void AuthSocket::HandleReconnectProof()
{
if( m_account == NULL )
return;
// Load sessionkey from account database.
QueryResult * result = sLogonSQL->Query ("SELECT SessionKey FROM accounts WHERE acct = %u", m_account->AccountId);
if(result)
{
Field * field = result->Fetch();
K.SetHexStr(field[0].GetString ());
delete result;
}
else
{
// Disconnect if the sessionkey invalid or not found
DEBUG_LOG("AuthReConnectProof","No matching SessionKey found while user %s tried to login.", AccountName.c_str());
Disconnect();
return;
}
if(GetReadBuffer().GetSize() < sizeof(sAuthLogonProofKey_C))
return;
sAuthLogonProofKey_C lp;
GetReadBuffer().Read(&lp, sizeof(sAuthLogonProofKey_C));
BigNumber A;
A.SetBinary(lp.R1, 16);
Sha1Hash sha;
sha.Initialize();
sha.UpdateData(AccountName);
sha.UpdateBigNumbers(&A, &rs, &K, 0);
sha.Finalize();
if (!memcmp(sha.GetDigest(), lp.R2, SHA_DIGEST_LENGTH))
{
///- Sending response
ByteBuffer pkt;
pkt << (uint8) 0x03; //ReconnectProof
pkt << (uint8) 0x00;
pkt << (uint16) 0x00; // 2 bytes zeros
Send(pkt.contents(), pkt.size());
// we're authenticated now :)
m_authenticated = true;
DEBUG_LOG("AuthReConnectProof","Authentication Success.");
}
else
DEBUG_LOG("AuthReConnectProof","Authentication Failed.");
}
/// Reconnect Proof command handler
bool AuthSocket::_HandleReconnectProof()
{
DEBUG_LOG("Entering _HandleReconnectProof");
///- Read the packet
sAuthReconnectProof_C lp;
if (!recv((char*)&lp, sizeof(sAuthReconnectProof_C)))
{ return false; }
if (_login.empty() || !_reconnectProof.GetNumBytes() || !K.GetNumBytes())
{ return false; }
BigNumber t1;
t1.SetBinary(lp.R1, 16);
Sha1Hash sha;
sha.Initialize();
sha.UpdateData(_login);
sha.UpdateBigNumbers(&t1, &_reconnectProof, &K, NULL);
sha.Finalize();
if (!memcmp(sha.GetDigest(), lp.R2, SHA_DIGEST_LENGTH))
{
///- Sending response
ByteBuffer pkt;
pkt << (uint8) CMD_AUTH_RECONNECT_PROOF;
pkt << (uint8) 0x00;
//If we keep from sending this we don't receive Session Expired on the client when
//changing realms after being logged on to the world
if (_build > 6141) // Last vanilla, 1.12.3
pkt << (uint16) 0x00; // 2 bytes zeros
send((char const*)pkt.contents(), pkt.size());
///- Set _authed to true!
_authed = true;
return true;
}
else
{
sLog.outError("[ERROR] user %s tried to login, but session invalid.", _login.c_str());
close_connection();
return false;
}
}
/// Reconnect Proof command handler
bool AuthSocket::_HandleReconnectProof()
{
DEBUG_LOG("Entering _HandleReconnectProof");
///- Read the packet
sAuthReconnectProof_C lp;
if(!recv((char *)&lp, sizeof(sAuthReconnectProof_C)))
return false;
if (_login.empty() || !_reconnectProof.GetNumBytes() || !K.GetNumBytes())
return false;
BigNumber t1;
t1.SetBinary(lp.R1, 16);
Sha1Hash sha;
sha.Initialize();
sha.UpdateData(_login);
sha.UpdateBigNumbers(&t1, &_reconnectProof, &K, NULL);
sha.Finalize();
if (!memcmp(sha.GetDigest(), lp.R2, SHA_DIGEST_LENGTH))
{
///- Sending response
ByteBuffer pkt;
pkt << uint8(CMD_AUTH_RECONNECT_PROOF);
pkt << uint8(0x00);
pkt << uint16(0x00); // 2 bytes zeros
send((char const*)pkt.contents(), pkt.size());
///- Set _authed to true!
_authed = true;
return true;
}
else
{
sLog.outLog(LOG_DEFAULT, "ERROR: [ERROR] user %s tried to login, but session invalid.", _login.c_str());
close_connection();
return false;
}
}
/// Reconnect Proof command handler
bool AuthSocket::_HandleReconnectProof()
{
DEBUG_LOG("Entering _HandleReconnectProof");
///- Read the packet
if (ibuf.GetLength() < sizeof(sAuthReconnectProof_C))
return false;
if (_login.empty() || !_reconnectProof.GetNumBytes() || !K.GetNumBytes())
return false;
sAuthReconnectProof_C lp;
ibuf.Read((char *)&lp, sizeof(sAuthReconnectProof_C));
BigNumber t1;
t1.SetBinary(lp.R1, 16);
Sha1Hash sha;
sha.Initialize();
sha.UpdateData(_login);
sha.UpdateBigNumbers(&t1, &_reconnectProof, &K, NULL);
sha.Finalize();
if (!memcmp(sha.GetDigest(), lp.R2, SHA_DIGEST_LENGTH))
{
///- Sending response
ByteBuffer pkt;
pkt << (uint8) AUTH_RECONNECT_PROOF;
pkt << (uint8) 0x00;
pkt << (uint16) 0x00; // 2 bytes zeros
SendBuf((char const*)pkt.contents(), pkt.size());
///- Set _authed to true!
_authed = true;
return true;
}
else
{
sLog.outError("[ERROR] user %s tried to login, but session invalid.", _login.c_str());
SetCloseAndDelete();
return false;
}
}
void AuthSocket::HandleProof()
{
if(GetReadBuffer()->GetSize() < sizeof(sAuthLogonProof_C))
return;
// patch
if(m_patch&&!m_account)
{
//RemoveReadBufferBytes(75,false);
GetReadBuffer()->Remove(75);
DEBUG_LOG("AuthLogonProof","Intitiating PatchJob");
uint8 bytes[2] = {0x01,0x0a};
Send(bytes,2);
PatchMgr::getSingleton().InitiatePatch(m_patch, this);
return;
}
if(!m_account)
return;
DEBUG_LOG("AuthLogonProof","Interleaving and checking proof...");
sAuthLogonProof_C lp;
GetReadBuffer()->Read(&lp, sizeof(sAuthLogonProof_C));
BigNumber A;
A.SetBinary(lp.A, 32);
Sha1Hash sha;
sha.UpdateBigNumbers(&A, &B, 0);
sha.Finalize();
BigNumber u;
u.SetBinary(sha.GetDigest(), 20);
BigNumber S = (A * (v.ModExp(u, N))).ModExp(b, N);
uint8 t[32];
uint8 t1[16];
uint8 vK[40];
memcpy(t, S.AsByteArray(), 32);
for (int i = 0; i < 16; i++)
{
t1[i] = t[i*2];
}
sha.Initialize();
sha.UpdateData(t1, 16);
sha.Finalize();
for (int i = 0; i < 20; i++)
{
vK[i*2] = sha.GetDigest()[i];
}
for (int i = 0; i < 16; i++)
{
t1[i] = t[i*2+1];
}
sha.Initialize();
sha.UpdateData(t1, 16);
sha.Finalize();
for (int i = 0; i < 20; i++)
{
vK[i*2+1] = sha.GetDigest()[i];
}
m_sessionkey.SetBinary(vK, 40);
uint8 hash[20];
sha.Initialize();
sha.UpdateBigNumbers(&N, NULL);
sha.Finalize();
memcpy(hash, sha.GetDigest(), 20);
sha.Initialize();
sha.UpdateBigNumbers(&g, NULL);
sha.Finalize();
for (int i = 0; i < 20; i++)
{
hash[i] ^= sha.GetDigest()[i];
}
BigNumber t3;
t3.SetBinary(hash, 20);
sha.Initialize();
sha.UpdateData((const uint8*)m_account->UsernamePtr->c_str(), (int)m_account->UsernamePtr->size());
sha.Finalize();
BigNumber t4;
t4.SetBinary(sha.GetDigest(), 20);
sha.Initialize();
sha.UpdateBigNumbers(&t3, &t4, &s, &A, &B, &m_sessionkey, NULL);
sha.Finalize();
BigNumber M;
M.SetBinary(sha.GetDigest(), 20);
// Compare M1 values.
if(memcmp(lp.M1, M.AsByteArray(), 20) != 0)
{
// Authentication failed.
//SendProofError(4, 0);
SendChallengeError(CE_NO_ACCOUNT);
DEBUG_LOG("AuthLogonProof","M1 values don't match.");
return;
}
// Store sessionkey
m_account->SetSessionKey(m_sessionkey.AsByteArray());
// OUT_DEBUG("========================\nSession key: ");
// for(uint32 z = 0; z < 40; ++z)
// OUT_DEBUG("%.2X ", m_account->SessionKey[z]);
// OUT_DEBUG("\n========================\n");
// let the client know
sha.Initialize();
sha.UpdateBigNumbers(&A, &M, &m_sessionkey, 0);
sha.Finalize();
if(GetBuild() <= 6005)
{
sAuthLogonProof_S proof;
proof.cmd = 0x01;
proof.error = 0;
memcpy(proof.M2, sha.GetDigest(), 20);
proof.unk2 = 0;
SendPacket( (uint8*) &proof, sizeof(proof) );
}
else
SendProofError(0, sha.GetDigest());
DEBUG_LOG("AuthLogonProof","Authentication Success.");
// we're authenticated now :)
m_authenticated = true;
// Don't update when IP banned, but update anyway if it's an account ban
const char* m_sessionkey_hex = m_sessionkey.AsHexStr();
sLogonSQL->Execute("UPDATE accounts SET lastlogin=NOW(), SessionKey = '%s', lastip='%s' WHERE acct=%u;", m_sessionkey_hex, GetIP(), m_account->AccountId);
}
/// Logon Proof command handler
bool AuthSocket::_HandleLogonProof()
{
DEBUG_LOG("Entering _HandleLogonProof");
///- Read the packet
sAuthLogonProof_C lp;
if (!socket().recv((char *)&lp, sizeof(sAuthLogonProof_C)))
return false;
/// <ul><li> If the client has no valid version
if (_expversion == NO_VALID_EXP_FLAG)
{
///- Check if we have the appropriate patch on the disk
sLog.outDebug("Client with invalid version, patching is not implemented");
socket().shutdown();
return true;
}
/// </ul>
///- Continue the SRP6 calculation based on data received from the client
BigNumber A;
A.SetBinary(lp.A, 32);
// SRP safeguard: abort if A==0
if (A.isZero())
{
socket().shutdown();
return true;
}
Sha1Hash sha;
sha.UpdateBigNumbers(&A, &B, NULL);
sha.Finalize();
BigNumber u;
u.SetBinary(sha.GetDigest(), 20);
BigNumber S = (A * (v.ModExp(u, N))).ModExp(b, N);
uint8 t[32];
uint8 t1[16];
uint8 vK[40];
memcpy(t, S.AsByteArray(32), 32);
for (int i = 0; i < 16; ++i)
{
t1[i] = t[i * 2];
}
sha.Initialize();
sha.UpdateData(t1, 16);
sha.Finalize();
for (int i = 0; i < 20; ++i)
{
vK[i * 2] = sha.GetDigest()[i];
}
for (int i = 0; i < 16; ++i)
{
t1[i] = t[i * 2 + 1];
}
sha.Initialize();
sha.UpdateData(t1, 16);
sha.Finalize();
for (int i = 0; i < 20; ++i)
{
vK[i * 2 + 1] = sha.GetDigest()[i];
}
K.SetBinary(vK, 40);
uint8 hash[20];
sha.Initialize();
sha.UpdateBigNumbers(&N, NULL);
sha.Finalize();
memcpy(hash, sha.GetDigest(), 20);
sha.Initialize();
sha.UpdateBigNumbers(&g, NULL);
sha.Finalize();
for (int i = 0; i < 20; ++i)
{
hash[i] ^= sha.GetDigest()[i];
}
BigNumber t3;
t3.SetBinary(hash, 20);
sha.Initialize();
sha.UpdateData(_login);
sha.Finalize();
uint8 t4[SHA_DIGEST_LENGTH];
memcpy(t4, sha.GetDigest(), SHA_DIGEST_LENGTH);
sha.Initialize();
sha.UpdateBigNumbers(&t3, NULL);
sha.UpdateData(t4, SHA_DIGEST_LENGTH);
sha.UpdateBigNumbers(&s, &A, &B, &K, NULL);
sha.Finalize();
BigNumber M;
M.SetBinary(sha.GetDigest(), 20);
///- Check if SRP6 results match (password is correct), else send an error
if (!memcmp(M.AsByteArray(), lp.M1, 20))
{
sLog.outBasic("User '%s' successfully authenticated", _login.c_str());
///- Update the sessionkey, last_ip, last login time and reset number of failed logins in the account table for this account
// No SQL injection (escaped user name) and IP address as received by socket
const char* K_hex = K.AsHexStr();
LoginDatabase.PExecute("UPDATE account SET sessionkey = '%s', last_ip = '%s', last_login = NOW(), locale = '%u', failed_logins = 0 WHERE username = '******'", K_hex, socket().get_remote_address().c_str(), GetLocaleByName(_localizationName), _safelogin.c_str());
OPENSSL_free((void*)K_hex);
///- Finish SRP6 and send the final result to the client
sha.Initialize();
sha.UpdateBigNumbers(&A, &M, &K, NULL);
sha.Finalize();
if (_expversion & POST_BC_EXP_FLAG)//2.4.3 and 3.1.3 clients (10146 is Chinese build for 3.1.3)
{
sAuthLogonProof_S proof;
memcpy(proof.M2, sha.GetDigest(), 20);
proof.cmd = AUTH_LOGON_PROOF;
proof.error = 0;
proof.unk1 = 0x00800000;
proof.unk2 = 0x00;
proof.unk3 = 0x00;
socket().send((char *)&proof, sizeof(proof));
}
else
{
sAuthLogonProof_S_Old proof;
memcpy(proof.M2, sha.GetDigest(), 20);
proof.cmd = AUTH_LOGON_PROOF;
proof.error = 0;
//proof.unk1 = 0x00800000;
proof.unk2 = 0x00;
//proof.unk3 = 0x00;
socket().send((char *)&proof, sizeof(proof));
}
///- Set _authed to true!
