "&"); tmpptr; ) {
+                faimdprintf(sess, 2, "---adding: %s (%d)\n", tmpptr, strlen(tmpptr));
+                aimbs_put8(&fr->data, strlen(tmpptr));
+                aimbs_putraw(&fr->data, tmpptr, strlen(tmpptr));
+                tmpptr = strtok(NULL, "&");
+        }
+        aim_tx_enqueue(sess, fr);
+        free(localcpy);
+        return 0;
+}
+/*
+ * Subtype 0x0005 - Remove buddy from list.
+ *
+ * XXX generalise to support removing multiple buddies (basically, its
+ * the same as setbuddylist() but with a different snac subtype).
+ *
+ */
+faim_export int aim_remove_buddy(aim_session_t *sess, aim_conn_t *conn, const char *sn)
+{
+        aim_frame_t *fr;
+        aim_snacid_t snacid;
+        if (!sn || !strlen(sn))
+                return -EINVAL;
+        if (!(fr = aim_tx_new(sess, conn, AIM_FRAMETYPE_FLAP, 0x02, 10+1+strlen(sn))))
+                return -ENOMEM;
+        snacid = aim_cachesnac(sess, 0x0003, 0x0005, 0x0000, sn, strlen(sn)+1);
+        aim_putsnac(&fr->data, 0x0003, 0x0005, 0x0000, snacid);
+        aimbs_put8(&fr->data, strlen(sn));
+        aimbs_putraw(&fr->data, sn, strlen(sn));
+        aim_tx_enqueue(sess, fr);
+        return 0;
+}
+/*
+ * Subtype 0x000b
+ *
+ * XXX Why would we send this?
+ *
+ */
+faim_export int aim_sendbuddyoncoming(aim_session_t *sess, aim_conn_t *conn, aim_userinfo_t *info)
+{
+        aim_frame_t *fr;
+        aim_snacid_t snacid;
+        if (!sess || !conn || !info)
+                return -EINVAL;
+        if (!(fr = aim_tx_new(sess, conn, AIM_FRAMETYPE_FLAP, 0x02, 1152)))
+                return -ENOMEM;
+        snacid = aim_cachesnac(sess, 0x0003, 0x000b, 0x0000, NULL, 0);
+        aim_putsnac(&fr->data, 0x0003, 0x000b, 0x0000, snacid);
+        aim_putuserinfo(&fr->data, info);
+        aim_tx_enqueue(sess, fr);
+        return 0;
+}
+/*
+ * Subtype 0x000c
+ *
+ * XXX Why would we send this?
+ *
+ */
+faim_export int aim_sendbuddyoffgoing(aim_session_t *sess, aim_conn_t *conn, const char *sn)
+{
+        aim_frame_t *fr;
+        aim_snacid_t snacid;
+        if (!sess || !conn || !sn)
+                return -EINVAL;
+        if (!(fr = aim_tx_new(sess, conn, AIM_FRAMETYPE_FLAP, 0x02, 10+1+strlen(sn))))
+                return -ENOMEM;
+        snacid = aim_cachesnac(sess, 0x0003, 0x000c, 0x0000, NULL, 0);
+        aim_putsnac(&fr->data, 0x0003, 0x000c, 0x0000, snacid);
+        aimbs_put8(&fr->data, strlen(sn));
+        aimbs_putraw(&fr->data, sn, strlen(sn));
+        aim_tx_enqueue(sess, fr);
+        return 0;
+}
+/*
+ * Subtypes 0x000b and 0x000c - Change in buddy status
+ *
+ * Oncoming Buddy notifications contain a subset of the
+ * user information structure.  Its close enough to run
+ * through aim_extractuserinfo() however.
+ *
+ * Although the offgoing notification contains no information,
+ * it is still in a format parsable by extractuserinfo.
+ *
+ */
+static int buddychange(aim_session_t *sess, aim_module_t *mod, aim_frame_t *rx, aim_modsnac_t *snac, aim_bstream_t *bs)
+{
+        aim_userinfo_t userinfo;
+        aim_rxcallback_t userfunc;
+        aim_extractuserinfo(sess, bs, &userinfo);
+        if ((userfunc = aim_callhandler(sess, rx->conn, snac->family, snac->subtype)))
+                return userfunc(sess, rx, &userinfo);
+        return 0;
+}
 …
         return 0;
+}
-/*
- * aim_add_buddy()
+ *
- * Adds a single buddy to your buddy list after login.
+ *
- * XXX this should just be an extension of setbuddylist()
+ *
- */
-faim_export int aim_add_buddy(aim_session_t *sess, aim_conn_t *conn, const char *sn)
+{
-        aim_frame_t *fr;
-        aim_snacid_t snacid;
-        if (!sn || !strlen(sn))
-                return -EINVAL;
-        if (!(fr = aim_tx_new(sess, conn, AIM_FRAMETYPE_FLAP, 0x02, 10+1+strlen(sn))))
-                return -ENOMEM;
-        snacid = aim_cachesnac(sess, 0x0003, 0x0004, 0x0000, sn, strlen(sn)+1);
-        aim_putsnac(&fr->data, 0x0003, 0x0004, 0x0000, snacid);
-        aimbs_put8(&fr->data, strlen(sn));
-        aimbs_putraw(&fr->data, sn, strlen(sn));
-        aim_tx_enqueue(sess, fr);
-        return 0;
+}
-/*
- * XXX generalise to support removing multiple buddies (basically, its
- * the same as setbuddylist() but with a different snac subtype).
+ *
- */
-faim_export int aim_remove_buddy(aim_session_t *sess, aim_conn_t *conn, const char *sn)
+{
-        aim_frame_t *fr;
-        aim_snacid_t snacid;
-        if (!sn || !strlen(sn))
-                return -EINVAL;
-        if (!(fr = aim_tx_new(sess, conn, AIM_FRAMETYPE_FLAP, 0x02, 10+1+strlen(sn))))
-                return -ENOMEM;
-        snacid = aim_cachesnac(sess, 0x0003, 0x0005, 0x0000, sn, strlen(sn)+1);
-        aim_putsnac(&fr->data, 0x0003, 0x0005, 0x0000, snacid);
-        aimbs_put8(&fr->data, strlen(sn));
-        aimbs_putraw(&fr->data, sn, strlen(sn));
-        aim_tx_enqueue(sess, fr);
-        return 0;
+}

libfaim/chat.c

-                      r5e53c4a
+                      r862371b
 /*
+ * aim_chat.c
+ *
+ * Routines for the Chat service.
+ * Family 0x000e - Routines for the Chat service.
+ *
  */
 …
 };
-static void dumpbox(aim_session_t *sess, unsigned char *buf, int len)
+{
-        int i;
-        if (!sess || !buf || !len)
-                return;
-        faimdprintf(sess, 1, "\nDump of %d bytes at %p:", len, buf);
-        for (i = 0; i < len; i++) {
-                if ((i % 8) == 0)
-                        faimdprintf(sess, 1, "\n\t");
-                faimdprintf(sess, 1, "0x%2x ", buf[i]);
+        }
-        faimdprintf(sess, 1, "\n\n");
-        return;
+}
 faim_internal void aim_conn_kill_chat(aim_session_t *sess, aim_conn_t *conn)
+{
 …
+}
+static int aim_addtlvtochain_chatroom(aim_tlvlist_t **list, fu16_t type, fu16_t exchange, const char *roomname, fu16_t instance)
+{
+        fu8_t *buf;
+        int buflen;
+        aim_bstream_t bs;
+        buflen = 2 + 1 + strlen(roomname) + 2;
+        if (!(buf = malloc(buflen)))
+                return 0;
+        aim_bstream_init(&bs, buf, buflen);
+        aimbs_put16(&bs, exchange);
+        aimbs_put8(&bs, strlen(roomname));
+        aimbs_putraw(&bs, roomname, strlen(roomname));
+        aimbs_put16(&bs, instance);
+        aim_addtlvtochain_raw(list, type, aim_bstream_curpos(&bs), buf);
+        free(buf);
+        return 0;
+}
 /*
+ * Send a Chat Message.
+ * Join a room of name roomname.  This is the first step to joining an
+ * already created room.  It's basically a Service Request for
+ * family 0x000e, with a little added on to specify the exchange and room
+ * name.
+ */
+faim_export int aim_chat_join(aim_session_t *sess, aim_conn_t *conn, fu16_t exchange, const char *roomname, fu16_t instance)
+{
+        aim_frame_t *fr;
+        aim_snacid_t snacid;
+        aim_tlvlist_t *tl = NULL;
+        struct chatsnacinfo csi;
+        if (!sess || !conn || !roomname || !strlen(roomname))
+                return -EINVAL;
+        if (!(fr = aim_tx_new(sess, conn, AIM_FRAMETYPE_FLAP, 0x02, 512)))
+                return -ENOMEM;
+        memset(&csi, 0, sizeof(csi));
+        csi.exchange = exchange;
+        strncpy(csi.name, roomname, sizeof(csi.name));
+        csi.instance = instance;
+        snacid = aim_cachesnac(sess, 0x0001, 0x0004, 0x0000, &csi, sizeof(csi));
+        aim_putsnac(&fr->data, 0x0001, 0x0004, 0x0000, snacid);
+        /*
+         * Requesting service chat (0x000e)
+         */
+        aimbs_put16(&fr->data, 0x000e);
+        aim_addtlvtochain_chatroom(&tl, 0x0001, exchange, roomname, instance);
+        aim_writetlvchain(&fr->data, &tl);
+        aim_freetlvchain(&tl);
+        aim_tx_enqueue(sess, fr);
+        return 0;
+}
+faim_internal int aim_chat_readroominfo(aim_bstream_t *bs, struct aim_chat_roominfo *outinfo)
+{
+        int namelen;
+        if (!bs || !outinfo)
+                return 0;
+        outinfo->exchange = aimbs_get16(bs);
+        namelen = aimbs_get8(bs);
+        outinfo->name = aimbs_getstr(bs, namelen);
+        outinfo->instance = aimbs_get16(bs);
+        return 0;
+}
+faim_export int aim_chat_leaveroom(aim_session_t *sess, const char *name)
+{
+        aim_conn_t *conn;
+        if (!(conn = aim_chat_getconn(sess, name)))
+                return -ENOENT;
+        aim_conn_close(conn);
+        return 0;
+}
+/*
+ * conn must be a BOS connection!
+ */
+faim_export int aim_chat_invite(aim_session_t *sess, aim_conn_t *conn, const char *sn, const char *msg, fu16_t exchange, const char *roomname, fu16_t instance)
+{
+        int i;
+        aim_frame_t *fr;
+        aim_msgcookie_t *cookie;
+        struct aim_invite_priv *priv;
+        fu8_t ckstr[8];
+        aim_snacid_t snacid;
+        aim_tlvlist_t *otl = NULL, *itl = NULL;
+        fu8_t *hdr;
+        int hdrlen;
+        aim_bstream_t hdrbs;
+        if (!sess || !conn || !sn || !msg || !roomname)
+                return -EINVAL;
+        if (conn->type != AIM_CONN_TYPE_BOS)
+                return -EINVAL;
+        if (!(fr = aim_tx_new(sess, conn, AIM_FRAMETYPE_FLAP, 0x02, 1152+strlen(sn)+strlen(roomname)+strlen(msg))))
+                return -ENOMEM;
+        snacid = aim_cachesnac(sess, 0x0004, 0x0006, 0x0000, sn, strlen(sn)+1);
+        aim_putsnac(&fr->data, 0x0004, 0x0006, 0x0000, snacid);
+        /*
+         * Cookie
+         */
+        for (i = 0; i < sizeof(ckstr); i++)
+                aimutil_put8(ckstr, (fu8_t) rand());
+        /* XXX should be uncached by an unwritten 'invite accept' handler */
+        if ((priv = malloc(sizeof(struct aim_invite_priv)))) {
+                priv->sn = strdup(sn);
+                priv->roomname = strdup(roomname);
+                priv->exchange = exchange;
+                priv->instance = instance;
+        }
+        if ((cookie = aim_mkcookie(ckstr, AIM_COOKIETYPE_INVITE, priv)))
+                aim_cachecookie(sess, cookie);
+        else
+                free(priv);
+        for (i = 0; i < sizeof(ckstr); i++)
+                aimbs_put8(&fr->data, ckstr[i]);
+        /*
+         * Channel (2)
+         */
+        aimbs_put16(&fr->data, 0x0002);
+        /*
+         * Dest sn
+         */
+        aimbs_put8(&fr->data, strlen(sn));
+        aimbs_putraw(&fr->data, sn, strlen(sn));
+        /*
+         * TLV t(0005)
+         *
+         * Everything else is inside this TLV.
+         *
+         * Sigh.  AOL was rather inconsistent right here.  So we have
+         * to play some minor tricks.  Right inside the type 5 is some
+         * raw data, followed by a series of TLVs.
+         *
+         */
+        hdrlen = 2+8+16+6+4+4+strlen(msg)+4+2+1+strlen(roomname)+2;
+        hdr = malloc(hdrlen);
+        aim_bstream_init(&hdrbs, hdr, hdrlen);
+        aimbs_put16(&hdrbs, 0x0000); /* Unknown! */
+        aimbs_putraw(&hdrbs, ckstr, sizeof(ckstr)); /* I think... */
+        aim_putcap(&hdrbs, AIM_CAPS_CHAT);
+        aim_addtlvtochain16(&itl, 0x000a, 0x0001);
+        aim_addtlvtochain_noval(&itl, 0x000f);
+        aim_addtlvtochain_raw(&itl, 0x000c, strlen(msg), msg);
+        aim_addtlvtochain_chatroom(&itl, 0x2711, exchange, roomname, instance);
+        aim_writetlvchain(&hdrbs, &itl);
+        aim_addtlvtochain_raw(&otl, 0x0005, aim_bstream_curpos(&hdrbs), hdr);
+        aim_writetlvchain(&fr->data, &otl);
+        free(hdr);
+        aim_freetlvchain(&itl);
+        aim_freetlvchain(&otl);
+        aim_tx_enqueue(sess, fr);
+        return 0;
+}
+/*
+ * Subtype 0x0002 - General room information.  Lots of stuff.
+ *
+ * Values I know are in here but I havent attached
+ * them to any of the 'Unknown's:
+ *      - Language (English)
+ *
+ */
+static int infoupdate(aim_session_t *sess, aim_module_t *mod, aim_frame_t *rx, aim_modsnac_t *snac, aim_bstream_t *bs)
+{
+        aim_userinfo_t *userinfo = NULL;
+        aim_rxcallback_t userfunc;
+        int ret = 0;
+        int usercount = 0;
+        fu8_t detaillevel = 0;
+        char *roomname = NULL;
+        struct aim_chat_roominfo roominfo;
+        fu16_t tlvcount = 0;
+        aim_tlvlist_t *tlvlist;
+        char *roomdesc = NULL;
+        fu16_t flags = 0;
+        fu32_t creationtime = 0;
+        fu16_t maxmsglen = 0, maxvisiblemsglen = 0;
+        fu16_t unknown_d2 = 0, unknown_d5 = 0;
+        aim_chat_readroominfo(bs, &roominfo);
+        detaillevel = aimbs_get8(bs);
+        if (detaillevel != 0x02) {
+                faimdprintf(sess, 0, "faim: chat_roomupdateinfo: detail level %d not supported\n", detaillevel);
+                return 1;
+        }
+        tlvcount = aimbs_get16(bs);
+        /*
+         * Everything else are TLVs.
+         */
+        tlvlist = aim_readtlvchain(bs);
+        /*
+         * TLV type 0x006a is the room name in Human Readable Form.
+         */
+        if (aim_gettlv(tlvlist, 0x006a, 1))
+                roomname = aim_gettlv_str(tlvlist, 0x006a, 1);
+        /*
+         * Type 0x006f: Number of occupants.
+         */
+        if (aim_gettlv(tlvlist, 0x006f, 1))
+                usercount = aim_gettlv16(tlvlist, 0x006f, 1);
+        /*
+         * Type 0x0073:  Occupant list.
+         */
+        if (aim_gettlv(tlvlist, 0x0073, 1)) {
+                int curoccupant = 0;
+                aim_tlv_t *tmptlv;
+                aim_bstream_t occbs;
+                tmptlv = aim_gettlv(tlvlist, 0x0073, 1);
+                /* Allocate enough userinfo structs for all occupants */
+                userinfo = calloc(usercount, sizeof(aim_userinfo_t));
+                aim_bstream_init(&occbs, tmptlv->value, tmptlv->length);
+                while (curoccupant < usercount)
+                        aim_extractuserinfo(sess, &occbs, &userinfo[curoccupant++]);
+        }
+        /*
+         * Type 0x00c9: Flags. (AIM_CHATROOM_FLAG)
+         */
+        if (aim_gettlv(tlvlist, 0x00c9, 1))
+                flags = aim_gettlv16(tlvlist, 0x00c9, 1);
+        /*
+         * Type 0x00ca: Creation time (4 bytes)
+         */
+        if (aim_gettlv(tlvlist, 0x00ca, 1))
+                creationtime = aim_gettlv32(tlvlist, 0x00ca, 1);
+        /*
+         * Type 0x00d1: Maximum Message Length
+         */
+        if (aim_gettlv(tlvlist, 0x00d1, 1))
+                maxmsglen = aim_gettlv16(tlvlist, 0x00d1, 1);
+        /*
+         * Type 0x00d2: Unknown. (2 bytes)
+         */
+        if (aim_gettlv(tlvlist, 0x00d2, 1))
+                unknown_d2 = aim_gettlv16(tlvlist, 0x00d2, 1);
+        /*
+         * Type 0x00d3: Room Description
+         */
+        if (aim_gettlv(tlvlist, 0x00d3, 1))
+                roomdesc = aim_gettlv_str(tlvlist, 0x00d3, 1);
+        /*
+         * Type 0x000d4: Unknown (flag only)
+         */
+        if (aim_gettlv(tlvlist, 0x000d4, 1))
+                ;
+        /*
+         * Type 0x00d5: Unknown. (1 byte)
+         */
+        if (aim_gettlv(tlvlist, 0x00d5, 1))
+                unknown_d5 = aim_gettlv8(tlvlist, 0x00d5, 1);
+        /*
+         * Type 0x00d6: Encoding 1 ("us-ascii")
+         */
+        if (aim_gettlv(tlvlist, 0x000d6, 1))
+                ;
+        /*
+         * Type 0x00d7: Language 1 ("en")
+         */
+        if (aim_gettlv(tlvlist, 0x000d7, 1))
+                ;
+        /*
+         * Type 0x00d8: Encoding 2 ("us-ascii")
+         */
+        if (aim_gettlv(tlvlist, 0x000d8, 1))
+                ;
+        /*
+         * Type 0x00d9: Language 2 ("en")
+         */
+        if (aim_gettlv(tlvlist, 0x000d9, 1))
+                ;
+        /*
+         * Type 0x00da: Maximum visible message length
+         */
+        if (aim_gettlv(tlvlist, 0x000da, 1))
+                maxvisiblemsglen = aim_gettlv16(tlvlist, 0x00da, 1);
+        if ((userfunc = aim_callhandler(sess, rx->conn, snac->family, snac->subtype))) {
+                ret = userfunc(sess,
+                                rx,
+                                &roominfo,
+                                roomname,
+                                usercount,
+                                userinfo,
+                                roomdesc,
+                                flags,
+                                creationtime,
+                                maxmsglen,
+                                unknown_d2,
+                                unknown_d5,
+                                maxvisiblemsglen);
+        }
+        free(roominfo.name);
+        free(userinfo);
+        free(roomname);
+        free(roomdesc);
+        aim_freetlvchain(&tlvlist);
+        return ret;
+}
+/* Subtypes 0x0003 and 0x0004 */
+static int userlistchange(aim_session_t *sess, aim_module_t *mod, aim_frame_t *rx, aim_modsnac_t *snac, aim_bstream_t *bs)
+{
+        aim_userinfo_t *userinfo = NULL;
+        aim_rxcallback_t userfunc;
+        int curcount = 0, ret = 0;
+        while (aim_bstream_empty(bs)) {
+                curcount++;
+                userinfo = realloc(userinfo, curcount * sizeof(aim_userinfo_t));
+                aim_extractuserinfo(sess, bs, &userinfo[curcount-1]);
+        }
+        if ((userfunc = aim_callhandler(sess, rx->conn, snac->family, snac->subtype)))
+                ret = userfunc(sess, rx, curcount, userinfo);
+        free(userinfo);
+        return ret;
+}
+/*
+ * Subtype 0x0005 - Send a Chat Message.
+ *
  * Possible flags:
 …
+}
-static int aim_addtlvtochain_chatroom(aim_tlvlist_t **list, fu16_t type, fu16_t exchange, const char *roomname, fu16_t instance)
+{
-        fu8_t *buf;
-        int buflen;
-        aim_bstream_t bs;
-        buflen = 2 + 1 + strlen(roomname) + 2;
-        if (!(buf = malloc(buflen)))
-                return 0;
-        aim_bstream_init(&bs, buf, buflen);
-        aimbs_put16(&bs, exchange);
-        aimbs_put8(&bs, strlen(roomname));
-        aimbs_putraw(&bs, roomname, strlen(roomname));
-        aimbs_put16(&bs, instance);
-        aim_addtlvtochain_raw(list, type, aim_bstream_curpos(&bs), buf);
-        free(buf);
-        return 0;
+}
 /*
+ * Join a room of name roomname.  This is the first step to joining an
+ * already created room.  It's basically a Service Request for
+ * family 0x000e, with a little added on to specify the exchange and room
+ * name.
+ */
+faim_export int aim_chat_join(aim_session_t *sess, aim_conn_t *conn, fu16_t exchange, const char *roomname, fu16_t instance)
+{
+        aim_frame_t *fr;
+        aim_snacid_t snacid;
+        aim_tlvlist_t *tl = NULL;
+        struct chatsnacinfo csi;
+        if (!sess || !conn || !roomname || !strlen(roomname))
+                return -EINVAL;
+        if (!(fr = aim_tx_new(sess, conn, AIM_FRAMETYPE_FLAP, 0x02, 512)))
+                return -ENOMEM;
+        memset(&csi, 0, sizeof(csi));
+        csi.exchange = exchange;
+        strncpy(csi.name, roomname, sizeof(csi.name));
+        csi.instance = instance;
+        snacid = aim_cachesnac(sess, 0x0001, 0x0004, 0x0000, &csi, sizeof(csi));
+        aim_putsnac(&fr->data, 0x0001, 0x0004, 0x0000, snacid);
+        /*
+         * Requesting service chat (0x000e)
+         */
+        aimbs_put16(&fr->data, 0x000e);
+        aim_addtlvtochain_chatroom(&tl, 0x0001, exchange, roomname, instance);
+        aim_writetlvchain(&fr->data, &tl);
+        aim_freetlvchain(&tl);
+        aim_tx_enqueue(sess, fr);
+        return 0;
+}
+faim_internal int aim_chat_readroominfo(aim_bstream_t *bs, struct aim_chat_roominfo *outinfo)
+{
+        int namelen;
+        if (!bs || !outinfo)
+                return 0;
+        outinfo->exchange = aimbs_get16(bs);
+        namelen = aimbs_get8(bs);
+        outinfo->name = aimbs_getstr(bs, namelen);
+        outinfo->instance = aimbs_get16(bs);
+        return 0;
+}
+faim_export int aim_chat_leaveroom(aim_session_t *sess, const char *name)
+{
+        aim_conn_t *conn;
+        if (!(conn = aim_chat_getconn(sess, name)))
+                return -ENOENT;
+        aim_conn_close(conn);
+        return 0;
+}
+/*
+ * conn must be a BOS connection!
+ */
+faim_export int aim_chat_invite(aim_session_t *sess, aim_conn_t *conn, const char *sn, const char *msg, fu16_t exchange, const char *roomname, fu16_t instance)
+{
+        int i;
+        aim_frame_t *fr;
+        aim_msgcookie_t *cookie;
+        struct aim_invite_priv *priv;
+        fu8_t ckstr[8];
+        aim_snacid_t snacid;
+        aim_tlvlist_t *otl = NULL, *itl = NULL;
+        fu8_t *hdr;
+        int hdrlen;
+        aim_bstream_t hdrbs;
+        if (!sess || !conn || !sn || !msg || !roomname)
+                return -EINVAL;
+        if (conn->type != AIM_CONN_TYPE_BOS)
+                return -EINVAL;
+        if (!(fr = aim_tx_new(sess, conn, AIM_FRAMETYPE_FLAP, 0x02, 1152+strlen(sn)+strlen(roomname)+strlen(msg))))
+                return -ENOMEM;
+        snacid = aim_cachesnac(sess, 0x0004, 0x0006, 0x0000, sn, strlen(sn)+1);
+        aim_putsnac(&fr->data, 0x0004, 0x0006, 0x0000, snacid);
+        /*
+         * Cookie
+         */
+        for (i = 0; i < sizeof(ckstr); i++)
+                aimutil_put8(ckstr, (fu8_t) rand());
+        /* XXX should be uncached by an unwritten 'invite accept' handler */
+        if ((priv = malloc(sizeof(struct aim_invite_priv)))) {
+                priv->sn = strdup(sn);
+                priv->roomname = strdup(roomname);
+                priv->exchange = exchange;
+                priv->instance = instance;
+        }
+        if ((cookie = aim_mkcookie(ckstr, AIM_COOKIETYPE_INVITE, priv)))
+                aim_cachecookie(sess, cookie);
+        else
+                free(priv);
+        for (i = 0; i < sizeof(ckstr); i++)
+                aimbs_put8(&fr->data, ckstr[i]);
+        /*
+         * Channel (2)
+         */
+        aimbs_put16(&fr->data, 0x0002);
+        /*
+         * Dest sn
+         */
+        aimbs_put8(&fr->data, strlen(sn));
+        aimbs_putraw(&fr->data, sn, strlen(sn));
+        /*
+         * TLV t(0005)
+         *
+         * Everything else is inside this TLV.
+         *
+         * Sigh.  AOL was rather inconsistent right here.  So we have
+         * to play some minor tricks.  Right inside the type 5 is some
+         * raw data, followed by a series of TLVs.
+         *
+         */
+        hdrlen = 2+8+16+6+4+4+strlen(msg)+4+2+1+strlen(roomname)+2;
+        hdr = malloc(hdrlen);
+        aim_bstream_init(&hdrbs, hdr, hdrlen);
+        aimbs_put16(&hdrbs, 0x0000); /* Unknown! */
+        aimbs_putraw(&hdrbs, ckstr, sizeof(ckstr)); /* I think... */
+        aim_putcap(&hdrbs, AIM_CAPS_CHAT);
+        aim_addtlvtochain16(&itl, 0x000a, 0x0001);
+        aim_addtlvtochain_noval(&itl, 0x000f);
+        aim_addtlvtochain_raw(&itl, 0x000c, strlen(msg), msg);
+        aim_addtlvtochain_chatroom(&itl, 0x2711, exchange, roomname, instance);
+        aim_writetlvchain(&hdrbs, &itl);
+        aim_addtlvtochain_raw(&otl, 0x0005, aim_bstream_curpos(&hdrbs), hdr);
+        aim_writetlvchain(&fr->data, &otl);
+        free(hdr);
+        aim_freetlvchain(&itl);
+        aim_freetlvchain(&otl);
+        aim_tx_enqueue(sess, fr);
+        return 0;
+}
+/*
+ * General room information.  Lots of stuff.
+ * Subtype 0x0006
+ *
- * Values I know are in here but I havent attached
- * them to any of the 'Unknown's:
- *      - Language (English)
+ *
- * SNAC 000e/0002
- */
-static int infoupdate(aim_session_t *sess, aim_module_t *mod, aim_frame_t *rx, aim_modsnac_t *snac, aim_bstream_t *bs)
+{
-        aim_userinfo_t *userinfo = NULL;
-        aim_rxcallback_t userfunc;
-        int ret = 0;
-        int usercount = 0;
-        fu8_t detaillevel = 0;
-        char *roomname = NULL;
-        struct aim_chat_roominfo roominfo;
-        fu16_t tlvcount = 0;
-        aim_tlvlist_t *tlvlist;
-        char *roomdesc = NULL;
-        fu16_t flags = 0;
-        fu32_t creationtime = 0;
-        fu16_t maxmsglen = 0, maxvisiblemsglen = 0;
-        fu16_t unknown_d2 = 0, unknown_d5 = 0;
-        dumpbox(sess, bs->data + bs->offset, aim_bstream_empty(bs));
-        aim_chat_readroominfo(bs, &roominfo);
-        detaillevel = aimbs_get8(bs);
-        if (detaillevel != 0x02) {
-                faimdprintf(sess, 0, "faim: chat_roomupdateinfo: detail level %d not supported\n", detaillevel);
-                return 1;
+        }
-        tlvcount = aimbs_get16(bs);
-        /*
-         * Everything else are TLVs.
-         */
-        tlvlist = aim_readtlvchain(bs);
-        /*
-         * TLV type 0x006a is the room name in Human Readable Form.
-         */
-        if (aim_gettlv(tlvlist, 0x006a, 1))
-                roomname = aim_gettlv_str(tlvlist, 0x006a, 1);
-        /*
-         * Type 0x006f: Number of occupants.
-         */
-        if (aim_gettlv(tlvlist, 0x006f, 1))
-                usercount = aim_gettlv16(tlvlist, 0x006f, 1);
-        /*
-         * Type 0x0073:  Occupant list.
-         */
-        if (aim_gettlv(tlvlist, 0x0073, 1)) {
-                int curoccupant = 0;
-                aim_tlv_t *tmptlv;
-                aim_bstream_t occbs;
-                tmptlv = aim_gettlv(tlvlist, 0x0073, 1);
-                /* Allocate enough userinfo structs for all occupants */
-                userinfo = calloc(usercount, sizeof(aim_userinfo_t));
-                aim_bstream_init(&occbs, tmptlv->value, tmptlv->length);
-                while (curoccupant < usercount)
-                        aim_extractuserinfo(sess, &occbs, &userinfo[curoccupant++]);
+        }
-        /*
-         * Type 0x00c9: Flags. (AIM_CHATROOM_FLAG)
-         */
-        if (aim_gettlv(tlvlist, 0x00c9, 1))
-                flags = aim_gettlv16(tlvlist, 0x00c9, 1);
-        /*
-         * Type 0x00ca: Creation time (4 bytes)
-         */
-        if (aim_gettlv(tlvlist, 0x00ca, 1))
-                creationtime = aim_gettlv32(tlvlist, 0x00ca, 1);
-        /*
-         * Type 0x00d1: Maximum Message Length
-         */
-        if (aim_gettlv(tlvlist, 0x00d1, 1))
-                maxmsglen = aim_gettlv16(tlvlist, 0x00d1, 1);
-        /*
-         * Type 0x00d2: Unknown. (2 bytes)
-         */
-        if (aim_gettlv(tlvlist, 0x00d2, 1))
-                unknown_d2 = aim_gettlv16(tlvlist, 0x00d2, 1);
-        /*
-         * Type 0x00d3: Room Description
-         */
-        if (aim_gettlv(tlvlist, 0x00d3, 1))
-                roomdesc = aim_gettlv_str(tlvlist, 0x00d3, 1);
-        /*
-         * Type 0x000d4: Unknown (flag only)
-         */
-        if (aim_gettlv(tlvlist, 0x000d4, 1))
+                ;
-        /*
-         * Type 0x00d5: Unknown. (1 byte)
-         */
-        if (aim_gettlv(tlvlist, 0x00d5, 1))
-                unknown_d5 = aim_gettlv8(tlvlist, 0x00d5, 1);
-        /*
-         * Type 0x00d6: Encoding 1 ("us-ascii")
-         */
-        if (aim_gettlv(tlvlist, 0x000d6, 1))
+                ;
-        /*
-         * Type 0x00d7: Language 1 ("en")
-         */
-        if (aim_gettlv(tlvlist, 0x000d7, 1))
+                ;
-        /*
-         * Type 0x00d8: Encoding 2 ("us-ascii")
-         */
-        if (aim_gettlv(tlvlist, 0x000d8, 1))
+                ;
-        /*
-         * Type 0x00d9: Language 2 ("en")
-         */
-        if (aim_gettlv(tlvlist, 0x000d9, 1))
+                ;
-        /*
-         * Type 0x00da: Maximum visible message length
-         */
-        if (aim_gettlv(tlvlist, 0x000da, 1))
-                maxvisiblemsglen = aim_gettlv16(tlvlist, 0x00da, 1);
-        if ((userfunc = aim_callhandler(sess, rx->conn, snac->family, snac->subtype))) {
-                ret = userfunc(sess,
-                                rx,
-                                &roominfo,
-                                roomname,
-                                usercount,
-                                userinfo,
-                                roomdesc,
-                                flags,
-                                creationtime,
-                                maxmsglen,
-                                unknown_d2,
-                                unknown_d5,
-                                maxvisiblemsglen);
+        }
-        free(roominfo.name);
-        free(userinfo);
-        free(roomname);
-        free(roomdesc);
-        aim_freetlvchain(&tlvlist);
-        return ret;
+}
-static int userlistchange(aim_session_t *sess, aim_module_t *mod, aim_frame_t *rx, aim_modsnac_t *snac, aim_bstream_t *bs)
+{
-        aim_userinfo_t *userinfo = NULL;
-        aim_rxcallback_t userfunc;
-        int curcount = 0, ret = 0;
-        while (aim_bstream_empty(bs)) {
-                curcount++;
-                userinfo = realloc(userinfo, curcount * sizeof(aim_userinfo_t));
-                aim_extractuserinfo(sess, bs, &userinfo[curcount-1]);
+        }
-        if ((userfunc = aim_callhandler(sess, rx->conn, snac->family, snac->subtype)))
-                ret = userfunc(sess, rx, curcount, userinfo);
-        free(userinfo);
-        return ret;
+}
-/*
  * We could probably include this in the normal ICBM parsing
  * code as channel 0x0003, however, since only the start
 …
         return 0;
+}

libfaim/chatnav.c

-                      r5e53c4a
+                      r862371b
 /*
  * Handle ChatNav.
+ *
  * [The ChatNav(igation) service does various things to keep chat
  *  alive.  It provides room information, room searching and creating,
  *  as well as giving users the right ("permission") to use chat.]
+ * Family 0x000d - Handle ChatNav.
+ *
+ * The ChatNav(igation) service does various things to keep chat
+ * alive.  It provides room information, room searching and creating,
+ * as well as giving users the right ("permission") to use chat.
+ *
  */
 …
 /*
+ * Subtype 0x0002
+ *
  * conn must be a chatnav connection!
+ *
  */
 faim_export int aim_chatnav_reqrights(aim_session_t *sess, aim_conn_t *conn)
 …
+}
+/*
+ * Subtype 0x0008
+ */
 faim_export int aim_chatnav_createroom(aim_session_t *sess, aim_conn_t *conn, const char *name, fu16_t exchange)
+{
 …
 /*
+ * Subtype 0x0009
+ *
  * Since multiple things can trigger this callback, we must lookup the
  * snacid to determine the original snac subtype that was called.
 …
         mod->family = 0x000d;
         mod->version = 0x0001;
+        mod->version = 0x0003;
         mod->toolid = 0x0010;
         mod->toolversion = 0x047c;

