/// Make the SRP6 calculation from hash in dB
void AuthSocket::_SetVSFields(const std::string& rI)
{
s.SetRand(s_BYTE_SIZE * 8);
BigNumber I;
I.SetHexStr(rI.c_str());
// In case of leading zeros in the rI hash, restore them
uint8 mDigest[SHA_DIGEST_LENGTH];
memset(mDigest, 0, SHA_DIGEST_LENGTH);
if (I.GetNumBytes() <= SHA_DIGEST_LENGTH)
memcpy(mDigest, I.AsByteArray(), I.GetNumBytes());
std::reverse(mDigest, mDigest + SHA_DIGEST_LENGTH);
Sha1Hash sha;
sha.UpdateData(s.AsByteArray(), s.GetNumBytes());
sha.UpdateData(mDigest, SHA_DIGEST_LENGTH);
sha.Finalize();
BigNumber x;
x.SetBinary(sha.GetDigest(), sha.GetLength());
v = g.ModExp(x, N);
// No SQL injection (username escaped)
const char* v_hex, *s_hex;
v_hex = v.AsHexStr();
s_hex = s.AsHexStr();
LoginDatabase.PExecute("UPDATE account SET v = '%s', s = '%s' WHERE username = '******'", v_hex, s_hex, _safelogin.c_str());
OPENSSL_free((void*)v_hex);
OPENSSL_free((void*)s_hex);
}
std::string AccountMgr::CalculateShaPassHash(std::string& name, std::string& password)
{
Sha1Hash sha;
sha.Initialize();
sha.UpdateData(name);
sha.UpdateData(":");
sha.UpdateData(password);
sha.Finalize();
std::string encoded;
hexEncodeByteArray(sha.GetDigest(), sha.GetLength(), encoded);
return encoded;
}
/// Make the SRP6 calculation from hash in dB
void AuthSocket::_SetVSFields(std::string rI)
{
BigNumber I;
I.SetHexStr(rI.c_str());
//In case of leading zeroes in the rI hash, restore them
uint8 mDigest[SHA_DIGEST_LENGTH];
memset(mDigest,0,SHA_DIGEST_LENGTH);
if (I.GetNumBytes() <= SHA_DIGEST_LENGTH)
memcpy(mDigest,I.AsByteArray(),I.GetNumBytes());
std::reverse(mDigest,mDigest+SHA_DIGEST_LENGTH);
Sha1Hash sha;
sha.UpdateData(s.AsByteArray(), s.GetNumBytes());
sha.UpdateData(mDigest, SHA_DIGEST_LENGTH);
sha.Finalize();
BigNumber x;
x.SetBinary(sha.GetDigest(), sha.GetLength());
v = g.ModExp(x, N);
// No SQL injection (username escaped)
dbRealmServer.PExecute("UPDATE `account` SET `v` = '%s', `s` = '%s' WHERE UPPER(`username`)= UPPER('%s')",v.AsHexStr(),s.AsHexStr(), _safelogin.c_str() );
}
void AuthSocket::HandleChallenge()
{
// No header
if(readBuffer.GetContiguiousBytes() < 4)
{
LOG_ERROR("[AuthChallenge] Packet has no header. Refusing to handle.");
return;
}
// Check the rest of the packet is complete.
uint8* ReceiveBuffer = (uint8*)readBuffer.GetBufferStart();
uint16 full_size = *(uint16*)&ReceiveBuffer[2];
LOG_DETAIL("[AuthChallenge] got header, body is %u bytes", full_size);
if(readBuffer.GetSize() < uint32(full_size + 4))
{
LOG_ERROR("[AuthChallenge] Packet is smaller than expected, refusing to handle");
return;
}
// Copy the data into our cached challenge structure
if(full_size > sizeof(sAuthLogonChallenge_C))
{
LOG_ERROR("[AuthChallenge] Packet is larger than expected, refusing to handle!");
Disconnect();
return;
}
LOG_DEBUG("[AuthChallenge] got a complete packet.");
//memcpy(&m_challenge, ReceiveBuffer, full_size + 4);
//RemoveReadBufferBytes(full_size + 4, true);
readBuffer.Read(&m_challenge, full_size + 4);
// Check client build.
uint16 build = m_challenge.build;
// Check client build.
if(build > LogonServer::getSingleton().max_build)
{
// wtf?
LOG_DETAIL("[AuthChallenge] Client %s has wrong version. More up to date than server. Server: %u, Client: %u", GetRemoteIP().c_str(), LogonServer::getSingleton().max_build, m_challenge.build);
SendChallengeError(CE_WRONG_BUILD_NUMBER);
return;
}
if(build < LogonServer::getSingleton().min_build)
{
// can we patch?
char flippedloc[5] = {0, 0, 0, 0, 0};
flippedloc[0] = m_challenge.country[3];
flippedloc[1] = m_challenge.country[2];
flippedloc[2] = m_challenge.country[1];
flippedloc[3] = m_challenge.country[0];
m_patch = PatchMgr::getSingleton().FindPatchForClient(build, flippedloc);
if(m_patch == NULL)
{
// could not find a valid patch
LOG_DETAIL("[AuthChallenge] Client %s has wrong version. More out of date than server. Server: %u, Client: %u", GetRemoteIP().c_str(), LogonServer::getSingleton().min_build, m_challenge.build);
SendChallengeError(CE_WRONG_BUILD_NUMBER);
return;
}
Log.Debug("Patch", "Selected patch %u%s for client.", m_patch->Version, m_patch->Locality);
uint8 response[119] =
{
0x00, 0x00, 0x00, 0x72, 0x50, 0xa7, 0xc9, 0x27, 0x4a, 0xfa, 0xb8, 0x77, 0x80, 0x70, 0x22,
0xda, 0xb8, 0x3b, 0x06, 0x50, 0x53, 0x4a, 0x16, 0xe2, 0x65, 0xba, 0xe4, 0x43, 0x6f, 0xe3,
0x29, 0x36, 0x18, 0xe3, 0x45, 0x01, 0x07, 0x20, 0x89, 0x4b, 0x64, 0x5e, 0x89, 0xe1, 0x53,
0x5b, 0xbd, 0xad, 0x5b, 0x8b, 0x29, 0x06, 0x50, 0x53, 0x08, 0x01, 0xb1, 0x8e, 0xbf, 0xbf,
0x5e, 0x8f, 0xab, 0x3c, 0x82, 0x87, 0x2a, 0x3e, 0x9b, 0xb7, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xe1, 0x32, 0xa3,
0x49, 0x76, 0x5c, 0x5b, 0x35, 0x9a, 0x93, 0x3c, 0x6f, 0x3c, 0x63, 0x6d, 0xc0, 0x00
};
Send(response, 119);
return;
}
// Check for a possible IP ban on this client.
BAN_STATUS ipb = IPBanner::getSingleton().CalculateBanStatus(GetRemoteAddress());
if(ipb != BAN_STATUS_NOT_BANNED)
LOG_DETAIL("[AuthChallenge] Client %s is banned, refusing to continue.", GetRemoteIP().c_str());
switch(ipb)
{
case BAN_STATUS_PERMANENT_BAN:
SendChallengeError(CE_ACCOUNT_CLOSED);
return;
case BAN_STATUS_TIME_LEFT_ON_BAN:
SendChallengeError(CE_ACCOUNT_FREEZED);
return;
default:
break;
}
// Null-terminate the account string
if(m_challenge.I_len >= 50) { Disconnect(); return; }
m_challenge.I[m_challenge.I_len] = 0;
// Clear the shitty hash (for server)
string AccountName = (char*)&m_challenge.I;
string::size_type i = AccountName.rfind("#");
if(i != string::npos)
{
LOG_ERROR("# ACCOUNTNAME!");
return;
//AccountName.erase( i );
}
// Look up the account information
LOG_DEBUG("[AuthChallenge] Account Name: \"%s\"", AccountName.c_str());
m_account = AccountMgr::getSingleton().GetAccount(AccountName);
if(m_account == 0)
{
LOG_DEBUG("[AuthChallenge] Invalid account.");
// Non-existant account
SendChallengeError(CE_NO_ACCOUNT);
return;
}
LOG_DEBUG("[AuthChallenge] Account banned state = %u", m_account->Banned);
// Check that the account isn't banned.
