Context Navigation

AuthSocket.cpp @ 2

Revision 2, 30.9 kB (checked in by yumileroy, 17 years ago)

[svn] * Proper SVN structure

Original author: Neo2003
Date: 2008-10-02 16:23:55-05:00

Rev	Line
[2]	1	/*
	2	* Copyright (C) 2005-2008 MaNGOS <http://www.mangosproject.org/>
	3	*
	4	* This program is free software; you can redistribute it and/or modify
	5	* it under the terms of the GNU General Public License as published by
	6	* the Free Software Foundation; either version 2 of the License, or
	7	* (at your option) any later version.
	8	*
	9	* This program is distributed in the hope that it will be useful,
	10	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	11	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	12	* GNU General Public License for more details.
	13	*
	14	* You should have received a copy of the GNU General Public License
	15	* along with this program; if not, write to the Free Software
	16	* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
	17	*/
	18
	19	/** \file
	20	\ingroup realmd
	21	*/
	22
	23	#include "Common.h"
	24	#include "Database/DatabaseEnv.h"
	25	#include "ByteBuffer.h"
	26	#include "Config/ConfigEnv.h"
	27	#include "Log.h"
	28	#include "RealmList.h"
	29	#include "AuthSocket.h"
	30	#include "AuthCodes.h"
	31	#include <openssl/md5.h>
	32	#include "Auth/Sha1.h"
	33	//#include "Util.h" -- for commented utf8ToUpperOnlyLatin
	34
	35	extern RealmList m_realmList;
	36
	37	extern DatabaseType dbRealmServer;
	38
	39	#define ChunkSize 2048
	40
	41	enum eAuthCmd
	42	{
	43	//AUTH_NO_CMD = 0xFF,
	44	AUTH_LOGON_CHALLENGE = 0x00,
	45	AUTH_LOGON_PROOF = 0x01,
	46	//AUTH_RECONNECT_CHALLENGE = 0x02,
	47	//AUTH_RECONNECT_PROOF = 0x03,
	48	//update srv =4
	49	REALM_LIST = 0x10,
	50	XFER_INITIATE = 0x30,
	51	XFER_DATA = 0x31,
	52	XFER_ACCEPT = 0x32,
	53	XFER_RESUME = 0x33,
	54	XFER_CANCEL = 0x34
	55	};
	56
	57	enum eStatus
	58	{
	59	STATUS_CONNECTED = 0,
	60	STATUS_AUTHED
	61	};
	62
	63	// GCC have alternative #pragma pack(N) syntax and old gcc version not support pack(push,N), also any gcc version not support it at some paltform
	64	#if defined( __GNUC__ )
	65	#pragma pack(1)
	66	#else
	67	#pragma pack(push,1)
	68	#endif
	69
	70	typedef struct AUTH_LOGON_CHALLENGE_C
	71	{
	72	uint8 cmd;
	73	uint8 error;
	74	uint16 size;
	75	uint8 gamename[4];
	76	uint8 version1;
	77	uint8 version2;
	78	uint8 version3;
	79	uint16 build;
	80	uint8 platform[4];
	81	uint8 os[4];
	82	uint8 country[4];
	83	uint32 timezone_bias;
	84	uint32 ip;
	85	uint8 I_len;
	86	uint8 I[1];
	87	} sAuthLogonChallenge_C;
	88
	89	//typedef sAuthLogonChallenge_C sAuthReconnectChallenge_C;
	90	/*
	91	typedef struct
	92	{
	93	uint8 cmd;
	94	uint8 error;
	95	uint8 unk2;
	96	uint8 B[32];
	97	uint8 g_len;
	98	uint8 g[1];
	99	uint8 N_len;
	100	uint8 N[32];
	101	uint8 s[32];
	102	uint8 unk3[16];
	103	} sAuthLogonChallenge_S;
	104	*/
	105
	106	typedef struct AUTH_LOGON_PROOF_C
	107	{
	108	uint8 cmd;
	109	uint8 A[32];
	110	uint8 M1[20];
	111	uint8 crc_hash[20];
	112	uint8 number_of_keys;
	113	uint8 unk; // Added in 1.12.x client branch
	114	} sAuthLogonProof_C;
	115	/*
	116	typedef struct
	117	{
	118	uint16 unk1;
	119	uint32 unk2;
	120	uint8 unk3[4];
	121	uint16 unk4[20];
	122	} sAuthLogonProofKey_C;
	123	*/
	124	typedef struct AUTH_LOGON_PROOF_S
	125	{
	126	uint8 cmd;
	127	uint8 error;
	128	uint8 M2[20];
	129	uint32 unk1;
	130	uint32 unk2;
	131	uint16 unk3;
