nchebrov/azerothcore-wotlk
1
0
Fork 0
mirror of https://github.com/mod-playerbots/azerothcore-wotlk.git synced 2026-01-18 03:15:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat(TOTP): use feature toggle via authserver.conf (#5978)

Browse Source 
* Revert "Revert "feat(Core/Auth): add AccountInfo helper (#5640)" (#5971)"

This reverts commit fe6db2ff96.

* feat(TOTP): use feature toggle via authserver.conf

* chore(wip): wip

* Update src/server/authserver/authserver.conf.dist

Co-authored-by: Kitzunu <24550914+Kitzunu@users.noreply.github.com>

Co-authored-by: Kitzunu <24550914+Kitzunu@users.noreply.github.com>
This commit is contained in:
Francesco Borzì
2021-05-21 09:56:52 +02:00
committed by GitHub
parent 983d4b5771
commit aab32e5f30
6 changed files with 398 additions and 395 deletions
Download Patch File Download Diff File Expand all files Collapse all files

316
src/server/game/Server/WorldSocket.cpp
View File

@@ -90,6 +90,58 @@ struct ClientPktHeader
#pragma pack(pop)
#endif
struct AccountInfo
{
uint32 Id;
::SessionKey SessionKey;
std::string LastIP;
bool IsLockedToIP;
std::string LockCountry;
uint8 Expansion;
int64 MuteTime;
LocaleConstant Locale;
uint32 Recruiter;
std::string OS;
bool IsRectuiter;
AccountTypes Security;
bool IsBanned;
uint32 TotalTime;
explicit AccountInfo(Field* fields)
{
// 0 1 2 3 4 5 6 7 8 9 10 11
// SELECT a.id, a.sessionkey, a.last_ip, a.locked, a.lock_country, a.expansion, a.mutetime, a.locale, a.recruiter, a.os, a.totaltime, aa.gmLevel,
// 12 13
// ab.unbandate > UNIX_TIMESTAMP() OR ab.unbandate = ab.bandate, r.id
// FROM account a
// LEFT JOIN account_access aa ON a.id = aa.AccountID AND aa.RealmID IN (-1, ?)
// LEFT JOIN account_banned ab ON a.id = ab.id
// LEFT JOIN account r ON a.id = r.recruiter
// WHERE a.username = ? ORDER BY aa.RealmID DESC LIMIT 1
Id = fields[0].GetUInt32();
SessionKey = fields[1].GetBinary<SESSION_KEY_LENGTH>();
LastIP = fields[2].GetString();
IsLockedToIP = fields[3].GetBool();
LockCountry = fields[4].GetString();
Expansion = fields[5].GetUInt8();
MuteTime = fields[6].GetInt64();
Locale = LocaleConstant(fields[7].GetUInt8());
Recruiter = fields[8].GetUInt32();
OS = fields[9].GetString();
TotalTime = fields[10].GetUInt32();
Security = AccountTypes(fields[11].GetUInt8());
IsBanned = fields[12].GetUInt64() != 0;
IsRectuiter = fields[13].GetUInt32() != 0;
uint32 world_expansion = sWorld->getIntConfig(CONFIG_EXPANSION);
if (Expansion > world_expansion)
Expansion = world_expansion;
if (Locale >= TOTAL_LOCALES)
Locale = LOCALE_enUS;
}
};
WorldSocket::WorldSocket(void): WorldHandler(),
m_LastPingTime(SystemTimePoint::min()), m_OverSpeedPings(0), m_Session(0),
m_RecvWPct(0), m_RecvPct(), m_Header(sizeof (ClientPktHeader)),
@@ -734,18 +786,11 @@ int WorldSocket::HandleAuthSession(WorldPacket& recvPacket)
uint32 loginServerID, loginServerType, regionID, battlegroupID, realm;
uint64 DosResponse;
uint32 BuiltNumberClient;
uint32 id, security;
uint32 TotalTime = 0;
bool skipQueue = false;
//uint8 expansion = 0;
LocaleConstant locale;
std::string account;
std::string accountName;
WorldPacket packet, SendAddonPacked;
std::array<uint8, 4> clientSeed;
acore::Crypto::SHA1::Digest digest;
bool wardenActive = sWorld->getBoolConfig(CONFIG_WARDEN_ENABLED);
