nchebrov/azerothcore-wotlk
1
0
Fork 0
mirror of https://github.com/mod-playerbots/azerothcore-wotlk.git synced 2026-01-13 09:17:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

Revert "feat(Core/Auth): add AccountInfo helper (#5640)" (#5971)

Browse Source 
This reverts commit e50754d804.
This commit is contained in:
Kitzunu
2021-05-20 23:23:50 +02:00
committed by GitHub
parent dd69dcb1d8
commit fe6db2ff96
5 changed files with 399 additions and 393 deletions
Download Patch File Download Diff File Expand all files Collapse all files

434
src/server/authserver/Server/AuthSocket.cpp
View File

@@ -177,37 +177,13 @@ const AuthHandler table[] =
#define AUTH_TOTAL_COMMANDS 8
void AccountInfo::LoadResult(Field* fields)
{
// 0 1 2 3 4 5 6
//SELECT a.id, a.username, a.locked, a.lock_country, a.last_ip, a.failed_logins, ab.unbandate > UNIX_TIMESTAMP() OR ab.unbandate = ab.bandate,
// 7 8
// ab.unbandate = ab.bandate, aa.gmlevel (, more query-specific fields)
//FROM account a LEFT JOIN account_access aa ON a.id = aa.AccountID LEFT JOIN account_banned ab ON ab.id = a.id AND ab.active = 1 WHERE a.username = ?
Id = fields[0].GetUInt32();
Login = fields[1].GetString();
IsLockedToIP = fields[2].GetBool();
LockCountry = fields[3].GetString();
LastIP = fields[4].GetString();
FailedLogins = fields[5].GetUInt32();
IsBanned = fields[6].GetUInt64() != 0;
IsPermanenetlyBanned = fields[7].GetUInt64() != 0;
SecurityLevel = static_cast<AccountTypes>(fields[8].GetUInt8()) > SEC_CONSOLE ? SEC_CONSOLE : static_cast<AccountTypes>(fields[8].GetUInt8());
// Use our own uppercasing of the account name instead of using UPPER() in mysql query
// This is how the account was created in the first place and changing it now would result in breaking
// login for all accounts having accented characters in their name
Utf8ToUpperOnlyLatin(Login);
}
// Holds the MD5 hash of client patches present on the server
Patcher PatchesCache;
// Constructor - set the N and g values for SRP6
AuthSocket::AuthSocket(RealmSocket& socket) :
pPatch(nullptr), socket_(socket), _status(STATUS_CHALLENGE), _build(0),
_expversion(0)
_expversion(0), _accountSecurityLevel(SEC_PLAYER)
{
}
@@ -313,6 +289,30 @@ bool AuthSocket::_HandleLogonChallenge()
///- Session is closed unless overriden
_status = STATUS_CLOSED;
// pussywizard: logon flood protection:
{
std::lock_guard<std::mutex> guard(LastLoginAttemptMutex);
std::string ipaddr = socket().getRemoteAddress();
uint32 currTime = time(nullptr);
std::map<std::string, uint32>::iterator itr = LastLoginAttemptTimeForIP.find(ipaddr);
if (itr != LastLoginAttemptTimeForIP.end() && itr->second >= currTime)
{
ByteBuffer pkt;
pkt << uint8(AUTH_LOGON_CHALLENGE);
pkt << uint8(0x00);
pkt << uint8(WOW_FAIL_UNKNOWN_ACCOUNT);
socket().send((char const*)pkt.contents(), pkt.size());
return true;
}
if (LastLoginAttemptCleanTime + 60 < currTime)
{
LastLoginAttemptTimeForIP.clear();
LastLoginAttemptCleanTime = currTime;
}
else
LastLoginAttemptTimeForIP[ipaddr] = currTime;
}
// Read the first 4 bytes (header) to get the length of the remaining of the packet
std::vector<uint8> buf;
buf.resize(4);
@@ -351,9 +351,9 @@ bool AuthSocket::_HandleLogonChallenge()
EndianConvert(ch->timezone_bias);
EndianConvert(ch->ip);
std::string login((char const*)ch->I, ch->I_len);
LOG_DEBUG("server.authserver", "[AuthChallenge] '%s'", login.c_str());
ByteBuffer pkt;
_login = (const char*)ch->I;
_build = ch->build;
_expversion = uint8(AuthHelper::IsPostBCAcceptedClientBuild(_build) ? POST_BC_EXP_FLAG : (AuthHelper::IsPreBCAcceptedClientBuild(_build) ? PRE_BC_EXP_FLAG : NO_VALID_EXP_FLAG));
_os = (const char*)ch->os;
@@ -364,180 +364,188 @@ bool AuthSocket::_HandleLogonChallenge()
// Restore string order as its byte order is reversed
std::reverse(_os.begin(), _os.end());
ByteBuffer pkt;
pkt << uint8(AUTH_LOGON_CHALLENGE);
pkt << uint8(0x00);
auto SendAuthPacket = [&]()
{
socket().send((char const*)pkt.contents(), pkt.size());
};
// Verify that this IP is not in the ip_banned table
LoginDatabase.Execute(LoginDatabase.GetPreparedStatement(LOGIN_DEL_EXPIRED_IP_BANS));
std::string const& ipAddress = socket().getRemoteAddress();
uint32 port = socket().getRemotePort();
std::string const& ip_address = socket().getRemoteAddress();
PreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_IP_BANNED);
stmt->setString(0, ip_address);
// Get the account details from the account table
// No SQL injection (prepared statement)
auto stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_LOGONCHALLENGE);
stmt->setString(0, login);
PreparedQueryResult res2 = LoginDatabase.Query(stmt);
if (!res2) //no account
PreparedQueryResult result = LoginDatabase.Query(stmt);
if (result)
{
pkt << uint8(WOW_FAIL_UNKNOWN_ACCOUNT);
SendAuthPacket();
return true;
}
Field* fields = res2->Fetch();
_accountInfo.LoadResult(fields);
// If the IP is 'locked', check that the player comes indeed from the correct IP address
if (_accountInfo.IsLockedToIP)
{
LOG_DEBUG("server.authserver", "[AuthChallenge] Account '%s' is locked to IP - '%s' is logging in from '%s'", _accountInfo.Login.c_str(), _accountInfo.LastIP.c_str(), ipAddress.c_str());
if (_accountInfo.LastIP != ipAddress)
{
LOG_DEBUG("network", "[AuthChallenge] Account IP differs");
pkt << uint8(WOW_FAIL_LOCKED_ENFORCED);
SendAuthPacket();
return true;
}
pkt << uint8(WOW_FAIL_BANNED);
