nchebrov/azerothcore-wotlk
1
0
Fork 0
mirror of https://github.com/mod-playerbots/azerothcore-wotlk.git synced 2026-01-15 10:00:28 +00:00
Code Issues Packages Projects Releases Wiki Activity

Revert "feat(Core/Auth): add AccountInfo helper (#5640)" (#5971)

Browse Source 
This reverts commit e50754d804.
This commit is contained in:
Kitzunu
2021-05-20 23:23:50 +02:00
committed by GitHub
parent dd69dcb1d8
commit fe6db2ff96
5 changed files with 399 additions and 393 deletions
Download Patch File Download Diff File Expand all files Collapse all files

434
src/server/authserver/Server/AuthSocket.cpp
View File

@@ -177,37 +177,13 @@ const AuthHandler table[] =
#define AUTH_TOTAL_COMMANDS 8
void AccountInfo::LoadResult(Field* fields)
{
// 0 1 2 3 4 5 6
//SELECT a.id, a.username, a.locked, a.lock_country, a.last_ip, a.failed_logins, ab.unbandate > UNIX_TIMESTAMP() OR ab.unbandate = ab.bandate,
// 7 8
// ab.unbandate = ab.bandate, aa.gmlevel (, more query-specific fields)
//FROM account a LEFT JOIN account_access aa ON a.id = aa.AccountID LEFT JOIN account_banned ab ON ab.id = a.id AND ab.active = 1 WHERE a.username = ?
Id = fields[0].GetUInt32();
Login = fields[1].GetString();
IsLockedToIP = fields[2].GetBool();
LockCountry = fields[3].GetString();
LastIP = fields[4].GetString();
FailedLogins = fields[5].GetUInt32();
IsBanned = fields[6].GetUInt64() != 0;
IsPermanenetlyBanned = fields[7].GetUInt64() != 0;
SecurityLevel = static_cast<AccountTypes>(fields[8].GetUInt8()) > SEC_CONSOLE ? SEC_CONSOLE : static_cast<AccountTypes>(fields[8].GetUInt8());
// Use our own uppercasing of the account name instead of using UPPER() in mysql query
// This is how the account was created in the first place and changing it now would result in breaking
// login for all accounts having accented characters in their name
Utf8ToUpperOnlyLatin(Login);
}
// Holds the MD5 hash of client patches present on the server
Patcher PatchesCache;
// Constructor - set the N and g values for SRP6
AuthSocket::AuthSocket(RealmSocket& socket) :
pPatch(nullptr), socket_(socket), _status(STATUS_CHALLENGE), _build(0),
_expversion(0)
_expversion(0), _accountSecurityLevel(SEC_PLAYER)
{
}
@@ -313,6 +289,30 @@ bool AuthSocket::_HandleLogonChallenge()
///- Session is closed unless overriden
_status = STATUS_CLOSED;
// pussywizard: logon flood protection:
{
std::lock_guard<std::mutex> guard(LastLoginAttemptMutex);
std::string ipaddr = socket().getRemoteAddress();
uint32 currTime = time(nullptr);
std::map<std::string, uint32>::iterator itr = LastLoginAttemptTimeForIP.find(ipaddr);
if (itr != LastLoginAttemptTimeForIP.end() && itr->second >= currTime)
{
ByteBuffer pkt;
pkt << uint8(AUTH_LOGON_CHALLENGE);
pkt << uint8(0x00);
pkt << uint8(WOW_FAIL_UNKNOWN_ACCOUNT);
socket().send((char const*)pkt.contents(), pkt.size());
return true;
}
if (LastLoginAttemptCleanTime + 60 < currTime)
{
LastLoginAttemptTimeForIP.clear();
LastLoginAttemptCleanTime = currTime;
}
else
LastLoginAttemptTimeForIP[ipaddr] = currTime;
}
// Read the first 4 bytes (header) to get the length of the remaining of the packet
std::vector<uint8> buf;
buf.resize(4);
@@ -351,9 +351,9 @@ bool AuthSocket::_HandleLogonChallenge()
EndianConvert(ch->timezone_bias);
EndianConvert(ch->ip);
std::string login((char const*)ch->I, ch->I_len);
LOG_DEBUG("server.authserver", "[AuthChallenge] '%s'", login.c_str());
ByteBuffer pkt;
_login = (const char*)ch->I;
_build = ch->build;
_expversion = uint8(AuthHelper::IsPostBCAcceptedClientBuild(_build) ? POST_BC_EXP_FLAG : (AuthHelper::IsPreBCAcceptedClientBuild(_build) ? PRE_BC_EXP_FLAG : NO_VALID_EXP_FLAG));
_os = (const char*)ch->os;
@@ -364,180 +364,188 @@ bool AuthSocket::_HandleLogonChallenge()
// Restore string order as its byte order is reversed
std::reverse(_os.begin(), _os.end());
ByteBuffer pkt;
pkt << uint8(AUTH_LOGON_CHALLENGE);
pkt << uint8(0x00);
auto SendAuthPacket = [&]()
{
socket().send((char const*)pkt.contents(), pkt.size());
};
// Verify that this IP is not in the ip_banned table
LoginDatabase.Execute(LoginDatabase.GetPreparedStatement(LOGIN_DEL_EXPIRED_IP_BANS));
std::string const& ipAddress = socket().getRemoteAddress();
uint32 port = socket().getRemotePort();
std::string const& ip_address = socket().getRemoteAddress();
PreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_IP_BANNED);
stmt->setString(0, ip_address);
// Get the account details from the account table
// No SQL injection (prepared statement)
auto stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_LOGONCHALLENGE);
stmt->setString(0, login);
PreparedQueryResult res2 = LoginDatabase.Query(stmt);
if (!res2) //no account
PreparedQueryResult result = LoginDatabase.Query(stmt);
if (result)
{
pkt << uint8(WOW_FAIL_UNKNOWN_ACCOUNT);
SendAuthPacket();
return true;
}
Field* fields = res2->Fetch();
_accountInfo.LoadResult(fields);
// If the IP is 'locked', check that the player comes indeed from the correct IP address
if (_accountInfo.IsLockedToIP)
{
LOG_DEBUG("server.authserver", "[AuthChallenge] Account '%s' is locked to IP - '%s' is logging in from '%s'", _accountInfo.Login.c_str(), _accountInfo.LastIP.c_str(), ipAddress.c_str());
if (_accountInfo.LastIP != ipAddress)
{
LOG_DEBUG("network", "[AuthChallenge] Account IP differs");
pkt << uint8(WOW_FAIL_LOCKED_ENFORCED);
SendAuthPacket();
return true;
}
pkt << uint8(WOW_FAIL_BANNED);
#if defined(ENABLE_EXTRAS) && defined(ENABLE_EXTRA_LOGS)
LOG_DEBUG("network", "'%s:%d' [AuthChallenge] Banned ip tries to login!", socket().getRemoteAddress().c_str(), socket().getRemotePort());
#endif
}
else
{
LOG_DEBUG("network", "[AuthChallenge] Account '%s' is not locked to ip", _accountInfo.Login.c_str());
// Get the account details from the account table
// No SQL injection (prepared statement)
stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_LOGONCHALLENGE);
stmt->setString(0, _login);
if (_accountInfo.LockCountry.empty() || _accountInfo.LockCountry == "00")
PreparedQueryResult res2 = LoginDatabase.Query(stmt);
if (res2)
{
LOG_DEBUG("network", "[AuthChallenge] Account '%s' is not locked to country", _accountInfo.Login.c_str());
}
else if (!_accountInfo.LockCountry.empty())
{
uint32 ip = inet_addr(ipAddress.c_str());
EndianConvertReverse(ip);
Field* fields = res2->Fetch();
stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_LOGON_COUNTRY);
stmt->setUInt32(0, ip);
if (PreparedQueryResult sessionCountryQuery = LoginDatabase.Query(stmt))
// If the IP is 'locked', check that the player comes indeed from the correct IP address
bool locked = false;
if (fields[1].GetUInt8() == 1) // if ip is locked
{
std::string loginCountry = (*sessionCountryQuery)[0].GetString();
LOG_DEBUG("network", "[AuthChallenge] Account '%s' is locked to country: '%s' Player country is '%s'", _accountInfo.Login.c_str(), _accountInfo.LockCountry.c_str(), loginCountry.c_str());
if (loginCountry != _accountInfo.LockCountry)
LOG_DEBUG("network", "[AuthChallenge] Account '%s' is locked to IP - '%s'", _login.c_str(), fields[2].GetCString());
LOG_DEBUG("network", "[AuthChallenge] Player address is '%s'", ip_address.c_str());
if (strcmp(fields[3].GetCString(), ip_address.c_str()) != 0)
{
LOG_DEBUG("network", "[AuthChallenge] Account country differs.");
pkt << uint8(WOW_FAIL_UNLOCKABLE_LOCK);
SendAuthPacket();
return true;
LOG_DEBUG("network", "[AuthChallenge] Account IP differs");
pkt << uint8(WOW_FAIL_LOCKED_ENFORCED);
locked = true;
}
else
LOG_DEBUG("network", "[AuthChallenge] Account IP matches");
}
else
{
LOG_DEBUG("network", "[AuthChallenge] Account '%s' is not locked to ip", _login.c_str());
std::string accountCountry = fields[2].GetString();
if (accountCountry.empty() || accountCountry == "00")
LOG_DEBUG("network", "[AuthChallenge] Account '%s' is not locked to country", _login.c_str());
else if (!accountCountry.empty())
{
uint32 ip = inet_addr(ip_address.c_str());
EndianConvertReverse(ip);
stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_LOGON_COUNTRY);
stmt->setUInt32(0, ip);
if (PreparedQueryResult sessionCountryQuery = LoginDatabase.Query(stmt))
{
std::string loginCountry = (*sessionCountryQuery)[0].GetString();
LOG_DEBUG("network", "[AuthChallenge] Account '%s' is locked to country: '%s' Player country is '%s'", _login.c_str(), accountCountry.c_str(), loginCountry.c_str());
if (loginCountry != accountCountry)
{
LOG_DEBUG("network", "[AuthChallenge] Account country differs.");
pkt << uint8(WOW_FAIL_UNLOCKABLE_LOCK);
locked = true;
}
else
LOG_DEBUG("network", "[AuthChallenge] Account country matches");
}
else
LOG_DEBUG("network", "[AuthChallenge] IP2NATION Table empty");
}
}
uint8 securityFlags = 0;
_totpSecret = fields[7].GetBinary();
// Check if a TOTP token is needed
if (!_totpSecret || !_totpSecret.value().empty())
{
securityFlags = 4;
if (auto const& secret = sSecretMgr->GetSecret(SECRET_TOTP_MASTER_KEY))
{
bool success = acore::Crypto::AEDecrypt<acore::Crypto::AES>(*_totpSecret, *secret);
if (!success)
{
pkt << uint8(WOW_FAIL_DB_BUSY);
LOG_ERROR("server.authserver", "[AuthChallenge] Account '%s' has invalid ciphertext for TOTP token key stored", _login.c_str());
locked = true;
}
}
}
if (!locked)
{
//set expired bans to inactive
LoginDatabase.DirectExecute(LoginDatabase.GetPreparedStatement(LOGIN_UPD_EXPIRED_ACCOUNT_BANS));
// If the account is banned, reject the logon attempt
stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_ACCOUNT_BANNED);
stmt->setUInt32(0, fields[0].GetUInt32());
PreparedQueryResult banresult = LoginDatabase.Query(stmt);
if (banresult)
{
if ((*banresult)[0].GetUInt32() == (*banresult)[1].GetUInt32())
{
pkt << uint8(WOW_FAIL_BANNED);
LOG_DEBUG("network", "'%s:%d' [AuthChallenge] Banned account %s tried to login!", socket().getRemoteAddress().c_str(), socket().getRemotePort(), _login.c_str());
}
else
{
pkt << uint8(WOW_FAIL_SUSPENDED);
LOG_DEBUG("network", "'%s:%d' [AuthChallenge] Temporarily banned account %s tried to login!", socket().getRemoteAddress().c_str(), socket().getRemotePort(), _login.c_str());
}
}
else
{
_srp6.emplace(_login, fields[5].GetBinary<acore::Crypto::SRP6::SALT_LENGTH>(), fields[6].GetBinary<acore::Crypto::SRP6::VERIFIER_LENGTH>());
BigNumber unk3;
unk3.SetRand(16 * 8);
// Fill the response packet with the result
if (AuthHelper::IsAcceptedClientBuild(_build))
pkt << uint8(WOW_SUCCESS);
else
pkt << uint8(WOW_FAIL_VERSION_INVALID);
// B may be calculated < 32B so we force minimal length to 32B
pkt.append(_srp6->B);
pkt << uint8(1);
pkt.append(_srp6->g);
pkt << uint8(32);
pkt.append(_srp6->N);
pkt.append(_srp6->s);
pkt.append(unk3.ToByteArray<16>());
pkt << uint8(securityFlags); // security flags (0x0...0x04)
if (securityFlags & 0x01) // PIN input
{
pkt << uint32(0);
pkt << uint64(0) << uint64(0); // 16 bytes hash?
}
if (securityFlags & 0x02) // Matrix input
{
pkt << uint8(0);
pkt << uint8(0);
pkt << uint8(0);
pkt << uint8(0);
pkt << uint64(0);
}
if (securityFlags & 0x04) // Security token input
pkt << uint8(1);
uint8 secLevel = fields[4].GetUInt8();
_accountSecurityLevel = secLevel <= SEC_ADMINISTRATOR ? AccountTypes(secLevel) : SEC_ADMINISTRATOR;
_localizationName.resize(4);
for (int i = 0; i < 4; ++i)
_localizationName[i] = ch->country[4 - i - 1];
LOG_DEBUG("network", "'%s:%d' [AuthChallenge] account %s is using '%c%c%c%c' locale (%u)",
socket().getRemoteAddress().c_str(), socket().getRemotePort(), _login.c_str(), ch->country[3], ch->country[2], ch->country[1], ch->country[0], GetLocaleByName(_localizationName));
///- All good, await client's proof
_status = STATUS_LOGON_PROOF;
}
}
}
else //no account
pkt << uint8(WOW_FAIL_UNKNOWN_ACCOUNT);
}
// If the account is banned, reject the logon attempt
if (_accountInfo.IsBanned)
{
if (_accountInfo.IsPermanenetlyBanned)
{
pkt << uint8(WOW_FAIL_BANNED);
LOG_DEBUG("server.authserver.banned", "'%s:%d' [AuthChallenge] Banned account %s tried to login!", ipAddress.c_str(), port, _accountInfo.Login.c_str());
}
else
{
pkt << uint8(WOW_FAIL_SUSPENDED);
LOG_DEBUG("server.authserver.banned", "'%s:%d' [AuthChallenge] Temporarily banned account %s tried to login!", ipAddress.c_str(), port, _accountInfo.Login.c_str());
}
SendAuthPacket();
return true;
}
uint8 securityFlags = 0;
// Check if a TOTP token is needed
if (!fields[9].IsNull())
{
LOG_DEBUG("server.authserver", "[AuthChallenge] Account '%s' using TOTP", _accountInfo.Login.c_str());
securityFlags = 4;
_totpSecret = fields[9].GetBinary();
if (auto const& secret = sSecretMgr->GetSecret(SECRET_TOTP_MASTER_KEY))
{
bool success = acore::Crypto::AEDecrypt<acore::Crypto::AES>(*_totpSecret, *secret);
if (!success)
{
pkt << uint8(WOW_FAIL_DB_BUSY);
LOG_ERROR("server.authserver", "[AuthChallenge] Account '%s' has invalid ciphertext for TOTP token key stored", _accountInfo.Login.c_str());
SendAuthPacket();
return true;
}
}
}
_srp6.emplace(
_accountInfo.Login,
fields[10].GetBinary<acore::Crypto::SRP6::SALT_LENGTH>(),
fields[11].GetBinary<acore::Crypto::SRP6::VERIFIER_LENGTH>());
BigNumber unk3;
unk3.SetRand(16 * 8);
// Fill the response packet with the result
if (!AuthHelper::IsAcceptedClientBuild(_build))
{
pkt << uint8(WOW_FAIL_VERSION_INVALID);
SendAuthPacket();
return true;
}
pkt << uint8(WOW_SUCCESS);
// B may be calculated < 32B so we force minimal length to 32B
pkt.append(_srp6->B);
pkt << uint8(1);
pkt.append(_srp6->g);
pkt << uint8(32);
pkt.append(_srp6->N);
pkt.append(_srp6->s);
pkt.append(unk3.ToByteArray<16>());
pkt << uint8(securityFlags); // security flags (0x0...0x04)
if (securityFlags & 0x01) // PIN input
{
pkt << uint32(0);
pkt << uint64(0) << uint64(0); // 16 bytes hash?
}
if (securityFlags & 0x02) // Matrix input
{
pkt << uint8(0);
pkt << uint8(0);
pkt << uint8(0);
pkt << uint8(0);
pkt << uint64(0);
}
if (securityFlags & 0x04) // Security token input
pkt << uint8(1);
_localizationName.resize(4);
for (int i = 0; i < 4; ++i)
_localizationName[i] = ch->country[4 - i - 1];
LOG_DEBUG("network", "'%s:%d' [AuthChallenge] account %s is using locale (%u)",
ipAddress.c_str(), port, _accountInfo.Login.c_str(), GetLocaleByName(_localizationName));
///- All good, await client's proof
_status = STATUS_LOGON_PROOF;
SendAuthPacket();
socket().send((char const*)pkt.contents(), pkt.size());
return true;
}
@@ -551,9 +559,7 @@ bool AuthSocket::_HandleLogonProof()
sAuthLogonProof_C lp;
if (!socket().recv((char*)&lp, sizeof(sAuthLogonProof_C)))
{
return false;
}
_status = STATUS_CLOSED;
@@ -561,7 +567,9 @@ bool AuthSocket::_HandleLogonProof()
if (_expversion == NO_VALID_EXP_FLAG)
{
// Check if we have the appropriate patch on the disk
#if defined(ENABLE_EXTRAS) && defined(ENABLE_EXTRA_LOGS)
LOG_DEBUG("network", "Client with invalid version, patching is not implemented");
#endif
socket().shutdown();
return true;
}
@@ -569,7 +577,9 @@ bool AuthSocket::_HandleLogonProof()
if (std::optional<SessionKey> K = _srp6->VerifyChallengeResponse(lp.A, lp.clientM))
{
_sessionKey = *K;
LOG_DEBUG("network", "'%s:%d' User '%s' successfully authenticated", socket().getRemoteAddress().c_str(), socket().getRemotePort(), _accountInfo.Login.c_str());
#if defined(ENABLE_EXTRAS) && defined(ENABLE_EXTRA_LOGS)
LOG_DEBUG("network", "'%s:%d' User '%s' successfully authenticated", socket().getRemoteAddress().c_str(), socket().getRemotePort(), _login.c_str());
#endif
// Update the sessionkey, last_ip, last login time and reset number of failed logins in the account table for this account
// No SQL injection (escaped user name) and IP address as received by socket
@@ -578,7 +588,7 @@ bool AuthSocket::_HandleLogonProof()
stmt->setString(1, socket().getRemoteAddress().c_str());
stmt->setUInt32(2, GetLocaleByName(_localizationName));
stmt->setString(3, _os);
stmt->setString(4, _accountInfo.Login);
stmt->setString(4, _login);
LoginDatabase.DirectExecute(stmt);
// Finish SRP6 and send the final result to the client
@@ -604,13 +614,6 @@ bool AuthSocket::_HandleLogonProof()
else if (!sentToken && !_totpSecret)
tokenSuccess = true;
if (!tokenSuccess)
{
LOG_DEBUG("server.authsrver", "[AuthChallenge] account %s failed token", _accountInfo.Login.c_str());
char data[4] = { AUTH_LOGON_PROOF, WOW_FAIL_UNKNOWN_ACCOUNT, 3, 0 };
socket().send(data, sizeof(data));
}
if (_expversion & POST_BC_EXP_FLAG) // 2.x and 3.x clients
{
sAuthLogonProof_S proof;
@@ -632,6 +635,12 @@ bool AuthSocket::_HandleLogonProof()
socket().send((char*)&proof, sizeof(proof));
}
if (!tokenSuccess)
{
char data[4] = { AUTH_LOGON_PROOF, WOW_FAIL_UNKNOWN_ACCOUNT, 3, 0 };
socket().send(data, sizeof(data));
}
///- Set _status to authed!
_status = STATUS_AUTHED;
}
@@ -641,7 +650,7 @@ bool AuthSocket::_HandleLogonProof()
socket().send(data, sizeof(data));
#if defined(ENABLE_EXTRAS) && defined(ENABLE_EXTRA_LOGS)
LOG_DEBUG("network", "'%s:%d' [AuthChallenge] account %s tried to login with invalid password!", socket().getRemoteAddress().c_str(), socket().getRemotePort(), _accountInfo.Login.c_str());
LOG_DEBUG("network", "'%s:%d' [AuthChallenge] account %s tried to login with invalid password!", socket().getRemoteAddress().c_str(), socket().getRemotePort(), _login.c_str());
#endif
uint32 MaxWrongPassCount = sConfigMgr->GetOption<int32>("WrongPass.MaxCount", 0);
@@ -650,7 +659,7 @@ bool AuthSocket::_HandleLogonProof()
if (sConfigMgr->GetOption<bool>("WrongPass.Logging", false))
{
PreparedStatement* logstmt = LoginDatabase.GetPreparedStatement(LOGIN_INS_FALP_IP_LOGGING);
logstmt->setString(0, _accountInfo.Login);
logstmt->setString(0, _login);
logstmt->setString(1, socket().getRemoteAddress());
logstmt->setString(2, "Logged on failed AccountLogin due wrong password");
@@ -661,11 +670,11 @@ bool AuthSocket::_HandleLogonProof()
{
//Increment number of failed logins by one and if it reaches the limit temporarily ban that account or IP
PreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_UPD_FAILEDLOGINS);
stmt->setString(0, _accountInfo.Login);
stmt->setString(0, _login);
LoginDatabase.Execute(stmt);
stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_FAILEDLOGINS);
stmt->setString(0, _accountInfo.Login);
stmt->setString(0, _login);
if (PreparedQueryResult loginfail = LoginDatabase.Query(stmt))
{
@@ -685,7 +694,7 @@ bool AuthSocket::_HandleLogonProof()
LoginDatabase.Execute(stmt);
#if defined(ENABLE_EXTRAS) && defined(ENABLE_EXTRA_LOGS)
LOG_DEBUG("network", "'%s:%d' [AuthChallenge] account %s got banned for '%u' seconds because it failed to authenticate '%u' times", socket().getRemoteAddress().c_str(), socket().getRemotePort(), _accountInfo.Login.c_str(), WrongPassBanTime, failed_logins);
LOG_DEBUG("network", "'%s:%d' [AuthChallenge] account %s got banned for '%u' seconds because it failed to authenticate '%u' times", socket().getRemoteAddress().c_str(), socket().getRemotePort(), _login.c_str(), WrongPassBanTime, failed_logins);
#endif
}
else
@@ -697,7 +706,7 @@ bool AuthSocket::_HandleLogonProof()
#if defined(ENABLE_EXTRAS) && defined(ENABLE_EXTRA_LOGS)
LOG_DEBUG("network", "'%s:%d' [AuthChallenge] IP %s got banned for '%u' seconds because account %s failed to authenticate '%u' times",
socket().getRemoteAddress().c_str(), socket().getRemotePort(), socket().getRemoteAddress().c_str(), WrongPassBanTime, _accountInfo.Login.c_str(), failed_logins);
socket().getRemoteAddress().c_str(), socket().getRemotePort(), socket().getRemoteAddress().c_str(), WrongPassBanTime, _login.c_str(), failed_logins);
#endif
}
}
@@ -748,24 +757,20 @@ bool AuthSocket::_HandleReconnectChallenge()
LOG_DEBUG("network", "[ReconnectChallenge] name(%d): '%s'", ch->I_len, ch->I);
#endif
std::string login((char const*)ch->I, ch->I_len);
auto* stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_RECONNECTCHALLENGE);
stmt->setString(0, login);
_login = (const char*)ch->I;
PreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_SESSIONKEY);
stmt->setString(0, _login);
PreparedQueryResult result = LoginDatabase.Query(stmt);
// Stop if the account is not found
if (!result)
{
LOG_ERROR("server", "'%s:%d' [ERROR] user %s tried to login and we cannot find his session key in the database.", socket().getRemoteAddress().c_str(), socket().getRemotePort(), login.c_str());
LOG_ERROR("server", "'%s:%d' [ERROR] user %s tried to login and we cannot find his session key in the database.", socket().getRemoteAddress().c_str(), socket().getRemotePort(), _login.c_str());
socket().shutdown();
return false;
}
Field* fields = result->Fetch();
_accountInfo.LoadResult(fields);
// Reinitialize build, expansion and the account securitylevel
_build = ch->build;
_expversion = uint8(AuthHelper::IsPostBCAcceptedClientBuild(_build) ? POST_BC_EXP_FLAG : (AuthHelper::IsPreBCAcceptedClientBuild(_build) ? PRE_BC_EXP_FLAG : NO_VALID_EXP_FLAG));
@@ -777,7 +782,11 @@ bool AuthSocket::_HandleReconnectChallenge()
// Restore string order as its byte order is reversed
std::reverse(_os.begin(), _os.end());
_sessionKey = fields[9].GetBinary<SESSION_KEY_LENGTH>();
Field* fields = result->Fetch();
uint8 secLevel = fields[2].GetUInt8();
_accountSecurityLevel = secLevel <= SEC_ADMINISTRATOR ? AccountTypes(secLevel) : SEC_ADMINISTRATOR;
_sessionKey = fields[0].GetBinary<SESSION_KEY_LENGTH>();
acore::Crypto::GetRandomBytes(_reconnectProof);
///- All good, await client's proof
@@ -806,14 +815,14 @@ bool AuthSocket::_HandleReconnectProof()
_status = STATUS_CLOSED;
if (_accountInfo.Login.empty())
if (_login.empty())
return false;
BigNumber t1;
t1.SetBinary(lp.R1, 16);
acore::Crypto::SHA1 sha;
sha.UpdateData(_accountInfo.Login);
sha.UpdateData(_login);
sha.UpdateData(t1.ToByteArray<16>());
sha.UpdateData(_reconnectProof);
sha.UpdateData(_sessionKey);
@@ -835,7 +844,7 @@ bool AuthSocket::_HandleReconnectProof()
}
else
{
LOG_ERROR("server", "'%s:%d' [ERROR] user %s tried to login, but session is invalid.", socket().getRemoteAddress().c_str(), socket().getRemotePort(), _accountInfo.Login.c_str());
LOG_ERROR("server", "'%s:%d' [ERROR] user %s tried to login, but session is invalid.", socket().getRemoteAddress().c_str(), socket().getRemotePort(), _login.c_str());
socket().shutdown();
return false;
}
@@ -877,12 +886,11 @@ bool AuthSocket::_HandleRealmList()
// Get the user id (else close the connection)
// No SQL injection (prepared statement)
PreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_ACCOUNT_ID_BY_NAME);
stmt->setString(0, _accountInfo.Login);
stmt->setString(0, _login);
PreparedQueryResult result = LoginDatabase.Query(stmt);
if (!result)
{
LOG_ERROR("server", "'%s:%d' [ERROR] user %s tried to login but we cannot find him in the database.", socket().getRemoteAddress().c_str(), socket().getRemotePort(), _accountInfo.Login.c_str());
LOG_ERROR("server", "'%s:%d' [ERROR] user %s tried to login but we cannot find him in the database.", socket().getRemoteAddress().c_str(), socket().getRemotePort(), _login.c_str());
socket().shutdown();
return false;
}
@@ -931,7 +939,7 @@ bool AuthSocket::_HandleRealmList()
// We don't need the port number from which client connects with but the realm's port
clientAddr.set_port_number(realm.ExternalAddress.get_port_number());
uint8 lock = (realm.allowedSecurityLevel > _accountInfo.SecurityLevel) ? 1 : 0;
uint8 lock = (realm.allowedSecurityLevel > _accountSecurityLevel) ? 1 : 0;
uint8 AmountOfCharacters = 0;
stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_NUM_CHARS_ON_REALM);

19
src/server/authserver/Server/AuthSocket.h
View File

@@ -14,7 +14,6 @@
#include "SRP6.h"
class ACE_INET_Addr;
class Fields;
struct Realm;
enum eStatus
@@ -27,21 +26,6 @@ enum eStatus
STATUS_CLOSED
};
struct AccountInfo
{
void LoadResult(Field* fields);
uint32 Id = 0;
std::string Login;
bool IsLockedToIP = false;
std::string LockCountry;
std::string LastIP;
uint32 FailedLogins = 0;
bool IsBanned = false;
bool IsPermanenetlyBanned = false;
AccountTypes SecurityLevel = SEC_PLAYER;
};
// Handle login commands
class AuthSocket: public RealmSocket::Session
{
@@ -81,7 +65,7 @@ private:
eStatus _status;
AccountInfo _accountInfo;
std::string _login;
Optional<std::vector<uint8>> _totpSecret;
// Since GetLocaleByName() is _NOT_ bijective, we have to store the locale as a string. Otherwise we can't differ
@@ -90,6 +74,7 @@ private:
std::string _os;
uint16 _build;
uint8 _expversion;
AccountTypes _accountSecurityLevel;
};
#endif