[go: nahoru, domu]
Skip to content

Commit

Permalink
Track md5 salt and sequence num in auth server
Browse files Browse the repository at this point in the history
  • Loading branch information
@DrewML
DrewML committed Dec 18, 2020
1 parent c4ccecb commit a1657ef
Show file tree
Hide file tree
Showing 2 changed files with 42 additions and 12 deletions.
48 changes: 39 additions & 9 deletions src/AIMAuthServer.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,10 @@ export class AIMAuthServer {
private server: Server;
private host: string;
private port: number;
private socketState: WeakMap<
Socket,
InstanceType<typeof SocketState>
> = new WeakMap();

constructor(opts: AIMAuthServerOpts = {}) {
this.host = opts.host ?? '0.0.0.0';
Expand All @@ -33,6 +37,12 @@ export class AIMAuthServer {
console.error('Server Error: ', error);
}

private getState(socket: Socket) {
const state = this.socketState.get(socket);
assert(state, 'Missing SocketState in AIMAuthServer');
return state;
}

/**
* @see http://web.archive.org/web/20080308233204/http://dev.aol.com/aim/oscar/#FLAP__SIGNON_FRAME
*/
Expand All @@ -47,37 +57,40 @@ export class AIMAuthServer {
socket.on('close', () => console.log('socket closed'));
socket.on('data', (data) => this.onSocketData(data, socket));

// Initialize state needed for auth requests
const socketState = new SocketState();
this.socketState.set(socket, socketState);

socket.write(
buildFlap({
channel: 1,
// TODO: Sequence numbers should be generated in an abstraction around socket.write,
// to prevent out-of-order sequences, which is a fatal error for an OSCAR client
sequence: 1,
sequence: socketState.claimSequenceID(),
data: Buffer.from([0x1]), // Flap version 1
}),
);

// TODO: Setup state for the connection
// Need to track some things, including the
// salt/challenge for hashed passwords
}

private onChannel1(flap: Flap, socket: Socket) {
private onChannel1(flap: Flap) {
const flapVersion = flap.data.readUInt32BE(0);
assert(flapVersion === 0x1, 'Incorrect client FLAP version');
}

private onChannel2(flap: Flap, socket: Socket) {
console.log('channel 2 flap', flap);
const snac = parseSnac(flap.data);
const state = this.getState(socket);

if (matchSnac(snac, 'AUTH', 'MD5_AUTH_REQUEST')) {
const authReq = parseAuthRequest(snac.data);
// Can be _any_ server generated string with len < size of u32 int
const authKey = Math.round(Math.random() * 1000).toString();
const authKey = state.setSalt(
Math.round(Math.random() * 1000).toString(),
);
const responseFlap = buildFlap({
channel: 2,
sequence: 2,
sequence: this.getState(socket).claimSequenceID(),
data: authKeyResponseSnac(authKey, snac.requestID),
});

Expand Down Expand Up @@ -121,7 +134,7 @@ export class AIMAuthServer {

if (!handler) {
console.warn(
`AIMAuthServer: Unrecognized FLAP channel "${flap.channel}"`,
`AIMAuthServer: Unrecognized FLAP channel "${flap.channel}". FLAP will be skipped`,
flap,
);
return;
Expand Down Expand Up @@ -150,3 +163,20 @@ export class AIMAuthServer {
interface ChannelHandlers {
[key: number]: (flap: Flap, socket: Socket) => void;
}

class SocketState {
private lastSequenceID: number = 0;
private salt: string | undefined;

claimSequenceID() {
return this.lastSequenceID++;
}

setSalt(salt: string) {
return (this.salt = salt);
}

getSalt() {
return this.salt;
}
}
6 changes: 3 additions & 3 deletions src/clientSnacs.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,9 +18,9 @@ export function parseAuthRequest(data: Buffer) {
*/
export function parseMD5LoginRequest(data: Buffer) {
const tlvs = parseTLVs(data);
const screenname = tlvs.first(TLVS.SCREENNAME);
const passwordHash = tlvs.first(TLVS.PASSWORD_HASH);
const clientID = tlvs.first(TLVS.CLIENT_ID_STRING);
const screenname = tlvs.first(TLVS.SCREENNAME).value.toString('ascii');
const passwordHash = tlvs.first(TLVS.PASSWORD_HASH).value.toString('ascii');
const clientID = tlvs.first(TLVS.CLIENT_ID_STRING).value.toString('ascii');

return { screenname, passwordHash, clientID };
}

0 comments on commit a1657ef

Please sign in to comment.