#if defined(ENABLE_EXTRAS) && defined(ENABLE_EXTRA_LOGS)
LOG_DEBUG("network", "'%s:%d' [AuthChallenge] Banned ip tries to login!", socket().getRemoteAddress().c_str(), socket().getRemotePort());
#endif
}
else
{
LOG_DEBUG("network", "[AuthChallenge] Account '%s' is not locked to ip", _accountInfo.Login.c_str());
// Get the account details from the account table
// No SQL injection (prepared statement)
stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_LOGONCHALLENGE);
stmt->setString(0, _login);
if (_accountInfo.LockCountry.empty() || _accountInfo.LockCountry == "00")
PreparedQueryResult res2 = LoginDatabase.Query(stmt);
if (res2)
{
LOG_DEBUG("network", "[AuthChallenge] Account '%s' is not locked to country", _accountInfo.Login.c_str());
}
else if (!_accountInfo.LockCountry.empty())
{
uint32 ip = inet_addr(ipAddress.c_str());
EndianConvertReverse(ip);
Field* fields = res2->Fetch();
stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_LOGON_COUNTRY);
stmt->setUInt32(0, ip);
if (PreparedQueryResult sessionCountryQuery = LoginDatabase.Query(stmt))
// If the IP is 'locked', check that the player comes indeed from the correct IP address
bool locked = false;
if (fields[1].GetUInt8() == 1) // if ip is locked
{
std::string loginCountry = (*sessionCountryQuery)[0].GetString();
LOG_DEBUG("network", "[AuthChallenge] Account '%s' is locked to country: '%s' Player country is '%s'", _accountInfo.Login.c_str(), _accountInfo.LockCountry.c_str(), loginCountry.c_str());
if (loginCountry != _accountInfo.LockCountry)
LOG_DEBUG("network", "[AuthChallenge] Account '%s' is locked to IP - '%s'", _login.c_str(), fields[2].GetCString());
LOG_DEBUG("network", "[AuthChallenge] Player address is '%s'", ip_address.c_str());
if (strcmp(fields[3].GetCString(), ip_address.c_str()) != 0)
{
LOG_DEBUG("network", "[AuthChallenge] Account country differs.");
pkt << uint8(WOW_FAIL_UNLOCKABLE_LOCK);
SendAuthPacket();
return true;
LOG_DEBUG("network", "[AuthChallenge] Account IP differs");
pkt << uint8(WOW_FAIL_LOCKED_ENFORCED);
locked = true;
}
else
LOG_DEBUG("network", "[AuthChallenge] Account IP matches");
}
else
{
LOG_DEBUG("network", "[AuthChallenge] Account '%s' is not locked to ip", _login.c_str());
std::string accountCountry = fields[2].GetString();
if (accountCountry.empty() || accountCountry == "00")
LOG_DEBUG("network", "[AuthChallenge] Account '%s' is not locked to country", _login.c_str());
else if (!accountCountry.empty())
{
uint32 ip = inet_addr(ip_address.c_str());
EndianConvertReverse(ip);
stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_LOGON_COUNTRY);
stmt->setUInt32(0, ip);
if (PreparedQueryResult sessionCountryQuery = LoginDatabase.Query(stmt))
{
std::string loginCountry = (*sessionCountryQuery)[0].GetString();
LOG_DEBUG("network", "[AuthChallenge] Account '%s' is locked to country: '%s' Player country is '%s'", _login.c_str(), accountCountry.c_str(), loginCountry.c_str());
if (loginCountry != accountCountry)
{
LOG_DEBUG("network", "[AuthChallenge] Account country differs.");
pkt << uint8(WOW_FAIL_UNLOCKABLE_LOCK);
locked = true;
}
else
LOG_DEBUG("network", "[AuthChallenge] Account country matches");
}
else
LOG_DEBUG("network", "[AuthChallenge] IP2NATION Table empty");
}
}
uint8 securityFlags = 0;
_totpSecret = fields[7].GetBinary();
// Check if a TOTP token is needed
if (!_totpSecret || !_totpSecret.value().empty())
{
securityFlags = 4;
if (auto const& secret = sSecretMgr->GetSecret(SECRET_TOTP_MASTER_KEY))
{
bool success = acore::Crypto::AEDecrypt<acore::Crypto::AES>(*_totpSecret, *secret);
if (!success)
{
pkt << uint8(WOW_FAIL_DB_BUSY);
LOG_ERROR("server.authserver", "[AuthChallenge] Account '%s' has invalid ciphertext for TOTP token key stored", _login.c_str());
locked = true;
}
}
}
if (!locked)
{
//set expired bans to inactive
LoginDatabase.DirectExecute(LoginDatabase.GetPreparedStatement(LOGIN_UPD_EXPIRED_ACCOUNT_BANS));
// If the account is banned, reject the logon attempt
stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_ACCOUNT_BANNED);
stmt->setUInt32(0, fields[0].GetUInt32());
PreparedQueryResult banresult = LoginDatabase.Query(stmt);
if (banresult)
{
if ((*banresult)[0].GetUInt32() == (*banresult)[1].GetUInt32())
{
pkt << uint8(WOW_FAIL_BANNED);
LOG_DEBUG("network", "'%s:%d' [AuthChallenge] Banned account %s tried to login!", socket().getRemoteAddress().c_str(), socket().getRemotePort(), _login.c_str());
}
else
{
pkt << uint8(WOW_FAIL_SUSPENDED);
LOG_DEBUG("network", "'%s:%d' [AuthChallenge] Temporarily banned account %s tried to login!", socket().getRemoteAddress().c_str(), socket().getRemotePort(), _login.c_str());
}
}
else
{
_srp6.emplace(_login, fields[5].GetBinary<acore::Crypto::SRP6::SALT_LENGTH>(), fields[6].GetBinary<acore::Crypto::SRP6::VERIFIER_LENGTH>());
BigNumber unk3;
unk3.SetRand(16 * 8);
// Fill the response packet with the result
if (AuthHelper::IsAcceptedClientBuild(_build))
pkt << uint8(WOW_SUCCESS);
else
pkt << uint8(WOW_FAIL_VERSION_INVALID);
// B may be calculated < 32B so we force minimal length to 32B
pkt.append(_srp6->B);
pkt << uint8(1);
pkt.append(_srp6->g);
pkt << uint8(32);
pkt.append(_srp6->N);
pkt.append(_srp6->s);
pkt.append(unk3.ToByteArray<16>());
pkt << uint8(securityFlags); // security flags (0x0...0x04)
if (securityFlags & 0x01) // PIN input
{
pkt << uint32(0);
pkt << uint64(0) << uint64(0); // 16 bytes hash?
