Context Navigation

AuthSocket.cpp @ 170

Revision 170, 34.0 kB (checked in by yumileroy, 17 years ago)

[svn] * Allow reconnect in trinityrealm.

Original author: KingPin?
Date: 2008-11-05 13:35:33-06:00

Line
1	/*
2	* Copyright (C) 2005-2008 MaNGOS <http://www.mangosproject.org/>
3	*
4	* Copyright (C) 2008 Trinity <http://www.trinitycore.org/>
5	*
6	* This program is free software; you can redistribute it and/or modify
7	* it under the terms of the GNU General Public License as published by
8	* the Free Software Foundation; either version 2 of the License, or
9	* (at your option) any later version.
10	*
11	* This program is distributed in the hope that it will be useful,
12	* but WITHOUT ANY WARRANTY; without even the implied warranty of
13	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14	* GNU General Public License for more details.
15	*
16	* You should have received a copy of the GNU General Public License
17	* along with this program; if not, write to the Free Software
18	* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
19	*/
20
21	/** \file
22	\ingroup realmd
23	*/
24
25	#include "Common.h"
26	#include "Database/DatabaseEnv.h"
27	#include "ByteBuffer.h"
28	#include "Config/ConfigEnv.h"
29	#include "Log.h"
30	#include "RealmList.h"
31	#include "AuthSocket.h"
32	#include "AuthCodes.h"
33	#include <openssl/md5.h>
34	#include "Auth/Sha1.h"
35	//#include "Util.h" -- for commented utf8ToUpperOnlyLatin
36
37	extern RealmList m_realmList;
38
39	extern DatabaseType dbRealmServer;
40
41	#define ChunkSize 2048
42
43	enum eAuthCmd
44	{
45	//AUTH_NO_CMD = 0xFF,
46	AUTH_LOGON_CHALLENGE = 0x00,
47	AUTH_LOGON_PROOF = 0x01,
48	AUTH_RECONNECT_CHALLENGE = 0x02,
49	AUTH_RECONNECT_PROOF = 0x03,
50	//update srv =4
51	REALM_LIST = 0x10,
52	XFER_INITIATE = 0x30,
53	XFER_DATA = 0x31,
54	XFER_ACCEPT = 0x32,
55	XFER_RESUME = 0x33,
56	XFER_CANCEL = 0x34
57	};
58
59	enum eStatus
60	{
61	STATUS_CONNECTED = 0,
62	STATUS_AUTHED
63	};
64
65	// GCC have alternative #pragma pack(N) syntax and old gcc version not support pack(push,N), also any gcc version not support it at some paltform
66	#if defined( __GNUC__ )
67	#pragma pack(1)
68	#else
69	#pragma pack(push,1)
70	#endif
71
72	typedef struct AUTH_LOGON_CHALLENGE_C
73	{
74	uint8 cmd;
75	uint8 error;
76	uint16 size;
77	uint8 gamename[4];
78	uint8 version1;
79	uint8 version2;
80	uint8 version3;
81	uint16 build;
82	uint8 platform[4];
83	uint8 os[4];
84	uint8 country[4];
85	uint32 timezone_bias;
86	uint32 ip;
87	uint8 I_len;
88	uint8 I[1];
89	} sAuthLogonChallenge_C;
90
91	//typedef sAuthLogonChallenge_C sAuthReconnectChallenge_C;
92	/*
93	typedef struct
94	{
95	uint8 cmd;
96	uint8 error;
97	uint8 unk2;
98	uint8 B[32];
99	uint8 g_len;
100	uint8 g[1];
101	uint8 N_len;
102	uint8 N[32];
103	uint8 s[32];
104	uint8 unk3[16];
105	} sAuthLogonChallenge_S;
106	*/
107
108	typedef struct AUTH_LOGON_PROOF_C
109	{
110	uint8 cmd;
111	uint8 A[32];
112	uint8 M1[20];
113	uint8 crc_hash[20];
114	uint8 number_of_keys;
115	uint8 unk; // Added in 1.12.x client branch
116	} sAuthLogonProof_C;
117	/*
118	typedef struct
119	{
120	uint16 unk1;
121	uint32 unk2;
122	uint8 unk3[4];
123	uint16 unk4[20];
124	} sAuthLogonProofKey_C;
125	*/
126	typedef struct AUTH_LOGON_PROOF_S
127	{
128	uint8 cmd;
129	uint8 error;
130	uint8 M2[20];
131	uint32 unk1;
132	uint32 unk2;
133	uint16 unk3;
134	} sAuthLogonProof_S;
135
136	typedef struct XFER_INIT
137	{
138	uint8 cmd; // XFER_INITIATE
139	uint8 fileNameLen; // strlen(fileName);
140	uint8 fileName[5]; // fileName[fileNameLen]
141	uint64 file_size; // file size (bytes)
142	uint8 md5[MD5_DIGEST_LENGTH]; // MD5
143	}XFER_INIT;
144
145	typedef struct XFER_DATA
146	{
147	uint8 opcode;
148	uint16 data_size;
149	uint8 data[ChunkSize];
150	}XFER_DATA_STRUCT;
151
152	typedef struct AuthHandler
153	{
154	eAuthCmd cmd;
155	uint32 status;
156	bool (AuthSocket::*handler)(void);
157	}AuthHandler;
158
159	// GCC have alternative #pragma pack() syntax and old gcc version not support pack(pop), also any gcc version not support it at some paltform
160	#if defined( __GNUC__ )
161	#pragma pack()
162	#else
163	#pragma pack(pop)
164	#endif
165
166	/// Launch a thread to transfer a patch to the client
167	class PatcherRunnable: public ZThread::Runnable
168	{
169	public:
170	PatcherRunnable(class AuthSocket *);
171	void run();
172
173	private:
174	AuthSocket * mySocket;
175	};
176
177	typedef struct PATCH_INFO
178	{
179	uint8 md5[MD5_DIGEST_LENGTH];
180	}PATCH_INFO;
181
182	/// Caches MD5 hash of client patches present on the server
183	class Patcher
184	{
185	public:
186	typedef std::map<std::string, PATCH_INFO*> Patches;
187	~Patcher();
188	Patcher();
189	Patches::const_iterator begin() const { return _patches.begin(); }
190	Patches::const_iterator end() const { return _patches.end(); }
191	void LoadPatchMD5(char*);
192	bool GetHash(char * pat,uint8 mymd5[16]);
193
194	private:
195	void LoadPatchesInfo();
196	Patches _patches;
197	};
198
199	const AuthHandler table[] =
200	{
201	{ AUTH_LOGON_CHALLENGE, STATUS_CONNECTED, &AuthSocket::_HandleLogonChallenge },
202	{ AUTH_LOGON_PROOF, STATUS_CONNECTED, &AuthSocket::_HandleLogonProof },
203	{ AUTH_RECONNECT_CHALLENGE, STATUS_CONNECTED, &AuthSocket::_HandleReconnectChallenge},
204	{ AUTH_RECONNECT_PROOF, STATUS_CONNECTED, &AuthSocket::_HandleReconnectProof },
205	{ REALM_LIST, STATUS_AUTHED, &AuthSocket::_HandleRealmList },
206	{ XFER_ACCEPT, STATUS_CONNECTED, &AuthSocket::_HandleXferAccept },
207	{ XFER_RESUME, STATUS_CONNECTED, &AuthSocket::_HandleXferResume },
208	{ XFER_CANCEL, STATUS_CONNECTED, &AuthSocket::_HandleXferCancel }
209	};
210
211	#define AUTH_TOTAL_COMMANDS sizeof(table)/sizeof(AuthHandler)
212
213	///Holds the MD5 hash of client patches present on the server
214	Patcher PatchesCache;
215
216	/// Constructor - set the N and g values for SRP6
217	AuthSocket::AuthSocket(ISocketHandler &h) : TcpSocket(h)
218	{
219	N.SetHexStr("894B645E89E1535BBDAD5B8B290650530801B18EBFBF5E8FAB3C82872A3E9BB7");
220	g.SetDword(7);
221	_authed = false;
222	pPatch = NULL;
223
224	_accountSecurityLevel = SEC_PLAYER;
225	}
226
227	/// Close patch file descriptor before leaving
228	AuthSocket::~AuthSocket()
229	{
230	ZThread::Guard<ZThread::Mutex> g(patcherLock);
231	if(pPatch)
232	fclose(pPatch);
233	}
234
235	/// Accept the connection and set the s random value for SRP6
236	void AuthSocket::OnAccept()
237	{
238	sLog.outBasic("Accepting connection from '%s:%d'",
239	GetRemoteAddress().c_str(), GetRemotePort());
240
241	s.SetRand(s_BYTE_SIZE * 8);
242	}
243
244	/// Read the packet from the client
245	void AuthSocket::OnRead()
246	{
247	///- Read the packet
248	TcpSocket::OnRead();
249	uint8 _cmd;
250	while (1)
251	{
252	if (!ibuf.GetLength())
253	return;
254
255	///- Get the command out of it
256	ibuf.SoftRead((char *)&_cmd, 1); // UQ1: No longer exists in new net code ???
257	//ibuf.Read((char *)&_cmd, 1);
258	/char command = (char *)malloc(1);
259
260	ibuf.Read(command, 1);
261
262	_cmd = (uint8)command;*/
263	// assert(0);
264	size_t i;
265
266	///- Circle through known commands and call the correct command handler
267	for (i=0;i<AUTH_TOTAL_COMMANDS; i++)
268	{
269	if ((uint8)table[i].cmd == _cmd &&
270	(table[i].status == STATUS_CONNECTED \|\|
271	(_authed && table[i].status == STATUS_AUTHED)))
272	{
273	DEBUG_LOG("[Auth] got data for cmd %u ibuf length %u", (uint32)_cmd, ibuf.GetLength());
274
275	if (!(this.table[i].handler)())
276	{
277	DEBUG_LOG("Command handler failed for cmd %u ibuf length %u", (uint32)_cmd, ibuf.GetLength());
278	return;
279	}
280	break;
281	}
282	}
283
284	///- Report unknown commands in the debug log
285	if (i==AUTH_TOTAL_COMMANDS)
286	{
287	DEBUG_LOG("[Auth] got unknown packet %u", (uint32)_cmd);
288	return;
289	}
290	}
291	}
292
293	/// Make the SRP6 calculation from hash in dB
294	void AuthSocket::_SetVSFields(std::string rI)
295	{
296	BigNumber I;
297	I.SetHexStr(rI.c_str());
298
299	//In case of leading zeroes in the rI hash, restore them
300	uint8 mDigest[SHA_DIGEST_LENGTH];
301	memset(mDigest,0,SHA_DIGEST_LENGTH);
302	if (I.GetNumBytes() <= SHA_DIGEST_LENGTH)
303	memcpy(mDigest,I.AsByteArray(),I.GetNumBytes());
304
305	std::reverse(mDigest,mDigest+SHA_DIGEST_LENGTH);
306
307	Sha1Hash sha;
308	sha.UpdateData(s.AsByteArray(), s.GetNumBytes());
309	sha.UpdateData(mDigest, SHA_DIGEST_LENGTH);
310	sha.Finalize();
311	BigNumber x;
312	x.SetBinary(sha.GetDigest(), sha.GetLength());
313	v = g.ModExp(x, N);
314	// No SQL injection (username escaped)
315	const char v_hex, s_hex;
316	v_hex = v.AsHexStr();
317	s_hex = s.AsHexStr();
318	dbRealmServer.PExecute("UPDATE account SET v = '%s', s = '%s' WHERE username = '%s'",v_hex,s_hex, _safelogin.c_str() );
319	OPENSSL_free((void*)v_hex);
320	OPENSSL_free((void*)s_hex);
321	}
322
323	/// Logon Challenge command handler
324	bool AuthSocket::_HandleLogonChallenge()
325	{
326	DEBUG_LOG("Entering _HandleLogonChallenge");
327	if (ibuf.GetLength() < sizeof(sAuthLogonChallenge_C))
328	return false;
329
330	///- Read the first 4 bytes (header) to get the length of the remaining of the packet
331	std::vector<uint8> buf;
332	buf.resize(4);
333
334	ibuf.Read((char *)&buf[0], 4);
335
336	EndianConvert(((uint16)(buf[0])));
337	uint16 remaining = ((sAuthLogonChallenge_C *)&buf[0])->size;
338	DEBUG_LOG("[AuthChallenge] got header, body is %#04x bytes", remaining);
339
340	if ((remaining < sizeof(sAuthLogonChallenge_C) - buf.size()) \|\| (ibuf.GetLength() < remaining))
341	return false;
342
343	//No big fear of memory outage (size is int16, i.e. < 65536)
344	buf.resize(remaining + buf.size() + 1);
345	buf[buf.size() - 1] = 0;
346	sAuthLogonChallenge_C ch = (sAuthLogonChallenge_C)&buf[0];
347
348	// BigEndian code, nop in little endian case
349	// size already converted
350	EndianConvert(((uint32)(&ch->gamename[0])));
351	EndianConvert(ch->build);
352	EndianConvert(((uint32)(&ch->platform[0])));
353	EndianConvert(((uint32)(&ch->os[0])));
354	EndianConvert(((uint32)(&ch->country[0])));
355	EndianConvert(ch->timezone_bias);
356	EndianConvert(ch->ip);
357
358	///- Read the remaining of the packet
359	ibuf.Read((char *)&buf[4], remaining);
360	DEBUG_LOG("[AuthChallenge] got full packet, %#04x bytes", ch->size);
361	DEBUG_LOG("[AuthChallenge] name(%d): '%s'", ch->I_len, ch->I);
362
363	ByteBuffer pkt;
364
365	_login = (const char*)ch->I;
366	_build = ch->build;
367
368	///- Normalize account name
369	//utf8ToUpperOnlyLatin(_login); -- client already send account in expected form
370
371	//Escape the user login to avoid further SQL injection
372	//Memory will be freed on AuthSocket object destruction
373	_safelogin=_login;
374	dbRealmServer.escape_string(_safelogin);
375
376	pkt << (uint8) AUTH_LOGON_CHALLENGE;
377	pkt << (uint8) 0x00;
378
379	///- Verify that this IP is not in the ip_banned table
380	// No SQL injection possible (paste the IP address as passed by the socket)
381	dbRealmServer.Execute("DELETE FROM ip_banned WHERE unbandate<=UNIX_TIMESTAMP() AND unbandate<>bandate");
382
383	std::string address = GetRemoteAddress();
384	dbRealmServer.escape_string(address);
385	QueryResult result = dbRealmServer.PQuery( "SELECT FROM ip_banned WHERE ip = '%s'",address.c_str());
386	if(result)
387	{
388	pkt << (uint8)REALM_AUTH_ACCOUNT_BANNED;
389	sLog.outBasic("[AuthChallenge] Banned ip %s tries to login!",GetRemoteAddress().c_str ());
390	delete result;
391	}
392	else
393	{
394	///- Get the account details from the account table
395	// No SQL injection (escaped user name)
396
397	result = dbRealmServer.PQuery("SELECT sha_pass_hash,id,locked,last_ip,gmlevel FROM account WHERE username = '%s'",_safelogin.c_str ());
398	if( result )
399	{
400	///- If the IP is 'locked', check that the player comes indeed from the correct IP address
401	bool locked = false;
402	if((*result)[2].GetUInt8() == 1) // if ip is locked
403	{
404	DEBUG_LOG("[AuthChallenge] Account '%s' is locked to IP - '%s'", _login.c_str(), (*result)[3].GetString());
405	DEBUG_LOG("[AuthChallenge] Player address is '%s'", GetRemoteAddress().c_str());
406	if ( strcmp((*result)[3].GetString(),GetRemoteAddress().c_str()) )
407	{
408	DEBUG_LOG("[AuthChallenge] Account IP differs");
409	pkt << (uint8) REALM_AUTH_ACCOUNT_FREEZED;
410	locked=true;
411	}
412	else
413	{
414	DEBUG_LOG("[AuthChallenge] Account IP matches");
415	}
416	}
417	else
418	{
419	DEBUG_LOG("[AuthChallenge] Account '%s' is not locked to ip", _login.c_str());
420	}
421
422	if (!locked)
423	{
424	//set expired bans to inactive
425	dbRealmServer.Execute("UPDATE account_banned SET active = 0 WHERE unbandate<=UNIX_TIMESTAMP() AND unbandate<>bandate");
426	///- If the account is banned, reject the logon attempt
427	QueryResult banresult = dbRealmServer.PQuery("SELECT bandate,unbandate FROM account_banned WHERE id = %u AND active = 1", (result)[1].GetUInt32());
428	if(banresult)
429	{
430	if((banresult)[0].GetUInt64() == (banresult)[1].GetUInt64())
431	{
432	pkt << (uint8) REALM_AUTH_ACCOUNT_BANNED;
433	sLog.outBasic("[AuthChallenge] Banned account %s tries to login!",_login.c_str ());
434	}
435	else
436	{
437	pkt << (uint8) REALM_AUTH_ACCOUNT_FREEZED;
438	sLog.outBasic("[AuthChallenge] Temporarily banned account %s tries to login!",_login.c_str ());
439	}
440
441	delete banresult;
442	}
443	else
444	{
445	///- Get the password from the account table, upper it, and make the SRP6 calculation
446	std::string rI = (*result)[0].GetCppString();
447	_SetVSFields(rI);
448
449	b.SetRand(19 * 8);
450	BigNumber gmod=g.ModExp(b, N);
451	B = ((v * 3) + gmod) % N;
452
453	ASSERT(gmod.GetNumBytes() <= 32);
454
455	BigNumber unk3;
456	unk3.SetRand(16*8);
457
458	///- Fill the response packet with the result
459	pkt << (uint8)REALM_AUTH_SUCCESS;
460
461	// B may be calculated < 32B so we force minnimal length to 32B
462	pkt.append(B.AsByteArray(32), 32); // 32 bytes
463	pkt << (uint8)1;
464	pkt.append(g.AsByteArray(), 1);
465	pkt << (uint8)32;
466	pkt.append(N.AsByteArray(), 32);
467	pkt.append(s.AsByteArray(), s.GetNumBytes()); // 32 bytes
468	pkt.append(unk3.AsByteArray(), 16);
469	pkt << (uint8)0; // Added in 1.12.x client branch
470
471	uint8 secLevel = (*result)[4].GetUInt8();
472	_accountSecurityLevel = secLevel <= SEC_ADMINISTRATOR ? AccountTypes(secLevel) : SEC_ADMINISTRATOR;
473
474	_localizationName.resize(4);
475	for(int i = 0; i <4; ++i)
476	_localizationName[i] = ch->country[4-i-1];
477
478	sLog.outBasic("[AuthChallenge] account %s is using '%c%c%c%c' locale (%u)", _login.c_str (), ch->country[3],ch->country[2],ch->country[1],ch->country[0], GetLocaleByName(_localizationName));
479	}
480	}
481	delete result;
482	}
483	else //no account
484	{
485	pkt<< (uint8) REALM_AUTH_NO_MATCH;
486	}
487	}
488	SendBuf((char const*)pkt.contents(), pkt.size());
489	return true;
490	}
491
492	/// Logon Proof command handler
493	bool AuthSocket::_HandleLogonProof()
494	{
495	DEBUG_LOG("Entering _HandleLogonProof");
496	///- Read the packet
497	if (ibuf.GetLength() < sizeof(sAuthLogonProof_C))
498	return false;
499	sAuthLogonProof_C lp;
500	ibuf.Read((char *)&lp, sizeof(sAuthLogonProof_C));
501
502	///- Check if the client has one of the expected version numbers
503	bool valid_version=false;
504	int accepted_versions[]=EXPECTED_TRINITY_CLIENT_BUILD;
505	for(int i=0;accepted_versions[i];i++)
506	{
507	if(_build==accepted_versions[i])
508	{
509	valid_version=true;
510	break;
511	}
512	}
513
514	/// <ul><li> If the client has no valid version
515	if(!valid_version)
516	{
517	///- Check if we have the apropriate patch on the disk
518
519	// 24 = len("./patches/65535enGB.mpq")+1
