/// Logon Proof command handler
bool AuthSocket::_HandleLogonProof()
{
DEBUG_LOG("Entering _HandleLogonProof");
///- Read the packet
sAuthLogonProof_C lp;
if(!recv((char *)&lp, sizeof(sAuthLogonProof_C)))
return false;
///- Check if the client has one of the expected version numbers
bool valid_version = FindBuildInfo(_build) != NULL;
/// <ul><li> If the client has no valid version
if(!valid_version)
{
if (this->patch_ != ACE_INVALID_HANDLE)
return false;
///- Check if we have the apropriate patch on the disk
// file looks like: 65535enGB.mpq
char tmp[64];
snprintf(tmp, 24, "./patches/%d%s.mpq", _build, _localizationName.c_str());
char filename[PATH_MAX];
if (ACE_OS::realpath(tmp, filename) != NULL)
{
patch_ = ACE_OS::open(filename, GENERIC_READ | FILE_FLAG_SEQUENTIAL_SCAN);
}
if (patch_ == ACE_INVALID_HANDLE)
{
// no patch found
ByteBuffer pkt;
pkt << (uint8) CMD_AUTH_LOGON_CHALLENGE;
pkt << (uint8) 0x00;
pkt << (uint8) WOW_FAIL_VERSION_INVALID;
DEBUG_LOG("[AuthChallenge] %u is not a valid client version!", _build);
DEBUG_LOG("[AuthChallenge] Patch %s not found", tmp);
send((char const*)pkt.contents(), pkt.size());
return true;
}
XFER_INIT xferh;
ACE_OFF_T file_size = ACE_OS::filesize(this->patch_);
if (file_size == -1)
{
close_connection();
return false;
}
if (!PatchCache::instance()->GetHash(tmp, (uint8*)&xferh.md5))
{
// calculate patch md5, happens if patch was added while realmd was running
PatchCache::instance()->LoadPatchMD5(tmp);
PatchCache::instance()->GetHash(tmp, (uint8*)&xferh.md5);
}
uint8 data[2] = { CMD_AUTH_LOGON_PROOF, WOW_FAIL_VERSION_UPDATE};
send((const char*)data, sizeof(data));
memcpy(&xferh, "0\x05Patch", 7);
xferh.cmd = CMD_XFER_INITIATE;
xferh.file_size = file_size;
send((const char*)&xferh, sizeof(xferh));
return true;
}
/// </ul>
///- Continue the SRP6 calculation based on data received from the client
BigNumber A;
A.SetBinary(lp.A, 32);
// SRP safeguard: abort if A==0
if (A.isZero())
return false;
Sha1Hash sha;
sha.UpdateBigNumbers(&A, &B, NULL);
sha.Finalize();
BigNumber u;
u.SetBinary(sha.GetDigest(), 20);
BigNumber S = (A * (v.ModExp(u, N))).ModExp(b, N);
uint8 t[32];
uint8 t1[16];
uint8 vK[40];
memcpy(t, S.AsByteArray(32), 32);
for (int i = 0; i < 16; ++i)
{
t1[i] = t[i * 2];
}
sha.Initialize();
sha.UpdateData(t1, 16);
sha.Finalize();
for (int i = 0; i < 20; ++i)
{
vK[i * 2] = sha.GetDigest()[i];
}
for (int i = 0; i < 16; ++i)
{
t1[i] = t[i * 2 + 1];
}
sha.Initialize();
sha.UpdateData(t1, 16);
sha.Finalize();
for (int i = 0; i < 20; ++i)
{
vK[i * 2 + 1] = sha.GetDigest()[i];
}
K.SetBinary(vK, 40);
uint8 hash[20];
sha.Initialize();
sha.UpdateBigNumbers(&N, NULL);
sha.Finalize();
memcpy(hash, sha.GetDigest(), 20);
sha.Initialize();
sha.UpdateBigNumbers(&g, NULL);
sha.Finalize();
for (int i = 0; i < 20; ++i)
{
hash[i] ^= sha.GetDigest()[i];
}
BigNumber t3;
t3.SetBinary(hash, 20);
sha.Initialize();
sha.UpdateData(_login);
sha.Finalize();
uint8 t4[SHA_DIGEST_LENGTH];
memcpy(t4, sha.GetDigest(), SHA_DIGEST_LENGTH);
sha.Initialize();
sha.UpdateBigNumbers(&t3, NULL);
sha.UpdateData(t4, SHA_DIGEST_LENGTH);
sha.UpdateBigNumbers(&s, &A, &B, &K, NULL);
sha.Finalize();
BigNumber M;
M.SetBinary(sha.GetDigest(), 20);
///- Check if SRP6 results match (password is correct), else send an error
if (!memcmp(M.AsByteArray(), lp.M1, 20))
{
BASIC_LOG("User '%s' successfully authenticated", _login.c_str());
///- Update the sessionkey, last_ip, last login time and reset number of failed logins in the account table for this account
// No SQL injection (escaped user name) and IP address as received by socket
const char* K_hex = K.AsHexStr();
LoginDatabase.PExecute("UPDATE account SET sessionkey = '%s', last_ip = '%s', last_login = NOW(), locale = '%u', failed_logins = 0 WHERE username = '******'", K_hex, get_remote_address().c_str(), GetLocaleByName(_localizationName), _safelogin.c_str() );
OPENSSL_free((void*)K_hex);
///- Finish SRP6 and send the final result to the client
sha.Initialize();
sha.UpdateBigNumbers(&A, &M, &K, NULL);
sha.Finalize();
SendProof(sha);
///- Set _authed to true!
_authed = true;
}
else
{
if (_build > 6005) // > 1.12.2
{
char data[4] = { CMD_AUTH_LOGON_PROOF, WOW_FAIL_UNKNOWN_ACCOUNT, 3, 0};
send(data, sizeof(data));
}
else
{
// 1.x not react incorrectly at 4-byte message use 3 as real error
char data[2] = { CMD_AUTH_LOGON_PROOF, WOW_FAIL_UNKNOWN_ACCOUNT};
send(data, sizeof(data));
}
BASIC_LOG("[AuthChallenge] account %s tried to login with wrong password!",_login.c_str ());
uint32 MaxWrongPassCount = sConfig.GetIntDefault("WrongPass.MaxCount", 0);
if(MaxWrongPassCount > 0)
{
//Increment number of failed logins by one and if it reaches the limit temporarily ban that account or IP
LoginDatabase.PExecute("UPDATE account SET failed_logins = failed_logins + 1 WHERE username = '******'",_safelogin.c_str());
if(QueryResult *loginfail = LoginDatabase.PQuery("SELECT id, failed_logins FROM account WHERE username = '******'", _safelogin.c_str()))
{
Field* fields = loginfail->Fetch();
uint32 failed_logins = fields[1].GetUInt32();
if( failed_logins >= MaxWrongPassCount )
{
uint32 WrongPassBanTime = sConfig.GetIntDefault("WrongPass.BanTime", 600);
bool WrongPassBanType = sConfig.GetBoolDefault("WrongPass.BanType", false);
if(WrongPassBanType)
{
uint32 acc_id = fields[0].GetUInt32();
LoginDatabase.PExecute("INSERT INTO account_banned VALUES ('%u',UNIX_TIMESTAMP(),UNIX_TIMESTAMP()+'%u','MaNGOS realmd','Failed login autoban',1)",
acc_id, WrongPassBanTime);
BASIC_LOG("[AuthChallenge] account %s got banned for '%u' seconds because it failed to authenticate '%u' times",
_login.c_str(), WrongPassBanTime, failed_logins);
}
else
{
std::string current_ip = get_remote_address();
LoginDatabase.escape_string(current_ip);
LoginDatabase.PExecute("INSERT INTO ip_banned VALUES ('%s',UNIX_TIMESTAMP(),UNIX_TIMESTAMP()+'%u','MaNGOS realmd','Failed login autoban')",
current_ip.c_str(), WrongPassBanTime);
BASIC_LOG("[AuthChallenge] IP %s got banned for '%u' seconds because account %s failed to authenticate '%u' times",
current_ip.c_str(), WrongPassBanTime, _login.c_str(), failed_logins);
}
}
delete loginfail;
}
}
}
return true;
}
/// Logon Proof command handler
bool AuthSocket::_HandleLogonProof()
{
DEBUG_LOG("Entering _HandleLogonProof");
///- Read the packet
if (ibuf.GetLength() < sizeof(sAuthLogonProof_C))
return false;
sAuthLogonProof_C lp;
ibuf.Read((char *)&lp, sizeof(sAuthLogonProof_C));
///- Check if the client has one of the expected version numbers
bool valid_version = false;
int accepted_versions[] = EXPECTED_REALMD_CLIENT_BUILD;
if (_build >= accepted_versions[0]) // first build is low bound of always accepted range
valid_version = true;
else
{
// continue from 1 with explict equal check
for(int i = 1; accepted_versions[i]; ++i)
{
if(_build == accepted_versions[i])
{
valid_version = true;
break;
}
}
}
/// <ul><li> If the client has no valid version
if(!valid_version)
{
///- Check if we have the apropriate patch on the disk
// 24 = len("./patches/65535enGB.mpq")+1
char tmp[24];
// No buffer overflow (fixed length of arguments)
sprintf(tmp, "./patches/%d%s.mpq", _build, _localizationName.c_str());
// This will be closed at the destruction of the AuthSocket (client disconnection)
FILE *pFile = fopen(tmp, "rb");
if(!pFile)
{
ByteBuffer pkt;
pkt << (uint8) AUTH_LOGON_CHALLENGE;
pkt << (uint8) 0x00;
pkt << (uint8) REALM_AUTH_WRONG_BUILD_NUMBER;
DEBUG_LOG("[AuthChallenge] %u is not a valid client version!", _build);
DEBUG_LOG("[AuthChallenge] Patch %s not found", tmp);
SendBuf((char const*)pkt.contents(), pkt.size());
return true;
}
else // have patch
{
pPatch = pFile;
XFER_INIT xferh;
///- Get the MD5 hash of the patch file (get it from preloaded Patcher cache or calculate it)
if(PatchesCache.GetHash(tmp, (uint8*)&xferh.md5))
{
DEBUG_LOG("\n[AuthChallenge] Found precached patch info for patch %s", tmp);
}
else
{ // calculate patch md5
printf("\n[AuthChallenge] Patch info for %s was not cached.", tmp);
PatchesCache.LoadPatchMD5(tmp);
PatchesCache.GetHash(tmp, (uint8*)&xferh.md5);
}
///- Send a packet to the client with the file length and MD5 hash
uint8 data[2] = { AUTH_LOGON_PROOF, REALM_AUTH_UPDATE_CLIENT };
SendBuf((const char*)data, sizeof(data));
memcpy(&xferh, "0\x05Patch", 7);
xferh.cmd = XFER_INITIATE;
fseek(pPatch, 0, SEEK_END);
xferh.file_size = ftell(pPatch);
SendBuf((const char*)&xferh, sizeof(xferh));
return true;
}
}
/// </ul>
///- Continue the SRP6 calculation based on data received from the client
BigNumber A;
A.SetBinary(lp.A, 32);
// SRP safeguard: abort if A==0
if (A.isZero())
return false;
Sha1Hash sha;
sha.UpdateBigNumbers(&A, &B, NULL);
sha.Finalize();
BigNumber u;
u.SetBinary(sha.GetDigest(), 20);
BigNumber S = (A * (v.ModExp(u, N))).ModExp(b, N);
uint8 t[32];
uint8 t1[16];
uint8 vK[40];
memcpy(t, S.AsByteArray(32), 32);
for (int i = 0; i < 16; ++i)
{
t1[i] = t[i * 2];
}
sha.Initialize();
sha.UpdateData(t1, 16);
sha.Finalize();
for (int i = 0; i < 20; ++i)
{
vK[i * 2] = sha.GetDigest()[i];
}
for (int i = 0; i < 16; ++i)
{
t1[i] = t[i * 2 + 1];
}
sha.Initialize();
sha.UpdateData(t1, 16);
sha.Finalize();
for (int i = 0; i < 20; ++i)
{
vK[i * 2 + 1] = sha.GetDigest()[i];
}
K.SetBinary(vK, 40);
uint8 hash[20];
sha.Initialize();
sha.UpdateBigNumbers(&N, NULL);
sha.Finalize();
memcpy(hash, sha.GetDigest(), 20);
sha.Initialize();
sha.UpdateBigNumbers(&g, NULL);
sha.Finalize();
for (int i = 0; i < 20; ++i)
{
hash[i] ^= sha.GetDigest()[i];
}
BigNumber t3;
t3.SetBinary(hash, 20);
sha.Initialize();
sha.UpdateData(_login);
sha.Finalize();
uint8 t4[SHA_DIGEST_LENGTH];
memcpy(t4, sha.GetDigest(), SHA_DIGEST_LENGTH);
sha.Initialize();
sha.UpdateBigNumbers(&t3, NULL);
sha.UpdateData(t4, SHA_DIGEST_LENGTH);
sha.UpdateBigNumbers(&s, &A, &B, &K, NULL);
sha.Finalize();
BigNumber M;
M.SetBinary(sha.GetDigest(), 20);
///- Check if SRP6 results match (password is correct), else send an error
if (!memcmp(M.AsByteArray(), lp.M1, 20))
{
sLog.outBasic("User '%s' successfully authenticated", _login.c_str());
///- Update the sessionkey, last_ip, last login time and reset number of failed logins in the account table for this account
// No SQL injection (escaped user name) and IP address as received by socket
const char* K_hex = K.AsHexStr();
loginDatabase.PExecute("UPDATE account SET sessionkey = '%s', last_ip = '%s', last_login = NOW(), locale = '%u', failed_logins = 0 WHERE username = '******'", K_hex, GetRemoteAddress().c_str(), GetLocaleByName(_localizationName), _safelogin.c_str() );
OPENSSL_free((void*)K_hex);
///- Finish SRP6 and send the final result to the client
sha.Initialize();
sha.UpdateBigNumbers(&A, &M, &K, NULL);
sha.Finalize();
SendProof(sha);
///- Set _authed to true!
_authed = true;
}
else
{
char data[4]= { AUTH_LOGON_PROOF, REALM_AUTH_NO_MATCH, 3, 0};
SendBuf(data, sizeof(data));
sLog.outBasic("[AuthChallenge] account %s tried to login with wrong password!",_login.c_str ());
uint32 MaxWrongPassCount = sConfig.GetIntDefault("WrongPass.MaxCount", 0);
if(MaxWrongPassCount > 0)
{
//Increment number of failed logins by one and if it reaches the limit temporarily ban that account or IP
loginDatabase.PExecute("UPDATE account SET failed_logins = failed_logins + 1 WHERE username = '******'",_safelogin.c_str());
if(QueryResult *loginfail = loginDatabase.PQuery("SELECT id, failed_logins FROM account WHERE username = '******'", _safelogin.c_str()))
{
Field* fields = loginfail->Fetch();
uint32 failed_logins = fields[1].GetUInt32();
if( failed_logins >= MaxWrongPassCount )
{
uint32 WrongPassBanTime = sConfig.GetIntDefault("WrongPass.BanTime", 600);
bool WrongPassBanType = sConfig.GetBoolDefault("WrongPass.BanType", false);
if(WrongPassBanType)
{
uint32 acc_id = fields[0].GetUInt32();
loginDatabase.PExecute("INSERT INTO account_banned VALUES ('%u',UNIX_TIMESTAMP(),UNIX_TIMESTAMP()+'%u','MaNGOS realmd','Failed login autoban',1)",
acc_id, WrongPassBanTime);
sLog.outBasic("[AuthChallenge] account %s got banned for '%u' seconds because it failed to authenticate '%u' times",
_login.c_str(), WrongPassBanTime, failed_logins);
}
else
{
std::string current_ip = GetRemoteAddress();
loginDatabase.escape_string(current_ip);
loginDatabase.PExecute("INSERT INTO ip_banned VALUES ('%s',UNIX_TIMESTAMP(),UNIX_TIMESTAMP()+'%u','MaNGOS realmd','Failed login autoban')",
current_ip.c_str(), WrongPassBanTime);
sLog.outBasic("[AuthChallenge] IP %s got banned for '%u' seconds because account %s failed to authenticate '%u' times",
current_ip.c_str(), WrongPassBanTime, _login.c_str(), failed_logins);
}
}
delete loginfail;
}
}
}
return true;
}