	132	} sAuthLogonProof_S;
	133
	134	typedef struct XFER_INIT
	135	{
	136	uint8 cmd; // XFER_INITIATE
	137	uint8 fileNameLen; // strlen(fileName);
	138	uint8 fileName[1]; // fileName[fileNameLen]
	139	uint64 file_size; // file size (bytes)
	140	uint8 md5[MD5_DIGEST_LENGTH]; // MD5
	141	}XFER_INIT;
	142
	143	typedef struct XFER_DATA
	144	{
	145	uint8 opcode;
	146	uint16 data_size;
	147	uint8 data[ChunkSize];
	148	}XFER_DATA_STRUCT;
	149
	150	typedef struct AuthHandler
	151	{
	152	eAuthCmd cmd;
	153	uint32 status;
	154	bool (AuthSocket::*handler)(void);
	155	}AuthHandler;
	156
	157	// GCC have alternative #pragma pack() syntax and old gcc version not support pack(pop), also any gcc version not support it at some paltform
	158	#if defined( __GNUC__ )
	159	#pragma pack()
	160	#else
	161	#pragma pack(pop)
	162	#endif
	163
	164	/// Launch a thread to transfer a patch to the client
	165	class PatcherRunnable: public ZThread::Runnable
	166	{
	167	public:
	168	PatcherRunnable(class AuthSocket *);
	169	void run();
	170
	171	private:
	172	AuthSocket * mySocket;
	173	};
	174
	175	typedef struct PATCH_INFO
	176	{
	177	uint8 md5[MD5_DIGEST_LENGTH];
	178	}PATCH_INFO;
	179
	180	/// Caches MD5 hash of client patches present on the server
	181	class Patcher
	182	{
	183	public:
	184	typedef std::map<std::string, PATCH_INFO*> Patches;
	185	~Patcher();
	186	Patcher();
	187	Patches::const_iterator begin() const { return _patches.begin(); }
	188	Patches::const_iterator end() const { return _patches.end(); }
	189	void LoadPatchMD5(char*);
	190	bool GetHash(char * pat,uint8 mymd5[16]);
	191
	192	private:
	193	void LoadPatchesInfo();
	194	Patches _patches;
	195	};
	196
	197	const AuthHandler table[] =
	198	{
	199	{ AUTH_LOGON_CHALLENGE, STATUS_CONNECTED, &AuthSocket::_HandleLogonChallenge},
	200	{ AUTH_LOGON_PROOF, STATUS_CONNECTED, &AuthSocket::_HandleLogonProof },
	201	{ REALM_LIST, STATUS_AUTHED, &AuthSocket::_HandleRealmList },
	202	{ XFER_ACCEPT, STATUS_CONNECTED, &AuthSocket::_HandleXferAccept },
	203	{ XFER_RESUME, STATUS_CONNECTED, &AuthSocket::_HandleXferResume },
	204	{ XFER_CANCEL, STATUS_CONNECTED, &AuthSocket::_HandleXferCancel }
	205	};
	206
	207	#define AUTH_TOTAL_COMMANDS sizeof(table)/sizeof(AuthHandler)
	208
	209	///Holds the MD5 hash of client patches present on the server
	210	Patcher PatchesCache;
	211
	212	/// Constructor - set the N and g values for SRP6
	213	AuthSocket::AuthSocket(ISocketHandler &h) : TcpSocket(h)
	214	{
	215	N.SetHexStr("894B645E89E1535BBDAD5B8B290650530801B18EBFBF5E8FAB3C82872A3E9BB7");
	216	g.SetDword(7);
	217	_authed = false;
	218	pPatch=NULL;
	219
	220	_accountSecurityLevel = SEC_PLAYER;
	221	}
	222
	223	/// Close patch file descriptor before leaving
	224	AuthSocket::~AuthSocket()
	225	{
	226	if(pPatch)
	227	fclose(pPatch);
	228	}
	229
	230	/// Accept the connection and set the s random value for SRP6
	231	void AuthSocket::OnAccept()
	232	{
	233	sLog.outBasic("Accepting connection from '%s:%d'",
	234	GetRemoteAddress().c_str(), GetRemotePort());
	235
	236	s.SetRand(s_BYTE_SIZE * 8);
	237	}
	238
	239	/// Read the packet from the client
	240	void AuthSocket::OnRead()
	241	{
	242	///- Read the packet
	243	TcpSocket::OnRead();
	244	uint8 _cmd;
	245	while (1)
	246	{
	247	if (!ibuf.GetLength())
	248	return;
	249
	250	///- Get the command out of it
	251	ibuf.SoftRead((char *)&_cmd, 1); // UQ1: No longer exists in new net code ???
	252	//ibuf.Read((char *)&_cmd, 1);
	253	/char command = (char *)malloc(1);
	254
	255	ibuf.Read(command, 1);
	256
	257	_cmd = (uint8)command;*/
	258	// assert(0);
	259	size_t i;
	260
	261	///- Circle through known commands and call the correct command handler
	262	for (i=0;i<AUTH_TOTAL_COMMANDS; i++)
	263	{
	264	if ((uint8)table[i].cmd == _cmd &&
	265	(table[i].status == STATUS_CONNECTED \|\|
	266	(_authed && table[i].status == STATUS_AUTHED)))
	267	{
	268	DEBUG_LOG("[Auth] got data for cmd %u ibuf length %u", (uint32)_cmd, ibuf.GetLength());
	269
	270	if (!(this.table[i].handler)())
	271	{
	272	DEBUG_LOG("Command handler failed for cmd %u ibuf length %u", (uint32)_cmd, ibuf.GetLength());
	273	return;
	274	}
	275	break;
	276	}
	277	}
	278
	279	///- Report unknown commands in the debug log
	280	if (i==AUTH_TOTAL_COMMANDS)
	281	{
	282	DEBUG_LOG("[Auth] got unknown packet %u", (uint32)_cmd);
	283	return;
	284	}
	285	}
	286	}
	287
	288	/// Make the SRP6 calculation from hash in dB
	289	void AuthSocket::_SetVSFields(std::string rI)
	290	{
	291	BigNumber I;
	292	I.SetHexStr(rI.c_str());
	293
	294	//In case of leading zeroes in the rI hash, restore them
	295	uint8 mDigest[SHA_DIGEST_LENGTH];
	296	memset(mDigest,0,SHA_DIGEST_LENGTH);
	297	if (I.GetNumBytes() <= SHA_DIGEST_LENGTH)
	298	memcpy(mDigest,I.AsByteArray(),I.GetNumBytes());
	299
	300	std::reverse(mDigest,mDigest+SHA_DIGEST_LENGTH);
	301
	302	Sha1Hash sha;
	303	sha.UpdateData(s.AsByteArray(), s.GetNumBytes());
	304	sha.UpdateData(mDigest, SHA_DIGEST_LENGTH);
	305	sha.Finalize();
	306	BigNumber x;
	307	x.SetBinary(sha.GetDigest(), sha.GetLength());
	308	v = g.ModExp(x, N);
	309	// No SQL injection (username escaped)
	310	const char v_hex, s_hex;
	311	v_hex = v.AsHexStr();
	312	s_hex = s.AsHexStr();
	313	dbRealmServer.PExecute("UPDATE account SET v = '%s', s = '%s' WHERE username = '%s'",v_hex,s_hex, _safelogin.c_str() );
	314	OPENSSL_free((void*)v_hex);
	315	OPENSSL_free((void*)s_hex);
	316	}
	317
	318	/// Logon Challenge command handler
	319	bool AuthSocket::_HandleLogonChallenge()
	320	{
	321	DEBUG_LOG("Entering _HandleLogonChallenge");
	322	if (ibuf.GetLength() < sizeof(sAuthLogonChallenge_C))
	323	return false;
	324
	325	///- Read the first 4 bytes (header) to get the length of the remaining of the packet
	326	std::vector<uint8> buf;
	327	buf.resize(4);
	328
	329	ibuf.Read((char *)&buf[0], 4);
	330
	331	EndianConvert(((uint16)(buf[0])));
	332	uint16 remaining = ((sAuthLogonChallenge_C *)&buf[0])->size;
	333	DEBUG_LOG("[AuthChallenge] got header, body is %#04x bytes", remaining);
	334
	335	if ((remaining < sizeof(sAuthLogonChallenge_C) - buf.size()) \|\| (ibuf.GetLength() < remaining))
	336	return false;
	337
	338	//No big fear of memory outage (size is int16, i.e. < 65536)
	339	buf.resize(remaining + buf.size() + 1);
	340	buf[buf.size() - 1] = 0;
	341	sAuthLogonChallenge_C ch = (sAuthLogonChallenge_C)&buf[0];
	342
	343	// BigEndian code, nop in little endian case
	344	// size already converted
	345	EndianConvert(((uint32)(&ch->gamename[0])));
	346	EndianConvert(ch->build);
	347	EndianConvert(((uint32)(&ch->platform[0])));
	348	EndianConvert(((uint32)(&ch->os[0])));
	349	EndianConvert(((uint32)(&ch->country[0])));
	350	EndianConvert(ch->timezone_bias);
	351	EndianConvert(ch->ip);
	352
	353	///- Read the remaining of the packet
	354	ibuf.Read((char *)&buf[4], remaining);
	355	DEBUG_LOG("[AuthChallenge] got full packet, %#04x bytes", ch->size);
	356	DEBUG_LOG("[AuthChallenge] name(%d): '%s'", ch->I_len, ch->I);
	357
	358	ByteBuffer pkt;
	359
	360	_login = (const char*)ch->I;
	361
	362	///- Normalize account name
	363	//utf8ToUpperOnlyLatin(_login); -- client already send account in expected form
	364
	365	//Escape the user login to avoid further SQL injection
	366	//Memory will be freed on AuthSocket object destruction
	367	_safelogin=_login;
	368	dbRealmServer.escape_string(_safelogin);
	369
	370	///- Check if the client has one of the expected version numbers
	371	bool valid_version=false;
	372	int accepted_versions[]=EXPECTED_MANGOS_CLIENT_BUILD;
	373	for(int i=0;accepted_versions[i];i++)
	374	if(ch->build==accepted_versions[i])
	375	{
	376	valid_version=true;
	377	break;
	378	}
	379
	380	/// <ul><li> if this is a valid version
	381	if(valid_version)
	382	{
	383	pkt << (uint8) AUTH_LOGON_CHALLENGE;
	384	pkt << (uint8) 0x00;
	385
	386	///- Verify that this IP is not in the ip_banned table
	387	// No SQL injection possible (paste the IP address as passed by the socket)
	388	dbRealmServer.Execute("DELETE FROM ip_banned WHERE unbandate<=UNIX_TIMESTAMP() AND unbandate<>bandate");
	389
	390	std::string address = GetRemoteAddress();
	391	dbRealmServer.escape_string(address);
	392	QueryResult result = dbRealmServer.PQuery( "SELECT FROM ip_banned WHERE ip = '%s'",address.c_str());
	393	if(result)
	394	{
	395	pkt << (uint8)REALM_AUTH_ACCOUNT_BANNED;
	396	sLog.outBasic("[AuthChallenge] Banned ip %s tries to login!",GetRemoteAddress().c_str ());
	397	delete result;
	398	}
	399	else
	400	{
	401	///- Get the account details from the account table
	402	// No SQL injection (escaped user name)
	403
	404	result = dbRealmServer.PQuery("SELECT sha_pass_hash,id,locked,last_ip,gmlevel FROM account WHERE username = '%s'",_safelogin.c_str ());
	405	if( result )
	406	{
	407	///- If the IP is 'locked', check that the player comes indeed from the correct IP address
	408	bool locked = false;
	409	if((*result)[2].GetUInt8() == 1) // if ip is locked
	410	{
	411	DEBUG_LOG("[AuthChallenge] Account '%s' is locked to IP - '%s'", _login.c_str(), (*result)[3].GetString());
	412	DEBUG_LOG("[AuthChallenge] Player address is '%s'", GetRemoteAddress().c_str());
	413	if ( strcmp((*result)[3].GetString(),GetRemoteAddress().c_str()) )
	414	{
	415	DEBUG_LOG("[AuthChallenge] Account IP differs");
	416	pkt << (uint8) REALM_AUTH_ACCOUNT_FREEZED;
	417	locked=true;
	418	}
	419	else
	420	{
	421	DEBUG_LOG("[AuthChallenge] Account IP matches");
	422	}
	423	}
	424	else
	425	{
	426	DEBUG_LOG("[AuthChallenge] Account '%s' is not locked to ip", _login.c_str());
	427	}
	428
	429	if (!locked)
	430	{
	431	//set expired bans to inactive
	432	dbRealmServer.Execute("UPDATE account_banned SET active = 0 WHERE unbandate<=UNIX_TIMESTAMP() AND unbandate<>bandate");
	433	///- If the account is banned, reject the logon attempt
	434	QueryResult banresult = dbRealmServer.PQuery("SELECT bandate,unbandate FROM account_banned WHERE id = %u AND active = 1", (result)[1].GetUInt32());
	435	if(banresult)
	436	{
	437	if((banresult)[0].GetUInt64() == (banresult)[1].GetUInt64())
	438	{
	439	pkt << (uint8) REALM_AUTH_ACCOUNT_BANNED;
	440	sLog.outBasic("[AuthChallenge] Banned account %s tries to login!",_login.c_str ());
	441	}
	442	else
	443	{
	444	pkt << (uint8) REALM_AUTH_ACCOUNT_FREEZED;
	445	sLog.outBasic("[AuthChallenge] Temporarily banned account %s tries to login!",_login.c_str ());
	446	}
	447
	448	delete banresult;
	449	}
	450	else
	451	{
	452	///- Get the password from the account table, upper it, and make the SRP6 calculation
	453	std::string rI = (*result)[0].GetCppString();
	454	_SetVSFields(rI);
	455
	456	b.SetRand(19 * 8);
	457	BigNumber gmod=g.ModExp(b, N);
	458	B = ((v * 3) + gmod) % N;
	459
	460	ASSERT(gmod.GetNumBytes() <= 32);
	461
	462	BigNumber unk3;
	463	unk3.SetRand(16*8);
	464
	465	///- Fill the response packet with the result
	466	pkt << (uint8)REALM_AUTH_SUCCESS;
	467
	468	// B may be calculated < 32B so we force minnimal length to 32B
	469	pkt.append(B.AsByteArray(32), 32); // 32 bytes
	470	pkt << (uint8)1;
	471	pkt.append(g.AsByteArray(), 1);
	472	pkt << (uint8)32;
	473	pkt.append(N.AsByteArray(), 32);
	474	pkt.append(s.AsByteArray(), s.GetNumBytes()); // 32 bytes
	475	pkt.append(unk3.AsByteArray(), 16);
	476	pkt << (uint8)0; // Added in 1.12.x client branch
	477
	478	uint8 secLevel = (*result)[4].GetUInt8();
	479	_accountSecurityLevel = secLevel <= SEC_ADMINISTRATOR ? AccountTypes(secLevel) : SEC_ADMINISTRATOR;
	480
	481	std::string localeName;
	482	localeName.resize(4);
	483	for(int i = 0; i <4; ++i)
	484	localeName[i] = ch->country[4-i-1];
	485
	486	_localization = GetLocaleByName(localeName);
	487
	488	sLog.outBasic("[AuthChallenge] account %s is using '%c%c%c%c' locale (%u)", _login.c_str (), ch->country[3],ch->country[2],ch->country[1],ch->country[0], _localization);
	489	}
	490	}
	491	delete result;
	492	}
	493	else //no account
	494	{
	495	pkt<< (uint8) REALM_AUTH_NO_MATCH;
	496	}
	497	}
	498	} //valid version
	499	else
	500	///<li> else
	501	{
	502	///- Check if we have the apropriate patch on the disk
	503	char tmp[64];
	504	// No buffer overflow (fixed length of arguments)
	505	sprintf(tmp,"./patches/%d%c%c%c%c.mpq",ch->build,ch->country[3],
	506	ch->country[2],ch->country[1],ch->country[0]);
	507	// This will be closed at the destruction of the AuthSocket (client deconnection)
	508	FILE *pFile=fopen(tmp,"rb");
	509	if(!pFile)
	510	{
	511	pkt << (uint8) AUTH_LOGON_CHALLENGE;
	512	pkt << (uint8) 0x00;
	513	pkt << (uint8) REALM_AUTH_WRONG_BUILD_NUMBER;
	514	DEBUG_LOG("[AuthChallenge] %u is not a valid client version!", ch->build);
	515	DEBUG_LOG("[AuthChallenge] Patch %s not found",tmp);
	516	}else
	517	{ //have patch
	518	pPatch=pFile;
	519	XFER_INIT xferh;
	520
	521	///- Get the MD5 hash of the patch file (get it from preloaded Patcher cache or calculate it)
	522	if(PatchesCache.GetHash(tmp,(uint8*)&xferh.md5))
	523	{
	524	DEBUG_LOG("\n[AuthChallenge] Found precached patch info for patch %s",tmp);
	525	}
	526	else
	527	{ //calculate patch md5
	528	printf("\n[AuthChallenge] Patch info for %s was not cached.",tmp);
	529	PatchesCache.LoadPatchMD5(tmp);
	530	PatchesCache.GetHash(tmp,(uint8*)&xferh.md5);
	531	}
	532
	533	///- Send a packet to the client with the file length and MD5 hash
	534	uint8 data[2]={AUTH_LOGON_PROOF,REALM_AUTH_UPDATE_CLIENT};
	535	SendBuf((const char*)data,sizeof(data));
	536
	537	memcpy(&xferh,"0\x05Patch",7);
	538	xferh.cmd=XFER_INITIATE;
	539	fseek(pPatch,0,SEEK_END);
	540	xferh.file_size=ftell(pPatch);
	541
	542	SendBuf((const char*)&xferh,sizeof(xferh));
	543	return true;
	544	}
	545	}
	546	/// </ul>
	547	SendBuf((char const*)pkt.contents(), pkt.size());
	548	return true;
	549	}
	550
	551	/// Logon Proof command handler
	552	bool AuthSocket::_HandleLogonProof()
	553	{
	554	DEBUG_LOG("Entering _HandleLogonProof");
	555	///- Read the packet
	556	if (ibuf.GetLength() < sizeof(sAuthLogonProof_C))
	557	return false;
	558
	559	sAuthLogonProof_C lp;
	560	ibuf.Read((char *)&lp, sizeof(sAuthLogonProof_C));
	561
	562	///- Continue the SRP6 calculation based on data received from the client
	563	BigNumber A;
	564	A.SetBinary(lp.A, 32);
	565
	566	Sha1Hash sha;
	567	sha.UpdateBigNumbers(&A, &B, NULL);
	568	sha.Finalize();
	569	BigNumber u;
	570	u.SetBinary(sha.GetDigest(), 20);
	571	BigNumber S = (A * (v.ModExp(u, N))).ModExp(b, N);
	572
	573	uint8 t[32];
	574	uint8 t1[16];
	575	uint8 vK[40];
	576	memcpy(t, S.AsByteArray(), 32);
	577	for (int i = 0; i < 16; i++)
	578	{
	579	t1[i] = t[i*2];
	580	}
	581	sha.Initialize();
	582	sha.UpdateData(t1, 16);
	583	sha.Finalize();
	584	for (int i = 0; i < 20; i++)
	585	{
	586	vK[i*2] = sha.GetDigest()[i];
	587	}
	588	for (int i = 0; i < 16; i++)
	589	{
	590	t1[i] = t[i*2+1];
	591	}
	592	sha.Initialize();
	593	sha.UpdateData(t1, 16);
	594	sha.Finalize();
	595	for (int i = 0; i < 20; i++)
	596	{
	597	vK[i*2+1] = sha.GetDigest()[i];
	598	}
	599	K.SetBinary(vK, 40);
	600
	601	uint8 hash[20];
	602
	603	sha.Initialize();
	604	sha.UpdateBigNumbers(&N, NULL);
	605	sha.Finalize();
	606	memcpy(hash, sha.GetDigest(), 20);
	607	sha.Initialize();
	608	sha.UpdateBigNumbers(&g, NULL);
	609	sha.Finalize();
	610	for (int i = 0; i < 20; i++)
	611	{
	612	hash[i] ^= sha.GetDigest()[i];
	613	}
	614	BigNumber t3;
	615	t3.SetBinary(hash, 20);
	616
	617	sha.Initialize();
	618	sha.UpdateData(_login);
	619	sha.Finalize();
	620	uint8 t4[SHA_DIGEST_LENGTH];
	621	memcpy(t4, sha.GetDigest(), SHA_DIGEST_LENGTH);
	622
	623	sha.Initialize();
	624	sha.UpdateBigNumbers(&t3, NULL);
	625	sha.UpdateData(t4, SHA_DIGEST_LENGTH);
	626	sha.UpdateBigNumbers(&s, &A, &B, &K, NULL);
	627	sha.Finalize();
	628	BigNumber M;
	629	M.SetBinary(sha.GetDigest(), 20);
	630
	631	///- Check if SRP6 results match (password is correct), else send an error
	632	if (!memcmp(M.AsByteArray(), lp.M1, 20))
	633	{
	634	sLog.outBasic("User '%s' successfully authenticated", _login.c_str());
	635
	636	///- Update the sessionkey, last_ip, last login time and reset number of failed logins in the account table for this account
	637	// No SQL injection (escaped user name) and IP address as received by socket
	638	const char* K_hex = K.AsHexStr();
	639	dbRealmServer.PExecute("UPDATE account SET sessionkey = '%s', last_ip = '%s', last_login = NOW(), locale = '%u', failed_logins = 0 WHERE username = '%s'", K_hex, GetRemoteAddress().c_str(), _localization, _safelogin.c_str() );
	640	OPENSSL_free((void*)K_hex);
	641
	642	///- Finish SRP6 and send the final result to the client
	643	sha.Initialize();
	644	sha.UpdateBigNumbers(&A, &M, &K, NULL);
	645	sha.Finalize();
	646
	647	sAuthLogonProof_S proof;
	648	memcpy(proof.M2, sha.GetDigest(), 20);
	649	proof.cmd = AUTH_LOGON_PROOF;
	650	proof.error = 0;
	651	proof.unk1 = 0x00800000;
	652	proof.unk2 = 0x00;
	653	proof.unk3 = 0x00;
	654
	655	SendBuf((char *)&proof, sizeof(proof));
	656
	657	///- Set _authed to true!
	658	_authed = true;
	659	}
	660	else
	661	{
	662	char data[4]={AUTH_LOGON_PROOF,REALM_AUTH_NO_MATCH,3,0};
	663	SendBuf(data,sizeof(data));
	664	sLog.outBasic("[AuthChallenge] account %s tried to login with wrong password!",_login.c_str ());
	665
	666	uint32 MaxWrongPassCount = sConfig.GetIntDefault("WrongPass.MaxCount", 0);
	667	if(MaxWrongPassCount > 0)
	668	{
	669	//Increment number of failed logins by one and if it reaches the limit temporarily ban that account or IP
	670	dbRealmServer.PExecute("UPDATE account SET failed_logins = failed_logins + 1 WHERE username = '%s'",_safelogin.c_str());
	671
	672	if(QueryResult *loginfail = dbRealmServer.PQuery("SELECT id, failed_logins FROM account WHERE username = '%s'", _safelogin.c_str()))
	673	{
	674	Field* fields = loginfail->Fetch();
	675	uint32 failed_logins = fields[1].GetUInt32();
	676
	677	if( failed_logins >= MaxWrongPassCount )
	678	{
	679	uint32 WrongPassBanTime = sConfig.GetIntDefault("WrongPass.BanTime", 600);
	680	bool WrongPassBanType = sConfig.GetBoolDefault("WrongPass.BanType", false);
	681
	682	if(WrongPassBanType)
	683	{
	684	uint32 acc_id = fields[0].GetUInt32();
	685	dbRealmServer.PExecute("INSERT INTO account_banned VALUES ('%u',UNIX_TIMESTAMP(),UNIX_TIMESTAMP()+'%u','MaNGOS realmd','Failed login autoban',1)",
	686	acc_id, WrongPassBanTime);
	687	sLog.outBasic("[AuthChallenge] account %s got banned for '%u' seconds because it failed to authenticate '%u' times",
	688	_login.c_str(), WrongPassBanTime, failed_logins);
	689	}
	690	else
	691	{
	692	std::string current_ip = GetRemoteAddress();
	693	dbRealmServer.escape_string(current_ip);
	694	dbRealmServer.PExecute("INSERT INTO ip_banned VALUES ('%s',UNIX_TIMESTAMP(),UNIX_TIMESTAMP()+'%u','MaNGOS realmd','Failed login autoban')",
	695	current_ip.c_str(), WrongPassBanTime);
	696	sLog.outBasic("[AuthChallenge] IP %s got banned for '%u' seconds because account %s failed to authenticate '%u' times",
	697	current_ip.c_str(), WrongPassBanTime, _login.c_str(), failed_logins);
	698	}
	699	}
	700	delete loginfail;
	701	}
	702	}
	703	}
	704	return true;
	705	}
	706
	707	/// %Realm List command handler
	708	bool AuthSocket::_HandleRealmList()
	709	{
	710	DEBUG_LOG("Entering _HandleRealmList");
	711	if (ibuf.GetLength() < 5)
	712	return false;
	713
	714	ibuf.Remove(5);
	715
	716	///- Get the user id (else close the connection)
	717	// No SQL injection (escaped user name)
	718
	719	QueryResult *result = dbRealmServer.PQuery("SELECT id,sha_pass_hash FROM account WHERE username = '%s'",_safelogin.c_str());
	720	if(!result)
	721	{
	722	sLog.outError("[ERROR] user %s tried to login and we cannot find him in the database.",_login.c_str());
	723	SetCloseAndDelete();
	724	return false;
	725	}
	726
	727	uint32 id = (*result)[0].GetUInt32();
	728	std::string rI = (*result)[1].GetCppString();
	729	delete result;
	730
	731	///- Update realm list if need
	732	m_realmList.UpdateIfNeed();
	733
	734	///- Circle through realms in the RealmList and construct the return packet (including # of user characters in each realm)
	735	ByteBuffer pkt;
	736	pkt << (uint32) 0;
	737	pkt << (uint16) m_realmList.size();
	738	RealmList::RealmMap::const_iterator i;
	739	for( i = m_realmList.begin(); i != m_realmList.end(); i++ )
	740	{
	741	uint8 AmountOfCharacters;
	742
	743	// No SQL injection. id of realm is controlled by the database.
	744	result = dbRealmServer.PQuery( "SELECT numchars FROM realmcharacters WHERE realmid = '%d' AND acctid='%u'",i->second.m_ID,id);
	745	if( result )
	746	{
	747	Field *fields = result->Fetch();
	748	AmountOfCharacters = fields[0].GetUInt8();
	749	delete result;
	750	}
	751	else
	752	AmountOfCharacters = 0;
	753
	754	uint8 lock = (i->second.allowedSecurityLevel > _accountSecurityLevel) ? 1 : 0;
	755
	756	pkt << i->second.icon; // realm type
	757	pkt << lock; // if 1, then realm locked
	758	pkt << i->second.color; // if 2, then realm is offline
	759	pkt << i->first;
	760	pkt << i->second.address;
	761	pkt << i->second.populationLevel;
	762	pkt << AmountOfCharacters;
	763	pkt << i->second.timezone; // realm category
	764	pkt << (uint8) 0x2C; // unk, may be realm number/id?
	765	}
	766	pkt << (uint8) 0x10;
	767	pkt << (uint8) 0x00;
	768
	769	ByteBuffer hdr;
	770	hdr << (uint8) REALM_LIST;
	771	hdr << (uint16)pkt.size();
	772	hdr.append(pkt);
	773
	774	SendBuf((char const*)hdr.contents(), hdr.size());
	775
	776	// Set check field before possible relogin to realm
	777	_SetVSFields(rI);
	778	return true;
	779	}
	780
	781	/// Resume patch transfer
	782	bool AuthSocket::_HandleXferResume()
	783	{
	784	DEBUG_LOG("Entering _HandleXferResume");
	785	///- Check packet length and patch existence
	786	if (ibuf.GetLength()<9 \|\| !pPatch)
	787	{
	788	sLog.outError("Error while resuming patch transfer (wrong packet)");
	789	return false;
	790	}
	791
	792	///- Launch a PatcherRunnable thread starting at given patch file offset
	793	uint64 start;
	794	ibuf.Remove(1);
	795	ibuf.Read((char*)&start,sizeof(start));
	796	fseek(pPatch,start,0);
	797
	798	ZThread::Thread u(new PatcherRunnable(this));
	799	return true;
	800	}
	801
	802	/// Cancel patch transfer
	803	bool AuthSocket::_HandleXferCancel()
	804	{
	805	DEBUG_LOG("Entering _HandleXferCancel");
	806
	807	///- Close and delete the socket
	808	ibuf.Remove(1); //clear input buffer
	809
	810	//ZThread::Thread::sleep(15);
	811	SetCloseAndDelete();
	812
	813	return true;
	814	}
	815
	816	/// Accept patch transfer
	817	bool AuthSocket::_HandleXferAccept()
	818	{
	819	DEBUG_LOG("Entering _HandleXferAccept");
	820
	821	///- Check packet length and patch existence
	822	if (!pPatch)
	823	{
	824	sLog.outError("Error while accepting patch transfer (wrong packet)");
	825	return false;
	826	}
	827
	828	///- Launch a PatcherRunnable thread, starting at the begining of the patch file
	829	ibuf.Remove(1); //clear input buffer
	830	fseek(pPatch,0,0);
	831
	832	ZThread::Thread u(new PatcherRunnable(this));
	833
	834	return true;
	835	}
	836
	837	/// Check if there is lag on the connection to the client
	838	bool AuthSocket::IsLag()
	839	{
	840	return (TCP_BUFSIZE_READ-GetOutputLength()< 2*ChunkSize);
	841	}
	842
	843	PatcherRunnable::PatcherRunnable(class AuthSocket * as)
	844	{
	845	mySocket=as;
	846	}
	847
	848	/// Send content of patch file to the client
	849	void PatcherRunnable::run()
	850	{
	851	XFER_DATA_STRUCT xfdata;
	852	xfdata.opcode = XFER_DATA;
	853
	854	while(!feof(mySocket->pPatch) && mySocket->Ready())
	855	{
	856	///- Wait until output buffer is reasonably empty
	857	while(mySocket->Ready() && mySocket->IsLag())
	858	{
	859	ZThread::Thread::sleep(1);
	860	}
	861	///- And send content of the patch file to the client
	862	xfdata.data_size=fread(&xfdata.data,1,ChunkSize,mySocket->pPatch);
	863	mySocket->SendBuf((const char*)&xfdata,xfdata.data_size +(sizeof(XFER_DATA_STRUCT)-ChunkSize));
	864	}
	865	}
	866
	867	/// Preload MD5 hashes of existing patch files on server
	868	#ifndef _WIN32
	869	#include <sys/dir.h>
	870	#include <errno.h>
	871	void Patcher::LoadPatchesInfo()
	872	{
	873	DIR * dirp;
	874	//int errno;
	875	struct dirent * dp;
	876	dirp = opendir("./patches/");
	877	if(!dirp)
	878	return;
	879	while (dirp)
	880	{
	881	errno = 0;
	882	if ((dp = readdir(dirp)) != NULL)
	883	{
	884	int l=strlen(dp->d_name);
	885	if(l<8)continue;
	886	if(!memcmp(&dp->d_name[l-4],".mpq",4))
	887	LoadPatchMD5(dp->d_name);
	888	}
	889	else
	890	{
	891	if(errno != 0)
	892	{
	893	closedir(dirp);
	894	return;
	895	}
	896	break;
	897	}
	898	}
	899
	900	if(dirp)
	901	closedir(dirp);
	902	}
	903
	904	#else
	905	void Patcher::LoadPatchesInfo()
	906	{
	907	WIN32_FIND_DATA fil;
	908	HANDLE hFil=FindFirstFile("./patches/*.mpq",&fil);
	909	if(hFil==INVALID_HANDLE_VALUE)
	910	return; //no patches were found
	911
	912	LoadPatchMD5(fil.cFileName);
	913
	914	while(FindNextFile(hFil,&fil))
	915	LoadPatchMD5(fil.cFileName);
	916	}
	917	#endif
	918
	919	/// Calculate and store MD5 hash for a given patch file
	920	void Patcher::LoadPatchMD5(char * szFileName)
	921	{
	922	///- Try to open the patch file
	923	std::string path = "./patches/";
	924	path += szFileName;
	925	FILE * pPatch=fopen(path.c_str(),"rb");
	926	sLog.outDebug("Loading patch info from %s\n",path.c_str());
	927	if(!pPatch)
	928	{
	929	sLog.outError("Error loading patch %s\n",path.c_str());
	930	return;
	931	}
	932
	933	///- Calculate the MD5 hash
	934	MD5_CTX ctx;
	935	MD5_Init(&ctx);
	936	uint8* buf = new uint8[512*1024];
	937
	938	while (!feof(pPatch))
	939	{
	940	size_t read = fread(buf, 1, 512*1024, pPatch);
	941	MD5_Update(&ctx, buf, read);
	942	}
	943	delete [] buf;
	944	fclose(pPatch);
	945
	946	///- Store the result in the internal patch hash map
	947	_patches[path] = new PATCH_INFO;
	948	MD5_Final((uint8 *)&_patches[path]->md5 , &ctx);
	949	}
	950
	951	/// Get cached MD5 hash for a given patch file
	952	bool Patcher::GetHash(char * pat,uint8 mymd5[16])
	953	{
	954	for( Patches::iterator i = _patches.begin(); i != _patches.end(); i++ )
	955	if(!stricmp(pat,i->first.c_str () ))
	956	{
	957	memcpy(mymd5,i->second->md5,16);
	958	return true;
	959	}
	960
	961	return false;
	962	}
	963
	964	/// Launch the patch hashing mechanism on object creation
	965	Patcher::Patcher()
	966	{
	967	LoadPatchesInfo();
	968	}
	969
	970	/// Empty and delete the patch map on termination
	971	Patcher::~Patcher()
	972	{
	973	for(Patches::iterator i = _patches.begin(); i != _patches.end(); i++ )
	974	delete i->second;
	975	}

Note: See TracBrowser for help on using the browser.

Context Navigation

root/trunk/src/trinityrealm/AuthSocket.cpp @ 2

Download in other formats: