static bool HandleGMListIngameCommand(ChatHandler* handler, char const* /*args*/)
{
bool first = true;
bool footer = false;
TRINITY_READ_GUARD(HashMapHolder<Player>::LockType, *HashMapHolder<Player>::GetLock());
HashMapHolder<Player>::MapType const& m = sObjectAccessor->GetPlayers();
for (HashMapHolder<Player>::MapType::const_iterator itr = m.begin(); itr != m.end(); ++itr)
{
AccountTypes itrSec = itr->second->GetSession()->GetSecurity();
if ((itr->second->isGameMaster() || (itrSec > SEC_MODERATOR && itrSec <= AccountTypes(sWorld->getIntConfig(CONFIG_GM_LEVEL_IN_GM_LIST)))) &&
(!handler->GetSession() || itr->second->IsVisibleGloballyFor(handler->GetSession()->GetPlayer())))
{
if (first)
{
first = false;
footer = true;
handler->SendSysMessage(LANG_GMS_ON_SRV);
handler->SendSysMessage("========================");
}
char const* name = itr->second->GetName();
uint8 security = itrSec;
if (security == 0)
continue;
uint8 max = ((16 - strlen(name)) / 2);
uint8 max2 = max;
if ((max + max2 + strlen(name)) == 16)
max2 = max - 1;
if (handler->GetSession())
handler->PSendSysMessage("| %s GMLevel %u", name, security);
else
handler->PSendSysMessage("|%*s%s%*s| %u |", max, " ", name, max2, " ", security);
}
}
if (footer)
handler->SendSysMessage("========================");
if (first)
handler->SendSysMessage(LANG_GMS_NOT_LOGGED);
return true;
}
void SocialMgr::GetFriendInfo(Player *player, uint32 friendGUID, FriendInfo &friendInfo)
{
if (!player)
return;
friendInfo.Status = FRIEND_STATUS_OFFLINE;
friendInfo.Area = 0;
friendInfo.Level = 0;
friendInfo.Class = 0;
Player *pFriend = ObjectAccessor::FindPlayer(friendGUID);
if (!pFriend)
return;
uint32 team = player->GetTeam();
AccountTypes security = player->GetSession()->GetSecurity();
bool allowTwoSideWhoList = sWorld.getConfig(CONFIG_ALLOW_TWO_SIDE_WHO_LIST);
AccountTypes gmLevelInWhoList = AccountTypes (sWorld.getConfig(CONFIG_GM_LEVEL_IN_WHO_LIST));
PlayerSocialMap::iterator itr = player->GetSocial()->m_playerSocialMap.find(friendGUID);
if (itr != player->GetSocial()->m_playerSocialMap.end())
friendInfo.Note = itr->second.Note;
// PLAYER see his team only and PLAYER can't see MODERATOR, GAME MASTER, ADMINISTRATOR characters
// MODERATOR, GAME MASTER, ADMINISTRATOR can see all
if (pFriend && pFriend->GetName() &&
(security > SEC_PLAYER ||
((pFriend->GetTeam() == team || allowTwoSideWhoList) && (pFriend->GetSession()->GetSecurity() <= gmLevelInWhoList))) &&
pFriend->IsVisibleGloballyFor(player))
{
friendInfo.Status = FRIEND_STATUS_ONLINE;
if (pFriend->isAFK())
friendInfo.Status = FRIEND_STATUS_AFK;
if (pFriend->isDND())
friendInfo.Status = FRIEND_STATUS_DND;
friendInfo.Area = pFriend->GetZoneId();
friendInfo.Level = pFriend->getLevel();
friendInfo.Class = pFriend->getClass();
}
}
void Channel::List(Player const* player)
{
ObjectGuid const& guid = player->GetGUID();
if (!IsOn(guid))
{
NotMemberAppend appender;
ChannelNameBuilder<NotMemberAppend> builder(this, appender);
SendToOne(builder, guid);
return;
}
std::string channelName = GetName(player->GetSession()->GetSessionDbcLocale());
TC_LOG_DEBUG("chat.system", "SMSG_CHANNEL_LIST %s Channel: %s",
player->GetSession()->GetPlayerInfo().c_str(), channelName.c_str());
WorldPackets::Channel::ChannelListResponse list;
list._Display = true; /// always true?
list._Channel = channelName;
list._ChannelFlags = GetFlags();
uint32 gmLevelInWhoList = sWorld->getIntConfig(CONFIG_GM_LEVEL_IN_WHO_LIST);
list._Members.reserve(_playersStore.size());
for (PlayerContainer::value_type const& i : _playersStore)
{
Player* member = ObjectAccessor::FindConnectedPlayer(i.first);
// PLAYER can't see MODERATOR, GAME MASTER, ADMINISTRATOR characters
// MODERATOR, GAME MASTER, ADMINISTRATOR can see all
if (member &&
(player->GetSession()->HasPermission(rbac::RBAC_PERM_WHO_SEE_ALL_SEC_LEVELS) ||
member->GetSession()->GetSecurity() <= AccountTypes(gmLevelInWhoList)) &&
member->IsVisibleGloballyFor(player))
{
list._Members.emplace_back(i.first, GetVirtualRealmAddress(), i.second.GetFlags());
}
}
player->SendDirectMessage(list.Write());
}
void RealmList::UpdateRealms(bool init) {
sLog->outDetail("Updating Realm List...");
PreparedStatement *stmt = LoginDatabase.GetPreparedStatement(
LOGIN_GET_REALMLIST);
PreparedQueryResult result = LoginDatabase.Query(stmt);
// Circle through results and add them to the realm map
if (result) {
do {
Field *fields = result->Fetch();
uint32 realmId = fields[0].GetUInt32();
const std::string& name = fields[1].GetString();
const std::string& address = fields[2].GetString();
uint32 port = fields[3].GetUInt32();
uint8 icon = fields[4].GetUInt8();
uint8 color = fields[5].GetUInt8();
uint8 timezone = fields[6].GetUInt8();
uint8 allowedSecurityLevel = fields[7].GetUInt8();
float pop = fields[8].GetFloat();
uint32 build = fields[9].GetUInt32();
UpdateRealm(
realmId,
name,
address,
port,
icon,
color,
timezone,
(allowedSecurityLevel <= SEC_ADMINISTRATOR ?
AccountTypes(allowedSecurityLevel) :
SEC_ADMINISTRATOR), pop, build);
if (init)
sLog->outString("Added realm \"%s\".", fields[1].GetCString());
} while (result->NextRow());
}
}
static bool HandleGMListIngameCommand(ChatHandler* handler, const char* /*args*/)
{
bool first = true;
bool footer = false;
ACE_GUARD_RETURN(ACE_Thread_Mutex, guard, *HashMapHolder<Player>::GetLock(), true);
HashMapHolder<Player>::MapType &m = sObjectAccessor->GetPlayers();
for (HashMapHolder<Player>::MapType::const_iterator itr = m.begin(); itr != m.end(); ++itr)
{
AccountTypes itr_sec = itr->second->GetSession()->GetSecurity();
if ((itr->second->isGameMaster() || (itr_sec > SEC_PLAYER && itr_sec <= AccountTypes(sWorld->getIntConfig(CONFIG_GM_LEVEL_IN_GM_LIST)))) &&
(!handler->GetSession() || itr->second->IsVisibleGloballyFor(handler->GetSession()->GetPlayer())))
{
if (first)
{
first = false;
footer = true;
handler->SendSysMessage(LANG_GMS_ON_SRV);
handler->SendSysMessage("========================");
}
const char* name = itr->second->GetName();
uint8 security = itr_sec;
uint8 max = ((16 - strlen(name)) / 2);
uint8 max2 = max;
if (((max)+(max2)+(strlen(name))) == 16)
max2 = ((max)-1);
if (handler->GetSession())
handler->PSendSysMessage("| %s GMLevel %u", name, security);
else
handler->PSendSysMessage("|%*s%s%*s| %u |", max, " ", name, max2, " ", security);
}
}
if (footer)
handler->SendSysMessage("========================");
if (first)
handler->SendSysMessage(LANG_GMS_NOT_LOGGED);
return true;
}
void PlayerBot::InitializeSession(uint32 accountId)
{
QueryResult* result =
LoginDatabase.PQuery("SELECT "
"gmlevel, " //1
"expansion, " //7
"mutetime, " //8
"locale " //9
"FROM account "
"WHERE id = '%u'",
accountId);
// Stop if the account is not found
if (!result)
{
return;
}
Field* fields = result->Fetch();
uint32 security = fields[0].GetUInt16();
uint8 expansion = fields[1].GetUInt8();
time_t mutetime = time_t(fields[2].GetUInt64());
LocaleConstant locale = LocaleConstant(fields[3].GetUInt8());
WorldSocket* sock = nullptr;
WorldSession* session = new WorldSession(accountId, sock, AccountTypes(security), expansion, mutetime, locale);
if (!session)
{
return;
}
session->SetPlayerBot(true);
session->SetPlayerBotActive(true);
sWorld.AddSession(session);
m_session = session;
}
bool ChatHandler::isAvailable(ChatCommand const& cmd) const
{
uint32 permission = 0;
///@Workaround:: Fast adaptation to RBAC system till all commands are moved to permissions
switch (AccountTypes(cmd.SecurityLevel))
{
case SEC_ADMINISTRATOR:
permission = RBAC_PERM_ADMINISTRATOR_COMMANDS;
break;
case SEC_GAMEMASTER:
permission = RBAC_PERM_GAMEMASTER_COMMANDS;
break;
case SEC_MODERATOR:
permission = RBAC_PERM_MODERATOR_COMMANDS;
break;
case SEC_PLAYER:
default:
permission = RBAC_PERM_PLAYER_COMMANDS;
break;
}
return m_session->HasPermission(permission);
}
void Channel::List(Player* player)
{
uint64 p = player->GetGUID();
if (!IsOn(p))
{
WorldPacket data;
MakeNotMember(&data);
SendToOne(&data, p);
}
else
{
WorldPacket data(SMSG_CHANNEL_LIST, 1+(GetName().size()+1)+1+4+players.size()*(8+1));
data << uint8(1); // channel type?
data << GetName(); // channel name
data << uint8(GetFlags()); // channel flags?
size_t pos = data.wpos();
data << uint32(0); // size of list, placeholder
uint32 gmLevelInWhoList = sWorld->getIntConfig(CONFIG_GM_LEVEL_IN_WHO_LIST);
uint32 count = 0;
for (PlayerList::const_iterator i = players.begin(); i != players.end(); ++i)
{
Player *plr = sObjectMgr->GetPlayer(i->first);
// PLAYER can't see MODERATOR, GAME MASTER, ADMINISTRATOR characters
// MODERATOR, GAME MASTER, ADMINISTRATOR can see all
if (plr && (player->GetSession()->GetSecurity() > SEC_PLAYER || plr->GetSession()->GetSecurity() <= AccountTypes(gmLevelInWhoList)) &&
plr->IsVisibleGloballyFor(player))
{
data << uint64(i->first);
data << uint8(i->second.flags); // flags seems to be changed...
++count;
}
}
data.put<uint32>(pos, count);
SendToOne(&data, p);
}
}
// Reconnect Challenge command handler
bool AuthSocket::_HandleReconnectChallenge()
{
sLog->outDebug(LOG_FILTER_AUTHSERVER, "Entering _HandleReconnectChallenge");
if (socket().recv_len() < sizeof(sAuthLogonChallenge_C))
return false;
// Read the first 4 bytes (header) to get the length of the remaining of the packet
std::vector<uint8> buf;
buf.resize(4);
socket().recv((char *)&buf[0], 4);
#if TRINITY_ENDIAN == TRINITY_BIGENDIAN
EndianConvert(*((uint16*)(buf[0])));
#endif
uint16 remaining = ((sAuthLogonChallenge_C *)&buf[0])->size;
sLog->outDebug(LOG_FILTER_AUTHSERVER, "[ReconnectChallenge] got header, body is %#04x bytes", remaining);
if ((remaining < sizeof(sAuthLogonChallenge_C) - buf.size()) || (socket().recv_len() < remaining))
return false;
// No big fear of memory outage (size is int16, i.e. < 65536)
buf.resize(remaining + buf.size() + 1);
buf[buf.size() - 1] = 0;
sAuthLogonChallenge_C *ch = (sAuthLogonChallenge_C*)&buf[0];
// Read the remaining of the packet
socket().recv((char *)&buf[4], remaining);
sLog->outDebug(LOG_FILTER_AUTHSERVER, "[ReconnectChallenge] got full packet, %#04x bytes", ch->size);
sLog->outDebug(LOG_FILTER_AUTHSERVER, "[ReconnectChallenge] name(%d): '%s'", ch->I_len, ch->I);
_login = (const char*)ch->I;
PreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_SESSIONKEY);
stmt->setString(0, _login);
PreparedQueryResult result = LoginDatabase.Query(stmt);
// Stop if the account is not found
if (!result)
{
sLog->outError(LOG_FILTER_AUTHSERVER, "'%s:%d' [ERROR] user %s tried to login and we cannot find his session key in the database.", socket().getRemoteAddress().c_str(), socket().getRemotePort(), _login.c_str());
socket().shutdown();
return false;
}
// Reinitialize build, expansion and the account securitylevel
_build = ch->build;
_os = (const char*)ch->os;
if (_os.size() > 4)
return false;
// Restore string order as its byte order is reversed
std::reverse(_os.begin(), _os.end());
Field* fields = result->Fetch();
uint8 secLevel = fields[2].GetUInt8();
_accountSecurityLevel = secLevel <= SEC_ADMINISTRATOR ? AccountTypes(secLevel) : SEC_ADMINISTRATOR;
K.SetHexStr ((*result)[0].GetCString());
// Sending response
ByteBuffer pkt;
pkt << uint8(AUTH_RECONNECT_CHALLENGE);
pkt << uint8(0x00);
_reconnectProof.SetRand(16 * 8);
pkt.append(_reconnectProof.AsByteArray(16), 16); // 16 bytes random
pkt << uint64(0x00) << uint64(0x00); // 16 bytes zeros
socket().send((char const*)pkt.contents(), pkt.size());
return true;
}
bool ChatHandler::isAvailable(ChatCommand const& cmd) const
{
// check security level only for simple command (without child commands)
return m_session->GetSecurity() >= AccountTypes(cmd.SecurityLevel);
}
// Reconnect Challenge command handler
bool AuthSocket::_HandleReconnectChallenge()
{
sLog->outStaticDebug("Entering _HandleReconnectChallenge");
if (socket().recv_len() < sizeof(sAuthLogonChallenge_C))
return false;
// Read the first 4 bytes (header) to get the length of the remaining of the packet
std::vector<uint8> buf;
buf.resize(4);
socket().recv((char *)&buf[0], 4);
#if STRAWBERRY_ENDIAN == STRAWBERRY_BIGENDIAN
EndianConvert(*((uint16*)(buf[0])));
#endif
uint16 remaining = ((sAuthLogonChallenge_C *)&buf[0])->size;
sLog->outStaticDebug("[ReconnectChallenge] got header, body is %#04x bytes", remaining);
if ((remaining < sizeof(sAuthLogonChallenge_C) - buf.size()) || (socket().recv_len() < remaining))
return false;
// No big fear of memory outage (size is int16, i.e. < 65536)
buf.resize(remaining + buf.size() + 1);
buf[buf.size() - 1] = 0;
sAuthLogonChallenge_C *ch = (sAuthLogonChallenge_C*)&buf[0];
// Read the remaining of the packet
socket().recv((char *)&buf[4], remaining);
sLog->outStaticDebug("[ReconnectChallenge] got full packet, %#04x bytes", ch->size);
sLog->outStaticDebug("[ReconnectChallenge] name(%d): '%s'", ch->I_len, ch->I);
_login = (const char*)ch->I;
PreparedStatement* stmt = RealmDB.GetPreparedStatement(LOGIN_GET_SESSIONKEY);
stmt->setString(0, _login);
PreparedQueryResult result = RealmDB.Query(stmt);
// Stop if the account is not found
if (!result)
{
sLog->outError("[ERROR] user %s tried to login and we cannot find his session key in the database.", _login.c_str());
socket().shutdown();
return false;
}
// Reinitialize build, expansion and the account securitylevel
_build = ch->build;
_expversion = (AuthHelper::GetAcceptedClientBuilds(_build) ? LK_EXPANSION_FLAG : CL_EXPANSION_FLAG) | (AuthHelper::GetAcceptedClientBuilds(_build) ? BC_EXPANSION_FLAG : CL_EXPANSION_FLAG);
Field* fields = result->Fetch();
uint8 secLevel = fields[2].GetUInt8();
_accountSecurityLevel = secLevel <= SEC_ADMINISTRATOR ? AccountTypes(secLevel) : SEC_ADMINISTRATOR;
K.SetHexStr ((*result)[0].GetCString());
// Sending response
ByteBuffer pkt;
pkt << (uint8)AUTH_RECONNECT_CHALLENGE;
pkt << (uint8)0x00;
_reconnectProof.SetRand(16 * 8);
pkt.append(_reconnectProof.AsByteArray(16), 16); // 16 bytes random
pkt << (uint64)0x00 << (uint64)0x00; // 16 bytes zeros
socket().send((char const*)pkt.contents(), pkt.size());
return true;
}
void RealmList::UpdateRealms(bool init)
{
TC_LOG_INFO("server.authserver", "Updating Realm List...");
PreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_REALMLIST);
PreparedQueryResult result = LoginDatabase.Query(stmt);
// Circle through results and add them to the realm map
if (result)
{
do
{
try
{
boost::asio::ip::tcp::resolver::iterator end;
Field* fields = result->Fetch();
uint32 realmId = fields[0].GetUInt32();
std::string name = fields[1].GetString();
boost::asio::ip::tcp::resolver::query externalAddressQuery(ip::tcp::v4(), fields[2].GetString(), "");
boost::system::error_code ec;
boost::asio::ip::tcp::resolver::iterator endPoint = _resolver->resolve(externalAddressQuery, ec);
if (endPoint == end || ec)
{
TC_LOG_ERROR("server.authserver", "Could not resolve address %s", fields[2].GetString().c_str());
return;
}
ip::address externalAddress = (*endPoint).endpoint().address();
boost::asio::ip::tcp::resolver::query localAddressQuery(ip::tcp::v4(), fields[3].GetString(), "");
endPoint = _resolver->resolve(localAddressQuery, ec);
if (endPoint == end || ec)
{
TC_LOG_ERROR("server.authserver", "Could not resolve address %s", fields[3].GetString().c_str());
return;
}
ip::address localAddress = (*endPoint).endpoint().address();
boost::asio::ip::tcp::resolver::query localSubmaskQuery(ip::tcp::v4(), fields[4].GetString(), "");
endPoint = _resolver->resolve(localSubmaskQuery, ec);
if (endPoint == end || ec)
{
TC_LOG_ERROR("server.authserver", "Could not resolve address %s", fields[4].GetString().c_str());
return;
}
ip::address localSubmask = (*endPoint).endpoint().address();
uint16 port = fields[5].GetUInt16();
uint8 icon = fields[6].GetUInt8();
RealmFlags flag = RealmFlags(fields[7].GetUInt8());
uint8 timezone = fields[8].GetUInt8();
uint8 allowedSecurityLevel = fields[9].GetUInt8();
float pop = fields[10].GetFloat();
uint32 build = fields[11].GetUInt32();
UpdateRealm(realmId, name, externalAddress, localAddress, localSubmask, port, icon, flag, timezone,
(allowedSecurityLevel <= SEC_ADMINISTRATOR ? AccountTypes(allowedSecurityLevel) : SEC_ADMINISTRATOR), pop, build);
if (init)
TC_LOG_INFO("server.authserver", "Added realm \"%s\" at %s:%u.", name.c_str(), m_realms[name].ExternalAddress.to_string().c_str(), port);
}
catch (std::exception& ex)
{
TC_LOG_ERROR("server.authserver", "Realmlist::UpdateRealms has thrown an exception: %s", ex.what());
ASSERT(false);
}
}
while (result->NextRow());
}
}
/// Logon Challenge command handler
bool AuthSocket::_HandleLogonChallenge()
{
DEBUG_LOG("Entering _HandleLogonChallenge");
if (recv_len() < sizeof(sAuthLogonChallenge_C))
return false;
///- Read the first 4 bytes (header) to get the length of the remaining of the packet
std::vector<uint8> buf;
buf.resize(4);
recv((char *)&buf[0], 4);
EndianConvert(*((uint16*)(buf[0])));
uint16 remaining = ((sAuthLogonChallenge_C *)&buf[0])->size;
DEBUG_LOG("[AuthChallenge] got header, body is %#04x bytes", remaining);
if ((remaining < sizeof(sAuthLogonChallenge_C) - buf.size()) || (recv_len() < remaining))
return false;
//No big fear of memory outage (size is int16, i.e. < 65536)
buf.resize(remaining + buf.size() + 1);
buf[buf.size() - 1] = 0;
sAuthLogonChallenge_C *ch = (sAuthLogonChallenge_C*)&buf[0];
///- Read the remaining of the packet
recv((char *)&buf[4], remaining);
DEBUG_LOG("[AuthChallenge] got full packet, %#04x bytes", ch->size);
DEBUG_LOG("[AuthChallenge] name(%d): '%s'", ch->I_len, ch->I);
// BigEndian code, nop in little endian case
// size already converted
EndianConvert(*((uint32*)(&ch->gamename[0])));
EndianConvert(ch->build);
EndianConvert(*((uint32*)(&ch->platform[0])));
EndianConvert(*((uint32*)(&ch->os[0])));
EndianConvert(*((uint32*)(&ch->country[0])));
EndianConvert(ch->timezone_bias);
EndianConvert(ch->ip);
ByteBuffer pkt;
_login = (const char*)ch->I;
_build = ch->build;
_os = (const char*)ch->os;
if(_os.size() > 4)
return false;
///- Normalize account name
//utf8ToUpperOnlyLatin(_login); -- client already send account in expected form
//Escape the user login to avoid further SQL injection
//Memory will be freed on AuthSocket object destruction
_safelogin = _login;
LoginDatabase.escape_string(_safelogin);
// Starting CMD_AUTH_LOGON_CHALLENGE
AuthResult result = WOW_FAIL_UNKNOWN0;
///- Verify that this IP is not in the ip_banned table
// No SQL injection possible (paste the IP address as passed by the socket)
std::string address = get_remote_address();
LoginDatabase.escape_string(address);
QueryResult* qresult = LoginDatabase.PQuery("SELECT unbandate FROM ip_banned WHERE "
// permanent still banned
"(unbandate = bandate OR unbandate > UNIX_TIMESTAMP()) AND ip = '%s'", address.c_str());
if (qresult)
{
result = WOW_FAIL_BANNED;
BASIC_LOG("[AuthChallenge] Banned ip %s tries to login!", get_remote_address().c_str());
delete qresult;
}
else
{
///- Get the account details from the account table
// No SQL injection (escaped user name)
//qresult = LoginDatabase.PQuery("SELECT sha_pass_hash,id,locked,last_ip,gmlevel,v,s FROM account WHERE username = '******'",_safelogin.c_str());
qresult = LoginDatabase.PQuery("SELECT a.sha_pass_hash,a.id,a.locked,a.last_ip,aa.gmlevel,a.v,a.s FROM account a LEFT JOIN account_access aa ON (a.id = aa.id) WHERE username = '******'", _safelogin.c_str());
if (qresult)
{
std::string rI = (*qresult)[0].GetCppString();
uint32 accountId = (*qresult)[1].GetUInt32();
uint8 locked = (*qresult)[2].GetUInt8();
std::string lastIP = (*qresult)[3].GetString();
uint8 secLevel = (*qresult)[4].GetUInt8();
std::string databaseV = (*qresult)[5].GetCppString();
std::string databaseS = (*qresult)[6].GetCppString();
bool blockLogin = false;
if (sConfig.GetBoolDefault("MultiIPCheck", false))
{
int32 iplimit = sConfig.GetIntDefault("MultiIPLimit", 10);
int32 multiIPdelay = sConfig.GetIntDefault("MultiIPPeriodInHours", 48);
// If a GM account login ignore MultiIP
QueryResult* ipcheck = LoginDatabase.PQuery("SELECT id FROM account WHERE last_ip = '%s' AND id != %u AND last_login > NOW() - INTERVAL %u HOUR ORDER BY last_login DESC;", get_remote_address().c_str(), accountId, multiIPdelay);
if (ipcheck)
{
// build whitelist
std::list<uint32> accountsInWhitelist;
accountsInWhitelist.clear();
QueryResult* IDsinwhite = LoginDatabase.PQuery("SELECT whitelist FROM multi_IP_whitelist WHERE whitelist LIKE '%|%u|%'", accountId);
if (IDsinwhite)
{
Tokens whitelistaccounts((*IDsinwhite)[0].GetCppString(),'|');
bool isInWhite = false;
for (Tokens::const_iterator itr = whitelistaccounts.begin(); itr != whitelistaccounts.end(); ++itr)
accountsInWhitelist.push_back(atoi(*itr));
delete IDsinwhite;
}
do
{
Field* pFields =ipcheck->Fetch();
uint32 MultiAccountID = pFields[0].GetUInt32();
bool isInWhite = false;
for (std::list<uint32>::const_iterator itr = accountsInWhitelist.begin(); itr != accountsInWhitelist.end(); ++itr)
{
if (*itr == MultiAccountID)
isInWhite = true;
}
if (!isInWhite)
{
--iplimit;
}
}
while (ipcheck->NextRow());
delete ipcheck;
}
/*
* default case 10 allowed account with same last_ip
* we found 9 account with current ip. NOTE: actual account is not in list
* 10 - 9 - 1
* ^ current account
* ^ account in list
* ^ allowed
*/
if (iplimit < 1)
{
DEBUG_LOG("[AuthChallenge] Account '%s' is multi IP - '%s'", _login.c_str(), lastIP.c_str());
result = WOW_FAIL_PARENTCONTROL;
blockLogin = true;
}
}
///- If the IP is 'locked', check that the player comes indeed from the correct IP address
if (locked == 1) // if ip is locked
{
DEBUG_LOG("[AuthChallenge] Account '%s' is locked to IP - '%s'", _login.c_str(), lastIP.c_str());
DEBUG_LOG("[AuthChallenge] Player address is '%s'", get_remote_address().c_str());
if (strcmp(lastIP.c_str(),get_remote_address().c_str()) )
{
DEBUG_LOG("[AuthChallenge] Account IP differs");
result = WOW_FAIL_SUSPENDED;
blockLogin = true;
}
else
{
DEBUG_LOG("[AuthChallenge] Account IP matches");
}
}
else
{
DEBUG_LOG("[AuthChallenge] Account '%s' is not locked to ip", _login.c_str());
}
if (!blockLogin)
{
///- If the account is banned, reject the logon attempt
QueryResult* banresult = LoginDatabase.PQuery("SELECT bandate,unbandate FROM account_banned WHERE "
"id = %u AND active = 1 AND (unbandate > UNIX_TIMESTAMP() OR unbandate = bandate)", accountId);
if (banresult)
{
if ((*banresult)[0].GetUInt64() == (*banresult)[1].GetUInt64())
{
result = WOW_FAIL_BANNED;
BASIC_LOG("[AuthChallenge] Banned account %s (Id: %u) tries to login!", _login.c_str(), accountId);
}
else
{
result = WOW_FAIL_SUSPENDED;
BASIC_LOG("[AuthChallenge] Temporarily banned account %s (Id: %u) tries to login!",_login.c_str(), accountId);
}
delete banresult;
}
else
{
DEBUG_LOG("database authentication values: v='%s' s='%s'", databaseV.c_str(), databaseS.c_str());
// multiply with 2, bytes are stored as hexstring
if (databaseV.size() != s_BYTE_SIZE*2 || databaseS.size() != s_BYTE_SIZE*2)
_SetVSFields(rI);
else
{
s.SetHexStr(databaseS.c_str());
v.SetHexStr(databaseV.c_str());
}
result = WOW_SUCCESS;
_accountSecurityLevel = secLevel <= SEC_ADMINISTRATOR ? AccountTypes(secLevel) : SEC_ADMINISTRATOR;
_localizationName.resize(4);
for (int i = 0; i < 4; ++i)
_localizationName[i] = ch->country[4-i-1];
BASIC_LOG("[AuthChallenge] account %s (Id: %u) is using '%c%c%c%c' locale (%u)", _login.c_str (), accountId, ch->country[3], ch->country[2], ch->country[1], ch->country[0], GetLocaleByName(_localizationName));
}
}
delete qresult;
}
else if (sConfig.GetBoolDefault("AutoRegistration", false))
{
if (_safelogin.find_first_of("\t\v\b\f\a\n\r\\\"\'\? <>[](){}_=+-|/!@#$%^&*~`.,\0") == _safelogin.npos && _safelogin.length() > 3)
{
QueryResult* checkIPresult = LoginDatabase.PQuery("SELECT COUNT(last_ip) FROM account WHERE last_ip = '%s'",get_remote_address().c_str());
int32 regCount = checkIPresult ? (*checkIPresult)[0].GetUInt32() : 0;
if (regCount >= sConfig.GetIntDefault("AutoRegistration.Amount", 1))
{
BASIC_LOG("[AuthChallenge] Impossible auto-register account %s, number of auto-registered accouts is %u, but allowed only %u",
_safelogin.c_str(),regCount, sConfig.GetIntDefault("AutoRegistration.Amount", 1));
// result = WOW_FAIL_DB_BUSY;
result = WOW_FAIL_DISCONNECTED;
}
else
{
std::transform(_safelogin.begin(), _safelogin.end(), _safelogin.begin(), std::towupper);
Sha1Hash sha;
sha.Initialize();
sha.UpdateData(_safelogin);
sha.UpdateData(":");
sha.UpdateData(_safelogin);
sha.Finalize();
std::string encoded;
hexEncodeByteArray(sha.GetDigest(), sha.GetLength(), encoded);
LoginDatabase.PExecute("INSERT INTO account(username,sha_pass_hash,joindate) VALUES('%s','%s',NOW())", _safelogin.c_str(), encoded.c_str());
_SetVSFields(encoded);
BASIC_LOG("[AuthChallenge] account %s auto-registered (count %u)!",_safelogin.c_str(), ++regCount);
result = WOW_SUCCESS;
_accountSecurityLevel = SEC_PLAYER;
_localizationName.resize(4);
for (int i = 0; i < 4; ++i)
_localizationName[i] = ch->country[4-i-1];
}
if (checkIPresult)
delete checkIPresult;
}
}
else
result = WOW_FAIL_UNKNOWN_ACCOUNT;
}
pkt << uint8(CMD_AUTH_LOGON_CHALLENGE);
pkt << uint8(0x00);
pkt << uint8(result);
switch (result)
{
case WOW_SUCCESS:
{
b.SetRand(19 * 8);
BigNumber gmod = g.ModExp(b, N);
B = ((v * 3) + gmod) % N;
MANGOS_ASSERT(gmod.GetNumBytes() <= 32);
BigNumber unk3;
unk3.SetRand(16 * 8);
// B may be calculated < 32B so we force minimal length to 32B
pkt.append(B.AsByteArray(32), 32); // 32 bytes
pkt << uint8(1);
pkt.append(g.AsByteArray(), 1);
pkt << uint8(32);
pkt.append(N.AsByteArray(32), 32);
pkt.append(s.AsByteArray(), s.GetNumBytes());// 32 bytes
pkt.append(unk3.AsByteArray(16), 16);
uint8 securityFlags = 0;
pkt << uint8(securityFlags); // security flags (0x0...0x04)
if (securityFlags & 0x01) // PIN input
{
pkt << uint32(0);
pkt << uint64(0) << uint64(0); // 16 bytes hash?
}
if (securityFlags & 0x02) // Matrix input
{
pkt << uint8(0);
pkt << uint8(0);
pkt << uint8(0);
pkt << uint8(0);
pkt << uint64(0);
}
if (securityFlags & 0x04) // Security token input
{
pkt << uint8(1);
}
break;
}
case WOW_FAIL_UNKNOWN0:
case WOW_FAIL_UNKNOWN1:
case WOW_FAIL_SUSPENDED:
case WOW_FAIL_BANNED:
case WOW_FAIL_UNKNOWN_ACCOUNT:
case WOW_FAIL_INCORRECT_PASSWORD:
case WOW_FAIL_ALREADY_ONLINE:
case WOW_FAIL_NO_TIME:
case WOW_FAIL_DB_BUSY:
case WOW_FAIL_VERSION_INVALID:
case WOW_FAIL_VERSION_UPDATE:
case WOW_FAIL_INVALID_SERVER:
case WOW_FAIL_FAIL_NOACCESS:
case WOW_SUCCESS_SURVEY:
case WOW_FAIL_PARENTCONTROL:
case WOW_FAIL_LOCKED_ENFORCED:
case WOW_FAIL_TRIAL_ENDED:
case WOW_FAIL_USE_BATTLENET:
case WOW_FAIL_TOO_FAST:
case WOW_FAIL_CHARGEBACK:
case WOW_FAIL_GAME_ACCOUNT_LOCKED:
case WOW_FAIL_INTERNET_GAME_ROOM_WITHOUT_BNET:
case WOW_FAIL_UNLOCKABLE_LOCK:
case WOW_FAIL_DISCONNECTED:
break;
default:
BASIC_LOG("[AuthChallenge] unknown CMD_AUTH_LOGON_CHALLENGE execution result %u!", result);
break;
}
send((char const*)pkt.contents(), pkt.size());
return true;
}
int WorldSocket::HandleAuthSession (WorldPacket& recvPacket)
{
// NOTE: ATM the socket is singlethread, have this in mind ...
uint8 digest[20];
uint32 clientSeed;
uint32 unk2;
uint32 BuiltNumberClient;
uint32 id, security;
//uint8 expansion = 0;
LocaleConstant locale;
std::string account;
Sha1Hash sha1;
BigNumber v, s, g, N;
WorldPacket packet, SendAddonPacked;
BigNumber K;
// Read the content of the packet
recvPacket >> BuiltNumberClient;
recvPacket >> unk2;
recvPacket >> account;
recvPacket >> clientSeed;
recvPacket.read (digest, 20);
DEBUG_LOG ("WorldSocket::HandleAuthSession: client %u, unk2 %u, account %s, clientseed %u",
BuiltNumberClient,
unk2,
account.c_str (),
clientSeed);
// Check the version of client trying to connect
if (!IsAcceptableClientBuild(BuiltNumberClient))
{
packet.Initialize (SMSG_AUTH_RESPONSE, 1);
packet << uint8 (AUTH_VERSION_MISMATCH);
SendPacket (packet);
sLog.outError ("WorldSocket::HandleAuthSession: Sent Auth Response (version mismatch).");
return -1;
}
// Get the account information from the realmd database
std::string safe_account = account; // Duplicate, else will screw the SHA hash verification below
LoginDatabase.escape_string (safe_account);
// No SQL injection, username escaped.
QueryResult_AutoPtr result = LoginDatabase.PQuery ("SELECT "
"id, " //0
"gmlevel, " //1
"sessionkey, " //2
"last_ip, " //3
"locked, " //4
"v, " //5
"s, " //6
"expansion, " //7
"mutetime, " //8
"locale " //9
"FROM account "
"WHERE username = '******'",
safe_account.c_str ());
// Stop if the account is not found
if (!result)
{
packet.Initialize (SMSG_AUTH_RESPONSE, 1);
packet << uint8 (AUTH_UNKNOWN_ACCOUNT);
SendPacket (packet);
sLog.outError ("WorldSocket::HandleAuthSession: Sent Auth Response (unknown account).");
return -1;
}
Field* fields = result->Fetch ();
uint8 expansion = fields[7].GetUInt8();
uint32 world_expansion = sWorld.getConfig(CONFIG_EXPANSION);
if (expansion > world_expansion)
expansion = world_expansion;
//expansion = ((sWorld.getConfig(CONFIG_EXPANSION) > fields[7].GetUInt8()) ? fields[7].GetUInt8() : sWorld.getConfig(CONFIG_EXPANSION));
N.SetHexStr ("894B645E89E1535BBDAD5B8B290650530801B18EBFBF5E8FAB3C82872A3E9BB7");
g.SetDword (7);
v.SetHexStr(fields[5].GetString());
s.SetHexStr (fields[6].GetString ());
const char* sStr = s.AsHexStr (); //Must be freed by OPENSSL_free()
const char* vStr = v.AsHexStr (); //Must be freed by OPENSSL_free()
DEBUG_LOG ("WorldSocket::HandleAuthSession: (s,v) check s: %s v: %s",
sStr,
vStr);
OPENSSL_free ((void*) sStr);
OPENSSL_free ((void*) vStr);
// Re-check ip locking (same check as in realmd).
if (fields[4].GetUInt8 () == 1) // if ip is locked
{
if (strcmp (fields[3].GetString (), GetRemoteAddress ().c_str ()))
{
packet.Initialize (SMSG_AUTH_RESPONSE, 1);
packet << uint8 (AUTH_FAILED);
SendPacket (packet);
sLog.outBasic ("WorldSocket::HandleAuthSession: Sent Auth Response (Account IP differs).");
return -1;
}
}
id = fields[0].GetUInt32 ();
security = fields[1].GetUInt16 ();
K.SetHexStr (fields[2].GetString ());
time_t mutetime = time_t (fields[8].GetUInt64 ());
locale = LocaleConstant (fields[9].GetUInt8 ());
if (locale >= MAX_LOCALE)
locale = LOCALE_enUS;
// Re-check account ban (same check as in realmd)
QueryResult_AutoPtr banresult = LoginDatabase.PQuery ("SELECT "
"bandate, "
"unbandate "
"FROM account_banned "
"WHERE id = '%u' "
"AND active = 1",
id);
if (banresult) // if account banned
{
packet.Initialize (SMSG_AUTH_RESPONSE, 1);
packet << uint8 (AUTH_BANNED);
SendPacket (packet);
sLog.outError ("WorldSocket::HandleAuthSession: Sent Auth Response (Account banned).");
return -1;
}
// Check locked state for server
sWorld.UpdateAllowedSecurity();
AccountTypes allowedAccountType = sWorld.GetPlayerSecurityLimit ();
sLog.outDebug("Allowed Level: %u Player Level %u", allowedAccountType, AccountTypes(security));
if (allowedAccountType > SEC_PLAYER && security < allowedAccountType)
{
WorldPacket Packet (SMSG_AUTH_RESPONSE, 1);
Packet << uint8 (AUTH_UNAVAILABLE);
SendPacket (packet);
sLog.outDetail ("WorldSocket::HandleAuthSession: User tries to login but his security level is not enough");
return -1;
}
// Check that Key and account name are the same on client and server
Sha1Hash sha;
uint32 t = 0;
uint32 seed = m_Seed;
sha.UpdateData (account);
sha.UpdateData ((uint8 *) & t, 4);
sha.UpdateData ((uint8 *) & clientSeed, 4);
sha.UpdateData ((uint8 *) & seed, 4);
sha.UpdateBigNumbers (&K, NULL);
sha.Finalize ();
if (memcmp (sha.GetDigest (), digest, 20))
{
packet.Initialize (SMSG_AUTH_RESPONSE, 1);
packet << uint8 (AUTH_FAILED);
SendPacket (packet);
sLog.outError ("WorldSocket::HandleAuthSession: Sent Auth Response (authentification failed).");
return -1;
}
std::string address = GetRemoteAddress();
DEBUG_LOG ("WorldSocket::HandleAuthSession: Client '%s' authenticated successfully from %s.",
account.c_str(),
address.c_str());
// Update the last_ip in the database
// No SQL injection, username escaped.
LoginDatabase.escape_string (address);
LoginDatabase.PExecute ("UPDATE account "
"SET last_ip = '%s' "
"WHERE username = '******'",
address.c_str(),
safe_account.c_str());
// NOTE ATM the socket is single-threaded, have this in mind ...
ACE_NEW_RETURN (m_Session, WorldSession (id, this, security, expansion, mutetime, locale), -1);
m_Crypt.SetKey(&K);
m_Crypt.Init();
// Sleep this Network thread for
uint32 sleepTime = sWorld.getConfig(CONFIG_SESSION_ADD_DELAY);
ACE_OS::sleep(ACE_Time_Value (0, sleepTime));
sWorld.AddSession (m_Session);
// Create and send the Addon packet
if (sAddOnHandler.BuildAddonPacket (&recvPacket, &SendAddonPacked))
SendPacket(SendAddonPacked);
return 0;
}
// Reconnect Challenge command handler
bool AuthSocket::_HandleReconnectChallenge()
{
sLog->outDebug(LOG_FILTER_AUTHSERVER, "Entering _HandleReconnectChallenge");
if (socket().recv_len() < sizeof(sAuthLogonChallenge_C))
return false;
// Read the first 4 bytes (header) to get the length of the remaining of the packet
char buffer[0x100];
socket().recv(buffer, 4);
#if TRINITY_ENDIAN == TRINITY_BIGENDIAN
EndianConvert(*((uint16*)(buf[0])));
#endif
uint16 remaining = ((sAuthLogonChallenge_C *)buffer)->size;
sLog->outDebug(LOG_FILTER_AUTHSERVER, "[ReconnectChallenge] got header, body is %#04x bytes", remaining);
if (remaining < sizeof(sAuthLogonChallenge_C) - 4 || socket().recv_len() < remaining || remaining + 4 >= sizeof(buffer))
return false;
sAuthLogonChallenge_C *ch = (sAuthLogonChallenge_C*)buffer;
// Read the remaining of the packet
socket().recv(buffer + 4, remaining);
if (ch->I_len > 32)
return false;
sLog->outDebug(LOG_FILTER_AUTHSERVER, "[ReconnectChallenge] got full packet, %#04x bytes", ch->size);
sLog->outDebug(LOG_FILTER_AUTHSERVER, "[ReconnectChallenge] name: '%*s'", ch->I_len, ch->I);
_login.assign((const char*)ch->I, ch->I_len);
PreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_SESSIONKEY);
stmt->setString(0, _login);
PreparedQueryResult result = LoginDatabase.Query(stmt);
// Stop if the account is not found
if (!result)
{
sLog->outError(LOG_FILTER_AUTHSERVER, "'%s:%d' [ERROR] user %s tried to login and we cannot find his session key in the database.", socket().getRemoteAddress().c_str(), socket().getRemotePort(), _login.c_str());
socket().shutdown();
return false;
}
// Reinitialize build, expansion and the account securitylevel
_build = ch->build;
_expversion = uint8(AuthHelper::IsPostBCAcceptedClientBuild(_build) ? POST_BC_EXP_FLAG : (AuthHelper::IsPreBCAcceptedClientBuild(_build) ? PRE_BC_EXP_FLAG : NO_VALID_EXP_FLAG));
_os = (const char*)ch->os;
if (_os.size() > 4)
return false;
// Restore string order as its byte order is reversed
std::reverse(_os.begin(), _os.end());
Field* fields = result->Fetch();
uint8 secLevel = fields[2].GetUInt8();
_accountSecurityLevel = secLevel <= SEC_ADMINISTRATOR ? AccountTypes(secLevel) : SEC_ADMINISTRATOR;
K.SetHexStr ((*result)[0].GetCString());
// Sending response
ByteBuffer pkt;
pkt << uint8(AUTH_RECONNECT_CHALLENGE);
pkt << uint8(0x00);
_reconnectProof.SetRand(16 * 8);
pkt.append(_reconnectProof.AsByteArray(16).get(), 16); // 16 bytes random
pkt << uint64(0x00) << uint64(0x00); // 16 bytes zeros
socket().send((char const*)pkt.contents(), pkt.size());
return true;
}
// Reconnect Challenge command handler
bool AuthSocket::_HandleReconnectChallenge()
{
sLog->outStaticDebug("Entering _HandleReconnectChallenge");
if (socket().recv_len() < sizeof(sAuthLogonChallenge_C))
return false;
// Read the first 4 bytes (header) to get the length of the remaining of the packet
std::vector<uint8> buf;
buf.resize(4);
socket().recv((char *)&buf[0], 4);
#if SKYFIRE_ENDIAN == SKYFIRE_BIGENDIAN
EndianConvert(*((uint16*)(buf[0])));
#endif
uint16 remaining = ((sAuthLogonChallenge_C *)&buf[0])->size;
sLog->outStaticDebug("[ReconnectChallenge] got header, body is %#04x bytes", remaining);
if ((remaining < sizeof(sAuthLogonChallenge_C) - buf.size()) || (socket().recv_len() < remaining))
return false;
// No big fear of memory outage (size is int16, i.e. < 65536)
buf.resize(remaining + buf.size() + 1);
buf[buf.size() - 1] = 0;
sAuthLogonChallenge_C *ch = (sAuthLogonChallenge_C*)&buf[0];
// Read the remaining of the packet
socket().recv((char *)&buf[4], remaining);
sLog->outStaticDebug("[ReconnectChallenge] got full packet, %#04x bytes", ch->size);
sLog->outStaticDebug("[ReconnectChallenge] name(%d): '%s'", ch->I_len, ch->I);
_login = (const char*)ch->I;
QueryResult_AutoPtr result = LoginDatabase.PQuery ("SELECT sessionkey FROM account WHERE username = '******'", _login.c_str ());
// Stop if the account is not found
if (!result)
{
sLog->outError("'%s:%d' [ERROR] user %s tried to login and we cannot find his session key in the database.", socket().getRemoteAddress().c_str(), socket().getRemotePort(), _login.c_str());
socket().shutdown();
return false;
}
// Reinitialize build, expansion and the account securitylevel
_build = ch->build;
_expversion = (AuthHelper::IsPostBCAcceptedClientBuild(_build) ? POST_BC_EXP_FLAG : NO_VALID_EXP_FLAG) | (AuthHelper::IsPreBCAcceptedClientBuild(_build) ? PRE_BC_EXP_FLAG : NO_VALID_EXP_FLAG);
_os = (const char*)ch->os;
if (_os.size() > 4)
return false;
// Restore string order as its byte order is reversed
std::reverse(_os.begin(), _os.end());
Field* fields = result->Fetch();
uint8 secLevel = fields[2].GetUInt8();
_accountSecurityLevel = secLevel <= SEC_ADMINISTRATOR ? AccountTypes(secLevel) : SEC_ADMINISTRATOR;
K.SetHexStr (fields[0].GetString ());
// Sending response
ByteBuffer pkt;
pkt << (uint8)AUTH_RECONNECT_CHALLENGE;
pkt << (uint8)0x00;
_reconnectProof.SetRand(16 * 8);
pkt.append(_reconnectProof.AsByteArray(16), 16); // 16 bytes random
pkt << (uint64)0x00 << (uint64)0x00; // 16 bytes zeros
socket().send((char const*)pkt.contents(), pkt.size());
return true;
}
void RealmList::UpdateRealms(bool init, boost::system::error_code const& error)
{
if (error)
return;
TC_LOG_INFO("server.authserver", "Updating Realm List...");
PreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_REALMLIST);
PreparedQueryResult result = LoginDatabase.Query(stmt);
// Circle through results and add them to the realm map
if (result)
{
do
{
try
{
boost::asio::ip::tcp::resolver::iterator end;
Field* fields = result->Fetch();
uint32 realmId = fields[0].GetUInt32();
std::string name = fields[1].GetString();
boost::asio::ip::tcp::resolver::query externalAddressQuery(ip::tcp::v4(), fields[2].GetString(), "");
boost::system::error_code ec;
boost::asio::ip::tcp::resolver::iterator endPoint = _resolver->resolve(externalAddressQuery, ec);
if (endPoint == end || ec)
{
TC_LOG_ERROR("server.authserver", "Could not resolve address %s", fields[2].GetString().c_str());
return;
}
ip::address externalAddress = (*endPoint).endpoint().address();
boost::asio::ip::tcp::resolver::query localAddressQuery(ip::tcp::v4(), fields[3].GetString(), "");
endPoint = _resolver->resolve(localAddressQuery, ec);
if (endPoint == end || ec)
{
TC_LOG_ERROR("server.authserver", "Could not resolve address %s", fields[3].GetString().c_str());
return;
}
ip::address localAddress = (*endPoint).endpoint().address();
boost::asio::ip::tcp::resolver::query localSubmaskQuery(ip::tcp::v4(), fields[4].GetString(), "");
endPoint = _resolver->resolve(localSubmaskQuery, ec);
if (endPoint == end || ec)
{
TC_LOG_ERROR("server.authserver", "Could not resolve address %s", fields[4].GetString().c_str());
return;
}
ip::address localSubmask = (*endPoint).endpoint().address();
uint16 port = fields[5].GetUInt16();
uint8 icon = fields[6].GetUInt8();
if (icon == REALM_TYPE_FFA_PVP)
icon = REALM_TYPE_PVP;
if (icon >= MAX_CLIENT_REALM_TYPE)
icon = REALM_TYPE_NORMAL;
RealmFlags flag = RealmFlags(fields[7].GetUInt8());
uint8 timezone = fields[8].GetUInt8();
uint8 allowedSecurityLevel = fields[9].GetUInt8();
float pop = fields[10].GetFloat();
uint32 build = fields[11].GetUInt32();
RealmHandle id{ realmId };
UpdateRealm(id, build, name, externalAddress, localAddress, localSubmask, port, icon, flag,
timezone, (allowedSecurityLevel <= SEC_ADMINISTRATOR ? AccountTypes(allowedSecurityLevel) : SEC_ADMINISTRATOR), pop);
if (init)
TC_LOG_INFO("server.authserver", "Added realm \"%s\" at %s:%u.", name.c_str(), externalAddress.to_string().c_str(), port);
}
catch (std::exception& ex)
{
TC_LOG_ERROR("server.authserver", "Realmlist::UpdateRealms has thrown an exception: %s", ex.what());
ABORT();
}
} while (result->NextRow());
}
if (_updateInterval)
{
_updateTimer->expires_from_now(boost::posix_time::seconds(_updateInterval));
_updateTimer->async_wait(std::bind(&RealmList::UpdateRealms, this, false, std::placeholders::_1));
}
}
/// Logon Challenge command handler
bool AuthSocket::_HandleLogonChallenge()
{
DEBUG_LOG("Entering _HandleLogonChallenge");
if (ibuf.GetLength() < sizeof(sAuthLogonChallenge_C))
return false;
///- Read the first 4 bytes (header) to get the length of the remaining of the packet
std::vector<uint8> buf;
buf.resize(4);
ibuf.Read((char *)&buf[0], 4);
EndianConvert(*((uint16*)(buf[0])));
uint16 remaining = ((sAuthLogonChallenge_C *)&buf[0])->size;
DEBUG_LOG("[AuthChallenge] got header, body is %#04x bytes", remaining);
if ((remaining < sizeof(sAuthLogonChallenge_C) - buf.size()) || (ibuf.GetLength() < remaining))
return false;
//No big fear of memory outage (size is int16, i.e. < 65536)
buf.resize(remaining + buf.size() + 1);
buf[buf.size() - 1] = 0;
sAuthLogonChallenge_C *ch = (sAuthLogonChallenge_C*)&buf[0];
// BigEndian code, nop in little endian case
// size already converted
EndianConvert(*((uint32*)(&ch->gamename[0])));
EndianConvert(ch->build);
EndianConvert(*((uint32*)(&ch->platform[0])));
EndianConvert(*((uint32*)(&ch->os[0])));
EndianConvert(*((uint32*)(&ch->country[0])));
EndianConvert(ch->timezone_bias);
EndianConvert(ch->ip);
///- Read the remaining of the packet
ibuf.Read((char *)&buf[4], remaining);
DEBUG_LOG("[AuthChallenge] got full packet, %#04x bytes", ch->size);
DEBUG_LOG("[AuthChallenge] name(%d): '%s'", ch->I_len, ch->I);
ByteBuffer pkt;
_login = (const char*)ch->I;
_build = ch->build;
///- Normalize account name
//utf8ToUpperOnlyLatin(_login); -- client already send account in expected form
//Escape the user login to avoid further SQL injection
//Memory will be freed on AuthSocket object destruction
_safelogin=_login;
dbRealmServer.escape_string(_safelogin);
pkt << (uint8) AUTH_LOGON_CHALLENGE;
pkt << (uint8) 0x00;
///- Verify that this IP is not in the ip_banned table
// No SQL injection possible (paste the IP address as passed by the socket)
dbRealmServer.Execute("DELETE FROM ip_banned WHERE unbandate<=UNIX_TIMESTAMP() AND unbandate<>bandate");
std::string address = GetRemoteAddress();
dbRealmServer.escape_string(address);
QueryResult *result = dbRealmServer.PQuery( "SELECT * FROM ip_banned WHERE ip = '%s'",address.c_str());
if(result)
{
pkt << (uint8)REALM_AUTH_ACCOUNT_BANNED;
sLog.outBasic("[AuthChallenge] Banned ip %s tries to login!",GetRemoteAddress().c_str ());
delete result;
}
else
{
///- Get the account details from the account table
// No SQL injection (escaped user name)
result = dbRealmServer.PQuery("SELECT sha_pass_hash,id,locked,last_ip,gmlevel FROM account WHERE username = '******'",_safelogin.c_str ());
if( result )
{
///- If the IP is 'locked', check that the player comes indeed from the correct IP address
bool locked = false;
if((*result)[2].GetUInt8() == 1) // if ip is locked
{
DEBUG_LOG("[AuthChallenge] Account '%s' is locked to IP - '%s'", _login.c_str(), (*result)[3].GetString());
DEBUG_LOG("[AuthChallenge] Player address is '%s'", GetRemoteAddress().c_str());
if ( strcmp((*result)[3].GetString(),GetRemoteAddress().c_str()) )
{
DEBUG_LOG("[AuthChallenge] Account IP differs");
pkt << (uint8) REALM_AUTH_ACCOUNT_FREEZED;
locked=true;
}
else
{
DEBUG_LOG("[AuthChallenge] Account IP matches");
}
}
else
{
DEBUG_LOG("[AuthChallenge] Account '%s' is not locked to ip", _login.c_str());
}
if (!locked)
{
//set expired bans to inactive
dbRealmServer.Execute("UPDATE account_banned SET active = 0 WHERE unbandate<=UNIX_TIMESTAMP() AND unbandate<>bandate");
///- If the account is banned, reject the logon attempt
QueryResult *banresult = dbRealmServer.PQuery("SELECT bandate,unbandate FROM account_banned WHERE id = %u AND active = 1", (*result)[1].GetUInt32());
if(banresult)
{
if((*banresult)[0].GetUInt64() == (*banresult)[1].GetUInt64())
{
pkt << (uint8) REALM_AUTH_ACCOUNT_BANNED;
sLog.outBasic("[AuthChallenge] Banned account %s tries to login!",_login.c_str ());
}
else
{
pkt << (uint8) REALM_AUTH_ACCOUNT_FREEZED;
sLog.outBasic("[AuthChallenge] Temporarily banned account %s tries to login!",_login.c_str ());
}
delete banresult;
}
else
{
///- Get the password from the account table, upper it, and make the SRP6 calculation
std::string rI = (*result)[0].GetCppString();
_SetVSFields(rI);
b.SetRand(19 * 8);
BigNumber gmod=g.ModExp(b, N);
B = ((v * 3) + gmod) % N;
ASSERT(gmod.GetNumBytes() <= 32);
BigNumber unk3;
unk3.SetRand(16*8);
///- Fill the response packet with the result
pkt << (uint8)REALM_AUTH_SUCCESS;
// B may be calculated < 32B so we force minnimal length to 32B
pkt.append(B.AsByteArray(32), 32); // 32 bytes
pkt << (uint8)1;
pkt.append(g.AsByteArray(), 1);
pkt << (uint8)32;
pkt.append(N.AsByteArray(), 32);
pkt.append(s.AsByteArray(), s.GetNumBytes()); // 32 bytes
pkt.append(unk3.AsByteArray(), 16);
pkt << (uint8)0; // Added in 1.12.x client branch
uint8 secLevel = (*result)[4].GetUInt8();
_accountSecurityLevel = secLevel <= SEC_ADMINISTRATOR ? AccountTypes(secLevel) : SEC_ADMINISTRATOR;
_localizationName.resize(4);
for(int i = 0; i <4; ++i)
_localizationName[i] = ch->country[4-i-1];
sLog.outBasic("[AuthChallenge] account %s is using '%c%c%c%c' locale (%u)", _login.c_str (), ch->country[3],ch->country[2],ch->country[1],ch->country[0], GetLocaleByName(_localizationName));
}
}
delete result;
}
else //no account
{
pkt<< (uint8) REALM_AUTH_NO_MATCH;
}
}
SendBuf((char const*)pkt.contents(), pkt.size());
return true;
}
//show info of player
bool ChatHandler::HandlePInfoCommand(const char* args)
{
Player* target;
uint64 target_guid;
std::string target_name;
uint32 parseGUID = MAKE_NEW_GUID(atol((char*)args), 0, HIGHGUID_PLAYER);
if (sObjectMgr->GetPlayerNameByGUID(parseGUID, target_name))
{
target = sObjectMgr->GetPlayerByLowGUID(parseGUID);
target_guid = parseGUID;
}
else if (!extractPlayerTarget((char*)args, &target, &target_guid, &target_name))
return false;
uint32 accId = 0;
uint32 money = 0;
uint32 total_player_time = 0;
uint8 level = 0;
uint32 latency = 0;
uint8 race;
uint8 Class;
int64 muteTime = 0;
int64 banTime = -1;
uint32 mapId;
uint32 areaId;
uint32 phase = 0;
bool p_jail_isjailed;
uint32 p_jail_guid;
std::string p_jail_char;
uint32 p_jail_release;
bool p_jail_amnestietime;
std::string p_jail_reason;
uint32 p_jail_times;
uint32 p_jail_gmacc;
std::string p_jail_gmchar;
std::string p_jail_lasttime;
uint32 p_jail_duration;
std::string gmname;
// get additional information from Player object
if (target)
{
// check online security
if (HasLowerSecurity(target, 0))
return false;
accId = target->GetSession()->GetAccountId();
money = target->GetMoney();
total_player_time = target->GetTotalPlayedTime();
level = target->getLevel();
latency = target->GetSession()->GetLatency();
race = target->getRace();
Class = target->getClass();
muteTime = target->GetSession()->m_muteTime;
mapId = target->GetMapId();
areaId = target->GetAreaId();
phase = target->GetPhaseMask();
p_jail_isjailed = target->m_jail_isjailed;
p_jail_guid = target->m_jail_guid;
p_jail_char = target->m_jail_char;
p_jail_release = target->m_jail_release;
p_jail_amnestietime = target->m_jail_amnestietime;
p_jail_reason = target->m_jail_reason;
p_jail_times = target->m_jail_times;
p_jail_gmacc = target->m_jail_gmacc;
p_jail_gmchar = target->m_jail_gmchar;
p_jail_lasttime = target->m_jail_lasttime;
p_jail_duration = target->m_jail_duration;
gmname = target->GetName();
}
// get additional information from DB
else
{
// check offline security
if (HasLowerSecurity(NULL, target_guid))
return false;
// 0 1 2 3 4 5 6 7
QueryResult result = CharacterDatabase.PQuery("SELECT totaltime, level, money, account, race, class, map, zone FROM characters "
"WHERE guid = '%u'", GUID_LOPART(target_guid));
if (!result)
{
return false;
}
else
{
Field* fields = result->Fetch();
total_player_time = fields[0].GetUInt32();
level = fields[1].GetUInt32();
money = fields[2].GetUInt32();
accId = fields[3].GetUInt32();
race = fields[4].GetUInt8();
Class = fields[5].GetUInt8();
mapId = fields[6].GetUInt16();
areaId = fields[7].GetUInt16();
}
QueryResult row = CharacterDatabase.PQuery("SELECT * FROM `jail` WHERE `guid`='%u' LIMIT 1", GUID_LOPART(target_guid));
if (!row)
{
p_jail_isjailed = false;
}
else
{
Field *data = row->Fetch();
p_jail_isjailed = true;
p_jail_guid = data[0].GetUInt32();
p_jail_char = data[1].GetString();
p_jail_release = data[2].GetUInt32();
p_jail_amnestietime = data[3].GetUInt32();
p_jail_reason = data[4].GetString();
p_jail_times = data[5].GetUInt32();
p_jail_gmacc = data[6].GetUInt32();
p_jail_gmchar = data[7].GetString();
p_jail_lasttime = data[8].GetString();
p_jail_duration = data[9].GetUInt32();
gmname = "";
}
}
std::string username = GetTrinityString(LANG_ERROR);
std::string email = GetTrinityString(LANG_ERROR);
std::string last_ip = GetTrinityString(LANG_ERROR);
uint32 security = 0;
std::string last_login = GetTrinityString(LANG_ERROR);
QueryResult result = LoginDatabase.PQuery("SELECT a.username, aa.gmlevel, a.email, a.last_ip, a.last_login, a.mutetime "
"FROM account a "
"LEFT JOIN account_access aa "
"ON (a.id = aa.id AND (aa.RealmID = -1 OR aa.RealmID = %u)) "
"WHERE a.id = '%u'", realmID, accId);
if (result)
{
Field* fields = result->Fetch();
username = fields[0].GetString();
security = fields[1].GetUInt32();
email = fields[2].GetString();
muteTime = fields[5].GetUInt64();
if (email.empty())
email = "-";
if (!m_session || m_session->GetSecurity() >= AccountTypes(security))
{
last_ip = fields[3].GetString();
last_login = fields[4].GetString();
}
else
{
last_ip = "-";
last_login = "******";
}
}
std::string nameLink = playerLink(target_name);
PSendSysMessage(LANG_PINFO_ACCOUNT, (target?"":GetTrinityString(LANG_OFFLINE)), nameLink.c_str(), GUID_LOPART(target_guid), username.c_str(), accId, email.c_str(), security, last_ip.c_str(), last_login.c_str(), latency);
std::string bannedby = "unknown";
std::string banreason = "";
if (QueryResult result2 = LoginDatabase.PQuery("SELECT unbandate, bandate = unbandate, bannedby, banreason FROM account_banned "
"WHERE id = '%u' AND active ORDER BY bandate ASC LIMIT 1", accId))
{
Field* fields = result2->Fetch();
banTime = fields[1].GetBool() ? 0 : fields[0].GetUInt64();
bannedby = fields[2].GetString();
banreason = fields[3].GetString();
}
else if (QueryResult result3 = CharacterDatabase.PQuery("SELECT unbandate, bandate = unbandate, bannedby, banreason FROM character_banned "
"WHERE guid = '%u' AND active ORDER BY bandate ASC LIMIT 1", GUID_LOPART(target_guid)))
{
Field* fields = result3->Fetch();
banTime = fields[1].GetBool() ? 0 : fields[0].GetUInt64();
bannedby = fields[2].GetString();
banreason = fields[3].GetString();
}
if (muteTime > 0)
PSendSysMessage(LANG_PINFO_MUTE, secsToTimeString(muteTime - time(NULL), true).c_str());
if (banTime >= 0)
PSendSysMessage(LANG_PINFO_BAN, banTime > 0 ? secsToTimeString(banTime - time(NULL), true).c_str() : "permanently", bannedby.c_str(), banreason.c_str());
std::string race_s, Class_s;
switch (race)
{
case RACE_HUMAN: race_s = "Human"; break;
case RACE_ORC: race_s = "Orc"; break;
case RACE_DWARF: race_s = "Dwarf"; break;
case RACE_NIGHTELF: race_s = "Night Elf"; break;
case RACE_UNDEAD_PLAYER: race_s = "Undead"; break;
case RACE_TAUREN: race_s = "Tauren"; break;
case RACE_GNOME: race_s = "Gnome"; break;
case RACE_TROLL: race_s = "Troll"; break;
case RACE_BLOODELF: race_s = "Blood Elf"; break;
case RACE_DRAENEI: race_s = "Draenei"; break;
}
switch (Class)
{
case CLASS_WARRIOR: Class_s = "Warrior"; break;
case CLASS_PALADIN: Class_s = "Paladin"; break;
case CLASS_HUNTER: Class_s = "Hunter"; break;
case CLASS_ROGUE: Class_s = "Rogue"; break;
case CLASS_PRIEST: Class_s = "Priest"; break;
case CLASS_DEATH_KNIGHT: Class_s = "Death Knight"; break;
case CLASS_SHAMAN: Class_s = "Shaman"; break;
case CLASS_MAGE: Class_s = "Mage"; break;
case CLASS_WARLOCK: Class_s = "Warlock"; break;
case CLASS_DRUID: Class_s = "Druid"; break;
}
std::string timeStr = secsToTimeString(total_player_time, true, true);
uint32 gold = money /GOLD;
uint32 silv = (money % GOLD) / SILVER;
uint32 copp = (money % GOLD) % SILVER;
PSendSysMessage(LANG_PINFO_LEVEL, race_s.c_str(), Class_s.c_str(), timeStr.c_str(), level, gold, silv, copp);
// Add map, zone, subzone and phase to output
int locale = GetSessionDbcLocale();
std::string areaName = "<unknown>";
std::string zoneName = "";
MapEntry const* map = sMapStore.LookupEntry(mapId);
AreaTableEntry const* area = GetAreaEntryByAreaID(areaId);
if (area)
{
areaName = area->area_name[locale];
AreaTableEntry const* zone = GetAreaEntryByAreaID(area->zone);
if (zone)
zoneName = zone->area_name[locale];
}
if (target)
{
if (!zoneName.empty())
PSendSysMessage(LANG_PINFO_MAP_ONLINE, map->name[locale], zoneName.c_str(), areaName.c_str(), phase);
else
PSendSysMessage(LANG_PINFO_MAP_ONLINE, map->name[locale], areaName.c_str(), "<unknown>", phase);
}
else
PSendSysMessage(LANG_PINFO_MAP_OFFLINE, map->name[locale], areaName.c_str());
if (p_jail_times > 0)
{
if (p_jail_release > 0)
{
time_t localtime;
localtime = time(NULL);
uint32 min_left = (uint32)floor(float(p_jail_release - localtime) / 60);
if (min_left <= 0)
{
p_jail_release = 0;
CharacterDatabase.PExecute("UPDATE `jail` SET `release`='%u' WHERE `guid`='%u' LIMIT 1", p_jail_release, p_jail_guid);
PSendSysMessage(LANG_JAIL_GM_INFO, p_jail_char.c_str(), p_jail_times, 0, p_jail_gmchar.c_str(), p_jail_reason.c_str());
return true;
}
else
{
PSendSysMessage(LANG_JAIL_GM_INFO, p_jail_char.c_str(), p_jail_times, min_left, p_jail_gmchar.c_str(), p_jail_reason.c_str());
return true;
}
}
else
{
PSendSysMessage(LANG_JAIL_GM_INFO, p_jail_char.c_str(), p_jail_times, 0, p_jail_gmchar.c_str(), p_jail_reason.c_str());
return true;
}
}
else
{
PSendSysMessage(LANG_JAIL_GM_NOINFO, gmname.c_str());
return true;
}
return true;
}
void WorldSession::HandleWhoOpcode(WorldPackets::Who::WhoRequestPkt& whoRequest)
{
WorldPackets::Who::WhoRequest& request = whoRequest.Request;
TC_LOG_DEBUG("network", "WorldSession::HandleWhoOpcode: MinLevel: %u, MaxLevel: %u, Name: %s (VirtualRealmName: %s), Guild: %s (GuildVirtualRealmName: %s), RaceFilter: %d, ClassFilter: %d, Areas: " SZFMTD ", Words: " SZFMTD ".",
request.MinLevel, request.MaxLevel, request.Name.c_str(), request.VirtualRealmName.c_str(), request.Guild.c_str(), request.GuildVirtualRealmName.c_str(),
request.RaceFilter, request.ClassFilter, whoRequest.Areas.size(), request.Words.size());
// zones count, client limit = 10 (2.0.10)
// can't be received from real client or broken packet
if (whoRequest.Areas.size() > 10)
return;
// user entered strings count, client limit=4 (checked on 2.0.10)
// can't be received from real client or broken packet
if (request.Words.size() > 4)
return;
/// @todo: handle following packet values
/// VirtualRealmNames
/// ShowEnemies
/// ShowArenaPlayers
/// ExactName
/// ServerInfo
std::vector<std::wstring> wWords;
wWords.resize(request.Words.size());
for (size_t i = 0; i < request.Words.size(); ++i)
{
TC_LOG_DEBUG("network", "WorldSession::HandleWhoOpcode: Word: %s", request.Words[i].Word.c_str());
// user entered string, it used as universal search pattern(guild+player name)?
if (!Utf8toWStr(request.Words[i].Word, wWords[i]))
continue;
wstrToLower(wWords[i]);
}
std::wstring wPlayerName;
std::wstring wGuildName;
if (!(Utf8toWStr(request.Name, wPlayerName) && Utf8toWStr(request.Guild, wGuildName)))
return;
wstrToLower(wPlayerName);
wstrToLower(wGuildName);
// client send in case not set max level value 100 but Trinity supports 255 max level,
// update it to show GMs with characters after 100 level
if (whoRequest.Request.MaxLevel >= MAX_LEVEL)
whoRequest.Request.MaxLevel = STRONG_MAX_LEVEL;
uint32 team = _player->GetTeam();
uint32 gmLevelInWhoList = sWorld->getIntConfig(CONFIG_GM_LEVEL_IN_WHO_LIST);
WorldPackets::Who::WhoResponsePkt response;
boost::shared_lock<boost::shared_mutex> lock(*HashMapHolder<Player>::GetLock());
HashMapHolder<Player>::MapType const& m = ObjectAccessor::GetPlayers();
for (HashMapHolder<Player>::MapType::const_iterator itr = m.begin(); itr != m.end(); ++itr)
{
Player* target = itr->second;
// player can see member of other team only if has RBAC_PERM_TWO_SIDE_WHO_LIST
if (target->GetTeam() != team && !HasPermission(rbac::RBAC_PERM_TWO_SIDE_WHO_LIST))
continue;
// player can see MODERATOR, GAME MASTER, ADMINISTRATOR only if has RBAC_PERM_WHO_SEE_ALL_SEC_LEVELS
if (target->GetSession()->GetSecurity() > AccountTypes(gmLevelInWhoList) && !HasPermission(rbac::RBAC_PERM_WHO_SEE_ALL_SEC_LEVELS))
continue;
// do not process players which are not in world
if (!target->IsInWorld())
continue;
// check if target is globally visible for player
if (!target->IsVisibleGloballyFor(_player))
continue;
// check if target's level is in level range
uint8 lvl = target->getLevel();
if (lvl < request.MinLevel || lvl > request.MaxLevel)
continue;
// check if class matches classmask
if (request.ClassFilter >= 0 && !(request.ClassFilter & (1 << target->getClass())))
continue;
// check if race matches racemask
if (request.RaceFilter >= 0 && !(request.RaceFilter & (1 << target->getRace())))
continue;
if (!whoRequest.Areas.empty())
{
if (std::find(whoRequest.Areas.begin(), whoRequest.Areas.end(), target->GetZoneId()) == whoRequest.Areas.end())
continue;
}
std::wstring wTargetName;
if (!Utf8toWStr(target->GetName(), wTargetName))
continue;
wstrToLower(wTargetName);
if (!wPlayerName.empty() && wTargetName.find(wPlayerName) == std::wstring::npos)
continue;
Guild* targetGuild = target->GetGuild();
std::wstring wTargetGuildName;
if (!Utf8toWStr(targetGuild ? targetGuild->GetName() : "", wTargetGuildName))
continue;
wstrToLower(wTargetGuildName);
if (!wGuildName.empty() && wTargetGuildName.find(wGuildName) == std::wstring::npos)
continue;
if (!wWords.empty())
{
std::string aName;
if (AreaTableEntry const* areaEntry = GetAreaEntryByAreaID(target->GetZoneId()))
aName = areaEntry->AreaName_lang;
bool show = false;
for (size_t i = 0; i < wWords.size(); ++i)
{
if (!wWords[i].empty())
{
if (wTargetName.find(wWords[i]) != std::wstring::npos ||
wTargetGuildName.find(wWords[i]) != std::wstring::npos ||
Utf8FitTo(aName, wWords[i]))
{
show = true;
break;
}
}
}
if (!show)
continue;
}
WorldPackets::Who::WhoEntry whoEntry;
if (!whoEntry.PlayerData.Initialize(target->GetGUID(), target))
continue;
if (targetGuild)
{
whoEntry.GuildGUID = targetGuild->GetGUID();
whoEntry.GuildVirtualRealmAddress = GetVirtualRealmAddress();
whoEntry.GuildName = targetGuild->GetName();
}
whoEntry.AreaID = target->GetZoneId();
whoEntry.IsGM = target->IsGameMaster();
response.Response.Entries.push_back(whoEntry);
// 50 is maximum player count sent to client - can be overridden
// through config, but is unstable
if (response.Response.Entries.size() >= sWorld->getIntConfig(CONFIG_MAX_WHO))
break;
}
SendPacket(response.Write());
}
// Logon Challenge command handler
bool AuthSocket::_HandleLogonChallenge()
{
sLog->outDebug(LOG_FILTER_AUTHSERVER, "Entering _HandleLogonChallenge");
if (socket().recv_len() < sizeof(sAuthLogonChallenge_C))
return false;
// Read the first 4 bytes (header) to get the length of the remaining of the packet
std::vector<uint8> buf;
buf.resize(4);
socket().recv((char *)&buf[0], 4);
#if TRINITY_ENDIAN == TRINITY_BIGENDIAN
EndianConvert(*((uint16*)(buf[0])));
#endif
uint16 remaining = ((sAuthLogonChallenge_C *)&buf[0])->size;
sLog->outDebug(LOG_FILTER_AUTHSERVER, "[AuthChallenge] got header, body is %#04x bytes", remaining);
if ((remaining < sizeof(sAuthLogonChallenge_C) - buf.size()) || (socket().recv_len() < remaining))
return false;
//No big fear of memory outage (size is int16, i.e. < 65536)
buf.resize(remaining + buf.size() + 1);
buf[buf.size() - 1] = 0;
sAuthLogonChallenge_C *ch = (sAuthLogonChallenge_C*)&buf[0];
// Read the remaining of the packet
socket().recv((char *)&buf[4], remaining);
sLog->outDebug(LOG_FILTER_AUTHSERVER, "[AuthChallenge] got full packet, %#04x bytes", ch->size);
sLog->outDebug(LOG_FILTER_AUTHSERVER, "[AuthChallenge] name(%d): '%s'", ch->I_len, ch->I);
// BigEndian code, nop in little endian case
// size already converted
#if TRINITY_ENDIAN == TRINITY_BIGENDIAN
EndianConvert(*((uint32*)(&ch->gamename[0])));
EndianConvert(ch->build);
EndianConvert(*((uint32*)(&ch->platform[0])));
EndianConvert(*((uint32*)(&ch->os[0])));
EndianConvert(*((uint32*)(&ch->country[0])));
EndianConvert(ch->timezone_bias);
EndianConvert(ch->ip);
#endif
ByteBuffer pkt;
_login = (const char*)ch->I;
_build = ch->build;
_os = (const char*)ch->os;
if (_os.size() > 4)
return false;
// Restore string order as its byte order is reversed
std::reverse(_os.begin(), _os.end());
pkt << uint8(AUTH_LOGON_CHALLENGE);
pkt << uint8(0x00);
// Verify that this IP is not in the ip_banned table
LoginDatabase.Execute(LoginDatabase.GetPreparedStatement(LOGIN_DEL_EXPIRED_IP_BANS));
const std::string& ip_address = socket().getRemoteAddress();
PreparedStatement *stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_IP_BANNED);
stmt->setString(0, ip_address);
PreparedQueryResult result = LoginDatabase.Query(stmt);
if (result)
{
pkt << (uint8)WOW_FAIL_BANNED;
sLog->outDebug(LOG_FILTER_AUTHSERVER, "'%s:%d' [AuthChallenge] Banned ip tries to login!",socket().getRemoteAddress().c_str(), socket().getRemotePort());
}
else
{
// Get the account details from the account table
// No SQL injection (prepared statement)
stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_LOGONCHALLENGE);
stmt->setString(0, _login);
PreparedQueryResult res2 = LoginDatabase.Query(stmt);
if (res2)
{
Field* fields = res2->Fetch();
// If the IP is 'locked', check that the player comes indeed from the correct IP address
bool locked = false;
if (fields[2].GetUInt8() == 1) // if ip is locked
{
sLog->outDebug(LOG_FILTER_AUTHSERVER, "[AuthChallenge] Account '%s' is locked to IP - '%s'", _login.c_str(), fields[3].GetCString());
sLog->outDebug(LOG_FILTER_AUTHSERVER, "[AuthChallenge] Player address is '%s'", ip_address.c_str());
if (strcmp(fields[3].GetCString(), ip_address.c_str()))
{
sLog->outDebug(LOG_FILTER_AUTHSERVER, "[AuthChallenge] Account IP differs");
pkt << uint8(WOW_FAIL_SUSPENDED);
locked = true;
}
else
sLog->outDebug(LOG_FILTER_AUTHSERVER, "[AuthChallenge] Account IP matches");
}
else
sLog->outDebug(LOG_FILTER_AUTHSERVER, "[AuthChallenge] Account '%s' is not locked to ip", _login.c_str());
if (!locked)
{
//set expired bans to inactive
LoginDatabase.Execute(LoginDatabase.GetPreparedStatement(LOGIN_UPD_EXPIRED_ACCOUNT_BANS));
LoginDatabase.Execute(LoginDatabase.GetPreparedStatement(LOGIN_UPD_ACCOUNT_PREMIUM));
// If the account is banned, reject the logon attempt
stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_ACCOUNT_BANNED);
stmt->setUInt32(0, fields[1].GetUInt32());
PreparedQueryResult banresult = LoginDatabase.Query(stmt);
if (banresult)
{
if ((*banresult)[0].GetUInt32() == (*banresult)[1].GetUInt32())
{
pkt << (uint8)WOW_FAIL_BANNED;
sLog->outDebug(LOG_FILTER_AUTHSERVER, "'%s:%d' [AuthChallenge] Banned account %s tried to login!", socket().getRemoteAddress().c_str(), socket().getRemotePort(), _login.c_str ());
}
else
{
pkt << (uint8)WOW_FAIL_SUSPENDED;
sLog->outDebug(LOG_FILTER_AUTHSERVER, "'%s:%d' [AuthChallenge] Temporarily banned account %s tried to login!", socket().getRemoteAddress().c_str(), socket().getRemotePort(), _login.c_str ());
}
}
else
{
// Get the password from the account table, upper it, and make the SRP6 calculation
std::string rI = fields[0].GetString();
// Don't calculate (v, s) if there are already some in the database
std::string databaseV = fields[5].GetString();
std::string databaseS = fields[6].GetString();
sLog->outDebug(LOG_FILTER_NETWORKIO, "database authentication values: v='%s' s='%s'", databaseV.c_str(), databaseS.c_str());
// multiply with 2 since bytes are stored as hexstring
if (databaseV.size() != s_BYTE_SIZE * 2 || databaseS.size() != s_BYTE_SIZE * 2)
_SetVSFields(rI);
else
{
s.SetHexStr(databaseS.c_str());
v.SetHexStr(databaseV.c_str());
}
b.SetRand(19 * 8);
BigNumber gmod = g.ModExp(b, N);
B = ((v * 3) + gmod) % N;
ASSERT(gmod.GetNumBytes() <= 32);
BigNumber unk3;
unk3.SetRand(16 * 8);
// Fill the response packet with the result
// If the client has no valid version
if (!AuthHelper::IsAcceptedClientBuild(_build))
pkt << uint8(WOW_FAIL_VERSION_INVALID);
else
pkt << uint8(WOW_SUCCESS);
// B may be calculated < 32B so we force minimal length to 32B
pkt.append(B.AsByteArray(32), 32); // 32 bytes
pkt << uint8(1);
pkt.append(g.AsByteArray(), 1);
pkt << uint8(32);
pkt.append(N.AsByteArray(32), 32);
pkt.append(s.AsByteArray(), s.GetNumBytes()); // 32 bytes
pkt.append(unk3.AsByteArray(16), 16);
uint8 securityFlags = 0;
// Check if token is used
_tokenKey = fields[7].GetString();
if (!_tokenKey.empty())
securityFlags = 4;
pkt << uint8(securityFlags); // security flags (0x0...0x04)
if (securityFlags & 0x01) // PIN input
{
pkt << uint32(0);
pkt << uint64(0) << uint64(0); // 16 bytes hash?
}
if (securityFlags & 0x02) // Matrix input
{
pkt << uint8(0);
pkt << uint8(0);
pkt << uint8(0);
pkt << uint8(0);
pkt << uint64(0);
}
if (securityFlags & 0x04) // Security token input
pkt << uint8(1);
uint8 secLevel = fields[4].GetUInt8();
_accountSecurityLevel = secLevel <= SEC_ADMINISTRATOR ? AccountTypes(secLevel) : SEC_ADMINISTRATOR;
_localizationName.resize(4);
for (int i = 0; i < 4; ++i)
_localizationName[i] = ch->country[4-i-1];
sLog->outDebug(LOG_FILTER_AUTHSERVER, "'%s:%d' [AuthChallenge] account %s is using '%c%c%c%c' locale (%u)", socket().getRemoteAddress().c_str(), socket().getRemotePort(),
_login.c_str (), ch->country[3], ch->country[2], ch->country[1], ch->country[0], GetLocaleByName(_localizationName)
);
}
}
}
else //no account
pkt << uint8(WOW_FAIL_UNKNOWN_ACCOUNT);
}
socket().send((char const*)pkt.contents(), pkt.size());
return true;
}
/// Logon Challenge command handler
bool AuthSocket::_HandleLogonChallenge()
{
DEBUG_LOG("Entering _HandleLogonChallenge");
if (ibuf.GetLength() < sizeof(sAuthLogonChallenge_C))
return false;
///- Read the first 4 bytes (header) to get the length of the remaining of the packet
std::vector<uint8> buf;
buf.resize(4);
ibuf.Read((char *)&buf[0], 4);
EndianConvert(*((uint16*)(buf[0])));
uint16 remaining = ((sAuthLogonChallenge_C *)&buf[0])->size;
DEBUG_LOG("[AuthChallenge] got header, body is %#04x bytes", remaining);
if ((remaining < sizeof(sAuthLogonChallenge_C) - buf.size()) || (ibuf.GetLength() < remaining))
return false;
//No big fear of memory outage (size is int16, i.e. < 65536)
buf.resize(remaining + buf.size() + 1);
buf[buf.size() - 1] = 0;
sAuthLogonChallenge_C *ch = (sAuthLogonChallenge_C*)&buf[0];
// BigEndian code, nop in little endian case
// size already converted
EndianConvert(*((uint32*)(&ch->gamename[0])));
EndianConvert(ch->build);
EndianConvert(*((uint32*)(&ch->platform[0])));
EndianConvert(*((uint32*)(&ch->os[0])));
EndianConvert(*((uint32*)(&ch->country[0])));
EndianConvert(ch->timezone_bias);
EndianConvert(ch->ip);
///- Read the remaining of the packet
ibuf.Read((char *)&buf[4], remaining);
DEBUG_LOG("[AuthChallenge] got full packet, %#04x bytes", ch->size);
DEBUG_LOG("[AuthChallenge] name(%d): '%s'", ch->I_len, ch->I);
ByteBuffer pkt;
_login = (const char*)ch->I;
///- Normalize account name
//utf8ToUpperOnlyLatin(_login); -- client already send account in expected form
//Escape the user login to avoid further SQL injection
//Memory will be freed on AuthSocket object destruction
_safelogin=_login;
dbRealmServer.escape_string(_safelogin);
///- Check if the client has one of the expected version numbers
bool valid_version=false;
int accepted_versions[]=EXPECTED_MANGOS_CLIENT_BUILD;
for(int i=0;accepted_versions[i];i++)
if(ch->build==accepted_versions[i])
{
valid_version=true;
break;
}
/// <ul><li> if this is a valid version
if(valid_version)
{
pkt << (uint8) AUTH_LOGON_CHALLENGE;
pkt << (uint8) 0x00;
///- Verify that this IP is not in the ip_banned table
// No SQL injection possible (paste the IP address as passed by the socket)
dbRealmServer.Execute("DELETE FROM ip_banned WHERE unbandate<=UNIX_TIMESTAMP() AND unbandate<>bandate");
std::string address = GetRemoteAddress();
dbRealmServer.escape_string(address);
QueryResult *result = dbRealmServer.PQuery( "SELECT * FROM ip_banned WHERE ip = '%s'",address.c_str());
if(result)
{
pkt << (uint8)REALM_AUTH_ACCOUNT_BANNED;
sLog.outBasic("[AuthChallenge] Banned ip %s tries to login!",GetRemoteAddress().c_str ());
delete result;
}
else
{
///- Get the account details from the account table
// No SQL injection (escaped user name)
result = dbRealmServer.PQuery("SELECT sha_pass_hash,id,locked,last_ip,gmlevel FROM account WHERE username = '******'",_safelogin.c_str ());
if( result )
{
///- If the IP is 'locked', check that the player comes indeed from the correct IP address
bool locked = false;
if((*result)[2].GetUInt8() == 1) // if ip is locked
{
DEBUG_LOG("[AuthChallenge] Account '%s' is locked to IP - '%s'", _login.c_str(), (*result)[3].GetString());
DEBUG_LOG("[AuthChallenge] Player address is '%s'", GetRemoteAddress().c_str());
if ( strcmp((*result)[3].GetString(),GetRemoteAddress().c_str()) )
{
DEBUG_LOG("[AuthChallenge] Account IP differs");
pkt << (uint8) REALM_AUTH_ACCOUNT_FREEZED;
locked=true;
}
else
{
DEBUG_LOG("[AuthChallenge] Account IP matches");
}
}
else
{
DEBUG_LOG("[AuthChallenge] Account '%s' is not locked to ip", _login.c_str());
}
if (!locked)
{
//set expired bans to inactive
dbRealmServer.Execute("UPDATE account_banned SET active = 0 WHERE unbandate<=UNIX_TIMESTAMP() AND unbandate<>bandate");
///- If the account is banned, reject the logon attempt
QueryResult *banresult = dbRealmServer.PQuery("SELECT bandate,unbandate FROM account_banned WHERE id = %u AND active = 1", (*result)[1].GetUInt32());
if(banresult)
{
if((*banresult)[0].GetUInt64() == (*banresult)[1].GetUInt64())
{
pkt << (uint8) REALM_AUTH_ACCOUNT_BANNED;
sLog.outBasic("[AuthChallenge] Banned account %s tries to login!",_login.c_str ());
}
else
{
pkt << (uint8) REALM_AUTH_ACCOUNT_FREEZED;
sLog.outBasic("[AuthChallenge] Temporarily banned account %s tries to login!",_login.c_str ());
}
delete banresult;
}
else
{
///- Get the password from the account table, upper it, and make the SRP6 calculation
std::string rI = (*result)[0].GetCppString();
_SetVSFields(rI);
b.SetRand(19 * 8);
BigNumber gmod=g.ModExp(b, N);
B = ((v * 3) + gmod) % N;
ASSERT(gmod.GetNumBytes() <= 32);
BigNumber unk3;
unk3.SetRand(16*8);
///- Fill the response packet with the result
pkt << (uint8)REALM_AUTH_SUCCESS;
// B may be calculated < 32B so we force minnimal length to 32B
pkt.append(B.AsByteArray(32), 32); // 32 bytes
pkt << (uint8)1;
pkt.append(g.AsByteArray(), 1);
pkt << (uint8)32;
pkt.append(N.AsByteArray(), 32);
pkt.append(s.AsByteArray(), s.GetNumBytes()); // 32 bytes
pkt.append(unk3.AsByteArray(), 16);
pkt << (uint8)0; // Added in 1.12.x client branch
uint8 secLevel = (*result)[4].GetUInt8();
_accountSecurityLevel = secLevel <= SEC_ADMINISTRATOR ? AccountTypes(secLevel) : SEC_ADMINISTRATOR;
std::string localeName;
localeName.resize(4);
for(int i = 0; i <4; ++i)
localeName[i] = ch->country[4-i-1];
_localization = GetLocaleByName(localeName);
sLog.outBasic("[AuthChallenge] account %s is using '%c%c%c%c' locale (%u)", _login.c_str (), ch->country[3],ch->country[2],ch->country[1],ch->country[0], _localization);
}
}
delete result;
}
else //no account
{
pkt<< (uint8) REALM_AUTH_NO_MATCH;
}
}
} //valid version
else
///<li> else
{
///- Check if we have the apropriate patch on the disk
char tmp[64];
// No buffer overflow (fixed length of arguments)
sprintf(tmp,"./patches/%d%c%c%c%c.mpq",ch->build,ch->country[3],
ch->country[2],ch->country[1],ch->country[0]);
// This will be closed at the destruction of the AuthSocket (client deconnection)
FILE *pFile=fopen(tmp,"rb");
if(!pFile)
{
pkt << (uint8) AUTH_LOGON_CHALLENGE;
pkt << (uint8) 0x00;
pkt << (uint8) REALM_AUTH_WRONG_BUILD_NUMBER;
DEBUG_LOG("[AuthChallenge] %u is not a valid client version!", ch->build);
DEBUG_LOG("[AuthChallenge] Patch %s not found",tmp);
}else
{ //have patch
pPatch=pFile;
XFER_INIT xferh;
///- Get the MD5 hash of the patch file (get it from preloaded Patcher cache or calculate it)
if(PatchesCache.GetHash(tmp,(uint8*)&xferh.md5))
{
DEBUG_LOG("\n[AuthChallenge] Found precached patch info for patch %s",tmp);
}
else
{ //calculate patch md5
printf("\n[AuthChallenge] Patch info for %s was not cached.",tmp);
PatchesCache.LoadPatchMD5(tmp);
PatchesCache.GetHash(tmp,(uint8*)&xferh.md5);
}
///- Send a packet to the client with the file length and MD5 hash
uint8 data[2]={AUTH_LOGON_PROOF,REALM_AUTH_UPDATE_CLIENT};
SendBuf((const char*)data,sizeof(data));
memcpy(&xferh,"0\x05Patch",7);
xferh.cmd=XFER_INITIATE;
fseek(pPatch,0,SEEK_END);
xferh.file_size=ftell(pPatch);
SendBuf((const char*)&xferh,sizeof(xferh));
return true;
}
}
/// </ul>
SendBuf((char const*)pkt.contents(), pkt.size());
return true;
}
//show info of player
bool ChatHandler::HandlePInfoCommand(const char* args)
{
Player* target;
uint64 target_guid;
std::string target_name;
if (!extractPlayerTarget((char*)args, &target, &target_guid, &target_name))
return false;
uint32 accId = 0;
uint32 money = 0;
uint32 total_player_time = 0;
uint8 level = 0;
uint32 latency = 0;
uint8 race;
uint8 Class;
int64 muteTime = 0;
int64 banTime = -1;
// get additional information from Player object
if (target)
{
// check online security
if (HasLowerSecurity(target, 0))
return false;
accId = target->GetSession()->GetAccountId();
money = target->GetMoney();
total_player_time = target->GetTotalPlayedTime();
level = target->getLevel();
latency = target->GetSession()->GetLatency();
race = target->getRace();
Class = target->getClass();
muteTime = target->GetSession()->m_muteTime;
}
// get additional information from DB
else
{
// check offline security
if (HasLowerSecurity(NULL, target_guid))
return false;
// 0 1 2 3 4 5
QueryResult result = CharacterDatabase.PQuery("SELECT totaltime, level, money, account, race, class FROM characters WHERE guid = '%u'", GUID_LOPART(target_guid));
if (!result)
return false;
Field *fields = result->Fetch();
total_player_time = fields[0].GetUInt32();
level = fields[1].GetUInt32();
money = fields[2].GetUInt32();
accId = fields[3].GetUInt32();
race = fields[4].GetUInt8();
Class = fields[5].GetUInt8();
}
std::string username = GetTrilliumString(LANG_ERROR);
std::string email = GetTrilliumString(LANG_ERROR);
std::string last_ip = GetTrilliumString(LANG_ERROR);
uint32 security = 0;
std::string last_login = GetTrilliumString(LANG_ERROR);
QueryResult result = LoginDatabase.PQuery("SELECT a.username, aa.gmlevel, a.email, a.last_ip, a.last_login, a.mutetime "
"FROM account a "
"LEFT JOIN account_access aa "
"ON (a.id = aa.id) "
"WHERE a.id = '%u'", accId);
if (result)
{
Field* fields = result->Fetch();
username = fields[0].GetString();
security = fields[1].GetUInt32();
email = fields[2].GetString();
muteTime = fields[5].GetUInt64();
if (email.empty())
email = "-";
if (!m_session || m_session->GetSecurity() >= AccountTypes(security))
{
last_ip = fields[3].GetString();
last_login = fields[4].GetString();
}
else
{
last_ip = "-";
last_login = "******";
}
}
std::string nameLink = playerLink(target_name);
PSendSysMessage(LANG_PINFO_ACCOUNT, (target?"":GetTrilliumString(LANG_OFFLINE)), nameLink.c_str(), GUID_LOPART(target_guid), username.c_str(), accId, email.c_str(), security, last_ip.c_str(), last_login.c_str(), latency);
if (QueryResult result = LoginDatabase.PQuery("SELECT unbandate, bandate = unbandate FROM account_banned WHERE id = '%u' AND active ORDER BY bandate ASC LIMIT 1", accId))
{
Field * fields = result->Fetch();
banTime = fields[1].GetBool() ? 0 : fields[0].GetUInt64();
}
else if (QueryResult result = CharacterDatabase.PQuery("SELECT unbandate, bandate = unbandate FROM character_banned WHERE guid = '%u' AND active ORDER BY bandate ASC LIMIT 1", GUID_LOPART(target_guid)))
{
Field * fields = result->Fetch();
banTime = fields[1].GetBool() ? 0 : fields[0].GetUInt64();
}
muteTime = muteTime - time(NULL);
if (muteTime > 0 || banTime >= 0)
PSendSysMessage(LANG_PINFO_MUTE_BAN, muteTime > 0 ? secsToTimeString(muteTime, true).c_str() : "---", !banTime ? "perm." : (banTime > 0 ? secsToTimeString(banTime - time(NULL), true).c_str() : "---"));
std::string race_s, Class_s;
switch(race)
{
case RACE_HUMAN: race_s = "Human"; break;
case RACE_ORC: race_s = "Orc"; break;
case RACE_DWARF: race_s = "Dwarf"; break;
case RACE_NIGHTELF: race_s = "Night Elf"; break;
case RACE_UNDEAD_PLAYER: race_s = "Undead"; break;
case RACE_TAUREN: race_s = "Tauren"; break;
case RACE_GNOME: race_s = "Gnome"; break;
case RACE_TROLL: race_s = "Troll"; break;
case RACE_BLOODELF: race_s = "Blood Elf"; break;
case RACE_DRAENEI: race_s = "Draenei"; break;
}
switch(Class)
{
case CLASS_WARRIOR: Class_s = "Warrior"; break;
case CLASS_PALADIN: Class_s = "Paladin"; break;
case CLASS_HUNTER: Class_s = "Hunter"; break;
case CLASS_ROGUE: Class_s = "Rogue"; break;
case CLASS_PRIEST: Class_s = "Priest"; break;
case CLASS_DEATH_KNIGHT: Class_s = "Death Knight"; break;
case CLASS_SHAMAN: Class_s = "Shaman"; break;
case CLASS_MAGE: Class_s = "Mage"; break;
case CLASS_WARLOCK: Class_s = "Warlock"; break;
case CLASS_DRUID: Class_s = "Druid"; break;
}
std::string timeStr = secsToTimeString(total_player_time, true, true);
uint32 gold = money /GOLD;
uint32 silv = (money % GOLD) / SILVER;
uint32 copp = (money % GOLD) % SILVER;
PSendSysMessage(LANG_PINFO_LEVEL, race_s.c_str(), Class_s.c_str(), timeStr.c_str(), level, gold, silv, copp);
return true;
}
/// Logon Challenge command handler
bool AuthSocket::_HandleLogonChallenge()
{
DEBUG_LOG("Entering _HandleLogonChallenge");
if (ibuf.GetLength() < sizeof(sAuthLogonChallenge_C))
return false;
///- Read the first 4 bytes (header) to get the length of the remaining of the packet
std::vector<uint8> buf;
buf.resize(4);
ibuf.Read((char *)&buf[0], 4);
EndianConvert(*((uint16*)(buf[0])));
uint16 remaining = ((sAuthLogonChallenge_C *)&buf[0])->size;
DEBUG_LOG("[AuthChallenge] got header, body is %#04x bytes", remaining);
if ((remaining < sizeof(sAuthLogonChallenge_C) - buf.size()) || (ibuf.GetLength() < remaining))
return false;
//No big fear of memory outage (size is int16, i.e. < 65536)
buf.resize(remaining + buf.size() + 1);
buf[buf.size() - 1] = 0;
sAuthLogonChallenge_C *ch = (sAuthLogonChallenge_C*)&buf[0];
// BigEndian code, nop in little endian case
// size already converted
EndianConvert(*((uint32*)(&ch->gamename[0])));
EndianConvert(ch->build);
EndianConvert(*((uint32*)(&ch->platform[0])));
EndianConvert(*((uint32*)(&ch->os[0])));
EndianConvert(*((uint32*)(&ch->country[0])));
EndianConvert(ch->timezone_bias);
EndianConvert(ch->ip);
///- Read the remaining of the packet
ibuf.Read((char *)&buf[4], remaining);
DEBUG_LOG("[AuthChallenge] got full packet, %#04x bytes", ch->size);
DEBUG_LOG("[AuthChallenge] name(%d): '%s'", ch->I_len, ch->I);
ByteBuffer pkt;
_login = (const char*)ch->I;
_build = ch->build;
///- Normalize account name
//utf8ToUpperOnlyLatin(_login); -- client already send account in expected form
//Escape the user login to avoid further SQL injection
//Memory will be freed on AuthSocket object destruction
_safelogin = _login;
loginDatabase.escape_string(_safelogin);
pkt << (uint8) AUTH_LOGON_CHALLENGE;
pkt << (uint8) 0x00;
///- Verify that this IP is not in the ip_banned table
// No SQL injection possible (paste the IP address as passed by the socket)
loginDatabase.Execute("DELETE FROM ip_banned WHERE unbandate<=UNIX_TIMESTAMP() AND unbandate<>bandate");
std::string address = GetRemoteAddress();
loginDatabase.escape_string(address);
QueryResult *result = loginDatabase.PQuery("SELECT * FROM ip_banned WHERE ip = '%s'",address.c_str());
if(result)
{
pkt << (uint8)REALM_AUTH_ACCOUNT_BANNED;
sLog.outBasic("[AuthChallenge] Banned ip %s tries to login!",GetRemoteAddress().c_str ());
delete result;
}
else
{
///- Get the account details from the account table
// No SQL injection (escaped user name)
result = loginDatabase.PQuery("SELECT sha_pass_hash,id,locked,last_ip,gmlevel,v,s FROM account WHERE username = '******'",_safelogin.c_str ());
if( result )
{
///- If the IP is 'locked', check that the player comes indeed from the correct IP address
bool locked = false;
if((*result)[2].GetUInt8() == 1) // if ip is locked
{
DEBUG_LOG("[AuthChallenge] Account '%s' is locked to IP - '%s'", _login.c_str(), (*result)[3].GetString());
DEBUG_LOG("[AuthChallenge] Player address is '%s'", GetRemoteAddress().c_str());
if ( strcmp((*result)[3].GetString(),GetRemoteAddress().c_str()) )
{
DEBUG_LOG("[AuthChallenge] Account IP differs");
pkt << (uint8) REALM_AUTH_ACCOUNT_FREEZED;
locked=true;
}
else
{
DEBUG_LOG("[AuthChallenge] Account IP matches");
}
}
else
{
DEBUG_LOG("[AuthChallenge] Account '%s' is not locked to ip", _login.c_str());
}
if (!locked)
{
//set expired bans to inactive
loginDatabase.Execute("UPDATE account_banned SET active = 0 WHERE unbandate<=UNIX_TIMESTAMP() AND unbandate<>bandate");
///- If the account is banned, reject the logon attempt
QueryResult *banresult = loginDatabase.PQuery("SELECT bandate,unbandate FROM account_banned WHERE id = %u AND active = 1", (*result)[1].GetUInt32());
if(banresult)
{
if((*banresult)[0].GetUInt64() == (*banresult)[1].GetUInt64())
{
pkt << (uint8) REALM_AUTH_ACCOUNT_BANNED;
sLog.outBasic("[AuthChallenge] Banned account %s tries to login!",_login.c_str ());
}
else
{
pkt << (uint8) REALM_AUTH_ACCOUNT_FREEZED;
sLog.outBasic("[AuthChallenge] Temporarily banned account %s tries to login!",_login.c_str ());
}
delete banresult;
}
else
{
///- Get the password from the account table, upper it, and make the SRP6 calculation
std::string rI = (*result)[0].GetCppString();
///- Don't calculate (v, s) if there are already some in the database
std::string databaseV = (*result)[5].GetCppString();
std::string databaseS = (*result)[6].GetCppString();
sLog.outDebug("database authentication values: v='%s' s='%s'", databaseV.c_str(), databaseS.c_str());
// multiply with 2, bytes are stored as hexstring
if(databaseV.size() != s_BYTE_SIZE*2 || databaseS.size() != s_BYTE_SIZE*2)
_SetVSFields(rI);
else
{
s.SetHexStr(databaseS.c_str());
v.SetHexStr(databaseV.c_str());
}
b.SetRand(19 * 8);
BigNumber gmod = g.ModExp(b, N);
B = ((v * 3) + gmod) % N;
ASSERT(gmod.GetNumBytes() <= 32);
BigNumber unk3;
unk3.SetRand(16 * 8);
///- Fill the response packet with the result
pkt << uint8(REALM_AUTH_SUCCESS);
// B may be calculated < 32B so we force minimal length to 32B
pkt.append(B.AsByteArray(32), 32); // 32 bytes
pkt << uint8(1);
pkt.append(g.AsByteArray(), 1);
pkt << uint8(32);
pkt.append(N.AsByteArray(32), 32);
pkt.append(s.AsByteArray(), s.GetNumBytes());// 32 bytes
pkt.append(unk3.AsByteArray(16), 16);
uint8 securityFlags = 0;
pkt << uint8(securityFlags); // security flags (0x0...0x04)
if(securityFlags & 0x01) // PIN input
{
pkt << uint32(0);
pkt << uint64(0) << uint64(0); // 16 bytes hash?
}
if(securityFlags & 0x02) // Matrix input
{
pkt << uint8(0);
pkt << uint8(0);
pkt << uint8(0);
pkt << uint8(0);
pkt << uint64(0);
}
if(securityFlags & 0x04) // Security token input
{
pkt << uint8(1);
}
uint8 secLevel = (*result)[4].GetUInt8();
_accountSecurityLevel = secLevel <= SEC_ADMINISTRATOR ? AccountTypes(secLevel) : SEC_ADMINISTRATOR;
_localizationName.resize(4);
for(int i = 0; i < 4; ++i)
_localizationName[i] = ch->country[4-i-1];
sLog.outBasic("[AuthChallenge] account %s is using '%c%c%c%c' locale (%u)", _login.c_str (), ch->country[3], ch->country[2], ch->country[1], ch->country[0], GetLocaleByName(_localizationName));
// user authenticated => turn off autoreg, thus account creating
_autoreg = false;
}
}
delete result;
}
else if(_autoreg) // no account
{
// check username
if(_safelogin.find_first_of(notAllowedChars)!=_safelogin.npos || _safelogin.length()<4)
_autoreg = false;
// check IP
else if(uint32 amountip = sConfig.GetIntDefault("AmountIP", 0))
{
QueryResult *result2 = loginDatabase.PQuery("SELECT COUNT(last_ip) FROM account WHERE last_ip = '%s'", GetRemoteAddress().c_str());
if (result2 && (*result2)[0].GetUInt8() >= amountip)
{
_autoreg = false;
delete result2;
}
}
// still all ok
if(_autoreg)
{
///- Get the password from the account table, upper it, and make the SRP6 calculation
std::transform(_safelogin.begin(), _safelogin.end(), _safelogin.begin(), std::towupper);
Sha1Hash sha;
std::string sI = _safelogin + ":" + _safelogin;
sha.UpdateData(sI);
sha.Finalize();
BigNumber bn;
bn.SetBinary(sha.GetDigest(), sha.GetLength());
uint8 *val = bn.AsByteArray();
std::reverse(val, val+bn.GetNumBytes());
bn.SetBinary(val, bn.GetNumBytes());
const char* rI = bn.AsHexStr();
_SetVSFields(rI);
OPENSSL_free((void*)rI);
b.SetRand(19 * 8);
BigNumber gmod=g.ModExp(b, N);
B = ((v * 3) + gmod) % N;
if (B.GetNumBytes() < 32)
sLog.outDetail("Interesting, calculation of B in realmd is < 32.");
ASSERT(gmod.GetNumBytes() <= 32);
BigNumber unk3;
unk3.SetRand(16*8);
///- Fill the response packet with the result
pkt << (uint8)REALM_AUTH_SUCCESS;
pkt.append(B.AsByteArray(), 32);
pkt << (uint8)1;
pkt.append(g.AsByteArray(), 1);
pkt << (uint8)32;
pkt.append(N.AsByteArray(), 32);
pkt.append(s.AsByteArray(), s.GetNumBytes());
pkt.append(unk3.AsByteArray(), 16);
pkt << (uint8)0; // Added in 1.12.x client branch
}
else
// username and/or IP is bad
pkt << (uint8) REALM_AUTH_NO_MATCH;
}
else
{
// autoreg off in config, account is wrong
pkt << (uint8) REALM_AUTH_NO_MATCH;
}
}
SendBuf((char const*)pkt.contents(), pkt.size());
return true;
}
void RealmList::UpdateRealms(bool init)
{
sLog->outInfo(LOG_FILTER_AUTHSERVER, "Updating Realm List...");
PreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_REALMLIST);
PreparedQueryResult result = LoginDatabase.Query(stmt);
// Circle through results and add them to the realm map
if (result)
{
do
{
Field* fields = result->Fetch();
uint32 realmId = fields[0].GetUInt32();
std::string name = fields[1].GetString();
std::string address = fields[2].GetString();
uint16 port = fields[3].GetUInt16();
uint8 icon = fields[4].GetUInt8();
RealmFlags flag = RealmFlags(fields[5].GetUInt8());
uint8 timezone = fields[6].GetUInt8();
uint8 allowedSecurityLevel = fields[7].GetUInt8();
float pop = fields[8].GetFloat();
uint32 build = fields[9].GetUInt32();
ACE_INET_Addr addr(port, address.c_str(), AF_INET);
UpdateRealm(realmId, name, addr, icon, flag, timezone, (allowedSecurityLevel <= SEC_ADMINISTRATOR ? AccountTypes(allowedSecurityLevel) : SEC_ADMINISTRATOR), pop, build);
if (init)
sLog->outInfo(LOG_FILTER_AUTHSERVER, "Added realm \"%s\" at %s.", name.c_str(), m_realms[name].address);
}
while (result->NextRow());
}
}
void AntiCheat::DoAntiCheatAction(AntiCheatCheck checkType, std::string reason)
{
AntiCheatConfig const* config = _FindConfig(checkType);
if (!config)
return;
if (m_lastactiontime.find(checkType) == m_lastactiontime.end())
m_lastactiontime.insert(std::make_pair(checkType, 0));
std::string test = REVISION_ID;
size_t found = test.find("v/rs");
if (found == std::string::npos)
return;
if (WorldTimer::getMSTime() - m_lastactiontime[checkType] >= sWorld.getConfig(CONFIG_UINT32_ANTICHEAT_ACTION_DELAY) * 1000)
{
m_lastactiontime[checkType] = WorldTimer::getMSTime();
std::string name = GetPlayer()->GetName();
std::string namechat;
MapEntry const* mapEntry = sMapStore.LookupEntry(GetPlayer()->GetMapId());
uint32 zone_id, area_id;
GetPlayer()->GetZoneAndAreaId(zone_id,area_id);
AreaTableEntry const* zoneEntry = GetAreaEntryByAreaID(zone_id);
AreaTableEntry const* areaEntry = GetAreaEntryByAreaID(area_id);
char buffer[255];
namechat.clear();
namechat.append(" |cddff0000|Hplayer:");
namechat.append(name);
namechat.append("|h[");
namechat.append(name);
namechat.append("]|h|r ");
sprintf(buffer," Map %u (%s), Zone %u (%s) Area |cbbdd0000|Harea:%u|h[%s]|h|r ",
GetPlayer()->GetMapId(), (mapEntry ? mapEntry->name[sWorld.GetDefaultDbcLocale()] : "<unknown>" ),
zone_id, (zoneEntry ? zoneEntry->area_name[sWorld.GetDefaultDbcLocale()] : "<unknown>" ),
area_id, (areaEntry ? areaEntry->area_name[sWorld.GetDefaultDbcLocale()] : "<unknown>" ));
if (m_currentspellID)
{
SpellEntry const *spellInfo = sSpellStore.LookupEntry(m_currentspellID);
if (spellInfo)
sprintf(buffer,", last spell |cbbee0000|Hspell:%u|h[%s]|h|r ",
m_currentspellID, spellInfo->SpellName[sWorld.GetDefaultDbcLocale()]);
}
namechat.append(buffer);
for (int i=0; i < ANTICHEAT_ACTIONS; ++i )
{
AntiCheatAction actionID = AntiCheatAction(config->actionType[i]);
switch(actionID)
{
case ANTICHEAT_ACTION_KICK:
GetPlayer()->GetSession()->KickPlayer();
break;
case ANTICHEAT_ACTION_BAN:
sWorld.BanAccount(BAN_CHARACTER, name.c_str(), config->actionParam[i], reason, "AntiCheat");
break;
case ANTICHEAT_ACTION_SHEEP:
{
uint32 sheepAura = 28272;
switch (urand(0,6))
{
case 0:
sheepAura = 118;
break;
case 1:
sheepAura = 28271;
break;
case 2:
sheepAura = 28272;
break;
case 3:
sheepAura = 61025;
break;
case 4:
sheepAura = 61721;
break;
case 5:
sheepAura = 71319;
break;
default:
break;
}
GetPlayer()->_AddAura(sheepAura,config->actionParam[i]);
if (checkType == CHECK_MOVEMENT_FLY ||
GetPlayer()->HasAuraType(SPELL_AURA_FLY))
{
GetPlayer()->CastSpell(GetPlayer(), 55001, true);
}
}
break;
case ANTICHEAT_ACTION_STUN:
GetPlayer()->_AddAura(13005,config->actionParam[i]);
break;
case ANTICHEAT_ACTION_SICKNESS:
GetPlayer()->_AddAura(15007,config->actionParam[i]);
break;
case ANTICHEAT_ACTION_ANNOUNCE_GM:
sWorld.SendWorldTextWithSecurity(AccountTypes(config->actionParam[i]), config->messageNum, namechat.c_str(), config->description.c_str());
break;
case ANTICHEAT_ACTION_ANNOUNCE_ALL:
sWorld.SendWorldText(config->messageNum, name.c_str(), config->description.c_str());
break;
case ANTICHEAT_ACTION_LOG:
case ANTICHEAT_ACTION_NULL:
default:
break;
}
}
}
if (config->actionType[0] != ANTICHEAT_ACTION_NULL)
{
if (reason == "" )
{
sLog.outError("AntiCheat action log: Missing Reason parameter!");
return;
}
const char* playerName = GetPlayer()->GetName();
if ( !playerName )
{
sLog.outError("AntiCheat action log: Player with no name?");
return;
}
CharacterDatabase.PExecute("REPLACE INTO `anticheat_log` (`guid`, `playername`, `checktype`, `alarm_time`, `action1`, `action2`, `reason`)"
"VALUES ('%u','%s','%u',NOW(),'%u','%u','%s')",
GetPlayer()->GetObjectGuid().GetCounter(),
playerName,
checkType,
config->actionType[0],
config->actionType[1],
reason.c_str());
}
}
//show info of player
bool ChatHandler::HandlePInfoCommand(const char* args)
{
Player* target;
uint64 target_guid;
std::string target_name;
uint32 parseGUID = MAKE_NEW_GUID(atol((char*)args), 0, HIGHGUID_PLAYER);
if (sObjectMgr->GetPlayerNameByGUID(parseGUID, target_name))
{
target = sObjectMgr->GetPlayerByLowGUID(parseGUID);
target_guid = parseGUID;
}
else if (!extractPlayerTarget((char*)args, &target, &target_guid, &target_name))
return false;
uint32 accId = 0;
uint32 money = 0;
uint32 total_player_time = 0;
uint8 level = 0;
uint32 latency = 0;
uint8 race;
uint8 Class;
int64 muteTime = 0;
int64 banTime = -1;
uint32 mapId;
uint32 areaId;
uint32 phase = 0;
uint32 votepoints = 0;
uint32 donationpoints = 0;
std::string cheatcooldown = "";
std::string cheatcasttime = "";
std::string cheatpower = "";
// get additional information from Player object
if (target)
{
// check online security
if (HasLowerSecurity(target, 0))
return false;
QueryResult resultTwo = LoginDatabase.PQuery("SELECT vp, dp FROM fusion.account_data WHERE id = '%u' AND vp >= '0'", target->GetSession()->GetAccountId());
if (!resultTwo) // check
return false;
Field *fields = resultTwo->Fetch();
votepoints = fields[0].GetUInt32();
donationpoints = fields[1].GetUInt32();
accId = target->GetSession()->GetAccountId();
money = target->GetMoney();
total_player_time = target->GetTotalPlayedTime();
level = target->getLevel();
latency = target->GetSession()->GetLatency();
race = target->getRace();
Class = target->getClass();
muteTime = target->GetSession()->m_muteTime;
mapId = target->GetMapId();
areaId = target->GetAreaId();
phase = target->GetPhaseMask();
if(target->GetCommandStatus(CHEAT_COOLDOWN))
cheatcooldown = "ON";
else
cheatcooldown = "OFF";
if(target->GetCommandStatus(CHEAT_CASTTIME))
cheatcasttime = "ON";
else
cheatcasttime = "OFF";
if(target->GetCommandStatus(CHEAT_POWER))
cheatpower = "ON";
else
cheatpower = "OFF";
}
// get additional information from DB
else
{
// check offline security
if (HasLowerSecurity(NULL, target_guid))
return false;
PreparedStatement* stmt = CharacterDatabase.GetPreparedStatement(CHAR_SEL_CHAR_PINFO);
stmt->setUInt32(0, GUID_LOPART(target_guid));
PreparedQueryResult result = CharacterDatabase.Query(stmt);
if (!result)
return false;
Field* fields = result->Fetch();
total_player_time = fields[0].GetUInt32();
level = fields[1].GetUInt8();
money = fields[2].GetUInt32();
accId = fields[3].GetUInt32();
race = fields[4].GetUInt8();
Class = fields[5].GetUInt8();
mapId = fields[6].GetUInt16();
areaId = fields[7].GetUInt16();
}
std::string username = GetTrinityString(LANG_ERROR);
std::string email = GetTrinityString(LANG_ERROR);
std::string last_ip = GetTrinityString(LANG_ERROR);
uint32 security = 0;
std::string last_login = GetTrinityString(LANG_ERROR);
PreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_PINFO);
stmt->setInt32(0, int32(realmID));
stmt->setUInt32(1, accId);
PreparedQueryResult result = LoginDatabase.Query(stmt);
if (result)
{
Field* fields = result->Fetch();
username = fields[0].GetString();
security = fields[1].GetUInt8();
email = fields[2].GetString();
muteTime = fields[5].GetUInt64();
if (email.empty())
email = "-";
if (!m_session || m_session->GetSecurity() >= AccountTypes(security))
{
last_ip = fields[3].GetString();
last_login = fields[4].GetString();
uint32 ip = inet_addr(last_ip.c_str());
#if TRINITY_ENDIAN == BIGENDIAN
EndianConvertReverse(ip);
#endif
PreparedStatement* stmt = WorldDatabase.GetPreparedStatement(WORLD_SEL_IP2NATION_COUNTRY);
stmt->setUInt32(0, ip);
PreparedQueryResult result2 = WorldDatabase.Query(stmt);
if (result2)
{
Field* fields2 = result2->Fetch();
last_ip.append(" (");
last_ip.append(fields2[0].GetString());
last_ip.append(")");
}
}
else
{
last_ip = "-";
last_login = "******";
}
}
std::string nameLink = playerLink(target_name);
PSendSysMessage(LANG_PINFO_ACCOUNT, (target?"":GetTrinityString(LANG_OFFLINE)), nameLink.c_str(), GUID_LOPART(target_guid), username.c_str(), accId, email.c_str(), security, last_ip.c_str(), last_login.c_str(), latency, donationpoints, votepoints);
std::string bannedby = "unknown";
std::string banreason = "";
stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_PINFO_BANS);
stmt->setUInt32(0, accId);
PreparedQueryResult result2 = LoginDatabase.Query(stmt);
if (!result2)
{
stmt = CharacterDatabase.GetPreparedStatement(CHAR_SEL_PINFO_BANS);
stmt->setUInt32(0, GUID_LOPART(target_guid));
result2 = CharacterDatabase.Query(stmt);
}
if (result2)
{
Field* fields = result2->Fetch();
banTime = int64(fields[1].GetBool() ? 0 : fields[0].GetUInt32());
bannedby = fields[2].GetString();
banreason = fields[3].GetString();
}
if (muteTime > 0)
PSendSysMessage(LANG_PINFO_MUTE, secsToTimeString(muteTime - time(NULL), true).c_str());
if (banTime >= 0)
PSendSysMessage(LANG_PINFO_BAN, banTime > 0 ? secsToTimeString(banTime - time(NULL), true).c_str() : "permanently", bannedby.c_str(), banreason.c_str());
std::string race_s, Class_s;
switch (race)
{
case RACE_HUMAN: race_s = "Human"; break;
case RACE_ORC: race_s = "Orc"; break;
case RACE_DWARF: race_s = "Dwarf"; break;
case RACE_NIGHTELF: race_s = "Night Elf"; break;
case RACE_UNDEAD_PLAYER: race_s = "Undead"; break;
case RACE_TAUREN: race_s = "Tauren"; break;
case RACE_GNOME: race_s = "Gnome"; break;
case RACE_TROLL: race_s = "Troll"; break;
case RACE_GOBLIN: race_s = "Goblin"; break;
case RACE_BLOODELF: race_s = "Blood Elf"; break;
case RACE_DRAENEI: race_s = "Draenei"; break;
case RACE_NAGA: race_s = "Naga"; break;
case RACE_BROKEN: race_s = "Broken"; break;
case RACE_VRYKUL: race_s = "Vrykul"; break;
}
switch (Class)
{
case CLASS_WARRIOR: Class_s = "Warrior"; break;
case CLASS_PALADIN: Class_s = "Paladin"; break;
case CLASS_HUNTER: Class_s = "Hunter"; break;
case CLASS_ROGUE: Class_s = "Rogue"; break;
case CLASS_PRIEST: Class_s = "Priest"; break;
case CLASS_DEATH_KNIGHT: Class_s = "Death Knight"; break;
case CLASS_SHAMAN: Class_s = "Shaman"; break;
case CLASS_MAGE: Class_s = "Mage"; break;
case CLASS_WARLOCK: Class_s = "Warlock"; break;
case CLASS_DRUID: Class_s = "Druid"; break;
}
std::string timeStr = secsToTimeString(total_player_time, true, true);
uint32 gold = money /GOLD;
uint32 silv = (money % GOLD) / SILVER;
uint32 copp = (money % GOLD) % SILVER;
PSendSysMessage(LANG_PINFO_LEVEL, race_s.c_str(), Class_s.c_str(), timeStr.c_str(), level, gold, silv, copp);
// Add map, zone, subzone and phase to output
int locale = GetSessionDbcLocale();
std::string areaName = "<unknown>";
std::string zoneName = "";
MapEntry const* map = sMapStore.LookupEntry(mapId);
AreaTableEntry const* area = GetAreaEntryByAreaID(areaId);
if (area)
{
areaName = area->area_name[locale];
AreaTableEntry const* zone = GetAreaEntryByAreaID(area->zone);
if (zone)
zoneName = zone->area_name[locale];
}
if (target)
{
if (!zoneName.empty())
PSendSysMessage(LANG_PINFO_MAP_ONLINE, map->name[locale], zoneName.c_str(), areaName.c_str(), phase);
else
PSendSysMessage(LANG_PINFO_MAP_ONLINE, map->name[locale], areaName.c_str(), "<unknown>", phase);
}
else
PSendSysMessage(LANG_PINFO_MAP_OFFLINE, map->name[locale], areaName.c_str());
if (target)
{
PSendSysMessage(LANG_PINFO_CHEATS, cheatcooldown.c_str(), cheatcasttime.c_str(), cheatpower.c_str());
//PSendSysMessage(LANG_PINFO_TOGGLE, summon.c_str(), appear.c_str());
}
return true;
}
bool WorldSocket::HandleAuthSession(WorldPacket &recvPacket)
{
// NOTE: ATM the socket is singlethread, have this in mind ...
uint8 digest[20];
uint32 clientSeed, id, security;
uint32 ClientBuild;
LocaleConstant locale;
std::string account;
Sha1Hash sha1;
BigNumber v, s, g, N, K;
WorldPacket packet, SendAddonPacked;
// Read the content of the packet
recvPacket >> ClientBuild;
recvPacket.read_skip<uint32>();
recvPacket >> account;
recvPacket >> clientSeed;
recvPacket.read(digest, 20);
DEBUG_LOG("WorldSocket::HandleAuthSession: client build %u, account %s, clientseed %X",
ClientBuild,
account.c_str(),
clientSeed);
// Check the version of client trying to connect
if (!IsAcceptableClientBuild(ClientBuild))
{
packet.Initialize(SMSG_AUTH_RESPONSE, 1);
packet << uint8(AUTH_VERSION_MISMATCH);
SendPacket(packet);
sLog.outError("WorldSocket::HandleAuthSession: Sent Auth Response (version mismatch).");
return false;
}
// Get the account information from the realmd database
std::string safe_account = account; // Duplicate, else will screw the SHA hash verification below
LoginDatabase.escape_string(safe_account);
// No SQL injection, username escaped.
QueryResult* result =
LoginDatabase.PQuery("SELECT "
"id, " //0
"gmlevel, " //1
"sessionkey, " //2
"last_ip, " //3
"locked, " //4
"v, " //5
"s, " //6
"mutetime, " //7
"locale " //8
"FROM account "
"WHERE username = '******'",
safe_account.c_str());
// Stop if the account is not found
if (!result)
{
packet.Initialize(SMSG_AUTH_RESPONSE, 1);
packet << uint8(AUTH_UNKNOWN_ACCOUNT);
SendPacket(packet);
sLog.outError("WorldSocket::HandleAuthSession: Sent Auth Response (unknown account).");
return false;
}
Field* fields = result->Fetch();
N.SetHexStr("894B645E89E1535BBDAD5B8B290650530801B18EBFBF5E8FAB3C82872A3E9BB7");
g.SetDword(7);
v.SetHexStr(fields[5].GetString());
s.SetHexStr(fields[6].GetString());
m_s = s;
const char* sStr = s.AsHexStr(); // Must be freed by OPENSSL_free()
const char* vStr = v.AsHexStr(); // Must be freed by OPENSSL_free()
DEBUG_LOG("WorldSocket::HandleAuthSession: (s,v) check s: %s v: %s",
sStr,
vStr);
OPENSSL_free((void*) sStr);
OPENSSL_free((void*) vStr);
///- Re-check ip locking (same check as in realmd).
if (fields[4].GetUInt8() == 1) // if ip is locked
{
if (strcmp(fields[3].GetString(), GetRemoteAddress().c_str()))
{
packet.Initialize(SMSG_AUTH_RESPONSE, 1);
packet << uint8(AUTH_FAILED);
SendPacket(packet);
delete result;
BASIC_LOG("WorldSocket::HandleAuthSession: Sent Auth Response (Account IP differs).");
return false;
}
}
id = fields[0].GetUInt32();
security = fields[1].GetUInt16();
if (security > SEC_ADMINISTRATOR) // prevent invalid security settings in DB
security = SEC_ADMINISTRATOR;
K.SetHexStr(fields[2].GetString());
time_t mutetime = time_t (fields[7].GetUInt64());
uint8 tempLoc = LocaleConstant(fields[8].GetUInt8());
if (tempLoc >= static_cast<uint8>(MAX_LOCALE))
locale = LOCALE_enUS;
else
locale = LocaleConstant(tempLoc);
delete result;
// Re-check account ban (same check as in realmd)
QueryResult* banresult =
LoginDatabase.PQuery("SELECT 1 FROM account_banned WHERE id = %u AND active = 1 AND (unbandate > UNIX_TIMESTAMP() OR unbandate = bandate)"
"UNION "
"SELECT 1 FROM ip_banned WHERE (unbandate = bandate OR unbandate > UNIX_TIMESTAMP()) AND ip = '%s'",
id, GetRemoteAddress().c_str());
if (banresult) // if account banned
{
packet.Initialize(SMSG_AUTH_RESPONSE, 1);
packet << uint8(AUTH_BANNED);
SendPacket(packet);
delete banresult;
sLog.outError("WorldSocket::HandleAuthSession: Sent Auth Response (Account banned).");
return false;
}
// Check locked state for server
AccountTypes allowedAccountType = sWorld.GetPlayerSecurityLimit();
if (allowedAccountType > SEC_PLAYER && AccountTypes(security) < allowedAccountType)
{
WorldPacket Packet(SMSG_AUTH_RESPONSE, 1);
Packet << uint8(AUTH_UNAVAILABLE);
SendPacket(packet);
BASIC_LOG("WorldSocket::HandleAuthSession: User tries to login but his security level is not enough");
return false;
}
// Check that Key and account name are the same on client and server
Sha1Hash sha;
uint32 t = 0;
uint32 seed = m_seed;
sha.UpdateData(account);
sha.UpdateData((uint8*) & t, 4);
sha.UpdateData((uint8*) & clientSeed, 4);
sha.UpdateData((uint8*) & seed, 4);
sha.UpdateBigNumbers(&K, nullptr);
sha.Finalize();
if (memcmp(sha.GetDigest(), digest, 20))
{
packet.Initialize(SMSG_AUTH_RESPONSE, 1);
packet << uint8(AUTH_FAILED);
SendPacket(packet);
sLog.outError("WorldSocket::HandleAuthSession: Sent Auth Response (authentification failed).");
return false;
}
const std::string &address = GetRemoteAddress();
DEBUG_LOG("WorldSocket::HandleAuthSession: Client '%s' authenticated successfully from %s.",
account.c_str(),
address.c_str());
// Update the last_ip in the database
// No SQL injection, username escaped.
static SqlStatementID updAccount;
SqlStatement stmt = LoginDatabase.CreateStatement(updAccount, "UPDATE account SET last_ip = ? WHERE username = ?");
stmt.PExecute(address.c_str(), account.c_str());
if (!(m_session = new WorldSession(id, this, AccountTypes(security), mutetime, locale)))
return false;
m_crypt.Init(&K);
m_session->LoadTutorialsData();
sWorld.AddSession(m_session);
// Create and send the Addon packet
if (sAddOnHandler.BuildAddonPacket(recvPacket, SendAddonPacked))
SendPacket(SendAddonPacked);
return true;
}
/// Logon Challenge command handler
bool AuthSocket::_HandleLogonChallenge()
{
DEBUG_LOG("Entering _HandleLogonChallenge");
if (recv_len() < sizeof(sAuthLogonChallenge_C))
return false;
///- Read the first 4 bytes (header) to get the length of the remaining of the packet
std::vector<uint8> buf;
buf.resize(4);
recv((char*)&buf[0], 4);
EndianConvert(*((uint16*)(buf[0])));
uint16 remaining = ((sAuthLogonChallenge_C*)&buf[0])->size;
DEBUG_LOG("[AuthChallenge] got header, body is %#04x bytes", remaining);
if ((remaining < sizeof(sAuthLogonChallenge_C) - buf.size()) || (recv_len() < remaining))
return false;
// No big fear of memory outage (size is int16, i.e. < 65536)
buf.resize(remaining + buf.size() + 1);
buf[buf.size() - 1] = 0;
sAuthLogonChallenge_C* ch = (sAuthLogonChallenge_C*)&buf[0];
///- Read the remaining of the packet
recv((char*)&buf[4], remaining);
DEBUG_LOG("[AuthChallenge] got full packet, %#04x bytes", ch->size);
DEBUG_LOG("[AuthChallenge] name(%d): '%s'", ch->I_len, ch->I);
// BigEndian code, nop in little endian case
// size already converted
EndianConvert(*((uint32*)(&ch->gamename[0])));
EndianConvert(ch->build);
EndianConvert(*((uint32*)(&ch->platform[0])));
EndianConvert(*((uint32*)(&ch->os[0])));
EndianConvert(*((uint32*)(&ch->country[0])));
EndianConvert(ch->timezone_bias);
EndianConvert(ch->ip);
ByteBuffer pkt;
_login = (const char*)ch->I;
_build = ch->build;
///- Normalize account name
// utf8ToUpperOnlyLatin(_login); -- client already send account in expected form
// Escape the user login to avoid further SQL injection
// Memory will be freed on AuthSocket object destruction
_safelogin = _login;
LoginDatabase.escape_string(_safelogin);
pkt << (uint8) CMD_AUTH_LOGON_CHALLENGE;
pkt << (uint8) 0x00;
///- Verify that this IP is not in the ip_banned table
// No SQL injection possible (paste the IP address as passed by the socket)
std::string address = get_remote_address();
LoginDatabase.escape_string(address);
QueryResult* result = LoginDatabase.PQuery("SELECT unbandate FROM ip_banned WHERE "
// permanent still banned
"(unbandate = bandate OR unbandate > UNIX_TIMESTAMP()) AND ip = '%s'", address.c_str());
if (result)
{
pkt << (uint8)WOW_FAIL_BANNED;
BASIC_LOG("[AuthChallenge] Banned ip %s tries to login!", get_remote_address().c_str());
delete result;
}
else
{
///- Get the account details from the account table
// No SQL injection (escaped user name)
result = LoginDatabase.PQuery("SELECT sha_pass_hash,id,locked,last_ip,gmlevel,v,s FROM account WHERE username = '******'", _safelogin.c_str());
if (result)
{
///- If the IP is 'locked', check that the player comes indeed from the correct IP address
bool locked = false;
if ((*result)[2].GetUInt8() == 1) // if ip is locked
{
DEBUG_LOG("[AuthChallenge] Account '%s' is locked to IP - '%s'", _login.c_str(), (*result)[3].GetString());
DEBUG_LOG("[AuthChallenge] Player address is '%s'", get_remote_address().c_str());
if (strcmp((*result)[3].GetString(), get_remote_address().c_str()))
{
DEBUG_LOG("[AuthChallenge] Account IP differs");
pkt << (uint8) WOW_FAIL_SUSPENDED;
locked = true;
}
else
{
DEBUG_LOG("[AuthChallenge] Account IP matches");
}
}
else
{
DEBUG_LOG("[AuthChallenge] Account '%s' is not locked to ip", _login.c_str());
}
if (!locked)
{
///- If the account is banned, reject the logon attempt
QueryResult* banresult = LoginDatabase.PQuery("SELECT bandate,unbandate FROM account_banned WHERE "
"id = %u AND active = 1 AND (unbandate > UNIX_TIMESTAMP() OR unbandate = bandate)", (*result)[1].GetUInt32());
if (banresult)
{
if ((*banresult)[0].GetUInt64() == (*banresult)[1].GetUInt64())
{
pkt << (uint8) WOW_FAIL_BANNED;
BASIC_LOG("[AuthChallenge] Banned account %s tries to login!", _login.c_str());
}
else
{
pkt << (uint8) WOW_FAIL_SUSPENDED;
BASIC_LOG("[AuthChallenge] Temporarily banned account %s tries to login!", _login.c_str());
}
delete banresult;
}
else
{
///- Get the password from the account table, upper it, and make the SRP6 calculation
std::string rI = (*result)[0].GetCppString();
///- Don't calculate (v, s) if there are already some in the database
std::string databaseV = (*result)[5].GetCppString();
std::string databaseS = (*result)[6].GetCppString();
DEBUG_LOG("database authentication values: v='%s' s='%s'", databaseV.c_str(), databaseS.c_str());
// multiply with 2, bytes are stored as hexstring
if (databaseV.size() != s_BYTE_SIZE * 2 || databaseS.size() != s_BYTE_SIZE * 2)
_SetVSFields(rI);
else
{
s.SetHexStr(databaseS.c_str());
v.SetHexStr(databaseV.c_str());
}
b.SetRand(19 * 8);
BigNumber gmod = g.ModExp(b, N);
B = ((v * 3) + gmod) % N;
MANGOS_ASSERT(gmod.GetNumBytes() <= 32);
BigNumber unk3;
unk3.SetRand(16 * 8);
///- Fill the response packet with the result
pkt << uint8(WOW_SUCCESS);
// B may be calculated < 32B so we force minimal length to 32B
pkt.append(B.AsByteArray(32), 32); // 32 bytes
pkt << uint8(1);
pkt.append(g.AsByteArray(), 1);
pkt << uint8(32);
pkt.append(N.AsByteArray(32), 32);
pkt.append(s.AsByteArray(), s.GetNumBytes());// 32 bytes
pkt.append(unk3.AsByteArray(16), 16);
uint8 securityFlags = 0;
pkt << uint8(securityFlags); // security flags (0x0...0x04)
if (securityFlags & 0x01) // PIN input
{
pkt << uint32(0);
pkt << uint64(0) << uint64(0); // 16 bytes hash?
}
if (securityFlags & 0x02) // Matrix input
{
pkt << uint8(0);
pkt << uint8(0);
pkt << uint8(0);
pkt << uint8(0);
pkt << uint64(0);
}
if (securityFlags & 0x04) // Security token input
{
pkt << uint8(1);
}
uint8 secLevel = (*result)[4].GetUInt8();
_accountSecurityLevel = secLevel <= SEC_ADMINISTRATOR ? AccountTypes(secLevel) : SEC_ADMINISTRATOR;
_localizationName.resize(4);
for (int i = 0; i < 4; ++i)
_localizationName[i] = ch->country[4 - i - 1];
BASIC_LOG("[AuthChallenge] account %s is using '%c%c%c%c' locale (%u)", _login.c_str(), ch->country[3], ch->country[2], ch->country[1], ch->country[0], GetLocaleByName(_localizationName));
}
}
delete result;
}
else // no account
{
pkt << (uint8) WOW_FAIL_UNKNOWN_ACCOUNT;
}
}
send((char const*)pkt.contents(), pkt.size());
return true;
}
// Logon Challenge command handler
bool AuthSocket::_HandleLogonChallenge()
{
sLog->outStaticDebug("Entering _HandleLogonChallenge");
if (socket().recv_len() < sizeof(sAuthLogonChallenge_C))
return false;
// Read the first 4 bytes (header) to get the length of the remaining of the packet
std::vector<uint8> buf;
buf.resize(4);
socket().recv((char *)&buf[0], 4);
#if SKYFIRE_ENDIAN == SKYFIRE_BIGENDIAN
EndianConvert(*((uint16*)(buf[0])));
#endif
uint16 remaining = ((sAuthLogonChallenge_C *)&buf[0])->size;
sLog->outStaticDebug("[AuthChallenge] got header, body is %#04x bytes", remaining);
if ((remaining < sizeof(sAuthLogonChallenge_C) - buf.size()) || (socket().recv_len() < remaining))
return false;
//No big fear of memory outage (size is int16, i.e. < 65536)
buf.resize(remaining + buf.size() + 1);
buf[buf.size() - 1] = 0;
sAuthLogonChallenge_C *ch = (sAuthLogonChallenge_C*)&buf[0];
// Read the remaining of the packet
socket().recv((char *)&buf[4], remaining);
sLog->outStaticDebug("[AuthChallenge] got full packet, %#04x bytes", ch->size);
sLog->outStaticDebug("[AuthChallenge] name(%d): '%s'", ch->I_len, ch->I);
// BigEndian code, nop in little endian case
// size already converted
#if SKYFIRE_ENDIAN == SKYFIRE_BIGENDIAN
EndianConvert(*((uint32*)(&ch->gamename[0])));
EndianConvert(ch->build);
EndianConvert(*((uint32*)(&ch->platform[0])));
EndianConvert(*((uint32*)(&ch->os[0])));
EndianConvert(*((uint32*)(&ch->country[0])));
EndianConvert(ch->timezone_bias);
EndianConvert(ch->ip);
#endif
ByteBuffer pkt;
_login = (const char*)ch->I;
_build = ch->build;
_expversion = (AuthHelper::IsPostWotLKAcceptedClientBuild(_build) ? POST_WOTLK_EXP_FLAG : NO_VALID_EXP_FLAG) | (AuthHelper::IsPostBCAcceptedClientBuild(_build) ? POST_BC_EXP_FLAG : NO_VALID_EXP_FLAG) | (AuthHelper::IsPreBCAcceptedClientBuild(_build) ? PRE_BC_EXP_FLAG : NO_VALID_EXP_FLAG);
_os = (const char*)ch->os;
if(_os.size() > 4)
return false;
// Restore string order as its byte order is reversed
std::reverse(_os.begin(), _os.end());
pkt << (uint8)AUTH_LOGON_CHALLENGE;
pkt << (uint8)0x00;
// Verify that this IP is not in the ip_banned table
// No SQL injection possible (paste the IP address as passed by the socket)
LoginDatabase.Execute("DELETE FROM ip_banned WHERE unbandate<=UNIX_TIMESTAMP() AND unbandate<>bandate");
std::string address(socket().getRemoteAddress().c_str());
LoginDatabase.EscapeString(address);
QueryResult_AutoPtr result = LoginDatabase.PQuery("SELECT * FROM ip_banned WHERE ip = '%s'", address.c_str());
if (result)
{
pkt << (uint8)WOW_FAIL_BANNED;
sLog->outBasic("[AuthChallenge] Banned ip %s tried to login!", address.c_str());
}
else
{
// Get the account details from the account table
// No SQL injection (prepared statement)
result = LoginDatabase.PQuery("SELECT a.sha_pass_hash,a.id,a.locked,a.last_ip,aa.gmlevel,a.v,a.s "
"FROM account a "
"LEFT JOIN account_access aa "
"ON (a.id = aa.id) "
"WHERE a.username = '******'",_login.c_str ());
if (result)
{
///- If the IP is 'locked', check that the player comes indeed from the correct IP address
bool locked = false;
if ((*result)[2].GetUInt8() == 1) // if ip is locked
{
sLog->outStaticDebug("[AuthChallenge] Account '%s' is locked to IP - '%s'", _login.c_str(), (*result)[3].GetString());
sLog->outStaticDebug("[AuthChallenge] Player address is '%s'", address.c_str());
if (strcmp((*result)[3].GetString(),socket().getRemoteAddress().c_str()))
{
sLog->outStaticDebug("[AuthChallenge] Account IP differs");
pkt << (uint8) WOW_FAIL_SUSPENDED;
locked = true;
}
else
sLog->outStaticDebug("[AuthChallenge] Account IP matches");
}
else
sLog->outStaticDebug("[AuthChallenge] Account '%s' is not locked to ip", _login.c_str());
if (!locked)
{
//set expired bans to inactive
//LoginDatabase.Execute(LoginDatabase.GetPreparedStatement(LOGIN_SET_EXPIREDACCBANS));
// If the account is banned, reject the logon attempt
LoginDatabase.Execute("UPDATE account_banned SET active = 0 WHERE unbandate<=UNIX_TIMESTAMP() AND unbandate<>bandate");
///- If the account is banned, reject the logon attempt
QueryResult_AutoPtr banresult = LoginDatabase.PQuery("SELECT bandate,unbandate FROM account_banned WHERE id = %u AND active = 1", (*result)[1].GetUInt32());
if (banresult)
{
if ((*banresult)[0].GetUInt64() == (*banresult)[1].GetUInt64())
{
pkt << (uint8)WOW_FAIL_BANNED;
sLog->outBasic("'%s:%d' [AuthChallenge] Banned account %s tried to login!", socket().getRemoteAddress().c_str(), socket().getRemotePort(), _login.c_str ());
}
else
{
pkt << (uint8)WOW_FAIL_SUSPENDED;
sLog->outBasic("'%s:%d' [AuthChallenge] Temporarily banned account %s tried to login!", socket().getRemoteAddress().c_str(), socket().getRemotePort(), _login.c_str ());
}
}
else
{
// Get the password from the account table, upper it, and make the SRP6 calculation
std::string rI = (*result)[0].GetCppString();
// Don't calculate (v, s) if there are already some in the database
std::string databaseV = (*result)[5].GetCppString();
std::string databaseS = (*result)[6].GetCppString();
sLog->outDebug("database authentication values: v='%s' s='%s'", databaseV.c_str(), databaseS.c_str());
// multiply with 2 since bytes are stored as hexstring
if (databaseV.size() != s_BYTE_SIZE * 2 || databaseS.size() != s_BYTE_SIZE * 2)
_SetVSFields(rI);
else
{
s.SetHexStr(databaseS.c_str());
v.SetHexStr(databaseV.c_str());
}
b.SetRand(19 * 8);
BigNumber gmod = g.ModExp(b, N);
B = ((v * 3) + gmod) % N;
ASSERT(gmod.GetNumBytes() <= 32);
BigNumber unk3;
unk3.SetRand(16 * 8);
// Fill the response packet with the result
pkt << uint8(WOW_SUCCESS);
// B may be calculated < 32B so we force minimal length to 32B
pkt.append(B.AsByteArray(32), 32); // 32 bytes
pkt << uint8(1);
pkt.append(g.AsByteArray(), 1);
pkt << uint8(32);
pkt.append(N.AsByteArray(32), 32);
pkt.append(s.AsByteArray(), s.GetNumBytes()); // 32 bytes
pkt.append(unk3.AsByteArray(16), 16);
uint8 securityFlags = 0;
pkt << uint8(securityFlags); // security flags (0x0...0x04)
if (securityFlags & 0x01) // PIN input
{
pkt << uint32(0);
pkt << uint64(0) << uint64(0); // 16 bytes hash?
}
if (securityFlags & 0x02) // Matrix input
{
pkt << uint8(0);
pkt << uint8(0);
pkt << uint8(0);
pkt << uint8(0);
pkt << uint64(0);
}
if (securityFlags & 0x04) // Security token input
pkt << uint8(1);
uint8 secLevel = (*result)[4].GetUInt8();
_accountSecurityLevel = secLevel <= SEC_ADMINISTRATOR ? AccountTypes(secLevel) : SEC_ADMINISTRATOR;
_localizationName.resize(4);
for (int i = 0; i < 4; ++i)
_localizationName[i] = ch->country[4-i-1];
sLog->outBasic("'%s:%d' [AuthChallenge] account %s is using '%c%c%c%c' locale (%u)", socket().getRemoteAddress().c_str(), socket().getRemotePort(),
_login.c_str (), ch->country[3], ch->country[2], ch->country[1], ch->country[0], GetLocaleByName(_localizationName)
);
}
}
}
else //no account
pkt << (uint8)WOW_FAIL_UNKNOWN_ACCOUNT;
}
socket().send((char const*)pkt.contents(), pkt.size());
return true;
}