if(m_account->Banned == 1)
{
SendChallengeError(CE_ACCOUNT_CLOSED);
return;
}
else if(m_account->Banned > 0)
{
SendChallengeError(CE_ACCOUNT_FREEZED);
return;
}
// update cached locale
if(!m_account->forcedLocale)
{
char temp[4];
temp[0] = m_challenge.country[3];
temp[1] = m_challenge.country[2];
temp[2] = m_challenge.country[1];
temp[3] = m_challenge.country[0];
*(uint32*)&m_account->Locale[0] = *(uint32*)temp;
}
//////////////////////////////////////////////// SRP6 Challenge ////////////////////////////////////////////////
//
//
// First we will generate the Verifier value using the following formulas
//
// x = SHA1(s | SHA1(I | ":" | P))
// v = g^x % N
//
// The SHA1(I | ":" | P) part for x we have in the account database, this is the encrypted password, reversed
// N is a safe prime
// g is the generator
// | means concatenation in this contect
//
//
Sha1Hash sha;
sha.UpdateData(s.AsByteArray(), 32);
sha.UpdateData(m_account->SrpHash, 20);
sha.Finalize();
BigNumber x;
x.SetBinary(sha.GetDigest(), sha.GetLength());
v = g.ModExp(x, N);
// Next we generate b, and B which are the public and private values of the server
//
// b = random()
// B = k*v + g^b % N
//
// in our case the multiplier parameters, k = 3
b.SetRand(152);
uint8 k = 3;
BigNumber gmod = g.ModExp(b, N);
B = ((v * k) + gmod) % N;
ASSERT(gmod.GetNumBytes() <= 32);
BigNumber unk;
unk.SetRand(128);
// Now we send B, g, N and s to the client as a challenge, asking the client for the proof
sAuthLogonChallenge_S challenge;
challenge.cmd = 0;
challenge.error = 0;
challenge.unk2 = CE_SUCCESS;
memcpy(challenge.B, B.AsByteArray(), 32);
challenge.g_len = 1;
challenge.g = (g.AsByteArray())[ 0 ];
challenge.N_len = 32;
memcpy(challenge.N, N.AsByteArray(), 32);
memcpy(challenge.s, s.AsByteArray(), 32);
memcpy(challenge.unk3, unk.AsByteArray(), 16);
challenge.unk4 = 0;
Send(reinterpret_cast< uint8* >(&challenge), sizeof(sAuthLogonChallenge_S));
}
/// Logon Challenge command handler
bool AuthSocket::_HandleLogonChallenge()
{
DEBUG_LOG("Entering _HandleLogonChallenge");
if (ibuf.GetLength() < sizeof(sAuthLogonChallenge_C))
return false;
///- Read the first 4 bytes (header) to get the length of the remaining of the packet
std::vector<uint8> buf;
buf.resize(4);
ibuf.Read((char *)&buf[0], 4);
EndianConvert(*((uint16*)(buf[0])));
uint16 remaining = ((sAuthLogonChallenge_C *)&buf[0])->size;
DEBUG_LOG("[AuthChallenge] got header, body is %#04x bytes", remaining);
if ((remaining < sizeof(sAuthLogonChallenge_C) - buf.size()) || (ibuf.GetLength() < remaining))
return false;
//No big fear of memory outage (size is int16, i.e. < 65536)
buf.resize(remaining + buf.size() + 1);
buf[buf.size() - 1] = 0;
sAuthLogonChallenge_C *ch = (sAuthLogonChallenge_C*)&buf[0];
// BigEndian code, nop in little endian case
// size already converted
EndianConvert(*((uint32*)(&ch->gamename[0])));
EndianConvert(ch->build);
EndianConvert(*((uint32*)(&ch->platform[0])));
EndianConvert(*((uint32*)(&ch->os[0])));
EndianConvert(*((uint32*)(&ch->country[0])));
EndianConvert(ch->timezone_bias);
EndianConvert(ch->ip);
///- Read the remaining of the packet
ibuf.Read((char *)&buf[4], remaining);
DEBUG_LOG("[AuthChallenge] got full packet, %#04x bytes", ch->size);
DEBUG_LOG("[AuthChallenge] name(%d): '%s'", ch->I_len, ch->I);
ByteBuffer pkt;
_login = (const char*)ch->I;
_build = ch->build;
///- Normalize account name
//utf8ToUpperOnlyLatin(_login); -- client already send account in expected form
//Escape the user login to avoid further SQL injection
//Memory will be freed on AuthSocket object destruction
_safelogin = _login;
loginDatabase.escape_string(_safelogin);
pkt << (uint8) AUTH_LOGON_CHALLENGE;
pkt << (uint8) 0x00;
///- Verify that this IP is not in the ip_banned table
// No SQL injection possible (paste the IP address as passed by the socket)
loginDatabase.Execute("DELETE FROM ip_banned WHERE unbandate<=UNIX_TIMESTAMP() AND unbandate<>bandate");
std::string address = GetRemoteAddress();
loginDatabase.escape_string(address);
QueryResult *result = loginDatabase.PQuery("SELECT * FROM ip_banned WHERE ip = '%s'",address.c_str());
if(result)
{
pkt << (uint8)REALM_AUTH_ACCOUNT_BANNED;
sLog.outBasic("[AuthChallenge] Banned ip %s tries to login!",GetRemoteAddress().c_str ());
delete result;
}
else
{
///- Get the account details from the account table
// No SQL injection (escaped user name)
result = loginDatabase.PQuery("SELECT sha_pass_hash,id,locked,last_ip,gmlevel,v,s FROM account WHERE username = '******'",_safelogin.c_str ());
if( result )
{
///- If the IP is 'locked', check that the player comes indeed from the correct IP address
bool locked = false;
if((*result)[2].GetUInt8() == 1) // if ip is locked
{
DEBUG_LOG("[AuthChallenge] Account '%s' is locked to IP - '%s'", _login.c_str(), (*result)[3].GetString());
DEBUG_LOG("[AuthChallenge] Player address is '%s'", GetRemoteAddress().c_str());
if ( strcmp((*result)[3].GetString(),GetRemoteAddress().c_str()) )
{
DEBUG_LOG("[AuthChallenge] Account IP differs");
pkt << (uint8) REALM_AUTH_ACCOUNT_FREEZED;
locked=true;
}
else
{
DEBUG_LOG("[AuthChallenge] Account IP matches");
}
}
else
{
DEBUG_LOG("[AuthChallenge] Account '%s' is not locked to ip", _login.c_str());
}
if (!locked)
{
//set expired bans to inactive
loginDatabase.Execute("UPDATE account_banned SET active = 0 WHERE unbandate<=UNIX_TIMESTAMP() AND unbandate<>bandate");
///- If the account is banned, reject the logon attempt
QueryResult *banresult = loginDatabase.PQuery("SELECT bandate,unbandate FROM account_banned WHERE id = %u AND active = 1", (*result)[1].GetUInt32());
if(banresult)
{
if((*banresult)[0].GetUInt64() == (*banresult)[1].GetUInt64())
{
pkt << (uint8) REALM_AUTH_ACCOUNT_BANNED;
sLog.outBasic("[AuthChallenge] Banned account %s tries to login!",_login.c_str ());
}
else
{
pkt << (uint8) REALM_AUTH_ACCOUNT_FREEZED;
sLog.outBasic("[AuthChallenge] Temporarily banned account %s tries to login!",_login.c_str ());
}
delete banresult;
}
else
{
///- Get the password from the account table, upper it, and make the SRP6 calculation
std::string rI = (*result)[0].GetCppString();
///- Don't calculate (v, s) if there are already some in the database
std::string databaseV = (*result)[5].GetCppString();
std::string databaseS = (*result)[6].GetCppString();
sLog.outDebug("database authentication values: v='%s' s='%s'", databaseV.c_str(), databaseS.c_str());
// multiply with 2, bytes are stored as hexstring
if(databaseV.size() != s_BYTE_SIZE*2 || databaseS.size() != s_BYTE_SIZE*2)
_SetVSFields(rI);
else
{
s.SetHexStr(databaseS.c_str());
v.SetHexStr(databaseV.c_str());
}
b.SetRand(19 * 8);
BigNumber gmod = g.ModExp(b, N);
B = ((v * 3) + gmod) % N;
ASSERT(gmod.GetNumBytes() <= 32);
BigNumber unk3;
unk3.SetRand(16 * 8);
///- Fill the response packet with the result
pkt << uint8(REALM_AUTH_SUCCESS);
// B may be calculated < 32B so we force minimal length to 32B
pkt.append(B.AsByteArray(32), 32); // 32 bytes
pkt << uint8(1);
pkt.append(g.AsByteArray(), 1);
pkt << uint8(32);
pkt.append(N.AsByteArray(32), 32);
pkt.append(s.AsByteArray(), s.GetNumBytes());// 32 bytes
pkt.append(unk3.AsByteArray(16), 16);
uint8 securityFlags = 0;
pkt << uint8(securityFlags); // security flags (0x0...0x04)
if(securityFlags & 0x01) // PIN input
{
pkt << uint32(0);
pkt << uint64(0) << uint64(0); // 16 bytes hash?