}
if (securityFlags & 0x02) // Matrix input
{
pkt << uint8(0);
pkt << uint8(0);
pkt << uint8(0);
pkt << uint8(0);
pkt << uint64(0);
}
if (securityFlags & 0x04) // Security token input
pkt << uint8(1);
uint8 secLevel = fields[4].GetUInt8();
_accountSecurityLevel = secLevel <= SEC_ADMINISTRATOR ? AccountTypes(secLevel) : SEC_ADMINISTRATOR;
_localizationName.resize(4);
for (int i = 0; i < 4; ++i)
_localizationName[i] = ch->country[4 - i - 1];
LOG_DEBUG("network", "'%s:%d' [AuthChallenge] account %s is using '%c%c%c%c' locale (%u)",
socket().getRemoteAddress().c_str(), socket().getRemotePort(), _login.c_str(), ch->country[3], ch->country[2], ch->country[1], ch->country[0], GetLocaleByName(_localizationName));
///- All good, await client's proof
_status = STATUS_LOGON_PROOF;
}
}
}
else //no account
pkt << uint8(WOW_FAIL_UNKNOWN_ACCOUNT);
}
// If the account is banned, reject the logon attempt
if (_accountInfo.IsBanned)
{
if (_accountInfo.IsPermanenetlyBanned)
{
pkt << uint8(WOW_FAIL_BANNED);
LOG_DEBUG("server.authserver.banned", "'%s:%d' [AuthChallenge] Banned account %s tried to login!", ipAddress.c_str(), port, _accountInfo.Login.c_str());
}
else
{
pkt << uint8(WOW_FAIL_SUSPENDED);
LOG_DEBUG("server.authserver.banned", "'%s:%d' [AuthChallenge] Temporarily banned account %s tried to login!", ipAddress.c_str(), port, _accountInfo.Login.c_str());
}
SendAuthPacket();
return true;
}
uint8 securityFlags = 0;
// Check if a TOTP token is needed
if (!fields[9].IsNull())
{
LOG_DEBUG("server.authserver", "[AuthChallenge] Account '%s' using TOTP", _accountInfo.Login.c_str());
securityFlags = 4;
_totpSecret = fields[9].GetBinary();
if (auto const& secret = sSecretMgr->GetSecret(SECRET_TOTP_MASTER_KEY))
{
bool success = acore::Crypto::AEDecrypt<acore::Crypto::AES>(*_totpSecret, *secret);
if (!success)
{
pkt << uint8(WOW_FAIL_DB_BUSY);
LOG_ERROR("server.authserver", "[AuthChallenge] Account '%s' has invalid ciphertext for TOTP token key stored", _accountInfo.Login.c_str());
SendAuthPacket();
return true;
}
}
}
_srp6.emplace(
_accountInfo.Login,
fields[10].GetBinary<acore::Crypto::SRP6::SALT_LENGTH>(),
fields[11].GetBinary<acore::Crypto::SRP6::VERIFIER_LENGTH>());
BigNumber unk3;
unk3.SetRand(16 * 8);
// Fill the response packet with the result
if (!AuthHelper::IsAcceptedClientBuild(_build))
{
pkt << uint8(WOW_FAIL_VERSION_INVALID);
SendAuthPacket();
return true;
}
pkt << uint8(WOW_SUCCESS);
// B may be calculated < 32B so we force minimal length to 32B
pkt.append(_srp6->B);
pkt << uint8(1);
pkt.append(_srp6->g);
pkt << uint8(32);
pkt.append(_srp6->N);
pkt.append(_srp6->s);
pkt.append(unk3.ToByteArray<16>());
pkt << uint8(securityFlags); // security flags (0x0...0x04)
if (securityFlags & 0x01) // PIN input
{
pkt << uint32(0);
pkt << uint64(0) << uint64(0); // 16 bytes hash?
}
if (securityFlags & 0x02) // Matrix input
{
pkt << uint8(0);
pkt << uint8(0);
pkt << uint8(0);
pkt << uint8(0);
pkt << uint64(0);
}
if (securityFlags & 0x04) // Security token input
pkt << uint8(1);
_localizationName.resize(4);
for (int i = 0; i < 4; ++i)
_localizationName[i] = ch->country[4 - i - 1];
LOG_DEBUG("network", "'%s:%d' [AuthChallenge] account %s is using locale (%u)",
ipAddress.c_str(), port, _accountInfo.Login.c_str(), GetLocaleByName(_localizationName));
///- All good, await client's proof
_status = STATUS_LOGON_PROOF;
SendAuthPacket();
socket().send((char const*)pkt.contents(), pkt.size());
return true;
}
@@ -551,9 +559,7 @@ bool AuthSocket::_HandleLogonProof()
sAuthLogonProof_C lp;
if (!socket().recv((char*)&lp, sizeof(sAuthLogonProof_C)))
{
return false;
}
_status = STATUS_CLOSED;
@@ -561,7 +567,9 @@ bool AuthSocket::_HandleLogonProof()
if (_expversion == NO_VALID_EXP_FLAG)
{
// Check if we have the appropriate patch on the disk
#if defined(ENABLE_EXTRAS) && defined(ENABLE_EXTRA_LOGS)
LOG_DEBUG("network", "Client with invalid version, patching is not implemented");
#endif
socket().shutdown();
return true;
}
@@ -569,7 +577,9 @@ bool AuthSocket::_HandleLogonProof()
if (std::optional<SessionKey> K = _srp6->VerifyChallengeResponse(lp.A, lp.clientM))
{
_sessionKey = *K;
LOG_DEBUG("network", "'%s:%d' User '%s' successfully authenticated", socket().getRemoteAddress().c_str(), socket().getRemotePort(), _accountInfo.Login.c_str());
#if defined(ENABLE_EXTRAS) && defined(ENABLE_EXTRA_LOGS)
LOG_DEBUG("network", "'%s:%d' User '%s' successfully authenticated", socket().getRemoteAddress().c_str(), socket().getRemotePort(), _login.c_str());
#endif
// Update the sessionkey, last_ip, last login time and reset number of failed logins in the account table for this account
// No SQL injection (escaped user name) and IP address as received by socket
@@ -578,7 +588,7 @@ bool AuthSocket::_HandleLogonProof()
stmt->setString(1, socket().getRemoteAddress().c_str());
stmt->setUInt32(2, GetLocaleByName(_localizationName));
stmt->setString(3, _os);
stmt->setString(4, _accountInfo.Login);
stmt->setString(4, _login);
LoginDatabase.DirectExecute(stmt);
// Finish SRP6 and send the final result to the client
@@ -604,13 +614,6 @@ bool AuthSocket::_HandleLogonProof()
else if (!sentToken && !_totpSecret)
tokenSuccess = true;
if (!tokenSuccess)
{
LOG_DEBUG("server.authsrver", "[AuthChallenge] account %s failed token", _accountInfo.Login.c_str());
char data[4] = { AUTH_LOGON_PROOF, WOW_FAIL_UNKNOWN_ACCOUNT, 3, 0 };
socket().send(data, sizeof(data));
}
if (_expversion & POST_BC_EXP_FLAG) // 2.x and 3.x clients
{
sAuthLogonProof_S proof;
@@ -632,6 +635,12 @@ bool AuthSocket::_HandleLogonProof()
socket().send((char*)&proof, sizeof(proof));
}
if (!tokenSuccess)
{
char data[4] = { AUTH_LOGON_PROOF, WOW_FAIL_UNKNOWN_ACCOUNT, 3, 0 };
socket().send(data, sizeof(data));
}
///- Set _status to authed!