520	char tmp[24];
521	// No buffer overflow (fixed length of arguments)
522	sprintf(tmp,"./patches/%d%s.mpq",_build, _localizationName.c_str());
523	// This will be closed at the destruction of the AuthSocket (client deconnection)
524	FILE *pFile=fopen(tmp,"rb");
525
526	if(!pFile)
527	{
528	ByteBuffer pkt;
529	pkt << (uint8) AUTH_LOGON_CHALLENGE;
530	pkt << (uint8) 0x00;
531	pkt << (uint8) REALM_AUTH_WRONG_BUILD_NUMBER;
532	DEBUG_LOG("[AuthChallenge] %u is not a valid client version!", _build);
533	DEBUG_LOG("[AuthChallenge] Patch %s not found",tmp);
534	SendBuf((char const*)pkt.contents(), pkt.size());
535	return true;
536	}
537	else // have patch
538	{
539	pPatch=pFile;
540	XFER_INIT xferh;
541
542	///- Get the MD5 hash of the patch file (get it from preloaded Patcher cache or calculate it)
543	if(PatchesCache.GetHash(tmp,(uint8*)&xferh.md5))
544	{
545	DEBUG_LOG("\n[AuthChallenge] Found precached patch info for patch %s",tmp);
546	}
547	else
548	{ //calculate patch md5
549	printf("\n[AuthChallenge] Patch info for %s was not cached.",tmp);
550	PatchesCache.LoadPatchMD5(tmp);
551	PatchesCache.GetHash(tmp,(uint8*)&xferh.md5);
552	}
553
554	///- Send a packet to the client with the file length and MD5 hash
555	uint8 data[2]={AUTH_LOGON_PROOF,REALM_AUTH_UPDATE_CLIENT};
556	SendBuf((const char*)data,sizeof(data));
557
558	memcpy(&xferh,"0\x05Patch",7);
559	xferh.cmd=XFER_INITIATE;
560	fseek(pPatch,0,SEEK_END);
561	xferh.file_size=ftell(pPatch);
562
563	SendBuf((const char*)&xferh,sizeof(xferh));
564	return true;
565	}
566	}
567	/// </ul>
568
569	///- Continue the SRP6 calculation based on data received from the client
570	BigNumber A;
571	A.SetBinary(lp.A, 32);
572
573	Sha1Hash sha;
574	sha.UpdateBigNumbers(&A, &B, NULL);
575	sha.Finalize();
576	BigNumber u;
577	u.SetBinary(sha.GetDigest(), 20);
578	BigNumber S = (A * (v.ModExp(u, N))).ModExp(b, N);
579
580	uint8 t[32];
581	uint8 t1[16];
582	uint8 vK[40];
583	memcpy(t, S.AsByteArray(), 32);
584	for (int i = 0; i < 16; i++)
585	{
586	t1[i] = t[i*2];
587	}
588	sha.Initialize();
589	sha.UpdateData(t1, 16);
590	sha.Finalize();
591	for (int i = 0; i < 20; i++)
592	{
593	vK[i*2] = sha.GetDigest()[i];
594	}
595	for (int i = 0; i < 16; i++)
596	{
597	t1[i] = t[i*2+1];
598	}
599	sha.Initialize();
600	sha.UpdateData(t1, 16);
601	sha.Finalize();
602	for (int i = 0; i < 20; i++)
603	{
604	vK[i*2+1] = sha.GetDigest()[i];
605	}
606	K.SetBinary(vK, 40);
607
608	uint8 hash[20];
609
610	sha.Initialize();
611	sha.UpdateBigNumbers(&N, NULL);
612	sha.Finalize();
613	memcpy(hash, sha.GetDigest(), 20);
614	sha.Initialize();
615	sha.UpdateBigNumbers(&g, NULL);
616	sha.Finalize();
617	for (int i = 0; i < 20; i++)
618	{
619	hash[i] ^= sha.GetDigest()[i];
620	}
621	BigNumber t3;
622	t3.SetBinary(hash, 20);
623
624	sha.Initialize();
625	sha.UpdateData(_login);
626	sha.Finalize();
627	uint8 t4[SHA_DIGEST_LENGTH];
628	memcpy(t4, sha.GetDigest(), SHA_DIGEST_LENGTH);
629
630	sha.Initialize();
631	sha.UpdateBigNumbers(&t3, NULL);
632	sha.UpdateData(t4, SHA_DIGEST_LENGTH);
633	sha.UpdateBigNumbers(&s, &A, &B, &K, NULL);
634	sha.Finalize();
635	BigNumber M;
636	M.SetBinary(sha.GetDigest(), 20);
637
638	///- Check if SRP6 results match (password is correct), else send an error
639	if (!memcmp(M.AsByteArray(), lp.M1, 20))
640	{
641	sLog.outBasic("User '%s' successfully authenticated", _login.c_str());
642
643	///- Update the sessionkey, last_ip, last login time and reset number of failed logins in the account table for this account
644	// No SQL injection (escaped user name) and IP address as received by socket
645	const char* K_hex = K.AsHexStr();
646	dbRealmServer.PExecute("UPDATE account SET sessionkey = '%s', last_ip = '%s', last_login = NOW(), locale = '%u', failed_logins = 0 WHERE username = '%s'", K_hex, GetRemoteAddress().c_str(), GetLocaleByName(_localizationName), _safelogin.c_str() );
647	OPENSSL_free((void*)K_hex);
648
649	///- Finish SRP6 and send the final result to the client
650	sha.Initialize();
651	sha.UpdateBigNumbers(&A, &M, &K, NULL);
652	sha.Finalize();
653
654	sAuthLogonProof_S proof;
655	memcpy(proof.M2, sha.GetDigest(), 20);
656	proof.cmd = AUTH_LOGON_PROOF;
657	proof.error = 0;
658	proof.unk1 = 0x00800000;
659	proof.unk2 = 0x00;
660	proof.unk3 = 0x00;
661
662	SendBuf((char *)&proof, sizeof(proof));
663
664	///- Set _authed to true!
665	_authed = true;
666	}
667	else
668	{
669	char data[4]={AUTH_LOGON_PROOF,REALM_AUTH_NO_MATCH,3,0};
670	SendBuf(data,sizeof(data));
671	sLog.outBasic("[AuthChallenge] account %s tried to login with wrong password!",_login.c_str ());
672
673	uint32 MaxWrongPassCount = sConfig.GetIntDefault("WrongPass.MaxCount", 0);
674	if(MaxWrongPassCount > 0)
675	{
676	//Increment number of failed logins by one and if it reaches the limit temporarily ban that account or IP
677	dbRealmServer.PExecute("UPDATE account SET failed_logins = failed_logins + 1 WHERE username = '%s'",_safelogin.c_str());
678
679	if(QueryResult *loginfail = dbRealmServer.PQuery("SELECT id, failed_logins FROM account WHERE username = '%s'", _safelogin.c_str()))
680	{
681	Field* fields = loginfail->Fetch();
682	uint32 failed_logins = fields[1].GetUInt32();
683
684	if( failed_logins >= MaxWrongPassCount )
685	{
686	uint32 WrongPassBanTime = sConfig.GetIntDefault("WrongPass.BanTime", 600);
687	bool WrongPassBanType = sConfig.GetBoolDefault("WrongPass.BanType", false);
688
689	if(WrongPassBanType)
690	{
691	uint32 acc_id = fields[0].GetUInt32();
692	dbRealmServer.PExecute("INSERT INTO account_banned VALUES ('%u',UNIX_TIMESTAMP(),UNIX_TIMESTAMP()+'%u','Trinity realmd','Failed login autoban',1)",
693	acc_id, WrongPassBanTime);
694	sLog.outBasic("[AuthChallenge] account %s got banned for '%u' seconds because it failed to authenticate '%u' times",
695	_login.c_str(), WrongPassBanTime, failed_logins);
696	}
697	else
698	{
699	std::string current_ip = GetRemoteAddress();
700	dbRealmServer.escape_string(current_ip);
701	dbRealmServer.PExecute("INSERT INTO ip_banned VALUES ('%s',UNIX_TIMESTAMP(),UNIX_TIMESTAMP()+'%u','Trinity realmd','Failed login autoban')",
702	current_ip.c_str(), WrongPassBanTime);
703	sLog.outBasic("[AuthChallenge] IP %s got banned for '%u' seconds because account %s failed to authenticate '%u' times",
704	current_ip.c_str(), WrongPassBanTime, _login.c_str(), failed_logins);
705	}
706	}
707	delete loginfail;
708	}
709	}
710	}
711	return true;
712	}
713
714	/// Reconnect Challenge command handler
715	bool AuthSocket::_HandleReconnectChallenge()
716	{
717	DEBUG_LOG("Entering _HandleReconnectChallenge");
718	if (ibuf.GetLength() < sizeof(sAuthLogonChallenge_C))
719	return false;
720
721	///- Read the first 4 bytes (header) to get the length of the remaining of the packet
722	std::vector<uint8> buf;
723	buf.resize(4);
724
725	ibuf.Read((char *)&buf[0], 4);
726
727	EndianConvert(((uint16)(buf[0])));
728	uint16 remaining = ((sAuthLogonChallenge_C *)&buf[0])->size;
729	DEBUG_LOG("[ReconnectChallenge] got header, body is %#04x bytes", remaining);
730
731	if ((remaining < sizeof(sAuthLogonChallenge_C) - buf.size()) \|\| (ibuf.GetLength() < remaining))
732	return false;
733
734	//No big fear of memory outage (size is int16, i.e. < 65536)
735	buf.resize(remaining + buf.size() + 1);
736	buf[buf.size() - 1] = 0;
737	sAuthLogonChallenge_C ch = (sAuthLogonChallenge_C)&buf[0];
738
739	///- Read the remaining of the packet
740	ibuf.Read((char *)&buf[4], remaining);
741	DEBUG_LOG("[ReconnectChallenge] got full packet, %#04x bytes", ch->size);
742	DEBUG_LOG("[ReconnectChallenge] name(%d): '%s'", ch->I_len, ch->I);
743
744	_login = (const char*)ch->I;
745	_safelogin = _login;
746
747	QueryResult *result = dbRealmServer.PQuery ("SELECT sessionkey FROM account WHERE username = '%s'", _safelogin.c_str ());
748
749	// Stop if the account is not found
750	if (!result)
751	{
752	sLog.outError("[ERROR] user %s tried to login and we cannot find his session key in the database.", _login.c_str());
753	SetCloseAndDelete();
754	return false;
755	}
756
757	Field* fields = result->Fetch ();
758	K.SetHexStr (fields[0].GetString ());
759	delete result;
760
761	///- Sending response
762	ByteBuffer pkt;
763	pkt << (uint8) AUTH_RECONNECT_CHALLENGE;
764	pkt << (uint8) 0x00;
765	_reconnectProof.SetRand(16*8);
766	pkt.append(_reconnectProof.AsByteBuffer()); // 16 bytes random
767	pkt << (uint64) 0x00 << (uint64) 0x00; // 16 bytes zeros
768	SendBuf((char const*)pkt.contents(), pkt.size());
769	return true;
770	}
771
772	/// Reconnect Proof command handler
773	bool AuthSocket::_HandleReconnectProof()
774	{
775	DEBUG_LOG("Entering _HandleReconnectProof");
776	///- Read the packet
777	if (ibuf.GetLength() < sizeof(sAuthReconnectProof_C))
778	return false;
779	if (_login.empty() \|\| !_reconnectProof.GetNumBytes() \|\| !K.GetNumBytes())
780	return false;
781	sAuthReconnectProof_C lp;
782	ibuf.Read((char *)&lp, sizeof(sAuthReconnectProof_C));
783
784	BigNumber t1;
785	t1.SetBinary(lp.R1, 16);
786
787	Sha1Hash sha;
788	sha.Initialize();
789	sha.UpdateData(_login);
790	sha.UpdateBigNumbers(&t1, &_reconnectProof, &K, NULL);
791	sha.Finalize();
792
793	if (!memcmp(sha.GetDigest(), lp.R2, SHA_DIGEST_LENGTH))
794	{
795	///- Sending response
796	ByteBuffer pkt;
797	pkt << (uint8) AUTH_RECONNECT_PROOF;
798	pkt << (uint8) 0x00;
799	pkt << (uint16) 0x00; // 2 bytes zeros
800	SendBuf((char const*)pkt.contents(), pkt.size());
801
802	///- Set _authed to true!
803	_authed = true;
804
805	return true;
806	}
807	else
808	{
809	sLog.outError("[ERROR] user %s tried to login, but session invalid.", _login.c_str());
810	SetCloseAndDelete();
811	return false;
812	}
813	}
814
815	/// %Realm List command handler
816	bool AuthSocket::_HandleRealmList()
817	{
818	DEBUG_LOG("Entering _HandleRealmList");
819	if (ibuf.GetLength() < 5)
820	return false;
821
822	ibuf.Remove(5);
823
824	///- Get the user id (else close the connection)
825	// No SQL injection (escaped user name)
826
827	QueryResult *result = dbRealmServer.PQuery("SELECT id,sha_pass_hash FROM account WHERE username = '%s'",_safelogin.c_str());
828	if(!result)
829	{
830	sLog.outError("[ERROR] user %s tried to login and we cannot find him in the database.",_login.c_str());
831	SetCloseAndDelete();
832	return false;
833	}
834
835	uint32 id = (*result)[0].GetUInt32();
836	std::string rI = (*result)[1].GetCppString();
837	delete result;
838
839	///- Update realm list if need
840	m_realmList.UpdateIfNeed();
841
842	///- Circle through realms in the RealmList and construct the return packet (including # of user characters in each realm)
843	ByteBuffer pkt;
844	pkt << (uint32) 0;
845	pkt << (uint16) m_realmList.size();
846	RealmList::RealmMap::const_iterator i;
847	for( i = m_realmList.begin(); i != m_realmList.end(); i++ )
848	{
849	uint8 AmountOfCharacters;
850
851	// No SQL injection. id of realm is controlled by the database.
852	result = dbRealmServer.PQuery( "SELECT numchars FROM realmcharacters WHERE realmid = '%d' AND acctid='%u'",i->second.m_ID,id);
853	if( result )
854	{
855	Field *fields = result->Fetch();
856	AmountOfCharacters = fields[0].GetUInt8();
857	delete result;
858	}
859	else
860	AmountOfCharacters = 0;
861
862	uint8 lock = (i->second.allowedSecurityLevel > _accountSecurityLevel) ? 1 : 0;
863
864	pkt << i->second.icon; // realm type
865	pkt << lock; // if 1, then realm locked
866	pkt << i->second.color; // if 2, then realm is offline
867	pkt << i->first;
868	pkt << i->second.address;
869	pkt << i->second.populationLevel;
870	pkt << AmountOfCharacters;
871	pkt << i->second.timezone; // realm category
872	pkt << (uint8) 0x2C; // unk, may be realm number/id?
873	}
874	pkt << (uint8) 0x10;
875	pkt << (uint8) 0x00;
876
877	ByteBuffer hdr;
878	hdr << (uint8) REALM_LIST;
879	hdr << (uint16)pkt.size();
880	hdr.append(pkt);
881
882	SendBuf((char const*)hdr.contents(), hdr.size());
883
884	// Set check field before possible relogin to realm
885	_SetVSFields(rI);
886	return true;
887	}
888
889	/// Resume patch transfer
890	bool AuthSocket::_HandleXferResume()
891	{
892	DEBUG_LOG("Entering _HandleXferResume");
893	///- Check packet length and patch existence
894	if (ibuf.GetLength()<9 \|\| !pPatch)
895	{
896	sLog.outError("Error while resuming patch transfer (wrong packet)");
897	return false;
898	}
899
900	///- Launch a PatcherRunnable thread starting at given patch file offset
901	uint64 start;
902	ibuf.Remove(1);
903	ibuf.Read((char*)&start,sizeof(start));
904	fseek(pPatch,start,0);
905
906	ZThread::Thread u(new PatcherRunnable(this));
907	return true;
908	}
909
910	/// Cancel patch transfer
911	bool AuthSocket::_HandleXferCancel()
912	{
913	DEBUG_LOG("Entering _HandleXferCancel");
914
915	///- Close and delete the socket
916	ibuf.Remove(1); //clear input buffer
917
918	//ZThread::Thread::sleep(15);
919	SetCloseAndDelete();
920
921	return true;
922	}
923
924	/// Accept patch transfer
925	bool AuthSocket::_HandleXferAccept()
926	{
927	DEBUG_LOG("Entering _HandleXferAccept");
928
929	///- Check packet length and patch existence
930	if (!pPatch)
931	{
932	sLog.outError("Error while accepting patch transfer (wrong packet)");
933	return false;
934	}
935
936	///- Launch a PatcherRunnable thread, starting at the begining of the patch file
937	ibuf.Remove(1); //clear input buffer
938	fseek(pPatch,0,0);
939
940	ZThread::Thread u(new PatcherRunnable(this));
941
942	return true;
943	}
944
945	/// Check if there is lag on the connection to the client
946	bool AuthSocket::IsLag()
947	{
948	return (TCP_BUFSIZE_READ-GetOutputLength()< 2*ChunkSize);
949	}
950
951	PatcherRunnable::PatcherRunnable(class AuthSocket * as)
952	{
953	mySocket=as;
954	}
955
956	/// Send content of patch file to the client
957	void PatcherRunnable::run()
958	{
959	ZThread::Guard<ZThread::Mutex> g(mySocket->patcherLock);
960	XFER_DATA_STRUCT xfdata;
961	xfdata.opcode = XFER_DATA;
962
963	while(!feof(mySocket->pPatch) && mySocket->Ready())
964	{
965	///- Wait until output buffer is reasonably empty
966	while(mySocket->Ready() && mySocket->IsLag())
967	{
968	ZThread::Thread::sleep(1);
969	}
970	///- And send content of the patch file to the client
971	xfdata.data_size=fread(&xfdata.data,1,ChunkSize,mySocket->pPatch);
972	mySocket->SendBuf((const char*)&xfdata,xfdata.data_size +(sizeof(XFER_DATA_STRUCT)-ChunkSize));
973	}
974	}
975
976	/// Preload MD5 hashes of existing patch files on server
977	#ifndef _WIN32
978	#include <dirent.h>
979	#include <errno.h>
980	void Patcher::LoadPatchesInfo()
981	{
982	DIR * dirp;
983	//int errno;
984	struct dirent * dp;
985	dirp = opendir("./patches/");
986	if(!dirp)
987	return;
988	while (dirp)
989	{
990	errno = 0;
991	if ((dp = readdir(dirp)) != NULL)
992	{
993	int l=strlen(dp->d_name);
994	if(l<8)continue;
995	if(!memcmp(&dp->d_name[l-4],".mpq",4))
996	LoadPatchMD5(dp->d_name);
997	}
998	else
999	{
1000	if(errno != 0)
1001	{
1002	closedir(dirp);
1003	return;
1004	}
1005	break;
1006	}
1007	}
1008
1009	if(dirp)
1010	closedir(dirp);
1011	}
1012
1013	#else
1014	void Patcher::LoadPatchesInfo()
1015	{
1016	WIN32_FIND_DATA fil;
1017	HANDLE hFil=FindFirstFile("./patches/*.mpq",&fil);
1018	if(hFil==INVALID_HANDLE_VALUE)
1019	return; //no patches were found
1020
1021	do
1022	{
1023	LoadPatchMD5(fil.cFileName);
1024	}
1025	while(FindNextFile(hFil,&fil));
1026	}
1027	#endif
1028
1029	/// Calculate and store MD5 hash for a given patch file
1030	void Patcher::LoadPatchMD5(char * szFileName)
1031	{
1032	///- Try to open the patch file
1033	std::string path = "./patches/";
1034	path += szFileName;
1035	FILE * pPatch=fopen(path.c_str(),"rb");
1036	sLog.outDebug("Loading patch info from %s\n",path.c_str());
1037	if(!pPatch)
1038	{
1039	sLog.outError("Error loading patch %s\n",path.c_str());
1040	return;
1041	}
1042
1043	///- Calculate the MD5 hash
1044	MD5_CTX ctx;
1045	MD5_Init(&ctx);
1046	uint8* buf = new uint8[512*1024];
1047
1048	while (!feof(pPatch))
1049	{
1050	size_t read = fread(buf, 1, 512*1024, pPatch);
1051	MD5_Update(&ctx, buf, read);
1052	}
1053	delete [] buf;
1054	fclose(pPatch);
1055
1056	///- Store the result in the internal patch hash map
1057	_patches[path] = new PATCH_INFO;
1058	MD5_Final((uint8 *)&_patches[path]->md5 , &ctx);
1059	}
1060
1061	/// Get cached MD5 hash for a given patch file
1062	bool Patcher::GetHash(char * pat,uint8 mymd5[16])
1063	{
1064	for( Patches::iterator i = _patches.begin(); i != _patches.end(); i++ )
1065	if(!stricmp(pat,i->first.c_str () ))
1066	{
1067	memcpy(mymd5,i->second->md5,16);
1068	return true;
1069	}
1070
1071	return false;
1072	}
1073
1074	/// Launch the patch hashing mechanism on object creation
1075	Patcher::Patcher()
1076	{
1077	LoadPatchesInfo();
1078	}
1079
1080	/// Empty and delete the patch map on termination
1081	Patcher::~Patcher()
1082	{
1083	for(Patches::iterator i = _patches.begin(); i != _patches.end(); i++ )
1084	delete i->second;
1085	}

Note: See TracBrowser for help on using the browser.

Context Navigation

root/trunk/src/trinityrealm/AuthSocket.cpp @ 170

Download in other formats: