Context Navigation

AuthSocket.cpp @ 74

Revision 74, 30.7 kB (checked in by yumileroy, 17 years ago)

[svn] * Fixed compile from r78
* Fixed: not apply healling bonus to spell 40972 heal amount. - Source Mangos
* Item 30627 hidden cooldown - Source Mangos
* Fixed Trinityrealm autopatching system - Source Arrai
* Add support for autoconf 2.6.2 and newer - Source Derex
Some decent sized changes, please test before deploying - KP

Original author: KingPin?
Date: 2008-10-19 21:08:34-05:00

Rev	Line
[2]	1	/*
[44]	2	* Copyright (C) 2008 Trinity <http://www.trinitycore.org/>
[2]	3	*
[44]	4	* Thanks to the original authors: MaNGOS <http://www.mangosproject.org/>
	5	*
[2]	6	* This program is free software; you can redistribute it and/or modify
	7	* it under the terms of the GNU General Public License as published by
	8	* the Free Software Foundation; either version 2 of the License, or
	9	* (at your option) any later version.
	10	*
	11	* This program is distributed in the hope that it will be useful,
	12	* but WITHOUT ANY WARRANTY; without even the implied warranty of
[44]	13	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
[2]	14	* GNU General Public License for more details.
	15	*
	16	* You should have received a copy of the GNU General Public License
	17	* along with this program; if not, write to the Free Software
[44]	18	* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
[2]	19	*/
	20
	21	/** \file
	22	\ingroup realmd
	23	*/
	24
	25	#include "Common.h"
	26	#include "Database/DatabaseEnv.h"
	27	#include "ByteBuffer.h"
	28	#include "Config/ConfigEnv.h"
	29	#include "Log.h"
	30	#include "RealmList.h"
	31	#include "AuthSocket.h"
	32	#include "AuthCodes.h"
	33	#include <openssl/md5.h>
	34	#include "Auth/Sha1.h"
	35	//#include "Util.h" -- for commented utf8ToUpperOnlyLatin
	36
	37	extern RealmList m_realmList;
	38
	39	extern DatabaseType dbRealmServer;
	40
	41	#define ChunkSize 2048
	42
	43	enum eAuthCmd
	44	{
	45	//AUTH_NO_CMD = 0xFF,
	46	AUTH_LOGON_CHALLENGE = 0x00,
	47	AUTH_LOGON_PROOF = 0x01,
	48	//AUTH_RECONNECT_CHALLENGE = 0x02,
	49	//AUTH_RECONNECT_PROOF = 0x03,
	50	//update srv =4
	51	REALM_LIST = 0x10,
	52	XFER_INITIATE = 0x30,
	53	XFER_DATA = 0x31,
	54	XFER_ACCEPT = 0x32,
	55	XFER_RESUME = 0x33,
	56	XFER_CANCEL = 0x34
	57	};
	58
	59	enum eStatus
	60	{
	61	STATUS_CONNECTED = 0,
	62	STATUS_AUTHED
	63	};
	64
	65	// GCC have alternative #pragma pack(N) syntax and old gcc version not support pack(push,N), also any gcc version not support it at some paltform
	66	#if defined( __GNUC__ )
	67	#pragma pack(1)
	68	#else
	69	#pragma pack(push,1)
	70	#endif
	71
	72	typedef struct AUTH_LOGON_CHALLENGE_C
	73	{
	74	uint8 cmd;
	75	uint8 error;
	76	uint16 size;
	77	uint8 gamename[4];
	78	uint8 version1;
	79	uint8 version2;
	80	uint8 version3;
	81	uint16 build;
	82	uint8 platform[4];
	83	uint8 os[4];
	84	uint8 country[4];
	85	uint32 timezone_bias;
	86	uint32 ip;
	87	uint8 I_len;
	88	uint8 I[1];
	89	} sAuthLogonChallenge_C;
	90
	91	//typedef sAuthLogonChallenge_C sAuthReconnectChallenge_C;
	92	/*
	93	typedef struct
	94	{
	95	uint8 cmd;
	96	uint8 error;
	97	uint8 unk2;
	98	uint8 B[32];
	99	uint8 g_len;
	100	uint8 g[1];
	101	uint8 N_len;
	102	uint8 N[32];
	103	uint8 s[32];
	104	uint8 unk3[16];
	105	} sAuthLogonChallenge_S;
	106	*/
	107
	108	typedef struct AUTH_LOGON_PROOF_C
	109	{
	110	uint8 cmd;
	111	uint8 A[32];
	112	uint8 M1[20];
	113	uint8 crc_hash[20];
	114	uint8 number_of_keys;
	115	uint8 unk; // Added in 1.12.x client branch
	116	} sAuthLogonProof_C;
	117	/*
	118	typedef struct
	119	{
	120	uint16 unk1;
	121	uint32 unk2;
	122	uint8 unk3[4];
	123	uint16 unk4[20];
	124	} sAuthLogonProofKey_C;
	125	*/
	126	typedef struct AUTH_LOGON_PROOF_S
	127	{
	128	uint8 cmd;
	129	uint8 error;
	130	uint8 M2[20];
	131	uint32 unk1;
	132	uint32 unk2;
	133	uint16 unk3;
	134	} sAuthLogonProof_S;
	135
	136	typedef struct XFER_INIT
	137	{
	138	uint8 cmd; // XFER_INITIATE
	139	uint8 fileNameLen; // strlen(fileName);
[74]	140	uint8 fileName[5]; // fileName[fileNameLen]
[2]	141	uint64 file_size; // file size (bytes)
	142	uint8 md5[MD5_DIGEST_LENGTH]; // MD5
	143	}XFER_INIT;
	144
	145	typedef struct XFER_DATA
	146	{
	147	uint8 opcode;
	148	uint16 data_size;
	149	uint8 data[ChunkSize];
	150	}XFER_DATA_STRUCT;
	151
	152	typedef struct AuthHandler
	153	{
	154	eAuthCmd cmd;
	155	uint32 status;
	156	bool (AuthSocket::*handler)(void);
	157	}AuthHandler;
	158
	159	// GCC have alternative #pragma pack() syntax and old gcc version not support pack(pop), also any gcc version not support it at some paltform
	160	#if defined( __GNUC__ )
	161	#pragma pack()
	162	#else
	163	#pragma pack(pop)
	164	#endif
	165
	166	/// Launch a thread to transfer a patch to the client
	167	class PatcherRunnable: public ZThread::Runnable
	168	{
	169	public:
	170	PatcherRunnable(class AuthSocket *);
	171	void run();
	172
	173	private:
	174	AuthSocket * mySocket;
	175	};
	176
	177	typedef struct PATCH_INFO
	178	{
	179	uint8 md5[MD5_DIGEST_LENGTH];
	180	}PATCH_INFO;
	181
	182	/// Caches MD5 hash of client patches present on the server
	183	class Patcher
	184	{
	185	public:
	186	typedef std::map<std::string, PATCH_INFO*> Patches;
	187	~Patcher();
	188	Patcher();
	189	Patches::const_iterator begin() const { return _patches.begin(); }
	190	Patches::const_iterator end() const { return _patches.end(); }
	191	void LoadPatchMD5(char*);
	192	bool GetHash(char * pat,uint8 mymd5[16]);
	193
	194	private:
	195	void LoadPatchesInfo();
	196	Patches _patches;
	197	};
	198
	199	const AuthHandler table[] =
	200	{
	201	{ AUTH_LOGON_CHALLENGE, STATUS_CONNECTED, &AuthSocket::_HandleLogonChallenge},
	202	{ AUTH_LOGON_PROOF, STATUS_CONNECTED, &AuthSocket::_HandleLogonProof },
	203	{ REALM_LIST, STATUS_AUTHED, &AuthSocket::_HandleRealmList },
	204	{ XFER_ACCEPT, STATUS_CONNECTED, &AuthSocket::_HandleXferAccept },
	205	{ XFER_RESUME, STATUS_CONNECTED, &AuthSocket::_HandleXferResume },
	206	{ XFER_CANCEL, STATUS_CONNECTED, &AuthSocket::_HandleXferCancel }
	207	};
	208
	209	#define AUTH_TOTAL_COMMANDS sizeof(table)/sizeof(AuthHandler)
	210
	211	///Holds the MD5 hash of client patches present on the server
	212	Patcher PatchesCache;
	213
	214	/// Constructor - set the N and g values for SRP6
	215	AuthSocket::AuthSocket(ISocketHandler &h) : TcpSocket(h)
	216	{
	217	N.SetHexStr("894B645E89E1535BBDAD5B8B290650530801B18EBFBF5E8FAB3C82872A3E9BB7");
	218	g.SetDword(7);
	219	_authed = false;
[74]	220	pPatch = NULL;
[2]	221
	222	_accountSecurityLevel = SEC_PLAYER;
	223	}
	224
	225	/// Close patch file descriptor before leaving
	226	AuthSocket::~AuthSocket()
	227	{
[74]	228	ZThread::Guard<ZThread::Mutex> g(patcherLock);
[2]	229	if(pPatch)
	230	fclose(pPatch);
	231	}
	232
	233	/// Accept the connection and set the s random value for SRP6
	234	void AuthSocket::OnAccept()
	235	{
	236	sLog.outBasic("Accepting connection from '%s:%d'",
	237	GetRemoteAddress().c_str(), GetRemotePort());
	238
	239	s.SetRand(s_BYTE_SIZE * 8);
	240	}
	241
	242	/// Read the packet from the client
	243	void AuthSocket::OnRead()
	244	{
	245	///- Read the packet
	246	TcpSocket::OnRead();
	247	uint8 _cmd;
	248	while (1)
	249	{
	250	if (!ibuf.GetLength())
	251	return;
	252
	253	///- Get the command out of it
	254	ibuf.SoftRead((char *)&_cmd, 1); // UQ1: No longer exists in new net code ???
	255	//ibuf.Read((char *)&_cmd, 1);
	256	/char command = (char *)malloc(1);
	257
	258	ibuf.Read(command, 1);
	259
	260	_cmd = (uint8)command;*/
	261	// assert(0);
	262	size_t i;
	263
	264	///- Circle through known commands and call the correct command handler
	265	for (i=0;i<AUTH_TOTAL_COMMANDS; i++)
	266	{
	267	if ((uint8)table[i].cmd == _cmd &&
	268	(table[i].status == STATUS_CONNECTED \|\|
	269	(_authed && table[i].status == STATUS_AUTHED)))
	270	{
	271	DEBUG_LOG("[Auth] got data for cmd %u ibuf length %u", (uint32)_cmd, ibuf.GetLength());
	272
	273	if (!(this.table[i].handler)())
	274	{
	275	DEBUG_LOG("Command handler failed for cmd %u ibuf length %u", (uint32)_cmd, ibuf.GetLength());
	276	return;
	277	}
	278	break;
	279	}
	280	}
	281
	282	///- Report unknown commands in the debug log
	283	if (i==AUTH_TOTAL_COMMANDS)
	284	{
	285	DEBUG_LOG("[Auth] got unknown packet %u", (uint32)_cmd);
	286	return;
	287	}
	288	}
	289	}
	290
	291	/// Make the SRP6 calculation from hash in dB
	292	void AuthSocket::_SetVSFields(std::string rI)
	293	{
	294	BigNumber I;
	295	I.SetHexStr(rI.c_str());
	296
	297	//In case of leading zeroes in the rI hash, restore them
	298	uint8 mDigest[SHA_DIGEST_LENGTH];
	299	memset(mDigest,0,SHA_DIGEST_LENGTH);
	300	if (I.GetNumBytes() <= SHA_DIGEST_LENGTH)
	301	memcpy(mDigest,I.AsByteArray(),I.GetNumBytes());
	302
	303	std::reverse(mDigest,mDigest+SHA_DIGEST_LENGTH);
	304
	305	Sha1Hash sha;
	306	sha.UpdateData(s.AsByteArray(), s.GetNumBytes());
	307	sha.UpdateData(mDigest, SHA_DIGEST_LENGTH);
	308	sha.Finalize();
	309	BigNumber x;
	310	x.SetBinary(sha.GetDigest(), sha.GetLength());
	311	v = g.ModExp(x, N);
	312	// No SQL injection (username escaped)
	313	const char v_hex, s_hex;
	314	v_hex = v.AsHexStr();
	315	s_hex = s.AsHexStr();
	316	dbRealmServer.PExecute("UPDATE account SET v = '%s', s = '%s' WHERE username = '%s'",v_hex,s_hex, _safelogin.c_str() );
	317	OPENSSL_free((void*)v_hex);
	318	OPENSSL_free((void*)s_hex);
	319	}
	320
	321	/// Logon Challenge command handler
	322	bool AuthSocket::_HandleLogonChallenge()
	323	{
	324	DEBUG_LOG("Entering _HandleLogonChallenge");
	325	if (ibuf.GetLength() < sizeof(sAuthLogonChallenge_C))
	326	return false;
	327
	328	///- Read the first 4 bytes (header) to get the length of the remaining of the packet
	329	std::vector<uint8> buf;
	330	buf.resize(4);
	331
	332	ibuf.Read((char *)&buf[0], 4);
	333
	334	EndianConvert(((uint16)(buf[0])));
	335	uint16 remaining = ((sAuthLogonChallenge_C *)&buf[0])->size;
	336	DEBUG_LOG("[AuthChallenge] got header, body is %#04x bytes", remaining);
	337
	338	if ((remaining < sizeof(sAuthLogonChallenge_C) - buf.size()) \|\| (ibuf.GetLength() < remaining))
	339	return false;
	340
	341	//No big fear of memory outage (size is int16, i.e. < 65536)
	342	buf.resize(remaining + buf.size() + 1);
	343	buf[buf.size() - 1] = 0;
	344	sAuthLogonChallenge_C ch = (sAuthLogonChallenge_C)&buf[0];
	345
	346	// BigEndian code, nop in little endian case
	347	// size already converted
	348	EndianConvert(((uint32)(&ch->gamename[0])));
	349	EndianConvert(ch->build);
	350	EndianConvert(((uint32)(&ch->platform[0])));
	351	EndianConvert(((uint32)(&ch->os[0])));
	352	EndianConvert(((uint32)(&ch->country[0])));
	353	EndianConvert(ch->timezone_bias);
	354	EndianConvert(ch->ip);
	355
	356	///- Read the remaining of the packet
	357	ibuf.Read((char *)&buf[4], remaining);
	358	DEBUG_LOG("[AuthChallenge] got full packet, %#04x bytes", ch->size);
	359	DEBUG_LOG("[AuthChallenge] name(%d): '%s'", ch->I_len, ch->I);
	360
	361	ByteBuffer pkt;
	362
	363	_login = (const char*)ch->I;
[74]	364	_build = ch->build;
[2]	365
	366	///- Normalize account name
	367	//utf8ToUpperOnlyLatin(_login); -- client already send account in expected form
	368
	369	//Escape the user login to avoid further SQL injection
	370	//Memory will be freed on AuthSocket object destruction
	371	_safelogin=_login;
	372	dbRealmServer.escape_string(_safelogin);
	373
[74]	374	pkt << (uint8) AUTH_LOGON_CHALLENGE;
	375	pkt << (uint8) 0x00;
	376
	377	///- Verify that this IP is not in the ip_banned table
	378	// No SQL injection possible (paste the IP address as passed by the socket)
	379	dbRealmServer.Execute("DELETE FROM ip_banned WHERE unbandate<=UNIX_TIMESTAMP() AND unbandate<>bandate");
	380
	381	std::string address = GetRemoteAddress();
	382	dbRealmServer.escape_string(address);
	383	QueryResult result = dbRealmServer.PQuery( "SELECT FROM ip_banned WHERE ip = '%s'",address.c_str());
	384	if(result)
[44]	385	{
[74]	386	pkt << (uint8)REALM_AUTH_ACCOUNT_BANNED;
	387	sLog.outBasic("[AuthChallenge] Banned ip %s tries to login!",GetRemoteAddress().c_str ());
	388	delete result;
[44]	389	}
[74]	390	else
[2]	391	{
[74]	392	///- Get the account details from the account table
	393	// No SQL injection (escaped user name)
[2]	394
[74]	395	result = dbRealmServer.PQuery("SELECT sha_pass_hash,id,locked,last_ip,gmlevel FROM account WHERE username = '%s'",_safelogin.c_str ());
	396	if( result )
[2]	397	{
[74]	398	///- If the IP is 'locked', check that the player comes indeed from the correct IP address
	399	bool locked = false;
	400	if((*result)[2].GetUInt8() == 1) // if ip is locked
[2]	401	{
[74]	402	DEBUG_LOG("[AuthChallenge] Account '%s' is locked to IP - '%s'", _login.c_str(), (*result)[3].GetString());
	403	DEBUG_LOG("[AuthChallenge] Player address is '%s'", GetRemoteAddress().c_str());
	404	if ( strcmp((*result)[3].GetString(),GetRemoteAddress().c_str()) )
[2]	405	{
[74]	406	DEBUG_LOG("[AuthChallenge] Account IP differs");
	407	pkt << (uint8) REALM_AUTH_ACCOUNT_FREEZED;
	408	locked=true;
[2]	409	}
	410	else
	411	{
[74]	412	DEBUG_LOG("[AuthChallenge] Account IP matches");
[2]	413	}
[74]	414	}
	415	else
	416	{
	417	DEBUG_LOG("[AuthChallenge] Account '%s' is not locked to ip", _login.c_str());
	418	}
[2]	419
[74]	420	if (!locked)
	421	{
	422	//set expired bans to inactive
	423	dbRealmServer.Execute("UPDATE account_banned SET active = 0 WHERE unbandate<=UNIX_TIMESTAMP() AND unbandate<>bandate");
	424	///- If the account is banned, reject the logon attempt
	425	QueryResult banresult = dbRealmServer.PQuery("SELECT bandate,unbandate FROM account_banned WHERE id = %u AND active = 1", (result)[1].GetUInt32());
	426	if(banresult)
[2]	427	{
[74]	428	if((banresult)[0].GetUInt64() == (banresult)[1].GetUInt64())
[2]	429	{
[74]	430	pkt << (uint8) REALM_AUTH_ACCOUNT_BANNED;
	431	sLog.outBasic("[AuthChallenge] Banned account %s tries to login!",_login.c_str ());
[2]	432	}
	433	else
	434	{
[74]	435	pkt << (uint8) REALM_AUTH_ACCOUNT_FREEZED;
	436	sLog.outBasic("[AuthChallenge] Temporarily banned account %s tries to login!",_login.c_str ());
	437	}
[2]	438
[74]	439	delete banresult;
	440	}
	441	else
	442	{
	443	///- Get the password from the account table, upper it, and make the SRP6 calculation
	444	std::string rI = (*result)[0].GetCppString();
	445	_SetVSFields(rI);
[2]	446
[74]	447	b.SetRand(19 * 8);
	448	BigNumber gmod=g.ModExp(b, N);
	449	B = ((v * 3) + gmod) % N;
[2]	450
[74]	451	ASSERT(gmod.GetNumBytes() <= 32);
[2]	452
[74]	453	BigNumber unk3;
	454	unk3.SetRand(16*8);
[2]	455
[74]	456	///- Fill the response packet with the result
	457	pkt << (uint8)REALM_AUTH_SUCCESS;
[2]	458
[74]	459	// B may be calculated < 32B so we force minnimal length to 32B
	460	pkt.append(B.AsByteArray(32), 32); // 32 bytes
	461	pkt << (uint8)1;
	462	pkt.append(g.AsByteArray(), 1);
	463	pkt << (uint8)32;
	464	pkt.append(N.AsByteArray(), 32);
	465	pkt.append(s.AsByteArray(), s.GetNumBytes()); // 32 bytes
	466	pkt.append(unk3.AsByteArray(), 16);
	467	pkt << (uint8)0; // Added in 1.12.x client branch
[2]	468
[74]	469	uint8 secLevel = (*result)[4].GetUInt8();
	470	_accountSecurityLevel = secLevel <= SEC_ADMINISTRATOR ? AccountTypes(secLevel) : SEC_ADMINISTRATOR;
[2]	471
[74]	472	_localizationName.resize(4);