if (sWorld->IsClosed())
{
packet.Initialize(SMSG_AUTH_RESPONSE, 1);
@@ -759,7 +804,7 @@ int WorldSocket::HandleAuthSession(WorldPacket& recvPacket)
// Read the content of the packet
recvPacket >> BuiltNumberClient; // for now no use
recvPacket >> loginServerID;
recvPacket >> account;
recvPacket >> accountName;
recvPacket >> loginServerType;
recvPacket.read(clientSeed);
recvPacket >> regionID;
@@ -769,15 +814,15 @@ int WorldSocket::HandleAuthSession(WorldPacket& recvPacket)
recvPacket.read(digest);
#if defined(ENABLE_EXTRAS) && defined(ENABLE_EXTRA_LOGS)
LOG_DEBUG("server", "WorldSocket::HandleAuthSession: client %u, loginServerID %u, account %s, loginServerType %u",
BuiltNumberClient, loginServerID, account.c_str(), loginServerType);
LOG_DEBUG("server", "WorldSocket::HandleAuthSession: client %u, loginServerID %u, accountName %s, loginServerType %u",
BuiltNumberClient, loginServerID, accountName.c_str(), loginServerType);
#endif
// Get the account information from the realmd database
// 0 1 2 3 4 5 6 7 8 9 10
// SELECT id, sessionkey, last_ip, locked, lock_country, expansion, mutetime, locale, recruiter, os, totaltime FROM account WHERE username = ?
PreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_ACCOUNT_INFO_BY_NAME);
stmt->setString(0, account);
auto* stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_ACCOUNT_INFO_BY_NAME);
stmt->setInt32(0, int32(realmID));
stmt->setString(1, accountName);
PreparedQueryResult result = LoginDatabase.Query(stmt);
@@ -785,8 +830,8 @@ int WorldSocket::HandleAuthSession(WorldPacket& recvPacket)
if (!result)
{
// We can not log here, as we do not know the account. Thus, no accountId.
packet.Initialize (SMSG_AUTH_RESPONSE, 1);
packet << uint8 (AUTH_UNKNOWN_ACCOUNT);
packet.Initialize(SMSG_AUTH_RESPONSE, 1);
packet << uint8(AUTH_UNKNOWN_ACCOUNT);
SendPacket(packet);
@@ -794,136 +839,55 @@ int WorldSocket::HandleAuthSession(WorldPacket& recvPacket)
return -1;
}
Field* fields = result->Fetch();
uint8 expansion = fields[5].GetUInt8();
uint32 world_expansion = sWorld->getIntConfig(CONFIG_EXPANSION);
if (expansion > world_expansion)
expansion = world_expansion;
AccountInfo account(result->Fetch());
// For hook purposes, we get Remoteaddress at this point
std::string address = GetRemoteAddress(); // Originally, this variable should be called address, but for some reason, that variable name was already on the core.
// As we don't know if attempted login process by ip works, we update last_attempt_ip right away
stmt = LoginDatabase.GetPreparedStatement(LOGIN_UPD_LAST_ATTEMPT_IP);
stmt->setString(0, address);
stmt->setString(1, account);
stmt->setString(1, accountName);
LoginDatabase.Execute(stmt);
// This also allows to check for possible "hack" attempts on account
// id has to be fetched at this point, so that first actual account response that fails can be logged
id = fields[0].GetUInt32();
// even if auth credentials are bad, try using the session key we have - client cannot read auth response error without it
m_Crypt.Init(account.SessionKey);
///- Re-check ip locking (same check as in realmd).
if (fields[3].GetUInt8() == 1) // if ip is locked
{
if (strcmp (fields[2].GetCString(), address.c_str()))
{
packet.Initialize (SMSG_AUTH_RESPONSE, 1);
packet << uint8 (AUTH_FAILED);
SendPacket(packet);
LOG_INFO("server", "WorldSocket::HandleAuthSession: Sent Auth Response (Account IP differs. Original IP: %s, new IP: %s).", fields[2].GetCString(), address.c_str());
// We could log on hook only instead of an additional db log, however action logger is config based. Better keep DB logging as well
sScriptMgr->OnFailedAccountLogin(id);
return -1;
}
}
/*
if (security > SEC_ADMINISTRATOR) // prevent invalid security settings in DB
security = SEC_ADMINISTRATOR;
*/
SessionKey sessionKey = fields[1].GetBinary<SESSION_KEY_LENGTH>();
int64 mutetime = fields[6].GetInt64();
//! Negative mutetime indicates amount of seconds to be muted effective on next login - which is now.
if (mutetime < 0)
{
mutetime = time(nullptr) + llabs(mutetime);
PreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_UPD_MUTE_TIME_LOGIN);
stmt->setInt64(0, mutetime);
stmt->setUInt32(1, id);
LoginDatabase.Execute(stmt);
}
locale = LocaleConstant (fields[7].GetUInt8());
if (locale >= TOTAL_LOCALES)
locale = LOCALE_enUS;
uint32 recruiter = fields[8].GetUInt32();
std::string os = fields[9].GetString();
TotalTime = fields[10].GetUInt32();
// Must be done before WorldSession is created
if (wardenActive && os != "Win" && os != "OSX")
// First reject the connection if packet contains invalid data or realm state doesn't allow logging in
if (sWorld->IsClosed())
{
packet.Initialize(SMSG_AUTH_RESPONSE, 1);
packet << uint8(AUTH_REJECT);
SendPacket(packet);
LOG_ERROR("server", "WorldSocket::HandleAuthSession: Client %s attempted to log in using invalid client OS (%s).", address.c_str(), os.c_str());
LOG_ERROR("server", "WorldSocket::HandleAuthSession: World closed, denying client (%s).", address.c_str());
sScriptMgr->OnFailedAccountLogin(account.Id);
return -1;
}
// Checks gmlevel per Realm
stmt = LoginDatabase.GetPreparedStatement(LOGIN_GET_GMLEVEL_BY_REALMID);
stmt->setUInt32(0, id);
stmt->setInt32(1, int32(realmID));
result = LoginDatabase.Query(stmt);
if (!result)
security = 0;
else
if (realm != realmID)
{
fields = result->Fetch();
security = fields[0].GetUInt8();
skipQueue = true;
}
// Re-check account ban (same check as in realmd)
stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_BANS);
stmt->setUInt32(0, id);
stmt->setString(1, address);
PreparedQueryResult banresult = LoginDatabase.Query(stmt);
if (banresult) // if account banned
{
packet.Initialize (SMSG_AUTH_RESPONSE, 1);
packet << uint8 (AUTH_BANNED);
packet.Initialize(SMSG_AUTH_RESPONSE, 1);
packet << uint8(REALM_LIST_REALM_NOT_FOUND);
SendPacket(packet);
LOG_ERROR("server", "WorldSocket::HandleAuthSession: Sent Auth Response (Account banned).");
sScriptMgr->OnFailedAccountLogin(id);
LOG_ERROR("server", "WorldSocket::HandleAuthSession: Client %s requested connecting with realm id %u but this realm has id %u set in config.",
address.c_str(), realm, realmID);
sScriptMgr->OnFailedAccountLogin(account.Id);
return -1;
}
// Check locked state for server
AccountTypes allowedAccountType = sWorld->GetPlayerSecurityLimit();
#if defined(ENABLE_EXTRAS) && defined(ENABLE_EXTRA_LOGS)
LOG_DEBUG("network", "Allowed Level: %u Player Level %u", allowedAccountType, AccountTypes(security));
#endif
if (AccountTypes(security) < allowedAccountType)
// Must be done before WorldSession is created
bool wardenActive = sWorld->getBoolConfig(CONFIG_WARDEN_ENABLED);
if (wardenActive && account.OS != "Win" && account.OS != "OSX")
{
WorldPacket Packet (SMSG_AUTH_RESPONSE, 1);
Packet << uint8 (AUTH_UNAVAILABLE);
packet.Initialize(SMSG_AUTH_RESPONSE, 1);
packet << uint8(AUTH_REJECT);
SendPacket(packet);
#if defined(ENABLE_EXTRAS) && defined(ENABLE_EXTRA_LOGS)
LOG_DEBUG("server", "WorldSocket::HandleAuthSession: User tries to login but his security level is not enough");
#endif
sScriptMgr->OnFailedAccountLogin(id);
LOG_ERROR("network", "WorldSocket::HandleAuthSession: Client %s attempted to log in using invalid client OS (%s).", address.c_str(), account.OS.c_str());
sScriptMgr->OnFailedAccountLogin(account.Id);
return -1;
}
@@ -931,89 +895,105 @@ int WorldSocket::HandleAuthSession(WorldPacket& recvPacket)
uint8 t[4] = { 0x00, 0x00, 0x00, 0x00 };
acore::Crypto::SHA1 sha;
sha.UpdateData (account);
sha.UpdateData(accountName);
sha.UpdateData(t);
sha.UpdateData(clientSeed);
sha.UpdateData(m_Seed);
sha.UpdateData(sessionKey);
sha.UpdateData(account.SessionKey);
sha.Finalize();
if (sha.GetDigest() != digest)
{
packet.Initialize (SMSG_AUTH_RESPONSE, 1);
packet << uint8 (AUTH_FAILED);
packet.Initialize(SMSG_AUTH_RESPONSE, 1);
packet << uint8(AUTH_FAILED);
SendPacket(packet);
LOG_ERROR("server", "WorldSocket::HandleAuthSession: Authentication failed for account: %u ('%s') address: %s", id, account.c_str(), address.c_str());
LOG_ERROR("server", "WorldSocket::HandleAuthSession: Authentication failed for account: %u ('%s') address: %s", account.Id, accountName.c_str(), address.c_str());
return -1;
}
#if defined(ENABLE_EXTRAS) && defined(ENABLE_EXTRA_LOGS)
LOG_DEBUG("server", "WorldSocket::HandleAuthSession: Client '%s' authenticated successfully from %s.",
account.c_str(),
address.c_str());
#endif
// Check if this user is by any chance a recruiter
stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_ACCOUNT_RECRUITER);
/*if (IpLocationRecord const* location = sIPLocation->GetLocationRecord(address))
_ipCountry = location->CountryCode;*/
stmt->setUInt32(0, id);
///- Re-check ip locking (same check as in auth).
if (account.IsLockedToIP)
{
if (account.LastIP != address)
{
packet.Initialize(SMSG_AUTH_RESPONSE, 1);
packet << uint8(AUTH_FAILED);
SendPacket(packet);
LOG_DEBUG("network", "WorldSocket::HandleAuthSession: Sent Auth Response (Account IP differs. Original IP: %s, new IP: %s).", account.LastIP.c_str(), address.c_str());
// We could log on hook only instead of an additional db log, however action logger is config based. Better keep DB logging as well
sScriptMgr->OnFailedAccountLogin(account.Id);
return -1;
}
}
//else if (!account.LockCountry.empty() && account.LockCountry != "00" && !_ipCountry.empty())
//{
// if (account.LockCountry != _ipCountry)
// {
// packet.Initialize(SMSG_AUTH_RESPONSE, 1);
// packet << uint8(AUTH_REJECT);
// LOG_DEBUG("network", "WorldSocket::HandleAuthSession: Sent Auth Response (Account country differs. Original country: %s, new country: %s).", account.LockCountry.c_str(), _ipCountry.c_str());
// // We could log on hook only instead of an additional db log, however action logger is config based. Better keep DB logging as well
// sScriptMgr->OnFailedAccountLogin(account.Id);
// return -1;
// }
//}
result = LoginDatabase.Query(stmt);
if (account.IsBanned)
{
packet.Initialize(SMSG_AUTH_RESPONSE, 1);
packet << uint8(AUTH_BANNED);
SendPacket(packet);
LOG_ERROR("network", "WorldSocket::HandleAuthSession: Sent Auth Response (Account banned).");
sScriptMgr->OnFailedAccountLogin(account.Id);
return -1;
}
bool isRecruiter = false;
if (result)
isRecruiter = true;
// Check locked state for server
AccountTypes allowedAccountType = sWorld->GetPlayerSecurityLimit();
LOG_DEBUG("network", "Allowed Level: %u Player Level %u", allowedAccountType, account.Security);
if (allowedAccountType > SEC_PLAYER && account.Security < allowedAccountType)
{
packet.Initialize(SMSG_AUTH_RESPONSE, 1);
packet << uint8(AUTH_UNAVAILABLE);
LOG_DEBUG("network", "WorldSocket::HandleAuthSession: User tries to login but his security level is not enough");
sScriptMgr->OnFailedAccountLogin(account.Id);
return -1;
}
LOG_DEBUG("network", "WorldSocket::HandleAuthSession: Client '%s' authenticated successfully from %s.", accountName.c_str(), address.c_str());
// Update the last_ip in the database as it was successful for login
stmt = LoginDatabase.GetPreparedStatement(LOGIN_UPD_LAST_IP);
stmt->setString(0, address);
stmt->setString(1, account);
stmt->setString(1, accountName);
LoginDatabase.Execute(stmt);
sScriptMgr->OnLastIpUpdate(id, address);
sScriptMgr->OnLastIpUpdate(account.Id, address);
bool skipQueue = false;
if (account.Security > SEC_PLAYER)
skipQueue = true;
// NOTE ATM the socket is single-threaded, have this in mind ...
ACE_NEW_RETURN(m_Session, WorldSession(id, this, AccountTypes(security), expansion, mutetime, locale, recruiter, isRecruiter, skipQueue, TotalTime), -1);
m_Crypt.Init(sessionKey);
// First reject the connection if packet contains invalid data or realm state doesn't allow logging in
if (sWorld->IsClosed())
{
packet.Initialize (SMSG_AUTH_RESPONSE, 1);
packet << uint8 (AUTH_REJECT);
SendPacket(packet);
LOG_ERROR("server", "WorldSocket::HandleAuthSession: World closed, denying client (%s).", address.c_str());
sScriptMgr->OnFailedAccountLogin(id);
return -1;
}
if (realm != realmID)
{
packet.Initialize (SMSG_AUTH_RESPONSE, 1);
packet << uint8 (REALM_LIST_REALM_NOT_FOUND);
SendPacket(packet);
LOG_ERROR("server", "WorldSocket::HandleAuthSession: Client %s requested connecting with realm id %u but this realm has id %u set in config.",
address.c_str(), realm, realmID);
sScriptMgr->OnFailedAccountLogin(id);
return -1;
}
ACE_NEW_RETURN(m_Session,
WorldSession(account.Id, this, AccountTypes(account.Security), account.Expansion, account.MuteTime, account.Locale, account.Recruiter, account.IsRectuiter, skipQueue, account.TotalTime), -1);
m_Session->LoadGlobalAccountData();
m_Session->LoadTutorialsData();
m_Session->ReadAddonsInfo(recvPacket);
// At this point, we can safely hook a successful login
sScriptMgr->OnAccountLogin(id);
sScriptMgr->OnAccountLogin(account.Id);
// Initialize Warden system only if it is enabled by config
if (wardenActive)
m_Session->InitWarden(sessionKey, os);
m_Session->InitWarden(account.SessionKey, account.OS);
// Sleep this Network thread for
uint32 sleepTime = sWorld->getIntConfig(CONFIG_SESSION_ADD_DELAY);