_authed = true;
}
else
{
char data[4]= { AUTH_LOGON_PROOF, WOW_FAIL_UNKNOWN_ACCOUNT, 3, 0};
socket().send(data, sizeof(data));
sLog.outBasic("[AuthChallenge] account %s tried to login with wrong password!",_login.c_str ());
uint32 MaxWrongPassCount = sConfig.GetIntDefault("WrongPass.MaxCount", 0);
if (MaxWrongPassCount > 0)
{
//Increment number of failed logins by one and if it reaches the limit temporarily ban that account or IP
LoginDatabase.PExecute("UPDATE account SET failed_logins = failed_logins + 1 WHERE username = '******'",_safelogin.c_str());
if (QueryResult_AutoPtr loginfail = LoginDatabase.PQuery("SELECT id, failed_logins FROM account WHERE username = '******'", _safelogin.c_str()))
{
Field* fields = loginfail->Fetch();
uint32 failed_logins = fields[1].GetUInt32();
if (failed_logins >= MaxWrongPassCount)
{
uint32 WrongPassBanTime = sConfig.GetIntDefault("WrongPass.BanTime", 600);
bool WrongPassBanType = sConfig.GetBoolDefault("WrongPass.BanType", false);
if (WrongPassBanType)
{
uint32 acc_id = fields[0].GetUInt32();
LoginDatabase.PExecute("INSERT INTO account_banned VALUES ('%u',UNIX_TIMESTAMP(),UNIX_TIMESTAMP()+'%u','Trinity realmd','Failed login autoban',1)",
acc_id, WrongPassBanTime);
sLog.outBasic("[AuthChallenge] account %s got banned for '%u' seconds because it failed to authenticate '%u' times",
_login.c_str(), WrongPassBanTime, failed_logins);
}
else
{
std::string current_ip(socket().get_remote_address().c_str());
LoginDatabase.escape_string(current_ip);
LoginDatabase.PExecute("INSERT INTO ip_banned VALUES ('%s',UNIX_TIMESTAMP(),UNIX_TIMESTAMP()+'%u','Trinity realmd','Failed login autoban')",
current_ip.c_str(), WrongPassBanTime);
sLog.outBasic("[AuthChallenge] IP %s got banned for '%u' seconds because account %s failed to authenticate '%u' times",
current_ip.c_str(), WrongPassBanTime, _login.c_str(), failed_logins);
}
}
}
}
}
return true;
}
void WorldSocket::InformationRetreiveCallback(WorldPacket & recvData, uint32 requestid)
{
if(requestid != mRequestID)
return;
uint32 error;
recvData >> error;
if(error != 0 || pAuthenticationPacket == NULL)
{
// something happened wrong @ the logon server
OutPacket(SMSG_AUTH_RESPONSE, 1, "\x0D");
return;
}
// Extract account information from the packet.
string AccountName;
const string * ForcedPermissions;
uint32 AccountID;
string GMFlags;
uint8 AccountFlags;
string lang = "enUS";
uint32 i;
recvData >> AccountID >> AccountName >> GMFlags >> AccountFlags;
ForcedPermissions = sLogonCommHandler.GetForcedPermissions(AccountName);
if( ForcedPermissions != NULL )
GMFlags.assign(ForcedPermissions->c_str());
sLog.outDebug( " >> got information packet from logon: `%s` ID %u (request %u)", AccountName.c_str(), AccountID, mRequestID);
// sLog.outColor(TNORMAL, "\n");
mRequestID = 0;
// Pull the session key.
uint8 K[40];
recvData.read(K, 40);
BigNumber BNK;
BNK.SetBinary(K, 40);
uint8 *key = new uint8[20];
WowCrypt::GenerateKey(key, K);
// Initialize crypto.
_crypt.SetKey(key, 20);
_crypt.Init();
delete [] key;
//checking if player is already connected
//disconnect corrent player and login this one(blizzlike)
if(recvData.rpos() != recvData.wpos())
recvData.read((uint8*)lang.data(), 4);
WorldSession *session = sWorld.FindSession( AccountID );
if( session)
{
// AUTH_FAILED = 0x0D
session->Disconnect();
// clear the logout timer so he times out straight away
session->SetLogoutTimer(1);
// we must send authentication failed here.
// the stupid newb can relog his client.
// otherwise accounts dupe up and disasters happen.
OutPacket(SMSG_AUTH_RESPONSE, 1, "\x15");
return;
}
Sha1Hash sha;
uint8 digest[20];
pAuthenticationPacket->read(digest, 20);
uint32 t = 0;
if( m_fullAccountName == NULL ) // should never happen !
sha.UpdateData(AccountName);
else
{
sha.UpdateData(*m_fullAccountName);
// this is unused now. we may as well free up the memory.
delete m_fullAccountName;
m_fullAccountName = NULL;
}
sha.UpdateData((uint8 *)&t, 4);
sha.UpdateData((uint8 *)&mClientSeed, 4);
sha.UpdateData((uint8 *)&mSeed, 4);
sha.UpdateBigNumbers(&BNK, NULL);
sha.Finalize();
if (memcmp(sha.GetDigest(), digest, 20))
{
// AUTH_UNKNOWN_ACCOUNT = 21
OutPacket(SMSG_AUTH_RESPONSE, 1, "\x15");
return;
}
// Allocate session
WorldSession * pSession = new WorldSession(AccountID, AccountName, this);
mSession = pSession;
ASSERT(mSession);
pSession->deleteMutex.Acquire();
// Set session properties
pSession->SetClientBuild(mClientBuild);
pSession->LoadSecurity(GMFlags);
pSession->SetAccountFlags(AccountFlags);
pSession->m_lastPing = (uint32)UNIXTIME;
pSession->language = sLocalizationMgr.GetLanguageId(lang);
if(recvData.rpos() != recvData.wpos())
recvData >> pSession->m_muted;
for(uint32 i = 0; i < 8; ++i)
pSession->SetAccountData(i, NULL, true, 0);
// queue the account loading
/*AsyncQuery * aq = new AsyncQuery( new SQLClassCallbackP1<World, uint32>(World::getSingletonPtr(), &World::LoadAccountDataProc, AccountID) );
aq->AddQuery("SELECT * FROM account_data WHERE acct = %u", AccountID);
CharacterDatabase.QueueAsyncQuery(aq);*/
if(sWorld.m_useAccountData)
{
QueryResult * pResult = CharacterDatabase.Query("SELECT * FROM account_data WHERE acct = %u", AccountID);
if( pResult == NULL )
CharacterDatabase.Execute("INSERT INTO account_data VALUES(%u, '', '', '', '', '', '', '', '', '')", AccountID);
else
{
size_t len;
const char * data;
char * d;
for(i = 0; i < 8; ++i)
{
data = pResult->Fetch()[1+i].GetString();
len = data ? strlen(data) : 0;
if(len > 1)
{
d = new char[len+1];
memcpy(d, data, len+1);
pSession->SetAccountData(i, d, true, (uint32)len);
}
}
delete pResult;
}
}
Log.Debug("Auth", "%s from %s:%u [%ums]", AccountName.c_str(), GetRemoteIP().c_str(), GetRemotePort(), _latency);
#ifdef SESSION_CAP
if( sWorld.GetSessionCount() >= SESSION_CAP )
{
OutPacket(SMSG_AUTH_RESPONSE, 1, "\x0D");
Disconnect();
return;
}
#endif
// Check for queue.
if( (sWorld.GetSessionCount() < sWorld.GetPlayerLimit()) || pSession->HasGMPermissions() ) {
Authenticate();
} else {
// Queued, sucker.
uint32 Position = sWorld.AddQueuedSocket(this);
mQueued = true;
Log.Debug("Queue", "%s added to queue in position %u", AccountName.c_str(), Position);
// Send packet so we know what we're doing
UpdateQueuePosition(Position);
}
pSession->deleteMutex.Release();
}
void WorldSocket::InformationRetreiveCallback(WorldPacket & recvData, uint32 requestid)
{
if(requestid != mRequestID)
return;
uint32 error;
recvData >> error;
if(error != 0)
{
// something happened wrong @ the logon server
OutPacket(SMSG_AUTH_RESPONSE, 1, "\x0D");
return;
}
// Extract account information from the packet.
string AccountName;
uint32 AccountID;
string GMFlags;
uint32 AccountFlags;
recvData >> AccountID >> AccountName >> GMFlags >> AccountFlags;
sLog.outDebug( " >> got information packet from logon: `%s` ID %u (request %u)", AccountName.c_str(), AccountID, mRequestID);
// sLog.outColor(TNORMAL, "\n");
mRequestID = 0;
// Pull the session key.
uint8 K[40];
recvData.read(K, 40);
BigNumber BNK;
BNK.SetBinary(K, 40);
// Initialize crypto.
_crypt.SetKey(K, 40);
_crypt.Init();
Session * session = sClientMgr.CreateSession(AccountID);
if(session == NULL)
{
/* we are already logged in. send auth failed. (if anyone has a better error lemme know :P) */
OutPacket(SMSG_AUTH_RESPONSE, 1, "\x0D");
return;
}
m_session = session;
session->m_socket = this;
Sha1Hash sha;
uint8 digest[20];
pAuthenticationPacket->read(digest, 20);
uint32 t = 0;
sha.UpdateData(AccountName);
sha.UpdateData((uint8 *)&t, 4);
sha.UpdateData((uint8 *)&mClientSeed, 4);
sha.UpdateData((uint8 *)&mSeed, 4);
sha.UpdateBigNumbers(&BNK, NULL);
sha.Finalize();
if (memcmp(sha.GetDigest(), digest, 20))
{
// AUTH_UNKNOWN_ACCOUNT = 21
OutPacket(SMSG_AUTH_RESPONSE, 1, "\x15");
return;
}
// Allocate session
m_session->m_accountFlags = AccountFlags;
m_session->m_GMPermissions = GMFlags;
m_session->m_accountId = AccountID;
m_session->m_latency = _latency;
m_session->m_accountName = AccountName;
Log.Notice("Auth", "%s from %s:%u [%ums]", AccountName.c_str(), GetRemoteIP().c_str(), GetRemotePort(), _latency);
Authenticate();
}
/// Logon Proof command handler
bool AuthSocket::_HandleLogonProof()
{
DEBUG_LOG("Entering _HandleLogonProof");
///- Read the packet
if (ibuf.GetLength() < sizeof(sAuthLogonProof_C))
return false;
sAuthLogonProof_C lp;
ibuf.Read((char *)&lp, sizeof(sAuthLogonProof_C));
///- Check if the client has one of the expected version numbers
bool valid_version = FindBuildInfo(_build) != NULL;
/// <ul><li> If the client has no valid version
/// Ignore if its trial client account
if(!valid_version && !_isTrial)
{
///- Check if we have the apropriate patch on the disk
// 24 = len("./patches/65535enGB.mpq")+1
char tmp[24];
// No buffer overflow (fixed length of arguments)
sprintf(tmp, "./patches/%d%s.mpq", _build, _localizationName.c_str());
// This will be closed at the destruction of the AuthSocket (client disconnection)
FILE *pFile = fopen(tmp, "rb");
if(!pFile)
{
ByteBuffer pkt;
pkt << (uint8) AUTH_LOGON_CHALLENGE;
pkt << (uint8) 0x00;
pkt << (uint8) WOW_FAIL_VERSION_INVALID;
DEBUG_LOG("[AuthChallenge] %u is not a valid client version!", _build);
DEBUG_LOG("[AuthChallenge] Patch %s not found", tmp);
SendBuf((char const*)pkt.contents(), pkt.size());
return true;
}
else // have patch
{
pPatch = pFile;
XFER_INIT xferh;
///- Get the MD5 hash of the patch file (get it from preloaded Patcher cache or calculate it)
if(PatchesCache.GetHash(tmp, (uint8*)&xferh.md5))
{
DEBUG_LOG("\n[AuthChallenge] Found precached patch info for patch %s", tmp);
}
else
{ // calculate patch md5
printf("\n[AuthChallenge] Patch info for %s was not cached.", tmp);
PatchesCache.LoadPatchMD5(tmp);
PatchesCache.GetHash(tmp, (uint8*)&xferh.md5);
}
///- Send a packet to the client with the file length and MD5 hash
uint8 data[2] = { AUTH_LOGON_PROOF, WOW_FAIL_VERSION_UPDATE };
SendBuf((const char*)data, sizeof(data));
memcpy(&xferh, "0\x05Patch", 7);
xferh.cmd = XFER_INITIATE;
fseek(pPatch, 0, SEEK_END);
xferh.file_size = ftell(pPatch);
SendBuf((const char*)&xferh, sizeof(xferh));
return true;
}
}
/// </ul>
///- Continue the SRP6 calculation based on data received from the client
BigNumber A;
A.SetBinary(lp.A, 32);
// SRP safeguard: abort if A==0
if (A.isZero())
return false;
Sha1Hash sha;
sha.UpdateBigNumbers(&A, &B, NULL);
sha.Finalize();
BigNumber u;
u.SetBinary(sha.GetDigest(), 20);
BigNumber S = (A * (v.ModExp(u, N))).ModExp(b, N);
uint8 t[32];
uint8 t1[16];
uint8 vK[40];
memcpy(t, S.AsByteArray(32), 32);
for (int i = 0; i < 16; ++i)
{
t1[i] = t[i * 2];
}
sha.Initialize();
sha.UpdateData(t1, 16);
sha.Finalize();
for (int i = 0; i < 20; ++i)
{
vK[i * 2] = sha.GetDigest()[i];
}
for (int i = 0; i < 16; ++i)
{
t1[i] = t[i * 2 + 1];
}
sha.Initialize();
sha.UpdateData(t1, 16);
sha.Finalize();
for (int i = 0; i < 20; ++i)
{
vK[i * 2 + 1] = sha.GetDigest()[i];
}
K.SetBinary(vK, 40);
uint8 hash[20];
sha.Initialize();
sha.UpdateBigNumbers(&N, NULL);
sha.Finalize();
memcpy(hash, sha.GetDigest(), 20);
sha.Initialize();
sha.UpdateBigNumbers(&g, NULL);
sha.Finalize();
for (int i = 0; i < 20; ++i)
{
hash[i] ^= sha.GetDigest()[i];
}
BigNumber t3;
t3.SetBinary(hash, 20);
sha.Initialize();
sha.UpdateData(_login);
sha.Finalize();
uint8 t4[SHA_DIGEST_LENGTH];
memcpy(t4, sha.GetDigest(), SHA_DIGEST_LENGTH);
sha.Initialize();
sha.UpdateBigNumbers(&t3, NULL);
sha.UpdateData(t4, SHA_DIGEST_LENGTH);
sha.UpdateBigNumbers(&s, &A, &B, &K, NULL);
sha.Finalize();
BigNumber M;
M.SetBinary(sha.GetDigest(), 20);
///- Check if SRP6 results match (password is correct), else send an error
if (!memcmp(M.AsByteArray(), lp.M1, 20))
{
BASIC_LOG("User '%s' successfully authenticated", _login.c_str());
///- Update the sessionkey, last_ip, last login time and reset number of failed logins in the account table for this account
// No SQL injection (escaped user name) and IP address as received by socket
const char* K_hex = K.AsHexStr();
loginDatabase.PExecute("UPDATE account SET sessionkey = '%s', last_ip = '%s', last_login = NOW(), locale = '%u', failed_logins = 0 WHERE username = '******'", K_hex, GetRemoteAddress().c_str(), GetLocaleByName(_localizationName), _safelogin.c_str() );
OPENSSL_free((void*)K_hex);
///- Finish SRP6 and send the final result to the client
sha.Initialize();
sha.UpdateBigNumbers(&A, &M, &K, NULL);
sha.Finalize();
SendProof(sha);
///- Set _authed to true!
_authed = true;
}
else
{
char data[4]= { AUTH_LOGON_PROOF, WOW_FAIL_UNKNOWN_ACCOUNT, 3, 0};
SendBuf(data, sizeof(data));
BASIC_LOG("[AuthChallenge] account %s tried to login with wrong password!",_login.c_str ());
uint32 MaxWrongPassCount = sConfig.GetIntDefault("WrongPass.MaxCount", 0);
if(MaxWrongPassCount > 0)
{
//Increment number of failed logins by one and if it reaches the limit temporarily ban that account or IP
loginDatabase.PExecute("UPDATE account SET failed_logins = failed_logins + 1 WHERE username = '******'",_safelogin.c_str());
if(QueryResult *loginfail = loginDatabase.PQuery("SELECT id, failed_logins FROM account WHERE username = '******'", _safelogin.c_str()))
{
Field* fields = loginfail->Fetch();
uint32 failed_logins = fields[1].GetUInt32();
if( failed_logins >= MaxWrongPassCount )
{
uint32 WrongPassBanTime = sConfig.GetIntDefault("WrongPass.BanTime", 600);
bool WrongPassBanType = sConfig.GetBoolDefault("WrongPass.BanType", false);
if(WrongPassBanType)
{
uint32 acc_id = fields[0].GetUInt32();
loginDatabase.PExecute("INSERT INTO account_banned VALUES ('%u',UNIX_TIMESTAMP(),UNIX_TIMESTAMP()+'%u','MaNGOS realmd','Failed login autoban',1)",
acc_id, WrongPassBanTime);
BASIC_LOG("[AuthChallenge] account %s got banned for '%u' seconds because it failed to authenticate '%u' times",
_login.c_str(), WrongPassBanTime, failed_logins);
}
else
{
std::string current_ip = GetRemoteAddress();
loginDatabase.escape_string(current_ip);
loginDatabase.PExecute("INSERT INTO ip_banned VALUES ('%s',UNIX_TIMESTAMP(),UNIX_TIMESTAMP()+'%u','MaNGOS realmd','Failed login autoban')",
current_ip.c_str(), WrongPassBanTime);
BASIC_LOG("[AuthChallenge] IP %s got banned for '%u' seconds because account %s failed to authenticate '%u' times",
current_ip.c_str(), WrongPassBanTime, _login.c_str(), failed_logins);
}
}
delete loginfail;
}
}
}
return true;
}
bool WorldSocket::HandleAuthSession(WorldPacket &recvPacket)
{
// NOTE: ATM the socket is singlethread, have this in mind ...
uint8 digest[20];
uint32 clientSeed, id, security;
uint32 ClientBuild;
LocaleConstant locale;
std::string account;
Sha1Hash sha1;
BigNumber v, s, g, N, K;
WorldPacket packet, SendAddonPacked;
// Read the content of the packet
recvPacket >> ClientBuild;
recvPacket.read_skip<uint32>();
recvPacket >> account;
recvPacket >> clientSeed;
recvPacket.read(digest, 20);
DEBUG_LOG("WorldSocket::HandleAuthSession: client build %u, account %s, clientseed %X",
ClientBuild,
account.c_str(),
clientSeed);
// Check the version of client trying to connect
if (!IsAcceptableClientBuild(ClientBuild))
{
packet.Initialize(SMSG_AUTH_RESPONSE, 1);
packet << uint8(AUTH_VERSION_MISMATCH);
SendPacket(packet);
sLog.outError("WorldSocket::HandleAuthSession: Sent Auth Response (version mismatch).");
return false;
}
// Get the account information from the realmd database
std::string safe_account = account; // Duplicate, else will screw the SHA hash verification below
LoginDatabase.escape_string(safe_account);
// No SQL injection, username escaped.
QueryResult* result =
LoginDatabase.PQuery("SELECT "
"id, " //0
"gmlevel, " //1
"sessionkey, " //2
"last_ip, " //3
"locked, " //4
"v, " //5
"s, " //6
"mutetime, " //7
"locale " //8
"FROM account "
"WHERE username = '******'",
safe_account.c_str());
// Stop if the account is not found
if (!result)
{
packet.Initialize(SMSG_AUTH_RESPONSE, 1);
packet << uint8(AUTH_UNKNOWN_ACCOUNT);
SendPacket(packet);
sLog.outError("WorldSocket::HandleAuthSession: Sent Auth Response (unknown account).");
return false;
}
Field* fields = result->Fetch();
N.SetHexStr("894B645E89E1535BBDAD5B8B290650530801B18EBFBF5E8FAB3C82872A3E9BB7");
g.SetDword(7);
v.SetHexStr(fields[5].GetString());
s.SetHexStr(fields[6].GetString());
m_s = s;
const char* sStr = s.AsHexStr(); // Must be freed by OPENSSL_free()
const char* vStr = v.AsHexStr(); // Must be freed by OPENSSL_free()
DEBUG_LOG("WorldSocket::HandleAuthSession: (s,v) check s: %s v: %s",
sStr,
vStr);
OPENSSL_free((void*) sStr);
OPENSSL_free((void*) vStr);
///- Re-check ip locking (same check as in realmd).
if (fields[4].GetUInt8() == 1) // if ip is locked
{
if (strcmp(fields[3].GetString(), GetRemoteAddress().c_str()))
{
packet.Initialize(SMSG_AUTH_RESPONSE, 1);
packet << uint8(AUTH_FAILED);
SendPacket(packet);
delete result;
BASIC_LOG("WorldSocket::HandleAuthSession: Sent Auth Response (Account IP differs).");
return false;
}
}
id = fields[0].GetUInt32();
security = fields[1].GetUInt16();
if (security > SEC_ADMINISTRATOR) // prevent invalid security settings in DB
security = SEC_ADMINISTRATOR;
K.SetHexStr(fields[2].GetString());
time_t mutetime = time_t (fields[7].GetUInt64());
uint8 tempLoc = LocaleConstant(fields[8].GetUInt8());
if (tempLoc >= static_cast<uint8>(MAX_LOCALE))
locale = LOCALE_enUS;
else
locale = LocaleConstant(tempLoc);
delete result;
// Re-check account ban (same check as in realmd)
QueryResult* banresult =
LoginDatabase.PQuery("SELECT 1 FROM account_banned WHERE id = %u AND active = 1 AND (unbandate > UNIX_TIMESTAMP() OR unbandate = bandate)"
"UNION "
"SELECT 1 FROM ip_banned WHERE (unbandate = bandate OR unbandate > UNIX_TIMESTAMP()) AND ip = '%s'",
id, GetRemoteAddress().c_str());
if (banresult) // if account banned
{
packet.Initialize(SMSG_AUTH_RESPONSE, 1);
packet << uint8(AUTH_BANNED);
SendPacket(packet);
delete banresult;
sLog.outError("WorldSocket::HandleAuthSession: Sent Auth Response (Account banned).");
return false;
}
// Check locked state for server
AccountTypes allowedAccountType = sWorld.GetPlayerSecurityLimit();
if (allowedAccountType > SEC_PLAYER && AccountTypes(security) < allowedAccountType)
{
WorldPacket Packet(SMSG_AUTH_RESPONSE, 1);
Packet << uint8(AUTH_UNAVAILABLE);
SendPacket(packet);
BASIC_LOG("WorldSocket::HandleAuthSession: User tries to login but his security level is not enough");
return false;
}
// Check that Key and account name are the same on client and server
Sha1Hash sha;
uint32 t = 0;
uint32 seed = m_seed;
sha.UpdateData(account);
sha.UpdateData((uint8*) & t, 4);
sha.UpdateData((uint8*) & clientSeed, 4);
sha.UpdateData((uint8*) & seed, 4);
sha.UpdateBigNumbers(&K, nullptr);
sha.Finalize();
if (memcmp(sha.GetDigest(), digest, 20))
{
packet.Initialize(SMSG_AUTH_RESPONSE, 1);
packet << uint8(AUTH_FAILED);
SendPacket(packet);
sLog.outError("WorldSocket::HandleAuthSession: Sent Auth Response (authentification failed).");
return false;
}
const std::string &address = GetRemoteAddress();
DEBUG_LOG("WorldSocket::HandleAuthSession: Client '%s' authenticated successfully from %s.",
account.c_str(),
address.c_str());
// Update the last_ip in the database
// No SQL injection, username escaped.
static SqlStatementID updAccount;
SqlStatement stmt = LoginDatabase.CreateStatement(updAccount, "UPDATE account SET last_ip = ? WHERE username = ?");
stmt.PExecute(address.c_str(), account.c_str());
if (!(m_session = new WorldSession(id, this, AccountTypes(security), mutetime, locale)))
return false;
m_crypt.Init(&K);
m_session->LoadTutorialsData();
sWorld.AddSession(m_session);
// Create and send the Addon packet
if (sAddOnHandler.BuildAddonPacket(recvPacket, SendAddonPacked))
SendPacket(SendAddonPacked);
return true;
}
void WorldSocket::InformationRetreiveCallback(WorldPacket & recvData, uint32 requestid)
{
if(requestid != mRequestID)
return;
uint32 error;
recvData >> error;
if(error != 0)
{
// something happened wrong @ the logon server
OutPacket(SMSG_AUTH_RESPONSE, 1, "\x0D");
printf("Information callback returns failure.\n");
return;
}
// Extract account information from the packet.
string AccountName;
uint32 AccountID;
string GMFlags;
uint8 AccountFlags;
recvData >> AccountID >> AccountName >> GMFlags >> AccountFlags;
printf( " >> got information packet from logon: `%s` ID %u (request %u)", AccountName.c_str(), AccountID, mRequestID);
// sLog.outColor(TNORMAL, "\n");
mRequestID = 0;
//Pull the session key.
recvData.read(K, 40);
_crypt.Init(K);
BigNumber BNK;
BNK.SetBinary(K, 40);
//checking if player is already connected
//disconnect current player and login this one(blizzlike)
string lang = "enUS";
if(recvData.rpos() != recvData.wpos())
recvData.read((uint8*)lang.data(), 4);
Session * session = sClientMgr.CreateSession(AccountID);
if(session == NULL)
{
/* we are already logged in. send auth failed. (if anyone has a better error lemme know :P) */
OutPacket(SMSG_AUTH_RESPONSE, 1, "\x0D");
printf("Duplicate client error.\n");
return;
}
m_session = session;
session->m_socket = this;
Sha1Hash sha;
uint8 digest[20];
pAuthenticationPacket->read(digest, 20);
uint32 t = 0;
if( m_fullAccountName == NULL ) // should never happen !
sha.UpdateData(AccountName);
else
{
sha.UpdateData(*m_fullAccountName);
// this is unused now. we may as well free up the memory.
delete m_fullAccountName;
m_fullAccountName = NULL;
}
sha.UpdateData((uint8 *)&t, 4);
sha.UpdateData((uint8 *)&mClientSeed, 4);
sha.UpdateData((uint8 *)&mSeed, 4);
sha.UpdateBigNumbers(&BNK, NULL);
sha.Finalize();
if (memcmp(sha.GetDigest(), digest, 20))
{
// AUTH_UNKNOWN_ACCOUNT = 21
OutPacket(SMSG_AUTH_RESPONSE, 1, "\x15");
return;
}
//_crypt.Init(digest);
// Allocate session
m_session->m_accountFlags = AccountFlags;
m_session->m_GMPermissions = GMFlags;
m_session->m_accountId = AccountID;
m_session->m_latency = _latency;
m_session->m_accountName = AccountName;
m_session->m_ClientBuild = mClientBuild;
Log.Notice("Auth", "%s from %s:%u [%ums]", AccountName.c_str(), GetRemoteIP().c_str(), GetRemotePort(), _latency);
Authenticate();
}
void WorldSocket::InformationRetreiveCallback(WorldPacket & recvData, uint32 requestid)
{
if(requestid != mRequestID)
return;
uint32 error;
recvData >> error;
if(error != 0 || pAuthenticationPacket == NULL)
{
// something happened wrong @ the logon server
OutPacket(SMSG_AUTH_RESPONSE, 1, "\x0D");
return;
}
// Extract account information from the packet.
string AccountName;
const string * ForcedPermissions;
uint32 AccountID;
string GMFlags;
uint8 AccountFlags;
string lang = "enUS";
uint32 i;
recvData >> AccountID >> AccountName >> GMFlags >> AccountFlags;
ForcedPermissions = sLogonCommHandler.GetForcedPermissions(AccountName);
if( ForcedPermissions != NULL )
GMFlags.assign(ForcedPermissions->c_str());
DEBUG_LOG( "WorldSocket","Received information packet from logon: `%s` ID %u (request %u)", AccountName.c_str(), AccountID, mRequestID);
mRequestID = 0;
// Pull the session key.
BigNumber BNK;
recvData.read(K, 40);
_crypt.Init(K);
BNK.SetBinary(K, 40);
//checking if player is already connected
//disconnect current player and login this one(blizzlike)
if(recvData.rpos() != recvData.wpos())
recvData.read((uint8*)lang.data(), 4);
WorldSession *session = NULL;
session = sWorld.FindSession( AccountID );
if( session != NULL )
{
if(session->_player != NULL && session->_player->GetMapMgr() == NULL)
{
DEBUG_LOG("WorldSocket","_player found without m_mapmgr during logon, trying to remove him [player %s, map %d, instance %d].", session->_player->GetName(), session->_player->GetMapId(), session->_player->GetInstanceID() );
if(objmgr.GetPlayer(session->_player->GetLowGUID()))
objmgr.RemovePlayer(session->_player);
session->LogoutPlayer(false);
}
// AUTH_FAILED = 0x0D
session->Disconnect();
// clear the logout timer so he times out straight away
session->SetLogoutTimer(1);
// we must send authentication failed here.
// the stupid newb can relog his client.
// otherwise accounts dupe up and disasters happen.
OutPacket(SMSG_AUTH_RESPONSE, 1, "\x15");
return;
}
Sha1Hash sha;
uint8 digest[20];
pAuthenticationPacket->read(digest, 20);
uint32 t = 0;
if( m_fullAccountName == NULL ) // should never happen !
sha.UpdateData(AccountName);
else
{
sha.UpdateData(*m_fullAccountName);
// this is unused now. we may as well free up the memory.
delete m_fullAccountName;
m_fullAccountName = NULL;
}
sha.UpdateData((uint8 *)&t, 4);
sha.UpdateData((uint8 *)&mClientSeed, 4);
sha.UpdateData((uint8 *)&mSeed, 4);
sha.UpdateBigNumbers(&BNK, NULL);
sha.Finalize();
if (memcmp(sha.GetDigest(), digest, 20))
{
// AUTH_UNKNOWN_ACCOUNT = 21
OutPacket(SMSG_AUTH_RESPONSE, 1, "\x15");
return;
}
// Allocate session
WorldSession * pSession = new WorldSession(AccountID, AccountName, this);
mSession = pSession;
ASSERT(mSession);
pSession->deleteMutex.Acquire();
// Set session properties
pSession->permissioncount = 0; // just to make sure it's 0
pSession->SetClientBuild(mClientBuild);
pSession->LoadSecurity(GMFlags);
pSession->SetAccountFlags(AccountFlags);
pSession->m_lastPing = (uint32)UNIXTIME;
if(recvData.rpos() != recvData.wpos())
recvData >> pSession->m_muted;
for(uint32 i = 0; i < 8; i++)
pSession->SetAccountData(i, NULL, true, 0);
if(sWorld.m_useAccountData)
{
QueryResult * pResult = CharacterDatabase.Query("SELECT * FROM account_data WHERE acct = %u", AccountID);
if( pResult == NULL )
CharacterDatabase.Execute("INSERT INTO account_data VALUES(%u, '', '', '', '', '', '', '', '', '')", AccountID);
else
{
char * d;
size_t len;
const char * data;
for(i = 0; i < 8; i++)
{
data = pResult->Fetch()[1+i].GetString();
len = data ? strlen(data) : 0;
if(len > 1)
{
d = new char[len+1];
memcpy(d, data, len+1);
pSession->SetAccountData(i, d, true, (uint32)len);
}
}
delete pResult;
}
}
DEBUG_LOG("Auth", "%s from %s:%u [%ums]", AccountName.c_str(), GetRemoteIP().c_str(), GetRemotePort(), _latency);
#ifdef SESSION_CAP
if( sWorld.GetSessionCount() >= SESSION_CAP )
{
OutPacket(SMSG_AUTH_RESPONSE, 1, "\x0D");
Disconnect();
return;
}
#endif
// Check for queue.
if( (sWorld.GetSessionCount() < sWorld.GetPlayerLimit()) || pSession->HasGMPermissions() )
Authenticate();
else
{
// Queued, sucker.
uint32 Position = sWorld.AddQueuedSocket(this);
mQueued = true;
DEBUG_LOG("Queue", "%s added to queue in position %u", AccountName.c_str(), Position);
// Send packet so we know what we're doing
UpdateQueuePosition(Position);
}
pSession->deleteMutex.Release();
}
int WorldSocket::HandleAuthSession(WorldPacket& recvPacket)
{
// NOTE: ATM the socket is singlethread, have this in mind ...
uint8 digest[20];
uint32 clientSeed;
uint32 serverId;
uint32 BuiltNumberClient;
uint32 id, security;
LocaleConstant locale;
std::string account, os;
BigNumber v, s, g, N, K;
WorldPacket packet, SendAddonPacked;
// Read the content of the packet
recvPacket >> BuiltNumberClient;
recvPacket >> serverId;
recvPacket >> account;
recvPacket >> clientSeed;
recvPacket.read(digest, 20);
DEBUG_LOG("WorldSocket::HandleAuthSession: client %u, serverId %u, account %s, clientseed %u",
BuiltNumberClient,
serverId,
account.c_str(),
clientSeed);
// Check the version of client trying to connect
if (!IsAcceptableClientBuild(BuiltNumberClient))
{
packet.Initialize(SMSG_AUTH_RESPONSE, 1);
packet << uint8(AUTH_VERSION_MISMATCH);
SendPacket(packet);
sLog.outError("WorldSocket::HandleAuthSession: Sent Auth Response (version mismatch).");
return -1;
}
// Get the account information from the realmd database
std::string safe_account = account; // Duplicate, else will screw the SHA hash verification below
LoginDatabase.escape_string(safe_account);
// No SQL injection, username escaped.
QueryResult *result = LoginDatabase.PQuery("SELECT a.id, aa.gmLevel, a.sessionkey, a.last_ip, a.locked, a.v, a.s, a.mutetime, a.locale, a.os, a.flags, "
"ab.unbandate > UNIX_TIMESTAMP() OR ab.unbandate = ab.bandate FROM account a LEFT JOIN account_access aa ON a.id = aa.id AND aa.RealmID IN (-1, %u) "
"LEFT JOIN account_banned ab ON a.id = ab.id AND ab.active = 1 WHERE a.username = '******' ORDER BY aa.RealmID DESC LIMIT 1", realmID, safe_account.c_str());
// Stop if the account is not found
if (!result)
{
packet.Initialize(SMSG_AUTH_RESPONSE, 1);
packet << uint8(AUTH_UNKNOWN_ACCOUNT);
SendPacket(packet);
sLog.outError("WorldSocket::HandleAuthSession: Sent Auth Response (unknown account).");
return -1;
}
Field* fields = result->Fetch();
N.SetHexStr("894B645E89E1535BBDAD5B8B290650530801B18EBFBF5E8FAB3C82872A3E9BB7");
g.SetDword(7);
v.SetHexStr(fields[5].GetString());
s.SetHexStr(fields[6].GetString());
const char* sStr = s.AsHexStr(); //Must be freed by OPENSSL_free()
const char* vStr = v.AsHexStr(); //Must be freed by OPENSSL_free()
DEBUG_LOG("WorldSocket::HandleAuthSession: (s,v) check s: %s v: %s",
sStr,
vStr);
OPENSSL_free((void*) sStr);
OPENSSL_free((void*) vStr);
///- Re-check ip locking (same check as in realmd).
if (fields[4].GetUInt8() == 1) // if ip is locked
{
if (strcmp(fields[3].GetString(), GetRemoteAddress().c_str()))
{
packet.Initialize(SMSG_AUTH_RESPONSE, 1);
packet << uint8(AUTH_FAILED);
SendPacket(packet);
delete result;
BASIC_LOG("WorldSocket::HandleAuthSession: Sent Auth Response (Account IP differs).");
return -1;
}
}
id = fields[0].GetUInt32();
security = sAccountMgr.GetSecurity(id); //fields[1].GetUInt16 ();
if (security > SEC_ADMINISTRATOR) // prevent invalid security settings in DB
security = SEC_ADMINISTRATOR;
K.SetHexStr(fields[2].GetString());
time_t mutetime = time_t (fields[7].GetUInt64());
locale = LocaleConstant(fields[8].GetUInt8());
if (locale >= MAX_LOCALE)
locale = LOCALE_enUS;
os = fields[9].GetString();
uint32 accFlags = fields[10].GetUInt32();
delete result;
bool isBanned = fields[11].GetBool();
if (isBanned || sAccountMgr.IsIPBanned(GetRemoteAddress()))
{
packet.Initialize(SMSG_AUTH_RESPONSE, 1);
packet << uint8(AUTH_BANNED);
SendPacket(packet);
sLog.outError("WorldSocket::HandleAuthSession: Sent Auth Response (Account banned).");
return -1;
}
// Check locked state for server
AccountTypes allowedAccountType = sWorld.GetPlayerSecurityLimit();
if (allowedAccountType > SEC_PLAYER && AccountTypes(security) < allowedAccountType)
{
WorldPacket Packet(SMSG_AUTH_RESPONSE, 1);
Packet << uint8(AUTH_UNAVAILABLE);
SendPacket(packet);
BASIC_LOG("WorldSocket::HandleAuthSession: User tries to login but his security level is not enough");
return -1;
}
// Check that Key and account name are the same on client and server
Sha1Hash sha;
uint32 t = 0;
uint32 seed = m_Seed;
sha.UpdateData(account);
sha.UpdateData((uint8 *) & t, 4);
sha.UpdateData((uint8 *) & clientSeed, 4);
sha.UpdateData((uint8 *) & seed, 4);
sha.UpdateBigNumbers(&K, NULL);
sha.Finalize();
if (memcmp(sha.GetDigest(), digest, 20))
{
packet.Initialize(SMSG_AUTH_RESPONSE, 1);
packet << uint8(AUTH_FAILED);
SendPacket(packet);
sLog.outError("WorldSocket::HandleAuthSession: Sent Auth Response (authentification failed).");
return -1;
}
std::string address = GetRemoteAddress();
DEBUG_LOG("WorldSocket::HandleAuthSession: Client '%s' authenticated successfully from %s.",
account.c_str(),
address.c_str());
// Update the last_ip in the database
// No SQL injection, username escaped.
static SqlStatementID updAccount;
SqlStatement stmt = LoginDatabase.CreateStatement(updAccount, "UPDATE account SET last_ip = ? WHERE username = ?");
stmt.PExecute(address.c_str(), account.c_str());
// NOTE ATM the socket is single-threaded, have this in mind ...
ACE_NEW_RETURN(m_Session, WorldSession(id, this, AccountTypes(security), mutetime, locale), -1);
m_Crypt.SetKey(K.AsByteArray());
m_Crypt.Init();
m_Session->SetUsername(account);
m_Session->SetGameBuild(BuiltNumberClient);
m_Session->SetAccountFlags(accFlags);
ClientOSType clientOs;
if (os == "niW")
clientOs = CLIENT_OS_WIN;
else if (os == "XSO")
clientOs = CLIENT_OS_MAC;
else
{
sLog.outError("WorldSocket::HandleAuthSession: Unrecognized OS '%s' for account '%s' from %s", os.c_str(), account.c_str(), address.c_str());
return -1;
}
m_Session->SetOS(clientOs);
m_Session->LoadTutorialsData();
m_Session->InitWarden(&K);
// In case needed sometime the second arg is in microseconds 1 000 000 = 1 sec
ACE_OS::sleep(ACE_Time_Value(0, 10000));
sWorld.AddSession(m_Session);
// Create and send the Addon packet
if (sAddOnHandler.BuildAddonPacket(&recvPacket, &SendAddonPacked))
SendPacket(SendAddonPacked);
return 0;
}
/// Handle the client authentication packet
void WorldSocket::_HandleAuthSession(WorldPacket& recvPacket)
{
uint8 digest[20];
uint32 clientSeed;
uint32 unk2;
uint32 BuiltNumberClient;
uint32 id, security;
std::string account;
Sha1Hash I;
Sha1Hash sha1;
BigNumber v, s, g, N, x;
std::string password;
WorldPacket packet, SendAddonPacked;
BigNumber K;
///- Read the content of the packet
try
{
recvPacket >> BuiltNumberClient; // for now no use
recvPacket >> unk2;
recvPacket >> account;
recvPacket >> clientSeed;
recvPacket.read(digest, 20);
}
catch(ByteBuffer::error &)
{
sLog.outError("WorldSocket::_HandleAuthSession Get Incomplete packet");
return;
}
sLog.outDebug("Auth: client %u, unk2 %u, account %s, clientseed %u", BuiltNumberClient, unk2, account.c_str(), clientSeed);
///- Get the account information from the realmd database
std::string safe_account=account; // Duplicate, else will screw the SHA hash verification below
loginDatabase.escape_string(safe_account);
//No SQL injection, username escaped.
QueryResult *result = loginDatabase.PQuery("SELECT `id`,`gmlevel`,`sessionkey`,`last_ip`,`locked`, `password`, `v`, `s`, `banned` FROM `account` WHERE `username` = '%s'", safe_account.c_str());
///- Stop if the account is not found
if ( !result )
{
packet.Initialize( SMSG_AUTH_RESPONSE, 1 );
packet << uint8( AUTH_UNKNOWN_ACCOUNT );
SendPacket( &packet );
sLog.outDetail( "SOCKET: Sent Auth Response (unknown account)." );
return;
}
N.SetHexStr("894B645E89E1535BBDAD5B8B290650530801B18EBFBF5E8FAB3C82872A3E9BB7");
g.SetDword(7);
password = (*result)[5].GetString();
std::transform(password.begin(), password.end(), password.begin(), std::towupper);
s.SetHexStr((*result)[7].GetString());
std::string sI = account + ":" + password;
I.UpdateData(sI);
I.Finalize();
sha1.UpdateData(s.AsByteArray(), s.GetNumBytes());
sha1.UpdateData(I.GetDigest(), 20);
sha1.Finalize();
x.SetBinary(sha1.GetDigest(), sha1.GetLength());
v = g.ModExp(x, N);
sLog.outDebug("SOCKET: (s,v) check s: %s v_old: %s v_new: %s", s.AsHexStr(), (*result)[6].GetString(), v.AsHexStr() );
loginDatabase.PQuery("UPDATE `account` SET `v` = '0', `s` = '0' WHERE `username` = '%s'", safe_account.c_str());
if ( strcmp(v.AsHexStr(),(*result)[6].GetString() ) )
{
packet.Initialize( SMSG_AUTH_RESPONSE, 1 );
packet << uint8( AUTH_UNKNOWN_ACCOUNT );
SendPacket( &packet );
sLog.outDetail( "SOCKET: User not logged.");
delete result;
return;
}
///- Re-check ip locking (same check as in realmd).
if((*result)[4].GetUInt8() == 1) // if ip is locked
{
if ( strcmp((*result)[3].GetString(),GetRemoteAddress().c_str()) )
{
packet.Initialize( SMSG_AUTH_RESPONSE, 1 );
packet << uint8( REALM_AUTH_ACCOUNT_FREEZED );
SendPacket( &packet );
sLog.outDetail( "SOCKET: Sent Auth Response (Account IP differs)." );
delete result;
return;
}
}
///- Re-check account ban (same check as in realmd).
if((*result)[8].GetUInt8() == 1) // if account banned
{
packet.Initialize( SMSG_AUTH_RESPONSE, 1 );
packet << uint8( AUTH_BANNED );
SendPacket( &packet );
sLog.outDetail( "SOCKET: Sent Auth Response (Account banned)." );
delete result;
return;
}
id = (*result)[0].GetUInt32();
security = (*result)[1].GetUInt16();
K.SetHexStr((*result)[2].GetString());
delete result;
///- Check that we do not exceed the maximum number of online players in the realm
uint32 num = sWorld.GetSessionCount();
if (sWorld.GetPlayerLimit() > 0 && num >= sWorld.GetPlayerLimit() && security == 0)
{
/// \todo Handle the waiting queue when the server is full
SendAuthWaitQue(1);
sLog.outDetail( "SOCKET: Sent Auth Response (server queue)." );
return;
}
///- kick already loaded player with same account (if any) and remove session
///- if player is in loading and want to load again, return
if(!sWorld.RemoveSession(id))
{
return;
}
///- Check that Key and account name are the same on client and server
Sha1Hash sha;
uint32 t = 0;
uint32 seed = _seed;
sha.UpdateData(account);
sha.UpdateData((uint8 *)&t, 4);
sha.UpdateData((uint8 *)&clientSeed, 4);
sha.UpdateData((uint8 *)&seed, 4);
sha.UpdateBigNumbers(&K, NULL);
sha.Finalize();
if (memcmp(sha.GetDigest(), digest, 20))
{
packet.Initialize( SMSG_AUTH_RESPONSE, 1 );
packet << uint8( AUTH_FAILED );
SendPacket( &packet );
sLog.outDetail( "SOCKET: Sent Auth Response (authentification failed)." );
return;
}
///- Initialize the encryption with the Key
_crypt.SetKey(K.AsByteArray(), 40);
_crypt.Init();
///- Send 'Auth is ok'
packet.Initialize( SMSG_AUTH_RESPONSE, 1+4+1+4 );
packet << uint8( AUTH_OK );
packet << (uint32)0; // unknown random value...
packet << (uint8)2;
packet << (uint32)0;
SendPacket(&packet);
///- Create a new WorldSession for the player and add it to the World
_session = new WorldSession(id, this,security);
sWorld.AddSession(_session);
sLog.outDebug( "SOCKET: Client '%s' authenticated successfully.", account.c_str() );
sLog.outDebug( "Account: '%s' Logged in from IP %s.", account.c_str(), GetRemoteAddress().c_str());
///- Update the last_ip in the database
//No SQL injection, username escaped.
loginDatabase.PQuery("UPDATE `account` SET `last_ip` = '%s' WHERE `username` = '%s'",GetRemoteAddress().c_str(), safe_account.c_str());
// do small delay (10ms) at accepting successful authed connection to prevent droping packets by client
// don't must harm anyone (let login ~100 accounts in 1 sec ;) )
#ifdef WIN32
Sleep(10);
#endif
///- Create and send the Addon packet
if(sAddOnHandler.BuildAddonPacket(&recvPacket, &SendAddonPacked, recvPacket.rpos()))
SendPacket(&SendAddonPacked);
return;
}
int WorldSocket::HandleAuthSession (WorldPacket& recvPacket)
{
// NOTE: ATM the socket is singlethread, have this in mind ...
uint8 digest[20];
uint32 clientSeed;
uint32 unk2;
uint32 BuiltNumberClient;
uint32 id, security;
//uint8 expansion = 0;
LocaleConstant locale;
std::string account;
Sha1Hash sha1;
BigNumber v, s, g, N;
WorldPacket packet, SendAddonPacked;
BigNumber K;
// Read the content of the packet
recvPacket >> BuiltNumberClient;
recvPacket >> unk2;
recvPacket >> account;
recvPacket >> clientSeed;
recvPacket.read (digest, 20);
DEBUG_LOG ("WorldSocket::HandleAuthSession: client %u, unk2 %u, account %s, clientseed %u",
BuiltNumberClient,
unk2,
account.c_str (),
clientSeed);
// Check the version of client trying to connect
if (!IsAcceptableClientBuild(BuiltNumberClient))
{
packet.Initialize (SMSG_AUTH_RESPONSE, 1);
packet << uint8 (AUTH_VERSION_MISMATCH);
SendPacket (packet);
sLog.outError ("WorldSocket::HandleAuthSession: Sent Auth Response (version mismatch).");
return -1;
}
// Get the account information from the realmd database
std::string safe_account = account; // Duplicate, else will screw the SHA hash verification below
LoginDatabase.escape_string (safe_account);
// No SQL injection, username escaped.
QueryResult_AutoPtr result = LoginDatabase.PQuery ("SELECT "
"id, " //0
"gmlevel, " //1
"sessionkey, " //2
"last_ip, " //3
"locked, " //4
"v, " //5
"s, " //6
"expansion, " //7
"mutetime, " //8
"locale " //9
"FROM account "
"WHERE username = '******'",
safe_account.c_str ());
// Stop if the account is not found
if (!result)
{
packet.Initialize (SMSG_AUTH_RESPONSE, 1);
packet << uint8 (AUTH_UNKNOWN_ACCOUNT);
SendPacket (packet);
sLog.outError ("WorldSocket::HandleAuthSession: Sent Auth Response (unknown account).");
return -1;
}
Field* fields = result->Fetch ();
uint8 expansion = fields[7].GetUInt8();
uint32 world_expansion = sWorld.getConfig(CONFIG_EXPANSION);
if (expansion > world_expansion)
expansion = world_expansion;
//expansion = ((sWorld.getConfig(CONFIG_EXPANSION) > fields[7].GetUInt8()) ? fields[7].GetUInt8() : sWorld.getConfig(CONFIG_EXPANSION));
N.SetHexStr ("894B645E89E1535BBDAD5B8B290650530801B18EBFBF5E8FAB3C82872A3E9BB7");
g.SetDword (7);
v.SetHexStr(fields[5].GetString());
s.SetHexStr (fields[6].GetString ());
const char* sStr = s.AsHexStr (); //Must be freed by OPENSSL_free()
const char* vStr = v.AsHexStr (); //Must be freed by OPENSSL_free()
DEBUG_LOG ("WorldSocket::HandleAuthSession: (s,v) check s: %s v: %s",
sStr,
vStr);
OPENSSL_free ((void*) sStr);
OPENSSL_free ((void*) vStr);
// Re-check ip locking (same check as in realmd).
if (fields[4].GetUInt8 () == 1) // if ip is locked
{
if (strcmp (fields[3].GetString (), GetRemoteAddress ().c_str ()))
{
packet.Initialize (SMSG_AUTH_RESPONSE, 1);
packet << uint8 (AUTH_FAILED);
SendPacket (packet);
sLog.outBasic ("WorldSocket::HandleAuthSession: Sent Auth Response (Account IP differs).");
return -1;
}
}
id = fields[0].GetUInt32 ();
security = fields[1].GetUInt16 ();
K.SetHexStr (fields[2].GetString ());
time_t mutetime = time_t (fields[8].GetUInt64 ());
locale = LocaleConstant (fields[9].GetUInt8 ());
if (locale >= MAX_LOCALE)
locale = LOCALE_enUS;
// Re-check account ban (same check as in realmd)
QueryResult_AutoPtr banresult = LoginDatabase.PQuery ("SELECT "
"bandate, "
"unbandate "
"FROM account_banned "
"WHERE id = '%u' "
"AND active = 1",
id);
if (banresult) // if account banned
{
packet.Initialize (SMSG_AUTH_RESPONSE, 1);
packet << uint8 (AUTH_BANNED);
SendPacket (packet);
sLog.outError ("WorldSocket::HandleAuthSession: Sent Auth Response (Account banned).");
return -1;
}
// Check locked state for server
sWorld.UpdateAllowedSecurity();
AccountTypes allowedAccountType = sWorld.GetPlayerSecurityLimit ();
sLog.outDebug("Allowed Level: %u Player Level %u", allowedAccountType, AccountTypes(security));
if (allowedAccountType > SEC_PLAYER && security < allowedAccountType)
{
WorldPacket Packet (SMSG_AUTH_RESPONSE, 1);
Packet << uint8 (AUTH_UNAVAILABLE);
SendPacket (packet);
sLog.outDetail ("WorldSocket::HandleAuthSession: User tries to login but his security level is not enough");
return -1;
}
// Check that Key and account name are the same on client and server
Sha1Hash sha;
uint32 t = 0;
uint32 seed = m_Seed;
sha.UpdateData (account);
sha.UpdateData ((uint8 *) & t, 4);
sha.UpdateData ((uint8 *) & clientSeed, 4);
sha.UpdateData ((uint8 *) & seed, 4);
sha.UpdateBigNumbers (&K, NULL);
sha.Finalize ();
if (memcmp (sha.GetDigest (), digest, 20))
{
packet.Initialize (SMSG_AUTH_RESPONSE, 1);
packet << uint8 (AUTH_FAILED);
SendPacket (packet);
sLog.outError ("WorldSocket::HandleAuthSession: Sent Auth Response (authentification failed).");
return -1;
}
std::string address = GetRemoteAddress();
DEBUG_LOG ("WorldSocket::HandleAuthSession: Client '%s' authenticated successfully from %s.",
account.c_str(),
address.c_str());
// Update the last_ip in the database
// No SQL injection, username escaped.
LoginDatabase.escape_string (address);
LoginDatabase.PExecute ("UPDATE account "
"SET last_ip = '%s' "
"WHERE username = '******'",
address.c_str(),
safe_account.c_str());
// NOTE ATM the socket is single-threaded, have this in mind ...
ACE_NEW_RETURN (m_Session, WorldSession (id, this, security, expansion, mutetime, locale), -1);
m_Crypt.SetKey(&K);
m_Crypt.Init();
// Sleep this Network thread for
uint32 sleepTime = sWorld.getConfig(CONFIG_SESSION_ADD_DELAY);
ACE_OS::sleep(ACE_Time_Value (0, sleepTime));
sWorld.AddSession (m_Session);
// Create and send the Addon packet
if (sAddOnHandler.BuildAddonPacket (&recvPacket, &SendAddonPacked))
SendPacket(SendAddonPacked);
return 0;
}
/// Logon Proof command handler
bool AuthSocket::_HandleLogonProof()
{
DEBUG_LOG("Entering _HandleLogonProof");
///- Read the packet
if (ibuf.GetLength() < sizeof(sAuthLogonProof_C))
return false;
sAuthLogonProof_C lp;
ibuf.Read((char *)&lp, sizeof(sAuthLogonProof_C));
///- Continue the SRP6 calculation based on data received from the client
BigNumber A;
A.SetBinary(lp.A, 32);
Sha1Hash sha;
sha.UpdateBigNumbers(&A, &B, NULL);
sha.Finalize();
BigNumber u;
u.SetBinary(sha.GetDigest(), 20);
BigNumber S = (A * (v.ModExp(u, N))).ModExp(b, N);
uint8 t[32];
uint8 t1[16];
uint8 vK[40];
memcpy(t, S.AsByteArray(), 32);
for (int i = 0; i < 16; i++)
{
t1[i] = t[i*2];
}
sha.Initialize();
sha.UpdateData(t1, 16);
sha.Finalize();
for (int i = 0; i < 20; i++)
{
vK[i*2] = sha.GetDigest()[i];
}
for (int i = 0; i < 16; i++)
{
t1[i] = t[i*2+1];
}
sha.Initialize();
sha.UpdateData(t1, 16);
sha.Finalize();
for (int i = 0; i < 20; i++)
{
vK[i*2+1] = sha.GetDigest()[i];
}
K.SetBinary(vK, 40);
uint8 hash[20];
sha.Initialize();
sha.UpdateBigNumbers(&N, NULL);
sha.Finalize();
memcpy(hash, sha.GetDigest(), 20);
sha.Initialize();
sha.UpdateBigNumbers(&g, NULL);
sha.Finalize();
for (int i = 0; i < 20; i++)
{
hash[i] ^= sha.GetDigest()[i];
}
BigNumber t3;
t3.SetBinary(hash, 20);
sha.Initialize();
sha.UpdateData(_login);
sha.Finalize();
uint8 t4[SHA_DIGEST_LENGTH];
memcpy(t4, sha.GetDigest(), SHA_DIGEST_LENGTH);
sha.Initialize();
sha.UpdateBigNumbers(&t3, NULL);
sha.UpdateData(t4, SHA_DIGEST_LENGTH);
sha.UpdateBigNumbers(&s, &A, &B, &K, NULL);
sha.Finalize();
BigNumber M;
M.SetBinary(sha.GetDigest(), 20);
///- Check if SRP6 results match (password is correct), else send an error
if (!memcmp(M.AsByteArray(), lp.M1, 20))
{
sLog.outBasic("User '%s' successfully authenticated", _login.c_str());
///- Update the sessionkey, last_ip, last login time and reset number of failed logins in the account table for this account
// No SQL injection (escaped user name) and IP address as received by socket
const char* K_hex = K.AsHexStr();
dbRealmServer.PExecute("UPDATE account SET sessionkey = '%s', last_ip = '%s', last_login = NOW(), locale = '%u', failed_logins = 0 WHERE username = '******'", K_hex, GetRemoteAddress().c_str(), _localization, _safelogin.c_str() );
OPENSSL_free((void*)K_hex);
///- Finish SRP6 and send the final result to the client
sha.Initialize();
sha.UpdateBigNumbers(&A, &M, &K, NULL);
sha.Finalize();
sAuthLogonProof_S proof;
memcpy(proof.M2, sha.GetDigest(), 20);
proof.cmd = AUTH_LOGON_PROOF;
proof.error = 0;
proof.unk1 = 0x00800000;
proof.unk2 = 0x00;
proof.unk3 = 0x00;
SendBuf((char *)&proof, sizeof(proof));
///- Set _authed to true!
_authed = true;
}
else
{
char data[4]={AUTH_LOGON_PROOF,REALM_AUTH_NO_MATCH,3,0};
SendBuf(data,sizeof(data));
sLog.outBasic("[AuthChallenge] account %s tried to login with wrong password!",_login.c_str ());
uint32 MaxWrongPassCount = sConfig.GetIntDefault("WrongPass.MaxCount", 0);
if(MaxWrongPassCount > 0)
{
//Increment number of failed logins by one and if it reaches the limit temporarily ban that account or IP
dbRealmServer.PExecute("UPDATE account SET failed_logins = failed_logins + 1 WHERE username = '******'",_safelogin.c_str());
if(QueryResult *loginfail = dbRealmServer.PQuery("SELECT id, failed_logins FROM account WHERE username = '******'", _safelogin.c_str()))
{
Field* fields = loginfail->Fetch();
uint32 failed_logins = fields[1].GetUInt32();
if( failed_logins >= MaxWrongPassCount )
{
uint32 WrongPassBanTime = sConfig.GetIntDefault("WrongPass.BanTime", 600);
bool WrongPassBanType = sConfig.GetBoolDefault("WrongPass.BanType", false);
if(WrongPassBanType)
{
uint32 acc_id = fields[0].GetUInt32();
dbRealmServer.PExecute("INSERT INTO account_banned VALUES ('%u',UNIX_TIMESTAMP(),UNIX_TIMESTAMP()+'%u','MaNGOS realmd','Failed login autoban',1)",
acc_id, WrongPassBanTime);
sLog.outBasic("[AuthChallenge] account %s got banned for '%u' seconds because it failed to authenticate '%u' times",
_login.c_str(), WrongPassBanTime, failed_logins);
}
else
{
std::string current_ip = GetRemoteAddress();
dbRealmServer.escape_string(current_ip);
dbRealmServer.PExecute("INSERT INTO ip_banned VALUES ('%s',UNIX_TIMESTAMP(),UNIX_TIMESTAMP()+'%u','MaNGOS realmd','Failed login autoban')",
current_ip.c_str(), WrongPassBanTime);
sLog.outBasic("[AuthChallenge] IP %s got banned for '%u' seconds because account %s failed to authenticate '%u' times",
current_ip.c_str(), WrongPassBanTime, _login.c_str(), failed_logins);
}
}
delete loginfail;
}
}
}
return true;
}
/// Logon Proof command handler
bool AuthSocket::_HandleLogonProof()
{
DEBUG_LOG("Entering _HandleLogonProof");
///- Read the packet
if (ibuf.GetLength() < sizeof(sAuthLogonProof_C))
return false;
sAuthLogonProof_C lp;
ibuf.Read((char *)&lp, sizeof(sAuthLogonProof_C));
///- Continue the SRP6 calculation based on data received from the client
BigNumber A;
A.SetBinary(lp.A, 32);
Sha1Hash sha;
sha.UpdateBigNumbers(&A, &B, NULL);
sha.Finalize();
BigNumber u;
u.SetBinary(sha.GetDigest(), 20);
BigNumber S = (A * (v.ModExp(u, N))).ModExp(b, N);
uint8 t[32];
uint8 t1[16];
uint8 vK[40];
memcpy(t, S.AsByteArray(), 32);
for (int i = 0; i < 16; i++)
{
t1[i] = t[i*2];
}
sha.Initialize();
sha.UpdateData(t1, 16);
sha.Finalize();
for (int i = 0; i < 20; i++)
{
vK[i*2] = sha.GetDigest()[i];
}
for (int i = 0; i < 16; i++)
{
t1[i] = t[i*2+1];
}
sha.Initialize();
sha.UpdateData(t1, 16);
sha.Finalize();
for (int i = 0; i < 20; i++)
{
vK[i*2+1] = sha.GetDigest()[i];
}
K.SetBinary(vK, 40);
uint8 hash[20];
sha.Initialize();
sha.UpdateBigNumbers(&N, NULL);
sha.Finalize();
memcpy(hash, sha.GetDigest(), 20);
sha.Initialize();
sha.UpdateBigNumbers(&g, NULL);
sha.Finalize();
for (int i = 0; i < 20; i++)
{
hash[i] ^= sha.GetDigest()[i];
}
BigNumber t3;
t3.SetBinary(hash, 20);
sha.Initialize();
sha.UpdateData(_login);
sha.Finalize();
BigNumber t4;
t4.SetBinary(sha.GetDigest(), 20);
sha.Initialize();
sha.UpdateBigNumbers(&t3, &t4, &s, &A, &B, &K, NULL);
sha.Finalize();
BigNumber M;
M.SetBinary(sha.GetDigest(), 20);
///- Check if SRP6 results match (password is correct), else send an error
if (!memcmp(M.AsByteArray(), lp.M1, 20))
{
sLog.outBasic("User '%s' successfully authenticated", _login.c_str());
///- Update the sessionkey, last_ip and last login time in the account table for this account
// No SQL injection (escaped user name) and IP address as received by socket
dbRealmServer.PExecute("UPDATE `account` SET `sessionkey` = '%s', `last_ip` = '%s', `last_login` = NOW(), `locale` = '%u' WHERE `username` = '%s'",K.AsHexStr(), GetRemoteAddress().c_str(), _localization, _safelogin.c_str() );
///- Finish SRP6 and send the final result to the client
sha.Initialize();
sha.UpdateBigNumbers(&A, &M, &K, NULL);
sha.Finalize();
sAuthLogonProof_S proof;
memcpy(proof.M2, sha.GetDigest(), 20);
proof.cmd = AUTH_LOGON_PROOF;
proof.error = 0;
proof.unk2 = 0;
proof.unk3 = 0;
SendBuf((char *)&proof, sizeof(proof));
///- Set _authed to true!
_authed = true;
}
else
{
char data[4]={AUTH_LOGON_PROOF,REALM_AUTH_NO_MATCH,3,0};
SendBuf(data,sizeof(data));
}
return true;
}
void AuthSocket::HandleProof()
{
if(readBuffer.GetSize() < sizeof(sAuthLogonProof_C))
{
LOG_ERROR("[AuthLogonProof] The packet received is larger than expected, refusing to handle it!");
return ;
}
// patch
if(m_patch && !m_account)
{
//RemoveReadBufferBytes(75,false);
readBuffer.Remove(75);
LOG_DEBUG("[AuthLogonProof] Intitiating PatchJob");
uint8 bytes[2] = {0x01, 0x0a};
Send(bytes, 2);
PatchMgr::getSingleton().InitiatePatch(m_patch, this);
return;
}
if(!m_account)
return;
LOG_DEBUG("[AuthLogonProof] Interleaving and checking proof...");
sAuthLogonProof_C lp;
//Read(sizeof(sAuthLogonProof_C), (uint8*)&lp);
readBuffer.Read(&lp, sizeof(sAuthLogonProof_C));
////////////////////////////////////////////////////// SRP6 ///////////////////////////////////////////////
//Now comes the famous secret Xi Chi fraternity handshake ( http://www.youtube.com/watch?v=jJSYBoI2si0 ),
//generating a session key
//
// A = g^a % N
// u = SHA1( A | B )
//
//
BigNumber A;
A.SetBinary(lp.A, 32);
Sha1Hash sha;
sha.UpdateBigNumbers(&A, &B, 0);
sha.Finalize();
BigNumber u;
u.SetBinary(sha.GetDigest(), 20);
// S session key key, S = ( A * v^u ) ^ b
BigNumber S = (A * (v.ModExp(u, N))).ModExp(b, N);
// Generate M
// M = H(H(N) xor H(g), H(I), s, A, B, K) according to http://srp.stanford.edu/design.html
uint8 t[32];
uint8 t1[16];
uint8 vK[40];
memcpy(t, S.AsByteArray(), 32);
for(int i = 0; i < 16; i++)
{
t1[i] = t[i * 2];
}
sha.Initialize();
sha.UpdateData(t1, 16);
sha.Finalize();
for(int i = 0; i < 20; i++)
{
vK[i * 2] = sha.GetDigest()[i];
}
for(int i = 0; i < 16; i++)
{
t1[i] = t[i * 2 + 1];
}
sha.Initialize();
sha.UpdateData(t1, 16);
sha.Finalize();
for(int i = 0; i < 20; i++)
{
vK[i * 2 + 1] = sha.GetDigest()[i];
}
m_sessionkey.SetBinary(vK, 40);
uint8 hash[20];
sha.Initialize();
sha.UpdateBigNumbers(&N, NULL);
sha.Finalize();
memcpy(hash, sha.GetDigest(), 20);
sha.Initialize();
sha.UpdateBigNumbers(&g, NULL);
sha.Finalize();
for(int i = 0; i < 20; i++)
{
hash[i] ^= sha.GetDigest()[i];
}
BigNumber t3;
t3.SetBinary(hash, 20);
sha.Initialize();
sha.UpdateData((const uint8*)m_account->UsernamePtr->c_str(), (int)m_account->UsernamePtr->size());
sha.Finalize();
BigNumber t4;
t4.SetBinary(sha.GetDigest(), 20);
sha.Initialize();
sha.UpdateBigNumbers(&t3, &t4, &s, &A, &B, &m_sessionkey, NULL);
sha.Finalize();
BigNumber M;
M.SetBinary(sha.GetDigest(), 20);
// Compare the M value the client sent us to the one we generated, this proves we both have the same values
// which proves we have the same username-password pairs
if(memcmp(lp.M1, M.AsByteArray(), 20) != 0)
{
// Authentication failed.
//SendProofError(4, 0);
SendChallengeError(CE_NO_ACCOUNT);
LOG_DEBUG("[AuthLogonProof] M values don't match. ( Either invalid password or the logon server is bugged. )");
return;
}
// Store sessionkey
m_account->SetSessionKey(m_sessionkey.AsByteArray());
// let the client know
sha.Initialize();
sha.UpdateBigNumbers(&A, &M, &m_sessionkey, 0);
sha.Finalize();
SendProofError(0, sha.GetDigest());
LOG_DEBUG("[AuthLogonProof] Authentication Success.");
// we're authenticated now :)
m_authenticated = true;
// Don't update when IP banned, but update anyway if it's an account ban
sLogonSQL->Execute("UPDATE accounts SET lastlogin=NOW(), lastip='%s' WHERE acct=%u;", GetRemoteIP().c_str(), m_account->AccountId);
}
void AuthSocket::HandleProof()
{
if(!m_account || !HasBytes(sizeof(sAuthLogonProof_C)))
return ;
sLog.outDebug("[AuthLogonProof] Interleaving and checking proof...");
sAuthLogonProof_C lp;
ReadBytes((u8*)&lp, sizeof(sAuthLogonProof_C));
BigNumber A;
A.SetBinary(lp.A, 32);
Sha1Hash sha;
sha.UpdateBigNumbers(&A, &B, 0);
sha.Finalize();
BigNumber u;
u.SetBinary(sha.GetDigest(), 20);
BigNumber S = (A * (v.ModExp(u, N))).ModExp(b, N);
uint8 t[32];
uint8 t1[16];
uint8 vK[40];
memcpy(t, S.AsByteArray(), 32);
for (int i = 0; i < 16; i++)
{
t1[i] = t[i*2];
}
sha.Initialize();
sha.UpdateData(t1, 16);
sha.Finalize();
for (int i = 0; i < 20; i++)
{
vK[i*2] = sha.GetDigest()[i];
}
for (int i = 0; i < 16; i++)
{
t1[i] = t[i*2+1];
}
sha.Initialize();
sha.UpdateData(t1, 16);
sha.Finalize();
for (int i = 0; i < 20; i++)
{
vK[i*2+1] = sha.GetDigest()[i];
}
m_sessionkey.SetBinary(vK, 40);
uint8 hash[20];
sha.Initialize();
sha.UpdateBigNumbers(&N, NULL);
sha.Finalize();
memcpy(hash, sha.GetDigest(), 20);
sha.Initialize();
sha.UpdateBigNumbers(&g, NULL);
sha.Finalize();
for (int i = 0; i < 20; i++)
{
hash[i] ^= sha.GetDigest()[i];
}
BigNumber t3;
t3.SetBinary(hash, 20);
sha.Initialize();
sha.UpdateData(m_account->Username);
sha.Finalize();
BigNumber t4;
t4.SetBinary(sha.GetDigest(), 20);
sha.Initialize();
sha.UpdateBigNumbers(&t3, &t4, &s, &A, &B, &m_sessionkey, NULL);
sha.Finalize();
BigNumber M;
M.SetBinary(sha.GetDigest(), 20);
// Compare M1 values.
if(memcmp(lp.M1, M.AsByteArray(), 20) != 0)
{
// Authentication failed.
//SendProofError(4, 0);
SendChallengeError(CE_NO_ACCOUNT);
sLog.outDebug("[AuthLogonProof] M1 values don't match.");
return;
}
// Store sessionkey
BigNumber * bs = new BigNumber(m_sessionkey);
sInfoCore.SetSessionKey(m_account->AccountId, bs);
// let the client know
sha.Initialize();
sha.UpdateBigNumbers(&A, &M, &m_sessionkey, 0);
sha.Finalize();
SendProofError(0, sha.GetDigest());
sLog.outDebug("[AuthLogonProof] Authentication Success.");
// we're authenticated now :)
m_authenticated = true;
}
int WorldSocket::HandleAuthSession(WorldPacket& recvPacket)
{
// NOTE: ATM the socket is singlethread, have this in mind ...
uint8 digest[20];
uint32 clientSeed, id, security;
uint32 unk2;
uint32 BuiltNumberClient;
uint8 expansion = 0;
uint8 xp_rate = 0;
LocaleConstant locale;
std::string account;
Sha1Hash sha1;
BigNumber v, s, g, N, K;
WorldPacket packet, SendAddonPacked;
// Read the content of the packet
recvPacket >> BuiltNumberClient;
recvPacket >> unk2;
recvPacket >> account;
recvPacket >> clientSeed;
recvPacket.read(digest, 20);
DEBUG_LOG("WorldSocket::HandleAuthSession: client %u, unk2 %u, account %s, clientseed %u",
BuiltNumberClient,
unk2,
account.c_str(),
clientSeed);
// Check the version of client trying to connect
if (!IsAcceptableClientBuild(BuiltNumberClient))
{
packet.Initialize(SMSG_AUTH_RESPONSE, 1);
packet << uint8(AUTH_VERSION_MISMATCH);
SendPacket(packet);
sLog.outError("WorldSocket::HandleAuthSession: Sent Auth Response (version mismatch).");
return -1;
}
// Get the account information from the realmd database
std::string safe_account = account; // Duplicate, else will screw the SHA hash verification below
LoginDatabase.escape_string(safe_account);
// No SQL injection, username escaped.
QueryResult* result =
LoginDatabase.PQuery("SELECT "
"id, " //0
"gmlevel, " //1
"sessionkey, " //2
"last_ip, " //3
"locked, " //4
"v, " //5
"s, " //6
"expansion, " //7
"mutetime, " //8
"locale, " //9
"os " //10
"FROM account "
"WHERE username = '******'",
safe_account.c_str());
// Stop if the account is not found
if (!result)
{
packet.Initialize(SMSG_AUTH_RESPONSE, 1);
packet << uint8(AUTH_UNKNOWN_ACCOUNT);
SendPacket(packet);
sLog.outError("WorldSocket::HandleAuthSession: Sent Auth Response (unknown account).");
return -1;
}
Field* fields = result->Fetch();
expansion = ((sWorld.getConfig(CONFIG_UINT32_EXPANSION) > fields[7].GetUInt8()) ? fields[7].GetUInt8() : sWorld.getConfig(CONFIG_UINT32_EXPANSION));
N.SetHexStr("894B645E89E1535BBDAD5B8B290650530801B18EBFBF5E8FAB3C82872A3E9BB7");
g.SetDword(7);
v.SetHexStr(fields[5].GetString());
s.SetHexStr(fields[6].GetString());
const char* sStr = s.AsHexStr(); // Must be freed by OPENSSL_free()
const char* vStr = v.AsHexStr(); // Must be freed by OPENSSL_free()
DEBUG_LOG("WorldSocket::HandleAuthSession: (s,v) check s: %s v: %s",
sStr,
vStr);
OPENSSL_free((void*) sStr);
OPENSSL_free((void*) vStr);
///- Re-check ip locking (same check as in realmd).
if (fields[4].GetUInt8() == 1) // if ip is locked
{
if (strcmp(fields[3].GetString(), GetRemoteAddress().c_str()))
{
packet.Initialize(SMSG_AUTH_RESPONSE, 1);
packet << uint8(AUTH_FAILED);
SendPacket(packet);
delete result;
BASIC_LOG("WorldSocket::HandleAuthSession: Sent Auth Response (Account IP differs).");
return -1;
}
}
id = fields[0].GetUInt32();
security = fields[1].GetUInt16();
if (security > SEC_ADMINISTRATOR) // prevent invalid security settings in DB
security = SEC_ADMINISTRATOR;
K.SetHexStr(fields[2].GetString());
time_t mutetime = time_t (fields[8].GetUInt64());
locale = LocaleConstant(fields[9].GetUInt8());
if (locale >= MAX_LOCALE)
locale = LOCALE_enUS;
std::string os = fields[10].GetString();
delete result;
// Re-check account ban (same check as in realmd)
QueryResult* banresult =
LoginDatabase.PQuery("SELECT 1 FROM account_banned WHERE id = %u AND active = 1 AND (unbandate > UNIX_TIMESTAMP() OR unbandate = bandate)"
"UNION "
"SELECT 1 FROM ip_banned WHERE (unbandate = bandate OR unbandate > UNIX_TIMESTAMP()) AND ip = '%s'",
id, GetRemoteAddress().c_str());
if (banresult) // if account banned
{
packet.Initialize(SMSG_AUTH_RESPONSE, 1);
packet << uint8(AUTH_BANNED);
SendPacket(packet);
delete banresult;
sLog.outError("WorldSocket::HandleAuthSession: Sent Auth Response (Account banned).");
return -1;
}
// Check for custom xp rate
QueryResult* customXpResult = CharacterDatabase.PQuery ("SELECT xp_rate FROM account_xp_rates WHERE id = '%u'", id);
if (customXpResult)
{
Field* xpFields = customXpResult->Fetch();
xp_rate = xpFields[0].GetUInt8();
}
// Check locked state for server
AccountTypes allowedAccountType = sWorld.GetPlayerSecurityLimit();
if (allowedAccountType > SEC_PLAYER && AccountTypes(security) < allowedAccountType)
{
WorldPacket Packet(SMSG_AUTH_RESPONSE, 1);
Packet << uint8(AUTH_UNAVAILABLE);
SendPacket(packet);
BASIC_LOG("WorldSocket::HandleAuthSession: User tries to login but his security level is not enough");
return -1;
}
// Check that Key and account name are the same on client and server
Sha1Hash sha;
uint32 t = 0;
uint32 seed = m_Seed;
sha.UpdateData(account);
sha.UpdateData((uint8*) & t, 4);
sha.UpdateData((uint8*) & clientSeed, 4);
sha.UpdateData((uint8*) & seed, 4);
sha.UpdateBigNumbers(&K, NULL);
sha.Finalize();
if (memcmp(sha.GetDigest(), digest, 20))
{
packet.Initialize(SMSG_AUTH_RESPONSE, 1);
packet << uint8(AUTH_FAILED);
SendPacket(packet);
sLog.outError("WorldSocket::HandleAuthSession: Sent Auth Response (authentification failed).");
return -1;
}
std::string address = GetRemoteAddress();
DEBUG_LOG("WorldSocket::HandleAuthSession: Client '%s' authenticated successfully from %s.",
account.c_str(),
address.c_str());
// Update the last_ip in the database
// No SQL injection, username escaped.
static SqlStatementID updAccount;
SqlStatement stmt = LoginDatabase.CreateStatement(updAccount, "UPDATE account SET last_ip = ? WHERE username = ?");
stmt.PExecute(address.c_str(), account.c_str());
// NOTE ATM the socket is single-threaded, have this in mind ...
ACE_NEW_RETURN(m_Session, WorldSession(id, this, AccountTypes(security), expansion, xp_rate, mutetime, locale), -1);
m_Crypt.Init(&K);
m_Session->LoadTutorialsData();
m_Session->InitWarden(&K, os);
// In case needed sometime the second arg is in microseconds 1 000 000 = 1 sec
ACE_OS::sleep(ACE_Time_Value(0, 10000));
sWorld.AddSession(m_Session);
// Create and send the Addon packet
if (sAddOnHandler.BuildAddonPacket(&recvPacket, &SendAddonPacked))
SendPacket(SendAddonPacked);
return 0;
}
int WorldSocket::HandleAuthSession (WorldPacket& recvPacket)
{
// NOTE: ATM the socket is singlethread, have this in mind ...
uint8 digest[20];
uint32 clientSeed;
uint32 unk2;
uint32 BuiltNumberClient;
uint32 id, security;
uint8 expansion = 0;
LocaleConstant locale;
std::string account;
Sha1Hash sha1;
BigNumber v, s, g, N, x, I;
WorldPacket packet, SendAddonPacked;
BigNumber K;
if (recvPacket.size () < (4 + 4 + 1 + 4 + 20))
{
sLog.outError ("WorldSocket::HandleAuthSession: wrong packet size");
return -1;
}
// Read the content of the packet
recvPacket >> BuiltNumberClient; // for now no use
recvPacket >> unk2;
recvPacket >> account;
if (recvPacket.size () < (4 + 4 + (account.size () + 1) + 4 + 20))
{
sLog.outError ("WorldSocket::HandleAuthSession: wrong packet size second check");
return -1;
}
recvPacket >> clientSeed;
recvPacket.read (digest, 20);
DEBUG_LOG ("WorldSocket::HandleAuthSession: client %u, unk2 %u, account %s, clientseed %u",
BuiltNumberClient,
unk2,
account.c_str (),
clientSeed);
// Get the account information from the realmd database
std::string safe_account = account; // Duplicate, else will screw the SHA hash verification below
loginDatabase.escape_string (safe_account);
// No SQL injection, username escaped.
QueryResult *result =
loginDatabase.PQuery ("SELECT "
"id, " //0
"gmlevel, " //1
"sessionkey, " //2
"last_ip, " //3
"locked, " //4
"sha_pass_hash, " //5
"v, " //6
"s, " //7
"expansion, " //8
"mutetime, " //9
"locale " //10
"FROM account "
"WHERE username = '******'",
safe_account.c_str ());
// Stop if the account is not found
if (!result)
{
packet.Initialize (SMSG_AUTH_RESPONSE, 1);
packet << uint8 (AUTH_UNKNOWN_ACCOUNT);
SendPacket (packet);
sLog.outError ("WorldSocket::HandleAuthSession: Sent Auth Response (unknown account).");
return -1;
}
Field* fields = result->Fetch ();
expansion = fields[8].GetUInt8 () && sWorld.getConfig (CONFIG_EXPANSION) > 0;
N.SetHexStr ("894B645E89E1535BBDAD5B8B290650530801B18EBFBF5E8FAB3C82872A3E9BB7");
g.SetDword (7);
I.SetHexStr (fields[5].GetString ());
//In case of leading zeros in the I hash, restore them
uint8 mDigest[SHA_DIGEST_LENGTH];
memset (mDigest, 0, SHA_DIGEST_LENGTH);
if (I.GetNumBytes () <= SHA_DIGEST_LENGTH)
memcpy (mDigest, I.AsByteArray (), I.GetNumBytes ());
std::reverse (mDigest, mDigest + SHA_DIGEST_LENGTH);
s.SetHexStr (fields[7].GetString ());
sha1.UpdateData (s.AsByteArray (), s.GetNumBytes ());
sha1.UpdateData (mDigest, SHA_DIGEST_LENGTH);
sha1.Finalize ();
x.SetBinary (sha1.GetDigest (), sha1.GetLength ());
v = g.ModExp (x, N);
const char* sStr = s.AsHexStr (); //Must be freed by OPENSSL_free()
const char* vStr = v.AsHexStr (); //Must be freed by OPENSSL_free()
const char* vold = fields[6].GetString ();
DEBUG_LOG ("WorldSocket::HandleAuthSession: (s,v) check s: %s v_old: %s v_new: %s",
sStr,
vold,
vStr);
loginDatabase.PExecute ("UPDATE account "
"SET "
"v = '0', "
"s = '0' "
"WHERE username = '******'",
safe_account.c_str ());
if (!vold || strcmp (vStr, vold))
{
packet.Initialize (SMSG_AUTH_RESPONSE, 1);
packet << uint8 (AUTH_UNKNOWN_ACCOUNT);
SendPacket (packet);
delete result;
OPENSSL_free ((void*) sStr);
OPENSSL_free ((void*) vStr);
sLog.outBasic ("WorldSocket::HandleAuthSession: User not logged.");
return -1;
}
OPENSSL_free ((void*) sStr);
OPENSSL_free ((void*) vStr);
///- Re-check ip locking (same check as in realmd).
if (fields[4].GetUInt8 () == 1) // if ip is locked
{
if (strcmp (fields[3].GetString (), GetRemoteAddress ().c_str ()))
{
packet.Initialize (SMSG_AUTH_RESPONSE, 1);
packet << uint8 (AUTH_FAILED);
SendPacket (packet);
delete result;
sLog.outBasic ("WorldSocket::HandleAuthSession: Sent Auth Response (Account IP differs).");
return -1;
}
}
id = fields[0].GetUInt32 ();
security = fields[1].GetUInt16 ();
K.SetHexStr (fields[2].GetString ());
time_t mutetime = time_t (fields[9].GetUInt64 ());
locale = LocaleConstant (fields[10].GetUInt8 ());
if (locale >= MAX_LOCALE)
locale = LOCALE_enUS;
delete result;
// Re-check account ban (same check as in realmd)
QueryResult *banresult =
loginDatabase.PQuery ("SELECT "
"bandate, "
"unbandate "
"FROM account_banned "
"WHERE id = '%u' "
"AND active = 1",
id);
if (banresult) // if account banned
{
packet.Initialize (SMSG_AUTH_RESPONSE, 1);
packet << uint8 (AUTH_BANNED);
SendPacket (packet);
delete banresult;
sLog.outError ("WorldSocket::HandleAuthSession: Sent Auth Response (Account banned).");
return -1;
}
// Check locked state for server
AccountTypes allowedAccountType = sWorld.GetPlayerSecurityLimit ();
if (allowedAccountType > SEC_PLAYER && security < allowedAccountType)
{
WorldPacket Packet (SMSG_AUTH_RESPONSE, 1);
Packet << uint8 (AUTH_UNAVAILABLE);
SendPacket (packet);
sLog.outBasic ("WorldSocket::HandleAuthSession: User tryes to login but his security level is not enough");
return -1;
}
// Check that Key and account name are the same on client and server
Sha1Hash sha;
uint32 t = 0;
uint32 seed = m_Seed;
sha.UpdateData (account);
sha.UpdateData ((uint8 *) & t, 4);
sha.UpdateData ((uint8 *) & clientSeed, 4);
sha.UpdateData ((uint8 *) & seed, 4);
sha.UpdateBigNumbers (&K, NULL);
sha.Finalize ();
if (memcmp (sha.GetDigest (), digest, 20))
{
packet.Initialize (SMSG_AUTH_RESPONSE, 1);
packet << uint8 (AUTH_FAILED);
SendPacket (packet);
sLog.outError ("WorldSocket::HandleAuthSession: Sent Auth Response (authentification failed).");
return -1;
}
std::string address = GetRemoteAddress ();
DEBUG_LOG ("WorldSocket::HandleAuthSession: Client '%s' authenticated successfully from %s.",
account.c_str (),
address.c_str ());
// Update the last_ip in the database
// No SQL injection, username escaped.
loginDatabase.escape_string (address);
loginDatabase.PExecute ("UPDATE account "
"SET last_ip = '%s' "
"WHERE username = '******'",
address.c_str (),
safe_account.c_str ());
// NOTE ATM the socket is singlethreaded, have this in mind ...
ACE_NEW_RETURN (m_Session, WorldSession (id, this, security, expansion, mutetime, locale), -1);
m_Crypt.SetKey (&K);
m_Crypt.Init ();
// In case needed sometime the second arg is in microseconds 1 000 000 = 1 sec
ACE_OS::sleep (ACE_Time_Value (0, 10000));
sWorld.AddSession (m_Session);
// Create and send the Addon packet
if (sAddOnHandler.BuildAddonPacket (&recvPacket, &SendAddonPacked))
SendPacket (SendAddonPacked);
return 0;
}
/// Logon Proof command handler
bool AuthSocket::_HandleLogonProof()
{
DEBUG_LOG("Entering _HandleLogonProof");
///- Read the packet
sAuthLogonProof_C lp;
if (!recv((char*)&lp, sizeof(sAuthLogonProof_C)))
return false;
///- Check if the client has one of the expected version numbers
bool valid_version = FindBuildInfo(_build) != NULL;
/// <ul><li> If the client has no valid version
if (!valid_version)
{
if (this->patch_ != ACE_INVALID_HANDLE)
return false;
///- Check if we have the apropriate patch on the disk
// file looks like: 65535enGB.mpq
char tmp[64];
snprintf(tmp, 24, "./patches/%d%s.mpq", _build, _localizationName.c_str());
char filename[PATH_MAX];
if (ACE_OS::realpath(tmp, filename) != NULL)
{
patch_ = ACE_OS::open(filename, GENERIC_READ | FILE_FLAG_SEQUENTIAL_SCAN);
}
if (patch_ == ACE_INVALID_HANDLE)
{
// no patch found
ByteBuffer pkt;
pkt << (uint8) CMD_AUTH_LOGON_CHALLENGE;
pkt << (uint8) 0x00;
pkt << (uint8) WOW_FAIL_VERSION_INVALID;
DEBUG_LOG("[AuthChallenge] %u is not a valid client version!", _build);
DEBUG_LOG("[AuthChallenge] Patch %s not found", tmp);
send((char const*)pkt.contents(), pkt.size());
return true;
}
XFER_INIT xferh;
ACE_OFF_T file_size = ACE_OS::filesize(this->patch_);
if (file_size == -1)
{
close_connection();
return false;
}
if (!PatchCache::instance()->GetHash(tmp, (uint8*)&xferh.md5))
{
// calculate patch md5, happens if patch was added while realmd was running
PatchCache::instance()->LoadPatchMD5(tmp);
PatchCache::instance()->GetHash(tmp, (uint8*)&xferh.md5);
}
uint8 data[2] = { CMD_AUTH_LOGON_PROOF, WOW_FAIL_VERSION_UPDATE};
send((const char*)data, sizeof(data));
memcpy(&xferh, "0\x05Patch", 7);
xferh.cmd = CMD_XFER_INITIATE;
xferh.file_size = file_size;
send((const char*)&xferh, sizeof(xferh));
return true;
}
/// </ul>
///- Continue the SRP6 calculation based on data received from the client
BigNumber A;
A.SetBinary(lp.A, 32);
// SRP safeguard: abort if A==0
if (A.isZero())
return false;
Sha1Hash sha;
sha.UpdateBigNumbers(&A, &B, NULL);
sha.Finalize();
BigNumber u;
u.SetBinary(sha.GetDigest(), 20);
BigNumber S = (A * (v.ModExp(u, N))).ModExp(b, N);
uint8 t[32];
uint8 t1[16];
uint8 vK[40];
memcpy(t, S.AsByteArray(32), 32);
for (int i = 0; i < 16; ++i)
{
t1[i] = t[i * 2];
}
sha.Initialize();
sha.UpdateData(t1, 16);
sha.Finalize();
for (int i = 0; i < 20; ++i)
{
vK[i * 2] = sha.GetDigest()[i];
}
for (int i = 0; i < 16; ++i)
{
t1[i] = t[i * 2 + 1];
}
sha.Initialize();
sha.UpdateData(t1, 16);
sha.Finalize();
for (int i = 0; i < 20; ++i)
{
vK[i * 2 + 1] = sha.GetDigest()[i];
}
K.SetBinary(vK, 40);
uint8 hash[20];
sha.Initialize();
sha.UpdateBigNumbers(&N, NULL);
sha.Finalize();
memcpy(hash, sha.GetDigest(), 20);
sha.Initialize();
sha.UpdateBigNumbers(&g, NULL);
sha.Finalize();
for (int i = 0; i < 20; ++i)
{
hash[i] ^= sha.GetDigest()[i];
}
BigNumber t3;
t3.SetBinary(hash, 20);
sha.Initialize();
sha.UpdateData(_login);
sha.Finalize();
uint8 t4[SHA_DIGEST_LENGTH];
memcpy(t4, sha.GetDigest(), SHA_DIGEST_LENGTH);
sha.Initialize();
sha.UpdateBigNumbers(&t3, NULL);
sha.UpdateData(t4, SHA_DIGEST_LENGTH);
sha.UpdateBigNumbers(&s, &A, &B, &K, NULL);
sha.Finalize();
BigNumber M;
M.SetBinary(sha.GetDigest(), 20);
///- Check if SRP6 results match (password is correct), else send an error
if (!memcmp(M.AsByteArray(), lp.M1, 20))
{
BASIC_LOG("User '%s' successfully authenticated", _login.c_str());
///- Update the sessionkey, last_ip, last login time and reset number of failed logins in the account table for this account
// No SQL injection (escaped user name) and IP address as received by socket
const char* K_hex = K.AsHexStr();
LoginDatabase.PExecute("UPDATE account SET sessionkey = '%s', last_ip = '%s', last_login = NOW(), locale = '%u', failed_logins = 0 WHERE username = '******'", K_hex, get_remote_address().c_str(), GetLocaleByName(_localizationName), _safelogin.c_str());
OPENSSL_free((void*)K_hex);
///- Finish SRP6 and send the final result to the client
sha.Initialize();
sha.UpdateBigNumbers(&A, &M, &K, NULL);
sha.Finalize();
SendProof(sha);
///- Set _authed to true!
_authed = true;
}
else
{
if (_build > 6005) // > 1.12.2
{
char data[4] = { CMD_AUTH_LOGON_PROOF, WOW_FAIL_UNKNOWN_ACCOUNT, 3, 0};
send(data, sizeof(data));
}
else
{
// 1.x not react incorrectly at 4-byte message use 3 as real error
char data[2] = { CMD_AUTH_LOGON_PROOF, WOW_FAIL_UNKNOWN_ACCOUNT};
send(data, sizeof(data));
}
BASIC_LOG("[AuthChallenge] account %s tried to login with wrong password!", _login.c_str());
uint32 MaxWrongPassCount = sConfig.GetIntDefault("WrongPass.MaxCount", 0);
if (MaxWrongPassCount > 0)
{
// Increment number of failed logins by one and if it reaches the limit temporarily ban that account or IP
LoginDatabase.PExecute("UPDATE account SET failed_logins = failed_logins + 1 WHERE username = '******'", _safelogin.c_str());
if (QueryResult* loginfail = LoginDatabase.PQuery("SELECT id, failed_logins FROM account WHERE username = '******'", _safelogin.c_str()))
{
Field* fields = loginfail->Fetch();
uint32 failed_logins = fields[1].GetUInt32();
if (failed_logins >= MaxWrongPassCount)
{
uint32 WrongPassBanTime = sConfig.GetIntDefault("WrongPass.BanTime", 600);
bool WrongPassBanType = sConfig.GetBoolDefault("WrongPass.BanType", false);
if (WrongPassBanType)
{
uint32 acc_id = fields[0].GetUInt32();
LoginDatabase.PExecute("INSERT INTO account_banned VALUES ('%u',UNIX_TIMESTAMP(),UNIX_TIMESTAMP()+'%u','MaNGOS realmd','Failed login autoban',1)",
acc_id, WrongPassBanTime);
BASIC_LOG("[AuthChallenge] account %s got banned for '%u' seconds because it failed to authenticate '%u' times",
_login.c_str(), WrongPassBanTime, failed_logins);
}
else
{
std::string current_ip = get_remote_address();
LoginDatabase.escape_string(current_ip);
LoginDatabase.PExecute("INSERT INTO ip_banned VALUES ('%s',UNIX_TIMESTAMP(),UNIX_TIMESTAMP()+'%u','MaNGOS realmd','Failed login autoban')",
current_ip.c_str(), WrongPassBanTime);
BASIC_LOG("[AuthChallenge] IP %s got banned for '%u' seconds because account %s failed to authenticate '%u' times",
current_ip.c_str(), WrongPassBanTime, _login.c_str(), failed_logins);
}
}
delete loginfail;
}
}
}
return true;
}
void AuthSocket::HandleProof()
{
if(GetReadBufferSize() < sizeof(sAuthLogonProof_C))
return ;
// patch
if(m_patch&&!m_account)
{
RemoveReadBufferBytes(75,false);
sLog.outDebug("[AuthLogonProof] Intitiating PatchJob");
uint8 bytes[2] = {0x01,0x0a};
Send(bytes,2);
PatchMgr::getSingleton().InitiatePatch(m_patch, this);
return;
}
if(!m_account)
return;
sLog.outDebug("[AuthLogonProof] Interleaving and checking proof...");
sAuthLogonProof_C lp;
Read(sizeof(sAuthLogonProof_C), (uint8*)&lp);
BigNumber A;
A.SetBinary(lp.A, 32);
Sha1Hash sha;
sha.UpdateBigNumbers(&A, &B, 0);
sha.Finalize();
BigNumber u;
u.SetBinary(sha.GetDigest(), 20);
BigNumber S = (A * (v.ModExp(u, N))).ModExp(b, N);
uint8 t[32];
uint8 t1[16];
uint8 vK[40];
memcpy(t, S.AsByteArray(), 32);
for (int i = 0; i < 16; i++)
{
t1[i] = t[i*2];
}
sha.Initialize();
sha.UpdateData(t1, 16);
sha.Finalize();
for (int i = 0; i < 20; i++)
{
vK[i*2] = sha.GetDigest()[i];
}
for (int i = 0; i < 16; i++)
{
t1[i] = t[i*2+1];
}
sha.Initialize();
sha.UpdateData(t1, 16);
sha.Finalize();
for (int i = 0; i < 20; i++)
{
vK[i*2+1] = sha.GetDigest()[i];
}
m_sessionkey.SetBinary(vK, 40);
uint8 hash[20];
sha.Initialize();
sha.UpdateBigNumbers(&N, NULL);
sha.Finalize();
memcpy(hash, sha.GetDigest(), 20);
sha.Initialize();
sha.UpdateBigNumbers(&g, NULL);
sha.Finalize();
for (int i = 0; i < 20; i++)
{
hash[i] ^= sha.GetDigest()[i];
}
BigNumber t3;
t3.SetBinary(hash, 20);
sha.Initialize();
sha.UpdateData((const uint8*)m_account->UsernamePtr->c_str(), (int)m_account->UsernamePtr->size());
sha.Finalize();
BigNumber t4;
t4.SetBinary(sha.GetDigest(), 20);
sha.Initialize();
sha.UpdateBigNumbers(&t3, &t4, &s, &A, &B, &m_sessionkey, NULL);
sha.Finalize();
BigNumber M;
M.SetBinary(sha.GetDigest(), 20);
// Compare M1 values.
if(memcmp(lp.M1, M.AsByteArray(), 20) != 0)
{
// Authentication failed.
//SendProofError(4, 0);
SendChallengeError(CE_NO_ACCOUNT);
sLog.outDebug("[AuthLogonProof] M1 values don't match.");
return;
}
// Store sessionkey
m_account->SetSessionKey(m_sessionkey.AsByteArray());
// let the client know
sha.Initialize();
sha.UpdateBigNumbers(&A, &M, &m_sessionkey, 0);
sha.Finalize();
SendProofError(0, sha.GetDigest());
sLog.outDebug("[AuthLogonProof] Authentication Success.");
// we're authenticated now :)
m_authenticated = true;
// Don't update when IP banned, but update anyway if it's an account ban
sLogonSQL->Execute("UPDATE accounts SET lastlogin=NOW(), lastip='%s' WHERE acct=%u;", GetRemoteIP().c_str(), m_account->AccountId);
}