libfaim/conn.c

-                      r5e53c4a
+                      r862371b
 /*
  * conn.c
 …
 #include <sys/socket.h>
 #include <netinet/in.h>
+#endif
+#ifdef _WIN32
+#include "win32dep.h"
 #endif
 …
                         i = 3;
+                }
                 if (write(fd, buf, i) < i) {
                         *statusret = errno;
 …
                         return -1;
+                }
                 if (read(fd, buf, 2) < 2) {
                         *statusret = errno;
 …
                         return -1;
+                }
                 if (read(fd, buf, 10) < 10) {
                         *statusret = errno;
 …
         sess->modlistv = NULL;
+        sess->ssi.received_data = 0;
+        sess->ssi.waiting_for_ack = 0;
+        sess->ssi.holding_queue = NULL;
+        sess->ssi.revision = 0;
+        sess->ssi.items = NULL;
+        sess->ssi.timestamp = (time_t)0;
+        sess->emailinfo = NULL;
         /*
          * Default to SNAC login unless XORLOGIN is explicitly set.
 …
         aim__registermodule(sess, chatnav_modfirst);
         aim__registermodule(sess, chat_modfirst);
+        /* missing 0x0f - 0x12 */
+        aim__registermodule(sess, newsearch_modfirst);
+        /* missing 0x10 - 0x12 */
         aim__registermodule(sess, ssi_modfirst);
         /* missing 0x14 */
         aim__registermodule(sess, icq_modfirst);
+        aim__registermodule(sess, icq_modfirst); /* XXX - Make sure this isn't sent for AIM */
         /* missing 0x16 */
         aim__registermodule(sess, auth_modfirst);
+        aim__registermodule(sess, email_modfirst);
         return;
 …
         fd_set fds, wfds;
         struct timeval tv;
+        int res, error = ETIMEDOUT;
+        int res;
+        int error = ETIMEDOUT;
         aim_rxcallback_t userfunc;
 …
         if (FD_ISSET(conn->fd, &fds) || FD_ISSET(conn->fd, &wfds)) {
                 int len = sizeof(error);
                 if (getsockopt(conn->fd, SOL_SOCKET, SO_ERROR, &error, &len) < 0)
                         error = errno;
 …
                 return -1;
+        }
         fcntl(conn->fd, F_SETFL, 0); /* XXX should restore original flags */
 …
         return 0;
+}
 …
+ *
  * No-op.  WinAIM 4.x sends these _every minute_ to keep
  * the connection alive.
+ * the connection alive.
  */
 faim_export int aim_flap_nop(aim_session_t *sess, aim_conn_t *conn)
 …
         return 0;
+}