	473	for(int i = 0; i <4; ++i)
	474	_localizationName[i] = ch->country[4-i-1];
[2]	475
[74]	476	sLog.outBasic("[AuthChallenge] account %s is using '%c%c%c%c' locale (%u)", _login.c_str (), ch->country[3],ch->country[2],ch->country[1],ch->country[0], GetLocaleByName(_localizationName));
[2]	477	}
	478	}
[74]	479	delete result;
[2]	480	}
[74]	481	else //no account
	482	{
	483	pkt<< (uint8) REALM_AUTH_NO_MATCH;
	484	}
	485	}
	486	SendBuf((char const*)pkt.contents(), pkt.size());
	487	return true;
	488	}
	489
	490	/// Logon Proof command handler
	491	bool AuthSocket::_HandleLogonProof()
	492	{
	493	DEBUG_LOG("Entering _HandleLogonProof");
	494	///- Read the packet
	495	if (ibuf.GetLength() < sizeof(sAuthLogonProof_C))
	496	return false;
	497	sAuthLogonProof_C lp;
	498	ibuf.Read((char *)&lp, sizeof(sAuthLogonProof_C));
	499
	500	///- Check if the client has one of the expected version numbers
	501	bool valid_version=false;
	502	int accepted_versions[]=EXPECTED_TRINITY_CLIENT_BUILD;
	503	for(int i=0;accepted_versions[i];i++)
[2]	504	{
[74]	505	if(_build==accepted_versions[i])
	506	{
	507	valid_version=true;
	508	break;
	509	}
	510	}
	511
	512	/// <ul><li> If the client has no valid version
	513	if(!valid_version)
	514	{
[2]	515	///- Check if we have the apropriate patch on the disk
[74]	516
	517	// 24 = len("./patches/65535enGB.mpq")+1
	518	char tmp[24];
[2]	519	// No buffer overflow (fixed length of arguments)
[74]	520	sprintf(tmp,"./patches/%d%s.mpq",_build, _localizationName.c_str());
[2]	521	// This will be closed at the destruction of the AuthSocket (client deconnection)
	522	FILE *pFile=fopen(tmp,"rb");
[74]	523
[2]	524	if(!pFile)
	525	{
[74]	526	ByteBuffer pkt;
[2]	527	pkt << (uint8) AUTH_LOGON_CHALLENGE;
	528	pkt << (uint8) 0x00;
	529	pkt << (uint8) REALM_AUTH_WRONG_BUILD_NUMBER;
[74]	530	DEBUG_LOG("[AuthChallenge] %u is not a valid client version!", _build);
[2]	531	DEBUG_LOG("[AuthChallenge] Patch %s not found",tmp);
[74]	532	SendBuf((char const*)pkt.contents(), pkt.size());
	533	return true;
	534	}
	535	else // have patch
	536	{
[2]	537	pPatch=pFile;
	538	XFER_INIT xferh;
	539
	540	///- Get the MD5 hash of the patch file (get it from preloaded Patcher cache or calculate it)
	541	if(PatchesCache.GetHash(tmp,(uint8*)&xferh.md5))
	542	{
	543	DEBUG_LOG("\n[AuthChallenge] Found precached patch info for patch %s",tmp);
	544	}
	545	else
	546	{ //calculate patch md5
	547	printf("\n[AuthChallenge] Patch info for %s was not cached.",tmp);
	548	PatchesCache.LoadPatchMD5(tmp);
	549	PatchesCache.GetHash(tmp,(uint8*)&xferh.md5);
	550	}
	551
	552	///- Send a packet to the client with the file length and MD5 hash
	553	uint8 data[2]={AUTH_LOGON_PROOF,REALM_AUTH_UPDATE_CLIENT};
	554	SendBuf((const char*)data,sizeof(data));
	555
	556	memcpy(&xferh,"0\x05Patch",7);
	557	xferh.cmd=XFER_INITIATE;
	558	fseek(pPatch,0,SEEK_END);
	559	xferh.file_size=ftell(pPatch);
	560
	561	SendBuf((const char*)&xferh,sizeof(xferh));
	562	return true;
	563	}
	564	}
	565	/// </ul>
	566
	567	///- Continue the SRP6 calculation based on data received from the client
	568	BigNumber A;
	569	A.SetBinary(lp.A, 32);
	570
	571	Sha1Hash sha;
	572	sha.UpdateBigNumbers(&A, &B, NULL);
	573	sha.Finalize();
	574	BigNumber u;
	575	u.SetBinary(sha.GetDigest(), 20);
	576	BigNumber S = (A * (v.ModExp(u, N))).ModExp(b, N);
	577
	578	uint8 t[32];
	579	uint8 t1[16];
	580	uint8 vK[40];
	581	memcpy(t, S.AsByteArray(), 32);
	582	for (int i = 0; i < 16; i++)
	583	{
	584	t1[i] = t[i*2];
	585	}
	586	sha.Initialize();
	587	sha.UpdateData(t1, 16);
	588	sha.Finalize();
	589	for (int i = 0; i < 20; i++)
	590	{
	591	vK[i*2] = sha.GetDigest()[i];
	592	}
	593	for (int i = 0; i < 16; i++)
	594	{
	595	t1[i] = t[i*2+1];
	596	}
	597	sha.Initialize();
	598	sha.UpdateData(t1, 16);
	599	sha.Finalize();
	600	for (int i = 0; i < 20; i++)
	601	{
	602	vK[i*2+1] = sha.GetDigest()[i];
	603	}
	604	K.SetBinary(vK, 40);
	605
	606	uint8 hash[20];
	607
	608	sha.Initialize();
	609	sha.UpdateBigNumbers(&N, NULL);
	610	sha.Finalize();
	611	memcpy(hash, sha.GetDigest(), 20);
	612	sha.Initialize();
	613	sha.UpdateBigNumbers(&g, NULL);
	614	sha.Finalize();
	615	for (int i = 0; i < 20; i++)
	616	{
	617	hash[i] ^= sha.GetDigest()[i];
	618	}
	619	BigNumber t3;
	620	t3.SetBinary(hash, 20);
	621
	622	sha.Initialize();
	623	sha.UpdateData(_login);
	624	sha.Finalize();
	625	uint8 t4[SHA_DIGEST_LENGTH];
	626	memcpy(t4, sha.GetDigest(), SHA_DIGEST_LENGTH);
	627
	628	sha.Initialize();
	629	sha.UpdateBigNumbers(&t3, NULL);
	630	sha.UpdateData(t4, SHA_DIGEST_LENGTH);
	631	sha.UpdateBigNumbers(&s, &A, &B, &K, NULL);
	632	sha.Finalize();
	633	BigNumber M;
	634	M.SetBinary(sha.GetDigest(), 20);
	635
	636	///- Check if SRP6 results match (password is correct), else send an error
	637	if (!memcmp(M.AsByteArray(), lp.M1, 20))
	638	{
	639	sLog.outBasic("User '%s' successfully authenticated", _login.c_str());
	640
	641	///- Update the sessionkey, last_ip, last login time and reset number of failed logins in the account table for this account
	642	// No SQL injection (escaped user name) and IP address as received by socket
	643	const char* K_hex = K.AsHexStr();
[74]	644	dbRealmServer.PExecute("UPDATE account SET sessionkey = '%s', last_ip = '%s', last_login = NOW(), locale = '%u', failed_logins = 0 WHERE username = '%s'", K_hex, GetRemoteAddress().c_str(), GetLocaleByName(_localizationName), _safelogin.c_str() );
[2]	645	OPENSSL_free((void*)K_hex);
	646
	647	///- Finish SRP6 and send the final result to the client
	648	sha.Initialize();
	649	sha.UpdateBigNumbers(&A, &M, &K, NULL);
	650	sha.Finalize();
	651
	652	sAuthLogonProof_S proof;
	653	memcpy(proof.M2, sha.GetDigest(), 20);
	654	proof.cmd = AUTH_LOGON_PROOF;
	655	proof.error = 0;
	656	proof.unk1 = 0x00800000;
	657	proof.unk2 = 0x00;
	658	proof.unk3 = 0x00;
	659
	660	SendBuf((char *)&proof, sizeof(proof));
	661
	662	///- Set _authed to true!
	663	_authed = true;
	664	}
	665	else
	666	{
	667	char data[4]={AUTH_LOGON_PROOF,REALM_AUTH_NO_MATCH,3,0};
	668	SendBuf(data,sizeof(data));
	669	sLog.outBasic("[AuthChallenge] account %s tried to login with wrong password!",_login.c_str ());
	670
	671	uint32 MaxWrongPassCount = sConfig.GetIntDefault("WrongPass.MaxCount", 0);
	672	if(MaxWrongPassCount > 0)
	673	{
	674	//Increment number of failed logins by one and if it reaches the limit temporarily ban that account or IP
	675	dbRealmServer.PExecute("UPDATE account SET failed_logins = failed_logins + 1 WHERE username = '%s'",_safelogin.c_str());
	676
	677	if(QueryResult *loginfail = dbRealmServer.PQuery("SELECT id, failed_logins FROM account WHERE username = '%s'", _safelogin.c_str()))
	678	{
	679	Field* fields = loginfail->Fetch();
	680	uint32 failed_logins = fields[1].GetUInt32();
	681
	682	if( failed_logins >= MaxWrongPassCount )
	683	{
	684	uint32 WrongPassBanTime = sConfig.GetIntDefault("WrongPass.BanTime", 600);
	685	bool WrongPassBanType = sConfig.GetBoolDefault("WrongPass.BanType", false);
	686
	687	if(WrongPassBanType)
	688	{
	689	uint32 acc_id = fields[0].GetUInt32();
[74]	690	dbRealmServer.PExecute("INSERT INTO account_banned VALUES ('%u',UNIX_TIMESTAMP(),UNIX_TIMESTAMP()+'%u','Trinity realmd','Failed login autoban',1)",
[2]	691	acc_id, WrongPassBanTime);
	692	sLog.outBasic("[AuthChallenge] account %s got banned for '%u' seconds because it failed to authenticate '%u' times",
	693	_login.c_str(), WrongPassBanTime, failed_logins);
	694	}
	695	else
	696	{
	697	std::string current_ip = GetRemoteAddress();
	698	dbRealmServer.escape_string(current_ip);
[74]	699	dbRealmServer.PExecute("INSERT INTO ip_banned VALUES ('%s',UNIX_TIMESTAMP(),UNIX_TIMESTAMP()+'%u','Trinity realmd','Failed login autoban')",
[2]	700	current_ip.c_str(), WrongPassBanTime);
	701	sLog.outBasic("[AuthChallenge] IP %s got banned for '%u' seconds because account %s failed to authenticate '%u' times",
	702	current_ip.c_str(), WrongPassBanTime, _login.c_str(), failed_logins);
	703	}
	704	}
	705	delete loginfail;
	706	}
	707	}
	708	}
	709	return true;
	710	}
	711
	712	/// %Realm List command handler
	713	bool AuthSocket::_HandleRealmList()
	714	{
	715	DEBUG_LOG("Entering _HandleRealmList");
	716	if (ibuf.GetLength() < 5)
	717	return false;
	718
	719	ibuf.Remove(5);
	720
	721	///- Get the user id (else close the connection)
	722	// No SQL injection (escaped user name)
	723
	724	QueryResult *result = dbRealmServer.PQuery("SELECT id,sha_pass_hash FROM account WHERE username = '%s'",_safelogin.c_str());
	725	if(!result)
	726	{
	727	sLog.outError("[ERROR] user %s tried to login and we cannot find him in the database.",_login.c_str());
	728	SetCloseAndDelete();
	729	return false;
	730	}
	731
	732	uint32 id = (*result)[0].GetUInt32();
	733	std::string rI = (*result)[1].GetCppString();
	734	delete result;
	735
	736	///- Update realm list if need
	737	m_realmList.UpdateIfNeed();
	738
	739	///- Circle through realms in the RealmList and construct the return packet (including # of user characters in each realm)
	740	ByteBuffer pkt;
	741	pkt << (uint32) 0;
	742	pkt << (uint16) m_realmList.size();
	743	RealmList::RealmMap::const_iterator i;
	744	for( i = m_realmList.begin(); i != m_realmList.end(); i++ )
	745	{
	746	uint8 AmountOfCharacters;
	747
	748	// No SQL injection. id of realm is controlled by the database.
	749	result = dbRealmServer.PQuery( "SELECT numchars FROM realmcharacters WHERE realmid = '%d' AND acctid='%u'",i->second.m_ID,id);
	750	if( result )
	751	{
	752	Field *fields = result->Fetch();
	753	AmountOfCharacters = fields[0].GetUInt8();
	754	delete result;
	755	}
	756	else
	757	AmountOfCharacters = 0;
	758
	759	uint8 lock = (i->second.allowedSecurityLevel > _accountSecurityLevel) ? 1 : 0;
	760
	761	pkt << i->second.icon; // realm type
	762	pkt << lock; // if 1, then realm locked
	763	pkt << i->second.color; // if 2, then realm is offline
	764	pkt << i->first;
	765	pkt << i->second.address;
	766	pkt << i->second.populationLevel;
	767	pkt << AmountOfCharacters;
	768	pkt << i->second.timezone; // realm category
	769	pkt << (uint8) 0x2C; // unk, may be realm number/id?
	770	}
	771	pkt << (uint8) 0x10;
	772	pkt << (uint8) 0x00;
	773
	774	ByteBuffer hdr;
	775	hdr << (uint8) REALM_LIST;
	776	hdr << (uint16)pkt.size();
	777	hdr.append(pkt);
	778
	779	SendBuf((char const*)hdr.contents(), hdr.size());
	780
	781	// Set check field before possible relogin to realm
	782	_SetVSFields(rI);
	783	return true;
	784	}
	785
	786	/// Resume patch transfer
	787	bool AuthSocket::_HandleXferResume()
	788	{
	789	DEBUG_LOG("Entering _HandleXferResume");
	790	///- Check packet length and patch existence
	791	if (ibuf.GetLength()<9 \|\| !pPatch)
	792	{
	793	sLog.outError("Error while resuming patch transfer (wrong packet)");
	794	return false;
	795	}
	796
	797	///- Launch a PatcherRunnable thread starting at given patch file offset
	798	uint64 start;
	799	ibuf.Remove(1);
	800	ibuf.Read((char*)&start,sizeof(start));
	801	fseek(pPatch,start,0);
	802
	803	ZThread::Thread u(new PatcherRunnable(this));
	804	return true;
	805	}
	806
	807	/// Cancel patch transfer
	808	bool AuthSocket::_HandleXferCancel()
	809	{
	810	DEBUG_LOG("Entering _HandleXferCancel");
	811
	812	///- Close and delete the socket
	813	ibuf.Remove(1); //clear input buffer
	814
	815	//ZThread::Thread::sleep(15);
	816	SetCloseAndDelete();
	817
	818	return true;
	819	}
	820
	821	/// Accept patch transfer
	822	bool AuthSocket::_HandleXferAccept()
	823	{
	824	DEBUG_LOG("Entering _HandleXferAccept");
	825
	826	///- Check packet length and patch existence
	827	if (!pPatch)
	828	{
	829	sLog.outError("Error while accepting patch transfer (wrong packet)");
	830	return false;
	831	}
	832
	833	///- Launch a PatcherRunnable thread, starting at the begining of the patch file
	834	ibuf.Remove(1); //clear input buffer
	835	fseek(pPatch,0,0);
	836
	837	ZThread::Thread u(new PatcherRunnable(this));
	838
	839	return true;
	840	}
	841
	842	/// Check if there is lag on the connection to the client
	843	bool AuthSocket::IsLag()
	844	{
	845	return (TCP_BUFSIZE_READ-GetOutputLength()< 2*ChunkSize);
	846	}
	847
	848	PatcherRunnable::PatcherRunnable(class AuthSocket * as)
	849	{
	850	mySocket=as;
	851	}
	852
	853	/// Send content of patch file to the client
	854	void PatcherRunnable::run()
	855	{
[74]	856	ZThread::Guard<ZThread::Mutex> g(mySocket->patcherLock);
[2]	857	XFER_DATA_STRUCT xfdata;
	858	xfdata.opcode = XFER_DATA;
	859
	860	while(!feof(mySocket->pPatch) && mySocket->Ready())
	861	{
	862	///- Wait until output buffer is reasonably empty
	863	while(mySocket->Ready() && mySocket->IsLag())
	864	{
	865	ZThread::Thread::sleep(1);
	866	}
	867	///- And send content of the patch file to the client
	868	xfdata.data_size=fread(&xfdata.data,1,ChunkSize,mySocket->pPatch);
	869	mySocket->SendBuf((const char*)&xfdata,xfdata.data_size +(sizeof(XFER_DATA_STRUCT)-ChunkSize));
	870	}
	871	}
	872
	873	/// Preload MD5 hashes of existing patch files on server
	874	#ifndef _WIN32
[74]	875	#include <dirent.h>
[2]	876	#include <errno.h>
	877	void Patcher::LoadPatchesInfo()
	878	{
	879	DIR * dirp;
	880	//int errno;
	881	struct dirent * dp;
	882	dirp = opendir("./patches/");
	883	if(!dirp)
	884	return;
	885	while (dirp)
	886	{
	887	errno = 0;
	888	if ((dp = readdir(dirp)) != NULL)
	889	{
	890	int l=strlen(dp->d_name);
	891	if(l<8)continue;
	892	if(!memcmp(&dp->d_name[l-4],".mpq",4))
	893	LoadPatchMD5(dp->d_name);
	894	}
	895	else
	896	{
	897	if(errno != 0)
	898	{
	899	closedir(dirp);
	900	return;
	901	}
	902	break;
	903	}
	904	}
	905
	906	if(dirp)
	907	closedir(dirp);
	908	}
	909
	910	#else
	911	void Patcher::LoadPatchesInfo()
	912	{
	913	WIN32_FIND_DATA fil;
	914	HANDLE hFil=FindFirstFile("./patches/*.mpq",&fil);
	915	if(hFil==INVALID_HANDLE_VALUE)
	916	return; //no patches were found
	917
[74]	918	do
	919	{
[2]	920	LoadPatchMD5(fil.cFileName);
[74]	921	}
	922	while(FindNextFile(hFil,&fil));
[2]	923	}
	924	#endif
	925
	926	/// Calculate and store MD5 hash for a given patch file
	927	void Patcher::LoadPatchMD5(char * szFileName)
	928	{
	929	///- Try to open the patch file
	930	std::string path = "./patches/";
	931	path += szFileName;
	932	FILE * pPatch=fopen(path.c_str(),"rb");
	933	sLog.outDebug("Loading patch info from %s\n",path.c_str());
	934	if(!pPatch)
	935	{
	936	sLog.outError("Error loading patch %s\n",path.c_str());
	937	return;
	938	}
	939
	940	///- Calculate the MD5 hash
	941	MD5_CTX ctx;
	942	MD5_Init(&ctx);
	943	uint8* buf = new uint8[512*1024];
	944
	945	while (!feof(pPatch))
	946	{
	947	size_t read = fread(buf, 1, 512*1024, pPatch);
	948	MD5_Update(&ctx, buf, read);
	949	}
	950	delete [] buf;
	951	fclose(pPatch);
	952
	953	///- Store the result in the internal patch hash map
	954	_patches[path] = new PATCH_INFO;
	955	MD5_Final((uint8 *)&_patches[path]->md5 , &ctx);
	956	}
	957
	958	/// Get cached MD5 hash for a given patch file
	959	bool Patcher::GetHash(char * pat,uint8 mymd5[16])
	960	{
	961	for( Patches::iterator i = _patches.begin(); i != _patches.end(); i++ )
	962	if(!stricmp(pat,i->first.c_str () ))
	963	{
	964	memcpy(mymd5,i->second->md5,16);
	965	return true;
	966	}
	967
	968	return false;
	969	}
	970
	971	/// Launch the patch hashing mechanism on object creation
	972	Patcher::Patcher()
	973	{
	974	LoadPatchesInfo();
	975	}
	976
	977	/// Empty and delete the patch map on termination
	978	Patcher::~Patcher()
	979	{
	980	for(Patches::iterator i = _patches.begin(); i != _patches.end(); i++ )
	981	delete i->second;
	982	}

Note: See TracBrowser for help on using the browser.

Context Navigation

root/trunk/src/trinityrealm/AuthSocket.cpp @ 74

Download in other formats: