/// Reconnect Challenge command handler
bool AuthSocket::_HandleReconnectChallenge()
{
DEBUG_LOG("Entering _HandleReconnectChallenge");
if (recv_len() < sizeof(sAuthLogonChallenge_C))
return false;
///- Read the first 4 bytes (header) to get the length of the remaining of the packet
std::vector<uint8> buf;
buf.resize(4);
recv((char *)&buf[0], 4);
EndianConvert(*((uint16*)(buf[0])));
uint16 remaining = ((sAuthLogonChallenge_C *)&buf[0])->size;
DEBUG_LOG("[ReconnectChallenge] got header, body is %#04x bytes", remaining);
if ((remaining < sizeof(sAuthLogonChallenge_C) - buf.size()) || (recv_len() < remaining))
return false;
//No big fear of memory outage (size is int16, i.e. < 65536)
buf.resize(remaining + buf.size() + 1);
buf[buf.size() - 1] = 0;
sAuthLogonChallenge_C *ch = (sAuthLogonChallenge_C*)&buf[0];
///- Read the remaining of the packet
recv((char *)&buf[4], remaining);
DEBUG_LOG("[ReconnectChallenge] got full packet, %#04x bytes", ch->size);
DEBUG_LOG("[ReconnectChallenge] name(%d): '%s'", ch->I_len, ch->I);
_login = (const char*)ch->I;
_safelogin = _login;
loginDatabase.escape_string(_safelogin);
EndianConvert(ch->build);
_build = ch->build;
QueryResult *result = loginDatabase.PQuery ("SELECT sessionkey FROM account WHERE username = '******'", _safelogin.c_str ());
// Stop if the account is not found
if (!result)
{
sLog.outError("[ERROR] user %s tried to login and we cannot find his session key in the database.", _login.c_str());
close_connection();
return false;
}
Field* fields = result->Fetch ();
K.SetHexStr (fields[0].GetString ());
delete result;
///- Sending response
ByteBuffer pkt;
pkt << (uint8) AUTH_RECONNECT_CHALLENGE;
pkt << (uint8) 0x00;
_reconnectProof.SetRand(16 * 8);
pkt.append(_reconnectProof.AsByteArray(16),16); // 16 bytes random
pkt << (uint64) 0x00 << (uint64) 0x00; // 16 bytes zeros
send((char const*)pkt.contents(), pkt.size());
return true;
}
/// Read the packet from the client
void AuthSocket::OnRead()
{
#define MAX_AUTH_LOGON_CHALLENGES_IN_A_ROW 3
uint32 challengesInARow = 0;
uint8 _cmd;
while (1)
{
if (!recv_soft((char*)&_cmd, 1))
return;
if (_cmd == CMD_AUTH_LOGON_CHALLENGE)
{
++challengesInARow;
if (challengesInARow == MAX_AUTH_LOGON_CHALLENGES_IN_A_ROW)
{
DETAIL_LOG("Got %u CMD_AUTH_LOGON_CHALLENGE in a row from '%s', possible ongoing DoS", challengesInARow, get_remote_address().c_str());
close_connection();
return;
}
}
size_t i;
///- Circle through known commands and call the correct command handler
for (i = 0; i < AUTH_TOTAL_COMMANDS; ++i)
{
if ((uint8)table[i].cmd == _cmd &&
(table[i].status == STATUS_CONNECTED ||
(_authed && table[i].status == STATUS_AUTHED)))
{
DEBUG_LOG("[Auth] got data for cmd %u recv length %u",
(uint32)_cmd, (uint32)recv_len());
if (!(*this.*table[i].handler)())
{
DEBUG_LOG("Command handler failed for cmd %u recv length %u",
(uint32)_cmd, (uint32)recv_len());
return;
}
break;
}
}
///- Report unknown commands in the debug log
if (i == AUTH_TOTAL_COMMANDS)
{
DEBUG_LOG("[Auth] got unknown packet %u", (uint32)_cmd);
return;
}
}
}
/// Read the packet from the client
bool AuthSocket::process_incoming_data()
{
uint8 _cmd;
while (1)
{
if (!recv_soft((char*)&_cmd, 1))
return true;
size_t i;
///- Circle through known commands and call the correct command handler
for (i = 0; i < AUTH_TOTAL_COMMANDS; ++i)
{
if ((uint8)table[i].cmd == _cmd &&
(table[i].status == STATUS_CONNECTED ||
(_authed && table[i].status == STATUS_AUTHED)))
{
DEBUG_LOG("[Auth] got data for cmd %u recv length %u",
(uint32)_cmd, (uint32)recv_len());
if (!(*this.*table[i].handler)())
{
DEBUG_LOG("Command handler failed for cmd %u recv length %u",
(uint32)_cmd, (uint32)recv_len());
return true;
}
break;
}
}
///- Report unknown commands in the debug log
if (i == AUTH_TOTAL_COMMANDS)
{
DEBUG_LOG("[Auth] got unknown packet %u", (uint32)_cmd);
return true;
}
}
return true;
}
/// %Realm List command handler
bool AuthSocket::_HandleRealmList()
{
DEBUG_LOG("Entering _HandleRealmList");
if (recv_len() < 5)
return false;
recv_skip(5);
///- Get the user id (else close the connection)
// No SQL injection (escaped user name)
QueryResult* result = LoginDatabase.PQuery("SELECT id,sha_pass_hash FROM account WHERE username = '******'", _safelogin.c_str());
if (!result)
{
sLog.outError("[ERROR] user %s tried to login and we cannot find him in the database.", _login.c_str());
close_connection();
return false;
}
uint32 id = (*result)[0].GetUInt32();
std::string rI = (*result)[1].GetCppString();
delete result;
///- Update realm list if need
sRealmList.UpdateIfNeed();
///- Circle through realms in the RealmList and construct the return packet (including # of user characters in each realm)
ByteBuffer pkt;
LoadRealmlist(pkt, id);
ByteBuffer hdr;
hdr << (uint8) CMD_REALM_LIST;
hdr << (uint16)pkt.size();
hdr.append(pkt);
send((char const*)hdr.contents(), hdr.size());
return true;
}
/// Resume patch transfer
bool AuthSocket::_HandleXferResume()
{
DEBUG_LOG("Entering _HandleXferResume");
if (recv_len() < 9)
return false;
recv_skip(1);
uint64 start_pos;
recv((char*)&start_pos, 8);
if (patch_ == ACE_INVALID_HANDLE)
{
close_connection();
return false;
}
ACE_OFF_T file_size = ACE_OS::filesize(patch_);
if (file_size == -1 || start_pos >= (uint64)file_size)
{
close_connection();
return false;
}
if (ACE_OS::lseek(patch_, start_pos, SEEK_SET) == -1)
{
close_connection();
return false;
}
InitPatch();
return true;
}
/// Logon Challenge command handler
bool AuthSocket::_HandleLogonChallenge()
{
DEBUG_LOG("Entering _HandleLogonChallenge");
if (recv_len() < sizeof(sAuthLogonChallenge_C))
return false;
///- Read the first 4 bytes (header) to get the length of the remaining of the packet
std::vector<uint8> buf;
buf.resize(4);
recv((char*)&buf[0], 4);
EndianConvert(*((uint16*)(buf[0])));
uint16 remaining = ((sAuthLogonChallenge_C*)&buf[0])->size;
DEBUG_LOG("[AuthChallenge] got header, body is %#04x bytes", remaining);
if ((remaining < sizeof(sAuthLogonChallenge_C) - buf.size()) || (recv_len() < remaining))
return false;
// No big fear of memory outage (size is int16, i.e. < 65536)
buf.resize(remaining + buf.size() + 1);
buf[buf.size() - 1] = 0;
sAuthLogonChallenge_C* ch = (sAuthLogonChallenge_C*)&buf[0];
///- Read the remaining of the packet
recv((char*)&buf[4], remaining);
DEBUG_LOG("[AuthChallenge] got full packet, %#04x bytes", ch->size);
DEBUG_LOG("[AuthChallenge] name(%d): '%s'", ch->I_len, ch->I);
// BigEndian code, nop in little endian case
// size already converted
EndianConvert(*((uint32*)(&ch->gamename[0])));
EndianConvert(ch->build);
EndianConvert(*((uint32*)(&ch->platform[0])));
EndianConvert(*((uint32*)(&ch->os[0])));
EndianConvert(*((uint32*)(&ch->country[0])));
EndianConvert(ch->timezone_bias);
EndianConvert(ch->ip);
ByteBuffer pkt;
_login = (const char*)ch->I;
_build = ch->build;
///- Normalize account name
// utf8ToUpperOnlyLatin(_login); -- client already send account in expected form
// Escape the user login to avoid further SQL injection
// Memory will be freed on AuthSocket object destruction
_safelogin = _login;
LoginDatabase.escape_string(_safelogin);
pkt << (uint8) CMD_AUTH_LOGON_CHALLENGE;
pkt << (uint8) 0x00;
///- Verify that this IP is not in the ip_banned table
// No SQL injection possible (paste the IP address as passed by the socket)
std::string address = get_remote_address();
LoginDatabase.escape_string(address);
QueryResult* result = LoginDatabase.PQuery("SELECT unbandate FROM ip_banned WHERE "
// permanent still banned
"(unbandate = bandate OR unbandate > UNIX_TIMESTAMP()) AND ip = '%s'", address.c_str());
if (result)
{
pkt << (uint8)WOW_FAIL_BANNED;
BASIC_LOG("[AuthChallenge] Banned ip %s tries to login!", get_remote_address().c_str());
delete result;
}
else
{
///- Get the account details from the account table
// No SQL injection (escaped user name)
result = LoginDatabase.PQuery("SELECT sha_pass_hash,id,locked,last_ip,gmlevel,v,s FROM account WHERE username = '******'", _safelogin.c_str());
if (result)
{
///- If the IP is 'locked', check that the player comes indeed from the correct IP address
bool locked = false;
if ((*result)[2].GetUInt8() == 1) // if ip is locked
{
DEBUG_LOG("[AuthChallenge] Account '%s' is locked to IP - '%s'", _login.c_str(), (*result)[3].GetString());
DEBUG_LOG("[AuthChallenge] Player address is '%s'", get_remote_address().c_str());
if (strcmp((*result)[3].GetString(), get_remote_address().c_str()))
{
DEBUG_LOG("[AuthChallenge] Account IP differs");
pkt << (uint8) WOW_FAIL_SUSPENDED;
locked = true;
}
else
{
DEBUG_LOG("[AuthChallenge] Account IP matches");
}
}
else
{
DEBUG_LOG("[AuthChallenge] Account '%s' is not locked to ip", _login.c_str());
}
if (!locked)
{
///- If the account is banned, reject the logon attempt
QueryResult* banresult = LoginDatabase.PQuery("SELECT bandate,unbandate FROM account_banned WHERE "
"id = %u AND active = 1 AND (unbandate > UNIX_TIMESTAMP() OR unbandate = bandate)", (*result)[1].GetUInt32());
if (banresult)
{
if ((*banresult)[0].GetUInt64() == (*banresult)[1].GetUInt64())
{
pkt << (uint8) WOW_FAIL_BANNED;
BASIC_LOG("[AuthChallenge] Banned account %s tries to login!", _login.c_str());
}
else
{
pkt << (uint8) WOW_FAIL_SUSPENDED;
BASIC_LOG("[AuthChallenge] Temporarily banned account %s tries to login!", _login.c_str());
}
delete banresult;
}
else
{
///- Get the password from the account table, upper it, and make the SRP6 calculation
std::string rI = (*result)[0].GetCppString();
///- Don't calculate (v, s) if there are already some in the database
std::string databaseV = (*result)[5].GetCppString();
std::string databaseS = (*result)[6].GetCppString();
DEBUG_LOG("database authentication values: v='%s' s='%s'", databaseV.c_str(), databaseS.c_str());
// multiply with 2, bytes are stored as hexstring
if (databaseV.size() != s_BYTE_SIZE * 2 || databaseS.size() != s_BYTE_SIZE * 2)
_SetVSFields(rI);
else
{
s.SetHexStr(databaseS.c_str());
v.SetHexStr(databaseV.c_str());
}
b.SetRand(19 * 8);
BigNumber gmod = g.ModExp(b, N);
B = ((v * 3) + gmod) % N;
MANGOS_ASSERT(gmod.GetNumBytes() <= 32);
BigNumber unk3;
unk3.SetRand(16 * 8);
///- Fill the response packet with the result
pkt << uint8(WOW_SUCCESS);
// B may be calculated < 32B so we force minimal length to 32B
pkt.append(B.AsByteArray(32), 32); // 32 bytes
pkt << uint8(1);
pkt.append(g.AsByteArray(), 1);
pkt << uint8(32);
pkt.append(N.AsByteArray(32), 32);
pkt.append(s.AsByteArray(), s.GetNumBytes());// 32 bytes
pkt.append(unk3.AsByteArray(16), 16);
uint8 securityFlags = 0;
pkt << uint8(securityFlags); // security flags (0x0...0x04)
if (securityFlags & 0x01) // PIN input
{
pkt << uint32(0);
pkt << uint64(0) << uint64(0); // 16 bytes hash?
}
if (securityFlags & 0x02) // Matrix input
{
pkt << uint8(0);
pkt << uint8(0);
pkt << uint8(0);
pkt << uint8(0);
pkt << uint64(0);
}
if (securityFlags & 0x04) // Security token input
{
pkt << uint8(1);
}
uint8 secLevel = (*result)[4].GetUInt8();
_accountSecurityLevel = secLevel <= SEC_ADMINISTRATOR ? AccountTypes(secLevel) : SEC_ADMINISTRATOR;
_localizationName.resize(4);
for (int i = 0; i < 4; ++i)
_localizationName[i] = ch->country[4 - i - 1];
BASIC_LOG("[AuthChallenge] account %s is using '%c%c%c%c' locale (%u)", _login.c_str(), ch->country[3], ch->country[2], ch->country[1], ch->country[0], GetLocaleByName(_localizationName));
}
}
delete result;
}
else // no account
{
pkt << (uint8) WOW_FAIL_UNKNOWN_ACCOUNT;
}
}
send((char const*)pkt.contents(), pkt.size());
return true;
}
/// Logon Challenge command handler
bool AuthSocket::_HandleLogonChallenge()
{
DEBUG_LOG("Entering _HandleLogonChallenge");
if (recv_len() < sizeof(sAuthLogonChallenge_C))
return false;
///- Read the first 4 bytes (header) to get the length of the remaining of the packet
std::vector<uint8> buf;
buf.resize(4);
recv((char *)&buf[0], 4);
EndianConvert(*((uint16*)(buf[0])));
uint16 remaining = ((sAuthLogonChallenge_C *)&buf[0])->size;
DEBUG_LOG("[AuthChallenge] got header, body is %#04x bytes", remaining);
if ((remaining < sizeof(sAuthLogonChallenge_C) - buf.size()) || (recv_len() < remaining))
return false;
//No big fear of memory outage (size is int16, i.e. < 65536)
buf.resize(remaining + buf.size() + 1);
buf[buf.size() - 1] = 0;
sAuthLogonChallenge_C *ch = (sAuthLogonChallenge_C*)&buf[0];
///- Read the remaining of the packet
recv((char *)&buf[4], remaining);
DEBUG_LOG("[AuthChallenge] got full packet, %#04x bytes", ch->size);
DEBUG_LOG("[AuthChallenge] name(%d): '%s'", ch->I_len, ch->I);
// BigEndian code, nop in little endian case
// size already converted
EndianConvert(*((uint32*)(&ch->gamename[0])));
EndianConvert(ch->build);
EndianConvert(*((uint32*)(&ch->platform[0])));
EndianConvert(*((uint32*)(&ch->os[0])));
EndianConvert(*((uint32*)(&ch->country[0])));
EndianConvert(ch->timezone_bias);
EndianConvert(ch->ip);
ByteBuffer pkt;
_login = (const char*)ch->I;
_build = ch->build;
_os = (const char*)ch->os;
if(_os.size() > 4)
return false;
///- Normalize account name
//utf8ToUpperOnlyLatin(_login); -- client already send account in expected form
//Escape the user login to avoid further SQL injection
//Memory will be freed on AuthSocket object destruction
_safelogin = _login;
LoginDatabase.escape_string(_safelogin);
// Starting CMD_AUTH_LOGON_CHALLENGE
AuthResult result = WOW_FAIL_UNKNOWN0;
///- Verify that this IP is not in the ip_banned table
// No SQL injection possible (paste the IP address as passed by the socket)
std::string address = get_remote_address();
LoginDatabase.escape_string(address);
QueryResult* qresult = LoginDatabase.PQuery("SELECT unbandate FROM ip_banned WHERE "
// permanent still banned
"(unbandate = bandate OR unbandate > UNIX_TIMESTAMP()) AND ip = '%s'", address.c_str());
if (qresult)
{
result = WOW_FAIL_BANNED;
BASIC_LOG("[AuthChallenge] Banned ip %s tries to login!", get_remote_address().c_str());
delete qresult;
}
else
{
///- Get the account details from the account table
// No SQL injection (escaped user name)
//qresult = LoginDatabase.PQuery("SELECT sha_pass_hash,id,locked,last_ip,gmlevel,v,s FROM account WHERE username = '******'",_safelogin.c_str());
qresult = LoginDatabase.PQuery("SELECT a.sha_pass_hash,a.id,a.locked,a.last_ip,aa.gmlevel,a.v,a.s FROM account a LEFT JOIN account_access aa ON (a.id = aa.id) WHERE username = '******'", _safelogin.c_str());
if (qresult)
{
std::string rI = (*qresult)[0].GetCppString();
uint32 accountId = (*qresult)[1].GetUInt32();
uint8 locked = (*qresult)[2].GetUInt8();
std::string lastIP = (*qresult)[3].GetString();
uint8 secLevel = (*qresult)[4].GetUInt8();
std::string databaseV = (*qresult)[5].GetCppString();
std::string databaseS = (*qresult)[6].GetCppString();
bool blockLogin = false;
if (sConfig.GetBoolDefault("MultiIPCheck", false))
{
int32 iplimit = sConfig.GetIntDefault("MultiIPLimit", 10);
int32 multiIPdelay = sConfig.GetIntDefault("MultiIPPeriodInHours", 48);
// If a GM account login ignore MultiIP
QueryResult* ipcheck = LoginDatabase.PQuery("SELECT id FROM account WHERE last_ip = '%s' AND id != %u AND last_login > NOW() - INTERVAL %u HOUR ORDER BY last_login DESC;", get_remote_address().c_str(), accountId, multiIPdelay);
if (ipcheck)
{
// build whitelist
std::list<uint32> accountsInWhitelist;
accountsInWhitelist.clear();
QueryResult* IDsinwhite = LoginDatabase.PQuery("SELECT whitelist FROM multi_IP_whitelist WHERE whitelist LIKE '%|%u|%'", accountId);
if (IDsinwhite)
{
Tokens whitelistaccounts((*IDsinwhite)[0].GetCppString(),'|');
bool isInWhite = false;
for (Tokens::const_iterator itr = whitelistaccounts.begin(); itr != whitelistaccounts.end(); ++itr)
accountsInWhitelist.push_back(atoi(*itr));
delete IDsinwhite;
}
do
{
Field* pFields =ipcheck->Fetch();
uint32 MultiAccountID = pFields[0].GetUInt32();
bool isInWhite = false;
for (std::list<uint32>::const_iterator itr = accountsInWhitelist.begin(); itr != accountsInWhitelist.end(); ++itr)
{
if (*itr == MultiAccountID)
isInWhite = true;
}
if (!isInWhite)
{
--iplimit;
}
}
while (ipcheck->NextRow());
delete ipcheck;
}
/*
* default case 10 allowed account with same last_ip
* we found 9 account with current ip. NOTE: actual account is not in list
* 10 - 9 - 1
* ^ current account
* ^ account in list
* ^ allowed
*/
if (iplimit < 1)
{
DEBUG_LOG("[AuthChallenge] Account '%s' is multi IP - '%s'", _login.c_str(), lastIP.c_str());
result = WOW_FAIL_PARENTCONTROL;
blockLogin = true;
}
}
///- If the IP is 'locked', check that the player comes indeed from the correct IP address
if (locked == 1) // if ip is locked
{
DEBUG_LOG("[AuthChallenge] Account '%s' is locked to IP - '%s'", _login.c_str(), lastIP.c_str());
DEBUG_LOG("[AuthChallenge] Player address is '%s'", get_remote_address().c_str());
if (strcmp(lastIP.c_str(),get_remote_address().c_str()) )
{
DEBUG_LOG("[AuthChallenge] Account IP differs");
result = WOW_FAIL_SUSPENDED;
blockLogin = true;
}
else
{
DEBUG_LOG("[AuthChallenge] Account IP matches");
}
}
else
{
DEBUG_LOG("[AuthChallenge] Account '%s' is not locked to ip", _login.c_str());
}
if (!blockLogin)
{
///- If the account is banned, reject the logon attempt
QueryResult* banresult = LoginDatabase.PQuery("SELECT bandate,unbandate FROM account_banned WHERE "
"id = %u AND active = 1 AND (unbandate > UNIX_TIMESTAMP() OR unbandate = bandate)", accountId);
if (banresult)
{
if ((*banresult)[0].GetUInt64() == (*banresult)[1].GetUInt64())
{
result = WOW_FAIL_BANNED;
BASIC_LOG("[AuthChallenge] Banned account %s (Id: %u) tries to login!", _login.c_str(), accountId);
}
else
{
result = WOW_FAIL_SUSPENDED;
BASIC_LOG("[AuthChallenge] Temporarily banned account %s (Id: %u) tries to login!",_login.c_str(), accountId);
}
delete banresult;
}
else
{
DEBUG_LOG("database authentication values: v='%s' s='%s'", databaseV.c_str(), databaseS.c_str());
// multiply with 2, bytes are stored as hexstring
if (databaseV.size() != s_BYTE_SIZE*2 || databaseS.size() != s_BYTE_SIZE*2)
_SetVSFields(rI);
else
{
s.SetHexStr(databaseS.c_str());
v.SetHexStr(databaseV.c_str());
}
result = WOW_SUCCESS;
_accountSecurityLevel = secLevel <= SEC_ADMINISTRATOR ? AccountTypes(secLevel) : SEC_ADMINISTRATOR;
_localizationName.resize(4);
for (int i = 0; i < 4; ++i)
_localizationName[i] = ch->country[4-i-1];
BASIC_LOG("[AuthChallenge] account %s (Id: %u) is using '%c%c%c%c' locale (%u)", _login.c_str (), accountId, ch->country[3], ch->country[2], ch->country[1], ch->country[0], GetLocaleByName(_localizationName));
}
}
delete qresult;
}
else if (sConfig.GetBoolDefault("AutoRegistration", false))
{
if (_safelogin.find_first_of("\t\v\b\f\a\n\r\\\"\'\? <>[](){}_=+-|/!@#$%^&*~`.,\0") == _safelogin.npos && _safelogin.length() > 3)
{
QueryResult* checkIPresult = LoginDatabase.PQuery("SELECT COUNT(last_ip) FROM account WHERE last_ip = '%s'",get_remote_address().c_str());
int32 regCount = checkIPresult ? (*checkIPresult)[0].GetUInt32() : 0;
if (regCount >= sConfig.GetIntDefault("AutoRegistration.Amount", 1))
{
BASIC_LOG("[AuthChallenge] Impossible auto-register account %s, number of auto-registered accouts is %u, but allowed only %u",
_safelogin.c_str(),regCount, sConfig.GetIntDefault("AutoRegistration.Amount", 1));
// result = WOW_FAIL_DB_BUSY;
result = WOW_FAIL_DISCONNECTED;
}
else
{
std::transform(_safelogin.begin(), _safelogin.end(), _safelogin.begin(), std::towupper);
Sha1Hash sha;
sha.Initialize();
sha.UpdateData(_safelogin);
sha.UpdateData(":");
sha.UpdateData(_safelogin);
sha.Finalize();
std::string encoded;
hexEncodeByteArray(sha.GetDigest(), sha.GetLength(), encoded);
LoginDatabase.PExecute("INSERT INTO account(username,sha_pass_hash,joindate) VALUES('%s','%s',NOW())", _safelogin.c_str(), encoded.c_str());
_SetVSFields(encoded);
BASIC_LOG("[AuthChallenge] account %s auto-registered (count %u)!",_safelogin.c_str(), ++regCount);
result = WOW_SUCCESS;
_accountSecurityLevel = SEC_PLAYER;
_localizationName.resize(4);
for (int i = 0; i < 4; ++i)
_localizationName[i] = ch->country[4-i-1];
}
if (checkIPresult)
delete checkIPresult;
}
}
else
result = WOW_FAIL_UNKNOWN_ACCOUNT;
}
pkt << uint8(CMD_AUTH_LOGON_CHALLENGE);
pkt << uint8(0x00);
pkt << uint8(result);
switch (result)
{
case WOW_SUCCESS:
{
b.SetRand(19 * 8);
BigNumber gmod = g.ModExp(b, N);
B = ((v * 3) + gmod) % N;
MANGOS_ASSERT(gmod.GetNumBytes() <= 32);
BigNumber unk3;
unk3.SetRand(16 * 8);
// B may be calculated < 32B so we force minimal length to 32B
pkt.append(B.AsByteArray(32), 32); // 32 bytes
pkt << uint8(1);
pkt.append(g.AsByteArray(), 1);
pkt << uint8(32);
pkt.append(N.AsByteArray(32), 32);
pkt.append(s.AsByteArray(), s.GetNumBytes());// 32 bytes
pkt.append(unk3.AsByteArray(16), 16);
uint8 securityFlags = 0;
pkt << uint8(securityFlags); // security flags (0x0...0x04)
if (securityFlags & 0x01) // PIN input
{
pkt << uint32(0);
pkt << uint64(0) << uint64(0); // 16 bytes hash?
}
if (securityFlags & 0x02) // Matrix input
{
pkt << uint8(0);
pkt << uint8(0);
pkt << uint8(0);
pkt << uint8(0);
pkt << uint64(0);
}
if (securityFlags & 0x04) // Security token input
{
pkt << uint8(1);
}
break;
}
case WOW_FAIL_UNKNOWN0:
case WOW_FAIL_UNKNOWN1:
case WOW_FAIL_SUSPENDED:
case WOW_FAIL_BANNED:
case WOW_FAIL_UNKNOWN_ACCOUNT:
case WOW_FAIL_INCORRECT_PASSWORD:
case WOW_FAIL_ALREADY_ONLINE:
case WOW_FAIL_NO_TIME:
case WOW_FAIL_DB_BUSY:
case WOW_FAIL_VERSION_INVALID:
case WOW_FAIL_VERSION_UPDATE:
case WOW_FAIL_INVALID_SERVER:
case WOW_FAIL_FAIL_NOACCESS:
case WOW_SUCCESS_SURVEY:
case WOW_FAIL_PARENTCONTROL:
case WOW_FAIL_LOCKED_ENFORCED:
case WOW_FAIL_TRIAL_ENDED:
case WOW_FAIL_USE_BATTLENET:
case WOW_FAIL_TOO_FAST:
case WOW_FAIL_CHARGEBACK:
case WOW_FAIL_GAME_ACCOUNT_LOCKED:
case WOW_FAIL_INTERNET_GAME_ROOM_WITHOUT_BNET:
case WOW_FAIL_UNLOCKABLE_LOCK:
case WOW_FAIL_DISCONNECTED:
break;
default:
BASIC_LOG("[AuthChallenge] unknown CMD_AUTH_LOGON_CHALLENGE execution result %u!", result);
break;
}
send((char const*)pkt.contents(), pkt.size());
return true;
}
/// Logon Challenge command handler
bool AuthSocket::_HandleLogonChallenge()
{
DEBUG_LOG("Entering _HandleLogonChallenge");
if (recv_len() < sizeof(sAuthLogonChallenge_C))
return false;
///- Read the first 4 bytes (header) to get the length of the remaining of the packet
std::vector<uint8> buf;
buf.resize(4);
recv((char *)&buf[0], 4);
EndianConvert(*((uint16*)(buf[0])));
uint16 remaining = ((sAuthLogonChallenge_C *)&buf[0])->size;
DEBUG_LOG("[AuthChallenge] got header, body is %#04x bytes", remaining);
if ((remaining < sizeof(sAuthLogonChallenge_C) - buf.size()) || (recv_len() < remaining))
return false;
//No big fear of memory outage (size is int16, i.e. < 65536)
buf.resize(remaining + buf.size() + 1);
buf[buf.size() - 1] = 0;
sAuthLogonChallenge_C *ch = (sAuthLogonChallenge_C*)&buf[0];
///- Read the remaining of the packet
recv((char *)&buf[4], remaining);
DEBUG_LOG("[AuthChallenge] got full packet, %#04x bytes", ch->size);
DEBUG_LOG("[AuthChallenge] name(%d): '%s'", ch->I_len, ch->I);
// BigEndian code, nop in little endian case
// size already converted
EndianConvert(*((uint32*)(&ch->gamename[0])));
EndianConvert(ch->build);
EndianConvert(*((uint32*)(&ch->platform[0])));
EndianConvert(*((uint32*)(&ch->os[0])));
EndianConvert(*((uint32*)(&ch->country[0])));
EndianConvert(ch->timezone_bias);
EndianConvert(ch->ip);
ByteBuffer pkt;
_login = (const char*)ch->I;
_build = ch->build;
///- Normalize account name
//utf8ToUpperOnlyLatin(_login); -- client already send account in expected form
//Escape the user login to avoid further SQL injection
//Memory will be freed on AuthSocket object destruction
_safelogin = _login;
LoginDatabase.escape_string(_safelogin);
pkt << (uint8) CMD_AUTH_LOGON_CHALLENGE;
pkt << (uint8) 0x00;
///- Verify that this IP is not in the ip_banned table
// No SQL injection possible (paste the IP address as passed by the socket)
std::string address = get_remote_address();
LoginDatabase.escape_string(address);
QueryResult *result = LoginDatabase.PQuery("SELECT unbandate FROM ip_banned WHERE "
// permanent still banned
"(unbandate = bandate OR unbandate > UNIX_TIMESTAMP()) AND ip = '%s'", address.c_str());
if (result)
{
pkt << (uint8)WOW_FAIL_BANNED;
BASIC_LOG("[AuthChallenge] Banned ip %s tries to login!", get_remote_address().c_str());
delete result;
}
else
{
///- Get the account details from the account table
// No SQL injection (escaped user name)
<<<<<<< HEAD:src/realmd/AuthSocket.cpp
result = LoginDatabase.PQuery("SELECT sha_pass_hash,id,locked,last_ip,gmlevel,v,s FROM account WHERE username = '******'",_safelogin.c_str ());
=======
void* process_videoencoder(void *param)
{
int sock = *(int *)param;
free(param);
printf("videoencoder new session sock=%d\n",sock);
video_encoder_t* p_video_encoder = NULL;
InputParams_videoencoder video_encoder_params;
video_encoder_params.width = width;
video_encoder_params.height = height;
video_encoder_params.gopsize_min = gopsize_min;
video_encoder_params.gopsize_max = gopsize_max;
video_encoder_params.bitrate = encode_bitrate;
video_encoder_params.fps = fps;
p_video_encoder = init_video_encoder(&video_encoder_params);
if(p_video_encoder == NULL)
{
printf("videoencoder: init_video_encoder fail..\n");
return NULL;
}
int buffer_size = width*height*3/2+24;
char *buffer = (char *)malloc(buffer_size);
if(buffer == NULL)
{
printf("videoencoder malloc buffer fail..\n");
return NULL;
}
char *input_video_sample;
int input_video_sample_size;
int output_video_sample_size = width*height*3/2;
char *output_video_sample = (char *)malloc(buffer_size);
if(output_video_sample == NULL)
{
fprintf(stderr ,"malloc buffer fail..\n");
return NULL;
}
int len = -1;
int ret = -1;
int type;
int length;
int x;
int y;
int w;
int h;
msg_head head;
struct timeval tv;
long time_us1,time_us2,time_us3,time_us4;
while (1)
{
gettimeofday(&tv,NULL);
time_us1 = tv.tv_sec*1000 + tv.tv_usec/1000;
printf("time_us1 =%ld start recv\n",time_us1);
len = recv(sock,&head,sizeof(head),0);
if(len == 0)
{
fprintf(stderr ,"connect broken error len=%d..\n",len);
break;
}
if(len < 0)
{
fprintf(stderr ,"recv data error len=%d..\n",len);
continue;
}
type = head.type;
length = head.length;
x=head.x;
y=head.y;
w=head.w;
h=head.h;
if(length != 16+w*h*3/2)
{
fprintf(stderr ,"length error len=%d..\n",len);
continue;
}
len = recv_len(sock,buffer,buffer_size,w*h*3/2);
if(len != w*h*3/2)
{
fprintf(stderr ,"recv data error len=%d..\n",len);
continue;
}
input_video_sample = buffer;
input_video_sample_size = w * h *3/2;
gettimeofday(&tv,NULL);
time_us2 = tv.tv_sec*1000 + tv.tv_usec/1000;
printf("time_us2 =%ld type=%d length=%d x=%d y=%d w=%d h=%d\n",time_us2,head.type,head.length,head.x,head.y,head.w,head.h);
output_video_sample_size = width*height*3/2;
ret = encode_video_sample_inc(p_video_encoder,input_video_sample,input_video_sample_size,
output_video_sample,&output_video_sample_size,x,y,w,h);
if(ret < 0)
{
fprintf(stderr ,"encode_video_sample_inc error ret=%d..\n",ret);
continue;
}
gettimeofday(&tv,NULL);
time_us3 = tv.tv_sec*1000 + tv.tv_usec/1000;
printf("time_us3 =%ld encode_video_sample length=%d\n",time_us3,output_video_sample_size);
head.type = 2;
head.length = 4*4 + output_video_sample_size;
head.x = 0;
head.y = 0;
head.w = 0;
head.h = 0;
len = send(sock,&head,sizeof(head),0);
if(len < 0)
{
fprintf(stderr ,"send head error ret=%d..\n",len);
continue;
}
len = send(sock,output_video_sample,output_video_sample_size,0);
if(len < 0)
{
fprintf(stderr ,"send output_video_sample error ret=%d..\n",len);
continue;
}
gettimeofday(&tv,NULL);
time_us4 = tv.tv_sec*1000 + tv.tv_usec/1000;
printf("time_us4 =%ld send over\n",time_us4);
}
uninit_video_encoder(p_video_encoder);
}
/// Logon Challenge command handler
bool AuthSocket::_HandleLogonChallenge()
{
DEBUG_LOG("Entering _HandleLogonChallenge");
if (recv_len() < sizeof(sAuthLogonChallenge_C))
return false;
///- Read the first 4 bytes (header) to get the length of the remaining of the packet
std::vector<uint8> buf;
buf.resize(4);
recv((char *)&buf[0], 4);
EndianConvert(*((uint16*)(buf[0])));
uint16 remaining = ((sAuthLogonChallenge_C *)&buf[0])->size;
DEBUG_LOG("[AuthChallenge] got header, body is %#04x bytes", remaining);
if ((remaining < sizeof(sAuthLogonChallenge_C) - buf.size()) || (recv_len() < remaining))
return false;
//No big fear of memory outage (size is int16, i.e. < 65536)
buf.resize(remaining + buf.size() + 1);
buf[buf.size() - 1] = 0;
sAuthLogonChallenge_C *ch = (sAuthLogonChallenge_C*)&buf[0];
///- Read the remaining of the packet
recv((char *)&buf[4], remaining);
DEBUG_LOG("[AuthChallenge] got full packet, %#04x bytes", ch->size);
DEBUG_LOG("[AuthChallenge] name(%d): '%s'", ch->I_len, ch->I);
// BigEndian code, nop in little endian case
// size already converted
EndianConvert(*((uint32*)(&ch->gamename[0])));
EndianConvert(ch->build);
EndianConvert(*((uint32*)(&ch->platform[0])));
EndianConvert(*((uint32*)(&ch->os[0])));
EndianConvert(*((uint32*)(&ch->country[0])));
EndianConvert(ch->timezone_bias);
EndianConvert(*((uint32*)(&ch->ip[0])));
std::stringstream tmpLocalIp;
tmpLocalIp << (uint32)ch->ip[0] << "." << (uint32)ch->ip[1] << "." << (uint32)ch->ip[2] << "." << (uint32)ch->ip[3];
localIp_ = tmpLocalIp.str();
ByteBuffer pkt;
_login = (const char*)ch->I;
_build = ch->build;
operatingSystem_ = (const char*)ch->os;
// Restore string order as its byte order is reversed
std::reverse(operatingSystem_.begin(), operatingSystem_.end());
if (operatingSystem_.size() > 4 || (operatingSystem_ != "Win" && operatingSystem_ != "OSX" && (sRealmList.ChatboxOsName == "" || operatingSystem_ != sRealmList.ChatboxOsName))){
sLog.outLog(LOG_WARDEN, "Client %s got unsupported operating system (%s)", _login.c_str(), operatingSystem_.c_str());
return false;
}
///- Normalize account name
//utf8ToUpperOnlyLatin(_login); -- client already send account in expected form
//Escape the user login to avoid further SQL injection
//Memory will be freed on AuthSocket object destruction
_safelogin = _login;
AccountsDatabase.escape_string(_safelogin);
pkt << (uint8) CMD_AUTH_LOGON_CHALLENGE;
pkt << (uint8) 0x00;
std::string address = get_remote_address();
#ifdef REGEX_NAMESPACE
for (PatternList::const_iterator i = pattern_banned.begin(); i != pattern_banned.end(); ++i)
{
if (REGEX_NAMESPACE::regex_match(address.c_str(), i->first) && REGEX_NAMESPACE::regex_match(localIp_.c_str(), i->second))
{
pkt<< (uint8) WOW_FAIL_UNKNOWN_ACCOUNT;
send((char const*)pkt.contents(), pkt.size());
return true;
}
}
#endif
///- Verify that this IP is not in the ip_banned table
// No SQL injection possible (paste the IP address as passed by the socket)
AccountsDatabase.Execute("DELETE FROM ip_banned WHERE unbandate<=UNIX_TIMESTAMP() AND unbandate<>bandate");
AccountsDatabase.escape_string(address);
//Delete ViP
AccountsDatabase.Execute("UPDATE account_permissions SET permission_mask = 1 WHERE unsetdate<=UNIX_TIMESTAMP() AND unsetdate<>setdate");
QueryResultAutoPtr result = AccountsDatabase.PQuery("SELECT * FROM ip_banned WHERE ip = '%s'", address.c_str());
if (result) // ip banned
{
sLog.outBasic("[AuthChallenge] Banned ip %s tries to login!", get_remote_address().c_str());
pkt << uint8(WOW_FAIL_BANNED);
send((char const*)pkt.contents(), pkt.size());
return true;
}
///- Get the account details from the account table
// No SQL injection (escaped user name)
result = AccountsDatabase.PQuery("SELECT pass_hash, account.account_id, account_state_id, last_ip, permission_mask, email "
"FROM account JOIN account_permissions ON account.account_id = account_permissions.account_id "
"WHERE username = '******'", _safelogin.c_str());
if (!result) // account not exists
{
pkt<< uint8(WOW_FAIL_UNKNOWN_ACCOUNT);
send((char const*)pkt.contents(), pkt.size());
return true;
}
Field * fields = result->Fetch();
///- If the IP is 'locked', check that the player comes indeed from the correct IP address
switch (fields[2].GetUInt8())
{
case ACCOUNT_STATE_IP_LOCKED:
{
DEBUG_LOG("[AuthChallenge] Account '%s' is locked to IP - '%s'", _login.c_str(), (*result)[3].GetString());
DEBUG_LOG("[AuthChallenge] Player address is '%s'", get_remote_address().c_str());
if (strcmp(fields[4].GetString(), get_remote_address().c_str()))
{
DEBUG_LOG("[AuthChallenge] Account IP differs");
pkt << (uint8) WOW_FAIL_LOCKED_ENFORCED;
send((char const*)pkt.contents(), pkt.size());
return true;
}
else
{
DEBUG_LOG("[AuthChallenge] Account IP matches");
}
break;
}
case ACCOUNT_STATE_FROZEN:
{
pkt << uint8(WOW_FAIL_SUSPENDED);
send((char const*)pkt.contents(), pkt.size());
return true;
}
default:
DEBUG_LOG("[AuthChallenge] Account '%s' is not locked to ip or frozen", _login.c_str());
break;
}
///- If the account is banned, reject the logon attempt
QueryResultAutoPtr banresult = AccountsDatabase.PQuery("SELECT punishment_date, expiration_date "
"FROM account_punishment "
"WHERE account_id = '%u' AND punishment_type_id = '%u' AND (punishment_date = expiration_date OR expiration_date > UNIX_TIMESTAMP())", (*result)[1].GetUInt32(), PUNISHMENT_BAN);
if (banresult)
{
if((*banresult)[0].GetUInt64() == (*banresult)[1].GetUInt64())
{
pkt << uint8(WOW_FAIL_BANNED);
sLog.outBasic("[AuthChallenge] Banned account %s tries to login!", _login.c_str ());
}
else
{
pkt << uint8(WOW_FAIL_SUSPENDED);
sLog.outBasic("[AuthChallenge] Temporarily banned account %s tries to login!", _login.c_str ());
}
send((char const*)pkt.contents(), pkt.size());
return true;
}
QueryResultAutoPtr emailbanresult = AccountsDatabase.PQuery("SELECT email FROM email_banned WHERE email = '%s'", (*result)[5].GetString());
if (emailbanresult)
{
pkt << uint8(WOW_FAIL_BANNED);
sLog.outBasic("[AuthChallenge] Account %s with banned email %s tries to login!", _login.c_str (), (*emailbanresult)[0].GetString());
send((char const*)pkt.contents(), pkt.size());
return true;
}
///- Get the password from the account table, upper it, and make the SRP6 calculation
std::string rI = fields[0].GetCppString();
_SetVSFields(rI);
b.SetRand(19 * 8);
BigNumber gmod = g.ModExp(b, N);
B = ((v * 3) + gmod) % N;
ASSERT(gmod.GetNumBytes() <= 32);
BigNumber unk3;
unk3.SetRand(16 * 8);
///- Fill the response packet with the result
pkt << uint8(WOW_SUCCESS);
// B may be calculated < 32B so we force minimal length to 32B
pkt.append(B.AsByteArray(32), 32); // 32 bytes
pkt << uint8(1);
pkt.append(g.AsByteArray(), 1);
pkt << uint8(32);
pkt.append(N.AsByteArray(32), 32);
pkt.append(s.AsByteArray(), s.GetNumBytes());// 32 bytes
pkt.append(unk3.AsByteArray(16), 16);
uint8 securityFlags = 0;
pkt << uint8(securityFlags); // security flags (0x0...0x04)
if (securityFlags & 0x01) // PIN input
{
pkt << uint32(0);
pkt << uint64(0) << uint64(0); // 16 bytes hash?
}
if (securityFlags & 0x02) // Matrix input
{
pkt << uint8(0);
pkt << uint8(0);
pkt << uint8(0);
pkt << uint8(0);
pkt << uint64(0);
}
if (securityFlags & 0x04) // Security token input
pkt << uint8(1);
accountPermissionMask_ = fields[4].GetUInt64();
_localizationName.resize(4);
for (int i = 0; i < 4; ++i)
_localizationName[i] = ch->country[4-i-1];
sLog.outBasic("[AuthChallenge] account %s is using '%c%c%c%c' locale (%u)", _login.c_str (), ch->country[3], ch->country[2], ch->country[1], ch->country[0], GetLocaleByName(_localizationName));
send((char const*)pkt.contents(), pkt.size());
return true;
}