libfaim/ft.c

-                      r5e53c4a
+                      r862371b
 #endif
 #include <aim.h>
 #ifndef _WIN32
 …
 #include <netinet/in.h>
 #include <sys/utsname.h> /* for aim_directim_initiate */
 #include <arpa/inet.h> /* for inet_ntoa */
+#define G_DIR_SEPARATOR '/'
 #endif
+/* TODO:
+   o look for memory leaks.. there's going to be shitloads, i'm sure.
+*/
+#ifdef _WIN32
+#include "win32dep.h"
+#endif
+#define AIM_OFT_PROTO_OFFER          0x0101
+#define AIM_OFT_PROTO_ACCEPT         0x0202
+#define AIM_OFT_PROTO_RESUME         0x0205
+#define AIM_OFT_PROTO_RESUMEACCEPT   0x0207
+#define AIM_OFT_PROTO_ACK            0x0204
+struct aim_filetransfer_priv {
+        char sn[MAXSNLEN+1];
+        char cookie[8];
+        char ip[30];
+        int state;
+        struct aim_fileheader_t fh;
+};
 struct aim_directim_intdata {
 …
 static int listenestablish(fu16_t portnum);
+static struct aim_fileheader_t *aim_oft_getfh(aim_bstream_t *bs);
+static void oft_dirconvert(char *name);
+static int aim_oft_buildheader(aim_bstream_t *bs, struct aim_fileheader_t *fh);
 /**
 …
                 aim_rxcallback_t userfunc;
                 newconn->priv = cur->priv;
                 cur->priv = NULL;
 …
                         ret = userfunc(sess, NULL, newconn, cur);
 #endif
+        } else if (newconn->subtype == AIM_CONN_SUBTYPE_OFT_SENDFILE) {
+                struct aim_filetransfer_priv *ft;
+                aim_rxcallback_t userfunc;
+                /* The new conn automatically inherits the internal value
+                 * of cur. */
+                cur->internal = NULL;
+                ft = (struct aim_filetransfer_priv *)newconn->internal;
+                snprintf(ft->ip, sizeof(ft->ip), "%s:%u", inet_ntoa(((struct sockaddr_in *)&cliaddr)->sin_addr), ntohs(((struct sockaddr_in *)&cliaddr)->sin_port));
+                if ((userfunc = aim_callhandler(sess, newconn, AIM_CB_FAM_OFT, AIM_CB_OFT_SENDFILEINITIATE)))
+                        ret = userfunc(sess, NULL, newconn, cur);
         } else {
                 faimdprintf(sess, 1,"Got a Connection on a listener that's not Rendezvous Closing conn.\n");
 …
 /**
+ * aim_send_typing - send client-to-client typing notification over established connection
+ * @sess: session to conn
+ * @conn: directim connection
+ * @typing: If true, notify user has started typing; if false, notify user has stopped.
+ *
+ * The connection must have been previously established.
+ */
+faim_export int aim_send_typing(aim_session_t *sess, aim_conn_t *conn, int typing)
+{
+        struct aim_directim_intdata *intdata = (struct aim_directim_intdata *)conn->internal;
+        aim_frame_t *fr;
+        aim_bstream_t *hdrbs;
+        fu8_t *hdr;
+        int hdrlen = 0x44;
+        if (!sess || !conn || (conn->type != AIM_CONN_TYPE_RENDEZVOUS))
+                return -EINVAL;
+        if (!(fr = aim_tx_new(sess, conn, AIM_FRAMETYPE_OFT, 0x01, 0)))
+                return -ENOMEM;
+        memcpy(fr->hdr.rend.magic, "ODC2", 4);
+        fr->hdr.rend.hdrlen = hdrlen;
+        if (!(hdr = calloc(1, hdrlen))) {
+                aim_frame_destroy(fr);
+                return -ENOMEM;
+        }
+        hdrbs = &(fr->data);
+        aim_bstream_init(hdrbs, hdr, hdrlen);
+        aimbs_put16(hdrbs, 0x0006);
+        aimbs_put16(hdrbs, 0x0000);
+        aimbs_putraw(hdrbs, intdata->cookie, 8);
+        aimbs_put16(hdrbs, 0x0000);
+        aimbs_put16(hdrbs, 0x0000);
+        aimbs_put16(hdrbs, 0x0000);
+        aimbs_put16(hdrbs, 0x0000);
+        aimbs_put32(hdrbs, 0x00000000);
+        aimbs_put16(hdrbs, 0x0000);
+        aimbs_put16(hdrbs, 0x0000);
+        aimbs_put16(hdrbs, 0x0000);
+        /* flags -- 0x000e for "started typing", 0x0002 for "stopped typing */
+        aimbs_put16(hdrbs, ( typing ? 0x000e : 0x0002));
+        aimbs_put16(hdrbs, 0x0000);
+        aimbs_put16(hdrbs, 0x0000);
+        aimbs_putraw(hdrbs, sess->sn, strlen(sess->sn));
+        aim_bstream_setpos(hdrbs, 52); /* bleeehh */
+        aimbs_put8(hdrbs, 0x00);
+        aimbs_put16(hdrbs, 0x0000);
+        aimbs_put16(hdrbs, 0x0000);
+        aimbs_put16(hdrbs, 0x0000);
+        aimbs_put16(hdrbs, 0x0000);
+        aimbs_put16(hdrbs, 0x0000);
+        aimbs_put16(hdrbs, 0x0000);
+        aimbs_put16(hdrbs, 0x0000);
+        aimbs_put8(hdrbs, 0x00);
+        /* end of hdr */
+        aim_tx_enqueue(sess, fr);
+        return 0;
+}
+/**
  * aim_send_im_direct - send IM client-to-client over established connection
  * @sess: session to conn
  * @conn: directim connection
+ * @msg: null-terminated string to send; if this is NULL, it will send a "typing" notice.
+ *
+ * @msg: null-terminated string to send.
+ * @len: The length of the message to send, including binary data.
+ * @encoding: 0 for ascii, 2 for Unicode, 3 for ISO 8859-1
+ *
  * Call this just like you would aim_send_im, to send a directim. You
  * _must_ have previously established the directim connection.
  */
 faim_export int aim_send_im_direct(aim_session_t *sess, aim_conn_t *conn, const char *msg)
+faim_export int aim_send_im_direct(aim_session_t *sess, aim_conn_t *conn, const char *msg, int len, int encoding)
+{
         struct aim_directim_intdata *intdata = (struct aim_directim_intdata *)conn->internal;
         aim_frame_t *fr;
+        aim_bstream_t hdrbs; /* XXX this should be within aim_frame_t */
+        if (!sess || !conn || (conn->type != AIM_CONN_TYPE_RENDEZVOUS))
+        aim_bstream_t *hdrbs;
+        int hdrlen = 0x44;
+        fu8_t *hdr;
+        if (!sess || !conn || !msg || (conn->type != AIM_CONN_TYPE_RENDEZVOUS))
                 return -EINVAL;
+        if (!(fr = aim_tx_new(sess, conn, AIM_FRAMETYPE_OFT, 0x01, strlen(msg))))
+               return -ENOMEM;
+        memcpy(fr->hdr.oft.magic, "ODC2", 4);
+        if (!(fr = aim_tx_new(sess, conn, AIM_FRAMETYPE_OFT, 0x01, len)))
+                return -ENOMEM;
+        memcpy(fr->hdr.rend.magic, "ODC2", 4);
+        fr->hdr.rend.hdrlen = hdrlen;
+        fr->hdr.oft.hdr2len = 0x44;
+        if (!(fr->hdr.oft.hdr2 = calloc(1, fr->hdr.oft.hdr2len))) {
+        if (!(hdr = calloc(1, hdrlen + len))) {
                 aim_frame_destroy(fr);
                 return -ENOMEM;
+        }
+        hdrbs = &(fr->data);
+        aim_bstream_init(hdrbs, hdr, hdrlen + len);
+        aimbs_put16(hdrbs, 0x0006);
+        aimbs_put16(hdrbs, 0x0000);
+        aimbs_putraw(hdrbs, intdata->cookie, 8);
+        aimbs_put16(hdrbs, 0x0000);
+        aimbs_put16(hdrbs, 0x0000);
+        aimbs_put16(hdrbs, 0x0000);
+        aimbs_put16(hdrbs, 0x0000);
+        aimbs_put32(hdrbs, len);
+        aimbs_put16(hdrbs, encoding);
+        aimbs_put16(hdrbs, 0x0000);
+        aimbs_put16(hdrbs, 0x0000);
+        aim_bstream_init(&hdrbs, fr->hdr.oft.hdr2, fr->hdr.oft.hdr2len);
+        aimbs_put16(&hdrbs, 0x0006);
+        aimbs_put16(&hdrbs, 0x0000);
+        aimbs_putraw(&hdrbs, intdata->cookie, 8);
+        aimbs_put16(&hdrbs, 0x0000);
+        aimbs_put16(&hdrbs, 0x0000);
+        aimbs_put16(&hdrbs, 0x0000);
+        aimbs_put16(&hdrbs, 0x0000);
+        aimbs_put32(&hdrbs, strlen(msg));
+        aimbs_put16(&hdrbs, 0x0000);
+        aimbs_put16(&hdrbs, 0x0000);
+        aimbs_put16(&hdrbs, 0x0000);
+        /* flags -- 0x000e for "typing", 0x0000 for message */
+        aimbs_put16(&hdrbs, msg ? 0x0000 : 0x000e);
+        aimbs_put16(&hdrbs, 0x0000);
+        aimbs_put16(&hdrbs, 0x0000);
+        aimbs_putraw(&hdrbs, sess->sn, strlen(sess->sn));
+        aim_bstream_setpos(&hdrbs, 52); /* bleeehh */
+        aimbs_put8(&hdrbs, 0x00);
+        aimbs_put16(&hdrbs, 0x0000);
+        aimbs_put16(&hdrbs, 0x0000);
+        aimbs_put16(&hdrbs, 0x0000);
+        aimbs_put16(&hdrbs, 0x0000);
+        aimbs_put16(&hdrbs, 0x0000);
+        aimbs_put16(&hdrbs, 0x0000);
+        aimbs_put16(&hdrbs, 0x0000);
+        /* flags -- 0x000e for "started typing", 0x0002 for "stopped typing, 0x0000 for message */
+        aimbs_put16(hdrbs, 0x0000);
+        aimbs_put16(hdrbs, 0x0000);
+        aimbs_put16(hdrbs, 0x0000);
+        aimbs_putraw(hdrbs, sess->sn, strlen(sess->sn));
+        aim_bstream_setpos(hdrbs, 52); /* bleeehh */
+        aimbs_put8(hdrbs, 0x00);
+        aimbs_put16(hdrbs, 0x0000);
+        aimbs_put16(hdrbs, 0x0000);
+        aimbs_put16(hdrbs, 0x0000);
+        aimbs_put16(hdrbs, 0x0000);
+        aimbs_put16(hdrbs, 0x0000);
+        aimbs_put16(hdrbs, 0x0000);
+        aimbs_put16(hdrbs, 0x0000);
+        aimbs_put8(hdrbs, 0x00);
         /* end of hdr2 */
+        if (msg) {
 #if 0 /* XXX this is how you send buddy icon info... */
                 i += aimutil_put16(newpacket->hdr.oft.hdr2+i, 0x0008);
                 i += aimutil_put16(newpacket->hdr.oft.hdr2+i, 0x000c);
                 i += aimutil_put16(newpacket->hdr.oft.hdr2+i, 0x0000);
                 i += aimutil_put16(newpacket->hdr.oft.hdr2+i, 0x1466);
                 i += aimutil_put16(newpacket->hdr.oft.hdr2+i, 0x0001);
                 i += aimutil_put16(newpacket->hdr.oft.hdr2+i, 0x2e0f);
                 i += aimutil_put16(newpacket->hdr.oft.hdr2+i, 0x393e);
                 i += aimutil_put16(newpacket->hdr.oft.hdr2+i, 0xcac8);
+        i += aimutil_put16(newpacket->hdr.oft.hdr2+i, 0x0008);
+        i += aimutil_put16(newpacket->hdr.oft.hdr2+i, 0x000c);
+        i += aimutil_put16(newpacket->hdr.oft.hdr2+i, 0x0000);
+        i += aimutil_put16(newpacket->hdr.oft.hdr2+i, 0x1466);
+        i += aimutil_put16(newpacket->hdr.oft.hdr2+i, 0x0001);
+        i += aimutil_put16(newpacket->hdr.oft.hdr2+i, 0x2e0f);
+        i += aimutil_put16(newpacket->hdr.oft.hdr2+i, 0x393e);
+        i += aimutil_put16(newpacket->hdr.oft.hdr2+i, 0xcac8);
 #endif
+                aimbs_putraw(&fr->data, msg, strlen(msg));
+        }
+        aimbs_putraw(hdrbs, msg, len);
         aim_tx_enqueue(sess, fr);
         return 0;
+}
 …
+ *
  */
 faim_export aim_conn_t *aim_sendfile_initiate(aim_session_t *sess, const char *destsn, const char *filename, fu16_t numfiles, fu32_t totsize)
+faim_export aim_conn_t *aim_sendfile_initiate(aim_session_t *sess, const char *destsn, const char *filename, fu16_t numfiles, fu32_t totsize, char *cookret)
+{
         aim_conn_t *newconn;
         aim_msgcookie_t *cookie;
         struct aim_directim_intdata *priv;
+        struct aim_filetransfer_priv *ft;
         int listenfd;
+        /* XXX allow different ports */
         fu16_t port = 4443;
         fu8_t localip[4];
 …
         cookie = (aim_msgcookie_t *)calloc(1, sizeof(aim_msgcookie_t));
         memcpy(cookie->cookie, ck, 8);
+        cookie->type = AIM_COOKIETYPE_OFTIM;
+        cookie->type = AIM_COOKIETYPE_OFTSEND;
+        memcpy(cookret, ck, 8);
         /* this one is for the cookie */
         priv = (struct aim_directim_intdata *)calloc(1, sizeof(struct aim_directim_intdata));
         memcpy(priv->cookie, ck, 8);
         strncpy(priv->sn, destsn, sizeof(priv->sn));
         cookie->data = priv;
+        ft = (struct aim_filetransfer_priv *)calloc(1, sizeof(struct aim_filetransfer_priv));
+        memcpy(ft->cookie, ck, 8);
+        strncpy(ft->sn, destsn, sizeof(ft->sn));
+        cookie->data = ft;
         aim_cachecookie(sess, cookie);
-        /* XXX switch to aim_cloneconn()? */
         if (!(newconn = aim_newconn(sess, AIM_CONN_TYPE_RENDEZVOUS_OUT, NULL))) {
                 close(listenfd);
 …
         /* this one is for the conn */
         priv = (struct aim_directim_intdata *)calloc(1, sizeof(struct aim_directim_intdata));
         memcpy(priv->cookie, ck, 8);
         strncpy(priv->sn, destsn, sizeof(priv->sn));
+        ft = (struct aim_filetransfer_priv *)calloc(1, sizeof(struct aim_filetransfer_priv));
+        memcpy(ft->cookie, ck, 8);
+        strncpy(ft->sn, destsn, sizeof(ft->sn));
         newconn->fd = listenfd;
         newconn->subtype = AIM_CONN_SUBTYPE_OFT_SENDFILE;
         newconn->internal = priv;
+        newconn->internal = ft;
         newconn->lastactivity = time(NULL);
 …
  * unsigned int aim_oft_listener_clean - close up old listeners
  * @sess: session to clean up in
  * @age: maximum age in seconds
+ * @age: maximum age in seconds
+ *
  * returns number closed, -1 on error.
  */
+faim_export unsigned int aim_oft_listener_clean(struct aim_session_t *sess, time_t age)
+{
+  struct aim_conn_t *cur;
+  time_t now;
+  unsigned int hit = 0;
+  if (!sess)
+    return -1;
+  now = time(NULL);
+  faim_mutex_lock(&sess->connlistlock);
+  for(cur = sess->connlist;cur; cur = cur->next)
+    if (cur->type == AIM_CONN_TYPE_RENDEZVOUS_OUT) {
+      faim_mutex_lock(&cur->active);
+      if (cur->lastactivity < (now - age) ) {
+        faim_mutex_unlock(&cur->active);
+        aim_conn_close(cur);
+        hit++;
+      } else
+        faim_mutex_unlock(&cur->active);
+    }
+  faim_mutex_unlock(&sess->connlistlock);
+  return hit;
+}
+#endif
+faim_export unsigned int aim_oft_listener_clean(aim_session_t *sess, time_t age)
+{
+        aim_conn_t *cur;
+        time_t now;
+        unsigned int hit = 0;
+        if (!sess)
+                return -1;
+        now = time(NULL);
+        for(cur = sess->connlist;cur; cur = cur->next)
+                if (cur->type == AIM_CONN_TYPE_RENDEZVOUS_OUT) {
+                        if (cur->lastactivity < (now - age) ) {
+                                aim_conn_close(cur);
+                                hit++;
+                        }
+                }
+        return hit;
+}
+#endif
 faim_export const char *aim_directim_getsn(aim_conn_t *conn)
 …
         if (!conn)
                return NULL;
+                return NULL;
         if ((conn->type != AIM_CONN_TYPE_RENDEZVOUS) ||
                         (conn->subtype != AIM_CONN_SUBTYPE_OFT_DIRECTIM))
                return NULL;
+                return NULL;
         if (!conn->internal)
 …
  * aim_directim_getconn - find a directim conn for buddy name
  * @sess: your session,
  * @name: the name to get,
+ * @name: the name to get,
+ *
  * returns conn for directim with name, %NULL if none found.
 …
  * @cookie: the cookie used
  * @ip: the ip to connect to
+ * @port: the port to use
+ * @rendid: capability type (%AIM_CAPS_GETFILE or %AIM_CAPS_SENDFILE)
+ *
  * @listingfiles: number of files to share
  * @listingtotsize: total size of shared files
  * @listingsize: length of the listing file(buffer)
  * @listingchecksum: checksum of the listing
- * @rendid: capability type (%AIM_CAPS_GETFILE or %AIM_CAPS_SENDFILE)
+ *
  * Returns new connection or %NULL on error.
 …
  * XXX this should take a struct.
  */
+faim_export aim_conn_t *aim_accepttransfer(aim_session_t *sess,
+                                                  aim_conn_t *conn,
+                                                  const char *sn, const fu8_t *cookie,
+                                                  const fu8_t *ip,
+                                                  fu16_t listingfiles,
+                                                  fu16_t listingtotsize,
+                                                  fu16_t listingsize,
+                                                  fu32_t listingchecksum,
+                                                  fu16_t rendid)
+{
+       return NULL;
+faim_export aim_conn_t *aim_accepttransfer(aim_session_t *sess, aim_conn_t *conn, const char *sn,
+                                                const fu8_t *cookie, const fu8_t *ip,
+                                                fu16_t port, fu16_t rendid, ...)
+{
+        aim_frame_t *newpacket;
+        aim_conn_t *newconn;
+        struct aim_filetransfer_priv *priv;
+        int i;
+        char addr[21];
+        if (!sess || !conn || !sn || !cookie || !ip) {
+                return NULL;
+        }
+        /* OSCAR CAP accept packet */
+        if (!(newpacket = aim_tx_new(sess, conn, AIM_FRAMETYPE_FLAP, 0x0002, 10+8+2+1+strlen(sn)+4+2+8+16))) {
+                return NULL;
+        }
+        aim_putsnac(&newpacket->data, 0x0004, 0x0006, 0x0000, sess->snacid_next);
+        for (i = 0; i < 8; i++)
+                aimbs_put8(&newpacket->data, cookie[i]);
+        aimbs_put16(&newpacket->data, 0x0002);
+        aimbs_put8(&newpacket->data, strlen(sn));
+        aimbs_putraw(&newpacket->data, sn, strlen(sn));
+        aimbs_put16(&newpacket->data, 0x0005);
+        aimbs_put16(&newpacket->data, 0x001a);
+        aimbs_put16(&newpacket->data, AIM_RENDEZVOUS_ACCEPT);
+        for (i = 0; i < 8; i++) /* yes, again... */
+                aimbs_put8(&newpacket->data, cookie[i]);
+        aim_putcap(&newpacket->data, rendid);
+        aim_tx_enqueue(sess, newpacket);
+        snprintf(addr, sizeof(addr), "%s:%d", ip, port);
+        newconn = aim_newconn(sess, AIM_CONN_TYPE_RENDEZVOUS, addr);
+        if (newconn->status & AIM_CONN_STATUS_CONNERR) {
+                return NULL;
+        }
+        if (!newconn || (newconn->fd == -1)) {
+                perror("aim_newconn");
+        faimdprintf(sess, 2, "could not connect to %s (fd: %i)\n", ip, newconn?newconn->fd:0);
+                return newconn;
+        }
+        priv = (struct aim_filetransfer_priv *)calloc(1, sizeof(struct aim_filetransfer_priv));
+        memcpy(priv->cookie, cookie, 8);
+        priv->state = 0;
+        strncpy(priv->sn, sn, MAXSNLEN);
+        strncpy(priv->ip, ip, sizeof(priv->ip));
+        newconn->internal = (void *)priv;
+        faimdprintf(sess, 2, "faim: connected to peer (fd = %d)\n", newconn->fd);
+        if (rendid == AIM_CAPS_GETFILE) {
+                return NULL; /* This should never happen for now. -- wtm */
 #if 0
+  struct command_tx_struct *newpacket, *newoft;
+  struct aim_conn_t *newconn;
+  struct aim_fileheader_t *fh;
+  struct aim_filetransfer_priv *priv;
+  struct aim_msgcookie_t *cachedcook;
+  int curbyte, i;
+  if (!sess || !conn || !sn || !cookie || !ip) {
+    return NULL;
+  }
+  newconn = aim_newconn(sess, AIM_CONN_TYPE_RENDEZVOUS, ip);
+  if (!newconn || (newconn->fd == -1)) {
+    perror("aim_newconn");
+    faimdprintf(sess, 2, "could not connect to %s (fd: %i)\n", ip, newconn?newconn->fd:0);
+    return newconn;
+  } else {
+    priv = (struct aim_filetransfer_priv *)calloc(1, sizeof(struct aim_filetransfer_priv));
+    memcpy(priv->cookie, cookie, 8);
+    priv->state = 0;
+    strncpy(priv->sn, sn, MAXSNLEN);
+    strncpy(priv->ip, ip, sizeof(priv->ip));
+    newconn->priv = (void *)priv;
+    faimdprintf(sess, 2, "faim: connected to peer (fd = %d)\n", newconn->fd);
+  }
+  if (rendid == AIM_CAPS_GETFILE)  {
+    newconn->subtype = AIM_CONN_SUBTYPE_OFT_GETFILE;
+      faimdprintf(sess, 2, "faim: getfile request accept\n");
+      if (!(newoft = aim_tx_new(sess, newconn, AIM_FRAMETYPE_OFT, 0x1108, 0))) {
+        faimdprintf(sess, 2, "faim: aim_accepttransfer: tx_new OFT failed\n");
+        /* XXX: conn leak here */
+        return NULL;
+      }
+      newoft->lock = 1;
+      memcpy(newoft->hdr.oft.magic, "OFT2", 4);
+      newoft->hdr.oft.hdr2len = 0x100 - 8;
+      if (!(fh = (struct aim_fileheader_t*)calloc(1, sizeof(struct aim_fileheader_t)))) {
+        /* XXX: conn leak here */
+        perror("calloc");
+        return NULL;
+      }
+      fh->encrypt = 0x0000;
+      fh->compress = 0x0000;
+      fh->totfiles = listingfiles;
+      fh->filesleft = listingfiles;      /* is this right -- total parts and parts left?*/
+      fh->totparts = 0x0001;
+      fh->partsleft = 0x0001;
+      fh->totsize = listingtotsize;
+      fh->size = listingsize;      /* ls -l listing.txt */
+      fh->modtime = (int)time(NULL); /* we'll go with current time for now */
+      fh->checksum = listingchecksum;
+      fh->rfcsum = 0x00000000;
+      fh->rfsize = 0x00000000;
+      fh->cretime = 0x00000000;
+      fh->rfcsum = 0x00000000;
+      fh->nrecvd = 0x00000000;
+      fh->recvcsum = 0x00000000;
+      memset(fh->idstring, 0, sizeof(fh->idstring));
+      memcpy(fh->idstring, "OFT_Windows ICBMFT V1.1 32", sizeof(fh->idstring));
+      fh->flags = 0x02;
+      fh->lnameoffset = 0x1a;
+      fh->lsizeoffset = 0x10;
+      memset(fh->dummy, 0, sizeof(fh->dummy));
+      memset(fh->macfileinfo, 0, sizeof(fh->macfileinfo));
+      /* we need to figure out these encodings for filenames */
+      fh->nencode = 0x0000;
+      fh->nlanguage = 0x0000;
+      memset(fh->name, 0, sizeof(fh->name));
+      memcpy(fh->name, "listing.txt", sizeof(fh->name));
+      if (!(newoft->hdr.oft.hdr2 = (char *)calloc(1,newoft->hdr.oft.hdr2len))) {
+        newoft->lock = 0;
+        aim_frame_destroy(newoft);
+        /* XXX: conn leak */
+        perror("calloc (1)");
+        return NULL;
+      }
+      memcpy(fh->bcookie, cookie, 8);
+      if (!(aim_oft_buildheader((unsigned char *)newoft->hdr.oft.hdr2, fh)))
+        faimdprintf(sess, 1, "eek, bh fail!\n");
+      newoft->lock = 0;
+      aim_tx_enqueue(sess, newoft);
+      if (!(cachedcook = (struct aim_msgcookie_t *)calloc(1, sizeof(struct aim_msgcookie_t)))) {
+        faimdprintf(sess, 1, "faim: accepttransfer: couldn't calloc cachedcook. yeep!\n");
+        /* XXX: more cleanup, conn leak */
+        perror("calloc (2)");
+        return NULL;
+      }
+      memcpy(&(priv->fh), fh, sizeof(struct aim_fileheader_t));
+      memcpy(cachedcook->cookie, cookie, 8);
+      cachedcook->type = AIM_COOKIETYPE_OFTGET;
+      cachedcook->data = (void *)priv;
+      if (aim_cachecookie(sess, cachedcook) == -1)
+        faimdprintf(sess, 1, "faim: ERROR caching message cookie\n");
+      free(fh);
+      /* OSCAR CAP accept packet */
+      if (!(newpacket = aim_tx_new(sess, conn, AIM_FRAMETYPE_OSCAR, 0x0002, 10+8+2+1+strlen(sn)+4+2+8+16))) {
+        return NULL;
+      }
+  } else {
+    return NULL;
+  }
+  newpacket->lock = 1;
+  curbyte = aim_putsnac(newpacket->data, 0x0004, 0x0006, 0x0000, sess->snac_nextid);
+  for (i = 0; i < 8; i++)
+    curbyte += aimutil_put8(newpacket->data+curbyte, cookie[i]);
+  curbyte += aimutil_put16(newpacket->data+curbyte, 0x0002);
+  curbyte += aimutil_put8(newpacket->data+curbyte, strlen(sn));
+  curbyte += aimutil_putstr(newpacket->data+curbyte, sn, strlen(sn));
+  curbyte += aimutil_put16(newpacket->data+curbyte, 0x0005);
+  curbyte += aimutil_put16(newpacket->data+curbyte, 0x001a);
+  curbyte += aimutil_put16(newpacket->data+curbyte, 0x0002 /* accept*/);
+  for (i = 0;i < 8; i++)
+    curbyte += aimutil_put8(newpacket->data+curbyte, cookie[i]);
+  curbyte += aim_putcap(newpacket->data+curbyte, 0x10, rendid);
+  newpacket->lock = 0;
+  aim_tx_enqueue(sess, newpacket);
+  return newconn;
+        struct aim_fileheader_t *fh;
+        aim_frame_t *newoft;
+        aim_msgcookie_t *cachedcook;
+        /* XXX take the following parameters    fu16_t listingfiles,
+                                                fu16_t listingtotsize,
+                                                fu16_t listingsize,
+                                                fu32_t listingchecksum, */
+        newconn->subtype = AIM_CONN_SUBTYPE_OFT_GETFILE;
+        faimdprintf(sess, 2, "faim: getfile request accept\n");
+        if (!(newoft = aim_tx_new(sess, newconn, AIM_FRAMETYPE_OFT, 0x1108, 0))) {
+                faimdprintf(sess, 2, "faim: aim_accepttransfer: tx_new OFT failed\n");
+                /* XXX: conn leak here */
+                return NULL;
+        }
+        memcpy(newoft->hdr.oft.magic, "OFT2", 4);
+        newoft->hdr.oft.hdr2len = 0x100 - 8;
+        if (!(fh = (struct aim_fileheader_t*)calloc(1, sizeof(struct aim_fileheader_t)))) {
+                /* XXX: conn leak here */
+                perror("calloc");
+                return NULL;
+        }
+        fh->encrypt = 0x0000;
+        fh->compress = 0x0000;
+        fh->totfiles = listingfiles;
+        fh->filesleft = listingfiles; /* is this right -- total parts and parts left?*/
+        fh->totparts = 0x0001;
+        fh->partsleft = 0x0001;
+        fh->totsize = listingtotsize;
+        fh->size = listingsize; /* ls -l listing.txt */
+        fh->modtime = (int)time(NULL); /* we'll go with current time for now */
+        fh->checksum = listingchecksum;
+        fh->rfcsum = 0x00000000;
+        fh->rfsize = 0x00000000;
+        fh->cretime = 0x00000000;
+        fh->rfcsum = 0x00000000;
+        fh->nrecvd = 0x00000000;
+        fh->recvcsum = 0x00000000;
+        memset(fh->idstring, 0, sizeof(fh->idstring));
+        strncpy(fh->idstring, "OFT_Windows ICBMFT V1.1 32", sizeof(fh->idstring));
+        fh->flags = 0x02;
+        fh->lnameoffset = 0x1a;
+        fh->lsizeoffset = 0x10;
+        memset(fh->dummy, 0, sizeof(fh->dummy));
+        memset(fh->macfileinfo, 0, sizeof(fh->macfileinfo));
+        /* we need to figure out these encodings for filenames */
+        fh->nencode = 0x0000;
+        fh->nlanguage = 0x0000;
+        memset(fh->name, 0, sizeof(fh->name));
+        strncpy(fh->name, "listing.txt", sizeof(fh->name));
+        if (!(newoft->hdr.oft.hdr2 = (char *)calloc(1,newoft->hdr.oft.hdr2len))) {
+                aim_frame_destroy(newoft);
+                /* XXX: conn leak */
+                perror("calloc (1)");
+                return NULL;
+        }
+        memcpy(fh->bcookie, cookie, 8);
+        if (!(aim_oft_buildheader((unsigned char *)newoft->hdr.oft.hdr2, fh)))
+                faimdprintf(sess, 1, "eek, bh fail!\n");
+        aim_tx_enqueue(sess, newoft);
+        if (!(cachedcook = (aim_msgcookie_t *)calloc(1, sizeof(aim_msgcookie_t)))) {
+                faimdprintf(sess, 1, "faim: accepttransfer: couldn't calloc cachedcook. yeep!\n");
+                /* XXX: more cleanup, conn leak */
+                perror("calloc (2)");
+                return NULL;
+        }
+        memcpy(&(priv->fh), fh, sizeof(struct aim_fileheader_t));
+        memcpy(cachedcook->cookie, cookie, 8);
+        cachedcook->type = AIM_COOKIETYPE_OFTGET;
+        /* XXX doesn't priv need to be copied so we don't
+         * double free? -- wtm
+         */
+        cachedcook->data = (void *)priv;
+        if (aim_cachecookie(sess, cachedcook) == -1)
+                faimdprintf(sess, 1, "faim: ERROR caching message cookie\n");
+        free(fh);
 #endif
+        } else if (rendid == AIM_CAPS_SENDFILE) {
+                newconn->subtype = AIM_CONN_SUBTYPE_OFT_SENDFILE;
+                priv->fh.recvcsum = 0xffff0000;
+        } else {
+                return NULL;
+        }
+        return newconn;
+}
+/* conn is a BOS connection over which to send the cancel msg */
+faim_export int aim_canceltransfer(aim_session_t *sess, aim_conn_t *conn,
+                const char *cookie, const char *sn, int rendid)
+{
+        aim_frame_t *newpacket;
+        int i;
+        if (!(newpacket = aim_tx_new(sess, conn, AIM_FRAMETYPE_FLAP, 0x0002, 10+8+2+1+strlen(sn)+4+2+8+16))) {
+                return 1;
+        }
+        aim_putsnac(&newpacket->data, 0x0004, 0x0006, 0x0000, sess->snacid_next);
+        for (i = 0; i < 8; i++)
+                aimbs_put8(&newpacket->data, cookie[i]);
+        aimbs_put16(&newpacket->data, 0x0002);
+        aimbs_put8(&newpacket->data, strlen(sn));
+        aimbs_putraw(&newpacket->data, sn, strlen(sn));
+        aimbs_put16(&newpacket->data, 0x0005);
+        aimbs_put16(&newpacket->data, 0x001a);
+        aimbs_put16(&newpacket->data, AIM_RENDEZVOUS_CANCEL);
+        for (i = 0; i < 8; i++)
+                aimbs_put8(&newpacket->data, cookie[i]);
+        aim_putcap(&newpacket->data, rendid);
+        aim_tx_enqueue(sess, newpacket);
+        return 0;
+}
 /**
  * aim_getlisting(FILE *file) -- get an aim_fileheader_t for a given FILE*
  *  @file is an opened listing file
+ * @file is an opened listing file
+ *
  * returns a pointer to the filled-in fileheader_t
 …
         return NULL;
 #if 0
   struct aim_fileheader_t *fh;
   u_long totsize = 0, size = 0, checksum = 0xffff0000;
   short totfiles = 0;
   char *linebuf, sizebuf[9];
+  int linelength = 1024;
+  /* XXX: if we have a line longer than 1024chars, God help us. */
+  if ( (linebuf = (char *)calloc(1, linelength)) == NULL ) {
     faimdprintf(sess, 2, "linebuf calloc failed\n");
+    return NULL;
+  }
+  if (fseek(file, 0, SEEK_END) == -1) { /* use this for sanity check */
     perror("getlisting END1 fseek:");
+    faimdprintf(sess, 2, "getlising fseek END1 error\n");
+  }
+  if ((size = ftell(file)) == -1) {
     perror("getlisting END1 getpos:");
+    faimdprintf(sess, 2, "getlising getpos END1 error\n");
+  }
+  if (fseek(file, 0, SEEK_SET) != 0) {
     perror("getlesting fseek(SET):");
+    faimdprintf(sess, 2, "faim: getlisting: couldn't seek to beginning of listing file\n");
+  }
+  memset(linebuf, 0, linelength);
+  size = 0;
+  while(fgets(linebuf,  linelength, file)) {
     totfiles++;
+    memset(sizebuf, 0, 9);
+    size += strlen(linebuf);
+    if (strlen(linebuf) < 23) {
       faimdprintf(sess, 2, "line \"%s\" too short. skipping\n", linebuf);
+      continue;
+    }
     if (linebuf[strlen(linebuf)-1] != '\n') {
       faimdprintf(sess, 2, "faim: OFT: getlisting -- hit EOF or line too long!\n");
+    }
     memcpy(sizebuf, linebuf+17, 8);
     totsize += strtol(sizebuf, NULL, 10);
     memset(linebuf, 0, linelength);
+  }
   if (fseek(file, 0, SEEK_SET) == -1) {
     perror("getlisting END2 fseek:");
     faimdprintf(sess, 2, "getlising fseek END2 error\n");
+  }
   free(linebuf);
   /* we're going to ignore checksumming the data for now -- that
    * requires walking the whole listing.txt. it should probably be
+   * done at register time and cached, but, eh. */
   if (!(fh = (struct aim_fileheader_t*)calloc(1, sizeof(struct aim_fileheader_t))))
     return NULL;
   fh->encrypt     = 0x0000;
+  fh->compress    = 0x0000;
   fh->totfiles    = totfiles;
   fh->filesleft   = totfiles; /* is this right ?*/
   fh->totparts    = 0x0001;
   fh->partsleft   = 0x0001;
   fh->totsize     = totsize;
   fh->size        = size; /* ls -l listing.txt */
   fh->modtime     = (int)time(NULL); /* we'll go with current time for now */
   fh->checksum    = checksum; /* XXX: checksum ! */
   fh->rfcsum      = 0x00000000;
   fh->rfsize      = 0x00000000;
   fh->cretime     = 0x00000000;
   fh->rfcsum      = 0x00000000;
   fh->nrecvd      = 0x00000000;
   fh->recvcsum    = 0x00000000;
   /*  memset(fh->idstring, 0, sizeof(fh->idstring)); */
   memcpy(fh->idstring, "OFT_Windows ICBMFT V1.1 32", sizeof(fh->idstring));
   memset(fh->idstring+strlen(fh->idstring), 0, sizeof(fh->idstring)-strlen(fh->idstring));
   fh->flags       = 0x02;
   fh->lnameoffset = 0x1a;
   fh->lsizeoffset = 0x10;
   /*  memset(fh->dummy, 0, sizeof(fh->dummy)); */
   memset(fh->macfileinfo, 0, sizeof(fh->macfileinfo));
   fh->nencode     = 0x0000; /* we need to figure out these encodings for filenames */
   fh->nlanguage   = 0x0000;
   /*  memset(fh->name, 0, sizeof(fh->name)); */
   memcpy(fh->name, "listing.txt", sizeof(fh->name));
   memset(fh->name+strlen(fh->name), 0, 64-strlen(fh->name));
   faimdprintf(sess, 2, "faim: OFT: listing fh name %s / %s\n", fh->name, (fh->name+(strlen(fh->name))));
   return fh;
+        struct aim_fileheader_t *fh;
+        u_long totsize = 0, size = 0, checksum = 0xffff0000;
+        short totfiles = 0;
+        char *linebuf, sizebuf[9];
+        int linelength = 1024;
+        /* XXX: if we have a line longer than 1024chars, God help us. */
+        if ((linebuf = (char *)calloc(1, linelength)) == NULL ) {
+                faimdprintf(sess, 2, "linebuf calloc failed\n");
+                return NULL;
+        }
+        if (fseek(file, 0, SEEK_END) == -1) { /* use this for sanity check */
+                perror("getlisting END1 fseek:");
+                faimdprintf(sess, 2, "getlising fseek END1 error\n");
+        }
+        if ((size = ftell(file)) == -1) {
+                perror("getlisting END1 getpos:");
+                faimdprintf(sess, 2, "getlising getpos END1 error\n");
+        }
+        if (fseek(file, 0, SEEK_SET) != 0) {
+                perror("getlesting fseek(SET):");
+                faimdprintf(sess, 2, "faim: getlisting: couldn't seek to beginning of listing file\n");
+        }
+        memset(linebuf, 0, linelength);
+        size = 0;
+        while(fgets(linebuf, linelength, file)) {
+                totfiles++;
+                memset(sizebuf, 0, 9);
+                size += strlen(linebuf);
+                if (strlen(linebuf) < 23) {
+                        faimdprintf(sess, 2, "line \"%s\" too short. skipping\n", linebuf);
+                        continue;
+                }
+                if (linebuf[strlen(linebuf)-1] != '\n') {
+                        faimdprintf(sess, 2, "faim: OFT: getlisting -- hit EOF or line too long!\n");
+                }
+                memcpy(sizebuf, linebuf+17, 8);
+                totsize += strtol(sizebuf, NULL, 10);
+                memset(linebuf, 0, linelength);
+        }
+        if (fseek(file, 0, SEEK_SET) == -1) {
+                perror("getlisting END2 fseek:");
+                faimdprintf(sess, 2, "getlising fseek END2 error\n");
+        }
+        free(linebuf);
+        /* we're going to ignore checksumming the data for now -- that
+         * requires walking the whole listing.txt. it should probably be
+         * done at register time and cached, but, eh. */
+        if (!(fh = (struct aim_fileheader_t*)calloc(1, sizeof(struct aim_fileheader_t))))
+                return NULL;
+        fh->encrypt = 0x0000;
+        fh->compress = 0x0000;
+        fh->totfiles = totfiles;
+        fh->filesleft = totfiles; /* is this right? */
+        fh->totparts = 0x0001;
+        fh->partsleft = 0x0001;
+        fh->totsize = totsize;
+        fh->size = size; /* ls -l listing.txt */
+        fh->modtime = (int)time(NULL); /* we'll go with current time for now */
+        fh->checksum = checksum; /* XXX: checksum ! */
+        fh->rfcsum = 0x00000000;
+        fh->rfsize = 0x00000000;
+        fh->cretime = 0x00000000;
+        fh->rfcsum = 0x00000000;
+        fh->nrecvd = 0x00000000;
+        fh->recvcsum = 0x00000000;
+        /* memset(fh->idstring, 0, sizeof(fh->idstring)); */
+        memcpy(fh->idstring, "OFT_Windows ICBMFT V1.1 32", sizeof(fh->idstring));
+        memset(fh->idstring+strlen(fh->idstring), 0, sizeof(fh->idstring)-strlen(fh->idstring));
+        fh->flags = 0x02;
+        fh->lnameoffset = 0x1a;
+        fh->lsizeoffset = 0x10;
+        /* memset(fh->dummy, 0, sizeof(fh->dummy)); */
+        memset(fh->macfileinfo, 0, sizeof(fh->macfileinfo));
+        fh->nencode = 0x0000; /* we need to figure out these encodings for filenames */
+        fh->nlanguage = 0x0000;
+        /* memset(fh->name, 0, sizeof(fh->name)); */
+        strncpy(fh->name, "listing.txt", sizeof(fh->name));
+        memset(fh->name+strlen(fh->name), 0, 64-strlen(fh->name));
+        faimdprintf(sess, 2, "faim: OFT: listing fh name %s / %s\n", fh->name, (fh->name+(strlen(fh->name))));
+        return fh;
 #endif
+}
 …
 /**
  * aim_listenestablish - create a listening socket on a port.
  * @portnum: the port number to bind to.
+ * @portnum: the port number to bind to.
+ *
  * you need to call accept() when it's connected. returns your fd
 …
         ressave = res;
         do {
                 listenfd = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
+                listenfd = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
                 if (listenfd < 0)
                         continue;
 …
+        }
+        fcntl(listenfd, F_SETFL, O_NONBLOCK);
         freeaddrinfo(ressave);
         return listenfd;
 …
                 return -1;
+        }
+        fcntl(listenfd, F_SETFL, O_NONBLOCK);
         return listenfd;
 #endif
 …
                 int ret = 0;
                 char *listing;
                 struct command_tx_struct *newoft;
+                aim_frame_t *newoft;
                 if (!(listing = malloc(ft->fh.size)))
 …
                 if (!(newoft = aim_tx_new(sess, conn, AIM_FRAMETYPE_OFT, 0x120b, 0))) {
                         faimdprintf(sess, 2, "faim: aim_get_command_rendezvous: getfile listing: tx_new OFT failed\n");
-                        faim_mutex_unlock(&conn->active);
                         free(listing);
                         aim_conn_close(conn);
 …
                 /* waiting on file data */
                 if ( (userfunc = aim_callhandler(sess, conn, AIM_CB_FAM_OFT, AIM_CB_OFT_GETFILERECEIVE)) )
+                        return userfunc(sess, NULL, conn, ft);
+                        return userfunc(sess, NULL, conn, ft->fh.name,
+                                        ft->fh.size);
                 return 0;
+        }
 …
+{
         aim_msgcookie_t *cook;
         struct aim_filetransfer_priv *priv = (struct aim_filetransfer_priv *)conn->priv;
+        struct aim_filetransfer_priv *priv = (struct aim_filetransfer_priv *)conn->internal;
         cook = aim_uncachecookie(sess, priv->cookie, AIM_COOKIETYPE_OFTSEND);
 …
 static void connkill_sendfile(aim_session_t *sess, aim_conn_t *conn)
+{
         free(conn->internal);
 …
 static void connclose_getfile(aim_session_t *sess, aim_conn_t *conn)
+{
+#if 0
         aim_msgcookie_t *cook;
         struct aim_filetransfer_priv *priv = (struct aim_filetransfer_priv *)conn->priv;
 …
         cook = aim_uncachecookie(sess, priv->cookie, AIM_COOKIETYPE_OFTGET);
         aim_cookie_free(sess, cook);
+#endif
         return;
+}
 …
+}
 static int handlehdr_directim(aim_session_t *sess, aim_conn_t *conn, fu8_t *hdr)
+static int handlehdr_directim(aim_session_t *sess, aim_conn_t *conn, aim_bstream_t *bs)
+{
         aim_frame_t fr;
         aim_rxcallback_t userfunc;
         fu32_t payloadlength;
         fu16_t flags;
+        fu16_t flags, encoding;
         char *snptr = NULL;
         fr.conn = conn;
+        payloadlength = aimutil_get32(hdr+22);
+        flags = aimutil_get16(hdr+32);
+        snptr = (char *)hdr+38;
+        /* XXX ugly */
+        aim_bstream_setpos(bs, 20);
+        payloadlength = aimbs_get32(bs);
+        aim_bstream_setpos(bs, 24);
+        encoding = aimbs_get16(bs);
+        aim_bstream_setpos(bs, 30);
+        flags = aimbs_get16(bs);
+        aim_bstream_setpos(bs, 36);
+        /* XXX -create an aimbs_getnullstr function? */
+        snptr = aimbs_getstr(bs, MAXSNLEN);
         faimdprintf(sess, 2, "faim: OFT frame: handlehdr_directim: %04x / %04x / %s\n", payloadlength, flags, snptr);
         if (flags == 0x000e) {
+        if (flags & 0x0002) {
                 int ret = 0;
+                if (flags == 0x000c) {
+                        if ((userfunc = aim_callhandler(sess, conn, AIM_CB_FAM_OFT, AIM_CB_OFT_DIRECTIMTYPING)))
+                                ret = userfunc(sess, &fr, snptr, 1);
+                        return ret;
+                }
                 if ((userfunc = aim_callhandler(sess, conn, AIM_CB_FAM_OFT, AIM_CB_OFT_DIRECTIMTYPING)))
                         ret = userfunc(sess, &fr, snptr);
+                        ret = userfunc(sess, &fr, snptr, 0);
                 return ret;
         } else if ((flags == 0x0000) && payloadlength) {
                 char *msg;
+        } else if (((flags & 0x000f) == 0x0000) && payloadlength) {
+                char *msg, *msg2;
                 int ret = 0;
+                int recvd = 0;
+                int i;
                 if (!(msg = calloc(1, payloadlength+1)))
                         return -1;
+                if (aim_recv(conn->fd, msg, payloadlength) < payloadlength) {
+                        free(msg);
+                        return -1;
+                msg2 = msg;
+                while (payloadlength - recvd) {
+                        if (payloadlength - recvd >= 1024)
+                                i = aim_recv(conn->fd, msg2, 1024);
+                        else
+                                i = aim_recv(conn->fd, msg2, payloadlength - recvd);
+                        if (i <= 0) {
+                                free(msg);
+                                return -1;
+                        }
+                        recvd = recvd + i;
+                        msg2 = msg2 + i;
+                        if ((userfunc=aim_callhandler(sess, conn, AIM_CB_FAM_SPECIAL, AIM_CB_SPECIAL_IMAGETRANSFER)))
+                                userfunc(sess, &fr, snptr, (double)recvd / payloadlength);
+                }
+                msg[payloadlength] = '\0';
                 if ( (userfunc = aim_callhandler(sess, conn, AIM_CB_FAM_OFT, AIM_CB_OFT_DIRECTIMINCOMING)) )
                         ret = userfunc(sess, &fr, snptr, msg);
+                        ret = userfunc(sess, &fr, snptr, msg, payloadlength, encoding);
                 free(msg);
 …
         struct aim_fileheader_t *fh;
         struct aim_msgcookie_t *cook;
         struct command_tx_struct *newoft;
+        aim_frame_t *newoft;
         aim_rxcallback_t userfunc;
 …
                 faimdprintf(sess, 1, "error caching cookie\n");
                 return -1;
+        }
+        }
         if (!(newoft = aim_tx_new(sess, conn, AIM_FRAMETYPE_OFT, 0x1209, 0))) {
 …
         if (!(cook = aim_checkcookie(sess, fh->bcookie, AIM_COOKIETYPE_OFTGET)))
                 faimdprintf(sess, 2, "shit, no cookie in 0x1209. (%i/%s)going to crash..\n",  AIM_COOKIETYPE_OFTGET, fh->bcookie);
+                faimdprintf(sess, 2, "shit, no cookie in 0x1209. (%i/%s)going to crash..\n", AIM_COOKIETYPE_OFTGET, fh->bcookie);
         ft = cook->data;
 …
 #if 0
         struct aim_filetransfer_priv *ft;
         struct aim_msgcookie_t *cook;
+        aim_msgcookie_t *cook;
         struct aim_fileheader_t *fh;
         struct command_tx_struct *newoft;
+        aim_frame_t *newoft;
         int i = 0;
         aim_rxcallback_t userfunc;
 …
+        }
-        newoft->lock = 1;
         memcpy(newoft->hdr.oft.magic, "OFT2", 4);
         newoft->hdr.oft.hdr2len = 0x100 - 8;
 …
         aim_oft_buildheader((unsigned char *)newoft->hdr.oft.hdr2, &(ft->fh));
-        newoft->lock = 0;
         aim_tx_enqueue(sess, newoft);
 …
+}
+/* We are receiving a file, and the buddy sent us this header describing
+ * it.  We send back a similar header to confirm, then we're ready to
+ * start reading the raw data.
+ */
+static int handlehdr_sendfile_sending(aim_session_t *sess, aim_conn_t *conn, aim_bstream_t *bs)
+{
+        struct aim_filetransfer_priv *ft;
+        struct aim_fileheader_t *fh;
+        aim_frame_t *newoft;
+        aim_rxcallback_t userfunc;
+        fh = aim_oft_getfh(bs);
+        /* We receive a null cookie for the first file; we must fill
+         * it in to authenticate ourselves. -- wtm
+         */
+        ft = conn->internal;
+        memcpy(&(fh->bcookie), ft->cookie, 8);
+        memcpy(&(ft->fh), fh, sizeof(struct aim_fileheader_t));
+        free(fh);
+        if (!(newoft = aim_tx_new(sess, conn, AIM_FRAMETYPE_OFT, AIM_OFT_PROTO_ACCEPT, 0))) {
+                faimdprintf(sess, 2, "faim: send_final_transfer: tx_new OFT failed\n");
+                return -1;
+        }
+        if (aim_oft_buildheader(&(newoft->data), &(ft->fh)) == -1) {
+                return -1;
+        }
+        memcpy(newoft->hdr.rend.magic, "OFT2", 4);
+        newoft->hdr.rend.hdrlen = aim_bstream_curpos(&newoft->data);
+        aim_tx_enqueue(sess, newoft);
+        if ( (userfunc = aim_callhandler(sess, conn, AIM_CB_FAM_OFT, AIM_CB_OFT_SENDFILEFILEREQ)) == NULL)
+                return 1;
+        {
+                char *cur;
+                /* Convert the directory separator: it is sent
+                 * as ^A (0x01).
+                 */
+                while ((cur = strchr(ft->fh.name, 0x01))) {
+                        *cur = G_DIR_SEPARATOR;
+                }
+        }
+        return userfunc(sess, NULL, conn, &(ft->fh));
+}
+/*
+ * These were originally described by Josh Myer:
+ * http://www.geocrawler.com/archives/3/896/2000/9/0/4291064/
+ * XXX this doesn't actually work yet
+ * -- wtm
+ */
+static int handlehdr_sendfile_resume(aim_session_t *sess, aim_conn_t *conn, aim_bstream_t *bs) {
+        aim_frame_t *newoft;
+        aim_msgcookie_t *cook;
+        struct aim_fileheader_t *fh;
+        struct aim_filetransfer_priv *ft;
+        fh = aim_oft_getfh(bs);
+        if (!(cook = aim_checkcookie(sess, fh->bcookie, AIM_COOKIETYPE_OFTSEND))) {
+                free(fh);
+                return -1;
+        }
+        ft = (struct aim_filetransfer_priv *)cook->data;
+        ft->fh.nrecvd = fh->nrecvd;
+        ft->fh.recvcsum = fh->recvcsum;
+        strncpy(ft->fh.name, fh->name, sizeof(ft->fh.name));
+        if (!(newoft = aim_tx_new(sess, conn, AIM_FRAMETYPE_OFT, 0x0106, 0))) {
+                faimdprintf(sess, 2, "faim: aim_accepttransfer: tx_new OFT failed\n");
+                free(fh);
+                return -1;
+        }
+        if (aim_oft_buildheader(&(newoft->data), &(ft->fh)) == -1) {
+                aim_frame_destroy(newoft);
+                free(fh);
+                return -1;
+        }
+        memcpy(newoft->hdr.rend.magic, "OFT2", 4);
+        newoft->hdr.rend.hdrlen = aim_bstream_curpos(&newoft->data);
+        aim_tx_enqueue(sess, newoft);
+        free(fh);
+        return 0;
+}
+/* We are sending a file, and the buddy sent us this header indicating
+ * that he or she is ready for the raw data.
+ */
+static int handlehdr_sendfile_recv(aim_session_t *sess, aim_conn_t *conn, aim_bstream_t *bs) {
+        struct aim_fileheader_t *fh;
+        aim_msgcookie_t *cook;
+        int ret = 1;
+        struct aim_filetransfer_priv *ft;
+        aim_rxcallback_t userfunc;
+        fh = aim_oft_getfh(bs);
+        if (!(cook = aim_checkcookie(sess, fh->bcookie, AIM_COOKIETYPE_OFTSEND))) {
+                free(fh);
+                return -1;
+        }
+        ft = (struct aim_filetransfer_priv *)cook->data;
+        if ( (userfunc = aim_callhandler(sess, conn, AIM_CB_FAM_OFT, AIM_CB_OFT_SENDFILEFILESEND)) )
+                ret = userfunc(sess, NULL, conn, &(ft->fh));
+        free(fh);
+        return ret;
+}
 static int handlehdr_getfile_recv(aim_session_t *sess, aim_conn_t *conn, fu8_t *hdr)
+{
 #if 0
         struct aim_fileheader_t *fh;
-        struct aim_filetransfer_priv *ft;
         struct aim_msgcookie_t *cook;
         int ret = 1;
         aim_rxcallback_t userfunc;
+        struct aim_filetransfer_priv *ft;
         fh = aim_oft_getfh(hdr);
 …
+}
+/* We just sent the raw data of a file, and the buddy sent us back this
+ * header indicating that the transfer is complete.
+ */
+static int handlehdr_sendfile_finish(aim_session_t *sess, aim_conn_t *conn, aim_bstream_t *bs)
+{
+        struct aim_fileheader_t *fh;
+        aim_msgcookie_t *cook;
+        aim_rxcallback_t userfunc;
+        fh = aim_oft_getfh(bs);
+        if (!(cook = aim_checkcookie(sess, fh->bcookie, AIM_COOKIETYPE_OFTSEND))) {
+                free(fh);
+                return -1;
+        }
+        if ( (userfunc = aim_callhandler(sess, conn, AIM_CB_FAM_OFT, AIM_CB_OFT_SENDFILECOMPLETE)) )
+                userfunc(sess, NULL, conn, fh->bcookie);
+        free(fh);
+        return 0;
+}
 static int handlehdr_getfile_finish(aim_session_t *sess, aim_conn_t *conn, fu8_t *hdr)
+{
 …
+}
+/**
+ * aim_get_command_rendezvous - OFT equivalent of aim_get_command
+ * @sess: session to work on
+ * @conn: conn to pull data from
+ *
+ * this reads and handles data from conn->fd. currently a little rough
+ * around the edges
+ */
+faim_internal int aim_get_command_rendezvous(aim_session_t *sess, aim_conn_t *conn)
+{
+        fu8_t hdrbuf1[6];
+        fu8_t *hdr = NULL;
+        int hdrlen, hdrtype;
+faim_internal int aim_rxdispatch_rendezvous(aim_session_t *sess, aim_frame_t *fr)
+{
+        aim_conn_t *conn = fr->conn;
+        aim_bstream_t *bs = &fr->data;
         int ret = -1;
+        if (!sess || !conn)
+                return -1;
+        memset(hdrbuf1, 0, sizeof(hdrbuf1));
+        /* I guess? I didn't understand any of that mess... */
+        if (conn->subtype == AIM_CONN_SUBTYPE_OFT_GETFILE)
+        if (conn->subtype == AIM_CONN_SUBTYPE_OFT_GETFILE) {
+                /* This should never happen. -- wtm */
                 return getcommand_getfile(sess, conn);
+        /* XXX fix all the error cases here */
+        if (aim_recv(conn->fd, hdrbuf1, 6) < 6) {
+                faimdprintf(sess, 2, "faim: rend: read error (fd: %i)\n", conn->fd);
+                aim_conn_close(conn);
+                return -1;
+        }
+        hdrlen = aimutil_get16(hdrbuf1+4);
+        hdrlen -= 6;
+        hdr = malloc(hdrlen);
+        if (aim_recv(conn->fd, hdr, hdrlen) < hdrlen) {
+                faimdprintf(sess, 2, "faim: rend: read2 error on %d (%d)\n", conn->fd, hdrlen);
+                free(hdr);
+                aim_conn_close(conn);
+                return -1;
+        }
+        hdrtype = aimutil_get16(hdr);
+        if (hdrtype == 0x0001)
+                ret = handlehdr_directim(sess, conn, hdr);
+        else if (hdrtype == 0x1108) /* getfile listing.txt incoming tx->rx */
+                ret = handlehdr_getfile_listing(sess, conn, hdr);
+        else if (hdrtype == 0x1209) /* get file listing ack rx->tx */
+                ret = handlehdr_getfile_listing2(sess, conn, hdr);
+        else if (hdrtype == 0x120b) /* get file listing rx confirm */
+                ret = handlehdr_getfile_listing3(sess, conn, hdr);
+        else if (hdrtype == 0x120c) /* getfile request */
+                ret = handlehdr_getfile_request(sess, conn, hdr);
+        else if (hdrtype == 0x0101) /* getfile sending data */
+                ret = handlehdr_getfile_sending(sess, conn, hdr);
+        else if (hdrtype == 0x0202) /* getfile recv data */
+                ret = handlehdr_getfile_recv(sess, conn, hdr);
+        else if (hdrtype == 0x0204) /* getfile finished */
+                ret = handlehdr_getfile_finish(sess, conn, hdr);
+        else {
+                faimdprintf(sess, 2,"faim: OFT frame: uknown type %04x\n", hdrtype);
+                ret = -1;
+        } else if (conn->subtype == AIM_CONN_SUBTYPE_OFT_SENDFILE) {
+                switch(fr->hdr.rend.type) {
+                        case AIM_OFT_PROTO_OFFER:
+                                ret = handlehdr_sendfile_sending(sess, conn, bs);
+                                break;
+                        case AIM_OFT_PROTO_RESUME:
+                                ret = handlehdr_sendfile_resume(sess, conn, bs);
+                                break;
+                        case AIM_OFT_PROTO_RESUMEACCEPT: /* like _ACCEPT */;
+                        case AIM_OFT_PROTO_ACCEPT:
+                                ret = handlehdr_sendfile_recv(sess, conn, bs);
+                                break;
+                        case AIM_OFT_PROTO_ACK:
+                                ret = handlehdr_sendfile_finish(sess, conn, bs);
+                                break;
+                        default:
+                                faimdprintf(sess, 2, "faim: OFT frame: uknown type %04x\n", fr->hdr.rend.type);
+                                ret = -1;
+                                break;
+                }
+        } else if (conn->subtype == AIM_CONN_SUBTYPE_OFT_DIRECTIM) {
+                if (fr->hdr.rend.type == 0x0001)
+                        ret = handlehdr_directim(sess, conn, bs);
+                else
+                        faimdprintf(sess, 0, "faim: DIM frame: unknown type %04x\n", fr->hdr.rend.type);
+        } else if (conn->subtype == AIM_CONN_SUBTYPE_OFT_GETFILE) {
+                /* This _really_ shouldn't happen. :) -- wtm */
+                char *hdr = NULL;
+                int hdrtype = fr->hdr.rend.type;
+                if (hdrtype == 0x1108) /* getfile listing.txt incoming tx->rx */
+                        ret = handlehdr_getfile_listing(sess, conn, hdr);
+                else if (hdrtype == 0x1209) /* get file listing ack rx->tx */
+                        ret = handlehdr_getfile_listing2(sess, conn, hdr);
+                else if (hdrtype == 0x120b) /* get file listing rx confirm */
+                        ret = handlehdr_getfile_listing3(sess, conn, hdr);
+                else if (hdrtype == 0x120c) /* getfile request */
+                        ret = handlehdr_getfile_request(sess, conn, hdr);
+                else if (hdrtype == 0x0101) /* getfile sending data */
+                        ret = handlehdr_getfile_sending(sess, conn, hdr);
+                else if (hdrtype == 0x0202) /* getfile recv data */
+                        ret = handlehdr_getfile_recv(sess, conn, hdr);
+                else if (hdrtype == 0x0204) /* getfile finished */
+                        ret = handlehdr_getfile_finish(sess, conn, hdr);
+                else {
+                        faimdprintf(sess, 2,"faim: OFT frame: uknown type %04x\n", hdrtype);
+                        ret = -1;
+                }
+        }
-        free(hdr);
         if (ret == -1)
                 aim_conn_close(conn);
 …
+}
-#if 0
 /**
  * aim_oft_getfh - extracts an &aim_fileheader_t from buffer hdr.
+ * @hdr: buffer to extract header from
+ *
+ * returns pointer to new struct on success; %NULL on error.
+ *
+ */
+static struct aim_fileheader_t *aim_oft_getfh(unsigned char *hdr)
+{
+  struct aim_fileheader_t *fh;
+  int i, j;
+  if (!(fh = calloc(1, sizeof(struct aim_fileheader_t))))
+    return NULL;
+  /* [0] and [1] are the type. we can ignore those here. */
+  i = 2;
+  for(j = 0; j < 8; j++, i++)
+    fh->bcookie[j] = hdr[i];
+  fh->encrypt = aimutil_get16(hdr+i);
+  i += 2;
+  fh->compress = aimutil_get16(hdr+i);
+  i += 2;
+  fh->totfiles = aimutil_get16(hdr+i);
+  i += 2;
+  fh->filesleft = aimutil_get16(hdr+i);
+  i += 2;
+  fh->totparts = aimutil_get16(hdr+i);
+  i += 2;
+  fh->partsleft = aimutil_get16(hdr+i);
+  i += 2;
+  fh->totsize = aimutil_get32(hdr+i);
+  i += 4;
+  fh->size = aimutil_get32(hdr+i);
+  i += 4;
+  fh->modtime = aimutil_get32(hdr+i);
+  i += 4;
+  fh->checksum = aimutil_get32(hdr+i);
+  i += 4;
+  fh->rfrcsum = aimutil_get32(hdr+i);
+  i += 4;
+  fh->rfsize = aimutil_get32(hdr+i);
+  i += 4;
+  fh->cretime = aimutil_get32(hdr+i);
+  i += 4;
+  fh->rfcsum = aimutil_get32(hdr+i);
+  i += 4;
+  fh->nrecvd = aimutil_get32(hdr+i);
+  i += 4;
+  fh->recvcsum = aimutil_get32(hdr+i);
+  i += 4;
+  memcpy(fh->idstring, hdr+i, 32);
+  i += 32;
+  fh->flags = aimutil_get8(hdr+i);
+  i += 1;
+  fh->lnameoffset = aimutil_get8(hdr+i);
+  i += 1;
+  fh->lsizeoffset = aimutil_get8(hdr+i);
+  i += 1;
+  memcpy(fh->dummy, hdr+i, 69);
+  i += 69;
+  memcpy(fh->macfileinfo, hdr+i, 16);
+  i += 16;
+  fh->nencode = aimutil_get16(hdr+i);
+  i += 2;
+  fh->nlanguage = aimutil_get16(hdr+i);
+  i += 2;
+  memcpy(fh->name, hdr+i, 64);
+  i += 64;
+  return fh;
+ * @bs: bstream to extract header from
+ *
+ * returns pointer to new struct on success; %NULL on error.
+ *
+ */
+static struct aim_fileheader_t *aim_oft_getfh(aim_bstream_t *bs)
+{
+        struct aim_fileheader_t *fh;
+        if (!(fh = calloc(1, sizeof(struct aim_fileheader_t))))
+                return NULL;
+        /* The bstream should be positioned after the hdrtype. */
+        aimbs_getrawbuf(bs, fh->bcookie, 8);
+        fh->encrypt = aimbs_get16(bs);
+        fh->compress = aimbs_get16(bs);
+        fh->totfiles = aimbs_get16(bs);
+        fh->filesleft = aimbs_get16(bs);
+        fh->totparts = aimbs_get16(bs);
+        fh->partsleft = aimbs_get16(bs);
+        fh->totsize = aimbs_get32(bs);
+        fh->size = aimbs_get32(bs);
+        fh->modtime = aimbs_get32(bs);
+        fh->checksum = aimbs_get32(bs);
+        fh->rfrcsum = aimbs_get32(bs);
+        fh->rfsize = aimbs_get32(bs);
+        fh->cretime = aimbs_get32(bs);
+        fh->rfcsum = aimbs_get32(bs);
+        fh->nrecvd = aimbs_get32(bs);
+        fh->recvcsum = aimbs_get32(bs);
+        aimbs_getrawbuf(bs, fh->idstring, 32);
+        fh->flags = aimbs_get8(bs);
+        fh->lnameoffset = aimbs_get8(bs);
+        fh->lsizeoffset = aimbs_get8(bs);
+        aimbs_getrawbuf(bs, fh->dummy, 69);
+        aimbs_getrawbuf(bs, fh->macfileinfo, 16);
+        fh->nencode = aimbs_get16(bs);
+        fh->nlanguage = aimbs_get16(bs);
+        aimbs_getrawbuf(bs, fh->name, 64); /* XXX */
+        return fh;
+}
-#endif
 /**
 …
  * @buffer: buffer of data to checksum
  * @bufsize: size of buffer
+ * @checksum: pointer to integer to place result in (pointer!)
+ *
+ *
+ * Note that checksum is a pointer. Checksum should be filled with
+ * 0xFFFF0000 for each new file; you can have this checksum chunks of
+ * files in series if you just call it repeatedly in a for(; ; ) loop
+ * and don't reset the checksum between each call. And you thought we
+ * didn't care about you and your pathetic client's meomry footprint
+ * ;^)
+ *
+ *
+ * Also, it's been said that this is incorrect as currently
+ * written. You were warned.
+ */
+faim_export fu32_t aim_oft_checksum(aim_session_t *sess, const char *buffer, int bufsize, fu32_t *checksum)
+{
+        return 0xdeadbeef;
+#if 0
+  fu16_t check0, check1;
+  int i;
+  check0 = ((*checksum & 0xFF000000) >> 16);
+  check1 = ((*checksum & 0x00ff0000) >> 16);
+  for(i = 0; i < bufsize; i++) {
+    if (i % 2) { /* use check1 -- second byte */
+      if ( (short)buffer[i] > check1 ) { /* wrapping */
+        check1 += 0x100;  /* this is a cheap way to wrap */
+        /* if we're wrapping, decrement the other one */
+        /* XXX: check this corner case */
+        if (check0 == 0)
+          check0 = 0x00ff;
+        else
+          check0--;
+      }
+      check1 -= buffer[i];
+    } else { /* use check0 -- first byte  */
+      if ( (short)buffer[i] > check0 ) { /* wrapping */
+        check0 += 0x100;       /* this is a cheap way to wrap */
+        /* if we're wrapping, decrement the other one */
+        /* XXX: check this corner case */
+        if (check1 == 0)
+          check1 = 0x00ff;
+        else
+          check1--;
+      }
+      check0 -= buffer[i];
+    }
+  }
+  if (check0 > 0xff || check1 > 0xff)  {
+    /* they shouldn't be able to do this. error! */
+    faimdprintf(sess, 2, "check0 or check1 is too high: 0x%04x, 0x%04x\n", check0, check1);
+    return -1;
+  }
+  /* grab just the lowest byte; this should be clean, but just in
+     case */
+  check0 &= 0xff;
+  check1 &= 0xff;
+  *checksum = ((check0 * 0x1000000) + (check1 * 0x10000));
+  return *checksum;
+#endif
+}
+#if 0
+ * @prevcheck: previous checksum
+ *
+ * Prevcheck should be 0xFFFF0000 for each new file; you can have this
+ * checksum chunks of files in series if you just call it repeatedly in a
+ * for(; ; ) loop and don't reset the checksum between each call. And you
+ * thought we didn't care about you and your pathetic client's meomry
+ * footprint ;^)
+ *
+ * Thanks to Graham Booker for providing this improved checksum
+ * routine, which is simpler and should be more accurate than Josh
+ * Myer's original code. -- wtm
+ *
+ * This algorithim works every time I have tried it.  The other fails
+ * sometimes.  So, AOL who thought this up?  It has got to be the weirdest
+ * checksum I have ever seen.
+ */
+faim_export fu32_t aim_oft_checksum(const unsigned char *buffer, int bufferlen, int prevcheck) {
+        fu32_t check = (prevcheck >> 16) & 0xffff, oldcheck;
+        int i;
+        unsigned short val;
+        for (i=0; i<bufferlen; i++) {
+                oldcheck = check;
+                if (i&1) {
+                        val = buffer[i];
+                } else {
+                        val = buffer[i] << 8;
+                }
+                check -= val;
+                /* The follownig appears to be necessary.... It happens every once in a while and the checksum doesn't fail. */
+                if (check > oldcheck) {
+                        check--;
+                }
+        }
+        check = ((check & 0x0000ffff) + (check >> 16));
+        check = ((check & 0x0000ffff) + (check >> 16));
+        return check << 16;
+}
+faim_export fu32_t aim_update_checksum(aim_session_t *sess, aim_conn_t *conn,
+                const unsigned char *buffer, int len) {
+        struct aim_filetransfer_priv *ft = conn->internal;
+        ft->fh.nrecvd += len;
+        ft->fh.recvcsum = aim_oft_checksum(buffer, len, ft->fh.recvcsum);
+        return 0;
+}
 /**
  * aim_oft_buildheader - fills a buffer with network-order fh data
+ * @dest: buffer to fill -- pre-alloced
+ * @fh: fh to get data from
+ *
+ * returns length written; -1 on error.
+ * DOES NOT DO BOUNDS CHECKING!
+ *
+ */
+static int oft_buildheader(unsigned char *dest, struct aim_fileheader_t *fh)
+ * @bs: bstream to fill -- automatically initialized
+ * @fh: fh to get data from
+ *
+ * returns -1 on error.
+ *
+ */
+static int aim_oft_buildheader(aim_bstream_t *bs, struct aim_fileheader_t *fh)
+{
+  int i, curbyte;
+  if (!dest || !fh)
+    return -1;
+  curbyte = 0;
+  for(i = 0; i < 8; i++)
+    curbyte += aimutil_put8(dest+curbyte, fh->bcookie[i]);
+  curbyte += aimutil_put16(dest+curbyte, fh->encrypt);
+  curbyte += aimutil_put16(dest+curbyte, fh->compress);
+  curbyte += aimutil_put16(dest+curbyte, fh->totfiles);
+  curbyte += aimutil_put16(dest+curbyte, fh->filesleft);
+  curbyte += aimutil_put16(dest+curbyte, fh->totparts);
+  curbyte += aimutil_put16(dest+curbyte, fh->partsleft);
+  curbyte += aimutil_put32(dest+curbyte, fh->totsize);
+  curbyte += aimutil_put32(dest+curbyte, fh->size);
+  curbyte += aimutil_put32(dest+curbyte, fh->modtime);
+  curbyte += aimutil_put32(dest+curbyte, fh->checksum);
+  curbyte += aimutil_put32(dest+curbyte, fh->rfrcsum);
+  curbyte += aimutil_put32(dest+curbyte, fh->rfsize);
+  curbyte += aimutil_put32(dest+curbyte, fh->cretime);
+  curbyte += aimutil_put32(dest+curbyte, fh->rfcsum);
+  curbyte += aimutil_put32(dest+curbyte, fh->nrecvd);
+  curbyte += aimutil_put32(dest+curbyte, fh->recvcsum);
+  memcpy(dest+curbyte, fh->idstring, 32);
+  curbyte += 32;
+  curbyte += aimutil_put8(dest+curbyte, fh->flags);
+  curbyte += aimutil_put8(dest+curbyte, fh->lnameoffset);
+  curbyte += aimutil_put8(dest+curbyte, fh->lsizeoffset);
+  memcpy(dest+curbyte, fh->dummy, 69);
+  curbyte += 69;
+  memcpy(dest+curbyte, fh->macfileinfo, 16);
+  curbyte += 16;
+  curbyte += aimutil_put16(dest+curbyte, fh->nencode);
+  curbyte += aimutil_put16(dest+curbyte, fh->nlanguage);
+  memset(dest+curbyte, 0x00, 64);
+  memcpy(dest+curbyte, fh->name, 64);
+  /* XXX: Filenames longer than 64B  */
+  curbyte += 64;
+  return curbyte;
+}
+#endif
+        fu8_t *hdr;
+        if (!bs || !fh)
+                return -1;
+        if (!(hdr = (unsigned char *)calloc(1, 0x100 - 8))) {
+                return -1;
+        }
+        aim_bstream_init(bs, hdr, 0x100 - 8);
+        aimbs_putraw(bs, fh->bcookie, 8);
+        aimbs_put16(bs, fh->encrypt);
+        aimbs_put16(bs, fh->compress);
+        aimbs_put16(bs, fh->totfiles);
+        aimbs_put16(bs, fh->filesleft);
+        aimbs_put16(bs, fh->totparts);
+        aimbs_put16(bs, fh->partsleft);
+        aimbs_put32(bs, fh->totsize);
+        aimbs_put32(bs, fh->size);
+        aimbs_put32(bs, fh->modtime);
+        aimbs_put32(bs, fh->checksum);
+        aimbs_put32(bs, fh->rfrcsum);
+        aimbs_put32(bs, fh->rfsize);
+        aimbs_put32(bs, fh->cretime);
+        aimbs_put32(bs, fh->rfcsum);
+        aimbs_put32(bs, fh->nrecvd);
+        aimbs_put32(bs, fh->recvcsum);
+        aimbs_putraw(bs, fh->idstring, 32);
+        aimbs_put8(bs, fh->flags);
+        aimbs_put8(bs, fh->lnameoffset);
+        aimbs_put8(bs, fh->lsizeoffset);
+        aimbs_putraw(bs, fh->dummy, 69);
+        aimbs_putraw(bs, fh->macfileinfo, 16);
+        aimbs_put16(bs, fh->nencode);
+        aimbs_put16(bs, fh->nlanguage);
+        aimbs_putraw(bs, fh->name, 64);
+        /* XXX: Filenames longer than 64B */
+        return 0;
+}
 /**
 …
         return NULL;
 #if 0
+  struct command_tx_struct *newpacket;
+  struct aim_conn_t *newconn;
+  struct aim_filetransfer_priv *priv;
+  struct aim_msgcookie_t *cookie;
+  int curbyte, i, listenfd;
+  short port = 4443;
+  struct hostent *hptr;
+  struct utsname myname;
+  char cap[16];
+  char d[4];
+        struct command_tx_struct *newpacket;
+        struct aim_conn_t *newconn;
+        struct aim_filetransfer_priv *priv;
+        struct aim_msgcookie_t *cookie;
+        int curbyte, i, listenfd;
+        short port = 4443;
+        struct hostent *hptr;
+        struct utsname myname;
+        char cap[16];
+        char d[4];
+        /* Open our socket */
+        if ( (listenfd = aim_listenestablish(port)) == -1)
+                return NULL;
+        /* get our local IP */
+        if (uname(&myname) < 0)
+                return NULL;
+        if ( (hptr = gethostbyname(myname.nodename)) == NULL)
+                return NULL;
+        memcpy(&d, hptr->h_addr_list[0], 4);
+        aim_putcap(cap, 16, AIM_CAPS_GETFILE);
+        /* create the OSCAR packet */
+        if (!(newpacket = aim_tx_new(sess, conn, AIM_FRAMETYPE_OSCAR, 0x0002, 10+8+2+1+strlen(destsn)+4+4+0x42)))
+                return NULL;
+        newpacket->lock = 1;
+        /* lock struct */
+        curbyte = 0;
+        curbyte += aim_putsnac(newpacket->data+curbyte, 0x0004, 0x0006, 0x0000, sess->snac_nextid);
+        /* XXX: check the cookie before commiting to using it */
+        /* Generate a random message cookie
+         * This cookie needs to be alphanumeric and NULL-terminated to be TOC-compatible. */
+        for (i=0; i<7; i++)
+                curbyte += aimutil_put8(newpacket->data+curbyte, 0x30 + ((u_char) random() % 10));
+        curbyte += aimutil_put8(newpacket->data+curbyte, 0x00);
+        /* grab all the data for cookie caching. */
+  /* Open our socket */
+  if ( (listenfd = aim_listenestablish(port)) == -1)
+    return NULL;
+  /* get our local IP */
+  if (uname(&myname) < 0)
+    return NULL;
+  if ( (hptr = gethostbyname(myname.nodename)) == NULL)
+    return NULL;
+  memcpy(&d, hptr->h_addr_list[0], 4);
+  aim_putcap(cap, 16, AIM_CAPS_GETFILE);
+  /* create the OSCAR packet */
+  if (!(newpacket = aim_tx_new(sess, conn, AIM_FRAMETYPE_OSCAR, 0x0002, 10+8+2+1+strlen(destsn)+4+4+0x42)))
+    return NULL;
+  newpacket->lock = 1;
+  /* lock struct */
+  curbyte = 0;
+  curbyte += aim_putsnac(newpacket->data+curbyte, 0x0004, 0x0006, 0x0000, sess->snac_nextid);
+  /* XXX: check the cookie before commiting to using it */
+  /* Generate a random message cookie
+   * This cookie needs to be alphanumeric and NULL-terminated to be TOC-compatible. */
+  for (i=0; i<7; i++)
+    curbyte += aimutil_put8(newpacket->data+curbyte, 0x30 + ((u_char) random() % 10));
+  curbyte += aimutil_put8(newpacket->data+curbyte, 0x00);
+  /* grab all the data for cookie caching. */
+        if (!(cookie = (struct aim_msgcookie_t *)calloc(1, sizeof(struct aim_msgcookie_t))))
+                return NULL;
+        memcpy(cookie->cookie, newpacket->data+curbyte-8, 8);
+        cookie->type = AIM_COOKIETYPE_OFTGET;
+        if (!(priv = (struct aim_filetransfer_priv *)calloc(1, sizeof(struct aim_filetransfer_priv))))
+                return NULL;
+        memcpy(priv->cookie, cookie, 8);
+        memcpy(priv->sn, destsn, sizeof(priv->sn));
+        memcpy(priv->fh.name, "listing.txt", strlen("listing.txt"));
+        priv->state = 1;
+        cookie->data = priv;
+        aim_cachecookie(sess, cookie);
+        /* Channel ID */
+        curbyte += aimutil_put16(newpacket->data+curbyte,0x0002);
+        /* Destination SN (prepended with byte length) */
+        curbyte += aimutil_put8(newpacket->data+curbyte,strlen(destsn));
+        curbyte += aimutil_putstr(newpacket->data+curbyte, destsn, strlen(destsn));
+        curbyte += aimutil_put16(newpacket->data+curbyte, 0x0003);
+        curbyte += aimutil_put16(newpacket->data+curbyte, 0x0000);
+        /* enTLV start */
+        curbyte += aimutil_put16(newpacket->data+curbyte, 0x0005);
+        curbyte += aimutil_put16(newpacket->data+curbyte, 0x0042);
+        /* Flag data / ICBM Parameters? */
+        curbyte += aimutil_put8(newpacket->data+curbyte, 0x00);
+        curbyte += aimutil_put8(newpacket->data+curbyte, 0x00);
+        /* Cookie */
+        curbyte += aimutil_putstr(newpacket->data+curbyte, (char *)cookie, 8);
+        /* Capability String */
+        curbyte += aimutil_putstr(newpacket->data+curbyte, (char *)cap, 0x10);
+        /* 000a/0002 : 0001 */
+        curbyte += aimutil_put16(newpacket->data+curbyte, 0x000a);
+        curbyte += aimutil_put16(newpacket->data+curbyte, 0x0002);
+        curbyte += aimutil_put16(newpacket->data+curbyte, 0x0001);
+        /* 0003/0004: IP address */
+        curbyte += aimutil_put16(newpacket->data+curbyte, 0x0003);
+        curbyte += aimutil_put16(newpacket->data+curbyte, 0x0004);
+        for (i = 0; i < 4; i++)
+        curbyte += aimutil_put8(newpacket->data+curbyte, d[i]);
+        /* already in network byte order */
+  if (!(cookie = (struct aim_msgcookie_t *)calloc(1, sizeof(struct aim_msgcookie_t))))
+    return NULL;
+  memcpy(cookie->cookie, newpacket->data+curbyte-8, 8);
+  cookie->type = AIM_COOKIETYPE_OFTGET;
+  if (!(priv = (struct aim_filetransfer_priv *)calloc(1, sizeof(struct aim_filetransfer_priv))))
+    return NULL;
+  memcpy(priv->cookie, cookie, 8);
+  memcpy(priv->sn, destsn, sizeof(priv->sn));
+  memcpy(priv->fh.name, "listing.txt", strlen("listing.txt"));
+  priv->state = 1;
+  cookie->data = priv;
+  aim_cachecookie(sess, cookie);
+  /* Channel ID */
+  curbyte += aimutil_put16(newpacket->data+curbyte,0x0002);
+  /* Destination SN (prepended with byte length) */
+  curbyte += aimutil_put8(newpacket->data+curbyte,strlen(destsn));
+  curbyte += aimutil_putstr(newpacket->data+curbyte, destsn, strlen(destsn));
+  curbyte += aimutil_put16(newpacket->data+curbyte, 0x0003);
+  curbyte += aimutil_put16(newpacket->data+curbyte, 0x0000);
+  /* enTLV start */
+  curbyte += aimutil_put16(newpacket->data+curbyte, 0x0005);
+  curbyte += aimutil_put16(newpacket->data+curbyte, 0x0042);
+  /* Flag data / ICBM Parameters? */
+  curbyte += aimutil_put8(newpacket->data+curbyte, 0x00);
+  curbyte += aimutil_put8(newpacket->data+curbyte, 0x00);
+  /* Cookie */
+  curbyte += aimutil_putstr(newpacket->data+curbyte, (char *)cookie, 8);
+  /* Capability String */
+  curbyte += aimutil_putstr(newpacket->data+curbyte, (char *)cap, 0x10);
+  /* 000a/0002 : 0001 */
+  curbyte += aimutil_put16(newpacket->data+curbyte, 0x000a);
+  curbyte += aimutil_put16(newpacket->data+curbyte, 0x0002);
+  curbyte += aimutil_put16(newpacket->data+curbyte, 0x0001);
+  /* 0003/0004: IP address */
+  curbyte += aimutil_put16(newpacket->data+curbyte, 0x0003);
+  curbyte += aimutil_put16(newpacket->data+curbyte, 0x0004);
+  for(i = 0; i < 4; i++)
+    curbyte += aimutil_put8(newpacket->data+curbyte, d[i]);
+  /* already in network byte order  */
+  /* 0005/0002: Port */
+  curbyte += aimutil_put16(newpacket->data+curbyte, 0x0005);
+  curbyte += aimutil_put16(newpacket->data+curbyte, 0x0002);
+  curbyte += aimutil_put16(newpacket->data+curbyte, port);
+  /* 000f/0000: ?? */
+  curbyte += aimutil_put16(newpacket->data+curbyte, 0x000f);
+  curbyte += aimutil_put16(newpacket->data+curbyte, 0x0000);
+  /* 2711/000c: ?? */
+  curbyte += aimutil_put16(newpacket->data+curbyte, 0x2711);
+  curbyte += aimutil_put16(newpacket->data+curbyte, 0x000c);
+  curbyte += aimutil_put32(newpacket->data+curbyte, 0x00120001);
+  for(i = 0; i < 0x000c - 4; i++)
+    curbyte += aimutil_put8(newpacket->data+curbyte, 0x00);
+  newpacket->commandlen = curbyte;
+  newpacket->lock = 0;
+  aim_tx_enqueue(sess, newpacket);
+  /* allocate and set up our connection */
+  i = fcntl(listenfd, F_GETFL, 0);
+  fcntl(listenfd, F_SETFL, i | O_NONBLOCK);
+  newconn = aim_newconn(sess, AIM_CONN_TYPE_RENDEZVOUS_OUT, NULL);
+  if (!newconn){
+    perror("aim_newconn");
+    return NULL;
+  }
+  newconn->fd = listenfd;
+  newconn->subtype = AIM_CONN_SUBTYPE_OFT_GETFILE;
+  newconn->priv = priv;
+  faimdprintf(sess, 2,"faim: listening (fd = %d, unconnected)\n", newconn->fd);
+  return newconn;
+        /* 0005/0002: Port */
+        curbyte += aimutil_put16(newpacket->data+curbyte, 0x0005);
+        curbyte += aimutil_put16(newpacket->data+curbyte, 0x0002);
+        curbyte += aimutil_put16(newpacket->data+curbyte, port);
+        /* 000f/0000: ?? */
+        curbyte += aimutil_put16(newpacket->data+curbyte, 0x000f);
+        curbyte += aimutil_put16(newpacket->data+curbyte, 0x0000);
+        /* 2711/000c: ?? */
+        curbyte += aimutil_put16(newpacket->data+curbyte, 0x2711);
+        curbyte += aimutil_put16(newpacket->data+curbyte, 0x000c);
+        curbyte += aimutil_put32(newpacket->data+curbyte, 0x00120001);
+        for (i = 0; i < 0x000c - 4; i++)
+                curbyte += aimutil_put8(newpacket->data+curbyte, 0x00);
+        newpacket->commandlen = curbyte;
+        newpacket->lock = 0;
+        aim_tx_enqueue(sess, newpacket);
+        /* allocate and set up our connection */
+        i = fcntl(listenfd, F_GETFL, 0);
+        fcntl(listenfd, F_SETFL, i | O_NONBLOCK);
+        newconn = aim_newconn(sess, AIM_CONN_TYPE_RENDEZVOUS_OUT, NULL);
+        if (!newconn){
+                perror("aim_newconn");
+                return NULL;
+        }
+        newconn->fd = listenfd;
+        newconn->subtype = AIM_CONN_SUBTYPE_OFT_GETFILE;
+        newconn->internal = priv;
+        faimdprintf(sess, 2,"faim: listening (fd = %d, unconnected)\n", newconn->fd);
+        return newconn;
 #endif
+}
 …
  * returns -1 on error, 0 on successful enqueuing
  */
+#if 0
 faim_export int aim_oft_getfile_request(aim_session_t *sess, aim_conn_t *conn, const char *name, int size)
+{
+        return -EINVAL;
+#if 0
+  struct command_tx_struct *newoft;
+  struct aim_filetransfer_priv *ft;
+  if (!sess || !conn || !conn->priv || !name)
+    return -1;
+  if (!(newoft = aim_tx_new(sess, conn, AIM_FRAMETYPE_OFT, 0x120c, 0))) {
+    faimdprintf(sess, 2, "faim: aim_accepttransfer: tx_new OFT failed\n");
+    return -1;
+  }
+  newoft->lock = 1;
+  memcpy(newoft->hdr.oft.magic, "OFT2", 4);
+  newoft->hdr.oft.hdr2len = 0x100 - 8;
+  ft = (struct aim_filetransfer_priv *)conn->priv;
+  ft->fh.filesleft = 1;
+  ft->fh.totfiles = 1;
+  ft->fh.totparts = 1;
+  ft->fh.partsleft = 1;
+  ft->fh.totsize = size;
+  ft->fh.size = size;
+  ft->fh.checksum = 0;
+  memcpy(ft->fh.name, name, strlen(name));
+  memset(ft->fh.name+strlen(name), 0, 1);
+  if (!(newoft->hdr.oft.hdr2 = (unsigned char *)calloc(1,newoft->hdr.oft.hdr2len))) {
+    newoft->lock = 0;
+    aim_frame_destroy(newoft);
+    return -1;
+  }
+  if (!(aim_oft_buildheader(newoft->hdr.oft.hdr2, &(ft->fh)))) {
+    newoft->lock = 0;
+    aim_frame_destroy(newoft);
+    return -1;
+  }
+  newoft->lock = 0;
+  aim_tx_enqueue(sess, newoft);
+  return 0;
+        aim_frame_t *newoft;
+        struct aim_filetransfer_priv *ft;
+        if (!sess || !conn || !conn->priv || !name)
+                return -1;
+        if (!(newoft = aim_tx_new(sess, conn, AIM_FRAMETYPE_OFT, 0x120c, 0))) {
+                faimdprintf(sess, 2, "faim: aim_accepttransfer: tx_new OFT failed\n");
+                return -1;
+        }
+        memcpy(newoft->hdr.oft.magic, "OFT2", 4);
+        newoft->hdr.oft.hdr2len = 0x100 - 8;
+        ft = (struct aim_filetransfer_priv *)conn->priv;
+        ft->fh.filesleft = 1;
+        ft->fh.totfiles = 1;
+        ft->fh.totparts = 1;
+        ft->fh.partsleft = 1;
+        ft->fh.totsize = size;
+        ft->fh.size = size;
+        ft->fh.checksum = 0;
+        memcpy(ft->fh.name, name, strlen(name));
+        memset(ft->fh.name+strlen(name), 0, 1);
+        if (!(newoft->hdr.oft.hdr2 = (unsigned char *)calloc(1,newoft->hdr.oft.hdr2len))) {
+                aim_frame_destroy(newoft);
+                return -1;
+        }
+        if (!(aim_oft_buildheader(newoft->hdr.oft.hdr2, &(ft->fh)))) {
+                aim_frame_destroy(newoft);
+                return -1;
+        }
+        aim_tx_enqueue(sess, newoft);
+        return 0;
+}
 #endif
+/* Identify a file that we are about to send by transmitting the
+ * appropriate header.
+ */
+faim_export int aim_oft_sendfile_request(aim_session_t *sess, aim_conn_t *conn, const char *filename, int filesdone, int numfiles, int size, int totsize)
+{
+        aim_frame_t *newoft;
+        aim_msgcookie_t *cook;
+        struct aim_filetransfer_priv *ft = (struct aim_filetransfer_priv *)conn->internal;
+        struct aim_fileheader_t *fh;
+        if (!sess || !conn || !filename)
+                return -1;
+        if (!(fh = (struct aim_fileheader_t*)calloc(1, sizeof(struct aim_fileheader_t))))
+                return -1;
+#ifdef DUMB_OFT_CHECKSUM
+        /* Yes, we are supposed to checksum the whole file before sending, and
+         * yes, it's dumb.  This is the only way to get some clients (such as
+         * Mac AIM v4.5.163) to successfully complete the transfer.  With
+         * the WinAIM clients, we seem to be able to get away with just
+         * setting the checksum to zero.
+         * -- wtm
+         */
+        {
+                int fd = open(filename, O_RDONLY);
+                if (fd >= 0) {
+                        int bytes;
+                        char buf[1024];
+                        fh->checksum = 0xffff0000;
+                        while ((bytes = aim_recv(fd, buf, 1024)) > 0) {
+                                fh->checksum = aim_oft_checksum(buf, bytes, fh->checksum);
+                        }
+                }
+                close(fd);
+        }
+#else
+        fh->checksum = 0x00000000;
+#endif
+        fh->encrypt = 0x0000;
+        fh->compress = 0x0000;
+        fh->totfiles = numfiles;
+        fh->filesleft = numfiles - filesdone;
+        fh->totparts = 0x0001; /* set to 0x0002 sending Mac resource forks */
+        fh->partsleft = 0x0001;
+        fh->totsize = totsize;
+        fh->size = size;
+        fh->modtime = (int)time(NULL); /* we'll go with current time for now */
+        /* fh->checksum set above */
+        fh->rfcsum = 0x00000000;
+        fh->rfsize = 0x00000000;
+        fh->cretime = 0x00000000;
+        fh->rfcsum = 0x00000000;
+        fh->nrecvd = 0x00000000; /* always zero initially */
+        fh->recvcsum= 0x00000000; /* ditto */
+        strncpy(fh->idstring, "OFT_Windows ICBMFT V1.1 32", sizeof(fh->idstring));
+        fh->flags = 0x02;
+        fh->lnameoffset = 0x1a;
+        fh->lsizeoffset = 0x10;
+        memset(fh->dummy, 0, sizeof(fh->dummy));
+        memset(fh->macfileinfo, 0, sizeof(fh->macfileinfo));
+        /* apparently 0 is ASCII, 2 is UCS-2 */
+        /* it is likely that 3 is ISO 8859-1 */
+        fh->nencode = 0x0000;
+        fh->nlanguage = 0x0000;
+        /* Convert the directory separator to ^A for portability. */
+        strncpy(fh->name, filename, sizeof(fh->name));
+        oft_dirconvert(fh->name);
+        /* XXX we should normally send a null cookie here, and make
+         * the receiver fill it in for authentication -- wtm
+         */
+        memcpy(fh->bcookie, ft->cookie, 8);
+        if (!(cook = aim_checkcookie(sess, ft->cookie, AIM_COOKIETYPE_OFTSEND))) {
+                return -1;
+        }
+        /* Update both headers to be safe. */
+        memcpy(&(ft->fh), fh, sizeof(struct aim_fileheader_t));
+        memcpy(&(((struct aim_filetransfer_priv *)cook->data)->fh), fh, sizeof(struct aim_fileheader_t));
+        if (!(newoft = aim_tx_new(sess, conn, AIM_FRAMETYPE_OFT, AIM_OFT_PROTO_OFFER, 0))) {
+                faimdprintf(sess, 2, "faim: aim_accepttransfer: tx_new OFT failed\n");
+                free(fh);
+                return -1;
+        }
+        if (aim_oft_buildheader(&newoft->data, fh) == -1) {
+                aim_frame_destroy(newoft);
+                free(fh);
+                return -1;
+        }
+        memcpy(newoft->hdr.rend.magic, "OFT2", 4);
+        newoft->hdr.rend.hdrlen = aim_bstream_curpos(&newoft->data);
+        aim_tx_enqueue(sess, newoft);
+        free(fh);
+        return 0;
+}
 …
         return -EINVAL;
 #if 0
   struct command_tx_struct *newoft;
   struct aim_filetransfer_priv *ft;
   if (!sess || !conn || !conn->priv)
     return -1;
   if (!(newoft = aim_tx_new(sess, conn, AIM_FRAMETYPE_OFT, 0x0202, 0))) {
     faimdprintf(sess, 2, "faim: aim_accepttransfer: tx_new OFT failed\n");
     return -1;
+  }
   newoft->lock = 1;
   memcpy(newoft->hdr.oft.magic, "OFT2", 4);
   newoft->hdr.oft.hdr2len = 0x100-8;
  if (!(newoft->hdr.oft.hdr2 = (char *)calloc(1,newoft->hdr.oft.hdr2len))) {
    newoft->lock = 0;
    aim_frame_destroy(newoft);
    return -1;
+ }
  ft = (struct aim_filetransfer_priv *)conn->priv;
  if (!(aim_oft_buildheader((unsigned char *)newoft->hdr.oft.hdr2, &(ft->fh)))) {
    newoft->lock = 0;
    aim_frame_destroy(newoft);
    return -1;
+ }
  newoft->lock = 0;
  aim_tx_enqueue(sess, newoft);
  return 0;
+        struct command_tx_struct *newoft;
+        struct aim_filetransfer_priv *ft;
+        if (!sess || !conn || !conn->priv)
+                return -1;
+        if (!(newoft = aim_tx_new(sess, conn, AIM_FRAMETYPE_OFT, 0x0202, 0))) {
+                faimdprintf(sess, 2, "faim: aim_accepttransfer: tx_new OFT failed\n");
+        return -1;
+        }
+        newoft->lock = 1;
+        memcpy(newoft->hdr.oft.magic, "OFT2", 4);
+        newoft->hdr.oft.hdr2len = 0x100-8;
+        if (!(newoft->hdr.oft.hdr2 = (char *)calloc(1,newoft->hdr.oft.hdr2len))) {
+                newoft->lock = 0;
+                aim_frame_destroy(newoft);
+                return -1;
+        }
+        ft = (struct aim_filetransfer_priv *)conn->priv;
+        if (!(aim_oft_buildheader((unsigned char *)newoft->hdr.oft.hdr2, &(ft->fh)))) {
+                newoft->lock = 0;
+                aim_frame_destroy(newoft);
+                return -1;
+        }
+        newoft->lock = 0;
+        aim_tx_enqueue(sess, newoft);
+        return 0;
 #endif
+}
 /**
  * aim_oft_getfile_end - end a getfile.
+ * aim_oft_end - end a getfile/sendfile.
  * @sess: your session
  * @conn: the getfile connection
 …
  * receiving/requesting end.
  */
+faim_export int aim_oft_getfile_end(aim_session_t *sess, aim_conn_t *conn)
+{
+        return -EINVAL;
+#if 0
+  struct command_tx_struct *newoft;
+  struct aim_filetransfer_priv *ft;
+  if (!sess || !conn || !conn->priv)
+    return -1;
+  if (!(newoft = aim_tx_new(sess, conn, AIM_FRAMETYPE_OFT, 0x0204, 0))) {
+    faimdprintf(sess, 2, "faim: aim_accepttransfer: tx_new OFT failed\n");
+    return -1;
+  }
+  newoft->lock = 1;
+  memcpy(newoft->hdr.oft.magic, "OFT2", 4);
+  newoft->hdr.oft.hdr2len = 0x100 - 8;
+  if (!(newoft->hdr.oft.hdr2 = (char *)calloc(1,newoft->hdr.oft.hdr2len))) {
+    newoft->lock = 0;
+    aim_frame_destroy(newoft);
+    return -1;
+  }
+  ft = (struct aim_filetransfer_priv *)conn->priv;
+  ft->state = 4; /* no longer wanting data */
+  ft->fh.nrecvd = ft->fh.size;
+  ft->fh.recvcsum = ft->fh.checksum;
+  ft->fh.flags = 0x21;
+  if (!(aim_oft_buildheader((unsigned char *)newoft->hdr.oft.hdr2, &(ft->fh)))) {
+    newoft->lock = 0;
+    aim_frame_destroy(newoft);
+    return -1;
+  }
+  newoft->lock = 0;
+  aim_tx_enqueue(sess, newoft);
+  return 0;
+#endif /* 0 */
+}
+faim_export int aim_oft_end(aim_session_t *sess, aim_conn_t *conn)
+{
+        aim_frame_t *newoft;
+        struct aim_filetransfer_priv *ft;
+        if (!sess || !conn || !conn->internal)
+                return -1;
+        if (!(newoft = aim_tx_new(sess, conn, AIM_FRAMETYPE_OFT, AIM_OFT_PROTO_ACK, 0))) {
+                faimdprintf(sess, 2, "faim: aim_accepttransfer: tx_new OFT failed\n");
+                return -1;
+        }
+        ft = (struct aim_filetransfer_priv *)conn->internal;
+        ft->state = 4; /* no longer wanting data */
+        ft->fh.flags = 0x21;
+        if (aim_oft_buildheader(&(newoft->data), &(ft->fh)) == -1) {
+                aim_frame_destroy(newoft);
+                return -1;
+        }
+        memcpy(newoft->hdr.rend.magic, "OFT2", 4);
+        newoft->hdr.rend.hdrlen = aim_bstream_curpos(&newoft->data);
+        aim_tx_enqueue(sess, newoft);
+        return 0;
+}
+/*
+ * Convert the directory separator to ^A, which seems to be AOL's attempt at portability.
+ */
+static void oft_dirconvert(char *name) {
+        char *c = name;
+        while ((c = strchr(c, G_DIR_SEPARATOR)))
+                *c = 0x01;
+}

libfaim/icq.c

r5e53c4a	r862371b
1	1	/*
2		* Encapsulated ICQ.
	2	* Family 0x0015 - Encapsulated ICQ.
3	3	*
4	4	*/
…	…
263	263	return 0;
264	264	}
265
266

libfaim/im.c

-                      r5e53c4a
+                      r862371b
 /*
+ *  aim_im.c
+ *
+ *  The routines for sending/receiving Instant Messages.
+ *  Family 0x0004 - Routines for sending/receiving Instant Messages.
+ *
  *  Note the term ICBM (Inter-Client Basic Message) which blankets
 …
  *  is used for negotiating "rendezvous".  These transactions end in
  *  something more complex happening, such as a chat invitation, or
+ *  a file transfer.
+ *  a file transfer.  Channel 3 is used for chat messages (not in
+ *  the same family as these channels).  Channel 4 is used for
+ *  various ICQ messages.  Examples are normal messages, URLs, and
+ *  old-style authorization.
+ *
  *  In addition to the channel, every ICBM contains a cookie.  For
 …
 #define FAIM_INTERNAL
 #include <aim.h>
+#ifdef _WIN32
+#include "win32dep.h"
+#endif
 /*
 …
  *                                      4.3.2229, 4.4.2286
  *  0501 0004 0101 0102 0101     WinAIM 4.1.2010, libfaim (right here)
+ *  0501 0003 0101 02            WinAIM 5
+ *  0501 0001 01                 iChat x.x
  *  0501 0001 0101 01            AOL v6.0, CompuServe 2000 v6.0, any
  *                                      TOC client
 …
+}
+/*
+ * Subtype 0x0002
+ *
+ * I definitly recommend sending this.  If you don't, you'll be stuck
+ * with the rather unreasonable defaults.  You don't want those.  Send this.
+ *
+ */
+faim_export int aim_seticbmparam(aim_session_t *sess, struct aim_icbmparameters *params)
+{
+        aim_conn_t *conn;
+        aim_frame_t *fr;
+        aim_snacid_t snacid;
+        if (!sess || !(conn = aim_conn_findbygroup(sess, 0x0004)))
+                return -EINVAL;
+        if (!params)
+                return -EINVAL;
+        if (!(fr = aim_tx_new(sess, conn, AIM_FRAMETYPE_FLAP, 0x02, 10+16)))
+                return -ENOMEM;
+        snacid = aim_cachesnac(sess, 0x0004, 0x0002, 0x0000, NULL, 0);
+        aim_putsnac(&fr->data, 0x0004, 0x0002, 0x0000, snacid);
+        /* This is read-only (see Parameter Reply). Must be set to zero here. */
+        aimbs_put16(&fr->data, 0x0000);
+        /* These are all read-write */
+        aimbs_put32(&fr->data, params->flags);
+        aimbs_put16(&fr->data, params->maxmsglen);
+        aimbs_put16(&fr->data, params->maxsenderwarn);
+        aimbs_put16(&fr->data, params->maxrecverwarn);
+        aimbs_put32(&fr->data, params->minmsginterval);
+        aim_tx_enqueue(sess, fr);
+        return 0;
+}
+/* Subtype 0x0004 - Request ICBM parameter information. */
+faim_export int aim_reqicbmparams(aim_session_t *sess)
+{
+        aim_conn_t *conn;
+        if (!sess || !(conn = aim_conn_findbygroup(sess, 0x0004)))
+                return -EINVAL;
+        return aim_genericreq_n(sess, conn, 0x0004, 0x0004);
+}
+/* Subtype 0x0005 */
+static int paraminfo(aim_session_t *sess, aim_module_t *mod, aim_frame_t *rx, aim_modsnac_t *snac, aim_bstream_t *bs)
+{
+        struct aim_icbmparameters params;
+        aim_rxcallback_t userfunc;
+        params.maxchan = aimbs_get16(bs);
+        params.flags = aimbs_get32(bs);
+        params.maxmsglen = aimbs_get16(bs);
+        params.maxsenderwarn = aimbs_get16(bs);
+        params.maxrecverwarn = aimbs_get16(bs);
+        params.minmsginterval = aimbs_get32(bs);
+        if ((userfunc = aim_callhandler(sess, rx->conn, snac->family, snac->subtype)))
+                return userfunc(sess, rx, &params);
+        return 0;
+}
 /* This should be endian-safe now... but who knows... */
 faim_export fu16_t aim_iconsum(const fu8_t *buf, int buflen)
 …
 /*
  * Send an ICBM (instant message).
+ * Subtype 0x0006 - Send an ICBM (instant message).
+ *
+ *
 …
+        }
         if (!(fr = aim_tx_new(sess, conn, AIM_FRAMETYPE_FLAP, 0x02, msgtlvlen+128)))
                 return -ENOMEM;
 …
         /*
          * Set the I HAVE A REALLY PURTY ICON flag.
+         * XXX - This should really only be sent on initial
+         * IMs and when you change your icon.
          */
         if (args->flags & AIM_IMFLAGS_HASICON) {
 …
         /*
          * Set the Buddy Icon Requested flag.
+         * XXX - Everytime?  Surely not...
          */
         if (args->flags & AIM_IMFLAGS_BUDDYREQ) {
 …
 /*
+ * Subtype 0x0006
+ *
  * This is also performance sensitive. (If you can believe it...)
+ *
 …
 /*
+ * Subtype 0x0006
+ *
  * This only works for ICQ 2001b (thats 2001 not 2000).  Better, only
  * send it to clients advertising the RTF capability.  In fact, if you send
 …
+}
+/* Subtype 0x0006 */
 faim_internal int aim_request_directim(aim_session_t *sess, const char *destsn, fu8_t *ip, fu16_t port, fu8_t *ckret)
+{
 …
+}
+/* Subtype 0x0006 */
 faim_internal int aim_request_sendfile(aim_session_t *sess, const char *sn, const char *filename, fu16_t numfiles, fu32_t totsize, fu8_t *ip, fu16_t port, fu8_t *ckret)
+{
 …
         aim_frame_t *fr;
         aim_snacid_t snacid;
+        struct aim_snac_destructor snacdest;
         if (!sess || !(conn = aim_conn_findbygroup(sess, 0x0004)))
 …
         if (!(fr = aim_tx_new(sess, conn, AIM_FRAMETYPE_FLAP, 0x02, 10+8+2+1+strlen(sn)+2+2+2+8+16+6+8+6+4+2+2+2+2+4+strlen(filename)+4)))
                 return -ENOMEM;
-        snacid = aim_cachesnac(sess, 0x0004, 0x0006, 0x0000, NULL, 0);
-        aim_putsnac(&fr->data, 0x0004, 0x0006, 0x0000, snacid);
         for (i = 0; i < 7; i++)
 …
         if (ckret)
                 memcpy(ckret, ck, 8);
+        /* Fill in the snac destructor so we know if the request
+         * times out.  Use the cookie in the data field, so we
+         * know what request to cancel if there is an error.
+         */
+        snacdest.data = malloc(8);
+        memcpy(snacdest.data, ck, 8);
+        snacdest.conn = conn;
+        snacid = aim_cachesnac(sess, 0x0004, 0x0006, AIM_SNACFLAGS_DESTRUCTOR, &snacdest, sizeof(snacdest));
+        aim_putsnac(&fr->data, 0x0004, 0x0006, 0x0000, snacid);
         /*
 …
         /* ? */
         aimbs_put16(&fr->data, 0x0001);
+        aimbs_put16(&fr->data, (numfiles > 1) ? 0x0002 : 0x0001);
         aimbs_put16(&fr->data, numfiles);
         aimbs_put32(&fr->data, totsize);
 …
         /* ? */
         aimbs_put32(&fr->data, 0x00000000);
+#if 0
+        /* Newer clients seem to send this (?) -- wtm */
+        aimbs_put32(&fr->data, 0x00030000);
+#endif
+        aim_tx_enqueue(sess, fr);
+        return 0;
+}
+/**
+ * Subtype 0x0006 - Request the status message of the given ICQ user.
+ *
+ * @param sess The oscar session.
+ * @param sn The UIN of the user of whom you wish to request info.
+ * @param type The type of info you wish to request.  This should be the current
+ *        state of the user, as one of the AIM_ICQ_STATE_* defines.
+ * @return Return 0 if no errors, otherwise return the error number.
+ */
+faim_export int aim_send_im_ch2_geticqmessage(aim_session_t *sess, const char *sn, int type)
+{
+        aim_conn_t *conn;
+        int i;
+        fu8_t ck[8];
+        aim_frame_t *fr;
+        aim_snacid_t snacid;
+        if (!sess || !(conn = aim_conn_findbygroup(sess, 0x0004)) || !sn)
+                return -EINVAL;
+        for (i = 0; i < 8; i++)
+                aimutil_put8(ck+i, (fu8_t) rand());
+        if (!(fr = aim_tx_new(sess, conn, AIM_FRAMETYPE_FLAP, 0x02, 10+8+2+1+strlen(sn) + 4+0x5e + 4)))
+                return -ENOMEM;
+        snacid = aim_cachesnac(sess, 0x0004, 0x0006, 0x0000, NULL, 0);
+        aim_putsnac(&fr->data, 0x0004, 0x0006, 0x0000, snacid);
+        /* Cookie */
+        aimbs_putraw(&fr->data, ck, 8);
+        /* Channel (2) */
+        aimbs_put16(&fr->data, 0x0002);
+        /* Dest sn */
+        aimbs_put8(&fr->data, strlen(sn));
+        aimbs_putraw(&fr->data, sn, strlen(sn));
+        /* TLV t(0005) - Encompasses almost everything below. */
+        aimbs_put16(&fr->data, 0x0005); /* T */
+        aimbs_put16(&fr->data, 0x005e); /* L */
+        { /* V */
+                aimbs_put16(&fr->data, 0x0000);
+                /* Cookie */
+                aimbs_putraw(&fr->data, ck, 8);
+                /* Put the 16 byte server relay capability */
+                aim_putcap(&fr->data, AIM_CAPS_ICQSERVERRELAY);
+                /* TLV t(000a) */
+                aimbs_put16(&fr->data, 0x000a);
+                aimbs_put16(&fr->data, 0x0002);
+                aimbs_put16(&fr->data, 0x0001);
+                /* TLV t(000f) */
+                aimbs_put16(&fr->data, 0x000f);
+                aimbs_put16(&fr->data, 0x0000);
+                /* TLV t(2711) */
+                aimbs_put16(&fr->data, 0x2711);
+                aimbs_put16(&fr->data, 0x0036);
+                { /* V */
+                        aimbs_putle16(&fr->data, 0x001b); /* L */
+                        aimbs_putle16(&fr->data, 0x0008); /* XXX - Protocol version */
+                        aimbs_putle32(&fr->data, 0x00000000); /* Unknown */
+                        aimbs_putle32(&fr->data, 0x00000000); /* Unknown */
+                        aimbs_putle32(&fr->data, 0x00000000); /* Unknown */
+                        aimbs_putle32(&fr->data, 0x00000000); /* Unknown */
+                        aimbs_putle16(&fr->data, 0x0000); /* Unknown */
+                        aimbs_putle16(&fr->data, 0x0003); /* Client features? */
+                        aimbs_putle16(&fr->data, 0x0000); /* Unknown */
+                        aimbs_putle8(&fr->data, 0x00); /* Unkizown */
+                        aimbs_putle16(&fr->data, 0xffff); /* Sequence number?  XXX - This should decrement by 1 with each request */
+                        aimbs_putle16(&fr->data, 0x000e); /* L */
+                        aimbs_putle16(&fr->data, 0xffff); /* Sequence number?  XXX - This should decrement by 1 with each request */
+                        aimbs_putle32(&fr->data, 0x00000000); /* Unknown */
+                        aimbs_putle32(&fr->data, 0x00000000); /* Unknown */
+                        aimbs_putle32(&fr->data, 0x00000000); /* Unknown */
+                        /* The type of status message being requested */
+                        if (type & AIM_ICQ_STATE_CHAT)
+                                aimbs_putle16(&fr->data, 0x03ec);
+                        else if(type & AIM_ICQ_STATE_DND)
+                                aimbs_putle16(&fr->data, 0x03eb);
+                        else if(type & AIM_ICQ_STATE_OUT)
+                                aimbs_putle16(&fr->data, 0x03ea);
+                        else if(type & AIM_ICQ_STATE_BUSY)
+                                aimbs_putle16(&fr->data, 0x03e9);
+                        else if(type & AIM_ICQ_STATE_AWAY)
+                                aimbs_putle16(&fr->data, 0x03e8);
+                        aimbs_putle16(&fr->data, 0x0000); /* Status? */
+                        aimbs_putle16(&fr->data, 0x0001); /* Priority of this message? */
+                        aimbs_putle16(&fr->data, 0x0001); /* L? */
+                        aimbs_putle8(&fr->data, 0x00); /* Null termination? */
+                } /* End TLV t(2711) */
+        } /* End TLV t(0005) */
+        /* TLV t(0003) */
+        aimbs_put16(&fr->data, 0x0003);
+        aimbs_put16(&fr->data, 0x0000);
+        aim_tx_enqueue(sess, fr);
+        return 0;
+}
+/**
+ * Subtype 0x0006
+ *
+ * This can be used to send an ICQ authorization reply (deny or grant).  It is the "old way."
+ * The new way is to use SSI.  I like the new way a lot better.  This seems like such a hack,
+ * mostly because it's in network byte order.  Figuring this stuff out sometimes takes a while,
+ * but thats ok, because it gives me time to try to figure out what kind of drugs the AOL people
+ * were taking when they merged the two protocols.
+ *
+ * @param sn The destination screen name.
+ * @param type The type of message.  0x0007 for authorization denied.  0x0008 for authorization granted.
+ * @param message The message you want to send, it should be null terminated.
+ * @return Return 0 if no errors, otherwise return the error number.
+ */
+faim_export int aim_send_im_ch4(aim_session_t *sess, char *sn, fu16_t type, fu8_t *message)
+{
+        aim_conn_t *conn;
+        aim_frame_t *fr;
+        aim_snacid_t snacid;
+        int i;
+        if (!sess || !(conn = aim_conn_findbygroup(sess, 0x0002)))
+                return -EINVAL;
+        if (!sn || !type || !message)
+                return -EINVAL;
+        if (!(fr = aim_tx_new(sess, conn, AIM_FRAMETYPE_FLAP, 0x02, 10+8+3+strlen(sn)+12+strlen(message)+1+4)))
+                return -ENOMEM;
+        snacid = aim_cachesnac(sess, 0x0004, 0x0006, 0x0000, NULL, 0);
+        aim_putsnac(&fr->data, 0x0004, 0x0006, 0x0000, snacid);
+        /*
+         * Cookie
+         */
+        for (i=0; i<8; i++)
+                aimbs_put8(&fr->data, (fu8_t)rand());
+        /*
+         * Channel (4)
+         */
+        aimbs_put16(&fr->data, 0x0004);
+        /*
+         * Dest sn
+         */
+        aimbs_put8(&fr->data, strlen(sn));
+        aimbs_putraw(&fr->data, sn, strlen(sn));
+        /*
+         * TLV t(0005)
+         *
+         * ICQ data (the UIN and the message).
+         */
+        aimbs_put16(&fr->data, 0x0005);
+        aimbs_put16(&fr->data, 4 + 2+2+strlen(message)+1);
+        /*
+         * Your UIN
+         */
+        aimbs_putle32(&fr->data, atoi(sess->sn));
+        /*
+         * TLV t(type) l(strlen(message)+1) v(message+NULL)
+         */
+        aimbs_putle16(&fr->data, type);
+        aimbs_putle16(&fr->data, strlen(message)+1);
+        aimbs_putraw(&fr->data, message, strlen(message)+1);
+        /*
+         * TLV t(0006) l(0000) v()
+         */
+        aimbs_put16(&fr->data, 0x0006);
+        aimbs_put16(&fr->data, 0x0000);
         aim_tx_enqueue(sess, fr);
 …
                         args.icbmflags |= AIM_IMFLAGS_BUDDYREQ;
+                } else if (type == 0x000b) { /* Non-direct connect typing notification */
+                        args.icbmflags |= AIM_IMFLAGS_TYPINGNOT;
                 } else if (type == 0x0017) {
 …
+}
+static void incomingim_ch2_sendfile_free(aim_session_t *sess, struct aim_incomingim_ch2_args *args)
+{
+        free(args->info.sendfile.filename);
+}
+static void incomingim_ch2_sendfile(aim_session_t *sess, aim_module_t *mod, aim_frame_t *rx, aim_modsnac_t *snac, aim_userinfo_t *userinfo, struct aim_incomingim_ch2_args *args, aim_bstream_t *servdata)
+{
+        args->destructor = (void *)incomingim_ch2_sendfile_free;
+        if (servdata) {
+                int flen;
+                /* subtype is one of AIM_OFT_SUBTYPE_* */
+                args->info.sendfile.subtype = aimbs_get16(servdata);
+                args->info.sendfile.totfiles = aimbs_get16(servdata);
+                args->info.sendfile.totsize = aimbs_get32(servdata);
+                /* XXX - create an aimbs_getnullstr function */
+                /* Use an inelegant way of getting the null-terminated filename,
+                 * since there's no easy bstream routine. */
+                for (flen = 0; aimbs_get8(servdata); flen++);
+                aim_bstream_advance(servdata, -flen -1);
+                args->info.sendfile.filename = aimbs_getstr(servdata, flen);
+                /* There is sometimes more after the null-terminated filename,
+                 * but I'm unsure of its format. */
+        }
+        return;
+}
 typedef void (*ch2_args_destructor_t)(aim_session_t *sess, struct aim_incomingim_ch2_args *args);
 …
          * First two bytes represent the status of the connection.
+         *
          * 0 is a request, 1 is a deny (?), 2 is an accept
+         * 0 is a request, 1 is a cancel, 2 is an accept
          */
         args.status = aimbs_get16(&bbs);
 …
         else if (args.reqclass & AIM_CAPS_ICQSERVERRELAY)
                 incomingim_ch2_icqserverrelay(sess, mod, rx, snac, userinfo, &args, sdbsptr);
+        else if (args.reqclass & AIM_CAPS_SENDFILE)
+                incomingim_ch2_sendfile(sess, mod, rx, snac, userinfo, &args, sdbsptr);
 …
+}
+static int incomingim_ch4(aim_session_t *sess, aim_module_t *mod, aim_frame_t *rx, aim_modsnac_t *snac, fu16_t channel, aim_userinfo_t *userinfo, aim_tlvlist_t *tlvlist, fu8_t *cookie)
+{
+        aim_bstream_t meat;
+        aim_rxcallback_t userfunc;
+        aim_tlv_t *block;
+        struct aim_incomingim_ch4_args args;
+        int ret = 0;
+        /*
+         * Make a bstream for the meaty part.  Yum.  Meat.
+         */
+        if (!(block = aim_gettlv(tlvlist, 0x0005, 1)))
+                return -1;
+        aim_bstream_init(&meat, block->value, block->length);
+        args.uin = aimbs_getle32(&meat);
+        args.type = aimbs_getle16(&meat);
+        args.msg = aimbs_getraw(&meat, aimbs_getle16(&meat));
+        if ((userfunc = aim_callhandler(sess, rx->conn, snac->family, snac->subtype)))
+                ret = userfunc(sess, rx, channel, userinfo, &args);
+        free(args.msg);
+        return ret;
+}
 /*
+ * Subtype 0x0007
+ *
  * It can easily be said that parsing ICBMs is THE single
  * most difficult thing to do in the in AIM protocol.  In
 …
          * is where Chat Invitiations and various client-client
          * connection negotiations come from.
+         *
+         *
+         * Channel 0x0004 is used for ICQ authorization, or
+         * possibly any system notice.
+         *
          */
         channel = aimbs_get16(bs);
 …
                 aim_freetlvchain(&tlvlist);
+        } else if (channel == 4) {
+                aim_tlvlist_t *tlvlist;
+                tlvlist = aim_readtlvchain(bs);
+                ret = incomingim_ch4(sess, mod, rx, snac, channel, &userinfo, tlvlist, cookie);
+                aim_freetlvchain(&tlvlist);
         } else {
 …
 /*
+ * Subtype 0x0008 - Send a warning to destsn.
+ *
+ * Flags:
+ *  AIM_WARN_ANON  Send as an anonymous (doesn't count as much)
+ *
+ * returns -1 on error (couldn't alloc packet), 0 on success.
+ *
+ */
+faim_export int aim_send_warning(aim_session_t *sess, aim_conn_t *conn, const char *destsn, fu32_t flags)
+{
+        aim_frame_t *fr;
+        aim_snacid_t snacid;
+        fu16_t outflags = 0x0000;
+        if (!(fr = aim_tx_new(sess, conn, AIM_FRAMETYPE_FLAP, 0x02, strlen(destsn)+13)))
+                return -ENOMEM;
+        snacid = aim_cachesnac(sess, 0x0004, 0x0008, 0x0000, destsn, strlen(destsn)+1);
+        aim_putsnac(&fr->data, 0x0004, 0x0008, 0x0000, snacid);
+        if (flags & AIM_WARN_ANON)
+                outflags |= 0x0001;
+        aimbs_put16(&fr->data, outflags);
+        aimbs_put8(&fr->data, strlen(destsn));
+        aimbs_putraw(&fr->data, destsn, strlen(destsn));
+        aim_tx_enqueue(sess, fr);
+        return 0;
+}
+/* Subtype 0x000a */
+static int missedcall(aim_session_t *sess, aim_module_t *mod, aim_frame_t *rx, aim_modsnac_t *snac, aim_bstream_t *bs)
+{
+        int ret = 0;
+        aim_rxcallback_t userfunc;
+        fu16_t channel, nummissed, reason;
+        aim_userinfo_t userinfo;
+        while (aim_bstream_empty(bs)) {
+                channel = aimbs_get16(bs);
+                aim_extractuserinfo(sess, bs, &userinfo);
+                nummissed = aimbs_get16(bs);
+                reason = aimbs_get16(bs);
+                if ((userfunc = aim_callhandler(sess, rx->conn, snac->family, snac->subtype)))
+                         ret = userfunc(sess, rx, channel, &userinfo, nummissed, reason);
+        }
+        return ret;
+}
+/*
+ * Subtype 0x000b
+ *
  * Possible codes:
  *    AIM_TRANSFER_DENY_NOTSUPPORTED -- "client does not support"
 …
 /*
  * aim_reqicbmparaminfo()
+ *
  * Request ICBM parameter information.
+ * Subtype 0x000b - Receive the response from an ICQ status message request.
+ *
+ * This contains the ICQ status message.  Go figure.
+ *
  */
+faim_export int aim_reqicbmparams(aim_session_t *sess)
+{
+        aim_conn_t *conn;
+        if (!sess || !(conn = aim_conn_findbygroup(sess, 0x0004)))
+                return -EINVAL;
+        return aim_genericreq_n(sess, conn, 0x0004, 0x0004);
+}
+/*
+ *
+ * I definitly recommend sending this.  If you don't, you'll be stuck
+ * with the rather unreasonable defaults.  You don't want those.  Send this.
+ *
+ */
+faim_export int aim_seticbmparam(aim_session_t *sess, struct aim_icbmparameters *params)
+{
+        aim_conn_t *conn;
+        aim_frame_t *fr;
+        aim_snacid_t snacid;
+        if (!sess || !(conn = aim_conn_findbygroup(sess, 0x0004)))
+                return -EINVAL;
+        if (!params)
+                return -EINVAL;
+        if (!(fr = aim_tx_new(sess, conn, AIM_FRAMETYPE_FLAP, 0x02, 10+16)))
+                return -ENOMEM;
+        snacid = aim_cachesnac(sess, 0x0004, 0x0002, 0x0000, NULL, 0);
+        aim_putsnac(&fr->data, 0x0004, 0x0002, 0x0000, snacid);
+        /* This is read-only (see Parameter Reply). Must be set to zero here. */
+        aimbs_put16(&fr->data, 0x0000);
+        /* These are all read-write */
+        aimbs_put32(&fr->data, params->flags);
+        aimbs_put16(&fr->data, params->maxmsglen);
+        aimbs_put16(&fr->data, params->maxsenderwarn);
+        aimbs_put16(&fr->data, params->maxrecverwarn);
+        aimbs_put32(&fr->data, params->minmsginterval);
+        aim_tx_enqueue(sess, fr);
+        return 0;
+}
+static int paraminfo(aim_session_t *sess, aim_module_t *mod, aim_frame_t *rx, aim_modsnac_t *snac, aim_bstream_t *bs)
+{
+        struct aim_icbmparameters params;
+        aim_rxcallback_t userfunc;
+        params.maxchan = aimbs_get16(bs);
+        params.flags = aimbs_get32(bs);
+        params.maxmsglen = aimbs_get16(bs);
+        params.maxsenderwarn = aimbs_get16(bs);
+        params.maxrecverwarn = aimbs_get16(bs);
+        params.minmsginterval = aimbs_get32(bs);
+        if ((userfunc = aim_callhandler(sess, rx->conn, snac->family, snac->subtype)))
+                return userfunc(sess, rx, &params);
+        return 0;
+}
+static int missedcall(aim_session_t *sess, aim_module_t *mod, aim_frame_t *rx, aim_modsnac_t *snac, aim_bstream_t *bs)
+{
+        int ret = 0;
+        aim_rxcallback_t userfunc;
+        fu16_t channel, nummissed, reason;
+        aim_userinfo_t userinfo;
+        while (aim_bstream_empty(bs)) {
+                channel = aimbs_get16(bs);
+                aim_extractuserinfo(sess, bs, &userinfo);
+                nummissed = aimbs_get16(bs);
+                reason = aimbs_get16(bs);
+                if ((userfunc = aim_callhandler(sess, rx->conn, snac->family, snac->subtype)))
+                         ret = userfunc(sess, rx, channel, &userinfo, nummissed, reason);
+        }
+        return ret;
+}
+static int clienterr(aim_session_t *sess, aim_module_t *mod, aim_frame_t *rx, aim_modsnac_t *snac, aim_bstream_t *bs)
+static int clientautoresp(aim_session_t *sess, aim_module_t *mod, aim_frame_t *rx, aim_modsnac_t *snac, aim_bstream_t *bs)
+{
         int ret = 0;
 …
         reason = aimbs_get16(bs);
+        if ((userfunc = aim_callhandler(sess, rx->conn, snac->family, snac->subtype)))
+                 ret = userfunc(sess, rx, channel, sn, reason);
+        if (channel == 0x0002) { /* File transfer declined */
+                if ((userfunc = aim_callhandler(sess, rx->conn, snac->family, snac->subtype)))
+                        ret = userfunc(sess, rx, channel, sn, reason, ck);
+        } else if (channel == 0x0004) { /* ICQ message */
+                switch (reason) {
+                        case 0x0003: { /* ICQ status message.  Maybe other stuff too, you never know with these people. */
+                                fu8_t statusmsgtype, *msg;
+                                fu16_t len;
+                                fu32_t state;
+                                len = aimbs_getle16(bs); /* Should be 0x001b */
+                                aim_bstream_advance(bs, len); /* Unknown */
+                                len = aimbs_getle16(bs); /* Should be 0x000e */
+                                aim_bstream_advance(bs, len); /* Unknown */
+                                statusmsgtype = aimbs_getle8(bs);
+                                switch (statusmsgtype) {
+                                        case 0xe8:
+                                                state = AIM_ICQ_STATE_AWAY;
+                                                break;
+                                        case 0xe9:
+                                                state = AIM_ICQ_STATE_AWAY | AIM_ICQ_STATE_BUSY;
+                                                break;
+                                        case 0xea:
+                                                state = AIM_ICQ_STATE_AWAY | AIM_ICQ_STATE_OUT;
+                                                break;
+                                        case 0xeb:
+                                                state = AIM_ICQ_STATE_AWAY | AIM_ICQ_STATE_DND | AIM_ICQ_STATE_BUSY;
+                                                break;
+                                        case 0xec:
+                                                state = AIM_ICQ_STATE_CHAT;
+                                                break;
+                                        default:
+                                                state = 0;
+                                                break;
+                                }
+                                aimbs_getle8(bs); /* Unknown - 0x03 Maybe this means this is an auto-reply */
+                                aimbs_getle16(bs); /* Unknown - 0x0000 */
+                                aimbs_getle16(bs); /* Unknown - 0x0000 */
+                                len = aimbs_getle16(bs);
+                                msg = aimbs_getraw(bs, len);
+                                if ((userfunc = aim_callhandler(sess, rx->conn, snac->family, snac->subtype)))
+                                        ret = userfunc(sess, rx, channel, sn, reason, state, msg);
+                                free(msg);
+                        } break;
+                        default: {
+                                if ((userfunc = aim_callhandler(sess, rx->conn, snac->family, snac->subtype)))
+                                        ret = userfunc(sess, rx, channel, sn, reason);
+                        } break;
+                } /* end switch */
+        }
         free(ck);
 …
+}
+/* Subtype 0x000c */
 static int msgack(aim_session_t *sess, aim_module_t *mod, aim_frame_t *rx, aim_modsnac_t *snac, aim_bstream_t *bs)
+{
 …
         free(sn);
         free(ck);
+        return ret;
+}
+/*
+ * Subtype 0x0014 - Send a mini typing notification (mtn) packet.
+ *
+ * This is supported by winaim5 and newer, MacAIM bleh and newer, iChat bleh and newer,
+ * and Gaim 0.60 and newer.
+ *
+ */
+faim_export int aim_mtn_send(aim_session_t *sess, fu16_t type1, char *sn, fu16_t type2)
+{
+        aim_conn_t *conn;
+        aim_frame_t *fr;
+        aim_snacid_t snacid;
+        if (!sess || !(conn = aim_conn_findbygroup(sess, 0x0002)))
+                return -EINVAL;
+        if (!sn)
+                return -EINVAL;
+        if (!(fr = aim_tx_new(sess, conn, AIM_FRAMETYPE_FLAP, 0x02, 10+11+strlen(sn)+2)))
+                return -ENOMEM;
+        snacid = aim_cachesnac(sess, 0x0004, 0x0014, 0x0000, NULL, 0);
+        aim_putsnac(&fr->data, 0x0004, 0x0014, 0x0000, snacid);
+        /*
+         * 8 days of light
+         * Er, that is to say, 8 bytes of 0's
+         */
+        aimbs_put16(&fr->data, 0x0000);
+        aimbs_put16(&fr->data, 0x0000);
+        aimbs_put16(&fr->data, 0x0000);
+        aimbs_put16(&fr->data, 0x0000);
+        /*
+         * Type 1 (should be 0x0001 for mtn)
+         */
+        aimbs_put16(&fr->data, type1);
+        /*
+         * Dest sn
+         */
+        aimbs_put8(&fr->data, strlen(sn));
+        aimbs_putraw(&fr->data, sn, strlen(sn));
+        /*
+         * Type 2 (should be 0x0000, 0x0001, or 0x0002 for mtn)
+         */
+        aimbs_put16(&fr->data, type2);
+        aim_tx_enqueue(sess, fr);
+        return 0;
+}
+/*
+ * Subtype 0x0014 - Receive a mini typing notification (mtn) packet.
+ *
+ * This is supported by winaim5 and newer, MacAIM bleh and newer, iChat bleh and newer,
+ * and Gaim 0.60 and newer.
+ *
+ */
+static int mtn_receive(aim_session_t *sess, aim_module_t *mod, aim_frame_t *rx, aim_modsnac_t *snac, aim_bstream_t *bs)
+{
+        int ret = 0;
+        aim_rxcallback_t userfunc;
+        char *sn;
+        fu8_t snlen;
+        fu16_t type1, type2;
+        aim_bstream_advance(bs, 8); /* Unknown - All 0's */
+        type1 = aimbs_get16(bs);
+        snlen = aimbs_get8(bs);
+        sn = aimbs_getstr(bs, snlen);
+        type2 = aimbs_get16(bs);
+        if ((userfunc = aim_callhandler(sess, rx->conn, snac->family, snac->subtype)))
+                ret = userfunc(sess, rx, type1, sn, type2);
+        free(sn);
         return ret;
 …
                 return missedcall(sess, mod, rx, snac, bs);
         else if (snac->subtype == 0x000b)
                 return clienterr(sess, mod, rx, snac, bs);
+                return clientautoresp(sess, mod, rx, snac, bs);
         else if (snac->subtype == 0x000c)
                 return msgack(sess, mod, rx, snac, bs);
+        else if (snac->subtype == 0x0014)
+                return mtn_receive(sess, mod, rx, snac, bs);
         return 0;
+}
+static int snacdestructor(aim_session_t *sess, aim_conn_t *conn, aim_modsnac_t *snac, void *data)
+{
+        aim_rxcallback_t userfunc;
+        int ret = 0;
+        if (snac->subtype == 0x0006) {
+                if ((userfunc = aim_callhandler(sess, conn, AIM_CB_FAM_SPECIAL, AIM_CB_SPECIAL_MSGTIMEOUT)))
+                        ret = userfunc(sess, NULL, conn, data);
+        }
+        /* Note that we return 1 for success, 0 for failure. */
+        return ret;
+}
 …
         strncpy(mod->name, "messaging", sizeof(mod->name));
         mod->snachandler = snachandler;
+        mod->snacdestructor = snacdestructor;
         return 0;

libfaim/info.c

-                      r5e53c4a
+                      r862371b
 /*
  * aim_info.c
+ * Family 0x0002 - Information.
+ *
  * The functions here are responsible for requesting and parsing information-
 …
 };
+/*
+ * Subtype 0x0002
+ *
+ * Request Location services rights.
+ *
+ */
+faim_export int aim_bos_reqlocaterights(aim_session_t *sess, aim_conn_t *conn)
+{
+        return aim_genericreq_n(sess, conn, 0x0002, 0x0002);
+}
+/*
+ * Subtype 0x0004
+ *
+ * Gives BOS your profile.
+ *
+ */
+faim_export int aim_bos_setprofile(aim_session_t *sess, aim_conn_t *conn, const char *profile, const char *awaymsg, fu32_t caps)
+{
+        static const char defencoding[] = {"text/aolrtf; charset=\"us-ascii\""};
+        aim_frame_t *fr;
+        aim_tlvlist_t *tl = NULL;
+        aim_snacid_t snacid;
+        /* Build to packet first to get real length */
+        if (profile) {
+                aim_addtlvtochain_raw(&tl, 0x0001, strlen(defencoding), defencoding);
+                aim_addtlvtochain_raw(&tl, 0x0002, strlen(profile), profile);
+        }
+        /*
+         * So here's how this works:
+         *   - You are away when you have a non-zero-length type 4 TLV stored.
+         *   - You become unaway when you clear the TLV with a zero-length
+         *       type 4 TLV.
+         *   - If you do not send the type 4 TLV, your status does not change
+         *       (that is, if you were away, you'll remain away).
+         */
+        if (awaymsg) {
+                if (strlen(awaymsg)) {
+                        aim_addtlvtochain_raw(&tl, 0x0003, strlen(defencoding), defencoding);
+                        aim_addtlvtochain_raw(&tl, 0x0004, strlen(awaymsg), awaymsg);
+                } else
+                        aim_addtlvtochain_noval(&tl, 0x0004);
+        }
+        aim_addtlvtochain_caps(&tl, 0x0005, caps);
+        if (!(fr = aim_tx_new(sess, conn, AIM_FRAMETYPE_FLAP, 0x02, 10 + aim_sizetlvchain(&tl))))
+                return -ENOMEM;
+        snacid = aim_cachesnac(sess, 0x0002, 0x0004, 0x0000, NULL, 0);
+        aim_putsnac(&fr->data, 0x0002, 0x004, 0x0000, snacid);
+        aim_writetlvchain(&fr->data, &tl);
+        aim_freetlvchain(&tl);
+        aim_tx_enqueue(sess, fr);
+        return 0;
+}
+/*
+ * Subtype 0x0005 - Request info of another AIM user.
+ *
+ */
 faim_export int aim_getinfo(aim_session_t *sess, aim_conn_t *conn, const char *sn, fu16_t infotype)
+{
 …
 x82, 0x22, 0x44, 0x45, 0x53, 0x54, 0x00, 0x00}},
+        /* from ICQ2002a
+        {AIM_CAPS_ICQUNKNOWN2,
+         {0x09, 0x46, 0x13, 0x4e, 0x4c, 0x7f, 0x11, 0xd1,
+x82, 0x22, 0x44, 0x45, 0x53, 0x54, 0x00, 0x00}}, */
         {AIM_CAPS_ICQRTF,
          {0x97, 0xb1, 0x27, 0x51, 0x24, 0x3c, 0x43, 0x34,
 xad, 0x22, 0xd6, 0xab, 0xf7, 0x3f, 0x14, 0x92}},
+        /* supposed to be ICQRTF?
+        {AIM_CAPS_TRILLUNKNOWN,
+         {0x97, 0xb1, 0x27, 0x51, 0x24, 0x3c, 0x43, 0x34,
+xad, 0x22, 0xd6, 0xab, 0xf7, 0x3f, 0x14, 0x09}}, */
         {AIM_CAPS_ICQUNKNOWN,
          {0x2e, 0x7a, 0x64, 0x75, 0xfa, 0xdf, 0x4d, 0xc8,
 …
         {AIM_CAPS_APINFO,
+         {0xAA, 0x4A, 0x32, 0xB5,
+xF8, 0x84,
+x48, 0xc6,
+xA3, 0xD7,
+x8C, 0x50, 0x97, 0x19, 0xFD, 0x5B}},
+         {0xAA, 0x4A, 0x32, 0xB5, 0xF8, 0x84, 0x48, 0xc6,
+xA3, 0xD7, 0x8C, 0x50, 0x97, 0x19, 0xFD, 0x5B}},
         {AIM_CAPS_LAST}
 …
                 } else if (type == 0x0002) {
                         /*
                          * Type = 0x0002: Account creation time.
+                         * Type = 0x0002: Account creation time.
+                         *
                          * The time/date that the user originally registered for
 …
                          * This is sometimes sent instead of type 2 ("account
                          * creation time"), particularly in the self-info.
+                         * And particularly for ICQ?
                          */
                         outinfo->membersince = aimbs_get32(bs);
 …
                 aim_addtlvtochain16(&tlvlist, 0x0004, info->idletime);
+/* XXX - So, ICQ_OSCAR_SUPPORT is never defined anywhere... */
 #if ICQ_OSCAR_SUPPORT
         if (atoi(info->sn) != 0) {
 …
         if (info->present & AIM_USERINFO_PRESENT_CAPABILITIES)
                 aim_addtlvtochain_caps(&tlvlist, 0x000d, info->capabilities);
         if (info->present & AIM_USERINFO_PRESENT_SESSIONLEN)
                 aim_addtlvtochain32(&tlvlist, (fu16_t)((info->flags & AIM_FLAG_AOL) ? 0x0010 : 0x000f), info->sessionlen);
 …
+}
+faim_export int aim_sendbuddyoncoming(aim_session_t *sess, aim_conn_t *conn, aim_userinfo_t *info)
+{
+        aim_frame_t *fr;
+        aim_snacid_t snacid;
+        if (!sess || !conn || !info)
+                return -EINVAL;
+        if (!(fr = aim_tx_new(sess, conn, AIM_FRAMETYPE_FLAP, 0x02, 1152)))
+                return -ENOMEM;
+        snacid = aim_cachesnac(sess, 0x0003, 0x000b, 0x0000, NULL, 0);
+        aim_putsnac(&fr->data, 0x0003, 0x000b, 0x0000, snacid);
+        aim_putuserinfo(&fr->data, info);
+        aim_tx_enqueue(sess, fr);
+        return 0;
+}
+faim_export int aim_sendbuddyoffgoing(aim_session_t *sess, aim_conn_t *conn, const char *sn)
+{
+        aim_frame_t *fr;
+        aim_snacid_t snacid;
+        if (!sess || !conn || !sn)
+                return -EINVAL;
+        if (!(fr = aim_tx_new(sess, conn, AIM_FRAMETYPE_FLAP, 0x02, 10+1+strlen(sn))))
+                return -ENOMEM;
+        snacid = aim_cachesnac(sess, 0x0003, 0x000c, 0x0000, NULL, 0);
+        aim_putsnac(&fr->data, 0x0003, 0x000c, 0x0000, snacid);
+        aimbs_put8(&fr->data, strlen(sn));
+        aimbs_putraw(&fr->data, sn, strlen(sn));
+        aim_tx_enqueue(sess, fr);
+        return 0;
+}
+/*
+ * Huh? What is this?
+/*
+ * Subtype 0x000b - Huh? What is this?
  */
 faim_export int aim_0002_000b(aim_session_t *sess, aim_conn_t *conn, const char *sn)
 …
 /*
+ * Subtype 0x0003
+ *
  * Normally contains:
  *   t(0001)  - short containing max profile length (value = 1024)
  *   t(0002)  - short - unknown (value = 16) [max MIME type length?]
  *   t(0003)  - short - unknown (value = 10)
+ *   t(0004)  - short - unknown (value = 2048) [ICQ only?]
  */
 static int rights(aim_session_t *sess, aim_module_t *mod, aim_frame_t *rx, aim_modsnac_t *snac, aim_bstream_t *bs)
 …
+}
+/* Subtype 0x0006 */
 static int userinfo(aim_session_t *sess, aim_module_t *mod, aim_frame_t *rx, aim_modsnac_t *snac, aim_bstream_t *bs)
+{
 …
+}
+/*
+ * Subtype 0x0009 - Set directory profile data.
+ *
+ * This is not the same as aim_bos_setprofile!
+ * privacy: 1 to allow searching, 0 to disallow.
+ *
+ */
+faim_export int aim_setdirectoryinfo(aim_session_t *sess, aim_conn_t *conn, const char *first, const char *middle, const char *last, const char *maiden, const char *nickname, const char *street, const char *city, const char *state, const char *zip, int country, fu16_t privacy)
+{
+        aim_frame_t *fr;
+        aim_snacid_t snacid;
+        aim_tlvlist_t *tl = NULL;
+        aim_addtlvtochain16(&tl, 0x000a, privacy);
+        if (first)
+                aim_addtlvtochain_raw(&tl, 0x0001, strlen(first), first);
+        if (last)
+                aim_addtlvtochain_raw(&tl, 0x0002, strlen(last), last);
+        if (middle)
+                aim_addtlvtochain_raw(&tl, 0x0003, strlen(middle), middle);
+        if (maiden)
+                aim_addtlvtochain_raw(&tl, 0x0004, strlen(maiden), maiden);
+        if (state)
+                aim_addtlvtochain_raw(&tl, 0x0007, strlen(state), state);
+        if (city)
+                aim_addtlvtochain_raw(&tl, 0x0008, strlen(city), city);
+        if (nickname)
+                aim_addtlvtochain_raw(&tl, 0x000c, strlen(nickname), nickname);
+        if (zip)
+                aim_addtlvtochain_raw(&tl, 0x000d, strlen(zip), zip);
+        if (street)
+                aim_addtlvtochain_raw(&tl, 0x0021, strlen(street), street);
+        if (!(fr = aim_tx_new(sess, conn, AIM_FRAMETYPE_FLAP, 0x02, 10+aim_sizetlvchain(&tl))))
+                return -ENOMEM;
+        snacid = aim_cachesnac(sess, 0x0002, 0x0009, 0x0000, NULL, 0);
+        aim_putsnac(&fr->data, 0x0002, 0x0009, 0x0000, snacid);
+        aim_writetlvchain(&fr->data, &tl);
+        aim_freetlvchain(&tl);
+        aim_tx_enqueue(sess, fr);
+        return 0;
+}
+/*
+ * Subtype 0x000f
+ *
+ * XXX pass these in better
+ *
+ */
+faim_export int aim_setuserinterests(aim_session_t *sess, aim_conn_t *conn, const char *interest1, const char *interest2, const char *interest3, const char *interest4, const char *interest5, fu16_t privacy)
+{
+        aim_frame_t *fr;
+        aim_snacid_t snacid;
+        aim_tlvlist_t *tl = NULL;
+        /* ?? privacy ?? */
+        aim_addtlvtochain16(&tl, 0x000a, privacy);
+        if (interest1)
+                aim_addtlvtochain_raw(&tl, 0x0000b, strlen(interest1), interest1);
+        if (interest2)
+                aim_addtlvtochain_raw(&tl, 0x0000b, strlen(interest2), interest2);
+        if (interest3)
+                aim_addtlvtochain_raw(&tl, 0x0000b, strlen(interest3), interest3);
+        if (interest4)
+                aim_addtlvtochain_raw(&tl, 0x0000b, strlen(interest4), interest4);
+        if (interest5)
+                aim_addtlvtochain_raw(&tl, 0x0000b, strlen(interest5), interest5);
+        if (!(fr = aim_tx_new(sess, conn, AIM_FRAMETYPE_FLAP, 0x02, 10+aim_sizetlvchain(&tl))))
+                return -ENOMEM;
+        snacid = aim_cachesnac(sess, 0x0002, 0x000f, 0x0000, NULL, 0);
+        aim_putsnac(&fr->data, 0x0002, 0x000f, 0x0000, 0);
+        aim_writetlvchain(&fr->data, &tl);
+        aim_freetlvchain(&tl);
+        aim_tx_enqueue(sess, fr);
+        return 0;
+}
 static int snachandler(aim_session_t *sess, aim_module_t *mod, aim_frame_t *rx, aim_modsnac_t *snac, aim_bstream_t *bs)
+{

libfaim/invite.c

r5e53c4a	r862371b
1	1	/*
2		* This isn't really ever used by anyone anymore.
	2	* Family 0x0006 - This isn't really ever used by anyone anymore.
3	3	*
4	4	* Once upon a time, there used to be a menu item in AIM clients that
…	…
33	33	return 0;
34	34	}
35
36

libfaim/meta.c

-                      r5e53c4a
+                      r862371b
 #define FAIM_INTERNAL
 #include <aim.h>
+#ifdef _WIN32
+#include "win32dep.h"
+#endif
 faim_export char *aim_getbuilddate(void)
 …
 faim_internal void faimdprintf(aim_session_t *sess, int dlevel, const char *format, ...)
+{
+  return; /* kretch */
         if (!sess) {
                 fprintf(stderr, "faimdprintf: no session! boo! (%d, %s)\n", dlevel, format);

libfaim/misc.c

-                      r5e53c4a
+                      r862371b
 /*
  * aim_misc.c
+ * misc.c
+ *
+ * TODO: Seperate a lot of this into an aim_bos.c.
+ *
+ * Other things...
+ *
+ *   - Idle setting
+ *
+ * Random stuff.  Basically just a few functions for sending
+ * simple SNACs, and then the generic error handler.
+ *
  */
 …
 #define FAIM_INTERNAL
 #include <aim.h>
-/*
- * aim_bos_setbuddylist(buddylist)
+ *
- * This just builds the "set buddy list" command then queues it.
+ *
- * buddy_list = "Screen Name One&ScreenNameTwo&";
+ *
- * TODO: Clean this up.
+ *
- * XXX: I can't stress the TODO enough.
+ *
- */
-faim_export int aim_bos_setbuddylist(aim_session_t *sess, aim_conn_t *conn, const char *buddy_list)
+{
-        aim_frame_t *fr;
-        aim_snacid_t snacid;
-        int len = 0;
-        char *localcpy = NULL;
-        char *tmpptr = NULL;
-        if (!buddy_list || !(localcpy = strdup(buddy_list)))
-                return -EINVAL;
-        for (tmpptr = strtok(localcpy, "&"); tmpptr; ) {
-                faimdprintf(sess, 2, "---adding: %s (%d)\n", tmpptr, strlen(tmpptr));
-                len += 1 + strlen(tmpptr);
-                tmpptr = strtok(NULL, "&");
+        }
-        if (!(fr = aim_tx_new(sess, conn, AIM_FRAMETYPE_FLAP, 0x02, 10+len)))
-                return -ENOMEM;
-        snacid = aim_cachesnac(sess, 0x0003, 0x0004, 0x0000, NULL, 0);
-        aim_putsnac(&fr->data, 0x0003, 0x0004, 0x0000, snacid);
-        strncpy(localcpy, buddy_list, strlen(buddy_list) + 1);
-        for (tmpptr = strtok(localcpy, "&"); tmpptr; ) {
-                faimdprintf(sess, 2, "---adding: %s (%d)\n", tmpptr, strlen(tmpptr));
-                aimbs_put8(&fr->data, strlen(tmpptr));
-                aimbs_putraw(&fr->data, tmpptr, strlen(tmpptr));
-                tmpptr = strtok(NULL, "&");
+        }
-        aim_tx_enqueue(sess, fr);
-        free(localcpy);
-        return 0;
+}
-/*
- * aim_bos_setprofile(profile)
+ *
- * Gives BOS your profile.
+ *
- */
-faim_export int aim_bos_setprofile(aim_session_t *sess, aim_conn_t *conn, const char *profile, const char *awaymsg, fu32_t caps)
+{
-        static const char defencoding[] = {"text/aolrtf; charset=\"us-ascii\""};
-        aim_frame_t *fr;
-        aim_tlvlist_t *tl = NULL;
-        aim_snacid_t snacid;
-        /* Build to packet first to get real length */
-        if (profile) {
-                aim_addtlvtochain_raw(&tl, 0x0001, strlen(defencoding), defencoding);
-                aim_addtlvtochain_raw(&tl, 0x0002, strlen(profile), profile);
+        }
-        /*
-         * So here's how this works:
-         *   - You are away when you have a non-zero-length type 4 TLV stored.
-         *   - You become unaway when you clear the TLV with a zero-length
-         *       type 4 TLV.
-         *   - If you do not send the type 4 TLV, your status does not change
-         *       (that is, if you were away, you'll remain away).
-         */
-        if (awaymsg) {
-                if (strlen(awaymsg)) {
-                        aim_addtlvtochain_raw(&tl, 0x0003, strlen(defencoding), defencoding);
-                        aim_addtlvtochain_raw(&tl, 0x0004, strlen(awaymsg), awaymsg);
-                } else
-                        aim_addtlvtochain_noval(&tl, 0x0004);
+        }
-        aim_addtlvtochain_caps(&tl, 0x0005, caps);
-        if (!(fr = aim_tx_new(sess, conn, AIM_FRAMETYPE_FLAP, 0x02, 10 + aim_sizetlvchain(&tl))))
-                return -ENOMEM;
-        snacid = aim_cachesnac(sess, 0x0002, 0x0004, 0x0000, NULL, 0);
-        aim_putsnac(&fr->data, 0x0002, 0x004, 0x0000, snacid);
-        aim_writetlvchain(&fr->data, &tl);
-        aim_freetlvchain(&tl);
-        aim_tx_enqueue(sess, fr);
-        return 0;
+}
-/*
- * aim_bos_reqbuddyrights()
+ *
- * Request Buddy List rights.
+ *
- */
-faim_export int aim_bos_reqbuddyrights(aim_session_t *sess, aim_conn_t *conn)
+{
-        return aim_genericreq_n(sess, conn, 0x0003, 0x0002);
+}
-/*
- * Send a warning to destsn.
+ *
- * Flags:
- *  AIM_WARN_ANON  Send as an anonymous (doesn't count as much)
+ *
- * returns -1 on error (couldn't alloc packet), 0 on success.
+ *
- */
-faim_export int aim_send_warning(aim_session_t *sess, aim_conn_t *conn, const char *destsn, fu32_t flags)
+{
-        aim_frame_t *fr;
-        aim_snacid_t snacid;
-        fu16_t outflags = 0x0000;
-        if (!(fr = aim_tx_new(sess, conn, AIM_FRAMETYPE_FLAP, 0x02, strlen(destsn)+13)))
-                return -ENOMEM;
-        snacid = aim_cachesnac(sess, 0x0004, 0x0008, 0x0000, destsn, strlen(destsn)+1);
-        aim_putsnac(&fr->data, 0x0004, 0x0008, 0x0000, snacid);
-        if (flags & AIM_WARN_ANON)
-                outflags |= 0x0001;
-        aimbs_put16(&fr->data, outflags);
-        aimbs_put8(&fr->data, strlen(destsn));
-        aimbs_putraw(&fr->data, destsn, strlen(destsn));
-        aim_tx_enqueue(sess, fr);
-        return 0;
+}
 /*
 …
 /*
- * aim_bos_reqlocaterights()
+ *
- * Request Location services rights.
+ *
- */
-faim_export int aim_bos_reqlocaterights(aim_session_t *sess, aim_conn_t *conn)
+{
-        return aim_genericreq_n(sess, conn, 0x0002, 0x0002);
+}
-/*
- * Set directory profile data (not the same as aim_bos_setprofile!)
+ *
- * privacy: 1 to allow searching, 0 to disallow.
- */
-faim_export int aim_setdirectoryinfo(aim_session_t *sess, aim_conn_t *conn, const char *first, const char *middle, const char *last, const char *maiden, const char *nickname, const char *street, const char *city, const char *state, const char *zip, int country, fu16_t privacy)
+{
-        aim_frame_t *fr;
-        aim_snacid_t snacid;
-        aim_tlvlist_t *tl = NULL;
-        aim_addtlvtochain16(&tl, 0x000a, privacy);
-        if (first)
-                aim_addtlvtochain_raw(&tl, 0x0001, strlen(first), first);
-        if (last)
-                aim_addtlvtochain_raw(&tl, 0x0002, strlen(last), last);
-        if (middle)
-                aim_addtlvtochain_raw(&tl, 0x0003, strlen(middle), middle);
-        if (maiden)
-                aim_addtlvtochain_raw(&tl, 0x0004, strlen(maiden), maiden);
-        if (state)
-                aim_addtlvtochain_raw(&tl, 0x0007, strlen(state), state);
-        if (city)
-                aim_addtlvtochain_raw(&tl, 0x0008, strlen(city), city);
-        if (nickname)
-                aim_addtlvtochain_raw(&tl, 0x000c, strlen(nickname), nickname);
-        if (zip)
-                aim_addtlvtochain_raw(&tl, 0x000d, strlen(zip), zip);
-        if (street)
-                aim_addtlvtochain_raw(&tl, 0x0021, strlen(street), street);
-        if (!(fr = aim_tx_new(sess, conn, AIM_FRAMETYPE_FLAP, 0x02, 10+aim_sizetlvchain(&tl))))
-                return -ENOMEM;
-        snacid = aim_cachesnac(sess, 0x0002, 0x0009, 0x0000, NULL, 0);
-        aim_putsnac(&fr->data, 0x0002, 0x0009, 0x0000, snacid);
-        aim_writetlvchain(&fr->data, &tl);
-        aim_freetlvchain(&tl);
-        aim_tx_enqueue(sess, fr);
-        return 0;
+}
-/* XXX pass these in better */
-faim_export int aim_setuserinterests(aim_session_t *sess, aim_conn_t *conn, const char *interest1, const char *interest2, const char *interest3, const char *interest4, const char *interest5, fu16_t privacy)
+{
-        aim_frame_t *fr;
-        aim_snacid_t snacid;
-        aim_tlvlist_t *tl = NULL;
-        /* ?? privacy ?? */
-        aim_addtlvtochain16(&tl, 0x000a, privacy);
-        if (interest1)
-                aim_addtlvtochain_raw(&tl, 0x0000b, strlen(interest1), interest1);
-        if (interest2)
-                aim_addtlvtochain_raw(&tl, 0x0000b, strlen(interest2), interest2);
-        if (interest3)
-                aim_addtlvtochain_raw(&tl, 0x0000b, strlen(interest3), interest3);
-        if (interest4)
-                aim_addtlvtochain_raw(&tl, 0x0000b, strlen(interest4), interest4);
-        if (interest5)
-                aim_addtlvtochain_raw(&tl, 0x0000b, strlen(interest5), interest5);
-        if (!(fr = aim_tx_new(sess, conn, AIM_FRAMETYPE_FLAP, 0x02, 10+aim_sizetlvchain(&tl))))
-                return -ENOMEM;
-        snacid = aim_cachesnac(sess, 0x0002, 0x000f, 0x0000, NULL, 0);
-        aim_putsnac(&fr->data, 0x0002, 0x000f, 0x0000, 0);
-        aim_writetlvchain(&fr->data, &tl);
-        aim_freetlvchain(&tl);
-        aim_tx_enqueue(sess, fr);
-        return 0;
+}
-/*
  * Should be generic enough to handle the errors for all groups.
+ *
 …
         return 0;
+}

libfaim/msgcookie.c

r5e53c4a	r862371b
193	193	}
194	194	}
195
196

libfaim/popups.c

-                      r5e53c4a
+                      r862371b
 /*
+ * Family 0x0008 - Popups.
+ *
  * Popups are just what it sounds like.  They're a way for the server to
  * open up an informative box on the client's screen.
 …
         return 0;
+}

libfaim/rxhandlers.c

-                      r5e53c4a
+                      r862371b
 /*
  * aim_rxhandlers.c
+ * rxhandlers.c
+ *
  * This file contains most all of the incoming packet handlers, along
 …
         (aim_module_t *)sess->modlistv = mod;
         /* faimdprintf(sess, 1, "registered module %s (family 0x%04x, version = 0x%04x, tool 0x%04x, tool version 0x%04x)\n", mod->name, mod->family, mod->version, mod->toolid, mod->toolversion); */
+        faimdprintf(sess, 1, "registered module %s (family 0x%04x, version = 0x%04x, tool 0x%04x, tool version 0x%04x)\n", mod->name, mod->family, mod->version, mod->toolid, mod->toolversion);
         return 0;
 …
                                 cur->handled = 1; /* get rid of it */
                         } else {
+                                /* XXX: implement this */
+                                faimdprintf(sess, 0, "faim: OFT frame!\n");
+                                cur->handled = 1; /* get rid of it */
+                                aim_rxdispatch_rendezvous(sess, cur);
+                                cur->handled = 1;
+                        }
                         continue;
 …
         return 1;
+}

libfaim/rxqueue.c

-                      r5e53c4a
+                      r862371b
 /*
  *  aim_rxqueue.c
+ * rxqueue.c
+ *
  * This file contains the management routines for the receive
 …
+}
+faim_internal int aim_bstream_init(aim_bstream_t *bs, fu8_t *data, int len)
+{
+        if (!bs)
+                return -1;
+        bs->data = data;
+        bs->len = len;
+        bs->offset = 0;
+        return 0;
+}
+faim_internal int aim_bstream_empty(aim_bstream_t *bs)
+{
+        return bs->len - bs->offset;
+}
+faim_internal int aim_bstream_curpos(aim_bstream_t *bs)
+{
+        return bs->offset;
+}
+faim_internal int aim_bstream_setpos(aim_bstream_t *bs, int off)
+{
+        if (off > bs->len)
+                return -1;
+        bs->offset = off;
+        return off;
+}
+faim_internal void aim_bstream_rewind(aim_bstream_t *bs)
+{
+        aim_bstream_setpos(bs, 0);
+/**
+ * aim_frame_destroy - free aim_frame_t
+ * @frame: the frame to free
+ *
+ * returns -1 on error; 0 on success.
+ *
+ */
+faim_internal void aim_frame_destroy(aim_frame_t *frame)
+{
+        free(frame->data.data); /* XXX aim_bstream_free */
+        free(frame);
         return;
+}
+faim_internal int aim_bstream_advance(aim_bstream_t *bs, int n)
+{
+        if (aim_bstream_empty(bs) < n)
+                return 0; /* XXX throw an exception */
+        bs->offset += n;
+        return n;
+}
+faim_internal fu8_t aimbs_get8(aim_bstream_t *bs)
+{
+        if (aim_bstream_empty(bs) < 1)
+                return 0; /* XXX throw an exception */
+        bs->offset++;
+        return aimutil_get8(bs->data + bs->offset - 1);
+}
+faim_internal fu16_t aimbs_get16(aim_bstream_t *bs)
+{
+        if (aim_bstream_empty(bs) < 2)
+                return 0; /* XXX throw an exception */
+        bs->offset += 2;
+        return aimutil_get16(bs->data + bs->offset - 2);
+}
+faim_internal fu32_t aimbs_get32(aim_bstream_t *bs)
+{
+        if (aim_bstream_empty(bs) < 4)
+                return 0; /* XXX throw an exception */
+        bs->offset += 4;
+        return aimutil_get32(bs->data + bs->offset - 4);
+}
+faim_internal fu8_t aimbs_getle8(aim_bstream_t *bs)
+{
+        if (aim_bstream_empty(bs) < 1)
+                return 0; /* XXX throw an exception */
+        bs->offset++;
+        return aimutil_getle8(bs->data + bs->offset - 1);
+}
+faim_internal fu16_t aimbs_getle16(aim_bstream_t *bs)
+{
+        if (aim_bstream_empty(bs) < 2)
+                return 0; /* XXX throw an exception */
+        bs->offset += 2;
+        return aimutil_getle16(bs->data + bs->offset - 2);
+}
+faim_internal fu32_t aimbs_getle32(aim_bstream_t *bs)
+{
+        if (aim_bstream_empty(bs) < 4)
+                return 0; /* XXX throw an exception */
+        bs->offset += 4;
+        return aimutil_getle32(bs->data + bs->offset - 4);
+}
+faim_internal int aimbs_put8(aim_bstream_t *bs, fu8_t v)
+{
+        if (aim_bstream_empty(bs) < 1)
+                return 0; /* XXX throw an exception */
+        bs->offset += aimutil_put8(bs->data + bs->offset, v);
+        return 1;
+}
+faim_internal int aimbs_put16(aim_bstream_t *bs, fu16_t v)
+{
+        if (aim_bstream_empty(bs) < 2)
+                return 0; /* XXX throw an exception */
+        bs->offset += aimutil_put16(bs->data + bs->offset, v);
+        return 2;
+}
+faim_internal int aimbs_put32(aim_bstream_t *bs, fu32_t v)
+{
+        if (aim_bstream_empty(bs) < 4)
+                return 0; /* XXX throw an exception */
+        bs->offset += aimutil_put32(bs->data + bs->offset, v);
+        return 1;
+}
+faim_internal int aimbs_putle8(aim_bstream_t *bs, fu8_t v)
+{
+        if (aim_bstream_empty(bs) < 1)
+                return 0; /* XXX throw an exception */
+        bs->offset += aimutil_putle8(bs->data + bs->offset, v);
+        return 1;
+}
+faim_internal int aimbs_putle16(aim_bstream_t *bs, fu16_t v)
+{
+        if (aim_bstream_empty(bs) < 2)
+                return 0; /* XXX throw an exception */
+        bs->offset += aimutil_putle16(bs->data + bs->offset, v);
+        return 2;
+}
+faim_internal int aimbs_putle32(aim_bstream_t *bs, fu32_t v)
+{
+        if (aim_bstream_empty(bs) < 4)
+                return 0; /* XXX throw an exception */
+        bs->offset += aimutil_putle32(bs->data + bs->offset, v);
+        return 1;
+}
+faim_internal int aimbs_getrawbuf(aim_bstream_t *bs, fu8_t *buf, int len)
+{
+        if (aim_bstream_empty(bs) < len)
+                return 0;
+        memcpy(buf, bs->data + bs->offset, len);
+        bs->offset += len;
+        return len;
+}
+faim_internal fu8_t *aimbs_getraw(aim_bstream_t *bs, int len)
+{
+        fu8_t *ob;
+        if (!(ob = malloc(len)))
+                return NULL;
+        if (aimbs_getrawbuf(bs, ob, len) < len) {
+                free(ob);
+                return NULL;
+        }
+        return ob;
+}
+faim_internal char *aimbs_getstr(aim_bstream_t *bs, int len)
+{
+        char *ob;
+        if (!(ob = malloc(len+1)))
+                return NULL;
+        if (aimbs_getrawbuf(bs, ob, len) < len) {
+                free(ob);
+                return NULL;
+        }
+        ob[len] = '\0';
+        return ob;
+}
+faim_internal int aimbs_putraw(aim_bstream_t *bs, const fu8_t *v, int len)
+{
+        if (aim_bstream_empty(bs) < len)
+                return 0; /* XXX throw an exception */
+        memcpy(bs->data + bs->offset, v, len);
+        bs->offset += len;
+        return len;
+}
+faim_internal int aimbs_putbs(aim_bstream_t *bs, aim_bstream_t *srcbs, int len)
+{
+        if (aim_bstream_empty(srcbs) < len)
+                return 0; /* XXX throw exception (underrun) */
+        if (aim_bstream_empty(bs) < len)
+                return 0; /* XXX throw exception (overflow) */
+        memcpy(bs->data + bs->offset, srcbs->data + srcbs->offset, len);
+        bs->offset += len;
+        srcbs->offset += len;
+        return len;
+}
+/**
+ * aim_frame_destroy - free aim_frame_t
+ * @frame: the frame to free
+ *
+ * returns -1 on error; 0 on success.
+ *
+ */
+faim_internal void aim_frame_destroy(aim_frame_t *frame)
+{
+        free(frame->data.data); /* XXX aim_bstream_free */
+        if (frame->hdrtype == AIM_FRAMETYPE_OFT)
+                free(frame->hdr.oft.hdr2);
+        free(frame);
+        return;
+}
+/*
+ * Grab a single command sequence off the socket, and enqueue
+ * it in the incoming event queue in a seperate struct.
+ */
+faim_export int aim_get_command(aim_session_t *sess, aim_conn_t *conn)
+/*
+ * Read a FLAP header from conn into fr, and return the number of bytes in the payload.
+ */
+static faim_shortfunc int aim_get_command_flap(aim_session_t *sess, aim_conn_t *conn, aim_frame_t *fr)
+{
         fu8_t flaphdr_raw[6];
         aim_bstream_t flaphdr;
-        aim_frame_t *newrx;
         fu16_t payloadlen;
-        if (!sess || !conn)
-                return 0;
-        if (conn->fd == -1)
-                return -1; /* its a aim_conn_close()'d connection */
-        if (conn->fd < 3)  /* can happen when people abuse the interface */
-                return 0;
-        if (conn->status & AIM_CONN_STATUS_INPROGRESS)
-                return aim_conn_completeconnect(sess, conn);
-        /*
-         * Rendezvous (client-client) connections do not speak
-         * FLAP, so this function will break on them.
-         */
-        if (conn->type == AIM_CONN_TYPE_RENDEZVOUS)
-                return aim_get_command_rendezvous(sess, conn);
-        else if (conn->type == AIM_CONN_TYPE_RENDEZVOUS_OUT) {
-                faimdprintf(sess, 0, "AIM_CONN_TYPE_RENDEZVOUS_OUT on fd %d\n", conn->fd);
-                return 0;
+        }
         aim_bstream_init(&flaphdr, flaphdr_raw, sizeof(flaphdr_raw));
         /*
          * Read FLAP header.  Six bytes:
+         *
          *   0 char  -- Always 0x2a
          *   1 char  -- Channel ID.  Usually 2 -- 1 and 4 are used during login.
          *   2 short -- Sequence number
+         *   2 short -- Sequence number
          *   4 short -- Number of data bytes that follow.
          */
 …
+        }
-        /* allocate a new struct */
-        if (!(newrx = (aim_frame_t *)malloc(sizeof(aim_frame_t))))
-                return -1;
-        memset(newrx, 0, sizeof(aim_frame_t));
         /* we're doing FLAP if we're here */
+        newrx->hdrtype = AIM_FRAMETYPE_FLAP;
+        newrx->hdr.flap.type = aimbs_get8(&flaphdr);
+        newrx->hdr.flap.seqnum = aimbs_get16(&flaphdr);
+        payloadlen = aimbs_get16(&flaphdr);
+        fr->hdrtype = AIM_FRAMETYPE_FLAP;
+        fr->hdr.flap.type = aimbs_get8(&flaphdr);
+        fr->hdr.flap.seqnum = aimbs_get16(&flaphdr);
+        payloadlen = aimbs_get16(&flaphdr); /* length of payload */
+        return payloadlen;
+}
+/*
+ * Read a rendezvous header from conn into fr, and return the number of bytes in the payload.
+ */
+static int aim_get_command_rendezvous(aim_session_t *sess, aim_conn_t *conn, aim_frame_t *fr)
+{
+        fu8_t rendhdr_raw[8];
+        aim_bstream_t rendhdr;
+        aim_bstream_init(&rendhdr, rendhdr_raw, sizeof(rendhdr_raw));
+        if (aim_bstream_recv(&rendhdr, conn->fd, 8) < 8) {
+                aim_conn_close(conn);
+                return -1;
+        }
+        aim_bstream_rewind(&rendhdr);
+        fr->hdrtype = AIM_FRAMETYPE_OFT; /* a misnomer--rendezvous */
+        aimbs_getrawbuf(&rendhdr, fr->hdr.rend.magic, 4);
+        fr->hdr.rend.hdrlen = aimbs_get16(&rendhdr) - 8;
+        fr->hdr.rend.type = aimbs_get16(&rendhdr);
+        return fr->hdr.rend.hdrlen;
+}
+/*
+ * Grab a single command sequence off the socket, and enqueue it in the incoming event queue
+ * in a separate struct.
+ */
+faim_export int aim_get_command(aim_session_t *sess, aim_conn_t *conn)
+{
+        aim_frame_t *newrx;
+        fu16_t payloadlen;
+        if (!sess || !conn)
+                return -1;
+        if (conn->fd == -1)
+                return -1; /* it's an aim_conn_close()'d connection */
+        if (conn->fd < 3) /* can happen when people abuse the interface */
+                return -1;
+        if (conn->status & AIM_CONN_STATUS_INPROGRESS)
+                return aim_conn_completeconnect(sess, conn);
+        if (!(newrx = (aim_frame_t *)calloc(sizeof(aim_frame_t), 1)))
+                return -1;
+        /*
+         * Rendezvous (client to client) connections do not speak FLAP, so this
+         * function will break on them.
+         */
+        if (conn->type == AIM_CONN_TYPE_RENDEZVOUS)
+                payloadlen = aim_get_command_rendezvous(sess, conn, newrx);
+        else if (conn->type == AIM_CONN_TYPE_RENDEZVOUS_OUT) {
+                faimdprintf(sess, 0, "AIM_CONN_TYPE_RENDEZVOUS_OUT on fd %d\n", conn->fd);
+                free(newrx);
+                return -1;
+        } else
+                payloadlen = aim_get_command_flap(sess, conn, newrx);
         newrx->nofree = 0; /* free by default */
 …
         return;
+}

libfaim/search.c

-                      r5e53c4a
+                      r862371b
 /*
  * aim_search.c
+ * Family 0x000a - User Search.
+ *
  * TODO: Add aim_usersearch_name()
 …
 #include <aim.h>
+faim_export int aim_usersearch_address(aim_session_t *sess, aim_conn_t *conn, const char *address)
+{
+        aim_frame_t *fr;
+        aim_snacid_t snacid;
+        if (!sess || !conn || !address)
+                return -EINVAL;
+        if (!(fr = aim_tx_new(sess, conn, AIM_FRAMETYPE_FLAP, 0x02, 10+strlen(address))))
+                return -ENOMEM;
+        snacid = aim_cachesnac(sess, 0x000a, 0x0002, 0x0000, strdup(address), strlen(address)+1);
+        aim_putsnac(&fr->data, 0x000a, 0x0002, 0x0000, snacid);
+        aimbs_putraw(&fr->data, address, strlen(address));
+        aim_tx_enqueue(sess, fr);
+        return 0;
+}
+/* XXX can this be integrated with the rest of the error handling? */
+/*
+ * Subtype 0x0001
+ *
+ * XXX can this be integrated with the rest of the error handling?
+ */
 static int error(aim_session_t *sess, aim_module_t *mod, aim_frame_t *rx, aim_modsnac_t *snac, aim_bstream_t *bs)
+{
 …
+}
+/*
+ * Subtype 0x0002
+ *
+ */
+faim_export int aim_usersearch_address(aim_session_t *sess, aim_conn_t *conn, const char *address)
+{
+        aim_frame_t *fr;
+        aim_snacid_t snacid;
+        if (!sess || !conn || !address)
+                return -EINVAL;
+        if (!(fr = aim_tx_new(sess, conn, AIM_FRAMETYPE_FLAP, 0x02, 10+strlen(address))))
+                return -ENOMEM;
+        snacid = aim_cachesnac(sess, 0x000a, 0x0002, 0x0000, strdup(address), strlen(address)+1);
+        aim_putsnac(&fr->data, 0x000a, 0x0002, 0x0000, snacid);
+        aimbs_putraw(&fr->data, address, strlen(address));
+        aim_tx_enqueue(sess, fr);
+        return 0;
+}
+/*
+ * Subtype 0x0003
+ *
+ */
 static int reply(aim_session_t *sess, aim_module_t *mod, aim_frame_t *rx, aim_modsnac_t *snac, aim_bstream_t *bs)
+{
 …
         return 0;
+}

libfaim/service.c

r5e53c4a	r862371b
1	1	/*
2		* ~~Group 1.~~ This is a very special group. All connections support
	2	* Family 0x0001 - This is a very special group. All connections support
3	3	* this group, as it does some particularly good things (like rate limiting).
4	4	*/
…	…
10	10	#include "md5.h"
11	11
12		/* ~~Client Online (group 1, subtype 2)~~ */
	12	/* Subtype 0x0002 - Client Online */
13	13	faim_export int aim_clientready(aim_session_t sess, aim_conn_t conn)
14	14	{
…	…
49	49
50	50	/*
51		* ~~Host Online (group 1, type 3)~~
	51	* Subtype 0x0003 - Host Online
52	52	*
53	53	* See comments in conn.c about how the group associations are supposed
…	…
92	92	}
93	93
94		/* S~~ervice request (group 1, type 4)~~ */
	94	/* Subtype 0x0004 - Service request */
95	95	faim_export int aim_reqservice(aim_session_t sess, aim_conn_t conn, fu16_t serviceid)
96	96	{
…	…
98	98	}
99	99
100		/* ~~Redirect (group 1, type 5)~~ */
	100	/* Subtype 0x0005 - Redirect */
101	101	static int redirect(aim_session_t sess, aim_module_t mod, aim_frame_t rx, aim_modsnac_t snac, aim_bstream_t *bs)
102	102	{
…	…
148	148	}
149	149
150		/* ~~Request Rate Information. (group 1, type 6)~~ */
	150	/* Subtype 0x0006 - Request Rate Information. */
151	151	faim_internal int aim_reqrates(aim_session_t sess, aim_conn_t conn)
152	152	{
…	…
258	258	}
259	259
260		/* ~~Rate Parameters (group 1, type 7)~~ */
	260	/* Subtype 0x0007 - Rate Parameters */
261	261	static int rateresp(aim_session_t sess, aim_module_t mod, aim_frame_t rx, aim_modsnac_t snac, aim_bstream_t *bs)
262	262	{
…	…
345	345	}
346	346
347		/* ~~Add Rate Parameter (group 1, type 8)~~ */
	347	/* Subtype 0x0008 - Add Rate Parameter */
348	348	faim_internal int aim_rates_addparam(aim_session_t sess, aim_conn_t conn)
349	349	{
…	…
367	367	}
368	368
369		/* ~~Delete Rate Parameter (group 1, type 9)~~ */
	369	/* Subtype 0x0009 - Delete Rate Parameter */
370	370	faim_internal int aim_rates_delparam(aim_session_t sess, aim_conn_t conn)
371	371	{
…	…
389	389	}
390	390
391		/* ~~Rate Change (group 1, type 0x0a)~~ */
	391	/* Subtype 0x000a - Rate Change */
392	392	static int ratechange(aim_session_t sess, aim_module_t mod, aim_frame_t rx, aim_modsnac_t snac, aim_bstream_t *bs)
393	393	{
…	…
414	414
415	415	/*
416		* How Migrations work.
	416	* How Migrations work.
417	417	*
418	418	* The server sends a Server Pause message, which the client should respond to
…	…
426	426	*/
427	427
428		/* S~~ervice Pause (group 1, type 0x0b)~~ */
	428	/* Subtype 0x000b - Service Pause */
429	429	static int serverpause(aim_session_t sess, aim_module_t mod, aim_frame_t rx, aim_modsnac_t snac, aim_bstream_t *bs)
430	430	{
…	…
438	438
439	439	/*
440		* S~~ervice Pause Acknowledgement (group 1, type 0x0c)~~
	440	* Subtype 0x000c - Service Pause Acknowledgement
441	441	*
442	442	* It is rather important that aim_sendpauseack() gets called for the exact
…	…
474	474	}
475	475
476		/* S~~ervice Resume (group 1, type 0x0d)~~ */
	476	/* Subtype 0x000d - Service Resume */
477	477	static int serverresume(aim_session_t sess, aim_module_t mod, aim_frame_t rx, aim_modsnac_t snac, aim_bstream_t *bs)
478	478	{
…	…
485	485	}
486	486
487		/* ~~Request self-info (group 1, type 0x0e)~~ */
	487	/* Subtype 0x000e - Request self-info */
488	488	faim_export int aim_reqpersonalinfo(aim_session_t sess, aim_conn_t conn)
489	489	{
…	…
491	491	}
492	492
493		/* S~~elf User Info (group 1, type 0x0f)~~ */
	493	/* Subtype 0x000f - Self User Info */
494	494	static int selfinfo(aim_session_t sess, aim_module_t mod, aim_frame_t rx, aim_modsnac_t snac, aim_bstream_t *bs)
495	495	{
…	…
505	505	}
506	506
507		/* ~~Evil Notification (group 1, type 0x10)~~ */
	507	/* Subtype 0x0010 - Evil Notification */
508	508	static int evilnotify(aim_session_t sess, aim_module_t mod, aim_frame_t rx, aim_modsnac_t snac, aim_bstream_t *bs)
509	509	{
…	…
526	526
527	527	/*
528		* ~~Idle Notification (group 1, type 0x11)~~
	528	* Subtype 0x0011 - Idle Notification
529	529	*
530	530	* Should set your current idle time in seconds. Note that this should
…	…
540	540
541	541	/*
542		* S~~ervice Migrate (group 1, type 0x12)~~
	542	* Subtype 0x0012 - Service Migrate
543	543	*
544	544	* This is the final SNAC sent on the original connection during a migration.
…	…
592	592	}
593	593
594		/* ~~Message of the Day (group 1, type 0x13)~~ */
	594	/* Subtype 0x0013 - Message of the Day */
595	595	static int motd(aim_session_t sess, aim_module_t mod, aim_frame_t rx, aim_modsnac_t snac, aim_bstream_t *bs)
596	596	{
…	…
632	632
633	633	/*
634		* S~~et privacy flags (group 1, type 0x14)~~
	634	* Subtype 0x0014 - Set privacy flags
635	635	*
636	636	* Normally 0x03.
…	…
646	646
647	647	/*
648		* ~~No-op (group 1, type 0x16)~~
	648	* Subtype 0x0016 - No-op
649	649	*
650	650	* WinAIM sends these every 4min or so to keep the connection alive. Its not
651		* real necessary.
	651	* really necessary.
652	652	*
653	653	*/
…	…
658	658
659	659	/*
660		* S~~et client versions (group 1, subtype 0x17)~~
	660	* Subtype 0x0017 - Set client versions
661	661	*
662	662	* If you've seen the clientonline/clientready SNAC you're probably
…	…
705	705	}
706	706
707		/* ~~Host versions (group 1, subtype 0x18)~~ */
	707	/* Subtype 0x0018 - Host versions */
708	708	static int hostversions(aim_session_t sess, aim_module_t mod, aim_frame_t rx, aim_modsnac_t snac, aim_bstream_t *bs)
709	709	{
…	…
725	725
726	726	/*
727		* S~~et Extended Status (group 1, type 0x1e)~~
	727	* Subtype 0x001e - Set Extended Status
728	728	*
729	729	* Currently only works if using ICQ.
…	…
791	791	*
792	792	*/
793		/* ~~Client verification (group 1, subtype 0x1f)~~ */
	793	/* Subtype 0x001f - Client verification */
794	794	static int memrequest(aim_session_t sess, aim_module_t mod, aim_frame_t rx, aim_modsnac_t snac, aim_bstream_t *bs)
795	795	{
…	…
816	816	}
817	817
818		#if 0
	818	#if 0
819	819	static void dumpbox(aim_session_t sess, unsigned char buf, int len)
820	820	{
…	…
839	839	#endif
840	840
841		/* ~~Client verification reply (group 1, subtype 0x20)~~ */
	841	/* Subtype 0x0020 - Client verification reply */
842	842	faim_export int aim_sendmemblock(aim_session_t sess, aim_conn_t conn, fu32_t offset, fu32_t len, const fu8_t *buf, fu8_t flag)
843	843	{
…	…
970	970	return 0;
971	971	}
972

libfaim/snac.c

-                      r5e53c4a
+                      r862371b
                 if (cur->id == id) {
                         *prev = cur->next;
+                        if (cur->flags & AIM_SNACFLAGS_DESTRUCTOR) {
+                                struct aim_snac_destructor *asd = cur->data;
+                                cur->data = asd->data;
+                                free(asd);
+                        }
                         return cur;
                 } else
 …
         return cur;
+}
+/* Free a SNAC, and call the appropriate destructor if necessary.
+ */
+faim_internal faim_shortfunc void aim_cleansnac(aim_session_t *sess, aim_snac_t *snac)
+{
+        aim_module_t *cur;
+        if (snac->flags & AIM_SNACFLAGS_DESTRUCTOR) {
+                struct aim_snac_destructor *d = snac->data;
+                aim_modsnac_t modsnac;
+                modsnac.id = snac->id;
+                modsnac.subtype = snac->type;
+                modsnac.family = snac->family;
+                modsnac.flags = snac->flags;
+                for (cur = (aim_module_t *)sess->modlistv; cur; cur = cur->next)
+                {
+                        if (!cur->snacdestructor)
+                                continue;
+                        if (!(cur->flags & AIM_MODFLAG_MULTIFAMILY) &&
+                                (cur->family != modsnac.family))
+                                continue;
+                        if (cur->snacdestructor(sess, d->conn, &modsnac,
+                                                d->data))
+                                break;
+                }
+                free(d->data);
+        }
+        free(snac->data);
+        free(snac);
+}
 /*
 …
                                 *prev = cur->next;
+                                /* XXX should we have destructors here? */
+                                free(cur->data);
+                                free(cur);
+                                aim_cleansnac(sess, cur);
                         } else
                                 prev = &cur->next;

libfaim/ssi.c

-                      r5e53c4a
+                      r862371b
  * to be stored on the server, so that they can be accessed from any client.
+ *
+ * We keep a copy of the ssi data in sess->ssi, because the data needs to be
+ * accessed for various reasons.  So all the "aim_ssi_itemlist_bleh" functions
+ * near the top just manage the local data.
+ *
+ * The SNAC sending and receiving functions are lower down in the file, and
+ * they're simpler.  They are in the order of the subtypes they deal with,
+ * starting with the request rights function (subtype 0x0002), then parse
+ * rights (subtype 0x0003), then--well, you get the idea.
+ *
  * This is entirely too complicated.
+ * You don't know the half of it.
+ *
+ * XXX - Test for memory leaks
+ * XXX - Better parsing of rights, and use the rights info to limit adds
+ *
  */
 …
 #include <aim.h>
+/**
+ * Locally add a new item to the given item list.
+ *
+ * @param list A pointer to a pointer to the current list of items.
+ * @param parent A pointer to the parent group, or NULL if the item should have no
+ *        parent group (ie. the group ID# should be 0).
+ * @param name A null terminated string of the name of the new item, or NULL if the
+ *        item should have no name.
+ * @param type The type of the item, 0x0001 for a contact, 0x0002 for a group, etc.
+ * @return The newly created item.
+ */
+static struct aim_ssi_item *aim_ssi_itemlist_add(struct aim_ssi_item **list, struct aim_ssi_item *parent, const char *name, fu16_t type)
+{
+        int i;
+        struct aim_ssi_item *cur, *newitem;
+        if (!(newitem = (struct aim_ssi_item *)malloc(sizeof(struct aim_ssi_item))))
+                return NULL;
+        /* Set the name */
+        if (name) {
+                if (!(newitem->name = (char *)malloc((strlen(name)+1)*sizeof(char)))) {
+                        free(newitem);
+                        return NULL;
+                }
+                strcpy(newitem->name, name);
+        } else
+                newitem->name = NULL;
+        /* Set the group ID# and the buddy ID# */
+        newitem->gid = 0x0000;
+        newitem->bid = 0x0000;
+        if (type == AIM_SSI_TYPE_GROUP) {
+                if (name)
+                        do {
+                                newitem->gid += 0x0001;
+                                for (cur=*list, i=0; ((cur) && (!i)); cur=cur->next)
+                                        if ((cur->gid == newitem->gid) && (cur->gid == newitem->gid))
+                                                i=1;
+                        } while (i);
+        } else {
+                if (parent)
+                        newitem->gid = parent->gid;
+                do {
+                        newitem->bid += 0x0001;
+                        for (cur=*list, i=0; ((cur) && (!i)); cur=cur->next)
+                                if ((cur->bid == newitem->bid) && (cur->gid == newitem->gid))
+                                        i=1;
+                } while (i);
+        }
+        /* Set the rest */
+        newitem->type = type;
+        newitem->data = NULL;
+        newitem->next = *list;
+        *list = newitem;
+        return newitem;
+}
+/**
+ * Locally rebuild the 0x00c8 TLV in the additional data of the given group.
+ *
+ * @param list A pointer to a pointer to the current list of items.
+ * @param parentgroup A pointer to the group who's additional data you want to rebuild.
+ * @return Return 0 if no errors, otherwise return the error number.
+ */
+static int aim_ssi_itemlist_rebuildgroup(struct aim_ssi_item **list, struct aim_ssi_item *parentgroup)
+{
+        int newlen;
+        struct aim_ssi_item *cur;
+        /* Free the old additional data */
+        if (parentgroup->data) {
+                aim_freetlvchain((aim_tlvlist_t **)&parentgroup->data);
+                parentgroup->data = NULL;
+        }
+        /* Find the length for the new additional data */
+        newlen = 0;
+        if (parentgroup->gid == 0x0000) {
+                for (cur=*list; cur; cur=cur->next)
+                        if ((cur->gid != 0x0000) && (cur->type == AIM_SSI_TYPE_GROUP))
+                                newlen += 2;
+        } else {
+                for (cur=*list; cur; cur=cur->next)
+                        if ((cur->gid == parentgroup->gid) && (cur->type == AIM_SSI_TYPE_BUDDY))
+                                newlen += 2;
+        }
+        /* Rebuild the additional data */
+        if (newlen>0) {
+                fu8_t *newdata;
+                if (!(newdata = (fu8_t *)malloc((newlen)*sizeof(fu8_t))))
+                        return -ENOMEM;
+                newlen = 0;
+                if (parentgroup->gid == 0x0000) {
+                        for (cur=*list; cur; cur=cur->next)
+                                if ((cur->gid != 0x0000) && (cur->type == AIM_SSI_TYPE_GROUP))
+                                                newlen += aimutil_put16(newdata+newlen, cur->gid);
+                } else {
+                        for (cur=*list; cur; cur=cur->next)
+                                if ((cur->gid == parentgroup->gid) && (cur->type == AIM_SSI_TYPE_BUDDY))
+                                                newlen += aimutil_put16(newdata+newlen, cur->bid);
+                }
+                aim_addtlvtochain_raw((aim_tlvlist_t **)&(parentgroup->data), 0x00c8, newlen, newdata);
+                free(newdata);
+        }
+        return 0;
+}
+/**
+ * Locally free all of the stored buddy list information.
+ *
+ * @param sess The oscar session.
+ * @return Return 0 if no errors, otherwise return the error number.
+ */
+static int aim_ssi_freelist(aim_session_t *sess)
+{
+        struct aim_ssi_item *cur, *delitem;
+        cur = sess->ssi.items;
+        while (cur) {
+                if (cur->name)  free(cur->name);
+                if (cur->data)  aim_freetlvchain((aim_tlvlist_t **)&cur->data);
+                delitem = cur;
+                cur = cur->next;
+                free(delitem);
+        }
+        sess->ssi.items = NULL;
+        sess->ssi.revision = 0;
+        sess->ssi.timestamp = (time_t)0;
+        return 0;
+}
+/**
+ * Locally find an item given a group ID# and a buddy ID#.
+ *
+ * @param list A pointer to the current list of items.
+ * @param gid The group ID# of the desired item.
+ * @param bid The buddy ID# of the desired item.
+ * @return Return a pointer to the item if found, else return NULL;
+ */
+faim_export struct aim_ssi_item *aim_ssi_itemlist_find(struct aim_ssi_item *list, fu16_t gid, fu16_t bid)
+{
+        struct aim_ssi_item *cur;
+        for (cur=list; cur; cur=cur->next)
+                if ((cur->gid == gid) && (cur->bid == bid))
+                        return cur;
+        return NULL;
+}
+/**
+ * Locally find an item given a group name, screen name, and type.  If group name
+ * and screen name are null, then just return the first item of the given type.
+ *
+ * @param list A pointer to the current list of items.
+ * @param gn The group name of the desired item.
+ * @param bn The buddy name of the desired item.
+ * @param type The type of the desired item.
+ * @return Return a pointer to the item if found, else return NULL;
+ */
+faim_export struct aim_ssi_item *aim_ssi_itemlist_finditem(struct aim_ssi_item *list, const char *gn, const char *sn, fu16_t type)
+{
+        struct aim_ssi_item *cur;
+        if (!list)
+                return NULL;
+        if (gn && sn) { /* For finding buddies in groups */
+                for (cur=list; cur; cur=cur->next)
+                        if ((cur->type == type) && (cur->name) && !(aim_sncmp(cur->name, sn))) {
+                                struct aim_ssi_item *curg;
+                                for (curg=list; curg; curg=curg->next)
+                                        if ((curg->type == AIM_SSI_TYPE_GROUP) && (curg->gid == cur->gid) && (curg->name) && !(aim_sncmp(curg->name, gn)))
+                                                return cur;
+                        }
+        } else if (sn) { /* For finding groups, permits, denies, and ignores */
+                for (cur=list; cur; cur=cur->next)
+                        if ((cur->type == type) && (cur->name) && !(aim_sncmp(cur->name, sn)))
+                                return cur;
+        /* For stuff without names--permit deny setting, visibility mask, etc. */
+        } else for (cur=list; cur; cur=cur->next) {
+                if (cur->type == type)
+                        return cur;
+        }
+        return NULL;
+}
+/**
+ * Locally find the parent item of the given buddy name.
+ *
+ * @param list A pointer to the current list of items.
+ * @param bn The buddy name of the desired item.
+ * @return Return a pointer to the item if found, else return NULL;
+ */
+faim_export struct aim_ssi_item *aim_ssi_itemlist_findparent(struct aim_ssi_item *list, char *sn)
+{
+        struct aim_ssi_item *cur, *curg;
+        if (!list || !sn)
+                return NULL;
+        if (!(cur = aim_ssi_itemlist_finditem(list, NULL, sn, AIM_SSI_TYPE_BUDDY)))
+                return NULL;
+        for (curg=list; curg; curg=curg->next)
+                if ((curg->type == AIM_SSI_TYPE_GROUP) && (curg->gid == cur->gid))
+                        return curg;
+        return NULL;
+}
+/**
+ * Locally find the permit/deny setting item, and return the setting.
+ *
+ * @param list A pointer to the current list of items.
+ * @return Return the current SSI permit deny setting, or 0 if no setting was found.
+ */
+faim_export int aim_ssi_getpermdeny(struct aim_ssi_item *list)
+{
+        struct aim_ssi_item *cur = aim_ssi_itemlist_finditem(list, NULL, NULL, AIM_SSI_TYPE_PDINFO);
+        if (cur) {
+                aim_tlvlist_t *tlvlist = cur->data;
+                if (tlvlist) {
+                        aim_tlv_t *tlv = aim_gettlv(tlvlist, 0x00ca, 1);
+                        if (tlv && tlv->value)
+                                return aimutil_get8(tlv->value);
+                }
+        }
+        return 0;
+}
+/**
+ * Locally find the presence flag item, and return the setting.  The returned setting is a
+ * bitmask of the user flags that you are visible to.  See the AIM_FLAG_* #defines
+ * in aim.h
+ *
+ * @param list A pointer to the current list of items.
+ * @return Return the current visibility mask.
+ */
+faim_export fu32_t aim_ssi_getpresence(struct aim_ssi_item *list)
+{
+        struct aim_ssi_item *cur = aim_ssi_itemlist_finditem(list, NULL, NULL, AIM_SSI_TYPE_PRESENCEPREFS);
+        if (cur) {
+                aim_tlvlist_t *tlvlist = cur->data;
+                if (tlvlist) {
+                        aim_tlv_t *tlv = aim_gettlv(tlvlist, 0x00c9, 1);
+                        if (tlv && tlv->length)
+                                return aimutil_get32(tlv->value);
+                }
+        }
+        return 0xFFFFFFFF;
+}
+/**
+ * Add the given packet to the holding queue.  We totally need to send SSI SNACs one at
+ * a time, so we have a local queue where packets get put before they are sent, and
+ * then we send stuff one at a time, nice and orderly-like.
+ *
+ * @param sess The oscar session.
+ * @param conn The bos connection for this session.
+ * @param fr The newly created SNAC that you want to send.
+ * @return Return 0 if no errors, otherwise return the error number.
+ */
+static int aim_ssi_enqueue(aim_session_t *sess, aim_conn_t *conn, aim_frame_t *fr)
+{
+        aim_frame_t *cur;
+        if (!sess || !conn || !fr)
+                return -EINVAL;
+        fr->next = NULL;
+        if (sess->ssi.holding_queue == NULL) {
+                sess->ssi.holding_queue = fr;
+                if (!sess->ssi.waiting_for_ack)
+                        aim_ssi_modbegin(sess, conn);
+        } else {
+                for (cur = sess->ssi.holding_queue; cur->next; cur = cur->next) ;
+                cur->next = fr;
+        }
+        return 0;
+}
+/**
+ * Send the next SNAC from the holding queue.  This is called
+ * automatically when an ack from an add, mod, or del is received.
+ * If the queue is empty, it sends the modend SNAC.
+ *
+ * @param sess The oscar session.
+ * @param conn The bos connection for this session.
+ * @return Return 0 if no errors, otherwise return the error number.
+ */
+static int aim_ssi_dispatch(aim_session_t *sess, aim_conn_t *conn)
+{
+        aim_frame_t *cur;
+        if (!sess || !conn)
+                return -EINVAL;
+        if (!sess->ssi.waiting_for_ack) {
+                if (sess->ssi.holding_queue) {
+                        sess->ssi.waiting_for_ack = 1;
+                        cur = sess->ssi.holding_queue->next;
+                        sess->ssi.holding_queue->next = NULL;
+                        aim_tx_enqueue(sess, sess->ssi.holding_queue);
+                        sess->ssi.holding_queue = cur;
+                } else
+                        aim_ssi_modend(sess, conn);
+        }
+        return 0;
+}
+/**
+ * Send SNACs necessary to remove all SSI data from the server list,
+ * and then free the local copy as well.
+ *
+ * @param sess The oscar session.
+ * @param conn The bos connection for this session.
+ * @return Return 0 if no errors, otherwise return the error number.
+ */
+faim_export int aim_ssi_deletelist(aim_session_t *sess, aim_conn_t *conn)
+{
+        int num;
+        struct aim_ssi_item *cur, **items;
+        for (cur=sess->ssi.items, num=0; cur; cur=cur->next)
+                num++;
+        if (!(items = (struct aim_ssi_item **)malloc(num*sizeof(struct aim_ssi_item *))))
+                return -ENOMEM;
+        memset(items, 0, num*sizeof(struct aim_ssi_item *));
+        for (cur=sess->ssi.items, num=0; cur; cur=cur->next) {
+                items[num] = cur;
+                num++;
+        }
+        aim_ssi_addmoddel(sess, conn, items, num, AIM_CB_SSI_DEL);
+        free(items);
+        aim_ssi_dispatch(sess, conn);
+        aim_ssi_freelist(sess);
+        return 0;
+}
+/**
+ * This "cleans" the ssi list.  It does a few things, with the intent of making
+ * sure there ain't nothin' wrong with your SSI.
+ *   -Make sure all buddies are in a group, and all groups have the correct
+ *     additional data.
+ *   -Make sure there are no empty groups in the list.  While there is nothing
+ *     wrong empty groups in the SSI, it's wiser to not have them.
+ *
+ * @param sess The oscar session.
+ * @param conn The bos connection for this session.
+ * @return Return 0 if no errors, otherwise return the error number.
+ */
+faim_export int aim_ssi_cleanlist(aim_session_t *sess, aim_conn_t *conn)
+{
+        unsigned int i;
+        struct aim_ssi_item *cur, *parentgroup;
+        /* Make sure we actually need to clean out the list */
+        for (cur=sess->ssi.items, i=0; cur && !i; cur=cur->next)
+                /* Any buddies directly in the master group */
+                if ((cur->type == AIM_SSI_TYPE_BUDDY) && (cur->gid == 0x0000))
+                        i++;
+        if (!i)
+                return 0;
+        /* Remove all the additional data from all groups */
+        for (cur=sess->ssi.items; cur; cur=cur->next)
+                if ((cur->data) && (cur->type == AIM_SSI_TYPE_GROUP)) {
+                        aim_freetlvchain((aim_tlvlist_t **)&cur->data);
+                        cur->data = NULL;
+                }
+        /* If there are buddies directly in the master group, make sure  */
+        /* there is a group to put them in.  Any group, any group at all. */
+        for (cur=sess->ssi.items; ((cur) && ((cur->type != AIM_SSI_TYPE_BUDDY) || (cur->gid != 0x0000))); cur=cur->next);
+        if (!cur) {
+                for (parentgroup=sess->ssi.items; ((parentgroup) && (parentgroup->type!=AIM_SSI_TYPE_GROUP) && (parentgroup->gid==0x0000)); parentgroup=parentgroup->next);
+                if (!parentgroup) {
+                        char *newgroup;
+                        newgroup = (char*)malloc(strlen("Unknown")*sizeof(char));
+                        strcpy(newgroup, "Unknown");
+                        aim_ssi_addgroups(sess, conn, (const char**)&newgroup, 1);
+                }
+        }
+        /* Set parentgroup equal to any arbitray group */
+        for (parentgroup=sess->ssi.items; parentgroup->gid==0x0000 || parentgroup->type!=AIM_SSI_TYPE_GROUP; parentgroup=parentgroup->next);
+        /* If there are any buddies directly in the master group, put them in a real group */
+        for (cur=sess->ssi.items; cur; cur=cur->next)
+                if ((cur->type == AIM_SSI_TYPE_BUDDY) && (cur->gid == 0x0000)) {
+                        aim_ssi_addmoddel(sess, conn, &cur, 1, AIM_CB_SSI_DEL);
+                        cur->gid = parentgroup->gid;
+                        aim_ssi_addmoddel(sess, conn, &cur, 1, AIM_CB_SSI_ADD);
+                }
+        /* Rebuild additional data for all groups */
+        for (parentgroup=sess->ssi.items; parentgroup; parentgroup=parentgroup->next)
+                if (parentgroup->type == AIM_SSI_TYPE_GROUP)
+                        aim_ssi_itemlist_rebuildgroup(&sess->ssi.items, parentgroup);
+        /* Send a mod snac for all groups */
+        i = 0;
+        for (cur=sess->ssi.items; cur; cur=cur->next)
+                if (cur->type == AIM_SSI_TYPE_GROUP)
+                        i++;
+        if (i > 0) {
+                /* Allocate an array of pointers to each of the groups */
+                struct aim_ssi_item **groups;
+                if (!(groups = (struct aim_ssi_item **)malloc(i*sizeof(struct aim_ssi_item *))))
+                        return -ENOMEM;
+                for (cur=sess->ssi.items, i=0; cur; cur=cur->next)
+                        if (cur->type == AIM_SSI_TYPE_GROUP)
+                                groups[i] = cur;
+                aim_ssi_addmoddel(sess, conn, groups, i, AIM_CB_SSI_MOD);
+                free(groups);
+        }
+        /* Send a del snac for any empty groups */
+        i = 0;
+        for (cur=sess->ssi.items; cur; cur=cur->next)
+                if ((cur->type == AIM_SSI_TYPE_GROUP) && !(cur->data))
+                        i++;
+        if (i > 0) {
+                /* Allocate an array of pointers to each of the groups */
+                struct aim_ssi_item **groups;
+                if (!(groups = (struct aim_ssi_item **)malloc(i*sizeof(struct aim_ssi_item *))))
+                        return -ENOMEM;
+                for (cur=sess->ssi.items, i=0; cur; cur=cur->next)
+                        if ((cur->type == AIM_SSI_TYPE_GROUP) && !(cur->data))
+                                groups[i] = cur;
+                aim_ssi_addmoddel(sess, conn, groups, i, AIM_CB_SSI_DEL);
+                free(groups);
+        }
+        /* Begin sending SSI SNACs */
+        aim_ssi_dispatch(sess, conn);
+        return 0;
+}
+/**
+ * Add an array of screen names to the given group.
+ *
+ * @param sess The oscar session.
+ * @param conn The bos connection for this session.
+ * @param gn The name of the group to which you want to add these names.
+ * @param sn An array of null terminated strings of the names you want to add.
+ * @param num The number of screen names you are adding (size of the sn array).
+ * @return Return 0 if no errors, otherwise return the error number.
+ */
+faim_export int aim_ssi_addbuddies(aim_session_t *sess, aim_conn_t *conn, const char *gn, const char **sn, unsigned int num)
+{
+        struct aim_ssi_item *parentgroup, **newitems;
+        fu16_t i;
+        if (!sess || !conn || !gn || !sn || !num)
+                return -EINVAL;
+        /* Look up the parent group */
+        if (!(parentgroup = aim_ssi_itemlist_finditem(sess->ssi.items, NULL, gn, AIM_SSI_TYPE_GROUP))) {
+                aim_ssi_addgroups(sess, conn, (const char **)&gn, 1);
+                if (!(parentgroup = aim_ssi_itemlist_finditem(sess->ssi.items, NULL, gn, AIM_SSI_TYPE_GROUP)))
+                        return -ENOMEM;
+        }
+        /* Allocate an array of pointers to each of the new items */
+        if (!(newitems = (struct aim_ssi_item **)malloc(num*sizeof(struct aim_ssi_item *))))
+                return -ENOMEM;
+        /* Add items to the local list, and index them in the array */
+        for (i=0; i<num; i++)
+                if (!(newitems[i] = aim_ssi_itemlist_add(&sess->ssi.items, parentgroup, sn[i], AIM_SSI_TYPE_BUDDY))) {
+                        free(newitems);
+                        return -ENOMEM;
+                }
+        /* Send the add item SNAC */
+        if ((i = aim_ssi_addmoddel(sess, conn, newitems, num, AIM_CB_SSI_ADD))) {
+                free(newitems);
+                return -i;
+        }
+        /* Free the array of pointers to each of the new items */
+        free(newitems);
+        /* Rebuild the additional data in the parent group */
+        if ((i = aim_ssi_itemlist_rebuildgroup(&sess->ssi.items, parentgroup)))
+                return i;
+        /* Send the mod item SNAC */
+        if ((i = aim_ssi_addmoddel(sess, conn, &parentgroup, 1, AIM_CB_SSI_MOD)))
+                return i;
+        /* Begin sending SSI SNACs */
+        if (!(i = aim_ssi_dispatch(sess, conn)))
+                return i;
+        return 0;
+}
+/**
+ * Add the master group (the group containing all groups).  This is called by
+ * aim_ssi_addgroups, if necessary.
+ *
+ * @param sess The oscar session.
+ * @param conn The bos connection for this session.
+ * @return Return 0 if no errors, otherwise return the error number.
+ */
+faim_export int aim_ssi_addmastergroup(aim_session_t *sess, aim_conn_t *conn)
+{
+        struct aim_ssi_item *newitem;
+        if (!sess || !conn)
+                return -EINVAL;
+        /* Add the item to the local list, and keep a pointer to it */
+        if (!(newitem = aim_ssi_itemlist_add(&sess->ssi.items, NULL, NULL, AIM_SSI_TYPE_GROUP)))
+                return -ENOMEM;
+        /* If there are any existing groups (technically there shouldn't be, but */
+        /* just in case) then add their group ID#'s to the additional data */
+        aim_ssi_itemlist_rebuildgroup(&sess->ssi.items, newitem);
+        /* Send the add item SNAC */
+        aim_ssi_addmoddel(sess, conn, &newitem, 1, AIM_CB_SSI_ADD);
+        /* Begin sending SSI SNACs */
+        aim_ssi_dispatch(sess, conn);
+        return 0;
+}
+/**
+ * Add an array of groups to the list.
+ *
+ * @param sess The oscar session.
+ * @param conn The bos connection for this session.
+ * @param gn An array of null terminated strings of the names you want to add.
+ * @param num The number of groups names you are adding (size of the sn array).
+ * @return Return 0 if no errors, otherwise return the error number.
+ */
+faim_export int aim_ssi_addgroups(aim_session_t *sess, aim_conn_t *conn, const char **gn, unsigned int num)
+{
+        struct aim_ssi_item *parentgroup, **newitems;
+        fu16_t i;
+        if (!sess || !conn || !gn || !num)
+                return -EINVAL;
+        /* Look up the parent group */
+        if (!(parentgroup = aim_ssi_itemlist_find(sess->ssi.items, 0, 0))) {
+                aim_ssi_addmastergroup(sess, conn);
+                if (!(parentgroup = aim_ssi_itemlist_find(sess->ssi.items, 0, 0)))
+                        return -ENOMEM;
+        }
+        /* Allocate an array of pointers to each of the new items */
+        if (!(newitems = (struct aim_ssi_item **)malloc(num*sizeof(struct aim_ssi_item *))))
+                return -ENOMEM;
+        /* Add items to the local list, and index them in the array */
+        for (i=0; i<num; i++)
+                if (!(newitems[i] = aim_ssi_itemlist_add(&sess->ssi.items, parentgroup, gn[i], AIM_SSI_TYPE_GROUP))) {
+                        free(newitems);
+                        return -ENOMEM;
+                }
+        /* Send the add item SNAC */
+        if ((i = aim_ssi_addmoddel(sess, conn, newitems, num, AIM_CB_SSI_ADD))) {
+                free(newitems);
+                return -i;
+        }
+        /* Free the array of pointers to each of the new items */
+        free(newitems);
+        /* Rebuild the additional data in the parent group */
+        if ((i = aim_ssi_itemlist_rebuildgroup(&sess->ssi.items, parentgroup)))
+                return i;
+        /* Send the mod item SNAC */
+        if ((i = aim_ssi_addmoddel(sess, conn, &parentgroup, 1, AIM_CB_SSI_MOD)))
+                return i;
+        /* Begin sending SSI SNACs */
+        if (!(i = aim_ssi_dispatch(sess, conn)))
+                return i;
+        return 0;
+}
+/**
+ * Add an array of a certain type of item to the list.  This can be used for
+ * permit buddies, deny buddies, ICQ's ignore buddies, and probably other
+ * types, also.
+ *
+ * @param sess The oscar session.
+ * @param conn The bos connection for this session.
+ * @param sn An array of null terminated strings of the names you want to add.
+ * @param num The number of groups names you are adding (size of the sn array).
+ * @param type The type of item you want to add.  See the AIM_SSI_TYPE_BLEH
+ *        #defines in aim.h.
+ * @return Return 0 if no errors, otherwise return the error number.
+ */
+faim_export int aim_ssi_addpord(aim_session_t *sess, aim_conn_t *conn, const char **sn, unsigned int num, fu16_t type)
+{
+        struct aim_ssi_item **newitems;
+        fu16_t i;
+        if (!sess || !conn || !sn || !num)
+                return -EINVAL;
+        /* Allocate an array of pointers to each of the new items */
+        if (!(newitems = (struct aim_ssi_item **)malloc(num*sizeof(struct aim_ssi_item *))))
+                return -ENOMEM;
+        /* Add items to the local list, and index them in the array */
+        for (i=0; i<num; i++)
+                if (!(newitems[i] = aim_ssi_itemlist_add(&sess->ssi.items, NULL, sn[i], type))) {
+                        free(newitems);
+                        return -ENOMEM;
+                }
+        /* Send the add item SNAC */
+        if ((i = aim_ssi_addmoddel(sess, conn, newitems, num, AIM_CB_SSI_ADD))) {
+                free(newitems);
+                return -i;
+        }
+        /* Free the array of pointers to each of the new items */
+        free(newitems);
+        /* Begin sending SSI SNACs */
+        if (!(i = aim_ssi_dispatch(sess, conn)))
+                return i;
+        return 0;
+}
+/**
+ * Move a buddy from one group to another group.  This basically just deletes the
+ * buddy and re-adds it.
+ *
+ * @param sess The oscar session.
+ * @param conn The bos connection for this session.
+ * @param oldgn The group that the buddy is currently in.
+ * @param newgn The group that the buddy should be moved in to.
+ * @param sn The name of the buddy to be moved.
+ * @return Return 0 if no errors, otherwise return the error number.
+ */
+faim_export int aim_ssi_movebuddy(aim_session_t *sess, aim_conn_t *conn, const char *oldgn, const char *newgn, const char *sn)
+{
+        struct aim_ssi_item **groups, *buddy, *cur;
+        fu16_t i;
+        if (!sess || !conn || !oldgn || !newgn || !sn)
+                return -EINVAL;
+        /* Look up the buddy */
+        if (!(buddy = aim_ssi_itemlist_finditem(sess->ssi.items, NULL, sn, AIM_SSI_TYPE_BUDDY)))
+                return -ENOMEM;
+        /* Allocate an array of pointers to the two groups */
+        if (!(groups = (struct aim_ssi_item **)malloc(2*sizeof(struct aim_ssi_item *))))
+                return -ENOMEM;
+        /* Look up the old parent group */
+        if (!(groups[0] = aim_ssi_itemlist_finditem(sess->ssi.items, NULL, oldgn, AIM_SSI_TYPE_GROUP))) {
+                free(groups);
+                return -ENOMEM;
+        }
+        /* Look up the new parent group */
+        if (!(groups[1] = aim_ssi_itemlist_finditem(sess->ssi.items, NULL, newgn, AIM_SSI_TYPE_GROUP))) {
+                aim_ssi_addgroups(sess, conn, (const char**)&newgn, 1);
+                if (!(groups[1] = aim_ssi_itemlist_finditem(sess->ssi.items, NULL, newgn, AIM_SSI_TYPE_GROUP))) {
+                        free(groups);
+                        return -ENOMEM;
+                }
+        }
+        /* Send the delete item SNAC */
+        aim_ssi_addmoddel(sess, conn, &buddy, 1, AIM_CB_SSI_DEL);
+        /* Put the buddy in the new group */
+        buddy->gid = groups[1]->gid;
+        /* Assign a new buddy ID#, because the new group might already have a buddy with this ID# */
+        buddy->bid = 0;
+        do {
+                buddy->bid += 0x0001;
+                for (cur=sess->ssi.items, i=0; ((cur) && (!i)); cur=cur->next)
+                        if ((cur->bid == buddy->bid) && (cur->gid == buddy->gid) && (cur->type == AIM_SSI_TYPE_BUDDY) && (cur->name) && aim_sncmp(cur->name, buddy->name))
+                                i=1;
+        } while (i);
+        /* Rebuild the additional data in the two parent groups */
+        aim_ssi_itemlist_rebuildgroup(&sess->ssi.items, groups[0]);
+        aim_ssi_itemlist_rebuildgroup(&sess->ssi.items, groups[1]);
+        /* Send the add item SNAC */
+        aim_ssi_addmoddel(sess, conn, &buddy, 1, AIM_CB_SSI_ADD);
+        /* Send the mod item SNAC */
+        aim_ssi_addmoddel(sess, conn, groups, 2, AIM_CB_SSI_MOD);
+        /* Free the temporary array */
+        free(groups);
+        /* Begin sending SSI SNACs */
+        aim_ssi_dispatch(sess, conn);
+        return 0;
+}
+/**
+ * Rename a group.  I really like how this is done.  It turns me on.
+ *
+ * Did I say that out loud?...
+ *
+ * @param sess The oscar session.
+ * @param conn The bos connection for this session.
+ * @param oldgn The old group name.
+ * @param newgn The new group name.
+ * @return Return 0 if no errors, otherwise return the error number.
+ */
+faim_export int aim_ssi_rename_group(aim_session_t *sess, aim_conn_t *conn, const char *oldgn, const char *newgn)
+{
+        struct aim_ssi_item *group;
+        if (!sess || !conn || !oldgn || !newgn)
+                return -EINVAL;
+        /* Look up the group */
+        if (!(group = aim_ssi_itemlist_finditem(sess->ssi.items, NULL, oldgn, AIM_SSI_TYPE_GROUP)))
+                return -ENOMEM;
+        /* Free the old group name and copy the new one in its place. */
+        if (group->name)
+                free(group->name);
+        if (!(group->name = (char *)malloc((strlen(newgn)+1)*sizeof(char)))) {
+                group->name = NULL;
+                return -ENOMEM;
+        }
+        strcpy(group->name, newgn);
+        /* Send the mod item SNAC */
+        aim_ssi_addmoddel(sess, conn, &group, 1, AIM_CB_SSI_MOD);
+        /* Begin sending SSI SNACs */
+        aim_ssi_dispatch(sess, conn);
+        return 0;
+}
+/**
+ * Delete an array of screen names from the given group.
+ *
+ * @param sess The oscar session.
+ * @param conn The bos connection for this session.
+ * @param gn The name of the group from which you want to delete these names.
+ * @param sn An array of null terminated strings of the names you want to delete.
+ * @param num The number of screen names you are deleting (size of the sn array).
+ * @return Return 0 if no errors, otherwise return the error number.
+ */
+faim_export int aim_ssi_delbuddies(aim_session_t *sess, aim_conn_t *conn, const char *gn, char **sn, unsigned int num)
+{
+        struct aim_ssi_item *cur, *parentgroup, **delitems;
+        int i;
+        if (!sess || !conn || !gn || !sn || !num)
+                return -EINVAL;
+        /* Look up the parent group */
+        if (!(parentgroup = aim_ssi_itemlist_finditem(sess->ssi.items, NULL, gn, AIM_SSI_TYPE_GROUP)))
+                return -EINVAL;
+        /* Allocate an array of pointers to each of the items to be deleted */
+        delitems = (struct aim_ssi_item **)malloc(num*sizeof(struct aim_ssi_item *));
+        memset(delitems, 0, num*sizeof(struct aim_ssi_item *));
+        /* Make the delitems array a pointer to the aim_ssi_item structs to be deleted */
+        for (i=0; i<num; i++) {
+                if (!(delitems[i] = aim_ssi_itemlist_finditem(sess->ssi.items, NULL, sn[i], AIM_SSI_TYPE_BUDDY))) {
+                        free(delitems);
+                        return -EINVAL;
+                }
+                /* Remove the delitems from the item list */
+                if (sess->ssi.items == delitems[i]) {
+                        sess->ssi.items = sess->ssi.items->next;
+                } else {
+                        for (cur=sess->ssi.items; (cur->next && (cur->next!=delitems[i])); cur=cur->next);
+                        if (cur->next)
+                                cur->next = cur->next->next;
+                }
+        }
+        /* Send the del item SNAC */
+        aim_ssi_addmoddel(sess, conn, delitems, num, AIM_CB_SSI_DEL);
+        /* Free the items */
+        for (i=0; i<num; i++) {
+                if (delitems[i]->name)
+                        free(delitems[i]->name);
+                if (delitems[i]->data)
+                        aim_freetlvchain((aim_tlvlist_t **)&delitems[i]->data);
+                free(delitems[i]);
+        }
+        free(delitems);
+        /* Rebuild the additional data in the parent group */
+        aim_ssi_itemlist_rebuildgroup(&sess->ssi.items, parentgroup);
+        /* Send the mod item SNAC */
+        aim_ssi_addmoddel(sess, conn, &parentgroup, 1, AIM_CB_SSI_MOD);
+        /* Delete the group, but only if it's empty */
+        if (!parentgroup->data)
+                aim_ssi_delgroups(sess, conn, &parentgroup->name, 1);
+        /* Begin sending SSI SNACs */
+        aim_ssi_dispatch(sess, conn);
+        return 0;
+}
+/**
+ * Delete the master group from the item list.  There can be only one.
+ * Er, so just find the one master group and delete it.
+ *
+ * @param sess The oscar session.
+ * @param conn The bos connection for this session.
+ * @return Return 0 if no errors, otherwise return the error number.
+ */
+faim_export int aim_ssi_delmastergroup(aim_session_t *sess, aim_conn_t *conn)
+{
+        struct aim_ssi_item *cur, *delitem;
+        if (!sess || !conn)
+                return -EINVAL;
+        /* Make delitem a pointer to the aim_ssi_item to be deleted */
+        if (!(delitem = aim_ssi_itemlist_find(sess->ssi.items, 0, 0)))
+                return -EINVAL;
+        /* Remove delitem from the item list */
+        if (sess->ssi.items == delitem) {
+                sess->ssi.items = sess->ssi.items->next;
+        } else {
+                for (cur=sess->ssi.items; (cur->next && (cur->next!=delitem)); cur=cur->next);
+                if (cur->next)
+                        cur->next = cur->next->next;
+        }
+        /* Send the del item SNAC */
+        aim_ssi_addmoddel(sess, conn, &delitem, 1, AIM_CB_SSI_DEL);
+        /* Free the item */
+        if (delitem->name)
+                free(delitem->name);
+        if (delitem->data)
+                aim_freetlvchain((aim_tlvlist_t **)&delitem->data);
+        free(delitem);
+        /* Begin sending SSI SNACs */
+        aim_ssi_dispatch(sess, conn);
+        return 0;
+}
+/**
+ * Delete an array of groups.
+ *
+ * @param sess The oscar session.
+ * @param conn The bos connection for this session.
+ * @param gn An array of null terminated strings of the groups you want to delete.
+ * @param num The number of groups you are deleting (size of the gn array).
+ * @return Return 0 if no errors, otherwise return the error number.
+ */
+faim_export int aim_ssi_delgroups(aim_session_t *sess, aim_conn_t *conn, char **gn, unsigned int num) {
+        struct aim_ssi_item *cur, *parentgroup, **delitems;
+        int i;
+        if (!sess || !conn || !gn || !num)
+                return -EINVAL;
+        /* Look up the parent group */
+        if (!(parentgroup = aim_ssi_itemlist_find(sess->ssi.items, 0, 0)))
+                return -EINVAL;
+        /* Allocate an array of pointers to each of the items to be deleted */
+        delitems = (struct aim_ssi_item **)malloc(num*sizeof(struct aim_ssi_item *));
+        memset(delitems, 0, num*sizeof(struct aim_ssi_item *));
+        /* Make the delitems array a pointer to the aim_ssi_item structs to be deleted */
+        for (i=0; i<num; i++) {
+                if (!(delitems[i] = aim_ssi_itemlist_finditem(sess->ssi.items, NULL, gn[i], AIM_SSI_TYPE_GROUP))) {
+                        free(delitems);
+                        return -EINVAL;
+                }
+                /* Remove the delitems from the item list */
+                if (sess->ssi.items == delitems[i]) {
+                        sess->ssi.items = sess->ssi.items->next;
+                } else {
+                        for (cur=sess->ssi.items; (cur->next && (cur->next!=delitems[i])); cur=cur->next);
+                        if (cur->next)
+                                cur->next = cur->next->next;
+                }
+        }
+        /* Send the del item SNAC */
+        aim_ssi_addmoddel(sess, conn, delitems, num, AIM_CB_SSI_DEL);
+        /* Free the items */
+        for (i=0; i<num; i++) {
+                if (delitems[i]->name)
+                        free(delitems[i]->name);
+                if (delitems[i]->data)
+                        aim_freetlvchain((aim_tlvlist_t **)&delitems[i]->data);
+                free(delitems[i]);
+        }
+        free(delitems);
+        /* Rebuild the additional data in the parent group */
+        aim_ssi_itemlist_rebuildgroup(&sess->ssi.items, parentgroup);
+        /* Send the mod item SNAC */
+        aim_ssi_addmoddel(sess, conn, &parentgroup, 1, AIM_CB_SSI_MOD);
+        /* Delete the group, but only if it's empty */
+        if (!parentgroup->data)
+                aim_ssi_delmastergroup(sess, conn);
+        /* Begin sending SSI SNACs */
+        aim_ssi_dispatch(sess, conn);
+        return 0;
+}
+/**
+ * Delete an array of a certain type of item from the list.  This can be
+ * used for permit buddies, deny buddies, ICQ's ignore buddies, and
+ * probably other types, also.
+ *
+ * @param sess The oscar session.
+ * @param conn The bos connection for this session.
+ * @param sn An array of null terminated strings of the items you want to delete.
+ * @param num The number of items you are deleting (size of the sn array).
+ * @return Return 0 if no errors, otherwise return the error number.
+ */
+faim_export int aim_ssi_delpord(aim_session_t *sess, aim_conn_t *conn, const char **sn, unsigned int num, fu16_t type) {
+        struct aim_ssi_item *cur, **delitems;
+        int i;
+        if (!sess || !conn || !sn || !num || (type!=AIM_SSI_TYPE_PERMIT && type!=AIM_SSI_TYPE_DENY))
+                return -EINVAL;
+        /* Allocate an array of pointers to each of the items to be deleted */
+        delitems = (struct aim_ssi_item **)malloc(num*sizeof(struct aim_ssi_item *));
+        memset(delitems, 0, num*sizeof(struct aim_ssi_item *));
+        /* Make the delitems array a pointer to the aim_ssi_item structs to be deleted */
+        for (i=0; i<num; i++) {
+                if (!(delitems[i] = aim_ssi_itemlist_finditem(sess->ssi.items, NULL, sn[i], type))) {
+                        free(delitems);
+                        return -EINVAL;
+                }
+                /* Remove the delitems from the item list */
+                if (sess->ssi.items == delitems[i]) {
+                        sess->ssi.items = sess->ssi.items->next;
+                } else {
+                        for (cur=sess->ssi.items; (cur->next && (cur->next!=delitems[i])); cur=cur->next);
+                        if (cur->next)
+                                cur->next = cur->next->next;
+                }
+        }
+        /* Send the del item SNAC */
+        aim_ssi_addmoddel(sess, conn, delitems, num, AIM_CB_SSI_DEL);
+        /* Free the items */
+        for (i=0; i<num; i++) {
+                if (delitems[i]->name)
+                        free(delitems[i]->name);
+                if (delitems[i]->data)
+                        aim_freetlvchain((aim_tlvlist_t **)&delitems[i]->data);
+                free(delitems[i]);
+        }
+        free(delitems);
+        /* Begin sending SSI SNACs */
+        aim_ssi_dispatch(sess, conn);
+        return 0;
+}
+/**
+ * Stores your permit/deny setting on the server, and starts using it.
+ *
+ * @param sess The oscar session.
+ * @param conn The bos connection for this session.
+ * @param permdeny Your permit/deny setting.  Can be one of the following:
+ *        1 - Allow all users
+ *        2 - Block all users
+ *        3 - Allow only the users below
+ *        4 - Block only the users below
+ *        5 - Allow only users on my buddy list
+ * @param vismask A bitmask of the class of users to whom you want to be
+ *        visible.  See the AIM_FLAG_BLEH #defines in aim.h
+ * @return Return 0 if no errors, otherwise return the error number.
+ */
+faim_export int aim_ssi_setpermdeny(aim_session_t *sess, aim_conn_t *conn, fu8_t permdeny, fu32_t vismask) {
+        struct aim_ssi_item *cur;
+        aim_tlv_t *tlv;
+        if (!sess || !conn)
+                return -EINVAL;
+        /* Look up the permit/deny settings item */
+        cur = aim_ssi_itemlist_finditem(sess->ssi.items, NULL, NULL, AIM_SSI_TYPE_PDINFO);
+        if (cur) {
+                /* The permit/deny item exists */
+                if (cur->data && (tlv = aim_gettlv(cur->data, 0x00ca, 1))) {
+                        /* Just change the value of the x00ca TLV */
+                        if (tlv->length != 1) {
+                                tlv->length = 1;
+                                free(tlv->value);
+                                tlv->value = (fu8_t *)malloc(sizeof(fu8_t));
+                        }
+                        tlv->value[0] = permdeny;
+                } else {
+                        /* Need to add the x00ca TLV to the TLV chain */
+                        aim_addtlvtochain8((aim_tlvlist_t**)&cur->data, 0x00ca, permdeny);
+                }
+                if (cur->data && (tlv = aim_gettlv(cur->data, 0x00cb, 1))) {
+                        /* Just change the value of the x00cb TLV */
+                        if (tlv->length != 4) {
+                                tlv->length = 4;
+                                free(tlv->value);
+                                tlv->value = (fu8_t *)malloc(4*sizeof(fu8_t));
+                        }
+                        aimutil_put32(tlv->value, vismask);
+                } else {
+                        /* Need to add the x00cb TLV to the TLV chain */
+                        aim_addtlvtochain32((aim_tlvlist_t**)&cur->data, 0x00cb, vismask);
+                }
+                /* Send the mod item SNAC */
+                aim_ssi_addmoddel(sess, conn, &cur, 1, AIM_CB_SSI_MOD);
+        } else {
+                /* Need to add the permit/deny item */
+                if (!(cur = aim_ssi_itemlist_add(&sess->ssi.items, NULL, NULL, AIM_SSI_TYPE_PDINFO)))
+                        return -ENOMEM;
+                aim_addtlvtochain8((aim_tlvlist_t**)&cur->data, 0x00ca, permdeny);
+                aim_addtlvtochain32((aim_tlvlist_t**)&cur->data, 0x00cb, vismask);
+                aim_ssi_addmoddel(sess, conn, &cur, 1, AIM_CB_SSI_ADD);
+        }
+        /* Begin sending SSI SNACs */
+        aim_ssi_dispatch(sess, conn);
+        return 0;
+}
+/**
+ * Stores your setting for whether you should show up as idle or not.
+ *
+ * @param sess The oscar session.
+ * @param conn The bos connection for this session.
+ * @param presence I think it's a bitmask, but I only know what one of the bits is:
+ *        0x00000400 - Allow others to see your idle time
+ * @return Return 0 if no errors, otherwise return the error number.
+ */
+faim_export int aim_ssi_setpresence(aim_session_t *sess, aim_conn_t *conn, fu32_t presence) {
+        struct aim_ssi_item *cur;
+        aim_tlv_t *tlv;
+        if (!sess || !conn)
+                return -EINVAL;
+        /* Look up the item */
+        cur = aim_ssi_itemlist_finditem(sess->ssi.items, NULL, NULL, AIM_SSI_TYPE_PRESENCEPREFS);
+        if (cur) {
+                /* The item exists */
+                if (cur->data && (tlv = aim_gettlv(cur->data, 0x00c9, 1))) {
+                        /* Just change the value of the x00c9 TLV */
+                        if (tlv->length != 4) {
+                                tlv->length = 4;
+                                free(tlv->value);
+                                tlv->value = (fu8_t *)malloc(4*sizeof(fu8_t));
+                        }
+                        aimutil_put32(tlv->value, presence);
+                } else {
+                        /* Need to add the x00c9 TLV to the TLV chain */
+                        aim_addtlvtochain32((aim_tlvlist_t**)&cur->data, 0x00c9, presence);
+                }
+                /* Send the mod item SNAC */
+                aim_ssi_addmoddel(sess, conn, &cur, 1, AIM_CB_SSI_MOD);
+        } else {
+                /* Need to add the item */
+                if (!(cur = aim_ssi_itemlist_add(&sess->ssi.items, NULL, NULL, AIM_SSI_TYPE_PRESENCEPREFS)))
+                        return -ENOMEM;
+                aim_addtlvtochain32((aim_tlvlist_t**)&cur->data, 0x00c9, presence);
+                aim_ssi_addmoddel(sess, conn, &cur, 1, AIM_CB_SSI_ADD);
+        }
+        /* Begin sending SSI SNACs */
+        aim_ssi_dispatch(sess, conn);
+        return 0;
+}
 /*
  * Request SSI Rights.
 …
 faim_export int aim_ssi_reqrights(aim_session_t *sess, aim_conn_t *conn)
+{
         return aim_genericreq_n(sess, conn, 0x0013, 0x0002);
+        return aim_genericreq_n(sess, conn, AIM_CB_FAM_SSI, AIM_CB_SSI_REQRIGHTS);
+}
 …
                 return -ENOMEM;
         snacid = aim_cachesnac(sess, 0x0013, 0x0005, 0x0000, NULL, 0);
         aim_putsnac(&fr->data, 0x0013, 0x0005, 0x0000, snacid);
+        snacid = aim_cachesnac(sess, AIM_CB_FAM_SSI, AIM_CB_SSI_REQLIST, 0x0000, NULL, 0);
+        aim_putsnac(&fr->data, AIM_CB_FAM_SSI, AIM_CB_SSI_REQLIST, 0x0000, snacid);
         aimbs_put32(&fr->data, localstamp);
         aimbs_put16(&fr->data, localrev);
 …
         int ret = 0;
         aim_rxcallback_t userfunc;
         struct aim_ssi_item *list = NULL;
+        struct aim_ssi_item *cur = NULL;
         fu8_t fmtver; /* guess */
+        fu16_t itemcount;
+        fu32_t stamp;
+        fmtver = aimbs_get8(bs);
+        itemcount = aimbs_get16(bs);
+        fu16_t revision;
+        fu32_t timestamp;
+        /* When you set the version for the SSI family to 2-4, the beginning of this changes.
+         * Instead of the version and then the revision, there is "0x0006" and then a type
+         * 0x0001 TLV containing the 2 byte SSI family version that you sent earlier.  Also,
+         * the SNAC flags go from 0x0000 to 0x8000.  I guess the 0x0006 is the length of the
+         * TLV(s) that follow.  The rights SNAC does the same thing, with the differing flag
+         * and everything.
+         */
+        fmtver = aimbs_get8(bs); /* Version of ssi data.  Should be 0x00 */
+        revision = aimbs_get16(bs); /* # of times ssi data has been modified */
+        if (revision != 0)
+                sess->ssi.revision = revision;
+        for (cur = sess->ssi.items; cur && cur->next; cur=cur->next) ;
         while (aim_bstream_empty(bs) > 4) { /* last four bytes are stamp */
                 fu16_t namelen, tbslen;
+                struct aim_ssi_item *nl, *el;
+                if (!(nl = malloc(sizeof(struct aim_ssi_item))))
+                        break;
+                memset(nl, 0, sizeof(struct aim_ssi_item));
+                if (!sess->ssi.items) {
+                        if (!(sess->ssi.items = malloc(sizeof(struct aim_ssi_item))))
+                                return -ENOMEM;
+                        cur = sess->ssi.items;
+                } else {
+                        if (!(cur->next = malloc(sizeof(struct aim_ssi_item))))
+                                return -ENOMEM;
+                        cur = cur->next;
+                }
+                memset(cur, 0, sizeof(struct aim_ssi_item));
                 if ((namelen = aimbs_get16(bs)))
                         nl->name = aimbs_getstr(bs, namelen);
                 nl->gid = aimbs_get16(bs);
                 nl->bid = aimbs_get16(bs);
                 nl->type = aimbs_get16(bs);
+                        cur->name = aimbs_getstr(bs, namelen);
+                cur->gid = aimbs_get16(bs);
+                cur->bid = aimbs_get16(bs);
+                cur->type = aimbs_get16(bs);
                 if ((tbslen = aimbs_get16(bs))) {
 …
                         aim_bstream_init(&tbs, bs->data + bs->offset /* XXX */, tbslen);
                         nl->data = (void *)aim_readtlvchain(&tbs);
+                        cur->data = (void *)aim_readtlvchain(&tbs);
                         aim_bstream_advance(bs, tbslen);
+                }
+                for (el = list; el && el->next; el = el->next)
+                        ;
+                if (el)
+                        el->next = nl;
+                else
+                        list = nl;
+        }
+        stamp = aimbs_get32(bs);
+        }
+        timestamp = aimbs_get32(bs);
+        if (timestamp != 0)
+                sess->ssi.timestamp = timestamp;
+        sess->ssi.received_data = 1;
         if ((userfunc = aim_callhandler(sess, rx->conn, snac->family, snac->subtype)))
+                ret = userfunc(sess, rx, fmtver, itemcount, stamp, list);
+        while (list) {
+                struct aim_ssi_item *tmp;
+                tmp = list->next;
+                aim_freetlvchain((aim_tlvlist_t **)&list->data);
+                free(list);
+                list = tmp;
+        }
+                ret = userfunc(sess, rx, fmtver, sess->ssi.revision, sess->ssi.timestamp, sess->ssi.items);
         return ret;
 …
 faim_export int aim_ssi_enable(aim_session_t *sess, aim_conn_t *conn)
+{
+        return aim_genericreq_n(sess, conn, 0x0013, 0x0007);
+        return aim_genericreq_n(sess, conn, AIM_CB_FAM_SSI, 0x0007);
+}
+/*
+ * SSI Add/Mod/Del Item(s).
+ *
+ * Sends the SNAC to add, modify, or delete an item from the server-stored
+ * information.  These 3 SNACs all have an identical structure.  The only
+ * difference is the subtype that is set for the SNAC.
+ *
+ */
+faim_export int aim_ssi_addmoddel(aim_session_t *sess, aim_conn_t *conn, struct aim_ssi_item **items, unsigned int num, fu16_t subtype)
+{
+        aim_frame_t *fr;
+        aim_snacid_t snacid;
+        int i, snaclen;
+        if (!sess || !conn || !items || !num)
+                return -EINVAL;
+        snaclen = 10; /* For family, subtype, flags, and SNAC ID */
+        for (i=0; i<num; i++) {
+                snaclen += 10; /* For length, GID, BID, type, and length */
+                if (items[i]->name)
+                        snaclen += strlen(items[i]->name);
+                if (items[i]->data)
+                        snaclen += aim_sizetlvchain((aim_tlvlist_t **)&items[i]->data);
+        }
+        if (!(fr = aim_tx_new(sess, conn, AIM_FRAMETYPE_FLAP, 0x02, snaclen)))
+                return -ENOMEM;
+        snacid = aim_cachesnac(sess, AIM_CB_FAM_SSI, subtype, 0x0000, NULL, 0);
+        aim_putsnac(&fr->data, AIM_CB_FAM_SSI, subtype, 0x0000, snacid);
+        for (i=0; i<num; i++) {
+                aimbs_put16(&fr->data, items[i]->name ? strlen(items[i]->name) : 0);
+                if (items[i]->name)
+                        aimbs_putraw(&fr->data, items[i]->name, strlen(items[i]->name));
+                aimbs_put16(&fr->data, items[i]->gid);
+                aimbs_put16(&fr->data, items[i]->bid);
+                aimbs_put16(&fr->data, items[i]->type);
+                aimbs_put16(&fr->data, items[i]->data ? aim_sizetlvchain((aim_tlvlist_t **)&items[i]->data) : 0);
+                if (items[i]->data)
+                        aim_writetlvchain(&fr->data, (aim_tlvlist_t **)&items[i]->data);
+        }
+        aim_ssi_enqueue(sess, conn, fr);
+        return 0;
+}
+/*
+ * SSI Add/Mod/Del Ack.
+ *
+ * Response to add, modify, or delete SNAC (sent with aim_ssi_addmoddel).
+ *
+ */
+static int parseack(aim_session_t *sess, aim_module_t *mod, aim_frame_t *rx, aim_modsnac_t *snac, aim_bstream_t *bs)
+{
+        int ret = 0;
+        aim_rxcallback_t userfunc;
+        sess->ssi.waiting_for_ack = 0;
+        aim_ssi_dispatch(sess, rx->conn);
+        if ((userfunc = aim_callhandler(sess, rx->conn, snac->family, snac->subtype)))
+                ret = userfunc(sess, rx);
+        return ret;
+}
 …
 faim_export int aim_ssi_modbegin(aim_session_t *sess, aim_conn_t *conn)
+{
         return aim_genericreq_n(sess, conn, 0x0013, 0x0011);
+        return aim_genericreq_n(sess, conn, AIM_CB_FAM_SSI, AIM_CB_SSI_EDITSTART);
+}
 …
 faim_export int aim_ssi_modend(aim_session_t *sess, aim_conn_t *conn)
+{
         return aim_genericreq_n(sess, conn, 0x0013, 0x0012);
+        return aim_genericreq_n(sess, conn, AIM_CB_FAM_SSI, AIM_CB_SSI_EDITSTOP);
+}
 …
         aim_rxcallback_t userfunc;
+        sess->ssi.received_data = 1;
         if ((userfunc = aim_callhandler(sess, rx->conn, snac->family, snac->subtype)))
                 ret = userfunc(sess, rx);
 …
+{
         if (snac->subtype == 0x0003)
+        if (snac->subtype == AIM_CB_SSI_RIGHTSINFO)
                 return parserights(sess, mod, rx, snac, bs);
         else if (snac->subtype == 0x006)
+        else if (snac->subtype == AIM_CB_SSI_LIST)
                 return parsedata(sess, mod, rx, snac, bs);
+        else if (snac->subtype == 0x00f)
+        else if (snac->subtype == AIM_CB_SSI_SRVACK)
+                return parseack(sess, mod, rx, snac, bs);
+        else if (snac->subtype == AIM_CB_SSI_NOLIST)
                 return parsedataunchanged(sess, mod, rx, snac, bs);
 …
+}
+static void ssi_shutdown(aim_session_t *sess, aim_module_t *mod)
+{
+        aim_ssi_freelist(sess);
+        return;
+}
 faim_internal int ssi_modfirst(aim_session_t *sess, aim_module_t *mod)
+{
         mod->family = 0x0013;
+        mod->family = AIM_CB_FAM_SSI;
         mod->version = 0x0001;
         mod->toolid = 0x0110;
 …
         strncpy(mod->name, "ssi", sizeof(mod->name));
         mod->snachandler = snachandler;
+        return 0;
+}
+        mod->shutdown = ssi_shutdown;
+        return 0;
+}

libfaim/stats.c

r5e53c4a	r862371b
	1	/*
	2	* Family 0x000b - Statistics.
	3	*
	4	*/
1	5
2	6	#define FAIM_INTERNAL

libfaim/tlv.c

-                      r5e53c4a
+                      r862371b
 /**
  * aim_readtlvchain - Read a TLV chain from a buffer.
+ * @buf: Input buffer
+ * @maxlen: Length of input buffer
+ * @param bs Input bstream
+ *
  * Reads and parses a series of TLV patterns from a data buffer; the
 …
+{
         aim_tlvlist_t *list = NULL, *cur;
         while (aim_bstream_empty(bs) > 0) {
                 fu16_t type, length;
 …
                 else {
+                        if (length > aim_bstream_empty(bs))
+                                goto errout;
+                        if (length > aim_bstream_empty(bs)) {
+                                aim_freetlvchain(&list);
+                                return NULL;
+                        }
                         cur = (aim_tlvlist_t *)malloc(sizeof(aim_tlvlist_t));
+                        if (!cur)
+                                goto errout;
+                        if (!cur) {
+                                aim_freetlvchain(&list);
+                                return NULL;
+                        }
                         memset(cur, 0, sizeof(aim_tlvlist_t));
                         cur->tlv = createtlv();
+                        cur->tlv = createtlv();
                         if (!cur->tlv) {
                                 free(cur);
+                                goto errout;
+                                aim_freetlvchain(&list);
+                                return NULL;
+                        }
                         cur->tlv->type = type;
 …
                                        freetlv(&cur->tlv);
                                        free(cur);
+                                       goto errout;
+                                       aim_freetlvchain(&list);
+                                       return NULL;
+                               }
+                        }
 …
         return list;
+errout:
+        aim_freetlvchain(&list);
+        return NULL;
+}
+/**
+ * aim_readtlvchain_num - Read a TLV chain from a buffer.
+ * @param bs Input bstream
+ * @param num The max number of TLVs that will be read, or -1 if unlimited.
+ *        There are a number of places where you want to read in a tlvchain,
+ *        but the chain is not at the end of the SNAC, and the chain is
+ *        preceeded by the number of TLVs.  So you can limit that.
+ *
+ * Reads and parses a series of TLV patterns from a data buffer; the
+ * returned structure is manipulatable with the rest of the TLV
+ * routines.  When done with a TLV chain, aim_freetlvchain() should
+ * be called to free the dynamic substructures.
+ *
+ * XXX There should be a flag setable here to have the tlvlist contain
+ * bstream references, so that at least the ->value portion of each
+ * element doesn't need to be malloc/memcpy'd.  This could prove to be
+ * just as effecient as the in-place TLV parsing used in a couple places
+ * in libfaim.
+ *
+ */
+faim_internal aim_tlvlist_t *aim_readtlvchain_num(aim_bstream_t *bs, fu16_t num)
+{
+        aim_tlvlist_t *list = NULL, *cur;
+        while ((aim_bstream_empty(bs) > 0) && (num != 0)) {
+                fu16_t type, length;
+                type = aimbs_get16(bs);
+                length = aimbs_get16(bs);
+                if (length > aim_bstream_empty(bs)) {
+                        aim_freetlvchain(&list);
+                        return NULL;
+                }
+                cur = (aim_tlvlist_t *)malloc(sizeof(aim_tlvlist_t));
+                if (!cur) {
+                        aim_freetlvchain(&list);
+                        return NULL;
+                }
+                memset(cur, 0, sizeof(aim_tlvlist_t));
+                cur->tlv = createtlv();
+                if (!cur->tlv) {
+                        free(cur);
+                        aim_freetlvchain(&list);
+                        return NULL;
+                }
+                cur->tlv->type = type;
+                if ((cur->tlv->length = length)) {
+                       cur->tlv->value = aimbs_getraw(bs, length);
+                       if (!cur->tlv->value) {
+                               freetlv(&cur->tlv);
+                               free(cur);
+                               aim_freetlvchain(&list);
+                               return NULL;
+                       }
+                }
+                num--;
+                cur->next = list;
+                list = cur;
+        }
+        return list;
+}
 …
 /**
  * aim_addtlvtochain_str - Add a string to a TLV chain
+ * aim_addtlvtochain_raw - Add a string to a TLV chain
  * @list: Desination chain (%NULL pointer if empty)
  * @type: TLV type
  * @str: String to add
  * @len: Length of string to add (not including %NULL)
+ * @t: TLV type
+ * @l: Length of string to add (not including %NULL)
+ * @v: String to add
+ *
  * Adds the passed string as a TLV element of the passed type
 …
  * aim_addtlvtochain16 - Add a 16bit integer to a TLV chain
  * @list: Destination chain
  * @type: TLV type to add
  * @val: Value to add
+ * @t: TLV type to add
+ * @v: Value to add
+ *
  * Adds a two-byte unsigned integer to a TLV chain.
 …
+}
 #endif

libfaim/translate.c

-                      r5e53c4a
+                      r862371b
 /*
+ * Family 0x000c - Translation.
+ *
  * I have no idea why this group was issued.  I have never seen anything
  * that uses it.  From what I remember, the last time I tried to poke at
 …
         return 0;
+}

libfaim/txqueue.c

-                      r5e53c4a
+                      r862371b
 /*
  *  aim_txqueue.c
+ * txqueue.c
+ *
  * Herein lies all the mangement routines for the transmit (Tx) queue.
 …
 #ifndef _WIN32
 #include <sys/socket.h>
+#else
+#include "win32dep.h"
 #endif
 …
+ *
  */
 faim_internal aim_frame_t *aim_tx_new(aim_session_t *sess, aim_conn_t *conn, fu8_t framing, fu8_t chan, int datalen)
+faim_internal aim_frame_t *aim_tx_new(aim_session_t *sess, aim_conn_t *conn, fu8_t framing, fu16_t chan, int datalen)
+{
         aim_frame_t *fr;
 …
         } else if (fr->hdrtype == AIM_FRAMETYPE_OFT) {
+                fr->hdr.oft.type = chan;
+                fr->hdr.oft.hdr2len = 0; /* this will get setup by caller */
+                fr->hdr.rend.type = chan;
         } else
 …
+{
         int wrote = 0;
         if (!bs || !conn || (count < 0))
                 return -EINVAL;
 …
                 count = aim_bstream_empty(bs); /* truncate to remaining space */
+        if (count)
+                wrote = aim_send(conn->fd, bs->data + bs->offset, count);
+        if (count) {
+                if ((conn->type == AIM_CONN_TYPE_RENDEZVOUS) &&
+                    (conn->subtype == AIM_CONN_SUBTYPE_OFT_DIRECTIM)) {
+                        /* I strongly suspect that this is a horrible thing to do
+                         * and I feel really guilty doing it. */
+                        const char *sn = aim_directim_getsn(conn);
+                        aim_rxcallback_t userfunc;
+                        while (count - wrote > 1024) {
+                                wrote = wrote + aim_send(conn->fd, bs->data + bs->offset + wrote, 1024);
+                                if ((userfunc=aim_callhandler(conn->sessv, conn,
+                                                              AIM_CB_FAM_SPECIAL,
+                                                              AIM_CB_SPECIAL_IMAGETRANSFER)))
+                                  userfunc(conn->sessv, NULL, sn,
+                                           count-wrote>1024 ? ((double)wrote / count) : 1);
+                        }
+                }
+                if (count - wrote) {
+                        wrote = wrote + aim_send(conn->fd, bs->data + bs->offset + wrote, count - wrote);
+                }
+        }
         if (((aim_session_t *)conn->sessv)->debug >= 2) {
 …
         obslen = aim_bstream_curpos(&obs);
         aim_bstream_rewind(&obs);
         if (aim_bstream_send(&obs, fr->conn, obslen) != obslen)
                 err = -errno;
 …
+}
+static int sendframe_oft(aim_session_t *sess, aim_frame_t *fr)
+{
+        aim_bstream_t hbs;
+        fu8_t *hbs_raw;
+        int hbslen;
+static int sendframe_rendezvous(aim_session_t *sess, aim_frame_t *fr)
+{
+        aim_bstream_t bs;
+        fu8_t *bs_raw;
         int err = 0;
+        hbslen = 8 + fr->hdr.oft.hdr2len;
+        if (!(hbs_raw = malloc(hbslen)))
+        int totlen = 8 + aim_bstream_curpos(&fr->data);
+        if (!(bs_raw = malloc(totlen)))
                 return -1;
+        aim_bstream_init(&hbs, hbs_raw, hbslen);
+        aimbs_putraw(&hbs, fr->hdr.oft.magic, 4);
+        aimbs_put16(&hbs, fr->hdr.oft.hdr2len + 8);
+        aimbs_put16(&hbs, fr->hdr.oft.type);
+        aimbs_putraw(&hbs, fr->hdr.oft.hdr2, fr->hdr.oft.hdr2len);
+        aim_bstream_rewind(&hbs);
+        if (aim_bstream_send(&hbs, fr->conn, hbslen) != hbslen) {
+        aim_bstream_init(&bs, bs_raw, totlen);
+        aimbs_putraw(&bs, fr->hdr.rend.magic, 4);
+        aimbs_put16(&bs, 8 + fr->hdr.rend.hdrlen);
+        aimbs_put16(&bs, fr->hdr.rend.type);
+        /* payload */
+        aim_bstream_rewind(&fr->data);
+        aimbs_putbs(&bs, &fr->data, totlen - 8);
+        aim_bstream_rewind(&bs);
+        if (aim_bstream_send(&bs, fr->conn, totlen) != totlen)
                 err = -errno;
+        } else if (aim_bstream_curpos(&fr->data)) {
+                int len;
+                len = aim_bstream_curpos(&fr->data);
+                aim_bstream_rewind(&fr->data);
+                if (aim_bstream_send(&fr->data, fr->conn, len) != len)
+                        err = -errno;
+        }
+        free(hbs_raw); /* XXX aim_bstream_free */
+        free(bs_raw); /* XXX aim_bstream_free */
         fr->handled = 1;
         fr->conn->lastactivity = time(NULL);
         return err;
 …
                 return sendframe_flap(sess, fr);
         else if (fr->hdrtype == AIM_FRAMETYPE_OFT)
                 return sendframe_oft(sess, fr);
+                return sendframe_rendezvous(sess, fr);
         return -1;
+}
 …
+ *
  */
 faim_export void aim_tx_cleanqueue(aim_session_t *sess, aim_conn_t *conn)
+faim_internal void aim_tx_cleanqueue(aim_session_t *sess, aim_conn_t *conn)
+{
         aim_frame_t *cur;
 …
         return;
+}

libfaim/util.c

r5e53c4a	r862371b
139	139	*
140	140	*/
141
142	141	faim_export int aim_sncmp(const char sn1, const char sn2)
143	142	{
…	…
205	204	return p;
206	205	}
207
208

Note: See TracChangeset for help on using the changeset viewer.

Context Navigation

Changeset 862371b for libfaim

Legend:

Download in other formats: