/// %Realm List command handler
bool AuthSocket::_HandleRealmList()
{
DEBUG_LOG("Entering _HandleRealmList");
if (ibuf.GetLength() < 5)
return false;
ibuf.Remove(5);
///- Get the user id (else close the connection)
// No SQL injection (escaped user name)
QueryResult *result = loginDatabase.PQuery("SELECT id,sha_pass_hash FROM account WHERE username = '******'",_safelogin.c_str());
if(!result)
{
sLog.outError("[ERROR] user %s tried to login and we cannot find him in the database.",_login.c_str());
SetCloseAndDelete();
return false;
}
uint32 id = (*result)[0].GetUInt32();
std::string rI = (*result)[1].GetCppString();
delete result;
///- Update realm list if need
m_realmList.UpdateIfNeed();
///- Circle through realms in the RealmList and construct the return packet (including # of user characters in each realm)
ByteBuffer pkt;
pkt << (uint32) 0;
pkt << (uint16) m_realmList.size();
RealmList::RealmMap::const_iterator i;
for( i = m_realmList.begin(); i != m_realmList.end(); i++ )
{
uint8 AmountOfCharacters;
// No SQL injection. id of realm is controlled by the database.
result = loginDatabase.PQuery( "SELECT numchars FROM realmcharacters WHERE realmid = '%d' AND acctid='%u'",i->second.m_ID,id);
if( result )
{
Field *fields = result->Fetch();
AmountOfCharacters = fields[0].GetUInt8();
delete result;
}
else
AmountOfCharacters = 0;
uint8 lock = (i->second.allowedSecurityLevel > _accountSecurityLevel) ? 1 : 0;
pkt << i->second.icon; // realm type
pkt << lock; // if 1, then realm locked
pkt << i->second.color; // if 2, then realm is offline
pkt << i->first;
pkt << i->second.address;
pkt << i->second.populationLevel;
pkt << AmountOfCharacters;
pkt << i->second.timezone; // realm category
pkt << (uint8) 0x2C; // unk, may be realm number/id?
}
pkt << (uint8) 0x10;
pkt << (uint8) 0x00;
ByteBuffer hdr;
hdr << (uint8) REALM_LIST;
hdr << (uint16)pkt.size();
hdr.append(pkt);
SendBuf((char const*)hdr.contents(), hdr.size());
// Set check field before possible relogin to realm
_SetVSFields(rI);
return true;
}
/// Logon Challenge command handler
bool AuthSocket::_HandleLogonChallenge()
{
DEBUG_LOG("Entering _HandleLogonChallenge");
if (recv_len() < sizeof(sAuthLogonChallenge_C))
return false;
///- Read the first 4 bytes (header) to get the length of the remaining of the packet
std::vector<uint8> buf;
buf.resize(4);
recv((char*)&buf[0], 4);
EndianConvert(*((uint16*)(buf[0])));
uint16 remaining = ((sAuthLogonChallenge_C*)&buf[0])->size;
DEBUG_LOG("[AuthChallenge] got header, body is %#04x bytes", remaining);
if ((remaining < sizeof(sAuthLogonChallenge_C) - buf.size()) || (recv_len() < remaining))
return false;
// No big fear of memory outage (size is int16, i.e. < 65536)
buf.resize(remaining + buf.size() + 1);
buf[buf.size() - 1] = 0;
sAuthLogonChallenge_C* ch = (sAuthLogonChallenge_C*)&buf[0];
///- Read the remaining of the packet
recv((char*)&buf[4], remaining);
DEBUG_LOG("[AuthChallenge] got full packet, %#04x bytes", ch->size);
DEBUG_LOG("[AuthChallenge] name(%d): '%s'", ch->I_len, ch->I);
// BigEndian code, nop in little endian case
// size already converted
EndianConvert(*((uint32*)(&ch->gamename[0])));
EndianConvert(ch->build);
EndianConvert(*((uint32*)(&ch->platform[0])));
EndianConvert(*((uint32*)(&ch->os[0])));
EndianConvert(*((uint32*)(&ch->country[0])));
EndianConvert(ch->timezone_bias);
EndianConvert(ch->ip);
ByteBuffer pkt;
_login = (const char*)ch->I;
_build = ch->build;
_os = (const char*)ch->os;
if(_os.size() > 4)
return false;
///- Normalize account name
// utf8ToUpperOnlyLatin(_login); -- client already send account in expected form
// Escape the user login to avoid further SQL injection
// Memory will be freed on AuthSocket object destruction
_safelogin = _login;
LoginDatabase.escape_string(_safelogin);
pkt << (uint8) CMD_AUTH_LOGON_CHALLENGE;
pkt << (uint8) 0x00;
///- Verify that this IP is not in the ip_banned table
// No SQL injection possible (paste the IP address as passed by the socket)
std::string address = get_remote_address();
LoginDatabase.escape_string(address);
QueryResult* result = LoginDatabase.PQuery("SELECT unbandate FROM ip_banned WHERE "
// permanent still banned
"(unbandate = bandate OR unbandate > UNIX_TIMESTAMP()) AND ip = '%s'", address.c_str());
if (result)
{
pkt << (uint8)WOW_FAIL_BANNED;
BASIC_LOG("[AuthChallenge] Banned ip %s tries to login!", get_remote_address().c_str());
delete result;
}
else
{
///- Get the account details from the account table
// No SQL injection (escaped user name)
result = LoginDatabase.PQuery("SELECT sha_pass_hash,id,locked,last_ip,gmlevel,v,s FROM account WHERE username = '******'", _safelogin.c_str());
if (result)
{
///- If the IP is 'locked', check that the player comes indeed from the correct IP address
bool locked = false;
if ((*result)[2].GetUInt8() == 1) // if ip is locked
{
DEBUG_LOG("[AuthChallenge] Account '%s' is locked to IP - '%s'", _login.c_str(), (*result)[3].GetString());
DEBUG_LOG("[AuthChallenge] Player address is '%s'", get_remote_address().c_str());
if (strcmp((*result)[3].GetString(), get_remote_address().c_str()))
{
DEBUG_LOG("[AuthChallenge] Account IP differs");
pkt << (uint8) WOW_FAIL_SUSPENDED;
locked = true;
}
else
{
DEBUG_LOG("[AuthChallenge] Account IP matches");
}
}
else
{
DEBUG_LOG("[AuthChallenge] Account '%s' is not locked to ip", _login.c_str());
}
if (!locked)
{
///- If the account is banned, reject the logon attempt
QueryResult* banresult = LoginDatabase.PQuery("SELECT bandate,unbandate FROM account_banned WHERE "
"id = %u AND active = 1 AND (unbandate > UNIX_TIMESTAMP() OR unbandate = bandate)", (*result)[1].GetUInt32());
if (banresult)
{
if ((*banresult)[0].GetUInt64() == (*banresult)[1].GetUInt64())
{
pkt << (uint8) WOW_FAIL_BANNED;
BASIC_LOG("[AuthChallenge] Banned account %s tries to login!", _login.c_str());
}
else
{
pkt << (uint8) WOW_FAIL_SUSPENDED;
BASIC_LOG("[AuthChallenge] Temporarily banned account %s tries to login!", _login.c_str());
}
delete banresult;
}
else
{
///- Get the password from the account table, upper it, and make the SRP6 calculation
std::string rI = (*result)[0].GetCppString();
///- Don't calculate (v, s) if there are already some in the database
std::string databaseV = (*result)[5].GetCppString();
std::string databaseS = (*result)[6].GetCppString();
DEBUG_LOG("database authentication values: v='%s' s='%s'", databaseV.c_str(), databaseS.c_str());
// multiply with 2, bytes are stored as hexstring
if (databaseV.size() != s_BYTE_SIZE * 2 || databaseS.size() != s_BYTE_SIZE * 2)
_SetVSFields(rI);
else
{
s.SetHexStr(databaseS.c_str());
v.SetHexStr(databaseV.c_str());
}
b.SetRand(19 * 8);
BigNumber gmod = g.ModExp(b, N);
B = ((v * 3) + gmod) % N;
MANGOS_ASSERT(gmod.GetNumBytes() <= 32);
BigNumber unk3;
unk3.SetRand(16 * 8);
///- Fill the response packet with the result
pkt << uint8(WOW_SUCCESS);
// B may be calculated < 32B so we force minimal length to 32B
pkt.append(B.AsByteArray(32), 32); // 32 bytes
pkt << uint8(1);
pkt.append(g.AsByteArray(), 1);
pkt << uint8(32);
pkt.append(N.AsByteArray(32), 32);
pkt.append(s.AsByteArray(), s.GetNumBytes());// 32 bytes
pkt.append(unk3.AsByteArray(16), 16);
uint8 securityFlags = 0;
pkt << uint8(securityFlags); // security flags (0x0...0x04)
if (securityFlags & 0x01) // PIN input
{
pkt << uint32(0);
pkt << uint64(0) << uint64(0); // 16 bytes hash?
}
if (securityFlags & 0x02) // Matrix input
{
pkt << uint8(0);
pkt << uint8(0);
pkt << uint8(0);
pkt << uint8(0);
pkt << uint64(0);
}
if (securityFlags & 0x04) // Security token input
{
pkt << uint8(1);
}
uint8 secLevel = (*result)[4].GetUInt8();
_accountSecurityLevel = secLevel <= SEC_ADMINISTRATOR ? AccountTypes(secLevel) : SEC_ADMINISTRATOR;
_localizationName.resize(4);
for (int i = 0; i < 4; ++i)
_localizationName[i] = ch->country[4 - i - 1];
BASIC_LOG("[AuthChallenge] account %s is using '%c%c%c%c' locale (%u)", _login.c_str(), ch->country[3], ch->country[2], ch->country[1], ch->country[0], GetLocaleByName(_localizationName));
}
}
delete result;
}
else // no account
{
pkt << (uint8) WOW_FAIL_UNKNOWN_ACCOUNT;
}
}
send((char const*)pkt.contents(), pkt.size());
return true;
}
/// Logon Challenge command handler
bool AuthSocket::_HandleLogonChallenge()
{
DEBUG_LOG("Entering _HandleLogonChallenge");
if (ibuf.GetLength() < sizeof(sAuthLogonChallenge_C))
return false;
///- Read the first 4 bytes (header) to get the length of the remaining of the packet
std::vector<uint8> buf;
buf.resize(4);
ibuf.Read((char *)&buf[0], 4);
EndianConvert(*((uint16*)(buf[0])));
uint16 remaining = ((sAuthLogonChallenge_C *)&buf[0])->size;
DEBUG_LOG("[AuthChallenge] got header, body is %#04x bytes", remaining);
if ((remaining < sizeof(sAuthLogonChallenge_C) - buf.size()) || (ibuf.GetLength() < remaining))
return false;
//No big fear of memory outage (size is int16, i.e. < 65536)
buf.resize(remaining + buf.size() + 1);
buf[buf.size() - 1] = 0;
sAuthLogonChallenge_C *ch = (sAuthLogonChallenge_C*)&buf[0];
// BigEndian code, nop in little endian case
// size already converted
EndianConvert(*((uint32*)(&ch->gamename[0])));
EndianConvert(ch->build);
EndianConvert(*((uint32*)(&ch->platform[0])));
EndianConvert(*((uint32*)(&ch->os[0])));
EndianConvert(*((uint32*)(&ch->country[0])));
EndianConvert(ch->timezone_bias);
EndianConvert(ch->ip);
///- Read the remaining of the packet
ibuf.Read((char *)&buf[4], remaining);
DEBUG_LOG("[AuthChallenge] got full packet, %#04x bytes", ch->size);
DEBUG_LOG("[AuthChallenge] name(%d): '%s'", ch->I_len, ch->I);
ByteBuffer pkt;
_login = (const char*)ch->I;
_build = ch->build;
///- Normalize account name
//utf8ToUpperOnlyLatin(_login); -- client already send account in expected form
//Escape the user login to avoid further SQL injection
//Memory will be freed on AuthSocket object destruction
_safelogin=_login;
loginDatabase.escape_string(_safelogin);
pkt << (uint8) AUTH_LOGON_CHALLENGE;
pkt << (uint8) 0x00;
///- Verify that this IP is not in the ip_banned table
// No SQL injection possible (paste the IP address as passed by the socket)
loginDatabase.Execute("DELETE FROM ip_banned WHERE unbandate<=UNIX_TIMESTAMP() AND unbandate<>bandate");
std::string address = GetRemoteAddress();
loginDatabase.escape_string(address);
QueryResult *result = loginDatabase.PQuery( "SELECT * FROM ip_banned WHERE ip = '%s'",address.c_str());
if(result)
{
pkt << (uint8)REALM_AUTH_ACCOUNT_BANNED;
sLog.outBasic("[AuthChallenge] Banned ip %s tries to login!",GetRemoteAddress().c_str ());
delete result;
}
else
{
///- Get the account details from the account table
// No SQL injection (escaped user name)
result = loginDatabase.PQuery("SELECT sha_pass_hash,id,locked,last_ip,gmlevel FROM account WHERE username = '******'",_safelogin.c_str ());
if( result )
{
///- If the IP is 'locked', check that the player comes indeed from the correct IP address
bool locked = false;
if((*result)[2].GetUInt8() == 1) // if ip is locked
{
DEBUG_LOG("[AuthChallenge] Account '%s' is locked to IP - '%s'", _login.c_str(), (*result)[3].GetString());
DEBUG_LOG("[AuthChallenge] Player address is '%s'", GetRemoteAddress().c_str());
if ( strcmp((*result)[3].GetString(),GetRemoteAddress().c_str()) )
{
DEBUG_LOG("[AuthChallenge] Account IP differs");
pkt << (uint8) REALM_AUTH_ACCOUNT_FREEZED;
locked=true;
}
else
{
DEBUG_LOG("[AuthChallenge] Account IP matches");
}
}
else
{
DEBUG_LOG("[AuthChallenge] Account '%s' is not locked to ip", _login.c_str());
}
if (!locked)
{
//set expired bans to inactive
loginDatabase.Execute("UPDATE account_banned SET active = 0 WHERE unbandate<=UNIX_TIMESTAMP() AND unbandate<>bandate");
///- If the account is banned, reject the logon attempt
QueryResult *banresult = loginDatabase.PQuery("SELECT bandate,unbandate FROM account_banned WHERE id = %u AND active = 1", (*result)[1].GetUInt32());
if(banresult)
{
if((*banresult)[0].GetUInt64() == (*banresult)[1].GetUInt64())
{
pkt << (uint8) REALM_AUTH_ACCOUNT_BANNED;
sLog.outBasic("[AuthChallenge] Banned account %s tries to login!",_login.c_str ());
}
else
{
pkt << (uint8) REALM_AUTH_ACCOUNT_FREEZED;
sLog.outBasic("[AuthChallenge] Temporarily banned account %s tries to login!",_login.c_str ());
}
delete banresult;
}
else
{
///- Get the password from the account table, upper it, and make the SRP6 calculation
std::string rI = (*result)[0].GetCppString();
_SetVSFields(rI);
b.SetRand(19 * 8);
BigNumber gmod=g.ModExp(b, N);
B = ((v * 3) + gmod) % N;
ASSERT(gmod.GetNumBytes() <= 32);
BigNumber unk3;
unk3.SetRand(16*8);
///- Fill the response packet with the result
pkt << (uint8)REALM_AUTH_SUCCESS;
// B may be calculated < 32B so we force minimal length to 32B
pkt.append(B.AsByteArray(32), 32); // 32 bytes
pkt << (uint8)1;
pkt.append(g.AsByteArray(), 1);
pkt << (uint8)32;
pkt.append(N.AsByteArray(), 32);
pkt.append(s.AsByteArray(), s.GetNumBytes());// 32 bytes
pkt.append(unk3.AsByteArray(), 16);
pkt << (uint8)0; // security flags (0x0...0x04)
uint8 secLevel = (*result)[4].GetUInt8();
_accountSecurityLevel = secLevel <= SEC_ADMINISTRATOR ? AccountTypes(secLevel) : SEC_ADMINISTRATOR;
_localizationName.resize(4);
for(int i = 0; i <4; ++i)
_localizationName[i] = ch->country[4-i-1];
sLog.outBasic("[AuthChallenge] account %s is using '%c%c%c%c' locale (%u)", _login.c_str (), ch->country[3],ch->country[2],ch->country[1],ch->country[0], GetLocaleByName(_localizationName));
}
}
delete result;
}
else // no account
{
pkt<< (uint8) REALM_AUTH_NO_MATCH;
}
}
SendBuf((char const*)pkt.contents(), pkt.size());
return true;
}
// Logon Challenge command handler
bool AuthSocket::_HandleLogonChallenge()
{
TC_LOG_DEBUG(LOG_FILTER_AUTHSERVER, "Entering _HandleLogonChallenge");
if (socket().recv_len() < sizeof(sAuthLogonChallenge_C))
return false;
// Read the first 4 bytes (header) to get the length of the remaining of the packet
std::vector<uint8> buf;
buf.resize(4);
socket().recv((char *)&buf[0], 4);
#if TRINITY_ENDIAN == TRINITY_BIGENDIAN
EndianConvert(*((uint16*)(buf[0])));
#endif
uint16 remaining = ((sAuthLogonChallenge_C *)&buf[0])->size;
TC_LOG_DEBUG(LOG_FILTER_AUTHSERVER, "[AuthChallenge] got header, body is %#04x bytes", remaining);
if ((remaining < sizeof(sAuthLogonChallenge_C) - buf.size()) || (socket().recv_len() < remaining))
return false;
//No big fear of memory outage (size is int16, i.e. < 65536)
buf.resize(remaining + buf.size() + 1);
buf[buf.size() - 1] = 0;
sAuthLogonChallenge_C *ch = (sAuthLogonChallenge_C*)&buf[0];
// Read the remaining of the packet
socket().recv((char *)&buf[4], remaining);
TC_LOG_DEBUG(LOG_FILTER_AUTHSERVER, "[AuthChallenge] got full packet, %#04x bytes", ch->size);
TC_LOG_DEBUG(LOG_FILTER_AUTHSERVER, "[AuthChallenge] name(%d): '%s'", ch->I_len, ch->I);
// BigEndian code, nop in little endian case
// size already converted
#if TRINITY_ENDIAN == TRINITY_BIGENDIAN
EndianConvert(*((uint32*)(&ch->gamename[0])));
EndianConvert(ch->build);
EndianConvert(*((uint32*)(&ch->platform[0])));
EndianConvert(*((uint32*)(&ch->os[0])));
EndianConvert(*((uint32*)(&ch->country[0])));
EndianConvert(ch->timezone_bias);
EndianConvert(ch->ip);
#endif
ByteBuffer pkt;
_login = (const char*)ch->I;
_build = ch->build;
_expversion = uint8(AuthHelper::IsPostBCAcceptedClientBuild(_build) ? POST_BC_EXP_FLAG : (AuthHelper::IsPreBCAcceptedClientBuild(_build) ? PRE_BC_EXP_FLAG : NO_VALID_EXP_FLAG));
_os = (const char*)ch->os;
if (_os.size() > 4)
return false;
// Restore string order as its byte order is reversed
std::reverse(_os.begin(), _os.end());
pkt << uint8(AUTH_LOGON_CHALLENGE);
pkt << uint8(0x00);
// Verify that this IP is not in the ip_banned table
LoginDatabase.Execute(LoginDatabase.GetPreparedStatement(LOGIN_DEL_EXPIRED_IP_BANS));
std::string const& ip_address = socket().getRemoteAddress();
PreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_IP_BANNED);
stmt->setString(0, ip_address);
PreparedQueryResult result = LoginDatabase.Query(stmt);
if (result)
{
pkt << uint8(WOW_FAIL_BANNED);
TC_LOG_DEBUG(LOG_FILTER_AUTHSERVER, "'%s:%d' [AuthChallenge] Banned ip tries to login!", socket().getRemoteAddress().c_str(), socket().getRemotePort());
}
else
{
// Get the account details from the account table
// No SQL injection (prepared statement)
stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_LOGONCHALLENGE);
stmt->setString(0, _login);
PreparedQueryResult res2 = LoginDatabase.Query(stmt);
if (res2)
{
Field* fields = res2->Fetch();
// If the IP is 'locked', check that the player comes indeed from the correct IP address
bool locked = false;
if (fields[2].GetUInt8() == 1) // if ip is locked
{
TC_LOG_DEBUG(LOG_FILTER_AUTHSERVER, "[AuthChallenge] Account '%s' is locked to IP - '%s'", _login.c_str(), fields[3].GetCString());
TC_LOG_DEBUG(LOG_FILTER_AUTHSERVER, "[AuthChallenge] Player address is '%s'", ip_address.c_str());
if (strcmp(fields[4].GetCString(), ip_address.c_str()))
{
TC_LOG_DEBUG(LOG_FILTER_AUTHSERVER, "[AuthChallenge] Account IP differs");
pkt << (uint8) WOW_FAIL_SUSPENDED;
locked = true;
}
else
TC_LOG_DEBUG(LOG_FILTER_AUTHSERVER, "[AuthChallenge] Account IP matches");
}
//else
//{
// TC_LOG_DEBUG(LOG_FILTER_AUTHSERVER, "[AuthChallenge] Account '%s' is not locked to ip", _login.c_str());
// std::string accountCountry = fields[3].GetString();
// if (accountCountry.empty() || accountCountry == "00")
// TC_LOG_DEBUG(LOG_FILTER_AUTHSERVER, "[AuthChallenge] Account '%s' is not locked to country", _login.c_str());
// else if (!accountCountry.empty())
// {
// uint32 ip = inet_addr(ip_address.c_str());
// EndianConvertReverse(ip);
// stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_LOGON_COUNTRY);
// stmt->setUInt32(0, ip);
// if (PreparedQueryResult sessionCountryQuery = LoginDatabase.Query(stmt))
// {
// std::string loginCountry = (*sessionCountryQuery)[0].GetString();
// TC_LOG_DEBUG(LOG_FILTER_AUTHSERVER, "[AuthChallenge] Account '%s' is locked to country: '%s' Player country is '%s'", _login.c_str(), accountCountry.c_str(), loginCountry.c_str());
// if (loginCountry != accountCountry)
// {
// TC_LOG_DEBUG(LOG_FILTER_AUTHSERVER, "[AuthChallenge] Account country differs.");
// pkt << uint8(WOW_FAIL_UNLOCKABLE_LOCK);
// locked = true;
// }
// else
// TC_LOG_DEBUG(LOG_FILTER_AUTHSERVER, "[AuthChallenge] Account country matches");
// }
// else
// TC_LOG_DEBUG(LOG_FILTER_AUTHSERVER, "[AuthChallenge] IP2NATION Table empty");
// }
//}
if (!locked)
{
//set expired bans to inactive
LoginDatabase.Execute(LoginDatabase.GetPreparedStatement(LOGIN_UPD_EXPIRED_ACCOUNT_BANS));
// If the account is banned, reject the logon attempt
stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_ACCOUNT_BANNED);
stmt->setUInt32(0, fields[1].GetUInt32());
PreparedQueryResult banresult = LoginDatabase.Query(stmt);
if (banresult)
{
if ((*banresult)[0].GetUInt32() == (*banresult)[1].GetUInt32())
{
pkt << uint8(WOW_FAIL_BANNED);
TC_LOG_DEBUG(LOG_FILTER_AUTHSERVER, "'%s:%d' [AuthChallenge] Banned account %s tried to login!", socket().getRemoteAddress().c_str(), socket().getRemotePort(), _login.c_str ());
}
else
{
pkt << uint8(WOW_FAIL_SUSPENDED);
TC_LOG_DEBUG(LOG_FILTER_AUTHSERVER, "'%s:%d' [AuthChallenge] Temporarily banned account %s tried to login!", socket().getRemoteAddress().c_str(), socket().getRemotePort(), _login.c_str ());
}
}
else
{
// Get the password from the account table, upper it, and make the SRP6 calculation
std::string rI = fields[0].GetString();
// Don't calculate (v, s) if there are already some in the database
std::string databaseV = fields[6].GetString();
std::string databaseS = fields[7].GetString();
TC_LOG_DEBUG(LOG_FILTER_NETWORKIO, "database authentication values: v='%s' s='%s'", databaseV.c_str(), databaseS.c_str());
// multiply with 2 since bytes are stored as hexstring
if (databaseV.size() != s_BYTE_SIZE * 2 || databaseS.size() != s_BYTE_SIZE * 2)
_SetVSFields(rI);
else
{
s.SetHexStr(databaseS.c_str());
v.SetHexStr(databaseV.c_str());
}
b.SetRand(19 * 8);
BigNumber gmod = g.ModExp(b, N);
B = ((v * 3) + gmod) % N;
ASSERT(gmod.GetNumBytes() <= 32);
BigNumber unk3;
unk3.SetRand(16 * 8);
// Fill the response packet with the result
if (AuthHelper::IsAcceptedClientBuild(_build))
pkt << uint8(WOW_SUCCESS);
else
pkt << uint8(WOW_FAIL_VERSION_INVALID);
// B may be calculated < 32B so we force minimal length to 32B
pkt.append(B.AsByteArray(32), 32); // 32 bytes
pkt << uint8(1);
pkt.append(g.AsByteArray(), 1);
pkt << uint8(32);
pkt.append(N.AsByteArray(32), 32);
pkt.append(s.AsByteArray(), s.GetNumBytes()); // 32 bytes
pkt.append(unk3.AsByteArray(16), 16);
uint8 securityFlags = 0;
pkt << uint8(securityFlags); // security flags (0x0...0x04)
if (securityFlags & 0x01) // PIN input
{
pkt << uint32(0);
pkt << uint64(0) << uint64(0); // 16 bytes hash?
}
if (securityFlags & 0x02) // Matrix input
{
pkt << uint8(0);
pkt << uint8(0);
pkt << uint8(0);
pkt << uint8(0);
pkt << uint64(0);
}
if (securityFlags & 0x04) // Security token input
pkt << uint8(1);
uint8 secLevel = fields[5].GetUInt8();
_accountSecurityLevel = secLevel <= SEC_ADMINISTRATOR ? AccountTypes(secLevel) : SEC_ADMINISTRATOR;
_localizationName.resize(4);
for (int i = 0; i < 4; ++i)
_localizationName[i] = ch->country[4-i-1];
TC_LOG_DEBUG(LOG_FILTER_AUTHSERVER, "'%s:%d' [AuthChallenge] account %s is using '%c%c%c%c' locale (%u)", socket().getRemoteAddress().c_str(), socket().getRemotePort(),
_login.c_str (), ch->country[3], ch->country[2], ch->country[1], ch->country[0], GetLocaleByName(_localizationName)
);
}
}
}
else //no account
pkt << uint8(WOW_FAIL_UNKNOWN_ACCOUNT);
}
socket().send((char const*)pkt.contents(), pkt.size());
return true;
}