_status = STATUS_AUTHED;
}
@@ -641,7 +650,7 @@ bool AuthSocket::_HandleLogonProof()
socket().send(data, sizeof(data));
#if defined(ENABLE_EXTRAS) && defined(ENABLE_EXTRA_LOGS)
LOG_DEBUG("network", "'%s:%d' [AuthChallenge] account %s tried to login with invalid password!", socket().getRemoteAddress().c_str(), socket().getRemotePort(), _accountInfo.Login.c_str());
LOG_DEBUG("network", "'%s:%d' [AuthChallenge] account %s tried to login with invalid password!", socket().getRemoteAddress().c_str(), socket().getRemotePort(), _login.c_str());
#endif
uint32 MaxWrongPassCount = sConfigMgr->GetOption<int32>("WrongPass.MaxCount", 0);
@@ -650,7 +659,7 @@ bool AuthSocket::_HandleLogonProof()
if (sConfigMgr->GetOption<bool>("WrongPass.Logging", false))
{
PreparedStatement* logstmt = LoginDatabase.GetPreparedStatement(LOGIN_INS_FALP_IP_LOGGING);
logstmt->setString(0, _accountInfo.Login);
logstmt->setString(0, _login);
logstmt->setString(1, socket().getRemoteAddress());
logstmt->setString(2, "Logged on failed AccountLogin due wrong password");
@@ -661,11 +670,11 @@ bool AuthSocket::_HandleLogonProof()
{
//Increment number of failed logins by one and if it reaches the limit temporarily ban that account or IP
PreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_UPD_FAILEDLOGINS);
stmt->setString(0, _accountInfo.Login);
stmt->setString(0, _login);
LoginDatabase.Execute(stmt);
stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_FAILEDLOGINS);
stmt->setString(0, _accountInfo.Login);
stmt->setString(0, _login);
if (PreparedQueryResult loginfail = LoginDatabase.Query(stmt))
{
@@ -685,7 +694,7 @@ bool AuthSocket::_HandleLogonProof()
LoginDatabase.Execute(stmt);
#if defined(ENABLE_EXTRAS) && defined(ENABLE_EXTRA_LOGS)
LOG_DEBUG("network", "'%s:%d' [AuthChallenge] account %s got banned for '%u' seconds because it failed to authenticate '%u' times", socket().getRemoteAddress().c_str(), socket().getRemotePort(), _accountInfo.Login.c_str(), WrongPassBanTime, failed_logins);
LOG_DEBUG("network", "'%s:%d' [AuthChallenge] account %s got banned for '%u' seconds because it failed to authenticate '%u' times", socket().getRemoteAddress().c_str(), socket().getRemotePort(), _login.c_str(), WrongPassBanTime, failed_logins);
#endif
}
else
@@ -697,7 +706,7 @@ bool AuthSocket::_HandleLogonProof()
#if defined(ENABLE_EXTRAS) && defined(ENABLE_EXTRA_LOGS)
LOG_DEBUG("network", "'%s:%d' [AuthChallenge] IP %s got banned for '%u' seconds because account %s failed to authenticate '%u' times",
socket().getRemoteAddress().c_str(), socket().getRemotePort(), socket().getRemoteAddress().c_str(), WrongPassBanTime, _accountInfo.Login.c_str(), failed_logins);
socket().getRemoteAddress().c_str(), socket().getRemotePort(), socket().getRemoteAddress().c_str(), WrongPassBanTime, _login.c_str(), failed_logins);
#endif
}
}
@@ -748,24 +757,20 @@ bool AuthSocket::_HandleReconnectChallenge()
LOG_DEBUG("network", "[ReconnectChallenge] name(%d): '%s'", ch->I_len, ch->I);
#endif
std::string login((char const*)ch->I, ch->I_len);
auto* stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_RECONNECTCHALLENGE);
stmt->setString(0, login);
_login = (const char*)ch->I;
PreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_SESSIONKEY);
stmt->setString(0, _login);
PreparedQueryResult result = LoginDatabase.Query(stmt);
// Stop if the account is not found
if (!result)
{
LOG_ERROR("server", "'%s:%d' [ERROR] user %s tried to login and we cannot find his session key in the database.", socket().getRemoteAddress().c_str(), socket().getRemotePort(), login.c_str());
LOG_ERROR("server", "'%s:%d' [ERROR] user %s tried to login and we cannot find his session key in the database.", socket().getRemoteAddress().c_str(), socket().getRemotePort(), _login.c_str());
socket().shutdown();
return false;
}
Field* fields = result->Fetch();
_accountInfo.LoadResult(fields);
// Reinitialize build, expansion and the account securitylevel
_build = ch->build;
_expversion = uint8(AuthHelper::IsPostBCAcceptedClientBuild(_build) ? POST_BC_EXP_FLAG : (AuthHelper::IsPreBCAcceptedClientBuild(_build) ? PRE_BC_EXP_FLAG : NO_VALID_EXP_FLAG));
@@ -777,7 +782,11 @@ bool AuthSocket::_HandleReconnectChallenge()
// Restore string order as its byte order is reversed
std::reverse(_os.begin(), _os.end());
_sessionKey = fields[9].GetBinary<SESSION_KEY_LENGTH>();
Field* fields = result->Fetch();
uint8 secLevel = fields[2].GetUInt8();
_accountSecurityLevel = secLevel <= SEC_ADMINISTRATOR ? AccountTypes(secLevel) : SEC_ADMINISTRATOR;
_sessionKey = fields[0].GetBinary<SESSION_KEY_LENGTH>();
acore::Crypto::GetRandomBytes(_reconnectProof);
///- All good, await client's proof
@@ -806,14 +815,14 @@ bool AuthSocket::_HandleReconnectProof()
_status = STATUS_CLOSED;
if (_accountInfo.Login.empty())
if (_login.empty())
return false;
BigNumber t1;
t1.SetBinary(lp.R1, 16);
acore::Crypto::SHA1 sha;
sha.UpdateData(_accountInfo.Login);
sha.UpdateData(_login);
sha.UpdateData(t1.ToByteArray<16>());
sha.UpdateData(_reconnectProof);
sha.UpdateData(_sessionKey);
@@ -835,7 +844,7 @@ bool AuthSocket::_HandleReconnectProof()
}
else
{
LOG_ERROR("server", "'%s:%d' [ERROR] user %s tried to login, but session is invalid.", socket().getRemoteAddress().c_str(), socket().getRemotePort(), _accountInfo.Login.c_str());
LOG_ERROR("server", "'%s:%d' [ERROR] user %s tried to login, but session is invalid.", socket().getRemoteAddress().c_str(), socket().getRemotePort(), _login.c_str());
socket().shutdown();
return false;
}
@@ -877,12 +886,11 @@ bool AuthSocket::_HandleRealmList()
// Get the user id (else close the connection)
// No SQL injection (prepared statement)
PreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_ACCOUNT_ID_BY_NAME);
stmt->setString(0, _accountInfo.Login);
stmt->setString(0, _login);
PreparedQueryResult result = LoginDatabase.Query(stmt);
if (!result)
{
LOG_ERROR("server", "'%s:%d' [ERROR] user %s tried to login but we cannot find him in the database.", socket().getRemoteAddress().c_str(), socket().getRemotePort(), _accountInfo.Login.c_str());
LOG_ERROR("server", "'%s:%d' [ERROR] user %s tried to login but we cannot find him in the database.", socket().getRemoteAddress().c_str(), socket().getRemotePort(), _login.c_str());
socket().shutdown();
return false;
}
@@ -931,7 +939,7 @@ bool AuthSocket::_HandleRealmList()
// We don't need the port number from which client connects with but the realm's port
clientAddr.set_port_number(realm.ExternalAddress.get_port_number());
uint8 lock = (realm.allowedSecurityLevel > _accountInfo.SecurityLevel) ? 1 : 0;
uint8 lock = (realm.allowedSecurityLevel > _accountSecurityLevel) ? 1 : 0;
uint8 AmountOfCharacters = 0;
stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_NUM_CHARS_ON_REALM);

19
src/server/authserver/Server/AuthSocket.h
View File

@@ -14,7 +14,6 @@
#include "SRP6.h"
class ACE_INET_Addr;
class Fields;
struct Realm;
enum eStatus
@@ -27,21 +26,6 @@ enum eStatus
STATUS_CLOSED
};
struct AccountInfo
{
void LoadResult(Field* fields);
uint32 Id = 0;
std::string Login;
bool IsLockedToIP = false;
std::string LockCountry;
std::string LastIP;
uint32 FailedLogins = 0;
bool IsBanned = false;
bool IsPermanenetlyBanned = false;
AccountTypes SecurityLevel = SEC_PLAYER;
};
// Handle login commands
class AuthSocket: public RealmSocket::Session
{
@@ -81,7 +65,7 @@ private:
eStatus _status;
AccountInfo _accountInfo;
std::string _login;
Optional<std::vector<uint8>> _totpSecret;
// Since GetLocaleByName() is _NOT_ bijective, we have to store the locale as a string. Otherwise we can't differ
@@ -90,6 +74,7 @@ private:
std::string _os;
uint16 _build;
uint8 _expversion;
AccountTypes _accountSecurityLevel;
};
#endif

13
src/server/database/Database/Implementation/LoginDatabase.cpp
View File

@@ -11,16 +11,6 @@ void LoginDatabaseConnection::DoPrepareStatements()
if (!m_reconnecting)
m_stmts.resize(MAX_LOGINDATABASE_STATEMENTS);
PrepareStatement(LOGIN_SEL_LOGONCHALLENGE, "SELECT a.id, a.username, a.locked, a.lock_country, a.last_ip, a.failed_logins, ab.unbandate > UNIX_TIMESTAMP() OR ab.unbandate = ab.bandate, "
"ab.unbandate = ab.bandate, aa.gmlevel, a.totp_secret, a.salt, a.verifier "
"FROM account a LEFT JOIN account_access aa ON a.id = aa.id LEFT JOIN account_banned ab ON ab.id = a.id AND ab.active = 1 WHERE a.username = ?", CONNECTION_SYNCH);
PrepareStatement(LOGIN_SEL_RECONNECTCHALLENGE, "SELECT a.id, UPPER(a.username), a.locked, a.lock_country, a.last_ip, a.failed_logins, ab.unbandate > UNIX_TIMESTAMP() OR ab.unbandate = ab.bandate, "
"ab.unbandate = ab.bandate, aa.gmlevel, a.session_key "
"FROM account a LEFT JOIN account_access aa ON a.id = aa.id LEFT JOIN account_banned ab ON ab.id = a.id AND ab.active = 1 WHERE a.username = ? AND a.session_key IS NOT NULL", CONNECTION_SYNCH);
PrepareStatement(LOGIN_SEL_ACCOUNT_INFO_BY_NAME, "SELECT a.id, a.session_key, a.last_ip, a.locked, a.lock_country, a.expansion, a.mutetime, a.locale, a.recruiter, a.os, a.totaltime, "
"aa.gmlevel, ab.unbandate > UNIX_TIMESTAMP() OR ab.unbandate = ab.bandate, r.id FROM account a LEFT JOIN account_access aa ON a.id = aa.id AND aa.RealmID IN (-1, ?) "
"LEFT JOIN account_banned ab ON a.id = ab.id AND ab.active = 1 LEFT JOIN account r ON a.id = r.recruiter WHERE a.username = ? "
"AND a.session_key IS NOT NULL ORDER BY aa.RealmID DESC LIMIT 1", CONNECTION_SYNCH);
PrepareStatement(LOGIN_SEL_REALMLIST, "SELECT id, name, address, localAddress, localSubnetMask, port, icon, flag, timezone, allowedSecurityLevel, population, gamebuild FROM realmlist WHERE flag <> 3 ORDER BY name", CONNECTION_SYNCH);
PrepareStatement(LOGIN_DEL_EXPIRED_IP_BANS, "DELETE FROM ip_banned WHERE unbandate<>bandate AND unbandate<=UNIX_TIMESTAMP()", CONNECTION_ASYNC);
PrepareStatement(LOGIN_UPD_EXPIRED_ACCOUNT_BANS, "UPDATE account_banned SET active = 0 WHERE active = 1 AND unbandate<>bandate AND unbandate<=UNIX_TIMESTAMP()", CONNECTION_SYNCH);
@@ -33,13 +23,16 @@ void LoginDatabaseConnection::DoPrepareStatements()
PrepareStatement(LOGIN_SEL_ACCOUNT_BANNED_BY_USERNAME, "SELECT account.id, username FROM account, account_banned WHERE account.id = account_banned.id AND active = 1 AND username LIKE CONCAT('%%', ?, '%%') GROUP BY account.id", CONNECTION_SYNCH);
PrepareStatement(LOGIN_INS_ACCOUNT_AUTO_BANNED, "INSERT INTO account_banned VALUES (?, UNIX_TIMESTAMP(), UNIX_TIMESTAMP()+?, 'Trinity realmd', 'Failed login autoban', 1)", CONNECTION_ASYNC);
PrepareStatement(LOGIN_DEL_ACCOUNT_BANNED, "DELETE FROM account_banned WHERE id = ?", CONNECTION_ASYNC);
PrepareStatement(LOGIN_SEL_SESSIONKEY, "SELECT a.session_key, a.id, aa.gmlevel FROM account a LEFT JOIN account_access aa ON (a.id = aa.id) WHERE username = ?", CONNECTION_SYNCH);
PrepareStatement(LOGIN_UPD_LOGON, "UPDATE account SET salt = ?, verifier = ? WHERE id = ?", CONNECTION_ASYNC);
PrepareStatement(LOGIN_UPD_LOGONPROOF, "UPDATE account SET session_key = ?, last_ip = ?, last_login = NOW(), locale = ?, failed_logins = 0, os = ? WHERE username = ?", CONNECTION_SYNCH);