}
if(securityFlags & 0x02) // Matrix input
{
pkt << uint8(0);
pkt << uint8(0);
pkt << uint8(0);
pkt << uint8(0);
pkt << uint64(0);
}
if(securityFlags & 0x04) // Security token input
{
pkt << uint8(1);
}
uint8 secLevel = (*result)[4].GetUInt8();
_accountSecurityLevel = secLevel <= SEC_ADMINISTRATOR ? AccountTypes(secLevel) : SEC_ADMINISTRATOR;
_localizationName.resize(4);
for(int i = 0; i < 4; ++i)
_localizationName[i] = ch->country[4-i-1];
sLog.outBasic("[AuthChallenge] account %s is using '%c%c%c%c' locale (%u)", _login.c_str (), ch->country[3], ch->country[2], ch->country[1], ch->country[0], GetLocaleByName(_localizationName));
// user authenticated => turn off autoreg, thus account creating
_autoreg = false;
}
}
delete result;
}
else if(_autoreg) // no account
{
// check username
if(_safelogin.find_first_of(notAllowedChars)!=_safelogin.npos || _safelogin.length()<4)
_autoreg = false;
// check IP
else if(uint32 amountip = sConfig.GetIntDefault("AmountIP", 0))
{
QueryResult *result2 = loginDatabase.PQuery("SELECT COUNT(last_ip) FROM account WHERE last_ip = '%s'", GetRemoteAddress().c_str());
if (result2 && (*result2)[0].GetUInt8() >= amountip)
{
_autoreg = false;
delete result2;
}
}
// still all ok
if(_autoreg)
{
///- Get the password from the account table, upper it, and make the SRP6 calculation
std::transform(_safelogin.begin(), _safelogin.end(), _safelogin.begin(), std::towupper);
Sha1Hash sha;
std::string sI = _safelogin + ":" + _safelogin;
sha.UpdateData(sI);
sha.Finalize();
BigNumber bn;
bn.SetBinary(sha.GetDigest(), sha.GetLength());
uint8 *val = bn.AsByteArray();
std::reverse(val, val+bn.GetNumBytes());
bn.SetBinary(val, bn.GetNumBytes());
const char* rI = bn.AsHexStr();
_SetVSFields(rI);
OPENSSL_free((void*)rI);
b.SetRand(19 * 8);
BigNumber gmod=g.ModExp(b, N);
B = ((v * 3) + gmod) % N;
if (B.GetNumBytes() < 32)
sLog.outDetail("Interesting, calculation of B in realmd is < 32.");
ASSERT(gmod.GetNumBytes() <= 32);
BigNumber unk3;
unk3.SetRand(16*8);
///- Fill the response packet with the result
pkt << (uint8)REALM_AUTH_SUCCESS;
pkt.append(B.AsByteArray(), 32);
pkt << (uint8)1;
pkt.append(g.AsByteArray(), 1);
pkt << (uint8)32;
pkt.append(N.AsByteArray(), 32);
pkt.append(s.AsByteArray(), s.GetNumBytes());
pkt.append(unk3.AsByteArray(), 16);
pkt << (uint8)0; // Added in 1.12.x client branch
}
else
// username and/or IP is bad
pkt << (uint8) REALM_AUTH_NO_MATCH;
}
else
{
// autoreg off in config, account is wrong
pkt << (uint8) REALM_AUTH_NO_MATCH;
}
}
SendBuf((char const*)pkt.contents(), pkt.size());
return true;
}
/// Logon Challenge command handler
bool AuthSocket::_HandleLogonChallenge()
{
DEBUG_LOG("Entering _HandleLogonChallenge");
if (recv_len() < sizeof(sAuthLogonChallenge_C))
return false;
///- Read the first 4 bytes (header) to get the length of the remaining of the packet
std::vector<uint8> buf;
buf.resize(4);
recv((char *)&buf[0], 4);
EndianConvert(*((uint16*)(buf[0])));
uint16 remaining = ((sAuthLogonChallenge_C *)&buf[0])->size;
DEBUG_LOG("[AuthChallenge] got header, body is %#04x bytes", remaining);
if ((remaining < sizeof(sAuthLogonChallenge_C) - buf.size()) || (recv_len() < remaining))
return false;
//No big fear of memory outage (size is int16, i.e. < 65536)
buf.resize(remaining + buf.size() + 1);
buf[buf.size() - 1] = 0;
sAuthLogonChallenge_C *ch = (sAuthLogonChallenge_C*)&buf[0];
///- Read the remaining of the packet
recv((char *)&buf[4], remaining);
DEBUG_LOG("[AuthChallenge] got full packet, %#04x bytes", ch->size);
DEBUG_LOG("[AuthChallenge] name(%d): '%s'", ch->I_len, ch->I);
// BigEndian code, nop in little endian case
// size already converted
EndianConvert(*((uint32*)(&ch->gamename[0])));
EndianConvert(ch->build);
EndianConvert(*((uint32*)(&ch->platform[0])));
EndianConvert(*((uint32*)(&ch->os[0])));
EndianConvert(*((uint32*)(&ch->country[0])));
EndianConvert(ch->timezone_bias);
EndianConvert(ch->ip);
ByteBuffer pkt;
_login = (const char*)ch->I;
_build = ch->build;
_os = (const char*)ch->os;
if(_os.size() > 4)
return false;
///- Normalize account name
//utf8ToUpperOnlyLatin(_login); -- client already send account in expected form
//Escape the user login to avoid further SQL injection
//Memory will be freed on AuthSocket object destruction
_safelogin = _login;
LoginDatabase.escape_string(_safelogin);
// Starting CMD_AUTH_LOGON_CHALLENGE
AuthResult result = WOW_FAIL_UNKNOWN0;
///- Verify that this IP is not in the ip_banned table
// No SQL injection possible (paste the IP address as passed by the socket)
std::string address = get_remote_address();
LoginDatabase.escape_string(address);
QueryResult* qresult = LoginDatabase.PQuery("SELECT unbandate FROM ip_banned WHERE "
// permanent still banned
"(unbandate = bandate OR unbandate > UNIX_TIMESTAMP()) AND ip = '%s'", address.c_str());
if (qresult)
{
result = WOW_FAIL_BANNED;
BASIC_LOG("[AuthChallenge] Banned ip %s tries to login!", get_remote_address().c_str());
delete qresult;
}
else
{
///- Get the account details from the account table
// No SQL injection (escaped user name)
//qresult = LoginDatabase.PQuery("SELECT sha_pass_hash,id,locked,last_ip,gmlevel,v,s FROM account WHERE username = '******'",_safelogin.c_str());
qresult = LoginDatabase.PQuery("SELECT a.sha_pass_hash,a.id,a.locked,a.last_ip,aa.gmlevel,a.v,a.s FROM account a LEFT JOIN account_access aa ON (a.id = aa.id) WHERE username = '******'", _safelogin.c_str());
if (qresult)
{
std::string rI = (*qresult)[0].GetCppString();
uint32 accountId = (*qresult)[1].GetUInt32();
uint8 locked = (*qresult)[2].GetUInt8();
std::string lastIP = (*qresult)[3].GetString();
uint8 secLevel = (*qresult)[4].GetUInt8();
std::string databaseV = (*qresult)[5].GetCppString();
std::string databaseS = (*qresult)[6].GetCppString();
bool blockLogin = false;
if (sConfig.GetBoolDefault("MultiIPCheck", false))
{
int32 iplimit = sConfig.GetIntDefault("MultiIPLimit", 10);
int32 multiIPdelay = sConfig.GetIntDefault("MultiIPPeriodInHours", 48);
// If a GM account login ignore MultiIP
QueryResult* ipcheck = LoginDatabase.PQuery("SELECT id FROM account WHERE last_ip = '%s' AND id != %u AND last_login > NOW() - INTERVAL %u HOUR ORDER BY last_login DESC;", get_remote_address().c_str(), accountId, multiIPdelay);
if (ipcheck)
{
// build whitelist
std::list<uint32> accountsInWhitelist;
accountsInWhitelist.clear();
QueryResult* IDsinwhite = LoginDatabase.PQuery("SELECT whitelist FROM multi_IP_whitelist WHERE whitelist LIKE '%|%u|%'", accountId);
if (IDsinwhite)
{
Tokens whitelistaccounts((*IDsinwhite)[0].GetCppString(),'|');
bool isInWhite = false;
for (Tokens::const_iterator itr = whitelistaccounts.begin(); itr != whitelistaccounts.end(); ++itr)
accountsInWhitelist.push_back(atoi(*itr));
delete IDsinwhite;
}
do
{
Field* pFields =ipcheck->Fetch();
uint32 MultiAccountID = pFields[0].GetUInt32();
bool isInWhite = false;
for (std::list<uint32>::const_iterator itr = accountsInWhitelist.begin(); itr != accountsInWhitelist.end(); ++itr)
{
if (*itr == MultiAccountID)
isInWhite = true;
}
if (!isInWhite)
{
--iplimit;
}
}
while (ipcheck->NextRow());
delete ipcheck;
}
/*
* default case 10 allowed account with same last_ip
* we found 9 account with current ip. NOTE: actual account is not in list
* 10 - 9 - 1
* ^ current account
* ^ account in list
* ^ allowed
*/
if (iplimit < 1)
{
DEBUG_LOG("[AuthChallenge] Account '%s' is multi IP - '%s'", _login.c_str(), lastIP.c_str());
result = WOW_FAIL_PARENTCONTROL;
blockLogin = true;
}
}
///- If the IP is 'locked', check that the player comes indeed from the correct IP address
if (locked == 1) // if ip is locked
{
DEBUG_LOG("[AuthChallenge] Account '%s' is locked to IP - '%s'", _login.c_str(), lastIP.c_str());
DEBUG_LOG("[AuthChallenge] Player address is '%s'", get_remote_address().c_str());
if (strcmp(lastIP.c_str(),get_remote_address().c_str()) )
{
DEBUG_LOG("[AuthChallenge] Account IP differs");
result = WOW_FAIL_SUSPENDED;
blockLogin = true;
}
else
{
DEBUG_LOG("[AuthChallenge] Account IP matches");
}
}
else
{
DEBUG_LOG("[AuthChallenge] Account '%s' is not locked to ip", _login.c_str());
}
if (!blockLogin)
{
///- If the account is banned, reject the logon attempt
QueryResult* banresult = LoginDatabase.PQuery("SELECT bandate,unbandate FROM account_banned WHERE "
"id = %u AND active = 1 AND (unbandate > UNIX_TIMESTAMP() OR unbandate = bandate)", accountId);
if (banresult)
{
if ((*banresult)[0].GetUInt64() == (*banresult)[1].GetUInt64())
{
result = WOW_FAIL_BANNED;
BASIC_LOG("[AuthChallenge] Banned account %s (Id: %u) tries to login!", _login.c_str(), accountId);
}
else
{
result = WOW_FAIL_SUSPENDED;
BASIC_LOG("[AuthChallenge] Temporarily banned account %s (Id: %u) tries to login!",_login.c_str(), accountId);
}
delete banresult;
}
else
{
DEBUG_LOG("database authentication values: v='%s' s='%s'", databaseV.c_str(), databaseS.c_str());
// multiply with 2, bytes are stored as hexstring
if (databaseV.size() != s_BYTE_SIZE*2 || databaseS.size() != s_BYTE_SIZE*2)
_SetVSFields(rI);
else
{
s.SetHexStr(databaseS.c_str());
v.SetHexStr(databaseV.c_str());
}
result = WOW_SUCCESS;
_accountSecurityLevel = secLevel <= SEC_ADMINISTRATOR ? AccountTypes(secLevel) : SEC_ADMINISTRATOR;
_localizationName.resize(4);
for (int i = 0; i < 4; ++i)
_localizationName[i] = ch->country[4-i-1];
BASIC_LOG("[AuthChallenge] account %s (Id: %u) is using '%c%c%c%c' locale (%u)", _login.c_str (), accountId, ch->country[3], ch->country[2], ch->country[1], ch->country[0], GetLocaleByName(_localizationName));
}
}
delete qresult;
}
else if (sConfig.GetBoolDefault("AutoRegistration", false))
{
if (_safelogin.find_first_of("\t\v\b\f\a\n\r\\\"\'\? <>[](){}_=+-|/!@#$%^&*~`.,\0") == _safelogin.npos && _safelogin.length() > 3)
{
QueryResult* checkIPresult = LoginDatabase.PQuery("SELECT COUNT(last_ip) FROM account WHERE last_ip = '%s'",get_remote_address().c_str());
int32 regCount = checkIPresult ? (*checkIPresult)[0].GetUInt32() : 0;
if (regCount >= sConfig.GetIntDefault("AutoRegistration.Amount", 1))
{
BASIC_LOG("[AuthChallenge] Impossible auto-register account %s, number of auto-registered accouts is %u, but allowed only %u",
_safelogin.c_str(),regCount, sConfig.GetIntDefault("AutoRegistration.Amount", 1));
// result = WOW_FAIL_DB_BUSY;
result = WOW_FAIL_DISCONNECTED;
}
else
{
std::transform(_safelogin.begin(), _safelogin.end(), _safelogin.begin(), std::towupper);
Sha1Hash sha;
sha.Initialize();
sha.UpdateData(_safelogin);
sha.UpdateData(":");
sha.UpdateData(_safelogin);
sha.Finalize();
std::string encoded;
hexEncodeByteArray(sha.GetDigest(), sha.GetLength(), encoded);
LoginDatabase.PExecute("INSERT INTO account(username,sha_pass_hash,joindate) VALUES('%s','%s',NOW())", _safelogin.c_str(), encoded.c_str());
_SetVSFields(encoded);
BASIC_LOG("[AuthChallenge] account %s auto-registered (count %u)!",_safelogin.c_str(), ++regCount);
result = WOW_SUCCESS;
_accountSecurityLevel = SEC_PLAYER;
_localizationName.resize(4);
for (int i = 0; i < 4; ++i)
_localizationName[i] = ch->country[4-i-1];
}
if (checkIPresult)
delete checkIPresult;
}
}
else
result = WOW_FAIL_UNKNOWN_ACCOUNT;
}
pkt << uint8(CMD_AUTH_LOGON_CHALLENGE);
pkt << uint8(0x00);
pkt << uint8(result);
switch (result)
{
case WOW_SUCCESS:
{
b.SetRand(19 * 8);
BigNumber gmod = g.ModExp(b, N);
B = ((v * 3) + gmod) % N;
MANGOS_ASSERT(gmod.GetNumBytes() <= 32);
BigNumber unk3;
unk3.SetRand(16 * 8);
// B may be calculated < 32B so we force minimal length to 32B
pkt.append(B.AsByteArray(32), 32); // 32 bytes
pkt << uint8(1);
pkt.append(g.AsByteArray(), 1);
pkt << uint8(32);
pkt.append(N.AsByteArray(32), 32);
pkt.append(s.AsByteArray(), s.GetNumBytes());// 32 bytes
pkt.append(unk3.AsByteArray(16), 16);
uint8 securityFlags = 0;
pkt << uint8(securityFlags); // security flags (0x0...0x04)
if (securityFlags & 0x01) // PIN input
{
pkt << uint32(0);
pkt << uint64(0) << uint64(0); // 16 bytes hash?
}
if (securityFlags & 0x02) // Matrix input
{
pkt << uint8(0);
pkt << uint8(0);
pkt << uint8(0);
pkt << uint8(0);
pkt << uint64(0);
}
if (securityFlags & 0x04) // Security token input
{
pkt << uint8(1);
}
break;
}
case WOW_FAIL_UNKNOWN0:
case WOW_FAIL_UNKNOWN1:
case WOW_FAIL_SUSPENDED:
case WOW_FAIL_BANNED:
case WOW_FAIL_UNKNOWN_ACCOUNT:
case WOW_FAIL_INCORRECT_PASSWORD:
case WOW_FAIL_ALREADY_ONLINE:
case WOW_FAIL_NO_TIME:
case WOW_FAIL_DB_BUSY:
case WOW_FAIL_VERSION_INVALID:
case WOW_FAIL_VERSION_UPDATE:
case WOW_FAIL_INVALID_SERVER:
case WOW_FAIL_FAIL_NOACCESS:
case WOW_SUCCESS_SURVEY:
case WOW_FAIL_PARENTCONTROL:
case WOW_FAIL_LOCKED_ENFORCED:
case WOW_FAIL_TRIAL_ENDED:
case WOW_FAIL_USE_BATTLENET:
case WOW_FAIL_TOO_FAST:
case WOW_FAIL_CHARGEBACK:
case WOW_FAIL_GAME_ACCOUNT_LOCKED:
case WOW_FAIL_INTERNET_GAME_ROOM_WITHOUT_BNET:
case WOW_FAIL_UNLOCKABLE_LOCK:
case WOW_FAIL_DISCONNECTED:
break;
default:
BASIC_LOG("[AuthChallenge] unknown CMD_AUTH_LOGON_CHALLENGE execution result %u!", result);
break;
}
send((char const*)pkt.contents(), pkt.size());
return true;
}
void AuthSocket::HandleChallenge()
{
// No header
if(GetReadBuffer()->GetSize() < 4)
return;
if(sInfoCore.GetRealmMap().empty())
{ // If we lack a realm to connect to, block em, it's better then making them sit and get locked into an empty list.
SendChallengeError(CE_IPBAN);
return;
}
// Check the rest of the packet is complete.
uint8 * ReceiveBuffer = (uint8*)GetReadBuffer()->GetBufferOffset();
uint16 full_size = *(uint16*)&ReceiveBuffer[2];
DEBUG_LOG("AuthChallenge","got header, body is 0x%02X bytes", full_size);
if(GetReadBuffer()->GetSize() < uint32(full_size+4))
return;
// Copy the data into our cached challenge structure
if(full_size > sizeof(sAuthLogonChallenge_C))
{
Disconnect();
return;
}
DEBUG_LOG("AuthChallenge","got full packet.");
GetReadBuffer()->Read(&m_challenge, full_size + 4);
// Check client build.
if(GetBuild() > LogonServer::getSingleton().max_build)
{
SendChallengeError(CE_WRONG_BUILD_NUMBER);
return;
}
if(GetBuild() < LogonServer::getSingleton().min_build)
{
// can we patch?
char flippedloc[5] = {0,0,0,0,0};
flippedloc[0] = m_challenge.country[3];
flippedloc[1] = m_challenge.country[2];
flippedloc[2] = m_challenge.country[1];
flippedloc[3] = m_challenge.country[0];
m_patch = PatchMgr::getSingleton().FindPatchForClient(GetBuild(), flippedloc);
if(m_patch == NULL)
{
// could not find a valid patch
SendChallengeError(CE_WRONG_BUILD_NUMBER);
return;
}
DEBUG_LOG("Patch", "Selected patch %u%s for client.", m_patch->Version,m_patch->Locality);
BigNumber unk;
unk.SetRand(128);
uint8 response[119] = {
0x00, 0x00, 0x00, 0x72, 0x50, 0xa7, 0xc9, 0x27, 0x4a, 0xfa, 0xb8, 0x77, 0x80, 0x70, 0x22,
0xda, 0xb8, 0x3b, 0x06, 0x50, 0x53, 0x4a, 0x16, 0xe2, 0x65, 0xba, 0xe4, 0x43, 0x6f, 0xe3,
0x29, 0x36, 0x18, 0xe3, 0x45, 0x01, 0x07, 0x20, 0x89, 0x4b, 0x64, 0x5e, 0x89, 0xe1, 0x53,
0x5b, 0xbd, 0xad, 0x5b, 0x8b, 0x29, 0x06, 0x50, 0x53, 0x08, 0x01, 0xb1, 0x8e, 0xbf, 0xbf,
0x5e, 0x8f, 0xab, 0x3c, 0x82, 0x87, 0x2a, 0x3e, 0x9b, 0xb7, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xe1, 0x32, 0xa3,
0x49, 0x76, 0x5c, 0x5b, 0x35, 0x9a, 0x93, 0x3c, 0x6f, 0x3c, 0x63, 0x6d, 0xc0, 0x00
};
Send(response, 119);
return;
}
// Check for a possible IP ban on this client.
BAN_STATUS ipb = IPBanner::getSingleton().CalculateBanStatus(GetRemoteAddress());
switch(ipb)
{
case BAN_STATUS_PERMANENT_BAN:
SendChallengeError(CE_ACCOUNT_CLOSED);
return;
case BAN_STATUS_TIME_LEFT_ON_BAN:
SendChallengeError(CE_ACCOUNT_FREEZED);
return;
default:
break;
}
// Null-terminate the account string
if(m_challenge.I_len >= 0x50) { Disconnect(); return; }
m_challenge.I[m_challenge.I_len] = 0;
AccountName = (char*)&m_challenge.I;
string::size_type i = AccountName.rfind("#");
if( i != string::npos )
{
printf("# ACCOUNTNAME!\n");
return;
}
// Look up the account information
m_account = AccountMgr::getSingleton().GetAccount(AccountName);
if(m_account == 0)
{
DEBUG_LOG("AuthChallenge","Account Name: \"%s\" - Account state: INVALID", AccountName.c_str());
// Non-existant account
SendChallengeError(CE_NO_ACCOUNT);
return;
}
// Check that the account isn't banned.
if(m_account->Banned == 1)
{
SendChallengeError(CE_ACCOUNT_CLOSED);
Log.Notice("AuthChallenge","Account Name: \"%s\" - Account state: CLOSED", AccountName.c_str());
return;
}
else if(m_account->Banned > 0)
{
SendChallengeError(CE_ACCOUNT_FREEZED);
Log.Notice("AuthChallenge","Account Name: \"%s\" - Account state: FROZEN (%u)", AccountName.c_str(), m_account->Banned);
return;
}
else
Log.Notice("AuthChallenge","Account Name: \"%s\" - Account state: OK", AccountName.c_str());
// update cached locale
if(!m_account->forcedLocale)
{
char temp[4];
temp[0] = m_challenge.country[3];
temp[1] = m_challenge.country[2];
temp[2] = m_challenge.country[1];
temp[3] = m_challenge.country[0];
*(uint32*)&m_account->Locale[0] = *(uint32*)temp;
}
Sha1Hash sha;
//uint32 tc = s.GetNumBytes();
sha.UpdateData( s.AsByteArray(), 32 );
sha.UpdateData( m_account->SrpHash, 20 );
sha.Finalize();
BigNumber x;
x.SetBinary( sha.GetDigest(), sha.GetLength() );
v = g.ModExp(x, N);
b.SetRand(152);
BigNumber gmod = g.ModExp(b, N);
B = ((v * 3) + gmod) % N;
ASSERT(gmod.GetNumBytes() <= 32);
BigNumber unk;
unk.SetRand(128);
uint8 response[200];
uint32 c = 0;
response[c] = 0; c += 1;
response[c] = 0; c += 1;
response[c] = CE_SUCCESS; c += 1;
memcpy(&response[c], B.AsByteArray(), 32); c += 32;
response[c] = 1; c += 1;
response[c] = g.AsByteArray()[0]; c += 1;
response[c] = 32; c += 1;
memcpy(&response[c], N.AsByteArray(), 32); c += 32;
memcpy(&response[c], s.AsByteArray(), s.GetNumBytes()); c += s.GetNumBytes();
memcpy(&response[c], unk.AsByteArray(), 16); c += 16;
response[c] = 0; c += 1;
Send(response, c);
DEBUG_LOG("AuthSocket","Sending Success Response");
}
void AuthSocket::HandleChallenge()
{
// No header
if(GetReadBuffer().GetContiguiousBytes() < 4)
return;
// Check the rest of the packet is complete.
uint8 * ReceiveBuffer = (uint8*)GetReadBuffer().GetBufferStart();
#ifdef USING_BIG_ENDIAN
uint16 full_size = swap16(*(uint16*)&ReceiveBuffer[2]);
#else
uint16 full_size = *(uint16*)&ReceiveBuffer[2];
#endif
sLog.outDetail("[AuthChallenge] got header, body is 0x%02X bytes", full_size);
if(GetReadBuffer().GetSize() < uint32(full_size+4))
return;
// Copy the data into our cached challenge structure
if(full_size > sizeof(sAuthLogonChallenge_C))
{
Disconnect();
return;
}
sLog.outDebug("[AuthChallenge] got full packet.");
//memcpy(&m_challenge, ReceiveBuffer, full_size + 4);
//RemoveReadBufferBytes(full_size + 4, true);
GetReadBuffer().Read(&m_challenge, full_size + 4);
//#ifdef USING_BIG_ENDIAN
// uint16 build = swap16(m_challenge.build);
// printf("Build: %u\n", build);
//#endif
// Check client build.
#ifdef USING_BIG_ENDIAN
uint16 build = swap16(m_challenge.build);
#else
uint16 build = m_challenge.build;
#endif
// Check client build.
if(build > LogonServer::getSingleton().max_build)
{
// wtf?
SendChallengeError(CE_WRONG_BUILD_NUMBER);
return;
}
if(build < LogonServer::getSingleton().min_build)
{
// can we patch?
char flippedloc[5] = {0,0,0,0,0};
flippedloc[0] = m_challenge.country[3];
flippedloc[1] = m_challenge.country[2];
flippedloc[2] = m_challenge.country[1];
flippedloc[3] = m_challenge.country[0];
m_patch = PatchMgr::getSingleton().FindPatchForClient(build, flippedloc);
if(m_patch == NULL)
{
// could not find a valid patch
SendChallengeError(CE_WRONG_BUILD_NUMBER);
return;
}
Log.Debug("Patch", "Selected patch %u%s for client.", m_patch->Version,m_patch->Locality);
uint8 response[119] = {
0x00, 0x00, 0x00, 0x72, 0x50, 0xa7, 0xc9, 0x27, 0x4a, 0xfa, 0xb8, 0x77, 0x80, 0x70, 0x22,
0xda, 0xb8, 0x3b, 0x06, 0x50, 0x53, 0x4a, 0x16, 0xe2, 0x65, 0xba, 0xe4, 0x43, 0x6f, 0xe3,
0x29, 0x36, 0x18, 0xe3, 0x45, 0x01, 0x07, 0x20, 0x89, 0x4b, 0x64, 0x5e, 0x89, 0xe1, 0x53,
0x5b, 0xbd, 0xad, 0x5b, 0x8b, 0x29, 0x06, 0x50, 0x53, 0x08, 0x01, 0xb1, 0x8e, 0xbf, 0xbf,
0x5e, 0x8f, 0xab, 0x3c, 0x82, 0x87, 0x2a, 0x3e, 0x9b, 0xb7, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xe1, 0x32, 0xa3,
0x49, 0x76, 0x5c, 0x5b, 0x35, 0x9a, 0x93, 0x3c, 0x6f, 0x3c, 0x63, 0x6d, 0xc0, 0x00
};
Send(response, 119);
return;
}
// Check for a possible IP ban on this client.
BAN_STATUS ipb = IPBanner::getSingleton().CalculateBanStatus(GetRemoteAddress());
switch(ipb)
{
case BAN_STATUS_PERMANENT_BAN:
SendChallengeError(CE_ACCOUNT_CLOSED);
return;
case BAN_STATUS_TIME_LEFT_ON_BAN:
SendChallengeError(CE_ACCOUNT_FREEZED);
return;
default:
break;
}
// Null-terminate the account string
if(m_challenge.I_len >= 0x50) { Disconnect(); return; }
m_challenge.I[m_challenge.I_len] = 0;
// Clear the shitty hash (for server)
string AccountName = (char*)&m_challenge.I;
string::size_type i = AccountName.rfind("#");
if( i != string::npos )
{
printf("# ACCOUNTNAME!\n");
return;
//AccountName.erase( i );
}
// Look up the account information
sLog.outDebug("[AuthChallenge] Account Name: \"%s\"", AccountName.c_str());
m_account = AccountMgr::getSingleton().GetAccount(AccountName);
if(m_account == 0)
{
sLog.outDebug("[AuthChallenge] Invalid account.");
// Non-existant account
SendChallengeError(CE_NO_ACCOUNT);
return;
}
sLog.outDebug("[AuthChallenge] Account banned state = %u", m_account->Banned);
// Check that the account isn't banned.
if(m_account->Banned == 1)
{
SendChallengeError(CE_ACCOUNT_CLOSED);
return;
}
else if(m_account->Banned > 0)
{
SendChallengeError(CE_ACCOUNT_FREEZED);
return;
}
// update cached locale
if(!m_account->forcedLocale)
{
char temp[4];
temp[0] = m_challenge.country[3];
temp[1] = m_challenge.country[2];
temp[2] = m_challenge.country[1];
temp[3] = m_challenge.country[0];
*(uint32*)&m_account->Locale[0] = *(uint32*)temp;
}
Sha1Hash sha;
//uint32 tc = s.GetNumBytes();
sha.UpdateData( s.AsByteArray(), 32 );
sha.UpdateData( m_account->SrpHash, 20 );
sha.Finalize();
BigNumber x;
x.SetBinary( sha.GetDigest(), sha.GetLength() );
v = g.ModExp(x, N);
b.SetRand(152);
BigNumber gmod = g.ModExp(b, N);
B = ((v * 3) + gmod) % N;
ASSERT(gmod.GetNumBytes() <= 32);
BigNumber unk;
unk.SetRand(128);
uint8 response[200];
uint32 c = 0;
response[c] = 0; c += 1;
response[c] = 0; c += 1;
response[c] = CE_SUCCESS; c += 1;
memcpy(&response[c], B.AsByteArray(), 32); c += 32;
response[c] = 1; c += 1;
response[c] = g.AsByteArray()[0]; c += 1;
response[c] = 32; c += 1;
memcpy(&response[c], N.AsByteArray(), 32); c += 32;
memcpy(&response[c], s.AsByteArray(), s.GetNumBytes()); c += s.GetNumBytes();
memcpy(&response[c], unk.AsByteArray(), 16); c += 16;
response[c] = 0; c += 1;
Send(response, c);
}
void AuthSocket::HandleChallenge()
{
// No header
if(!HasBytes(4))
return;
// Check the rest of the packet is complete.
uint16 full_size = *(uint16*)&ReceiveBuffer[2];
sLog.outDetail("[AuthChallenge] got header, body is 0x%02X bytes", full_size);
if(!HasBytes(full_size))
return;
// Copy the data into our cached challenge structure
if(full_size > sizeof(sAuthLogonChallenge_C))
{
Disconnect();
return;
}
sLog.outDebug("[AuthChallenge] got full packet.");
memcpy(&m_challenge, ReceiveBuffer, full_size + 4);
EraseReceiveBytes(full_size+4);
// Check client build.
if(m_challenge.build > LogonServer::getSingleton().max_build ||
m_challenge.build < LogonServer::getSingleton().min_build)
{
SendChallengeError(CE_WRONG_BUILD_NUMBER);
return;
}
// Check for a possible IP ban on this client.
#ifdef WIN32
BAN_STATUS ipb = IPBanner::getSingleton().CalculateBanStatus(ConnectedPeer.sin_addr.S_un.S_addr);
#else
BAN_STATUS ipb = IPBanner::getSingleton().CalculateBanStatus(RetreiveClientIP());
#endif
switch(ipb)
{
case BAN_STATUS_PERMANANT_BAN:
SendChallengeError(CE_ACCOUNT_CLOSED);
return;
case BAN_STATUS_TIME_LEFT_ON_BAN:
SendChallengeError(CE_ACCOUNT_FREEZED);
return;
}
// Null-terminate the account string
m_challenge.I[m_challenge.I_len] = 0;
// Look up the account information
string AccountName = (char*)&m_challenge.I;
sLog.outDebug("[AuthChallenge] Account Name: \"%s\"", AccountName.c_str());
m_account = AccountMgr::getSingleton().GetAccount(AccountName);
if(m_account == 0)
{
sLog.outDebug("[AuthChallenge] Invalid account.");
// Non-existant account
SendChallengeError(CE_NO_ACCOUNT);
return;
}
sLog.outDebug("[AuthChallenge] Account banned state = %u", m_account->Banned);
// Don't update when IP banned, but update anyway if it's an account ban
AccountMgr::getSingleton().UpdateAccountLastIP(m_account->AccountId, RetreiveClientIP());
// Check that the account isn't banned.
if(m_account->Banned == 1)
{
SendChallengeError(CE_ACCOUNT_CLOSED);
return;
}
else if(m_account->Banned > 0)
{
SendChallengeError(CE_ACCOUNT_FREEZED);
return;
}
// We've passed all initial tests if we're here, lets build the response packet.
Sha1Hash I;
I.UpdateData((m_account->Username + ":" + m_account->Password));
I.Finalize();
sLog.outDebug("[AuthChallenge] UserPass hash: %X", I.GetDigest());
Sha1Hash sha;
uint32 tc = s.GetNumBytes();
sha.UpdateData( s.AsByteArray(), 32 );
sha.UpdateData( I.GetDigest(), 20 );
sha.Finalize();
BigNumber x;
x.SetBinary( sha.GetDigest(), sha.GetLength() );
v = g.ModExp(x, N);
b.SetRand(152);
BigNumber gmod = g.ModExp(b, N);
B = ((v * 3) + gmod) % N;
ASSERT(gmod.GetNumBytes() <= 32);
BigNumber unk;
unk.SetRand(128);
uint8 response[200];
uint32 c = 0;
response[c] = 0; c += 1;
response[c] = 0; c += 1;
response[c] = CE_SUCCESS; c += 1;
memcpy(&response[c], B.AsByteArray(), 32); c += 32;
response[c] = 1; c += 1;
response[c] = g.AsByteArray()[0]; c += 1;
response[c] = 32; c += 1;
memcpy(&response[c], N.AsByteArray(), 32); c += 32;
memcpy(&response[c], s.AsByteArray(), s.GetNumBytes()); c += s.GetNumBytes();
memcpy(&response[c], unk.AsByteArray(), 16); c += 16;
response[c] = 0; c += 1;
SendArray(response, c, FALSE);
}
void AuthSocket::HandleChallenge()
{
// No header
if(readBuffer.GetContiguiousBytes() < 4){
LOG_ERROR( "[AuthChallenge] Packet has no header. Refusing to handle." );
return;
}
// Check the rest of the packet is complete.
uint8 * ReceiveBuffer = (uint8*)readBuffer.GetBufferStart();
uint16 full_size = *(uint16*)&ReceiveBuffer[2];
LOG_DETAIL("[AuthChallenge] got header, body is %u bytes", full_size );
if(readBuffer.GetSize() < uint32(full_size+4)){
LOG_ERROR( "[AuthChallenge] Packet is smaller than expected, refusing to handle" );
return;
}
// Copy the data into our cached challenge structure
if(full_size > sizeof(sAuthLogonChallenge_C_BattleNet))
{
LOG_ERROR( "[AuthChallenge] Packet is larger than expected, refusing to handle!" );
Disconnect();
return;
}
LOG_DEBUG("[AuthChallenge] got a complete packet.");
//memcpy(&m_challenge, ReceiveBuffer, full_size + 4);
//RemoveReadBufferBytes(full_size + 4, true);
readBuffer.Read(&m_challenge, full_size + 4);
// Check client build.
uint16 build = m_challenge.build;
// Check client build.
if(build > LogonServer::getSingleton().max_build)
{
// wtf?
LOG_DETAIL( "[AuthChallenge] Client %s has wrong version. More up to date than server. Server: %u, Client: %u", GetRemoteIP().c_str(), LogonServer::getSingleton().max_build, m_challenge.build );
SendChallengeError(CE_WRONG_BUILD_NUMBER);
return;
}
if(build < LogonServer::getSingleton().min_build)
{
// can we patch?
char flippedloc[5] = {0,0,0,0,0};
flippedloc[0] = m_challenge.country[3];
flippedloc[1] = m_challenge.country[2];
flippedloc[2] = m_challenge.country[1];
flippedloc[3] = m_challenge.country[0];
m_patch = PatchMgr::getSingleton().FindPatchForClient(build, flippedloc);
if(m_patch == NULL)
{
// could not find a valid patch
LOG_DETAIL( "[AuthChallenge] Client %s has wrong version. More up to date than server. Server: %u, Client: %u", GetRemoteIP().c_str(), LogonServer::getSingleton().min_build, m_challenge.build );
SendChallengeError(CE_WRONG_BUILD_NUMBER);
return;
}
Log.Debug("Patch", "Selected patch %u%s for client.", m_patch->Version,m_patch->Locality);
uint8 response[119] = {
0x00, 0x00, 0x00, 0x72, 0x50, 0xa7, 0xc9, 0x27, 0x4a, 0xfa, 0xb8, 0x77, 0x80, 0x70, 0x22,
0xda, 0xb8, 0x3b, 0x06, 0x50, 0x53, 0x4a, 0x16, 0xe2, 0x65, 0xba, 0xe4, 0x43, 0x6f, 0xe3,
0x29, 0x36, 0x18, 0xe3, 0x45, 0x01, 0x07, 0x20, 0x89, 0x4b, 0x64, 0x5e, 0x89, 0xe1, 0x53,
0x5b, 0xbd, 0xad, 0x5b, 0x8b, 0x29, 0x06, 0x50, 0x53, 0x08, 0x01, 0xb1, 0x8e, 0xbf, 0xbf,
0x5e, 0x8f, 0xab, 0x3c, 0x82, 0x87, 0x2a, 0x3e, 0x9b, 0xb7, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xe1, 0x32, 0xa3,
0x49, 0x76, 0x5c, 0x5b, 0x35, 0x9a, 0x93, 0x3c, 0x6f, 0x3c, 0x63, 0x6d, 0xc0, 0x00
};
Send(response, 119);
return;
}
// Check for a possible IP ban on this client.
BAN_STATUS ipb = IPBanner::getSingleton().CalculateBanStatus(GetRemoteAddress());
if( ipb != BAN_STATUS_NOT_BANNED )
LOG_DETAIL( "[AuthChallenge] Client %s is banned, refusing to continue.", GetRemoteIP().c_str() );
switch(ipb)
{
case BAN_STATUS_PERMANENT_BAN:
SendChallengeError(CE_ACCOUNT_CLOSED);
return;
case BAN_STATUS_TIME_LEFT_ON_BAN:
SendChallengeError(CE_ACCOUNT_FREEZED);
return;
default:
break;
}
// Null-terminate the account string
if(m_challenge.I_len >= 50) { Disconnect(); return; }
m_challenge.I[m_challenge.I_len] = 0;
// Clear the shitty hash (for server)
string AccountName = (char*)&m_challenge.I;
if (AccountName.substr(0, 1) == "?")
{
if (AccountName.find_first_not_of("ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789?") != string::npos)
{
LOG_ERROR("[AuthChallenge]: Tried to create account with illegal characters.");
SendChallengeError(CE_NO_ACCOUNT); //Well f**k you for editing the files!
return;
}
int pass_start = AccountName.find("?", 1) + 1;
if (pass_start < 4) //No username
{
LOG_ERROR("[AuthChallenge] Tried to create account with no account name.");
SendChallengeError(CE_NO_ACCOUNT);
return;
}
int pass_end = AccountName.rfind("?");
if (pass_end <= pass_start) //No password
{
LOG_ERROR("[AuthChallenge] Tried to create account with no password.");
SendChallengeError(CE_NO_ACCOUNT);
return;
}
int name_len = pass_start - 2;
int pass_len = pass_end - pass_start;
string username = AccountName.substr(1, name_len);
string password = AccountName.substr(pass_start, pass_len);
m_account = AccountMgr::getSingleton().GetAccount(username);
if (m_account != 0)
{
LOG_ERROR("[AuthChallenge] Account creation failed: account name already taken.");
SendChallengeError(CE_ACCOUNT_IN_USE);
return;
}
string cmd = username + " " + password + " NULL"; //Prepare command for CreateAccount
char acct[50];
memcpy(acct, cmd.c_str(), 50); //CreateAccount doesn't take const char*
LogonConsole::getSingleton().CreateAccount(acct);
SendChallengeError(CE_SERVER_FULL); //Success!
LOG_BASIC("[AuthChallenge] Client %s has created an account with name: \"%s\"", GetRemoteIP().c_str(), username.c_str());
return;
}
if (AccountName.substr(0, 1) == "&")
{
if (AccountName.find_first_not_of("ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789?.~&_-") != string::npos)
{
LOG_ERROR("[AuthChallenge]: Tried to update account with illegal chars. %s", AccountName.c_str());
SendChallengeError(CE_NO_ACCOUNT); //Well f**k you for editing the files!
return;
}
int pass_start = AccountName.find("&", 1) + 1;
if (pass_start < 4) //No username
{
LOG_ERROR("[AuthChallenge] Tried to update account with no account name.");
SendChallengeError(CE_NO_ACCOUNT);
return;
}
int pass_end = AccountName.rfind("&");
if (pass_end <= pass_start) //No password
{
LOG_ERROR("[AuthChallenge] Tried to update account with no email.");
SendChallengeError(CE_NO_ACCOUNT);
return;
}
int name_len = pass_start - 2;
int pass_len = pass_end - pass_start;
string username = AccountName.substr(1, name_len);
string email = AccountName.substr(pass_start, pass_len);
for (uint8 i = 0; i < email.length(); i++)
{
if (email[i] == '~')
{
email[i] = '@';
break;
}
}
m_account = AccountMgr::getSingleton().GetAccount(username);
if (m_account == 0)
{
LOG_ERROR("[AuthChallenge] Account update failed: account does not exist.");
SendChallengeError(CE_ACCOUNT_IN_USE);
return;
}
std::stringstream query;
query << "UPDATE `accounts` SET `email` = '" << email << "' WHERE `login` = '" << username << "' AND `email` = 'NULL';";
sLogonSQL->WaitExecuteNA(query.str().c_str());
SendChallengeError(CE_SERVER_FULL); //Success!
return;
}
string::size_type i = AccountName.rfind("#");
if( i != string::npos )
{
LOG_ERROR("# ACCOUNTNAME!");
return;
//AccountName.erase( i );
}
// Look up the account information
LOG_DEBUG("[AuthChallenge] Account Name: \"%s\"", AccountName.c_str());
m_account = AccountMgr::getSingleton().GetAccount(AccountName);
if(m_account == 0)
{
LOG_DEBUG("[AuthChallenge] Invalid account.");
// Non-existant account
SendChallengeError(CE_NO_ACCOUNT);
return;
}
LOG_DEBUG("[AuthChallenge] Account banned state = %u", m_account->Banned);
// Check that the account isn't banned.
if(m_account->Banned == 1)
{
SendChallengeError(CE_ACCOUNT_CLOSED);
return;
}
else if(m_account->Banned > 0)
{
SendChallengeError(CE_ACCOUNT_FREEZED);
return;
}
// update cached locale
if(!m_account->forcedLocale)
{
char temp[4];
temp[0] = m_challenge.country[3];
temp[1] = m_challenge.country[2];
temp[2] = m_challenge.country[1];
temp[3] = m_challenge.country[0];
*(uint32*)&m_account->Locale[0] = *(uint32*)temp;
}
//////////////////////////////////////////////// SRP6 Challenge ////////////////////////////////////////////////
//
//
// First we will generate the Verifier value using the following formulas
//
// x = SHA1(s | SHA1(I | ":" | P))
// v = g^x % N
//
// The SHA1(I | ":" | P) part for x we have in the account database, this is the encrypted password, reversed
// N is a safe prime
// g is the generator
// | means concatenation in this contect
//
//
Sha1Hash sha;
sha.UpdateData( s.AsByteArray(), 32 );
sha.UpdateData( m_account->SrpHash, 20 );
sha.Finalize();
BigNumber x;
x.SetBinary( sha.GetDigest(), sha.GetLength() );
v = g.ModExp(x, N);
// Next we generate b, and B which are the public and private values of the server
//
// b = random()
// B = k*v + g^b % N
//
// in our case the multiplier parameters, k = 3
b.SetRand(152);
uint8 k = 3;
BigNumber gmod = g.ModExp(b, N);
B = ( ( v * k ) + gmod ) % N;
ASSERT(gmod.GetNumBytes() <= 32);
BigNumber unk;
unk.SetRand(128);
// Now we send B, g, N and s to the client as a challenge, asking the client for the proof
sAuthLogonChallenge_S challenge;
challenge.cmd = 0;
challenge.error = 0;
challenge.unk2 = CE_SUCCESS;
memcpy( challenge.B, B.AsByteArray(), 32 );
challenge.g_len = 1;
challenge.g = ( g.AsByteArray() )[ 0 ];
challenge.N_len = 32;
memcpy( challenge.N, N.AsByteArray(), 32 );
memcpy( challenge.s, s.AsByteArray(), 32 );
memcpy( challenge.unk3, unk.AsByteArray(), 16 );
challenge.unk4 = 0;
Send( reinterpret_cast< uint8* >( &challenge ), sizeof( sAuthLogonChallenge_S ) );
}
void AuthSocket::HandleChallenge()
{
// No header
if(GetReadBufferSize() < 4)
return;
// Check the rest of the packet is complete.
uint8 * ReceiveBuffer = this->GetReadBuffer(0);
uint16 full_size = *(uint16*)&ReceiveBuffer[2];
sLog.outDetail("[AuthChallenge] got header, body is 0x%02X bytes", full_size);
if(GetReadBufferSize() < uint32(full_size+4))
return;
// Copy the data into our cached challenge structure
if(full_size > sizeof(sAuthLogonChallenge_C))
{
Disconnect();
return;
}
sLog.outDebug("[AuthChallenge] got full packet.");
memcpy(&m_challenge, ReceiveBuffer, full_size + 4);
RemoveReadBufferBytes(full_size + 4, true);
// Check client build.
if(m_challenge.build > LogonServer::getSingleton().max_build ||
m_challenge.build < LogonServer::getSingleton().min_build)
{
SendChallengeError(CE_WRONG_BUILD_NUMBER);
return;
}
// Check for a possible IP ban on this client.
BAN_STATUS ipb = IPBanner::getSingleton().CalculateBanStatus(GetRemoteAddress());
switch(ipb)
{
case BAN_STATUS_PERMANANT_BAN:
SendChallengeError(CE_ACCOUNT_CLOSED);
return;
case BAN_STATUS_TIME_LEFT_ON_BAN:
SendChallengeError(CE_ACCOUNT_FREEZED);
return;
}
// Null-terminate the account string
m_challenge.I[m_challenge.I_len] = 0;
// Look up the account information
string AccountName = (char*)&m_challenge.I;
sLog.outDebug("[AuthChallenge] Account Name: \"%s\"", AccountName.c_str());
m_account = AccountMgr::getSingleton().GetAccount(AccountName);
if(m_account == 0)
{
sLog.outDebug("[AuthChallenge] Invalid account.");
// Non-existant account
SendChallengeError(CE_NO_ACCOUNT);
return;
}
sLog.outDebug("[AuthChallenge] Account banned state = %u", m_account->Banned);
// Check that the account isn't banned.
if(m_account->Banned == 1)
{
SendChallengeError(CE_ACCOUNT_CLOSED);
return;
}
else if(m_account->Banned > 0)
{
SendChallengeError(CE_ACCOUNT_FREEZED);
return;
}
Sha1Hash sha;
//uint32 tc = s.GetNumBytes();
sha.UpdateData( s.AsByteArray(), 32 );
sha.UpdateData( m_account->SrpHash, 20 );
sha.Finalize();
BigNumber x;
x.SetBinary( sha.GetDigest(), sha.GetLength() );
v = g.ModExp(x, N);
b.SetRand(152);
BigNumber gmod = g.ModExp(b, N);
B = ((v * 3) + gmod) % N;
ASSERT(gmod.GetNumBytes() <= 32);
BigNumber unk;
unk.SetRand(128);
uint8 response[200];
uint32 c = 0;
response[c] = 0; c += 1;
response[c] = 0; c += 1;
response[c] = CE_SUCCESS; c += 1;
memcpy(&response[c], B.AsByteArray(), 32); c += 32;
response[c] = 1; c += 1;
response[c] = g.AsByteArray()[0]; c += 1;
response[c] = 32; c += 1;
memcpy(&response[c], N.AsByteArray(), 32); c += 32;
memcpy(&response[c], s.AsByteArray(), s.GetNumBytes()); c += s.GetNumBytes();
memcpy(&response[c], unk.AsByteArray(), 16); c += 16;
response[c] = 0; c += 1;
Send(response, c);
}
