AuthSession Struct Reference

#include "AuthSession.h"

Inheritance diagram for AuthSession:

Public Member Functions
	AuthSession (tcp::socket &&socket)
void	Start () override
bool	Update () override
void	SendPacket (ByteBuffer &packet)
Public Member Functions inherited from Socket< AuthSession >
	Socket (tcp::socket &&socket)
virtual	~Socket ()
boost::asio::ip::address	GetRemoteIpAddress () const
uint16	GetRemotePort () const
void	AsyncRead ()
void	AsyncReadProxyHeader ()
void	AsyncReadWithCallback (void(T::*callback)(boost::system::error_code, std::size_t))
void	QueuePacket (MessageBuffer &&buffer)
ProxyHeaderReadingState	GetProxyHeaderReadingState () const
bool	IsOpen () const
void	CloseSocket ()
void	DelayedCloseSocket ()
	Marks the socket for closing after write buffer becomes empty.
MessageBuffer &	GetReadBuffer ()

Static Public Member Functions
static std::unordered_map< uint8, AuthHandler >	InitHandlers ()

Public Attributes
uint32	BattlegroupID = 0
uint32	LoginServerType = 0
uint32	RealmID = 0
uint32	Build = 0
std::array< uint8, 4 >	LocalChallenge = {}
uint32	LoginServerID = 0
uint32	RegionID = 0
uint64	DosResponse = 0
Acore::Crypto::SHA1::Digest	Digest = {}
std::string	Account
ByteBuffer	AddonInfo

Protected Member Functions
void	ReadHandler () override
Protected Member Functions inherited from Socket< AuthSession >
virtual void	OnClose ()
bool	AsyncProcessQueue ()
void	SetNoDelay (bool enable)

Private Types
typedef Socket< AuthSession >	AuthSocket

Private Member Functions
bool	HandleLogonChallenge ()
bool	HandleLogonProof ()
bool	HandleReconnectChallenge ()
bool	HandleReconnectProof ()
bool	HandleRealmList ()
void	CheckIpCallback (PreparedQueryResult result)
void	LogonChallengeCallback (PreparedQueryResult result)
void	ReconnectChallengeCallback (PreparedQueryResult result)
void	RealmListCallback (PreparedQueryResult result)
bool	VerifyVersion (uint8 const *a, int32 aLength, Acore::Crypto::SHA1::Digest const &versionProof, bool isReconnect)

Private Attributes
Optional< Acore::Crypto::SRP6 >	_srp6
SessionKey	_sessionKey = {}
std::array< uint8, 16 >	_reconnectProof = {}
AuthStatus	_status
AccountInfo	_accountInfo
Optional< std::vector< uint8 > >	_totpSecret
std::string	_localizationName
std::string	_os
std::string	_ipCountry
uint16	_build
uint8	_expversion
QueryCallbackProcessor	_queryProcessor

Detailed Description

Member Typedef Documentation

AuthSocket

typedef Socket<AuthSession> AuthSession::AuthSocket

private

Constructor & Destructor Documentation

AuthSession()

AuthSession::AuthSession

(

tcp::socket &&

socket

)

                                           :
    Socket(std::move(socket)), _status(STATUS_CHALLENGE), _build(0), _expversion(0) { }

Member Function Documentation

CheckIpCallback()

void AuthSession::CheckIpCallback ( PreparedQueryResult  result )

private

{
    if (result)
    {
        bool banned = false;
 
        for (auto const& fields : *result)
        {
            if (fields[0].Get<uint64>() != 0)
            {
                banned = true;
                break;
            }
        }
 
        if (banned)
        {
            ByteBuffer pkt;
            pkt << uint8(AUTH_LOGON_CHALLENGE);
            pkt << uint8(0x00);
            pkt << uint8(WOW_FAIL_BANNED);
            SendPacket(pkt);
            LOG_DEBUG("session", "[AuthSession::CheckIpCallback] Banned ip '{}:{}' tries to login!", GetRemoteIpAddress().to_string(), GetRemotePort());
            return;
        }
    }
 
    AsyncRead();
}

References Socket< AuthSession >::AsyncRead(), AUTH_LOGON_CHALLENGE, Socket< AuthSession >::GetRemoteIpAddress(), Socket< AuthSession >::GetRemotePort(), LOG_DEBUG, SendPacket(), and WOW_FAIL_BANNED.

Referenced by Start().

HandleLogonChallenge()

bool AuthSession::HandleLogonChallenge ( )

private

{
    _status = STATUS_CLOSED;
 
    sAuthLogonChallenge_C* challenge = reinterpret_cast<sAuthLogonChallenge_C*>(GetReadBuffer().GetReadPointer());
    if (challenge->size - (sizeof(sAuthLogonChallenge_C) - AUTH_LOGON_CHALLENGE_INITIAL_SIZE - 1) != challenge->I_len)
        return false;
 
    std::string login((char const*)challenge->I, challenge->I_len);
    LOG_DEBUG("server.authserver", "[AuthChallenge] '{}'", login);
 
    _build = challenge->build;
    _expversion = uint8(AuthHelper::IsPostBCAcceptedClientBuild(_build) ? POST_BC_EXP_FLAG : (AuthHelper::IsPreBCAcceptedClientBuild(_build) ? PRE_BC_EXP_FLAG : NO_VALID_EXP_FLAG));
    std::array<char, 5> os;
    os.fill('\0');
    memcpy(os.data(), challenge->os, sizeof(challenge->os));
    _os = os.data();
 
    // Restore string order as its byte order is reversed
    std::reverse(_os.begin(), _os.end());
 
    _localizationName.resize(4);
    for (int i = 0; i < 4; ++i)
        _localizationName[i] = challenge->country[4 - i - 1];
 
    // Get the account details from the account table
    LoginDatabasePreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_LOGONCHALLENGE);
    stmt->SetData(0, GetRemoteIpAddress().to_string());
    stmt->SetData(1, login);
 
    _queryProcessor.AddCallback(LoginDatabase.AsyncQuery(stmt).WithPreparedCallback(std::bind(&AuthSession::LogonChallengeCallback, this, std::placeholders::_1)));
    return true;
}

References _build, _expversion, _localizationName, _os, _queryProcessor, _status, AsyncCallbackProcessor< T >::AddCallback(), AUTH_LOGON_CHALLENGE_INITIAL_SIZE, AUTH_LOGON_CHALLENGE_C::build, AUTH_LOGON_CHALLENGE_C::country, Socket< AuthSession >::GetReadBuffer(), MessageBuffer::GetReadPointer(), Socket< AuthSession >::GetRemoteIpAddress(), AUTH_LOGON_CHALLENGE_C::I, AUTH_LOGON_CHALLENGE_C::I_len, AuthHelper::IsPostBCAcceptedClientBuild(), AuthHelper::IsPreBCAcceptedClientBuild(), LOG_DEBUG, LOGIN_SEL_LOGONCHALLENGE, LoginDatabase, LogonChallengeCallback(), NO_VALID_EXP_FLAG, AUTH_LOGON_CHALLENGE_C::os, POST_BC_EXP_FLAG, PRE_BC_EXP_FLAG, PreparedStatementBase::SetData(), AUTH_LOGON_CHALLENGE_C::size, and STATUS_CLOSED.

Referenced by InitHandlers().

HandleLogonProof()

bool AuthSession::HandleLogonProof ( )

private

{
    LOG_DEBUG("server.authserver", "Entering _HandleLogonProof");
    _status = STATUS_CLOSED;
 
    // Read the packet
    sAuthLogonProof_C* logonProof = reinterpret_cast<sAuthLogonProof_C*>(GetReadBuffer().GetReadPointer());
 
    // If the client has no valid version
    if (_expversion == NO_VALID_EXP_FLAG)
    {
        // Check if we have the appropriate patch on the disk
        LOG_DEBUG("network", "Client with invalid version, patching is not implemented");
        return false;
    }
 
    // Check if SRP6 results match (password is correct), else send an error
    if (Optional<SessionKey> K = _srp6->VerifyChallengeResponse(logonProof->A, logonProof->clientM))
    {
        _sessionKey = *K;
        // Check auth token
        bool tokenSuccess = false;
        bool sentToken = (logonProof->securityFlags & 0x04);
        if (sentToken && _totpSecret)
        {
            uint8 size = *(GetReadBuffer().GetReadPointer() + sizeof(sAuthLogonProof_C));
            std::string token(reinterpret_cast<char*>(GetReadBuffer().GetReadPointer() + sizeof(sAuthLogonProof_C) + sizeof(size)), size);
            GetReadBuffer().ReadCompleted(sizeof(size) + size);
 
            uint32 incomingToken = *Acore::StringTo<uint32>(token);
            tokenSuccess = Acore::Crypto::TOTP::ValidateToken(*_totpSecret, incomingToken);
            memset(_totpSecret->data(), 0, _totpSecret->size());
        }
        else if (!sentToken && !_totpSecret)
            tokenSuccess = true;
 
        if (!tokenSuccess)
        {
            ByteBuffer packet;
            packet << uint8(AUTH_LOGON_PROOF);
            packet << uint8(WOW_FAIL_UNKNOWN_ACCOUNT);
            packet << uint16(0);    // LoginFlags, 1 has account message
            SendPacket(packet);
            return true;
        }
 
        if (!VerifyVersion(logonProof->A.data(), logonProof->A.size(), logonProof->crc_hash, false))
        {
            ByteBuffer packet;
            packet << uint8(AUTH_LOGON_PROOF);
            packet << uint8(WOW_FAIL_VERSION_INVALID);
            SendPacket(packet);
            return true;
        }
 
        LOG_DEBUG("server.authserver", "'{}:{}' User '{}' successfully authenticated", GetRemoteIpAddress().to_string(), GetRemotePort(), _accountInfo.Login);
 
        // Update the sessionkey, last_ip, last login time and reset number of failed logins in the account table for this account
        // No SQL injection (escaped user name) and IP address as received by socket
 
        std::string address = sConfigMgr->GetOption<bool>("AllowLoggingIPAddressesInDatabase", true, true) ? GetRemoteIpAddress().to_string() : "0.0.0.0";
        LoginDatabasePreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_UPD_LOGONPROOF);
        stmt->SetData(0, _sessionKey);
        stmt->SetData(1, address);
        stmt->SetData(2, GetLocaleByName(_localizationName));
        stmt->SetData(3, _os);
        stmt->SetData(4, _accountInfo.Login);
        LoginDatabase.DirectExecute(stmt);
 
        // Finish SRP6 and send the final result to the client
        Acore::Crypto::SHA1::Digest M2 = Acore::Crypto::SRP6::GetSessionVerifier(logonProof->A, logonProof->clientM, _sessionKey);
 
        ByteBuffer packet;
        if (_expversion & POST_BC_EXP_FLAG)                 // 2.x and 3.x clients
        {
            sAuthLogonProof_S proof;
            proof.M2 = M2;
            proof.cmd = AUTH_LOGON_PROOF;
            proof.error = 0;
            proof.AccountFlags = 0x00800000;    // 0x01 = GM, 0x08 = Trial, 0x00800000 = Pro pass (arena tournament)
            proof.SurveyId = 0;
            proof.LoginFlags = 0;               // 0x1 = has account message
 
            packet.resize(sizeof(proof));
            std::memcpy(packet.contents(), &proof, sizeof(proof));
        }
        else
        {
            sAuthLogonProof_S_Old proof;
            proof.M2 = M2;
            proof.cmd = AUTH_LOGON_PROOF;
            proof.error = 0;
            proof.unk2 = 0x00;
 
            packet.resize(sizeof(proof));
            std::memcpy(packet.contents(), &proof, sizeof(proof));
        }
 
        SendPacket(packet);
        _status = STATUS_AUTHED;
    }
    else
    {
        ByteBuffer packet;
        packet << uint8(AUTH_LOGON_PROOF);
        packet << uint8(WOW_FAIL_UNKNOWN_ACCOUNT);
        packet << uint16(0);    // LoginFlags, 1 has account message
        SendPacket(packet);
 
        LOG_INFO("server.authserver.hack", "'{}:{}' [AuthChallenge] account {} tried to login with invalid password!",
            GetRemoteIpAddress().to_string(), GetRemotePort(), _accountInfo.Login);
 
        uint32 MaxWrongPassCount = sConfigMgr->GetOption<int32>("WrongPass.MaxCount", 0);
 
        // We can not include the failed account login hook. However, this is a workaround to still log this.
        if (sConfigMgr->GetOption<bool>("WrongPass.Logging", false))
        {
            LoginDatabasePreparedStatement* logstmt = LoginDatabase.GetPreparedStatement(LOGIN_INS_FALP_IP_LOGGING);
            logstmt->SetData(0, _accountInfo.Id);
            logstmt->SetData(1, GetRemoteIpAddress().to_string());
            logstmt->SetData(2, "Login to WoW Failed - Incorrect Password");
 
            LoginDatabase.Execute(logstmt);
        }
 
        if (MaxWrongPassCount > 0)
        {
            //Increment number of failed logins by one and if it reaches the limit temporarily ban that account or IP
            LoginDatabasePreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_UPD_FAILEDLOGINS);
            stmt->SetData(0, _accountInfo.Login);
            LoginDatabase.Execute(stmt);
 
            if (++_accountInfo.FailedLogins >= MaxWrongPassCount)
            {
                uint32 WrongPassBanTime = sConfigMgr->GetOption<int32>("WrongPass.BanTime", 600);
                bool WrongPassBanType = sConfigMgr->GetOption<bool>("WrongPass.BanType", false);
 
                if (WrongPassBanType)
                {
                    stmt = LoginDatabase.GetPreparedStatement(LOGIN_INS_ACCOUNT_AUTO_BANNED);
                    stmt->SetData(0, _accountInfo.Id);
                    stmt->SetData(1, WrongPassBanTime);
                    LoginDatabase.Execute(stmt);
 
                    LOG_DEBUG("server.authserver", "'{}:{}' [AuthChallenge] account {} got banned for '{}' seconds because it failed to authenticate '{}' times",
                        GetRemoteIpAddress().to_string(), GetRemotePort(), _accountInfo.Login, WrongPassBanTime, _accountInfo.FailedLogins);
                }
                else
                {
                    stmt = LoginDatabase.GetPreparedStatement(LOGIN_INS_IP_AUTO_BANNED);
                    stmt->SetData(0, GetRemoteIpAddress().to_string());
                    stmt->SetData(1, WrongPassBanTime);
                    LoginDatabase.Execute(stmt);
 
                    LOG_DEBUG("server.authserver", "'{}:{}' [AuthChallenge] IP got banned for '{}' seconds because account {} failed to authenticate '{}' times",
                        GetRemoteIpAddress().to_string(), GetRemotePort(), WrongPassBanTime, _accountInfo.Login, _accountInfo.FailedLogins);
                }
            }
        }
    }
 
    return true;
}

References _accountInfo, _expversion, _localizationName, _os, _sessionKey, _srp6, _status, _totpSecret, AUTH_LOGON_PROOF_C::A, AUTH_LOGON_PROOF_S::AccountFlags, AUTH_LOGON_PROOF, AUTH_LOGON_PROOF_C::clientM, AUTH_LOGON_PROOF_S::cmd, AUTH_LOGON_PROOF_S_OLD::cmd, ByteBuffer::contents(), AUTH_LOGON_PROOF_C::crc_hash, AUTH_LOGON_PROOF_S::error, AUTH_LOGON_PROOF_S_OLD::error, AccountInfo::FailedLogins, GetLocaleByName(), Socket< AuthSession >::GetReadBuffer(), MessageBuffer::GetReadPointer(), Socket< AuthSession >::GetRemoteIpAddress(), Socket< AuthSession >::GetRemotePort(), Acore::Crypto::SRP6::GetSessionVerifier(), AccountInfo::Id, LOG_DEBUG, LOG_INFO, AccountInfo::Login, LOGIN_INS_ACCOUNT_AUTO_BANNED, LOGIN_INS_FALP_IP_LOGGING, LOGIN_INS_IP_AUTO_BANNED, LOGIN_UPD_FAILEDLOGINS, LOGIN_UPD_LOGONPROOF, LoginDatabase, AUTH_LOGON_PROOF_S::LoginFlags, AUTH_LOGON_PROOF_S::M2, AUTH_LOGON_PROOF_S_OLD::M2, NO_VALID_EXP_FLAG, POST_BC_EXP_FLAG, MessageBuffer::ReadCompleted(), ByteBuffer::resize(), sConfigMgr, AUTH_LOGON_PROOF_C::securityFlags, SendPacket(), PreparedStatementBase::SetData(), STATUS_AUTHED, STATUS_CLOSED, AUTH_LOGON_PROOF_S::SurveyId, AUTH_LOGON_PROOF_S_OLD::unk2, Acore::Crypto::TOTP::ValidateToken(), VerifyVersion(), WOW_FAIL_UNKNOWN_ACCOUNT, and WOW_FAIL_VERSION_INVALID.

Referenced by InitHandlers().

HandleRealmList()

bool AuthSession::HandleRealmList ( )

private

{
    LOG_DEBUG("server.authserver", "Entering _HandleRealmList");
 
    LoginDatabasePreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_REALM_CHARACTER_COUNTS);
    stmt->SetData(0, _accountInfo.Id);
 
    _queryProcessor.AddCallback(LoginDatabase.AsyncQuery(stmt).WithPreparedCallback(std::bind(&AuthSession::RealmListCallback, this, std::placeholders::_1)));
    _status = STATUS_WAITING_FOR_REALM_LIST;
    return true;
}

References _accountInfo, _queryProcessor, _status, AsyncCallbackProcessor< T >::AddCallback(), AccountInfo::Id, LOG_DEBUG, LOGIN_SEL_REALM_CHARACTER_COUNTS, LoginDatabase, RealmListCallback(), PreparedStatementBase::SetData(), and STATUS_WAITING_FOR_REALM_LIST.

Referenced by InitHandlers().

HandleReconnectChallenge()

bool AuthSession::HandleReconnectChallenge ( )

private

{
    _status = STATUS_CLOSED;
 
    sAuthLogonChallenge_C* challenge = reinterpret_cast<sAuthLogonChallenge_C*>(GetReadBuffer().GetReadPointer());
    if (challenge->size - (sizeof(sAuthLogonChallenge_C) - AUTH_LOGON_CHALLENGE_INITIAL_SIZE - 1) != challenge->I_len)
        return false;
 
    std::string login((char const*)challenge->I, challenge->I_len);
    LOG_DEBUG("server.authserver", "[ReconnectChallenge] '{}'", login);
 
    _build = challenge->build;
    _expversion = uint8(AuthHelper::IsPostBCAcceptedClientBuild(_build) ? POST_BC_EXP_FLAG : (AuthHelper::IsPreBCAcceptedClientBuild(_build) ? PRE_BC_EXP_FLAG : NO_VALID_EXP_FLAG));
 
    std::array<char, 5> os;
    os.fill('\0');
    memcpy(os.data(), challenge->os, sizeof(challenge->os));
    _os = os.data();
 
    // Restore string order as its byte order is reversed
    std::reverse(_os.begin(), _os.end());
 
    _localizationName.resize(4);
    for (int i = 0; i < 4; ++i)
        _localizationName[i] = challenge->country[4 - i - 1];
 
    // Get the account details from the account table
    LoginDatabasePreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_RECONNECTCHALLENGE);
    stmt->SetData(0, GetRemoteIpAddress().to_string());
    stmt->SetData(1, login);
 
    _queryProcessor.AddCallback(LoginDatabase.AsyncQuery(stmt).WithPreparedCallback(std::bind(&AuthSession::ReconnectChallengeCallback, this, std::placeholders::_1)));
    return true;
}

References _build, _expversion, _localizationName, _os, _queryProcessor, _status, AsyncCallbackProcessor< T >::AddCallback(), AUTH_LOGON_CHALLENGE_INITIAL_SIZE, AUTH_LOGON_CHALLENGE_C::build, AUTH_LOGON_CHALLENGE_C::country, Socket< AuthSession >::GetReadBuffer(), MessageBuffer::GetReadPointer(), Socket< AuthSession >::GetRemoteIpAddress(), AUTH_LOGON_CHALLENGE_C::I, AUTH_LOGON_CHALLENGE_C::I_len, AuthHelper::IsPostBCAcceptedClientBuild(), AuthHelper::IsPreBCAcceptedClientBuild(), LOG_DEBUG, LOGIN_SEL_RECONNECTCHALLENGE, LoginDatabase, NO_VALID_EXP_FLAG, AUTH_LOGON_CHALLENGE_C::os, POST_BC_EXP_FLAG, PRE_BC_EXP_FLAG, ReconnectChallengeCallback(), PreparedStatementBase::SetData(), AUTH_LOGON_CHALLENGE_C::size, and STATUS_CLOSED.

Referenced by InitHandlers().

HandleReconnectProof()

bool AuthSession::HandleReconnectProof ( )

private

{
    LOG_DEBUG("server.authserver", "Entering _HandleReconnectProof");
    _status = STATUS_CLOSED;
 
    sAuthReconnectProof_C* reconnectProof = reinterpret_cast<sAuthReconnectProof_C*>(GetReadBuffer().GetReadPointer());
 
    if (_accountInfo.Login.empty())
        return false;
 
    Acore::Crypto::SHA1 sha;
    sha.UpdateData(_accountInfo.Login);
    sha.UpdateData(reconnectProof->R1, 16);
    sha.UpdateData(_reconnectProof);
    sha.UpdateData(_sessionKey);
    sha.Finalize();
 
    if (sha.GetDigest() == reconnectProof->R2)
    {
        if (!VerifyVersion(reconnectProof->R1, sizeof(reconnectProof->R1), reconnectProof->R3, true))
        {
            ByteBuffer packet;
            packet << uint8(AUTH_RECONNECT_PROOF);
            packet << uint8(WOW_FAIL_VERSION_INVALID);
            SendPacket(packet);
            return true;
        }
 
        // Sending response
        ByteBuffer pkt;
        pkt << uint8(AUTH_RECONNECT_PROOF);
        pkt << uint8(WOW_SUCCESS);
        pkt << uint16(0);    // LoginFlags, 1 has account message
        SendPacket(pkt);
        _status = STATUS_AUTHED;
        return true;
    }
    else
    {
        LOG_ERROR("server.authserver.hack", "'{}:{}' [ERROR] user {} tried to login, but session is invalid.", GetRemoteIpAddress().to_string(),
            GetRemotePort(), _accountInfo.Login);
        return false;
    }
}

References _accountInfo, _reconnectProof, _sessionKey, _status, AUTH_RECONNECT_PROOF, Acore::Impl::GenericHash< HashCreator, DigestLength >::Finalize(), Acore::Impl::GenericHash< HashCreator, DigestLength >::GetDigest(), Socket< AuthSession >::GetReadBuffer(), MessageBuffer::GetReadPointer(), Socket< AuthSession >::GetRemoteIpAddress(), Socket< AuthSession >::GetRemotePort(), LOG_DEBUG, LOG_ERROR, AccountInfo::Login, AUTH_RECONNECT_PROOF_C::R1, AUTH_RECONNECT_PROOF_C::R2, AUTH_RECONNECT_PROOF_C::R3, SendPacket(), STATUS_AUTHED, STATUS_CLOSED, Acore::Impl::GenericHash< HashCreator, DigestLength >::UpdateData(), VerifyVersion(), WOW_FAIL_VERSION_INVALID, and WOW_SUCCESS.

Referenced by InitHandlers().

InitHandlers()

std::unordered_map< uint8, AuthHandler > AuthSession::InitHandlers ( )

static

{
    std::unordered_map<uint8, AuthHandler> handlers;
 
    handlers[AUTH_LOGON_CHALLENGE] =        { STATUS_CHALLENGE,         AUTH_LOGON_CHALLENGE_INITIAL_SIZE, &AuthSession::HandleLogonChallenge };
    handlers[AUTH_LOGON_PROOF] =            { STATUS_LOGON_PROOF,       sizeof(AUTH_LOGON_PROOF_C),        &AuthSession::HandleLogonProof };
    handlers[AUTH_RECONNECT_CHALLENGE] =    { STATUS_CHALLENGE,         AUTH_LOGON_CHALLENGE_INITIAL_SIZE, &AuthSession::HandleReconnectChallenge };
    handlers[AUTH_RECONNECT_PROOF] =        { STATUS_RECONNECT_PROOF,   sizeof(AUTH_RECONNECT_PROOF_C),    &AuthSession::HandleReconnectProof };
    handlers[REALM_LIST] =                  { STATUS_AUTHED,            REALM_LIST_PACKET_SIZE,            &AuthSession::HandleRealmList };
 
    return handlers;
}

References AUTH_LOGON_CHALLENGE, AUTH_LOGON_CHALLENGE_INITIAL_SIZE, AUTH_LOGON_PROOF, AUTH_RECONNECT_CHALLENGE, AUTH_RECONNECT_PROOF, HandleLogonChallenge(), HandleLogonProof(), HandleRealmList(), HandleReconnectChallenge(), HandleReconnectProof(), REALM_LIST, REALM_LIST_PACKET_SIZE, STATUS_AUTHED, STATUS_CHALLENGE, STATUS_LOGON_PROOF, and STATUS_RECONNECT_PROOF.

LogonChallengeCallback()

void AuthSession::LogonChallengeCallback ( PreparedQueryResult  result )

private

{
    ByteBuffer pkt;
    pkt << uint8(AUTH_LOGON_CHALLENGE);
    pkt << uint8(0x00);
 
    if (!result)
    {
        pkt << uint8(WOW_FAIL_UNKNOWN_ACCOUNT);
        SendPacket(pkt);
        return;
    }
 
    Field* fields = result->Fetch();
 
    _accountInfo.LoadResult(fields);
 
    std::string ipAddress = GetRemoteIpAddress().to_string();
    uint16 port = GetRemotePort();
 
    // If the IP is 'locked', check that the player comes indeed from the correct IP address
    if (_accountInfo.IsLockedToIP)
    {
        LOG_DEBUG("server.authserver", "[AuthChallenge] Account '{}' is locked to IP - '{}' is logging in from '{}'", _accountInfo.Login, _accountInfo.LastIP, ipAddress);
        if (_accountInfo.LastIP != ipAddress)
        {
            pkt << uint8(WOW_FAIL_LOCKED_ENFORCED);
            SendPacket(pkt);
            return;
        }
    }
    else
    {
        if (IpLocationRecord const* location = sIPLocation->GetLocationRecord(ipAddress))
            _ipCountry = location->CountryCode;
 
        LOG_DEBUG("server.authserver", "[AuthChallenge] Account '{}' is not locked to ip", _accountInfo.Login);
        if (_accountInfo.LockCountry.empty() || _accountInfo.LockCountry == "00")
            LOG_DEBUG("server.authserver", "[AuthChallenge] Account '{}' is not locked to country", _accountInfo.Login);
        else if (!_ipCountry.empty())
        {
            LOG_DEBUG("server.authserver", "[AuthChallenge] Account '{}' is locked to country: '{}' Player country is '{}'", _accountInfo.Login, _accountInfo.LockCountry, _ipCountry);
            if (_ipCountry != _accountInfo.LockCountry)
            {
                pkt << uint8(WOW_FAIL_UNLOCKABLE_LOCK);
                SendPacket(pkt);
                return;
            }
        }
    }
 
    // If the account is banned, reject the logon attempt
    if (_accountInfo.IsBanned)
    {
        if (_accountInfo.IsPermanentlyBanned)
        {
            pkt << uint8(WOW_FAIL_BANNED);
            SendPacket(pkt);
            LOG_INFO("server.authserver.banned", "'{}:{}' [AuthChallenge] Banned account {} tried to login!", ipAddress, port, _accountInfo.Login);
            return;
        }
        else
        {
            pkt << uint8(WOW_FAIL_SUSPENDED);
            SendPacket(pkt);
            LOG_INFO("server.authserver.banned", "'{}:{}' [AuthChallenge] Temporarily banned account {} tried to login!", ipAddress, port, _accountInfo.Login);
            return;
        }
    }
 
    uint8 securityFlags = 0;
 
    // Check if a TOTP token is needed
    if (!fields[11].IsNull())
    {
        securityFlags = 4;
        _totpSecret = fields[11].Get<Binary>();
 
        if (auto const& secret = sSecretMgr->GetSecret(SECRET_TOTP_MASTER_KEY))
        {
            bool success = Acore::Crypto::AEDecrypt<Acore::Crypto::AES>(*_totpSecret, *secret);
            if (!success)
            {
                pkt << uint8(WOW_FAIL_DB_BUSY);
                LOG_ERROR("server.authserver", "[AuthChallenge] Account '{}' has invalid ciphertext for TOTP token key stored", _accountInfo.Login);
                SendPacket(pkt);
                return;
            }
        }
    }
 
    _srp6.emplace(_accountInfo.Login,
        fields[12].Get<Binary, Acore::Crypto::SRP6::SALT_LENGTH>(),
        fields[13].Get<Binary, Acore::Crypto::SRP6::VERIFIER_LENGTH>());
 
    // Fill the response packet with the result
    if (AuthHelper::IsAcceptedClientBuild(_build))
    {
        pkt << uint8(WOW_SUCCESS);
 
        pkt.append(_srp6->B);
        pkt << uint8(1);
        pkt.append(_srp6->g);
        pkt << uint8(32);
        pkt.append(_srp6->N);
        pkt.append(_srp6->s);
        pkt.append(VersionChallenge.data(), VersionChallenge.size());
        pkt << uint8(securityFlags);            // security flags (0x0...0x04)
 
        if (securityFlags & 0x01)               // PIN input
        {
            pkt << uint32(0);
            pkt << uint64(0) << uint64(0);      // 16 bytes hash?
        }
 
        if (securityFlags & 0x02)               // Matrix input
        {
            pkt << uint8(0);
            pkt << uint8(0);
            pkt << uint8(0);
            pkt << uint8(0);
            pkt << uint64(0);
        }
 
        if (securityFlags & 0x04)               // Security token input
            pkt << uint8(1);
 
        LOG_DEBUG("server.authserver", "'{}:{}' [AuthChallenge] account {} is using '{}' locale ({})",
            ipAddress, port, _accountInfo.Login, _localizationName, GetLocaleByName(_localizationName));
 
        _status = STATUS_LOGON_PROOF;
    }
    else
        pkt << uint8(WOW_FAIL_VERSION_INVALID);
 
    SendPacket(pkt);
}

References _accountInfo, _build, _ipCountry, _localizationName, _srp6, _status, _totpSecret, ByteBuffer::append(), AUTH_LOGON_CHALLENGE, Field::Get(), GetLocaleByName(), Socket< AuthSession >::GetRemoteIpAddress(), Socket< AuthSession >::GetRemotePort(), AuthHelper::IsAcceptedClientBuild(), AccountInfo::IsBanned, AccountInfo::IsLockedToIP, AccountInfo::IsPermanentlyBanned, AccountInfo::LastIP, AccountInfo::LoadResult(), AccountInfo::LockCountry, LOG_DEBUG, LOG_ERROR, LOG_INFO, AccountInfo::Login, Acore::Crypto::SRP6::SALT_LENGTH, SECRET_TOTP_MASTER_KEY, SendPacket(), sIPLocation, sSecretMgr, STATUS_LOGON_PROOF, Acore::Crypto::SRP6::VERIFIER_LENGTH, VersionChallenge, WOW_FAIL_BANNED, WOW_FAIL_DB_BUSY, WOW_FAIL_LOCKED_ENFORCED, WOW_FAIL_SUSPENDED, WOW_FAIL_UNKNOWN_ACCOUNT, WOW_FAIL_UNLOCKABLE_LOCK, WOW_FAIL_VERSION_INVALID, and WOW_SUCCESS.

Referenced by HandleLogonChallenge().

ReadHandler()

void AuthSession::ReadHandler ( )

overrideprotectedvirtual

Implements Socket< AuthSession >.

{
    MessageBuffer& packet = GetReadBuffer();
 
    while (packet.GetActiveSize())
    {
        uint8 cmd = packet.GetReadPointer()[0];
        auto itr = Handlers.find(cmd);
        if (itr == Handlers.end())
        {
            // well we dont handle this, lets just ignore it
            packet.Reset();
            break;
        }
 
        if (_status != itr->second.status)
        {
            CloseSocket();
            return;
        }
 
        uint16 size = uint16(itr->second.packetSize);
        if (packet.GetActiveSize() < size)
            break;
 
        if (cmd == AUTH_LOGON_CHALLENGE || cmd == AUTH_RECONNECT_CHALLENGE)
        {
            sAuthLogonChallenge_C* challenge = reinterpret_cast<sAuthLogonChallenge_C*>(packet.GetReadPointer());
            size += challenge->size;
            if (size > MAX_ACCEPTED_CHALLENGE_SIZE)
            {
                CloseSocket();
                return;
            }
        }
 
        if (packet.GetActiveSize() < size)
            break;
 
        if (!(*this.*itr->second.handler)())
        {
            CloseSocket();
            return;
        }
 
        packet.ReadCompleted(size);
    }
 
    AsyncRead();
}

References _status, Socket< AuthSession >::AsyncRead(), AUTH_LOGON_CHALLENGE, AUTH_RECONNECT_CHALLENGE, Socket< AuthSession >::CloseSocket(), MessageBuffer::GetActiveSize(), Socket< AuthSession >::GetReadBuffer(), MessageBuffer::GetReadPointer(), Handlers, MAX_ACCEPTED_CHALLENGE_SIZE, MessageBuffer::ReadCompleted(), MessageBuffer::Reset(), and AUTH_LOGON_CHALLENGE_C::size.

RealmListCallback()

void AuthSession::RealmListCallback ( PreparedQueryResult  result )

private

{
    std::map<uint32, uint8> characterCounts;
    if (result)
    {
        do
        {
            Field* fields = result->Fetch();
            characterCounts[fields[0].Get<uint32>()] = fields[1].Get<uint8>();
        } while (result->NextRow());
    }
 
    // Circle through realms in the RealmList and construct the return packet (including # of user characters in each realm)
    ByteBuffer pkt;
 
    std::size_t RealmListSize = 0;
    for (auto const& [realmHandle, realm] : sRealmList->GetRealms())
    {
        // don't work with realms which not compatible with the client
        bool okBuild = ((_expversion & POST_BC_EXP_FLAG) && realm.Build == _build) || ((_expversion & PRE_BC_EXP_FLAG) && !AuthHelper::IsPreBCAcceptedClientBuild(realm.Build));
 
        // No SQL injection. id of realm is controlled by the database.
        uint32 flag = realm.Flags;
        RealmBuildInfo const* buildInfo = sRealmList->GetBuildInfo(realm.Build);
        if (!okBuild)
        {
            if (!buildInfo)
                continue;
 
            flag |= REALM_FLAG_OFFLINE | REALM_FLAG_SPECIFYBUILD;   // tell the client what build the realm is for
        }
 
        if (!buildInfo)
            flag &= ~REALM_FLAG_SPECIFYBUILD;
 
        std::string name = realm.Name;
        if (_expversion & PRE_BC_EXP_FLAG && flag & REALM_FLAG_SPECIFYBUILD)
        {
            std::ostringstream ss;
            ss << name << " (" << buildInfo->MajorVersion << '.' << buildInfo->MinorVersion << '.' << buildInfo->BugfixVersion << ')';
            name = ss.str();
        }
 
        uint8 lock = (realm.AllowedSecurityLevel > _accountInfo.SecurityLevel) ? 1 : 0;
 
        pkt << uint8(realm.Type);                           // realm type
        if (_expversion & POST_BC_EXP_FLAG)                 // only 2.x and 3.x clients
            pkt << uint8(lock);                             // if 1, then realm locked
 
        pkt << uint8(flag);                                 // RealmFlags
        pkt << name;
        pkt << boost::lexical_cast<std::string>(realm.GetAddressForClient(GetRemoteIpAddress()));
        pkt << float(realm.PopulationLevel);
        pkt << uint8(characterCounts[realm.Id.Realm]);
        pkt << uint8(realm.Timezone);                       // realm category
 
        if (_expversion & POST_BC_EXP_FLAG)                 // 2.x and 3.x clients
            pkt << uint8(realm.Id.Realm);
        else
            pkt << uint8(0x0);                              // 1.12.1 and 1.12.2 clients
 
        if (_expversion & POST_BC_EXP_FLAG && flag & REALM_FLAG_SPECIFYBUILD)
        {
            pkt << uint8(buildInfo->MajorVersion);
            pkt << uint8(buildInfo->MinorVersion);
            pkt << uint8(buildInfo->BugfixVersion);
            pkt << uint16(buildInfo->Build);
        }
 
        ++RealmListSize;
    }
 
    if (_expversion & POST_BC_EXP_FLAG)                     // 2.x and 3.x clients
    {
        pkt << uint8(0x10);
        pkt << uint8(0x00);
    }
    else                                                    // 1.12.1 and 1.12.2 clients
    {
        pkt << uint8(0x00);
        pkt << uint8(0x02);
    }
 
    // make a ByteBuffer which stores the RealmList's size
    ByteBuffer RealmListSizeBuffer;
    RealmListSizeBuffer << uint32(0);
 
    if (_expversion & POST_BC_EXP_FLAG)                     // only 2.x and 3.x clients
        RealmListSizeBuffer << uint16(RealmListSize);
    else
        RealmListSizeBuffer << uint32(RealmListSize);
 
    ByteBuffer hdr;
    hdr << uint8(REALM_LIST);
    hdr << uint16(pkt.size() + RealmListSizeBuffer.size());
    hdr.append(RealmListSizeBuffer);                        // append RealmList's size buffer
    hdr.append(pkt);                                        // append realms in the realmlist
    SendPacket(hdr);
 
    _status = STATUS_AUTHED;
}

References _accountInfo, _build, _expversion, _status, Realm::AllowedSecurityLevel, ByteBuffer::append(), RealmBuildInfo::BugfixVersion, Realm::Build, RealmBuildInfo::Build, Realm::Flags, Field::Get(), Realm::GetAddressForClient(), Socket< AuthSession >::GetRemoteIpAddress(), Realm::Id, AuthHelper::IsPreBCAcceptedClientBuild(), RealmBuildInfo::MajorVersion, RealmBuildInfo::MinorVersion, Realm::Name, Realm::PopulationLevel, POST_BC_EXP_FLAG, PRE_BC_EXP_FLAG, realm, RealmHandle::Realm, REALM_FLAG_OFFLINE, REALM_FLAG_SPECIFYBUILD, REALM_LIST, AccountInfo::SecurityLevel, SendPacket(), ByteBuffer::size(), sRealmList, STATUS_AUTHED, Realm::Timezone, and Realm::Type.

Referenced by HandleRealmList().

ReconnectChallengeCallback()

void AuthSession::ReconnectChallengeCallback ( PreparedQueryResult  result )

private

{
    ByteBuffer pkt;
    pkt << uint8(AUTH_RECONNECT_CHALLENGE);
 
    if (!result)
    {
        pkt << uint8(WOW_FAIL_UNKNOWN_ACCOUNT);
        SendPacket(pkt);
        return;
    }
 
    Field* fields = result->Fetch();
 
    _accountInfo.LoadResult(fields);
    _sessionKey = fields[11].Get<Binary, SESSION_KEY_LENGTH>();
    Acore::Crypto::GetRandomBytes(_reconnectProof);
    _status = STATUS_RECONNECT_PROOF;
 
    pkt << uint8(WOW_SUCCESS);
    pkt.append(_reconnectProof);
    pkt.append(VersionChallenge.data(), VersionChallenge.size());
 
    SendPacket(pkt);
}

References _accountInfo, _reconnectProof, _sessionKey, _status, ByteBuffer::append(), AUTH_RECONNECT_CHALLENGE, Field::Get(), Acore::Crypto::GetRandomBytes(), AccountInfo::LoadResult(), SendPacket(), SESSION_KEY_LENGTH, STATUS_RECONNECT_PROOF, VersionChallenge, WOW_FAIL_UNKNOWN_ACCOUNT, and WOW_SUCCESS.

Referenced by HandleReconnectChallenge().

SendPacket()

void AuthSession::SendPacket

(

ByteBuffer &

packet

)

{
    if (!IsOpen())
        return;
 
    if (!packet.empty())
    {
        MessageBuffer buffer(packet.size());
        buffer.Write(packet.contents(), packet.size());
        QueuePacket(std::move(buffer));
    }
}

References ByteBuffer::contents(), ByteBuffer::empty(), Socket< AuthSession >::IsOpen(), Socket< AuthSession >::QueuePacket(), ByteBuffer::size(), and MessageBuffer::Write().

Referenced by CheckIpCallback(), HandleLogonProof(), HandleReconnectProof(), LogonChallengeCallback(), RealmListCallback(), and ReconnectChallengeCallback().

Start()

void AuthSession::Start ( )

overridevirtual

Implements Socket< AuthSession >.

{
    std::string ip_address = GetRemoteIpAddress().to_string();
    LOG_TRACE("session", "Accepted connection from {}", ip_address);
 
    LoginDatabasePreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_IP_INFO);
    stmt->SetData(0, ip_address);
 
    _queryProcessor.AddCallback(LoginDatabase.AsyncQuery(stmt).WithPreparedCallback(std::bind(&AuthSession::CheckIpCallback, this, std::placeholders::_1)));
}

References _queryProcessor, AsyncCallbackProcessor< T >::AddCallback(), CheckIpCallback(), Socket< AuthSession >::GetRemoteIpAddress(), LOG_TRACE, LOGIN_SEL_IP_INFO, LoginDatabase, and PreparedStatementBase::SetData().

Update()

bool AuthSession::Update ( )

overridevirtual

Reimplemented from Socket< AuthSession >.

{
    if (!AuthSocket::Update())
        return false;
 
    _queryProcessor.ProcessReadyCallbacks();
 
    return true;
}

References _queryProcessor, AsyncCallbackProcessor< T >::ProcessReadyCallbacks(), and Socket< AuthSession >::Update().

VerifyVersion()

bool AuthSession::VerifyVersion ( uint8 const *  a, int32  aLength, Acore::Crypto::SHA1::Digest const &  versionProof, bool  isReconnect  )

private

{
    if (!sConfigMgr->GetOption<bool>("StrictVersionCheck", false))
        return true;
 
    Acore::Crypto::SHA1::Digest zeros{};
    Acore::Crypto::SHA1::Digest const* versionHash{ nullptr };
 
    if (!isReconnect)
    {
        RealmBuildInfo const* buildInfo = sRealmList->GetBuildInfo(_build);
        if (!buildInfo)
            return false;
 
        if (_os == "Win")
            versionHash = &buildInfo->WindowsHash;
        else if (_os == "OSX")
            versionHash = &buildInfo->MacHash;
 
        if (!versionHash)
            return false;
 
        if (zeros == *versionHash)
            return true;                                                            // not filled serverside
    }
    else
        versionHash = &zeros;
 
    Acore::Crypto::SHA1 version;
    version.UpdateData(a, aLength);
    version.UpdateData(*versionHash);
    version.Finalize();
 
    return (versionProof == version.GetDigest());
}

References _build, _os, Acore::Impl::GenericHash< HashCreator, DigestLength >::Finalize(), Acore::Impl::GenericHash< HashCreator, DigestLength >::GetDigest(), RealmBuildInfo::MacHash, sConfigMgr, sRealmList, Acore::Impl::GenericHash< HashCreator, DigestLength >::UpdateData(), and RealmBuildInfo::WindowsHash.

Referenced by HandleLogonProof(), and HandleReconnectProof().

Member Data Documentation

_accountInfo

AccountInfo AuthSession::_accountInfo

private

Referenced by HandleLogonProof(), HandleRealmList(), HandleReconnectProof(), LogonChallengeCallback(), RealmListCallback(), and ReconnectChallengeCallback().

_build

uint16 AuthSession::_build

private

Referenced by HandleLogonChallenge(), HandleReconnectChallenge(), LogonChallengeCallback(), RealmListCallback(), and VerifyVersion().

_expversion

uint8 AuthSession::_expversion

private

Referenced by HandleLogonChallenge(), HandleLogonProof(), HandleReconnectChallenge(), and RealmListCallback().

_ipCountry

std::string AuthSession::_ipCountry

private

Referenced by LogonChallengeCallback().

_localizationName

std::string AuthSession::_localizationName

private

Referenced by HandleLogonChallenge(), HandleLogonProof(), HandleReconnectChallenge(), and LogonChallengeCallback().

_os

std::string AuthSession::_os

private

Referenced by HandleLogonChallenge(), HandleLogonProof(), HandleReconnectChallenge(), and VerifyVersion().

_queryProcessor

QueryCallbackProcessor AuthSession::_queryProcessor

private

Referenced by HandleLogonChallenge(), HandleRealmList(), HandleReconnectChallenge(), Start(), and Update().

_reconnectProof

std::array<uint8, 16> AuthSession::_reconnectProof = {}

private

{};

Referenced by HandleReconnectProof(), and ReconnectChallengeCallback().

_sessionKey

SessionKey AuthSession::_sessionKey = {}

private

{};

Referenced by HandleLogonProof(), HandleReconnectProof(), and ReconnectChallengeCallback().

_srp6

Optional<Acore::Crypto::SRP6> AuthSession::_srp6

private

Referenced by HandleLogonProof(), and LogonChallengeCallback().

_status

AuthStatus AuthSession::_status

private

Referenced by HandleLogonChallenge(), HandleLogonProof(), HandleRealmList(), HandleReconnectChallenge(), HandleReconnectProof(), LogonChallengeCallback(), ReadHandler(), RealmListCallback(), and ReconnectChallengeCallback().

_totpSecret

Optional<std::vector<uint8> > AuthSession::_totpSecret

private

Referenced by HandleLogonProof(), and LogonChallengeCallback().

Account

std::string AuthSession::Account

AddonInfo

ByteBuffer AuthSession::AddonInfo

BattlegroupID

uint32 AuthSession::BattlegroupID = 0

Build

uint32 AuthSession::Build = 0

Digest

Acore::Crypto::SHA1::Digest AuthSession::Digest = {}

{};

DosResponse

uint64 AuthSession::DosResponse = 0

LocalChallenge

std::array<uint8, 4> AuthSession::LocalChallenge = {}

{};

LoginServerID

uint32 AuthSession::LoginServerID = 0

LoginServerType

uint32 AuthSession::LoginServerType = 0

RealmID

uint32 AuthSession::RealmID = 0

RegionID

uint32 AuthSession::RegionID = 0

---

The documentation for this struct was generated from the following files:

• azerothcore-wotlk/src/server/apps/authserver/Server/AuthSession.h
• azerothcore-wotlk/src/server/game/Server/WorldSocket.cpp
• azerothcore-wotlk/src/server/apps/authserver/Server/AuthSession.cpp