PrepareStatement(LOGIN_SEL_LOGONCHALLENGE, "SELECT a.id, a.locked, a.lock_country, a.last_ip, aa.gmlevel, a.salt, a.verifier, a.totp_secret FROM account a LEFT JOIN account_access aa ON (a.id = aa.id) WHERE a.username = ?", CONNECTION_SYNCH);
PrepareStatement(LOGIN_SEL_LOGON_COUNTRY, "SELECT country FROM ip2nation WHERE ip < ? ORDER BY ip DESC LIMIT 0,1", CONNECTION_SYNCH);
PrepareStatement(LOGIN_UPD_FAILEDLOGINS, "UPDATE account SET failed_logins = failed_logins + 1 WHERE username = ?", CONNECTION_ASYNC);
PrepareStatement(LOGIN_SEL_FAILEDLOGINS, "SELECT id, failed_logins FROM account WHERE username = ?", CONNECTION_SYNCH);
PrepareStatement(LOGIN_SEL_ACCOUNT_ID_BY_NAME, "SELECT id FROM account WHERE username = ?", CONNECTION_SYNCH);
PrepareStatement(LOGIN_SEL_ACCOUNT_LIST_BY_NAME, "SELECT id, username FROM account WHERE username = ?", CONNECTION_SYNCH);
PrepareStatement(LOGIN_SEL_ACCOUNT_INFO_BY_NAME, "SELECT id, session_key, last_ip, locked, lock_country, expansion, mutetime, locale, recruiter, os, totaltime FROM account WHERE username = ? AND session_key IS NOT NULL", CONNECTION_SYNCH);
PrepareStatement(LOGIN_SEL_ACCOUNT_LIST_BY_EMAIL, "SELECT id, username FROM account WHERE email = ?", CONNECTION_SYNCH);
PrepareStatement(LOGIN_SEL_NUM_CHARS_ON_REALM, "SELECT numchars FROM realmcharacters WHERE realmid = ? AND acctid= ?", CONNECTION_SYNCH);
PrepareStatement(LOGIN_SEL_ACCOUNT_BY_IP, "SELECT id, username FROM account WHERE last_ip = ?", CONNECTION_SYNCH);

2
src/server/database/Database/Implementation/LoginDatabase.h
View File

@@ -41,10 +41,10 @@ enum LoginDatabaseStatements
LOGIN_SEL_ACCOUNT_BANNED_BY_USERNAME,
LOGIN_INS_ACCOUNT_AUTO_BANNED,
LOGIN_DEL_ACCOUNT_BANNED,
LOGIN_SEL_SESSIONKEY,
LOGIN_UPD_LOGON,
LOGIN_UPD_LOGONPROOF,
LOGIN_SEL_LOGONCHALLENGE,
LOGIN_SEL_RECONNECTCHALLENGE,
LOGIN_SEL_LOGON_COUNTRY,
LOGIN_UPD_FAILEDLOGINS,
LOGIN_SEL_FAILEDLOGINS,

324
src/server/game/Server/WorldSocket.cpp
View File

@@ -90,58 +90,6 @@ struct ClientPktHeader
#pragma pack(pop)
#endif
struct AccountInfo
{
uint32 Id;
::SessionKey SessionKey;
std::string LastIP;
bool IsLockedToIP;
std::string LockCountry;
uint8 Expansion;
int64 MuteTime;
LocaleConstant Locale;
uint32 Recruiter;
std::string OS;
bool IsRectuiter;
AccountTypes Security;
bool IsBanned;
uint32 TotalTime;
explicit AccountInfo(Field* fields)
{
// 0 1 2 3 4 5 6 7 8 9 10 11
// SELECT a.id, a.sessionkey, a.last_ip, a.locked, a.lock_country, a.expansion, a.mutetime, a.locale, a.recruiter, a.os, a.totaltime, aa.gmLevel,
// 12 13
// ab.unbandate > UNIX_TIMESTAMP() OR ab.unbandate = ab.bandate, r.id
// FROM account a
// LEFT JOIN account_access aa ON a.id = aa.AccountID AND aa.RealmID IN (-1, ?)
// LEFT JOIN account_banned ab ON a.id = ab.id
// LEFT JOIN account r ON a.id = r.recruiter
// WHERE a.username = ? ORDER BY aa.RealmID DESC LIMIT 1
Id = fields[0].GetUInt32();
SessionKey = fields[1].GetBinary<SESSION_KEY_LENGTH>();
LastIP = fields[2].GetString();
IsLockedToIP = fields[3].GetBool();
LockCountry = fields[4].GetString();
Expansion = fields[5].GetUInt8();
MuteTime = fields[6].GetInt64();
Locale = LocaleConstant(fields[7].GetUInt8());
Recruiter = fields[8].GetUInt32();
OS = fields[9].GetString();
TotalTime = fields[10].GetUInt32();
Security = AccountTypes(fields[11].GetUInt8());
IsBanned = fields[12].GetUInt64() != 0;
IsRectuiter = fields[13].GetUInt32() != 0;
uint32 world_expansion = sWorld->getIntConfig(CONFIG_EXPANSION);
if (Expansion > world_expansion)
Expansion = world_expansion;
if (Locale >= TOTAL_LOCALES)
Locale = LOCALE_enUS;
}
};
WorldSocket::WorldSocket(void): WorldHandler(),
m_LastPingTime(SystemTimePoint::min()), m_OverSpeedPings(0), m_Session(0),
m_RecvWPct(0), m_RecvPct(), m_Header(sizeof (ClientPktHeader)),
@@ -786,11 +734,18 @@ int WorldSocket::HandleAuthSession(WorldPacket& recvPacket)
uint32 loginServerID, loginServerType, regionID, battlegroupID, realm;
uint64 DosResponse;
uint32 BuiltNumberClient;
std::string accountName;
uint32 id, security;
uint32 TotalTime = 0;
bool skipQueue = false;
//uint8 expansion = 0;
LocaleConstant locale;
std::string account;
WorldPacket packet, SendAddonPacked;
std::array<uint8, 4> clientSeed;
acore::Crypto::SHA1::Digest digest;
bool wardenActive = sWorld->getBoolConfig(CONFIG_WARDEN_ENABLED);
if (sWorld->IsClosed())
{
packet.Initialize(SMSG_AUTH_RESPONSE, 1);
@@ -804,7 +759,7 @@ int WorldSocket::HandleAuthSession(WorldPacket& recvPacket)
// Read the content of the packet
recvPacket >> BuiltNumberClient; // for now no use
recvPacket >> loginServerID;
recvPacket >> accountName;
recvPacket >> account;
recvPacket >> loginServerType;
recvPacket.read(clientSeed);
recvPacket >> regionID;
@@ -814,15 +769,15 @@ int WorldSocket::HandleAuthSession(WorldPacket& recvPacket)
recvPacket.read(digest);
#if defined(ENABLE_EXTRAS) && defined(ENABLE_EXTRA_LOGS)
LOG_DEBUG("server", "WorldSocket::HandleAuthSession: client %u, loginServerID %u, accountName %s, loginServerType %u",
BuiltNumberClient, loginServerID, accountName.c_str(), loginServerType);
LOG_DEBUG("server", "WorldSocket::HandleAuthSession: client %u, loginServerID %u, account %s, loginServerType %u",
BuiltNumberClient, loginServerID, account.c_str(), loginServerType);
#endif
// Get the account information from the realmd database
// 0 1 2 3 4 5 6 7 8 9 10
// SELECT id, sessionkey, last_ip, locked, lock_country, expansion, mutetime, locale, recruiter, os, totaltime FROM account WHERE username = ?
auto* stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_ACCOUNT_INFO_BY_NAME);
stmt->setInt32(0, int32(realmID));
stmt->setString(1, accountName);
PreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_ACCOUNT_INFO_BY_NAME);
stmt->setString(0, account);
PreparedQueryResult result = LoginDatabase.Query(stmt);
@@ -830,8 +785,8 @@ int WorldSocket::HandleAuthSession(WorldPacket& recvPacket)
if (!result)
{
// We can not log here, as we do not know the account. Thus, no accountId.
packet.Initialize(SMSG_AUTH_RESPONSE, 1);
packet << uint8(AUTH_UNKNOWN_ACCOUNT);
packet.Initialize (SMSG_AUTH_RESPONSE, 1);
packet << uint8 (AUTH_UNKNOWN_ACCOUNT);
SendPacket(packet);
@@ -839,55 +794,136 @@ int WorldSocket::HandleAuthSession(WorldPacket& recvPacket)
return -1;
}
AccountInfo account(result->Fetch());
Field* fields = result->Fetch();
uint8 expansion = fields[5].GetUInt8();
uint32 world_expansion = sWorld->getIntConfig(CONFIG_EXPANSION);
if (expansion > world_expansion)
expansion = world_expansion;
// For hook purposes, we get Remoteaddress at this point
std::string address = GetRemoteAddress(); // Originally, this variable should be called address, but for some reason, that variable name was already on the core.
// As we don't know if attempted login process by ip works, we update last_attempt_ip right away
stmt = LoginDatabase.GetPreparedStatement(LOGIN_UPD_LAST_ATTEMPT_IP);
stmt->setString(0, address);
stmt->setString(1, accountName);
stmt->setString(1, account);
LoginDatabase.Execute(stmt);
// This also allows to check for possible "hack" attempts on account
// even if auth credentials are bad, try using the session key we have - client cannot read auth response error without it
m_Crypt.Init(account.SessionKey);
// id has to be fetched at this point, so that first actual account response that fails can be logged
id = fields[0].GetUInt32();
// First reject the connection if packet contains invalid data or realm state doesn't allow logging in
if (sWorld->IsClosed())
///- Re-check ip locking (same check as in realmd).
if (fields[3].GetUInt8() == 1) // if ip is locked
{
packet.Initialize(SMSG_AUTH_RESPONSE, 1);
packet << uint8(AUTH_REJECT);
SendPacket(packet);
if (strcmp (fields[2].GetCString(), address.c_str()))
{
packet.Initialize (SMSG_AUTH_RESPONSE, 1);
packet << uint8 (AUTH_FAILED);
SendPacket(packet);
LOG_ERROR("server", "WorldSocket::HandleAuthSession: World closed, denying client (%s).", address.c_str());
sScriptMgr->OnFailedAccountLogin(account.Id);
return -1;
LOG_INFO("server", "WorldSocket::HandleAuthSession: Sent Auth Response (Account IP differs. Original IP: %s, new IP: %s).", fields[2].GetCString(), address.c_str());
// We could log on hook only instead of an additional db log, however action logger is config based. Better keep DB logging as well
sScriptMgr->OnFailedAccountLogin(id);
return -1;
}
}
if (realm != realmID)
{
packet.Initialize(SMSG_AUTH_RESPONSE, 1);
packet << uint8(REALM_LIST_REALM_NOT_FOUND);
SendPacket(packet);
/*
if (security > SEC_ADMINISTRATOR) // prevent invalid security settings in DB
security = SEC_ADMINISTRATOR;
*/
LOG_ERROR("server", "WorldSocket::HandleAuthSession: Client %s requested connecting with realm id %u but this realm has id %u set in config.",
address.c_str(), realm, realmID);
sScriptMgr->OnFailedAccountLogin(account.Id);
return -1;
SessionKey sessionKey = fields[1].GetBinary<SESSION_KEY_LENGTH>();
int64 mutetime = fields[6].GetInt64();
//! Negative mutetime indicates amount of seconds to be muted effective on next login - which is now.
if (mutetime < 0)
{
mutetime = time(nullptr) + llabs(mutetime);
PreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_UPD_MUTE_TIME_LOGIN);
stmt->setInt64(0, mutetime);
stmt->setUInt32(1, id);
LoginDatabase.Execute(stmt);
}
locale = LocaleConstant (fields[7].GetUInt8());
if (locale >= TOTAL_LOCALES)
locale = LOCALE_enUS;
uint32 recruiter = fields[8].GetUInt32();
std::string os = fields[9].GetString();
TotalTime = fields[10].GetUInt32();
// Must be done before WorldSession is created
bool wardenActive = sWorld->getBoolConfig(CONFIG_WARDEN_ENABLED);
if (wardenActive && account.OS != "Win" && account.OS != "OSX")
if (wardenActive && os != "Win" && os != "OSX")
{
packet.Initialize(SMSG_AUTH_RESPONSE, 1);
packet << uint8(AUTH_REJECT);
SendPacket(packet);
LOG_ERROR("network", "WorldSocket::HandleAuthSession: Client %s attempted to log in using invalid client OS (%s).", address.c_str(), account.OS.c_str());
sScriptMgr->OnFailedAccountLogin(account.Id);
LOG_ERROR("server", "WorldSocket::HandleAuthSession: Client %s attempted to log in using invalid client OS (%s).", address.c_str(), os.c_str());
return -1;
}
// Checks gmlevel per Realm
stmt = LoginDatabase.GetPreparedStatement(LOGIN_GET_GMLEVEL_BY_REALMID);
stmt->setUInt32(0, id);
stmt->setInt32(1, int32(realmID));
result = LoginDatabase.Query(stmt);
if (!result)
security = 0;
else
{
fields = result->Fetch();
security = fields[0].GetUInt8();
skipQueue = true;
}
// Re-check account ban (same check as in realmd)
stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_BANS);
stmt->setUInt32(0, id);
stmt->setString(1, address);
PreparedQueryResult banresult = LoginDatabase.Query(stmt);
if (banresult) // if account banned
{
packet.Initialize (SMSG_AUTH_RESPONSE, 1);
packet << uint8 (AUTH_BANNED);
SendPacket(packet);
LOG_ERROR("server", "WorldSocket::HandleAuthSession: Sent Auth Response (Account banned).");
sScriptMgr->OnFailedAccountLogin(id);
return -1;
}
// Check locked state for server
AccountTypes allowedAccountType = sWorld->GetPlayerSecurityLimit();
#if defined(ENABLE_EXTRAS) && defined(ENABLE_EXTRA_LOGS)
LOG_DEBUG("network", "Allowed Level: %u Player Level %u", allowedAccountType, AccountTypes(security));
#endif
if (AccountTypes(security) < allowedAccountType)
{
WorldPacket Packet (SMSG_AUTH_RESPONSE, 1);
Packet << uint8 (AUTH_UNAVAILABLE);
SendPacket(packet);
#if defined(ENABLE_EXTRAS) && defined(ENABLE_EXTRA_LOGS)
LOG_DEBUG("server", "WorldSocket::HandleAuthSession: User tries to login but his security level is not enough");
#endif
sScriptMgr->OnFailedAccountLogin(id);
return -1;
}
@@ -895,105 +931,89 @@ int WorldSocket::HandleAuthSession(WorldPacket& recvPacket)
uint8 t[4] = { 0x00, 0x00, 0x00, 0x00 };
acore::Crypto::SHA1 sha;
sha.UpdateData(accountName);
sha.UpdateData (account);
sha.UpdateData(t);
sha.UpdateData(clientSeed);
sha.UpdateData(m_Seed);
sha.UpdateData(account.SessionKey);
sha.UpdateData(sessionKey);
sha.Finalize();
if (sha.GetDigest() != digest)
{
packet.Initialize(SMSG_AUTH_RESPONSE, 1);
packet << uint8(AUTH_FAILED);
packet.Initialize (SMSG_AUTH_RESPONSE, 1);
packet << uint8 (AUTH_FAILED);
SendPacket(packet);
LOG_ERROR("server", "WorldSocket::HandleAuthSession: Authentication failed for account: %u ('%s') address: %s", account.Id, accountName.c_str(), address.c_str());
LOG_ERROR("server", "WorldSocket::HandleAuthSession: Authentication failed for account: %u ('%s') address: %s", id, account.c_str(), address.c_str());
return -1;
}
/*if (IpLocationRecord const* location = sIPLocation->GetLocationRecord(address))
_ipCountry = location->CountryCode;*/
#if defined(ENABLE_EXTRAS) && defined(ENABLE_EXTRA_LOGS)
LOG_DEBUG("server", "WorldSocket::HandleAuthSession: Client '%s' authenticated successfully from %s.",
account.c_str(),
address.c_str());
#endif
// Check if this user is by any chance a recruiter
stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_ACCOUNT_RECRUITER);
///- Re-check ip locking (same check as in auth).
if (account.IsLockedToIP)
{
if (account.LastIP != address)
{
packet.Initialize(SMSG_AUTH_RESPONSE, 1);
packet << uint8(AUTH_FAILED);
SendPacket(packet);
LOG_DEBUG("network", "WorldSocket::HandleAuthSession: Sent Auth Response (Account IP differs. Original IP: %s, new IP: %s).", account.LastIP.c_str(), address.c_str());
// We could log on hook only instead of an additional db log, however action logger is config based. Better keep DB logging as well
sScriptMgr->OnFailedAccountLogin(account.Id);
return -1;
}
}
//else if (!account.LockCountry.empty() && account.LockCountry != "00" && !_ipCountry.empty())
//{
// if (account.LockCountry != _ipCountry)
// {
// packet.Initialize(SMSG_AUTH_RESPONSE, 1);
// packet << uint8(AUTH_REJECT);
// LOG_DEBUG("network", "WorldSocket::HandleAuthSession: Sent Auth Response (Account country differs. Original country: %s, new country: %s).", account.LockCountry.c_str(), _ipCountry.c_str());
// // We could log on hook only instead of an additional db log, however action logger is config based. Better keep DB logging as well
// sScriptMgr->OnFailedAccountLogin(account.Id);
// return -1;
// }
//}
stmt->setUInt32(0, id);
if (account.IsBanned)
{
packet.Initialize(SMSG_AUTH_RESPONSE, 1);
packet << uint8(AUTH_BANNED);
SendPacket(packet);
LOG_ERROR("network", "WorldSocket::HandleAuthSession: Sent Auth Response (Account banned).");
sScriptMgr->OnFailedAccountLogin(account.Id);
return -1;
}
result = LoginDatabase.Query(stmt);
// Check locked state for server
AccountTypes allowedAccountType = sWorld->GetPlayerSecurityLimit();
LOG_DEBUG("network", "Allowed Level: %u Player Level %u", allowedAccountType, account.Security);
if (allowedAccountType > SEC_PLAYER && account.Security < allowedAccountType)
{
packet.Initialize(SMSG_AUTH_RESPONSE, 1);
packet << uint8(AUTH_UNAVAILABLE);
LOG_DEBUG("network", "WorldSocket::HandleAuthSession: User tries to login but his security level is not enough");
sScriptMgr->OnFailedAccountLogin(account.Id);
return -1;
}
LOG_DEBUG("network", "WorldSocket::HandleAuthSession: Client '%s' authenticated successfully from %s.", accountName.c_str(), address.c_str());
bool isRecruiter = false;
if (result)
isRecruiter = true;
// Update the last_ip in the database as it was successful for login
stmt = LoginDatabase.GetPreparedStatement(LOGIN_UPD_LAST_IP);
stmt->setString(0, address);
stmt->setString(1, accountName);
stmt->setString(1, account);
LoginDatabase.Execute(stmt);
sScriptMgr->OnLastIpUpdate(account.Id, address);
bool skipQueue = false;
if (account.Security > SEC_PLAYER)
skipQueue = true;
sScriptMgr->OnLastIpUpdate(id, address);
// NOTE ATM the socket is single-threaded, have this in mind ...
ACE_NEW_RETURN(m_Session,
WorldSession(account.Id, this, AccountTypes(account.Security), account.Expansion, account.MuteTime, account.Locale, account.Recruiter, account.IsRectuiter, skipQueue, account.TotalTime), -1);
ACE_NEW_RETURN(m_Session, WorldSession(id, this, AccountTypes(security), expansion, mutetime, locale, recruiter, isRecruiter, skipQueue, TotalTime), -1);
m_Crypt.Init(sessionKey);
// First reject the connection if packet contains invalid data or realm state doesn't allow logging in
if (sWorld->IsClosed())
{
packet.Initialize (SMSG_AUTH_RESPONSE, 1);
packet << uint8 (AUTH_REJECT);
SendPacket(packet);
LOG_ERROR("server", "WorldSocket::HandleAuthSession: World closed, denying client (%s).", address.c_str());
sScriptMgr->OnFailedAccountLogin(id);
return -1;
}
if (realm != realmID)
{
packet.Initialize (SMSG_AUTH_RESPONSE, 1);
packet << uint8 (REALM_LIST_REALM_NOT_FOUND);
SendPacket(packet);
LOG_ERROR("server", "WorldSocket::HandleAuthSession: Client %s requested connecting with realm id %u but this realm has id %u set in config.",
address.c_str(), realm, realmID);
sScriptMgr->OnFailedAccountLogin(id);
return -1;
}
m_Session->LoadGlobalAccountData();
m_Session->LoadTutorialsData();
m_Session->ReadAddonsInfo(recvPacket);
// At this point, we can safely hook a successful login
sScriptMgr->OnAccountLogin(account.Id);
sScriptMgr->OnAccountLogin(id);
// Initialize Warden system only if it is enabled by config
if (wardenActive)
m_Session->InitWarden(account.SessionKey, account.OS);
m_Session->InitWarden(sessionKey, os);
// Sleep this Network thread for
uint32 sleepTime = sWorld->getIntConfig(CONFIG_SESSION_ADD_DELAY);