Context Navigation

AuthSocket.cpp @ 170

Revision 170, 34.0 kB (checked in by yumileroy, 17 years ago)

[svn] * Allow reconnect in trinityrealm.

Original author: KingPin?
Date: 2008-11-05 13:35:33-06:00

Rev	Line
[2]	1	/*
[102]	2	* Copyright (C) 2005-2008 MaNGOS <http://www.mangosproject.org/>
	3	*
[44]	4	* Copyright (C) 2008 Trinity <http://www.trinitycore.org/>
[2]	5	*
	6	* This program is free software; you can redistribute it and/or modify
	7	* it under the terms of the GNU General Public License as published by
	8	* the Free Software Foundation; either version 2 of the License, or
	9	* (at your option) any later version.
	10	*
	11	* This program is distributed in the hope that it will be useful,
	12	* but WITHOUT ANY WARRANTY; without even the implied warranty of
[44]	13	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
[2]	14	* GNU General Public License for more details.
	15	*
	16	* You should have received a copy of the GNU General Public License
	17	* along with this program; if not, write to the Free Software
[44]	18	* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
[2]	19	*/
	20
	21	/** \file
	22	\ingroup realmd
	23	*/
	24
	25	#include "Common.h"
	26	#include "Database/DatabaseEnv.h"
	27	#include "ByteBuffer.h"
	28	#include "Config/ConfigEnv.h"
	29	#include "Log.h"
	30	#include "RealmList.h"
	31	#include "AuthSocket.h"
	32	#include "AuthCodes.h"
	33	#include <openssl/md5.h>
	34	#include "Auth/Sha1.h"
	35	//#include "Util.h" -- for commented utf8ToUpperOnlyLatin
	36
	37	extern RealmList m_realmList;
	38
	39	extern DatabaseType dbRealmServer;
	40
	41	#define ChunkSize 2048
	42
	43	enum eAuthCmd
	44	{
	45	//AUTH_NO_CMD = 0xFF,
	46	AUTH_LOGON_CHALLENGE = 0x00,
	47	AUTH_LOGON_PROOF = 0x01,
[170]	48	AUTH_RECONNECT_CHALLENGE = 0x02,
	49	AUTH_RECONNECT_PROOF = 0x03,
[2]	50	//update srv =4
	51	REALM_LIST = 0x10,
	52	XFER_INITIATE = 0x30,
	53	XFER_DATA = 0x31,
	54	XFER_ACCEPT = 0x32,
	55	XFER_RESUME = 0x33,
	56	XFER_CANCEL = 0x34
	57	};
	58
	59	enum eStatus
	60	{
	61	STATUS_CONNECTED = 0,
	62	STATUS_AUTHED
	63	};
	64
	65	// GCC have alternative #pragma pack(N) syntax and old gcc version not support pack(push,N), also any gcc version not support it at some paltform
	66	#if defined( __GNUC__ )
	67	#pragma pack(1)
	68	#else
	69	#pragma pack(push,1)
	70	#endif
	71
	72	typedef struct AUTH_LOGON_CHALLENGE_C
	73	{
	74	uint8 cmd;
	75	uint8 error;
	76	uint16 size;
	77	uint8 gamename[4];
	78	uint8 version1;
	79	uint8 version2;
	80	uint8 version3;
	81	uint16 build;
	82	uint8 platform[4];
	83	uint8 os[4];
	84	uint8 country[4];
	85	uint32 timezone_bias;
	86	uint32 ip;
	87	uint8 I_len;
	88	uint8 I[1];
	89	} sAuthLogonChallenge_C;
	90
	91	//typedef sAuthLogonChallenge_C sAuthReconnectChallenge_C;
	92	/*
	93	typedef struct
	94	{
	95	uint8 cmd;
	96	uint8 error;
	97	uint8 unk2;
	98	uint8 B[32];
	99	uint8 g_len;
	100	uint8 g[1];
	101	uint8 N_len;
	102	uint8 N[32];
	103	uint8 s[32];
	104	uint8 unk3[16];
	105	} sAuthLogonChallenge_S;
	106	*/
	107
	108	typedef struct AUTH_LOGON_PROOF_C
	109	{
	110	uint8 cmd;
	111	uint8 A[32];
	112	uint8 M1[20];
	113	uint8 crc_hash[20];
	114	uint8 number_of_keys;
	115	uint8 unk; // Added in 1.12.x client branch
	116	} sAuthLogonProof_C;
	117	/*
	118	typedef struct
	119	{
	120	uint16 unk1;
	121	uint32 unk2;
	122	uint8 unk3[4];
	123	uint16 unk4[20];
	124	} sAuthLogonProofKey_C;
	125	*/
	126	typedef struct AUTH_LOGON_PROOF_S
	127	{
	128	uint8 cmd;
	129	uint8 error;
	130	uint8 M2[20];
	131	uint32 unk1;
	132	uint32 unk2;
	133	uint16 unk3;
	134	} sAuthLogonProof_S;
	135
	136	typedef struct XFER_INIT
	137	{
	138	uint8 cmd; // XFER_INITIATE
	139	uint8 fileNameLen; // strlen(fileName);
[74]	140	uint8 fileName[5]; // fileName[fileNameLen]
[2]	141	uint64 file_size; // file size (bytes)
	142	uint8 md5[MD5_DIGEST_LENGTH]; // MD5
	143	}XFER_INIT;
	144
	145	typedef struct XFER_DATA
	146	{
	147	uint8 opcode;
	148	uint16 data_size;
	149	uint8 data[ChunkSize];
	150	}XFER_DATA_STRUCT;
	151
	152	typedef struct AuthHandler
	153	{
	154	eAuthCmd cmd;
	155	uint32 status;
	156	bool (AuthSocket::*handler)(void);
	157	}AuthHandler;
	158
	159	// GCC have alternative #pragma pack() syntax and old gcc version not support pack(pop), also any gcc version not support it at some paltform
	160	#if defined( __GNUC__ )
	161	#pragma pack()
	162	#else
	163	#pragma pack(pop)
	164	#endif
	165
	166	/// Launch a thread to transfer a patch to the client
	167	class PatcherRunnable: public ZThread::Runnable
	168	{
	169	public:
	170	PatcherRunnable(class AuthSocket *);
	171	void run();
	172
	173	private:
	174	AuthSocket * mySocket;
	175	};
	176
	177	typedef struct PATCH_INFO
	178	{
	179	uint8 md5[MD5_DIGEST_LENGTH];
	180	}PATCH_INFO;
	181
	182	/// Caches MD5 hash of client patches present on the server
	183	class Patcher
	184	{
	185	public:
	186	typedef std::map<std::string, PATCH_INFO*> Patches;
	187	~Patcher();
	188	Patcher();
	189	Patches::const_iterator begin() const { return _patches.begin(); }
	190	Patches::const_iterator end() const { return _patches.end(); }
	191	void LoadPatchMD5(char*);
	192	bool GetHash(char * pat,uint8 mymd5[16]);
	193
	194	private:
	195	void LoadPatchesInfo();
	196	Patches _patches;
	197	};
	198
	199	const AuthHandler table[] =
	200	{
[170]	201	{ AUTH_LOGON_CHALLENGE, STATUS_CONNECTED, &AuthSocket::_HandleLogonChallenge },
	202	{ AUTH_LOGON_PROOF, STATUS_CONNECTED, &AuthSocket::_HandleLogonProof },
	203	{ AUTH_RECONNECT_CHALLENGE, STATUS_CONNECTED, &AuthSocket::_HandleReconnectChallenge},
	204	{ AUTH_RECONNECT_PROOF, STATUS_CONNECTED, &AuthSocket::_HandleReconnectProof },
	205	{ REALM_LIST, STATUS_AUTHED, &AuthSocket::_HandleRealmList },
	206	{ XFER_ACCEPT, STATUS_CONNECTED, &AuthSocket::_HandleXferAccept },
	207	{ XFER_RESUME, STATUS_CONNECTED, &AuthSocket::_HandleXferResume },
	208	{ XFER_CANCEL, STATUS_CONNECTED, &AuthSocket::_HandleXferCancel }
[2]	209	};
	210
	211	#define AUTH_TOTAL_COMMANDS sizeof(table)/sizeof(AuthHandler)
	212
	213	///Holds the MD5 hash of client patches present on the server
	214	Patcher PatchesCache;
	215
	216	/// Constructor - set the N and g values for SRP6
	217	AuthSocket::AuthSocket(ISocketHandler &h) : TcpSocket(h)
	218	{
	219	N.SetHexStr("894B645E89E1535BBDAD5B8B290650530801B18EBFBF5E8FAB3C82872A3E9BB7");
	220	g.SetDword(7);
	221	_authed = false;
[74]	222	pPatch = NULL;
[2]	223
	224	_accountSecurityLevel = SEC_PLAYER;
	225	}
	226
	227	/// Close patch file descriptor before leaving
	228	AuthSocket::~AuthSocket()
	229	{
[74]	230	ZThread::Guard<ZThread::Mutex> g(patcherLock);
[2]	231	if(pPatch)
	232	fclose(pPatch);
	233	}
	234
	235	/// Accept the connection and set the s random value for SRP6
	236	void AuthSocket::OnAccept()
	237	{
	238	sLog.outBasic("Accepting connection from '%s:%d'",
	239	GetRemoteAddress().c_str(), GetRemotePort());
	240
	241	s.SetRand(s_BYTE_SIZE * 8);
	242	}
	243
	244	/// Read the packet from the client
	245	void AuthSocket::OnRead()
	246	{
	247	///- Read the packet
	248	TcpSocket::OnRead();
	249	uint8 _cmd;
	250	while (1)
	251	{
	252	if (!ibuf.GetLength())
	253	return;
	254
	255	///- Get the command out of it
	256	ibuf.SoftRead((char *)&_cmd, 1); // UQ1: No longer exists in new net code ???
	257	//ibuf.Read((char *)&_cmd, 1);
	258	/char command = (char *)malloc(1);
	259
	260	ibuf.Read(command, 1);
	261
	262	_cmd = (uint8)command;*/
	263	// assert(0);
	264	size_t i;
	265
	266	///- Circle through known commands and call the correct command handler
	267	for (i=0;i<AUTH_TOTAL_COMMANDS; i++)
	268	{
	269	if ((uint8)table[i].cmd == _cmd &&
	270	(table[i].status == STATUS_CONNECTED \|\|
	271	(_authed && table[i].status == STATUS_AUTHED)))
	272	{
	273	DEBUG_LOG("[Auth] got data for cmd %u ibuf length %u", (uint32)_cmd, ibuf.GetLength());
	274
	275	if (!(this.table[i].handler)())
	276	{
	277	DEBUG_LOG("Command handler failed for cmd %u ibuf length %u", (uint32)_cmd, ibuf.GetLength());
	278	return;
	279	}
	280	break;
	281	}
	282	}
	283
	284	///- Report unknown commands in the debug log
	285	if (i==AUTH_TOTAL_COMMANDS)
	286	{
	287	DEBUG_LOG("[Auth] got unknown packet %u", (uint32)_cmd);
	288	return;
	289	}
	290	}
	291	}
	292
	293	/// Make the SRP6 calculation from hash in dB
	294	void AuthSocket::_SetVSFields(std::string rI)
	295	{
	296	BigNumber I;
	297	I.SetHexStr(rI.c_str());
	298
	299	//In case of leading zeroes in the rI hash, restore them
	300	uint8 mDigest[SHA_DIGEST_LENGTH];
	301	memset(mDigest,0,SHA_DIGEST_LENGTH);
	302	if (I.GetNumBytes() <= SHA_DIGEST_LENGTH)
	303	memcpy(mDigest,I.AsByteArray(),I.GetNumBytes());
	304
	305	std::reverse(mDigest,mDigest+SHA_DIGEST_LENGTH);
	306
	307	Sha1Hash sha;
	308	sha.UpdateData(s.AsByteArray(), s.GetNumBytes());
	309	sha.UpdateData(mDigest, SHA_DIGEST_LENGTH);
	310	sha.Finalize();
	311	BigNumber x;
	312	x.SetBinary(sha.GetDigest(), sha.GetLength());
	313	v = g.ModExp(x, N);
	314	// No SQL injection (username escaped)
	315	const char v_hex, s_hex;
	316	v_hex = v.AsHexStr();
	317	s_hex = s.AsHexStr();
	318	dbRealmServer.PExecute("UPDATE account SET v = '%s', s = '%s' WHERE username = '%s'",v_hex,s_hex, _safelogin.c_str() );
	319	OPENSSL_free((void*)v_hex);
	320	OPENSSL_free((void*)s_hex);
	321	}
	322
	323	/// Logon Challenge command handler
	324	bool AuthSocket::_HandleLogonChallenge()
	325	{
	326	DEBUG_LOG("Entering _HandleLogonChallenge");
	327	if (ibuf.GetLength() < sizeof(sAuthLogonChallenge_C))
	328	return false;
	329
	330	///- Read the first 4 bytes (header) to get the length of the remaining of the packet
	331	std::vector<uint8> buf;
	332	buf.resize(4);
	333
	334	ibuf.Read((char *)&buf[0], 4);
	335
	336	EndianConvert(((uint16)(buf[0])));
	337	uint16 remaining = ((sAuthLogonChallenge_C *)&buf[0])->size;
	338	DEBUG_LOG("[AuthChallenge] got header, body is %#04x bytes", remaining);
	339
	340	if ((remaining < sizeof(sAuthLogonChallenge_C) - buf.size()) \|\| (ibuf.GetLength() < remaining))
	341	return false;
	342
	343	//No big fear of memory outage (size is int16, i.e. < 65536)
	344	buf.resize(remaining + buf.size() + 1);
	345	buf[buf.size() - 1] = 0;
	346	sAuthLogonChallenge_C ch = (sAuthLogonChallenge_C)&buf[0];
	347
	348	// BigEndian code, nop in little endian case
	349	// size already converted
	350	EndianConvert(((uint32)(&ch->gamename[0])));
	351	EndianConvert(ch->build);
	352	EndianConvert(((uint32)(&ch->platform[0])));
	353	EndianConvert(((uint32)(&ch->os[0])));
	354	EndianConvert(((uint32)(&ch->country[0])));
	355	EndianConvert(ch->timezone_bias);
	356	EndianConvert(ch->ip);
	357
	358	///- Read the remaining of the packet
	359	ibuf.Read((char *)&buf[4], remaining);
	360	DEBUG_LOG("[AuthChallenge] got full packet, %#04x bytes", ch->size);
	361	DEBUG_LOG("[AuthChallenge] name(%d): '%s'", ch->I_len, ch->I);
	362
	363	ByteBuffer pkt;
	364
	365	_login = (const char*)ch->I;
[74]	366	_build = ch->build;
[2]	367
	368	///- Normalize account name
	369	//utf8ToUpperOnlyLatin(_login); -- client already send account in expected form
	370
	371	//Escape the user login to avoid further SQL injection
	372	//Memory will be freed on AuthSocket object destruction
	373	_safelogin=_login;
	374	dbRealmServer.escape_string(_safelogin);
	375
[74]	376	pkt << (uint8) AUTH_LOGON_CHALLENGE;
	377	pkt << (uint8) 0x00;
	378
	379	///- Verify that this IP is not in the ip_banned table
	380	// No SQL injection possible (paste the IP address as passed by the socket)
	381	dbRealmServer.Execute("DELETE FROM ip_banned WHERE unbandate<=UNIX_TIMESTAMP() AND unbandate<>bandate");
	382
	383	std::string address = GetRemoteAddress();
	384	dbRealmServer.escape_string(address);
	385	QueryResult result = dbRealmServer.PQuery( "SELECT FROM ip_banned WHERE ip = '%s'",address.c_str());
	386	if(result)
[44]	387	{
[74]	388	pkt << (uint8)REALM_AUTH_ACCOUNT_BANNED;
	389	sLog.outBasic("[AuthChallenge] Banned ip %s tries to login!",GetRemoteAddress().c_str ());
	390	delete result;
[44]	391	}
[74]	392	else
[2]	393	{
[74]	394	///- Get the account details from the account table
	395	// No SQL injection (escaped user name)
[2]	396
[74]	397	result = dbRealmServer.PQuery("SELECT sha_pass_hash,id,locked,last_ip,gmlevel FROM account WHERE username = '%s'",_safelogin.c_str ());
	398	if( result )
[2]	399	{
[74]	400	///- If the IP is 'locked', check that the player comes indeed from the correct IP address
	401	bool locked = false;
	402	if((*result)[2].GetUInt8() == 1) // if ip is locked
[2]	403	{
[74]	404	DEBUG_LOG("[AuthChallenge] Account '%s' is locked to IP - '%s'", _login.c_str(), (*result)[3].GetString());
	405	DEBUG_LOG("[AuthChallenge] Player address is '%s'", GetRemoteAddress().c_str());
	406	if ( strcmp((*result)[3].GetString(),GetRemoteAddress().c_str()) )
[2]	407	{
[74]	408	DEBUG_LOG("[AuthChallenge] Account IP differs");
	409	pkt << (uint8) REALM_AUTH_ACCOUNT_FREEZED;
	410	locked=true;
[2]	411	}
	412	else
	413	{
[74]	414	DEBUG_LOG("[AuthChallenge] Account IP matches");
[2]	415	}
[74]	416	}
	417	else
	418	{
	419	DEBUG_LOG("[AuthChallenge] Account '%s' is not locked to ip", _login.c_str());
	420	}
[2]	421
[74]	422	if (!locked)
	423	{
	424	//set expired bans to inactive
	425	dbRealmServer.Execute("UPDATE account_banned SET active = 0 WHERE unbandate<=UNIX_TIMESTAMP() AND unbandate<>bandate");
	426	///- If the account is banned, reject the logon attempt
	427	QueryResult banresult = dbRealmServer.PQuery("SELECT bandate,unbandate FROM account_banned WHERE id = %u AND active = 1", (result)[1].GetUInt32());
	428	if(banresult)
[2]	429	{
[74]	430	if((banresult)[0].GetUInt64() == (banresult)[1].GetUInt64())
[2]	431	{
[74]	432	pkt << (uint8) REALM_AUTH_ACCOUNT_BANNED;
	433	sLog.outBasic("[AuthChallenge] Banned account %s tries to login!",_login.c_str ());
[2]	434	}
	435	else
	436	{
[74]	437	pkt << (uint8) REALM_AUTH_ACCOUNT_FREEZED;
	438	sLog.outBasic("[AuthChallenge] Temporarily banned account %s tries to login!",_login.c_str ());
	439	}
[2]	440
[74]	441	delete banresult;
	442	}
	443	else
	444	{
	445	///- Get the password from the account table, upper it, and make the SRP6 calculation
	446	std::string rI = (*result)[0].GetCppString();
	447	_SetVSFields(rI);
[2]	448
[74]	449	b.SetRand(19 * 8);
	450	BigNumber gmod=g.ModExp(b, N);
	451	B = ((v * 3) + gmod) % N;
[2]	452
[74]	453	ASSERT(gmod.GetNumBytes() <= 32);
[2]	454
[74]	455	BigNumber unk3;
	456	unk3.SetRand(16*8);
[2]	457
[74]	458	///- Fill the response packet with the result
	459	pkt << (uint8)REALM_AUTH_SUCCESS;
[2]	460
[74]	461	// B may be calculated < 32B so we force minnimal length to 32B
	462	pkt.append(B.AsByteArray(32), 32); // 32 bytes
	463	pkt << (uint8)1;
	464	pkt.append(g.AsByteArray(), 1);
	465	pkt << (uint8)32;
	466	pkt.append(N.AsByteArray(), 32);
	467	pkt.append(s.AsByteArray(), s.GetNumBytes()); // 32 bytes
	468	pkt.append(unk3.AsByteArray(), 16);
	469	pkt << (uint8)0; // Added in 1.12.x client branch
[2]	470
[74]	471	uint8 secLevel = (*result)[4].GetUInt8();
	472	_accountSecurityLevel = secLevel <= SEC_ADMINISTRATOR ? AccountTypes(secLevel) : SEC_ADMINISTRATOR;
[2]	473
[74]	474	_localizationName.resize(4);
	475	for(int i = 0; i <4; ++i)
	476	_localizationName[i] = ch->country[4-i-1];
[2]	477
[74]	478	sLog.outBasic("[AuthChallenge] account %s is using '%c%c%c%c' locale (%u)", _login.c_str (), ch->country[3],ch->country[2],ch->country[1],ch->country[0], GetLocaleByName(_localizationName));
[2]	479	}
	480	}
[74]	481	delete result;
[2]	482	}
[74]	483	else //no account
	484	{
	485	pkt<< (uint8) REALM_AUTH_NO_MATCH;
	486	}
	487	}
	488	SendBuf((char const*)pkt.contents(), pkt.size());
	489	return true;
	490	}
	491
	492	/// Logon Proof command handler
	493	bool AuthSocket::_HandleLogonProof()
	494	{
	495	DEBUG_LOG("Entering _HandleLogonProof");
	496	///- Read the packet
	497	if (ibuf.GetLength() < sizeof(sAuthLogonProof_C))
	498	return false;
	499	sAuthLogonProof_C lp;
	500	ibuf.Read((char *)&lp, sizeof(sAuthLogonProof_C));
	501
	502	///- Check if the client has one of the expected version numbers
	503	bool valid_version=false;
	504	int accepted_versions[]=EXPECTED_TRINITY_CLIENT_BUILD;
	505	for(int i=0;accepted_versions[i];i++)
[2]	506	{
[74]	507	if(_build==accepted_versions[i])
	508	{
	509	valid_version=true;
	510	break;
	511	}
	512	}
	513
	514	/// <ul><li> If the client has no valid version
	515	if(!valid_version)
	516	{
[2]	517	///- Check if we have the apropriate patch on the disk
[74]	518
	519	// 24 = len("./patches/65535enGB.mpq")+1
	520	char tmp[24];
[2]	521	// No buffer overflow (fixed length of arguments)
[74]	522	sprintf(tmp,"./patches/%d%s.mpq",_build, _localizationName.c_str());
[2]	523	// This will be closed at the destruction of the AuthSocket (client deconnection)
	524	FILE *pFile=fopen(tmp,"rb");
[74]	525
[2]	526	if(!pFile)
	527	{
[74]	528	ByteBuffer pkt;
[2]	529	pkt << (uint8) AUTH_LOGON_CHALLENGE;
	530	pkt << (uint8) 0x00;
	531	pkt << (uint8) REALM_AUTH_WRONG_BUILD_NUMBER;
[74]	532	DEBUG_LOG("[AuthChallenge] %u is not a valid client version!", _build);
[2]	533	DEBUG_LOG("[AuthChallenge] Patch %s not found",tmp);
[74]	534	SendBuf((char const*)pkt.contents(), pkt.size());
	535	return true;
	536	}
	537	else // have patch
	538	{
[2]	539	pPatch=pFile;
	540	XFER_INIT xferh;
	541
	542	///- Get the MD5 hash of the patch file (get it from preloaded Patcher cache or calculate it)
	543	if(PatchesCache.GetHash(tmp,(uint8*)&xferh.md5))
	544	{
	545	DEBUG_LOG("\n[AuthChallenge] Found precached patch info for patch %s",tmp);
	546	}
	547	else
	548	{ //calculate patch md5
	549	printf("\n[AuthChallenge] Patch info for %s was not cached.",tmp);
	550	PatchesCache.LoadPatchMD5(tmp);
	551	PatchesCache.GetHash(tmp,(uint8*)&xferh.md5);
	552	}
	553
	554	///- Send a packet to the client with the file length and MD5 hash
	555	uint8 data[2]={AUTH_LOGON_PROOF,REALM_AUTH_UPDATE_CLIENT};
	556	SendBuf((const char*)data,sizeof(data));
	557
	558	memcpy(&xferh,"0\x05Patch",7);
	559	xferh.cmd=XFER_INITIATE;
	560	fseek(pPatch,0,SEEK_END);
	561	xferh.file_size=ftell(pPatch);
	562
	563	SendBuf((const char*)&xferh,sizeof(xferh));
	564	return true;
	565	}
	566	}
	567	/// </ul>
	568
	569	///- Continue the SRP6 calculation based on data received from the client
	570	BigNumber A;
	571	A.SetBinary(lp.A, 32);
	572
	573	Sha1Hash sha;
	574	sha.UpdateBigNumbers(&A, &B, NULL);
	575	sha.Finalize();
	576	BigNumber u;
	577	u.SetBinary(sha.GetDigest(), 20);
	578	BigNumber S = (A * (v.ModExp(u, N))).ModExp(b, N);
	579
	580	uint8 t[32];
	581	uint8 t1[16];
	582	uint8 vK[40];
	583	memcpy(t, S.AsByteArray(), 32);
	584	for (int i = 0; i < 16; i++)
	585	{
	586	t1[i] = t[i*2];
	587	}
	588	sha.Initialize();
	589	sha.UpdateData(t1, 16);
	590	sha.Finalize();
	591	for (int i = 0; i < 20; i++)
	592	{
	593	vK[i*2] = sha.GetDigest()[i];
	594	}
	595	for (int i = 0; i < 16; i++)
	596	{
	597	t1[i] = t[i*2+1];
	598	}
	599	sha.Initialize();
	600	sha.UpdateData(t1, 16);
	601	sha.Finalize();
	602	for (int i = 0; i < 20; i++)
	603	{
	604	vK[i*2+1] = sha.GetDigest()[i];
	605	}
	606	K.SetBinary(vK, 40);
	607
	608	uint8 hash[20];
	609
	610	sha.Initialize();
	611	sha.UpdateBigNumbers(&N, NULL);
	612	sha.Finalize();
	613	memcpy(hash, sha.GetDigest(), 20);
	614	sha.Initialize();
	615	sha.UpdateBigNumbers(&g, NULL);
	616	sha.Finalize();
	617	for (int i = 0; i < 20; i++)
	618	{
	619	hash[i] ^= sha.GetDigest()[i];
	620	}
	621	BigNumber t3;
	622	t3.SetBinary(hash, 20);
	623
	624	sha.Initialize();
	625	sha.UpdateData(_login);
	626	sha.Finalize();
	627	uint8 t4[SHA_DIGEST_LENGTH];
	628	memcpy(t4, sha.GetDigest(), SHA_DIGEST_LENGTH);
	629
	630	sha.Initialize();
	631	sha.UpdateBigNumbers(&t3, NULL);
	632	sha.UpdateData(t4, SHA_DIGEST_LENGTH);
	633	sha.UpdateBigNumbers(&s, &A, &B, &K, NULL);
	634	sha.Finalize();
	635	BigNumber M;
	636	M.SetBinary(sha.GetDigest(), 20);
	637
	638	///- Check if SRP6 results match (password is correct), else send an error
	639	if (!memcmp(M.AsByteArray(), lp.M1, 20))
	640	{
	641	sLog.outBasic("User '%s' successfully authenticated", _login.c_str());
	642
	643	///- Update the sessionkey, last_ip, last login time and reset number of failed logins in the account table for this account
	644	// No SQL injection (escaped user name) and IP address as received by socket
	645	const char* K_hex = K.AsHexStr();
[74]	646	dbRealmServer.PExecute("UPDATE account SET sessionkey = '%s', last_ip = '%s', last_login = NOW(), locale = '%u', failed_logins = 0 WHERE username = '%s'", K_hex, GetRemoteAddress().c_str(), GetLocaleByName(_localizationName), _safelogin.c_str() );
[2]	647	OPENSSL_free((void*)K_hex);
	648
	649	///- Finish SRP6 and send the final result to the client
	650	sha.Initialize();
	651	sha.UpdateBigNumbers(&A, &M, &K, NULL);
	652	sha.Finalize();
	653
	654	sAuthLogonProof_S proof;
	655	memcpy(proof.M2, sha.GetDigest(), 20);
	656	proof.cmd = AUTH_LOGON_PROOF;
	657	proof.error = 0;
	658	proof.unk1 = 0x00800000;
	659	proof.unk2 = 0x00;
	660	proof.unk3 = 0x00;
	661
	662	SendBuf((char *)&proof, sizeof(proof));
	663
	664	///- Set _authed to true!
	665	_authed = true;
	666	}
	667	else
	668	{
	669	char data[4]={AUTH_LOGON_PROOF,REALM_AUTH_NO_MATCH,3,0};
	670	SendBuf(data,sizeof(data));
	671	sLog.outBasic("[AuthChallenge] account %s tried to login with wrong password!",_login.c_str ());
	672
	673	uint32 MaxWrongPassCount = sConfig.GetIntDefault("WrongPass.MaxCount", 0);
	674	if(MaxWrongPassCount > 0)
	675	{
	676	//Increment number of failed logins by one and if it reaches the limit temporarily ban that account or IP
	677	dbRealmServer.PExecute("UPDATE account SET failed_logins = failed_logins + 1 WHERE username = '%s'",_safelogin.c_str());
	678
	679	if(QueryResult *loginfail = dbRealmServer.PQuery("SELECT id, failed_logins FROM account WHERE username = '%s'", _safelogin.c_str()))
	680	{
	681	Field* fields = loginfail->Fetch();
	682	uint32 failed_logins = fields[1].GetUInt32();
	683
	684	if( failed_logins >= MaxWrongPassCount )
	685	{
	686	uint32 WrongPassBanTime = sConfig.GetIntDefault("WrongPass.BanTime", 600);
	687	bool WrongPassBanType = sConfig.GetBoolDefault("WrongPass.BanType", false);
	688
	689	if(WrongPassBanType)
	690	{
	691	uint32 acc_id = fields[0].GetUInt32();
[74]	692	dbRealmServer.PExecute("INSERT INTO account_banned VALUES ('%u',UNIX_TIMESTAMP(),UNIX_TIMESTAMP()+'%u','Trinity realmd','Failed login autoban',1)",
[2]	693	acc_id, WrongPassBanTime);
	694	sLog.outBasic("[AuthChallenge] account %s got banned for '%u' seconds because it failed to authenticate '%u' times",
	695	_login.c_str(), WrongPassBanTime, failed_logins);
	696	}
	697	else
	698	{
	699	std::string current_ip = GetRemoteAddress();
	700	dbRealmServer.escape_string(current_ip);
[74]	701	dbRealmServer.PExecute("INSERT INTO ip_banned VALUES ('%s',UNIX_TIMESTAMP(),UNIX_TIMESTAMP()+'%u','Trinity realmd','Failed login autoban')",
[2]	702	current_ip.c_str(), WrongPassBanTime);
	703	sLog.outBasic("[AuthChallenge] IP %s got banned for '%u' seconds because account %s failed to authenticate '%u' times",
	704	current_ip.c_str(), WrongPassBanTime, _login.c_str(), failed_logins);
	705	}
	706	}
	707	delete loginfail;
	708	}
	709	}
	710	}
	711	return true;
	712	}
	713
[170]	714	/// Reconnect Challenge command handler
	715	bool AuthSocket::_HandleReconnectChallenge()
	716	{
	717	DEBUG_LOG("Entering _HandleReconnectChallenge");
	718	if (ibuf.GetLength() < sizeof(sAuthLogonChallenge_C))
	719	return false;
	720
	721	///- Read the first 4 bytes (header) to get the length of the remaining of the packet
	722	std::vector<uint8> buf;
	723	buf.resize(4);
	724
	725	ibuf.Read((char *)&buf[0], 4);
	726
	727	EndianConvert(((uint16)(buf[0])));
	728	uint16 remaining = ((sAuthLogonChallenge_C *)&buf[0])->size;
	729	DEBUG_LOG("[ReconnectChallenge] got header, body is %#04x bytes", remaining);
	730
	731	if ((remaining < sizeof(sAuthLogonChallenge_C) - buf.size()) \|\| (ibuf.GetLength() < remaining))
	732	return false;
	733
	734	//No big fear of memory outage (size is int16, i.e. < 65536)
	735	buf.resize(remaining + buf.size() + 1);
	736	buf[buf.size() - 1] = 0;
	737	sAuthLogonChallenge_C ch = (sAuthLogonChallenge_C)&buf[0];
	738
	739	///- Read the remaining of the packet
	740	ibuf.Read((char *)&buf[4], remaining);
	741	DEBUG_LOG("[ReconnectChallenge] got full packet, %#04x bytes", ch->size);
	742	DEBUG_LOG("[ReconnectChallenge] name(%d): '%s'", ch->I_len, ch->I);
	743
	744	_login = (const char*)ch->I;
	745	_safelogin = _login;
	746
	747	QueryResult *result = dbRealmServer.PQuery ("SELECT sessionkey FROM account WHERE username = '%s'", _safelogin.c_str ());
	748
	749	// Stop if the account is not found
	750	if (!result)
	751	{
	752	sLog.outError("[ERROR] user %s tried to login and we cannot find his session key in the database.", _login.c_str());
	753	SetCloseAndDelete();
	754	return false;
	755	}
	756
	757	Field* fields = result->Fetch ();
	758	K.SetHexStr (fields[0].GetString ());
	759	delete result;
	760
	761	///- Sending response
	762	ByteBuffer pkt;
	763	pkt << (uint8) AUTH_RECONNECT_CHALLENGE;
	764	pkt << (uint8) 0x00;
	765	_reconnectProof.SetRand(16*8);
	766	pkt.append(_reconnectProof.AsByteBuffer()); // 16 bytes random
	767	pkt << (uint64) 0x00 << (uint64) 0x00; // 16 bytes zeros
	768	SendBuf((char const*)pkt.contents(), pkt.size());
	769	return true;
	770	}
	771
	772	/// Reconnect Proof command handler
	773	bool AuthSocket::_HandleReconnectProof()
	774	{
	775	DEBUG_LOG("Entering _HandleReconnectProof");
	776	///- Read the packet
	777	if (ibuf.GetLength() < sizeof(sAuthReconnectProof_C))
	778	return false;
	779	if (_login.empty() \|\| !_reconnectProof.GetNumBytes() \|\| !K.GetNumBytes())
	780	return false;
	781	sAuthReconnectProof_C lp;
	782	ibuf.Read((char *)&lp, sizeof(sAuthReconnectProof_C));
	783
	784	BigNumber t1;
	785	t1.SetBinary(lp.R1, 16);
	786
	787	Sha1Hash sha;
	788	sha.Initialize();
	789	sha.UpdateData(_login);
	790	sha.UpdateBigNumbers(&t1, &_reconnectProof, &K, NULL);
	791	sha.Finalize();
	792
	793	if (!memcmp(sha.GetDigest(), lp.R2, SHA_DIGEST_LENGTH))
	794	{
	795	///- Sending response
	796	ByteBuffer pkt;
	797	pkt << (uint8) AUTH_RECONNECT_PROOF;
	798	pkt << (uint8) 0x00;
	799	pkt << (uint16) 0x00; // 2 bytes zeros
	800	SendBuf((char const*)pkt.contents(), pkt.size());
	801
	802	///- Set _authed to true!
	803	_authed = true;
	804
	805	return true;
	806	}
	807	else
	808	{
	809	sLog.outError("[ERROR] user %s tried to login, but session invalid.", _login.c_str());
	810	SetCloseAndDelete();
	811	return false;
	812	}
	813	}
	814
[2]	815	/// %Realm List command handler
	816	bool AuthSocket::_HandleRealmList()
	817	{
	818	DEBUG_LOG("Entering _HandleRealmList");
	819	if (ibuf.GetLength() < 5)
	820	return false;
	821
	822	ibuf.Remove(5);
	823
	824	///- Get the user id (else close the connection)
	825	// No SQL injection (escaped user name)
	826
	827	QueryResult *result = dbRealmServer.PQuery("SELECT id,sha_pass_hash FROM account WHERE username = '%s'",_safelogin.c_str());
	828	if(!result)
	829	{
	830	sLog.outError("[ERROR] user %s tried to login and we cannot find him in the database.",_login.c_str());
	831	SetCloseAndDelete();
	832	return false;
	833	}
	834
	835	uint32 id = (*result)[0].GetUInt32();
	836	std::string rI = (*result)[1].GetCppString();
	837	delete result;
	838
	839	///- Update realm list if need
	840	m_realmList.UpdateIfNeed();
	841
	842	///- Circle through realms in the RealmList and construct the return packet (including # of user characters in each realm)
	843	ByteBuffer pkt;
	844	pkt << (uint32) 0;
	845	pkt << (uint16) m_realmList.size();
	846	RealmList::RealmMap::const_iterator i;
	847	for( i = m_realmList.begin(); i != m_realmList.end(); i++ )
	848	{
	849	uint8 AmountOfCharacters;
	850
	851	// No SQL injection. id of realm is controlled by the database.
	852	result = dbRealmServer.PQuery( "SELECT numchars FROM realmcharacters WHERE realmid = '%d' AND acctid='%u'",i->second.m_ID,id);
	853	if( result )
	854	{
	855	Field *fields = result->Fetch();
	856	AmountOfCharacters = fields[0].GetUInt8();
	857	delete result;
	858	}
	859	else
	860	AmountOfCharacters = 0;
	861
	862	uint8 lock = (i->second.allowedSecurityLevel > _accountSecurityLevel) ? 1 : 0;
	863
	864	pkt << i->second.icon; // realm type
	865	pkt << lock; // if 1, then realm locked
	866	pkt << i->second.color; // if 2, then realm is offline
	867	pkt << i->first;
	868	pkt << i->second.address;
	869	pkt << i->second.populationLevel;
	870	pkt << AmountOfCharacters;
	871	pkt << i->second.timezone; // realm category
	872	pkt << (uint8) 0x2C; // unk, may be realm number/id?
	873	}
	874	pkt << (uint8) 0x10;
	875	pkt << (uint8) 0x00;
	876
	877	ByteBuffer hdr;
	878	hdr << (uint8) REALM_LIST;
	879	hdr << (uint16)pkt.size();
	880	hdr.append(pkt);
	881
	882	SendBuf((char const*)hdr.contents(), hdr.size());
	883
	884	// Set check field before possible relogin to realm
	885	_SetVSFields(rI);
	886	return true;
	887	}
	888
	889	/// Resume patch transfer
	890	bool AuthSocket::_HandleXferResume()
	891	{
	892	DEBUG_LOG("Entering _HandleXferResume");
	893	///- Check packet length and patch existence
	894	if (ibuf.GetLength()<9 \|\| !pPatch)
	895	{
	896	sLog.outError("Error while resuming patch transfer (wrong packet)");
	897	return false;
	898	}
	899
	900	///- Launch a PatcherRunnable thread starting at given patch file offset
	901	uint64 start;
	902	ibuf.Remove(1);
	903	ibuf.Read((char*)&start,sizeof(start));
	904	fseek(pPatch,start,0);
	905
	906	ZThread::Thread u(new PatcherRunnable(this));
	907	return true;
	908	}
	909
	910	/// Cancel patch transfer
	911	bool AuthSocket::_HandleXferCancel()
	912	{
	913	DEBUG_LOG("Entering _HandleXferCancel");
	914
	915	///- Close and delete the socket
	916	ibuf.Remove(1); //clear input buffer
	917
	918	//ZThread::Thread::sleep(15);
	919	SetCloseAndDelete();
	920
	921	return true;
	922	}
	923
	924	/// Accept patch transfer
	925	bool AuthSocket::_HandleXferAccept()
	926	{
	927	DEBUG_LOG("Entering _HandleXferAccept");
	928
	929	///- Check packet length and patch existence
	930	if (!pPatch)
	931	{
	932	sLog.outError("Error while accepting patch transfer (wrong packet)");
	933	return false;
	934	}
	935
	936	///- Launch a PatcherRunnable thread, starting at the begining of the patch file
	937	ibuf.Remove(1); //clear input buffer
	938	fseek(pPatch,0,0);
	939
	940	ZThread::Thread u(new PatcherRunnable(this));
	941
	942	return true;
	943	}
	944
	945	/// Check if there is lag on the connection to the client
	946	bool AuthSocket::IsLag()
	947	{
	948	return (TCP_BUFSIZE_READ-GetOutputLength()< 2*ChunkSize);
	949	}
	950
	951	PatcherRunnable::PatcherRunnable(class AuthSocket * as)
	952	{
	953	mySocket=as;
	954	}
	955
	956	/// Send content of patch file to the client
	957	void PatcherRunnable::run()
	958	{
[74]	959	ZThread::Guard<ZThread::Mutex> g(mySocket->patcherLock);
[2]	960	XFER_DATA_STRUCT xfdata;
	961	xfdata.opcode = XFER_DATA;
	962
	963	while(!feof(mySocket->pPatch) && mySocket->Ready())
	964	{
	965	///- Wait until output buffer is reasonably empty
	966	while(mySocket->Ready() && mySocket->IsLag())
	967	{
	968	ZThread::Thread::sleep(1);
	969	}
	970	///- And send content of the patch file to the client
	971	xfdata.data_size=fread(&xfdata.data,1,ChunkSize,mySocket->pPatch);
	972	mySocket->SendBuf((const char*)&xfdata,xfdata.data_size +(sizeof(XFER_DATA_STRUCT)-ChunkSize));
	973	}
	974	}
	975
	976	/// Preload MD5 hashes of existing patch files on server
	977	#ifndef _WIN32
[74]	978	#include <dirent.h>
[2]	979	#include <errno.h>
	980	void Patcher::LoadPatchesInfo()
	981	{
	982	DIR * dirp;
	983	//int errno;
	984	struct dirent * dp;
	985	dirp = opendir("./patches/");
	986	if(!dirp)
	987	return;
	988	while (dirp)
	989	{
	990	errno = 0;
	991	if ((dp = readdir(dirp)) != NULL)
	992	{
	993	int l=strlen(dp->d_name);
	994	if(l<8)continue;
	995	if(!memcmp(&dp->d_name[l-4],".mpq",4))
	996	LoadPatchMD5(dp->d_name);
	997	}
	998	else
	999	{
	1000	if(errno != 0)
	1001	{
	1002	closedir(dirp);
	1003	return;
	1004	}
	1005	break;
	1006	}
	1007	}
	1008
	1009	if(dirp)
	1010	closedir(dirp);
	1011	}
	1012
	1013	#else
	1014	void Patcher::LoadPatchesInfo()
	1015	{
	1016	WIN32_FIND_DATA fil;
	1017	HANDLE hFil=FindFirstFile("./patches/*.mpq",&fil);
	1018	if(hFil==INVALID_HANDLE_VALUE)
	1019	return; //no patches were found
	1020
[74]	1021	do
	1022	{
[2]	1023	LoadPatchMD5(fil.cFileName);
[74]	1024	}
	1025	while(FindNextFile(hFil,&fil));
[2]	1026	}
	1027	#endif
	1028
	1029	/// Calculate and store MD5 hash for a given patch file
	1030	void Patcher::LoadPatchMD5(char * szFileName)
	1031	{
	1032	///- Try to open the patch file
	1033	std::string path = "./patches/";
	1034	path += szFileName;
	1035	FILE * pPatch=fopen(path.c_str(),"rb");
	1036	sLog.outDebug("Loading patch info from %s\n",path.c_str());
	1037	if(!pPatch)
	1038	{
	1039	sLog.outError("Error loading patch %s\n",path.c_str());
	1040	return;
	1041	}
	1042
	1043	///- Calculate the MD5 hash
	1044	MD5_CTX ctx;
	1045	MD5_Init(&ctx);
	1046	uint8* buf = new uint8[512*1024];
	1047
	1048	while (!feof(pPatch))
	1049	{
	1050	size_t read = fread(buf, 1, 512*1024, pPatch);
	1051	MD5_Update(&ctx, buf, read);
	1052	}
	1053	delete [] buf;
	1054	fclose(pPatch);
	1055
	1056	///- Store the result in the internal patch hash map
	1057	_patches[path] = new PATCH_INFO;
	1058	MD5_Final((uint8 *)&_patches[path]->md5 , &ctx);
	1059	}
	1060
	1061	/// Get cached MD5 hash for a given patch file
	1062	bool Patcher::GetHash(char * pat,uint8 mymd5[16])
	1063	{
	1064	for( Patches::iterator i = _patches.begin(); i != _patches.end(); i++ )
	1065	if(!stricmp(pat,i->first.c_str () ))
	1066	{
	1067	memcpy(mymd5,i->second->md5,16);
	1068	return true;
	1069	}
	1070
	1071	return false;
	1072	}
	1073
	1074	/// Launch the patch hashing mechanism on object creation
	1075	Patcher::Patcher()
	1076	{
	1077	LoadPatchesInfo();
	1078	}
	1079
	1080	/// Empty and delete the patch map on termination
	1081	Patcher::~Patcher()
	1082	{
	1083	for(Patches::iterator i = _patches.begin(); i != _patches.end(); i++ )
	1084	delete i->second;
	1085	}

Note: See TracBrowser for help on using the browser.

Context Navigation

root/trunk/src/trinityrealm/AuthSocket.cpp @ 170

Download in other formats: