1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
|
// ---------------------------------------------------------------------------80
// ICQ plugin for Miranda Instant Messenger
// ________________________________________
//
// Copyright © 2000-2001 Richard Hughes, Roland Rabien, Tristan Van de Vreede
// Copyright © 2001-2002 Jon Keating, Richard Hughes
// Copyright © 2002-2004 Martin Öberg, Sam Kothari, Robert Rainwater
// Copyright © 2004-2010 Joe Kucera
//
// This program is free software; you can redistribute it and/or
// modify it under the terms of the GNU General Public License
// as published by the Free Software Foundation; either version 2
// of the License, or (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with this program; if not, write to the Free Software
// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
// -----------------------------------------------------------------------------
#include "icqoscar.h"
struct directthreadstartinfo
{
int type; // Only valid for outgoing connections
int incoming; // 1=incoming, 0=outgoing
HANDLE hConnection; // only valid for incoming connections, handle to the connection
MCONTACT hContact; // Only valid for outgoing connections
void* pvExtra; // Only valid for outgoing connections
};
static char client_check_data[] = {
"As part of this software beta version Mirabilis is "
"granting a limited access to the ICQ network, "
"servers, directories, listings, information and databases (\""
"ICQ Services and Information\"). The "
"ICQ Service and Information may databases (\""
"ICQ Services and Information\"). The "
"ICQ Service and Information may\0"
};
void CIcqProto::CloseContactDirectConns(MCONTACT hContact)
{
icq_lock l(directConnListMutex);
for (int i = 0; i < directConns.getCount(); i++) {
if (!hContact || directConns[i]->hContact == hContact) {
HANDLE hConnection = directConns[i]->hConnection;
directConns[i]->hConnection = NULL; // do not allow reuse
NetLib_CloseConnection(&hConnection, FALSE);
}
}
}
directconnect* CIcqProto::FindFileTransferDC(filetransfer* ft)
{
directconnect* dc = NULL;
icq_lock l(directConnListMutex);
for (int i = 0; i < directConns.getCount(); i++) {
if (directConns[i]->ft == ft) {
dc = directConns[i];
break;
}
}
return dc;
}
filetransfer* CIcqProto::FindExpectedFileRecv(DWORD dwUin, DWORD dwTotalSize)
{
filetransfer* pFt = NULL;
icq_lock l(expectedFileRecvMutex);
for (int i = 0; i < expectedFileRecvs.getCount(); i++) {
if (expectedFileRecvs[i]->dwUin == dwUin && expectedFileRecvs[i]->dwTotalSize == dwTotalSize) {
pFt = expectedFileRecvs[i];
expectedFileRecvs.remove(i);
break;
}
}
return pFt;
}
int CIcqProto::sendDirectPacket(directconnect* dc, icq_packet* pkt)
{
int nResult = Netlib_Send(dc->hConnection, (const char*)pkt->pData, pkt->wLen + 2, 0);
if (nResult == SOCKET_ERROR) {
NetLog_Direct("Direct %p socket error: %d, closing", dc->hConnection, GetLastError());
CloseDirectConnection(dc);
}
SAFE_FREE((void**)&pkt->pData);
return nResult;
}
directthreadstartinfo* CreateDTSI(MCONTACT hContact, HANDLE hConnection, int type)
{
directthreadstartinfo *dtsi = (directthreadstartinfo*)SAFE_MALLOC(sizeof(directthreadstartinfo));
dtsi->hContact = hContact;
dtsi->hConnection = hConnection;
if (type == -1)
dtsi->incoming = 1;
else
dtsi->type = type;
return dtsi;
}
// Check if we have an open and initialized DC with type
// 'type' to the specified contact
BOOL CIcqProto::IsDirectConnectionOpen(MCONTACT hContact, int type, int bPassive)
{
BOOL bIsOpen = FALSE, bIsCreated = FALSE;
{
icq_lock l(directConnListMutex);
for (int i = 0; i < directConns.getCount(); i++) {
if (directConns[i] && (directConns[i]->type == type)) {
if (directConns[i]->hContact == hContact)
if (directConns[i]->initialised) {
// Connection is OK
bIsOpen = TRUE;
// we are going to use the conn, so prevent timeout
directConns[i]->packetPending = 1;
break;
}
else
bIsCreated = TRUE; // we found pending connection
}
}
}
if (!bPassive && !bIsCreated && !bIsOpen && type == DIRECTCONN_STANDARD && m_bDCMsgEnabled == 2) { // do not try to open DC to offline contact
if (getContactStatus(hContact) == ID_STATUS_OFFLINE) return FALSE;
// do not try to open DC if previous attempt was not successfull
if (getByte(hContact, "DCStatus", 0)) return FALSE;
// Set DC status as tried
setByte(hContact, "DCStatus", 1);
// Create a new connection
OpenDirectConnection(hContact, DIRECTCONN_STANDARD, NULL);
}
return bIsOpen;
}
// This function is called from the Netlib when someone is connecting to
// one of our incomming DC ports
void icq_newConnectionReceived(HANDLE hNewConnection, DWORD dwRemoteIP, void *pExtra)
{
// Start a new thread for the incomming connection
CIcqProto* ppro = (CIcqProto*)pExtra;
ppro->ForkThread((CIcqProto::MyThreadFunc)&CIcqProto::icq_directThread, CreateDTSI(NULL, hNewConnection, -1));
}
// Opens direct connection of specified type to specified contact
void CIcqProto::OpenDirectConnection(MCONTACT hContact, int type, void* pvExtra)
{
// Create a new connection
directthreadstartinfo* dtsi = CreateDTSI(hContact, NULL, type);
dtsi->pvExtra = pvExtra;
ForkThread((MyThreadFunc)&CIcqProto::icq_directThread, dtsi);
}
// Safely close NetLib connection - do not corrupt direct connection list
void CIcqProto::CloseDirectConnection(directconnect *dc)
{
icq_lock l(directConnListMutex);
NetLib_CloseConnection(&dc->hConnection, FALSE);
#ifdef _DEBUG
if (dc->hConnection)
NetLog_Direct("Direct conn closed (%p)", dc->hConnection);
#endif
}
// Called from icq_newConnectionReceived when a new incomming dc is done
// Called from OpenDirectConnection when a new outgoing dc is done
// Called from SendDirectMessage when a new outgoing dc is done
void __cdecl CIcqProto::icq_directThread(directthreadstartinfo *dtsi)
{
directconnect dc = { 0 };
NETLIBPACKETRECVER packetRecv = { 0 };
HANDLE hPacketRecver;
BOOL bFirstPacket = TRUE;
int nSkipPacketBytes = 0;
DWORD dwReqMsgID1;
DWORD dwReqMsgID2;
srand(time(NULL));
{
// add to DC connection list
icq_lock l(directConnListMutex);
directConns.insert(&dc);
}
// Initialize DC struct
dc.hContact = dtsi->hContact;
dc.dwThreadId = GetCurrentThreadId();
dc.incoming = dtsi->incoming;
dc.hConnection = dtsi->hConnection;
dc.ft = NULL;
if (!dc.incoming) {
dc.type = dtsi->type;
dc.dwRemoteExternalIP = getDword(dtsi->hContact, "IP", 0);
dc.dwRemoteInternalIP = getDword(dtsi->hContact, "RealIP", 0);
dc.dwRemotePort = getWord(dtsi->hContact, "UserPort", 0);
dc.dwRemoteUin = getContactUin(dtsi->hContact);
dc.dwConnectionCookie = getDword(dtsi->hContact, "DirectCookie", 0);
dc.wVersion = getWord(dtsi->hContact, "Version", 0);
if (!dc.dwRemoteExternalIP && !dc.dwRemoteInternalIP) { // we do not have any ip, do not try to connect
SAFE_FREE((void**)&dtsi);
goto LBL_Exit;
}
if (!dc.dwRemotePort) { // we do not have port, do not try to connect
SAFE_FREE((void**)&dtsi);
goto LBL_Exit;
}
if (dc.type == DIRECTCONN_STANDARD) {
// do nothing - some specific init for msg sessions
}
else if (dc.type == DIRECTCONN_FILE) {
dc.ft = (filetransfer*)dtsi->pvExtra;
dc.dwRemotePort = dc.ft->dwRemotePort;
}
else if (dc.type == DIRECTCONN_REVERSE) {
cookie_reverse_connect *pCookie = (cookie_reverse_connect*)dtsi->pvExtra;
dwReqMsgID1 = pCookie->dwMsgID1;
dwReqMsgID2 = pCookie->dwMsgID2;
dc.dwReqId = (DWORD)pCookie->ft;
SAFE_FREE((void**)&pCookie);
}
}
else dc.type = DIRECTCONN_STANDARD;
SAFE_FREE((void**)&dtsi);
// Load local IP information
dc.dwLocalExternalIP = getDword("IP", 0);
dc.dwLocalInternalIP = getDword("RealIP", 0);
// Create outgoing DC
if (!dc.incoming) {
NETLIBOPENCONNECTION nloc = { 0 };
IN_ADDR addr = { 0 }, addr2 = { 0 };
if (dc.dwRemoteExternalIP == dc.dwLocalExternalIP && dc.dwRemoteInternalIP)
addr.S_un.S_addr = htonl(dc.dwRemoteInternalIP);
else {
addr.S_un.S_addr = htonl(dc.dwRemoteExternalIP);
// for different internal, try it also (for LANs with multiple external IP, VPNs, etc.)
if (dc.dwRemoteInternalIP != dc.dwRemoteExternalIP)
addr2.S_un.S_addr = htonl(dc.dwRemoteInternalIP);
}
// IP to connect to is empty, go away
if (!addr.S_un.S_addr)
goto LBL_Exit;
nloc.szHost = inet_ntoa(addr);
nloc.wPort = (WORD)dc.dwRemotePort;
nloc.timeout = 8; // 8 secs to connect
dc.hConnection = NetLib_OpenConnection(m_hDirectNetlibUser, dc.type == DIRECTCONN_REVERSE ? "Reverse " : NULL, &nloc);
if (!dc.hConnection && addr2.S_un.S_addr) { // first address failed, try second one if available
nloc.szHost = inet_ntoa(addr2);
dc.hConnection = NetLib_OpenConnection(m_hDirectNetlibUser, dc.type == DIRECTCONN_REVERSE ? "Reverse " : NULL, &nloc);
}
if (!dc.hConnection) {
if (CheckContactCapabilities(dc.hContact, CAPF_ICQDIRECT)) { // only if the contact support ICQ DC connections
if (dc.type != DIRECTCONN_REVERSE) { // try reverse connect
cookie_reverse_connect *pCookie = (cookie_reverse_connect*)SAFE_MALLOC(sizeof(cookie_reverse_connect));
DWORD dwCookie;
NetLog_Direct("connect() failed (%d), trying reverse.", GetLastError());
if (pCookie) { // init cookie
InitMessageCookie(pCookie);
pCookie->bMessageType = MTYPE_REVERSE_REQUEST;
pCookie->hContact = dc.hContact;
pCookie->dwUin = dc.dwRemoteUin;
pCookie->type = dc.type;
pCookie->ft = dc.ft;
dwCookie = AllocateCookie(CKT_REVERSEDIRECT, 0, dc.hContact, pCookie);
icq_sendReverseReq(&dc, dwCookie, (cookie_message_data*)pCookie);
goto LBL_Exit;
}
NetLog_Direct("Reverse failed (%s)", "malloc failed");
}
}
else // Set DC status to failed
setByte(dc.hContact, "DCStatus", 2);
if (dc.type == DIRECTCONN_REVERSE) // failed reverse connection
icq_sendReverseFailed(&dc, dwReqMsgID1, dwReqMsgID2, dc.dwReqId);
NetLog_Direct("connect() failed (%d)", GetLastError());
if (dc.type == DIRECTCONN_FILE) {
ProtoBroadcastAck(dc.ft->hContact, ACKTYPE_FILE, ACKRESULT_FAILED, dc.ft, 0);
// Release transfer
SafeReleaseFileTransfer((void**)&dc.ft);
}
goto LBL_Exit;
}
if (dc.type == DIRECTCONN_FILE)
dc.ft->hConnection = dc.hConnection;
if (dc.wVersion > 6)
sendPeerInit_v78(&dc);
else {
NetLog_Direct("Error: Unsupported direct protocol: %d, closing.", dc.wVersion);
CloseDirectConnection(&dc);
goto LBL_Exit;
}
}
hPacketRecver = (HANDLE)CallService(MS_NETLIB_CREATEPACKETRECVER, (WPARAM)dc.hConnection, 8192);
packetRecv.cbSize = sizeof(packetRecv);
packetRecv.bytesUsed = 0;
// Packet receiving loop
while (dc.hConnection) {
packetRecv.dwTimeout = dc.wantIdleTime ? 0 : 600000;
int recvResult = CallService(MS_NETLIB_GETMOREPACKETS, (WPARAM)hPacketRecver, (LPARAM)&packetRecv);
if (recvResult == 0) {
NetLog_Direct("Clean closure of direct socket (%p)", dc.hConnection);
break;
}
if (recvResult == SOCKET_ERROR) {
if (GetLastError() == ERROR_TIMEOUT) { // TODO: this will not work on some systems
if (dc.wantIdleTime) {
switch (dc.type) {
case DIRECTCONN_FILE:
handleFileTransferIdle(&dc);
break;
}
}
else if (dc.packetPending) { // do we expect packet soon?
NetLog_Direct("Keeping connection, packet pending.");
}
else {
NetLog_Direct("Connection inactive for 10 minutes, closing.");
break;
}
}
else {
NetLog_Direct("Abortive closure of direct socket (%p) (%d)", dc.hConnection, GetLastError());
break;
}
}
if (dc.type == DIRECTCONN_CLOSING)
packetRecv.bytesUsed = packetRecv.bytesAvailable;
else if (packetRecv.bytesAvailable < nSkipPacketBytes) { // the whole buffer needs to be skipped
nSkipPacketBytes -= packetRecv.bytesAvailable;
packetRecv.bytesUsed = packetRecv.bytesAvailable;
}
else {
int i;
for (i = nSkipPacketBytes, nSkipPacketBytes = 0; i + 2 <= packetRecv.bytesAvailable;) {
WORD wLen = *(WORD*)(packetRecv.buffer + i);
if (bFirstPacket) {
if (wLen > 64) { // roughly check first packet size
NetLog_Direct("Error: Overflowed packet, closing connection.");
CloseDirectConnection(&dc);
break;
}
bFirstPacket = FALSE;
}
else {
if (packetRecv.bytesAvailable >= i + 2 && wLen > 8190) { // check for too big packages
NetLog_Direct("Error: Package too big: %d bytes, skipping.");
nSkipPacketBytes = wLen;
packetRecv.bytesUsed = i + 2;
break;
}
}
if (wLen + 2 + i > packetRecv.bytesAvailable)
break;
if (dc.type == DIRECTCONN_STANDARD && wLen && packetRecv.buffer[i + 2] == 2) {
if (!DecryptDirectPacket(&dc, packetRecv.buffer + i + 3, (WORD)(wLen - 1))) {
NetLog_Direct("Error: Corrupted packet encryption, ignoring packet");
i += wLen + 2;
continue;
}
}
#ifdef _DEBUG
NetLog_Direct("New direct package");
#endif
if (dc.type == DIRECTCONN_FILE && dc.initialised)
handleFileTransferPacket(&dc, packetRecv.buffer + i + 2, wLen);
else
handleDirectPacket(&dc, packetRecv.buffer + i + 2, wLen);
i += wLen + 2;
}
packetRecv.bytesUsed = i;
}
}
// End of packet receiving loop
NetLib_SafeCloseHandle(&hPacketRecver);
CloseDirectConnection(&dc);
if (dc.ft) {
if (dc.ft->fileId != -1) {
_close(dc.ft->fileId);
ProtoBroadcastAck(dc.ft->hContact, ACKTYPE_FILE, dc.ft->dwBytesDone == dc.ft->dwTotalSize ? ACKRESULT_SUCCESS : ACKRESULT_FAILED, dc.ft, 0);
}
else if (dc.ft->hConnection)
ProtoBroadcastAck(dc.ft->hContact, ACKTYPE_FILE, ACKRESULT_FAILED, dc.ft, 0);
SafeReleaseFileTransfer((void**)&dc.ft);
_chdir("\\"); /* so we don't leave a subdir handle open so it can't be deleted */
}
LBL_Exit:
// remove from DC connection list
icq_lock l(directConnListMutex);
directConns.remove(&dc);
}
void CIcqProto::handleDirectPacket(directconnect* dc, PBYTE buf, WORD wLen)
{
if (wLen < 1)
return;
switch (buf[0]) {
case PEER_FILE_INIT: // first packet of a file transfer
#ifdef _DEBUG
NetLog_Direct("Received PEER_FILE_INIT from %u", dc->dwRemoteUin);
#endif
if (dc->handshake)
handleFileTransferPacket(dc, buf, wLen);
else
NetLog_Direct("Received %s on uninitialised DC, ignoring.", "PEER_FILE_INIT");
break;
case PEER_INIT_ACK: // This is sent as a response to our PEER_INIT packet
if (wLen != 4) {
NetLog_Direct("Error: Received malformed PEER_INITACK from %u", dc->dwRemoteUin);
break;
}
#ifdef _DEBUG
NetLog_Direct("Received PEER_INITACK from %u on %s DC", dc->dwRemoteUin, dc->incoming ? "incoming" : "outgoing");
#endif
if (dc->incoming) dc->handshake = 1;
if (dc->incoming && dc->type == DIRECTCONN_REVERSE) {
dc->incoming = 0;
cookie_reverse_connect *pCookie;
if (FindCookie(dc->dwReqId, NULL, (void**)&pCookie) && pCookie) { // valid reverse DC, check and init session
FreeCookie(dc->dwReqId);
if (pCookie->dwUin == dc->dwRemoteUin) { // valid connection
dc->type = pCookie->type;
dc->ft = (filetransfer*)pCookie->ft;
dc->hContact = pCookie->hContact;
if (dc->type == DIRECTCONN_STANDARD) { // init message session
sendPeerMsgInit(dc, 0);
}
else if (dc->type == DIRECTCONN_FILE) { // init file session
sendPeerFileInit(dc);
dc->initialised = 1;
}
SAFE_FREE((void**)&pCookie);
break;
}
else {
SAFE_FREE((void**)&pCookie);
NetLog_Direct("Error: Invalid connection (UINs does not match).");
CloseDirectConnection(dc);
return;
}
}
else {
NetLog_Direct("Error: Received unexpected reverse DC, closing.");
CloseDirectConnection(dc);
return;
}
}
break;
case PEER_INIT: /* connect packet */
#ifdef _DEBUG
NetLog_Direct("Received PEER_INIT");
#endif
buf++;
if (wLen < 3)
return;
unpackLEWord(&buf, &dc->wVersion);
if (dc->wVersion > 6) { // we support only versions 7 and up
WORD wSecondLen;
DWORD dwUin;
DWORD dwPort;
DWORD dwCookie;
MCONTACT hContact;
if (wLen != 0x30) {
NetLog_Direct("Error: Received malformed PEER_INIT");
return;
}
unpackLEWord(&buf, &wSecondLen);
if (wSecondLen && wSecondLen != 0x2b) { // OMG? GnomeICU sets this to zero
NetLog_Direct("Error: Received malformed PEER_INIT");
return;
}
unpackLEDWord(&buf, &dwUin);
if (dwUin != m_dwLocalUIN) {
NetLog_Direct("Error: Received PEER_INIT targeted to %u", dwUin);
CloseDirectConnection(dc);
return;
}
buf += 2; /* 00 00 */
unpackLEDWord(&buf, &dc->dwRemotePort);
unpackLEDWord(&buf, &dc->dwRemoteUin);
unpackDWord(&buf, &dc->dwRemoteExternalIP);
unpackDWord(&buf, &dc->dwRemoteInternalIP);
buf++; /* 04: accept direct connections */
unpackLEDWord(&buf, &dwPort);
if (dwPort != dc->dwRemotePort) {
NetLog_Direct("Error: Received malformed PEER_INIT (invalid port)");
return;
}
unpackLEDWord(&buf, &dwCookie);
buf += 8; // Unknown stuff
unpackLEDWord(&buf, &dc->dwReqId);
if (dc->dwRemoteUin || !dc->dwReqId) { // OMG! Licq sends on reverse connection empty uin
hContact = HContactFromUIN(dc->dwRemoteUin, NULL);
if (hContact == INVALID_CONTACT_ID) {
NetLog_Direct("Error: Received PEER_INIT from %u not on my list", dwUin);
CloseDirectConnection(dc);
return; /* don't allow direct connection with people not on my clist */
}
if (dc->incoming) { // this is the first PEER_INIT with our cookie
if (dwCookie != getDword(hContact, "DirectCookie", 0)) {
NetLog_Direct("Error: Received PEER_INIT with broken cookie");
CloseDirectConnection(dc);
return;
}
}
else { // this is the second PEER_INIT with peer cookie
if (dwCookie != dc->dwConnectionCookie) {
NetLog_Direct("Error: Received PEER_INIT with broken cookie");
CloseDirectConnection(dc);
return;
}
}
}
if (dc->incoming && dc->dwReqId) { // this is reverse connection
dc->type = DIRECTCONN_REVERSE;
if (!dc->dwRemoteUin) { // we need to load cookie (licq)
cookie_reverse_connect *pCookie;
if (FindCookie(dc->dwReqId, NULL, (void**)&pCookie) && pCookie) { // valid reverse DC, check and init session
dc->dwRemoteUin = pCookie->dwUin;
dc->hContact = pCookie->hContact;
}
else {
NetLog_Direct("Error: Received unexpected reverse DC, closing.");
CloseDirectConnection(dc);
return;
}
}
}
sendPeerInitAck(dc); // ack good PEER_INIT packet
if (dc->incoming) { // store good IP info
dc->hContact = hContact;
dc->dwConnectionCookie = dwCookie;
setDword(dc->hContact, "IP", dc->dwRemoteExternalIP);
setDword(dc->hContact, "RealIP", dc->dwRemoteInternalIP);
sendPeerInit_v78(dc); // reply with our PEER_INIT
}
else { // outgoing
dc->handshake = 1;
if (dc->type == DIRECTCONN_REVERSE) {
dc->incoming = 1; // this is incoming reverse connection
dc->type = DIRECTCONN_STANDARD; // we still do not know type
}
else if (dc->type == DIRECTCONN_STANDARD) { // send PEER_MSGINIT
sendPeerMsgInit(dc, 0);
}
else if (dc->type == DIRECTCONN_FILE) {
sendPeerFileInit(dc);
dc->initialised = 1;
}
}
// Set DC Status to successful
setByte(dc->hContact, "DCStatus", 0);
}
else {
NetLog_Direct("Unsupported direct protocol: %d, closing connection", dc->wVersion);
CloseDirectConnection(dc);
}
break;
case PEER_MSG: /* messaging packets */
#ifdef _DEBUG
NetLog_Direct("Received PEER_MSG from %u", dc->dwRemoteUin);
#endif
if (dc->initialised)
handleDirectMessage(dc, buf + 1, (WORD)(wLen - 1));
else
NetLog_Direct("Received %s on uninitialised DC, ignoring.", "PEER_MSG");
break;
case PEER_MSG_INIT: /* init message connection */
// it is sent by both contains GUID of message channel
if (!m_bDCMsgEnabled) { // DC messaging disabled, close connection
NetLog_Direct("Messaging DC requested, denied");
CloseDirectConnection(dc);
break;
}
#ifdef _DEBUG
NetLog_Direct("Received PEER_MSG_INIT from %u", dc->dwRemoteUin);
#endif
buf++;
if (wLen != 0x21)
break;
if (!dc->handshake) {
NetLog_Direct("Received %s on unitialised DC, ignoring.", "PEER_MSG_INIT");
break;
}
{
DWORD q1, q2, q3, q4;
buf += 4; /* always 10 */
buf += 4; /* some id */
buf += 4; /* sequence - always 0 on incoming */
unpackDWord(&buf, &q1); // session type GUID
unpackDWord(&buf, &q2);
if (!dc->incoming) // skip marker on sequence 1
buf += 4;
unpackDWord(&buf, &q3);
unpackDWord(&buf, &q4);
if (!CompareGUIDs(q1, q2, q3, q4, PSIG_MESSAGE)) { // This is not for normal messages, useless so kill.
if (CompareGUIDs(q1, q2, q3, q4, PSIG_STATUS_PLUGIN))
NetLog_Direct("Status Manager Plugin connections not supported, closing.");
else if (CompareGUIDs(q1, q2, q3, q4, PSIG_INFO_PLUGIN))
NetLog_Direct("Info Manager Plugin connection not supported, closing.");
else
NetLog_Direct("Unknown connection type init, closing.");
CloseDirectConnection(dc);
break;
}
}
if (dc->incoming) // reply with our PEER_MSG_INIT
sendPeerMsgInit(dc, 1);
NetLog_Direct("Direct message session ready.");
dc->initialised = 1;
break;
default:
NetLog_Direct("Unknown direct packet ignored.");
break;
}
}
void EncryptDirectPacket(directconnect* dc, icq_packet* p)
{
unsigned long B1;
unsigned long M1;
unsigned long check;
unsigned int i;
unsigned char X1;
unsigned char X2;
unsigned char X3;
unsigned char* buf = (unsigned char*)(p->pData + 3);
unsigned char bak[6];
unsigned long offset;
unsigned long key;
unsigned long hex;
unsigned long size = p->wLen - 1;
if (dc->wVersion < 4)
return; // no encryption necessary.
switch (dc->wVersion) {
case 4:
case 5:
offset = 6;
break;
default:
offset = 0;
}
// calculate verification data
M1 = (rand() % ((size < 255 ? size : 255) - 10)) + 10;
X1 = buf[M1] ^ 0xFF;
X2 = rand() % 220;
X3 = client_check_data[X2] ^ 0xFF;
if (offset) {
memcpy(bak, buf, sizeof(bak));
B1 = (buf[offset + 4] << 24) | (buf[offset + 6] << 16) | (buf[2] << 8) | buf[0];
}
else B1 = (buf[4] << 24) | (buf[6] << 16) | (buf[4] << 8) | (buf[6]);
// calculate checkcode
check = (M1 << 24) | (X1 << 16) | (X2 << 8) | X3;
check ^= B1;
// main XOR key
key = 0x67657268 * size + check;
// XORing the actual data
for (i = 0; i < (size + 3) / 4; i += 4) {
hex = key + client_check_data[i & 0xFF];
*(PDWORD)(buf + i) ^= hex;
}
// in TCPv4 are the first 6 bytes unencrypted
// so restore them
if (offset)
memcpy(buf, bak, sizeof(bak));
// storing the checkcode
*(PDWORD)(buf + offset) = check;
}
int DecryptDirectPacket(directconnect* dc, PBYTE buf, WORD wLen)
{
unsigned long hex;
unsigned long B1;
unsigned long M1;
unsigned int i;
unsigned char X1;
unsigned char X2;
unsigned char X3;
unsigned char bak[6];
unsigned long size = wLen;
if (dc->wVersion < 4)
return 1; // no decryption necessary.
if (size < 4)
return 1;
if (dc->wVersion < 4)
return 1;
// backup the first 6 bytes
unsigned long offset = (dc->wVersion == 4 || dc->wVersion == 5) ? 6 : 0;
if (offset)
memcpy(bak, buf, sizeof(bak));
// retrieve checkcode
unsigned long check = *(PDWORD)(buf + offset);
// main XOR key
unsigned long key = 0x67657268 * size + check;
for (i = 4; i < (size + 3) / 4; i += 4) {
hex = key + client_check_data[i & 0xFF];
*(PDWORD)(buf + i) ^= hex;
}
// retrive validate data
if (offset) {
// in TCPv4 are the first 6 bytes unencrypted
// so restore them
memcpy(buf, bak, sizeof(bak));
B1 = (buf[offset + 4] << 24) | (buf[offset + 6] << 16) | (buf[2] << 8) | buf[0];
}
else B1 = (buf[4] << 24) | (buf[6] << 16) | (buf[4] << 8) | (buf[6] << 0);
// special decryption
B1 ^= check;
// validate packet
M1 = (B1 >> 24) & 0xFF;
if (M1 < 10 || M1 >= size)
return 0;
X1 = buf[M1] ^ 0xFF;
if (((B1 >> 16) & 0xFF) != X1)
return 0;
X2 = (BYTE)((B1 >> 8) & 0xFF);
if (X2 < 220) {
X3 = client_check_data[X2] ^ 0xFF;
if ((B1 & 0xFF) != X3)
return 0;
}
return 1;
}
// This should be called only if connection already exists
int CIcqProto::SendDirectMessage(MCONTACT hContact, icq_packet *pkt)
{
icq_lock l(directConnListMutex);
for (int i = 0; i < directConns.getCount(); i++) {
if (directConns[i] == NULL)
continue;
if (directConns[i]->hContact == hContact) {
if (directConns[i]->initialised) {
// This connection can be reused, send packet and exit
NetLog_Direct("Sending direct message");
if (pkt->pData[2] == 2)
EncryptDirectPacket(directConns[i], pkt);
sendDirectPacket(directConns[i], pkt);
directConns[i]->packetPending = 0; // packet done
return TRUE; // Success
}
break; // connection not ready, use server instead
}
}
return FALSE; // connection pending, we failed, use server instead
}
// Sends a PEER_INIT packet through a DC
// -----------------------------------------------------------------------
// This packet is sent during direct connection initialization between two
// ICQ clients. It is sent by the originator of the connection to start
// the handshake and by the receiver directly after it has sent the
// PEER_ACK packet as a reply to the originator's PEER_INIT. The values
// after the COOKIE field have been added for v7.
void CIcqProto::sendPeerInit_v78(directconnect* dc)
{
icq_packet packet;
directPacketInit(&packet, 48);
packByte(&packet, PEER_INIT); // Command
packLEWord(&packet, dc->wVersion); // Version
packLEWord(&packet, 43); // Data length
packLEDWord(&packet, dc->dwRemoteUin); // UIN of remote user
packWord(&packet, 0); // Unknown
packLEDWord(&packet, wListenPort); // Our port
packLEDWord(&packet, m_dwLocalUIN); // Our UIN
packDWord(&packet, dc->dwLocalExternalIP); // Our external IP
packDWord(&packet, dc->dwLocalInternalIP); // Our internal IP
packByte(&packet, DC_TYPE); // TCP connection flags
packLEDWord(&packet, wListenPort); // Our port
packLEDWord(&packet, dc->dwConnectionCookie); // DC cookie
packLEDWord(&packet, WEBFRONTPORT); // Unknown
packLEDWord(&packet, CLIENTFEATURES); // Unknown
if (dc->type == DIRECTCONN_REVERSE)
packLEDWord(&packet, dc->dwReqId); // Reverse Request Cookie
else
packDWord(&packet, 0); // Unknown
sendDirectPacket(dc, &packet);
#ifdef _DEBUG
NetLog_Direct("Sent PEER_INIT to %u on %s DC", dc->dwRemoteUin, dc->incoming ? "incoming" : "outgoing");
#endif
}
// Sends a PEER_INIT packet through a DC
// -----------------------------------------------------------------------
// This is sent to acknowledge a PEER_INIT packet.
void CIcqProto::sendPeerInitAck(directconnect* dc)
{
icq_packet packet;
directPacketInit(&packet, 4); // Packet length
packLEDWord(&packet, PEER_INIT_ACK); //
sendDirectPacket(dc, &packet);
#ifdef _DEBUG
NetLog_Direct("Sent PEER_INIT_ACK to %u on %s DC", dc->dwRemoteUin, dc->incoming ? "incoming" : "outgoing");
#endif
}
// Sends a PEER_MSG_INIT packet through a DC
// -----------------------------------------------------------------------
// This packet starts message session.
void CIcqProto::sendPeerMsgInit(directconnect* dc, DWORD dwSeq)
{
icq_packet packet;
directPacketInit(&packet, 33);
packByte(&packet, PEER_MSG_INIT);
packLEDWord(&packet, 10); // unknown
packLEDWord(&packet, 1); // message connection
packLEDWord(&packet, dwSeq); // sequence is 0,1
if (!dwSeq) {
packGUID(&packet, PSIG_MESSAGE); // message type GUID
packLEWord(&packet, 1); // delimiter
packLEWord(&packet, 4);
}
else {
packDWord(&packet, 0); // first part of Message GUID
packDWord(&packet, 0);
packLEWord(&packet, 1); // delimiter
packLEWord(&packet, 4);
packDWord(&packet, 0); // second part of Message GUID
packDWord(&packet, 0);
}
sendDirectPacket(dc, &packet);
#ifdef _DEBUG
NetLog_Direct("Sent PEER_MSG_INIT to %u on %s DC", dc->dwRemoteUin, dc->incoming ? "incoming" : "outgoing");
#endif
}
// Sends a PEER_FILE_INIT packet through a DC
// -----------------------------------------------------------------------
// This packet configures file-transfer session.
void CIcqProto::sendPeerFileInit(directconnect* dc)
{
DBVARIANT dbv;
char* szNick;
dbv.type = DBVT_DELETED;
if (getString("Nick", &dbv))
szNick = "";
else
szNick = dbv.pszVal;
int nNickLen = strlennull(szNick);
icq_packet packet;
directPacketInit(&packet, (WORD)(20 + nNickLen));
packByte(&packet, PEER_FILE_INIT); /* packet type */
packLEDWord(&packet, 0); /* unknown */
packLEDWord(&packet, dc->ft->dwFileCount);
packLEDWord(&packet, dc->ft->dwTotalSize);
packLEDWord(&packet, dc->ft->dwTransferSpeed);
packLEWord(&packet, (WORD)(nNickLen + 1));
packBuffer(&packet, (LPBYTE)szNick, (WORD)(nNickLen + 1));
sendDirectPacket(dc, &packet);
#ifdef _DEBUG
NetLog_Direct("Sent PEER_FILE_INIT to %u on %s DC", dc->dwRemoteUin, dc->incoming ? "incoming" : "outgoing");
#endif
db_free(&dbv);
}
|
