AzerothCore 3.3.5a
OpenSource WoW Emulator
Loading...
Searching...
No Matches
Public Member Functions | Static Public Member Functions | Public Attributes | Protected Member Functions | Private Types | Private Member Functions | Private Attributes | List of all members
AuthSession Struct Reference

#include "AuthSession.h"

Inheritance diagram for AuthSession:
Socket< AuthSession >

Public Member Functions

 AuthSession (tcp::socket &&socket)
 
void Start () override
 
bool Update () override
 
void SendPacket (ByteBuffer &packet)
 
- Public Member Functions inherited from Socket< AuthSession >
 Socket (tcp::socket &&socket)
 
virtual ~Socket ()
 
virtual void Start ()=0
 
virtual bool Update ()
 
boost::asio::ip::address GetRemoteIpAddress () const
 
uint16 GetRemotePort () const
 
void AsyncRead ()
 
void AsyncReadProxyHeader ()
 
void AsyncReadWithCallback (void(T::*callback)(boost::system::error_code, std::size_t))
 
void QueuePacket (MessageBuffer &&buffer)
 
ProxyHeaderReadingState GetProxyHeaderReadingState () const
 
bool IsOpen () const
 
void CloseSocket ()
 
void DelayedCloseSocket ()
 Marks the socket for closing after write buffer becomes empty. More...
 
MessageBufferGetReadBuffer ()
 

Static Public Member Functions

static std::unordered_map< uint8, AuthHandlerInitHandlers ()
 

Public Attributes

uint32 BattlegroupID = 0
 
uint32 LoginServerType = 0
 
uint32 RealmID = 0
 
uint32 Build = 0
 
std::array< uint8, 4 > LocalChallenge = {}
 
uint32 LoginServerID = 0
 
uint32 RegionID = 0
 
uint64 DosResponse = 0
 
Acore::Crypto::SHA1::Digest Digest = {}
 
std::string Account
 
ByteBuffer AddonInfo
 

Protected Member Functions

void ReadHandler () override
 
- Protected Member Functions inherited from Socket< AuthSession >
virtual void OnClose ()
 
virtual void ReadHandler ()=0
 
bool AsyncProcessQueue ()
 
void SetNoDelay (bool enable)
 

Private Types

typedef Socket< AuthSessionAuthSocket
 

Private Member Functions

bool HandleLogonChallenge ()
 
bool HandleLogonProof ()
 
bool HandleReconnectChallenge ()
 
bool HandleReconnectProof ()
 
bool HandleRealmList ()
 
void CheckIpCallback (PreparedQueryResult result)
 
void LogonChallengeCallback (PreparedQueryResult result)
 
void ReconnectChallengeCallback (PreparedQueryResult result)
 
void RealmListCallback (PreparedQueryResult result)
 
bool VerifyVersion (uint8 const *a, int32 aLength, Acore::Crypto::SHA1::Digest const &versionProof, bool isReconnect)
 

Private Attributes

Optional< Acore::Crypto::SRP6_srp6
 
SessionKey _sessionKey = {}
 
std::array< uint8, 16 > _reconnectProof = {}
 
AuthStatus _status
 
AccountInfo _accountInfo
 
Optional< std::vector< uint8 > > _totpSecret
 
std::string _localizationName
 
std::string _os
 
std::string _ipCountry
 
uint16 _build
 
uint8 _expversion
 
QueryCallbackProcessor _queryProcessor
 

Detailed Description

Member Typedef Documentation

◆ AuthSocket

typedef Socket<AuthSession> AuthSession::AuthSocket
private

Constructor & Destructor Documentation

◆ AuthSession()

AuthSession::AuthSession ( tcp::socket &&  socket)
166 :
167 Socket(std::move(socket)), _status(STATUS_CHALLENGE), _build(0), _expversion(0) { }
STATUS_CHALLENGE
@ STATUS_CHALLENGE
Definition: AuthSession.h:40
AuthSession::_status
AuthStatus _status
Definition: AuthSession.h:99
AuthSession::_build
uint16 _build
Definition: AuthSession.h:105
AuthSession::_expversion
uint8 _expversion
Definition: AuthSession.h:106
Socket
Definition: Socket.h:52

Member Function Documentation

◆ CheckIpCallback()

void AuthSession::CheckIpCallback ( PreparedQueryResult  result)
private
191{
192 if (result)
193 {
194 bool banned = false;
195
196 for (auto const& fields : *result)
197 {
198 if (fields[0].Get<uint64>() != 0)
199 {
200 banned = true;
201 break;
202 }
203 }
204
205 if (banned)
206 {
207 ByteBuffer pkt;
208 pkt << uint8(AUTH_LOGON_CHALLENGE);
209 pkt << uint8(0x00);
210 pkt << uint8(WOW_FAIL_BANNED);
211 SendPacket(pkt);
212 LOG_DEBUG("session", "[AuthSession::CheckIpCallback] Banned ip '{}:{}' tries to login!", GetRemoteIpAddress().to_string(), GetRemotePort());
213 return;
214 }
215 }
216
217 AsyncRead();
218}
LOG_DEBUG
#define LOG_DEBUG(filterType__,...)
Definition: Log.h:168
uint8
std::uint8_t uint8
Definition: Define.h:109
WOW_FAIL_BANNED
@ WOW_FAIL_BANNED
Definition: AuthCodes.h:27
AUTH_LOGON_CHALLENGE
@ AUTH_LOGON_CHALLENGE
Definition: AuthSession.cpp:40
AuthSession::SendPacket
void SendPacket(ByteBuffer &packet)
Definition: AuthSession.cpp:271
Socket< AuthSession >::GetRemoteIpAddress
boost::asio::ip::address GetRemoteIpAddress() const
Definition: Socket.h:90
Socket< AuthSession >::GetRemotePort
uint16 GetRemotePort() const
Definition: Socket.h:95
Socket< AuthSession >::AsyncRead
void AsyncRead()
Definition: Socket.h:100
ByteBuffer
Definition: ByteBuffer.h:70

References Socket< AuthSession >::AsyncRead(), AUTH_LOGON_CHALLENGE, Socket< AuthSession >::GetRemoteIpAddress(), Socket< AuthSession >::GetRemotePort(), LOG_DEBUG, SendPacket(), and WOW_FAIL_BANNED.

Referenced by Start().

◆ HandleLogonChallenge()

bool AuthSession::HandleLogonChallenge ( )
private
285{
286 _status = STATUS_CLOSED;
287
288 sAuthLogonChallenge_C* challenge = reinterpret_cast<sAuthLogonChallenge_C*>(GetReadBuffer().GetReadPointer());
289 if (challenge->size - (sizeof(sAuthLogonChallenge_C) - AUTH_LOGON_CHALLENGE_INITIAL_SIZE - 1) != challenge->I_len)
290 return false;
291
292 std::string login((char const*)challenge->I, challenge->I_len);
293 LOG_DEBUG("server.authserver", "[AuthChallenge] '{}'", login);
294
295 _build = challenge->build;
296 _expversion = uint8(AuthHelper::IsPostBCAcceptedClientBuild(_build) ? POST_BC_EXP_FLAG : (AuthHelper::IsPreBCAcceptedClientBuild(_build) ? PRE_BC_EXP_FLAG : NO_VALID_EXP_FLAG));
297 std::array<char, 5> os;
298 os.fill('\0');
299 memcpy(os.data(), challenge->os, sizeof(challenge->os));
300 _os = os.data();
301
302 // Restore string order as its byte order is reversed
303 std::reverse(_os.begin(), _os.end());
304
305 _localizationName.resize(4);
306 for (int i = 0; i < 4; ++i)
307 _localizationName[i] = challenge->country[4 - i - 1];
308
309 // Get the account details from the account table
310 LoginDatabasePreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_LOGONCHALLENGE);
311 stmt->SetData(0, GetRemoteIpAddress().to_string());
312 stmt->SetData(1, login);
313
314 _queryProcessor.AddCallback(LoginDatabase.AsyncQuery(stmt).WithPreparedCallback(std::bind(&AuthSession::LogonChallengeCallback, this, std::placeholders::_1)));
315 return true;
316}
POST_BC_EXP_FLAG
@ POST_BC_EXP_FLAG
Definition: AuthCodes.h:77
NO_VALID_EXP_FLAG
@ NO_VALID_EXP_FLAG
Definition: AuthCodes.h:79
PRE_BC_EXP_FLAG
@ PRE_BC_EXP_FLAG
Definition: AuthCodes.h:78
STATUS_CLOSED
@ STATUS_CLOSED
Definition: AuthSession.h:45
AUTH_LOGON_CHALLENGE_INITIAL_SIZE
#define AUTH_LOGON_CHALLENGE_INITIAL_SIZE
Definition: AuthSession.cpp:120
LOGIN_SEL_LOGONCHALLENGE
@ LOGIN_SEL_LOGONCHALLENGE
Definition: LoginDatabase.h:44
LoginDatabase
DatabaseWorkerPool< LoginDatabaseConnection > LoginDatabase
Accessor to the realm/login database.
Definition: DatabaseEnv.cpp:22
AuthHelper::IsPreBCAcceptedClientBuild
bool IsPreBCAcceptedClientBuild(uint32 build)
Definition: AuthCodes.cpp:25
AuthHelper::IsPostBCAcceptedClientBuild
bool IsPostBCAcceptedClientBuild(uint32 build)
Definition: AuthCodes.cpp:30
AsyncCallbackProcessor::AddCallback
T & AddCallback(T &&query)
Definition: AsyncCallbackProcessor.h:34
MessageBuffer::GetReadPointer
uint8 * GetReadPointer()
Definition: MessageBuffer.h:58
AUTH_LOGON_CHALLENGE_C
Definition: AuthSession.cpp:55
AUTH_LOGON_CHALLENGE_C::I
uint8 I[1]
Definition: AuthSession.cpp:70
AUTH_LOGON_CHALLENGE_C::build
uint16 build
Definition: AuthSession.cpp:63
AUTH_LOGON_CHALLENGE_C::country
uint8 country[4]
Definition: AuthSession.cpp:66
AUTH_LOGON_CHALLENGE_C::I_len
uint8 I_len
Definition: AuthSession.cpp:69
AUTH_LOGON_CHALLENGE_C::size
uint16 size
Definition: AuthSession.cpp:58
AUTH_LOGON_CHALLENGE_C::os
uint8 os[4]
Definition: AuthSession.cpp:65
AuthSession::_os
std::string _os
Definition: AuthSession.h:103
AuthSession::_queryProcessor
QueryCallbackProcessor _queryProcessor
Definition: AuthSession.h:108
AuthSession::LogonChallengeCallback
void LogonChallengeCallback(PreparedQueryResult result)
Definition: AuthSession.cpp:318
AuthSession::_localizationName
std::string _localizationName
Definition: AuthSession.h:102
PreparedStatement
Definition: PreparedStatement.h:158
Socket< AuthSession >::GetReadBuffer
MessageBuffer & GetReadBuffer()
Definition: Socket.h:173

References _build, _expversion, _localizationName, _os, _queryProcessor, _status, AsyncCallbackProcessor< T >::AddCallback(), AUTH_LOGON_CHALLENGE_INITIAL_SIZE, AUTH_LOGON_CHALLENGE_C::build, AUTH_LOGON_CHALLENGE_C::country, Socket< AuthSession >::GetReadBuffer(), MessageBuffer::GetReadPointer(), Socket< AuthSession >::GetRemoteIpAddress(), AUTH_LOGON_CHALLENGE_C::I, AUTH_LOGON_CHALLENGE_C::I_len, AuthHelper::IsPostBCAcceptedClientBuild(), AuthHelper::IsPreBCAcceptedClientBuild(), LOG_DEBUG, LOGIN_SEL_LOGONCHALLENGE, LoginDatabase, LogonChallengeCallback(), NO_VALID_EXP_FLAG, AUTH_LOGON_CHALLENGE_C::os, POST_BC_EXP_FLAG, PRE_BC_EXP_FLAG, AUTH_LOGON_CHALLENGE_C::size, and STATUS_CLOSED.

Referenced by InitHandlers().

◆ HandleLogonProof()

bool AuthSession::HandleLogonProof ( )
private
458{
459 LOG_DEBUG("server.authserver", "Entering _HandleLogonProof");
460 _status = STATUS_CLOSED;
461
462 // Read the packet
463 sAuthLogonProof_C* logonProof = reinterpret_cast<sAuthLogonProof_C*>(GetReadBuffer().GetReadPointer());
464
465 // If the client has no valid version
466 if (_expversion == NO_VALID_EXP_FLAG)
467 {
468 // Check if we have the appropriate patch on the disk
469 LOG_DEBUG("network", "Client with invalid version, patching is not implemented");
470 return false;
471 }
472
473 // Check if SRP6 results match (password is correct), else send an error
474 if (Optional<SessionKey> K = _srp6->VerifyChallengeResponse(logonProof->A, logonProof->clientM))
475 {
476 _sessionKey = *K;
477 // Check auth token
478 bool tokenSuccess = false;
479 bool sentToken = (logonProof->securityFlags & 0x04);
480 if (sentToken && _totpSecret)
481 {
482 uint8 size = *(GetReadBuffer().GetReadPointer() + sizeof(sAuthLogonProof_C));
483 std::string token(reinterpret_cast<char*>(GetReadBuffer().GetReadPointer() + sizeof(sAuthLogonProof_C) + sizeof(size)), size);
484 GetReadBuffer().ReadCompleted(sizeof(size) + size);
485
486 uint32 incomingToken = *Acore::StringTo<uint32>(token);
487 tokenSuccess = Acore::Crypto::TOTP::ValidateToken(*_totpSecret, incomingToken);
488 memset(_totpSecret->data(), 0, _totpSecret->size());
489 }
490 else if (!sentToken && !_totpSecret)
491 tokenSuccess = true;
492
493 if (!tokenSuccess)
494 {
495 ByteBuffer packet;
496 packet << uint8(AUTH_LOGON_PROOF);
497 packet << uint8(WOW_FAIL_UNKNOWN_ACCOUNT);
498 packet << uint16(0); // LoginFlags, 1 has account message
499 SendPacket(packet);
500 return true;
501 }
502
503 if (!VerifyVersion(logonProof->A.data(), logonProof->A.size(), logonProof->crc_hash, false))
504 {
505 ByteBuffer packet;
506 packet << uint8(AUTH_LOGON_PROOF);
507 packet << uint8(WOW_FAIL_VERSION_INVALID);
508 SendPacket(packet);
509 return true;
510 }
511
512 LOG_DEBUG("server.authserver", "'{}:{}' User '{}' successfully authenticated", GetRemoteIpAddress().to_string(), GetRemotePort(), _accountInfo.Login);
513
514 // Update the sessionkey, last_ip, last login time and reset number of failed logins in the account table for this account
515 // No SQL injection (escaped user name) and IP address as received by socket
516
517 std::string address = sConfigMgr->GetOption<bool>("AllowLoggingIPAddressesInDatabase", true, true) ? GetRemoteIpAddress().to_string() : "0.0.0.0";
518 LoginDatabasePreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_UPD_LOGONPROOF);
519 stmt->SetData(0, _sessionKey);
520 stmt->SetData(1, address);
521 stmt->SetData(2, GetLocaleByName(_localizationName));
522 stmt->SetData(3, _os);
523 stmt->SetData(4, _accountInfo.Login);
524 LoginDatabase.DirectExecute(stmt);
525
526 // Finish SRP6 and send the final result to the client
527 Acore::Crypto::SHA1::Digest M2 = Acore::Crypto::SRP6::GetSessionVerifier(logonProof->A, logonProof->clientM, _sessionKey);
528
529 ByteBuffer packet;
530 if (_expversion & POST_BC_EXP_FLAG) // 2.x and 3.x clients
531 {
532 sAuthLogonProof_S proof;
533 proof.M2 = M2;
534 proof.cmd = AUTH_LOGON_PROOF;
535 proof.error = 0;
536 proof.AccountFlags = 0x00800000; // 0x01 = GM, 0x08 = Trial, 0x00800000 = Pro pass (arena tournament)
537 proof.SurveyId = 0;
538 proof.LoginFlags = 0; // 0x1 = has account message
539
540 packet.resize(sizeof(proof));
541 std::memcpy(packet.contents(), &proof, sizeof(proof));
542 }
543 else
544 {
545 sAuthLogonProof_S_Old proof;
546 proof.M2 = M2;
547 proof.cmd = AUTH_LOGON_PROOF;
548 proof.error = 0;
549 proof.unk2 = 0x00;
550
551 packet.resize(sizeof(proof));
552 std::memcpy(packet.contents(), &proof, sizeof(proof));
553 }
554
555 SendPacket(packet);
556 _status = STATUS_AUTHED;
557 }
558 else
559 {
560 ByteBuffer packet;
561 packet << uint8(AUTH_LOGON_PROOF);
562 packet << uint8(WOW_FAIL_UNKNOWN_ACCOUNT);
563 packet << uint16(0); // LoginFlags, 1 has account message
564 SendPacket(packet);
565
566 LOG_INFO("server.authserver.hack", "'{}:{}' [AuthChallenge] account {} tried to login with invalid password!",
567 GetRemoteIpAddress().to_string(), GetRemotePort(), _accountInfo.Login);
568
569 uint32 MaxWrongPassCount = sConfigMgr->GetOption<int32>("WrongPass.MaxCount", 0);
570
571 // We can not include the failed account login hook. However, this is a workaround to still log this.
572 if (sConfigMgr->GetOption<bool>("WrongPass.Logging", false))
573 {
574 LoginDatabasePreparedStatement* logstmt = LoginDatabase.GetPreparedStatement(LOGIN_INS_FALP_IP_LOGGING);
575 logstmt->SetData(0, _accountInfo.Id);
576 logstmt->SetData(1, GetRemoteIpAddress().to_string());
577 logstmt->SetData(2, "Login to WoW Failed - Incorrect Password");
578
579 LoginDatabase.Execute(logstmt);
580 }
581
582 if (MaxWrongPassCount > 0)
583 {
584 //Increment number of failed logins by one and if it reaches the limit temporarily ban that account or IP
585 LoginDatabasePreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_UPD_FAILEDLOGINS);
586 stmt->SetData(0, _accountInfo.Login);
587 LoginDatabase.Execute(stmt);
588
589 if (++_accountInfo.FailedLogins >= MaxWrongPassCount)
590 {
591 uint32 WrongPassBanTime = sConfigMgr->GetOption<int32>("WrongPass.BanTime", 600);
592 bool WrongPassBanType = sConfigMgr->GetOption<bool>("WrongPass.BanType", false);
593
594 if (WrongPassBanType)
595 {
596 stmt = LoginDatabase.GetPreparedStatement(LOGIN_INS_ACCOUNT_AUTO_BANNED);
597 stmt->SetData(0, _accountInfo.Id);
598 stmt->SetData(1, WrongPassBanTime);
599 LoginDatabase.Execute(stmt);
600
601 LOG_DEBUG("server.authserver", "'{}:{}' [AuthChallenge] account {} got banned for '{}' seconds because it failed to authenticate '{}' times",
602 GetRemoteIpAddress().to_string(), GetRemotePort(), _accountInfo.Login, WrongPassBanTime, _accountInfo.FailedLogins);
603 }
604 else
605 {
606 stmt = LoginDatabase.GetPreparedStatement(LOGIN_INS_IP_AUTO_BANNED);
607 stmt->SetData(0, GetRemoteIpAddress().to_string());
608 stmt->SetData(1, WrongPassBanTime);
609 LoginDatabase.Execute(stmt);
610
611 LOG_DEBUG("server.authserver", "'{}:{}' [AuthChallenge] IP got banned for '{}' seconds because account {} failed to authenticate '{}' times",
612 GetRemoteIpAddress().to_string(), GetRemotePort(), WrongPassBanTime, _accountInfo.Login, _accountInfo.FailedLogins);
613 }
614 }
615 }
616 }
617
618 return true;
619}
LOG_INFO
#define LOG_INFO(filterType__,...)
Definition: Log.h:164
sConfigMgr
#define sConfigMgr
Definition: Config.h:74
Optional
std::optional< T > Optional
Optional helper class to wrap optional values within.
Definition: Optional.h:24
int32
std::int32_t int32
Definition: Define.h:103
uint32
std::uint32_t uint32
Definition: Define.h:107
uint16
std::uint16_t uint16
Definition: Define.h:108
GetLocaleByName
LocaleConstant GetLocaleByName(const std::string &name)
Definition: Common.cpp:33
WOW_FAIL_UNKNOWN_ACCOUNT
@ WOW_FAIL_UNKNOWN_ACCOUNT
Definition: AuthCodes.h:28
WOW_FAIL_VERSION_INVALID
@ WOW_FAIL_VERSION_INVALID
Definition: AuthCodes.h:33
STATUS_AUTHED
@ STATUS_AUTHED
Definition: AuthSession.h:43
AUTH_LOGON_PROOF
@ AUTH_LOGON_PROOF
Definition: AuthSession.cpp:41
sAuthLogonProof_C
struct AUTH_LOGON_PROOF_C sAuthLogonProof_C
LOGIN_INS_ACCOUNT_AUTO_BANNED
@ LOGIN_INS_ACCOUNT_AUTO_BANNED
Definition: LoginDatabase.h:40
LOGIN_INS_FALP_IP_LOGGING
@ LOGIN_INS_FALP_IP_LOGGING
Definition: LoginDatabase.h:107
LOGIN_UPD_LOGONPROOF
@ LOGIN_UPD_LOGONPROOF
Definition: LoginDatabase.h:43
LOGIN_UPD_FAILEDLOGINS
@ LOGIN_UPD_FAILEDLOGINS
Definition: LoginDatabase.h:46
LOGIN_INS_IP_AUTO_BANNED
@ LOGIN_INS_IP_AUTO_BANNED
Definition: LoginDatabase.h:36
Acore::Crypto::SRP6::GetSessionVerifier
static SHA1::Digest GetSessionVerifier(EphemeralKey const &A, SHA1::Digest const &clientM, SessionKey const &K)
Definition: SRP6.h:52
Acore::Impl::GenericHash::Digest
std::array< uint8, DIGEST_LENGTH > Digest
Definition: CryptoHash.h:46
Acore::Crypto::TOTP::ValidateToken
static bool ValidateToken(Secret const &key, uint32 token)
Definition: TOTP.cpp:44
MessageBuffer::ReadCompleted
void ReadCompleted(size_type bytes)
Definition: MessageBuffer.h:61
AUTH_LOGON_PROOF_C
Definition: AuthSession.cpp:75
AUTH_LOGON_PROOF_C::clientM
Acore::Crypto::SHA1::Digest clientM
Definition: AuthSession.cpp:78
AUTH_LOGON_PROOF_C::A
Acore::Crypto::SRP6::EphemeralKey A
Definition: AuthSession.cpp:77
AUTH_LOGON_PROOF_C::securityFlags
uint8 securityFlags
Definition: AuthSession.cpp:81
AUTH_LOGON_PROOF_C::crc_hash
Acore::Crypto::SHA1::Digest crc_hash
Definition: AuthSession.cpp:79
AUTH_LOGON_PROOF_S
Definition: AuthSession.cpp:86
AUTH_LOGON_PROOF_S::M2
Acore::Crypto::SHA1::Digest M2
Definition: AuthSession.cpp:89
AUTH_LOGON_PROOF_S::cmd
uint8 cmd
Definition: AuthSession.cpp:87
AUTH_LOGON_PROOF_S::error
uint8 error
Definition: AuthSession.cpp:88
AUTH_LOGON_PROOF_S::AccountFlags
uint32 AccountFlags
Definition: AuthSession.cpp:90
AUTH_LOGON_PROOF_S::SurveyId
uint32 SurveyId
Definition: AuthSession.cpp:91
AUTH_LOGON_PROOF_S::LoginFlags
uint16 LoginFlags
Definition: AuthSession.cpp:92
AUTH_LOGON_PROOF_S_OLD
Definition: AuthSession.cpp:97
AUTH_LOGON_PROOF_S_OLD::error
uint8 error
Definition: AuthSession.cpp:99
AUTH_LOGON_PROOF_S_OLD::unk2
uint32 unk2
Definition: AuthSession.cpp:101
AUTH_LOGON_PROOF_S_OLD::cmd
uint8 cmd
Definition: AuthSession.cpp:98
AUTH_LOGON_PROOF_S_OLD::M2
Acore::Crypto::SHA1::Digest M2
Definition: AuthSession.cpp:100
AccountInfo::FailedLogins
uint32 FailedLogins
Definition: AuthSession.h:58
AccountInfo::Id
uint32 Id
Definition: AuthSession.h:53
AccountInfo::Login
std::string Login
Definition: AuthSession.h:54
AuthSession::_srp6
Optional< Acore::Crypto::SRP6 > _srp6
Definition: AuthSession.h:95
AuthSession::_sessionKey
SessionKey _sessionKey
Definition: AuthSession.h:96
AuthSession::_accountInfo
AccountInfo _accountInfo
Definition: AuthSession.h:100
AuthSession::VerifyVersion
bool VerifyVersion(uint8 const *a, int32 aLength, Acore::Crypto::SHA1::Digest const &versionProof, bool isReconnect)
Definition: AuthSession.cpp:841
AuthSession::_totpSecret
Optional< std::vector< uint8 > > _totpSecret
Definition: AuthSession.h:101
PreparedStatementBase::SetData
Acore::Types::is_default< T > SetData(const uint8 index, T value)
Definition: PreparedStatement.h:78
ByteBuffer::resize
void resize(std::size_t newsize)
Definition: ByteBuffer.h:447
ByteBuffer::contents
uint8 * contents()
Definition: ByteBuffer.h:424

References _accountInfo, _expversion, _localizationName, _os, _sessionKey, _srp6, _status, _totpSecret, AUTH_LOGON_PROOF_C::A, AUTH_LOGON_PROOF_S::AccountFlags, AUTH_LOGON_PROOF, AUTH_LOGON_PROOF_C::clientM, AUTH_LOGON_PROOF_S::cmd, AUTH_LOGON_PROOF_S_OLD::cmd, ByteBuffer::contents(), AUTH_LOGON_PROOF_C::crc_hash, AUTH_LOGON_PROOF_S::error, AUTH_LOGON_PROOF_S_OLD::error, AccountInfo::FailedLogins, GetLocaleByName(), Socket< AuthSession >::GetReadBuffer(), MessageBuffer::GetReadPointer(), Socket< AuthSession >::GetRemoteIpAddress(), Socket< AuthSession >::GetRemotePort(), Acore::Crypto::SRP6::GetSessionVerifier(), AccountInfo::Id, LOG_DEBUG, LOG_INFO, AccountInfo::Login, LOGIN_INS_ACCOUNT_AUTO_BANNED, LOGIN_INS_FALP_IP_LOGGING, LOGIN_INS_IP_AUTO_BANNED, LOGIN_UPD_FAILEDLOGINS, LOGIN_UPD_LOGONPROOF, LoginDatabase, AUTH_LOGON_PROOF_S::LoginFlags, AUTH_LOGON_PROOF_S::M2, AUTH_LOGON_PROOF_S_OLD::M2, NO_VALID_EXP_FLAG, POST_BC_EXP_FLAG, MessageBuffer::ReadCompleted(), ByteBuffer::resize(), sConfigMgr, AUTH_LOGON_PROOF_C::securityFlags, SendPacket(), PreparedStatementBase::SetData(), STATUS_AUTHED, STATUS_CLOSED, AUTH_LOGON_PROOF_S::SurveyId, AUTH_LOGON_PROOF_S_OLD::unk2, Acore::Crypto::TOTP::ValidateToken(), VerifyVersion(), WOW_FAIL_UNKNOWN_ACCOUNT, and WOW_FAIL_VERSION_INVALID.

Referenced by InitHandlers().

◆ HandleRealmList()

bool AuthSession::HandleRealmList ( )
private
728{
729 LOG_DEBUG("server.authserver", "Entering _HandleRealmList");
730
731 LoginDatabasePreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_REALM_CHARACTER_COUNTS);
732 stmt->SetData(0, _accountInfo.Id);
733
734 _queryProcessor.AddCallback(LoginDatabase.AsyncQuery(stmt).WithPreparedCallback(std::bind(&AuthSession::RealmListCallback, this, std::placeholders::_1)));
735 _status = STATUS_WAITING_FOR_REALM_LIST;
736 return true;
737}
STATUS_WAITING_FOR_REALM_LIST
@ STATUS_WAITING_FOR_REALM_LIST
Definition: AuthSession.h:44
LOGIN_SEL_REALM_CHARACTER_COUNTS
@ LOGIN_SEL_REALM_CHARACTER_COUNTS
Definition: LoginDatabase.h:53
AuthSession::RealmListCallback
void RealmListCallback(PreparedQueryResult result)
Definition: AuthSession.cpp:739

References _accountInfo, _queryProcessor, _status, AsyncCallbackProcessor< T >::AddCallback(), AccountInfo::Id, LOG_DEBUG, LOGIN_SEL_REALM_CHARACTER_COUNTS, LoginDatabase, RealmListCallback(), PreparedStatementBase::SetData(), and STATUS_WAITING_FOR_REALM_LIST.

Referenced by InitHandlers().

◆ HandleReconnectChallenge()

bool AuthSession::HandleReconnectChallenge ( )
private
622{
623 _status = STATUS_CLOSED;
624
625 sAuthLogonChallenge_C* challenge = reinterpret_cast<sAuthLogonChallenge_C*>(GetReadBuffer().GetReadPointer());
626 if (challenge->size - (sizeof(sAuthLogonChallenge_C) - AUTH_LOGON_CHALLENGE_INITIAL_SIZE - 1) != challenge->I_len)
627 return false;
628
629 std::string login((char const*)challenge->I, challenge->I_len);
630 LOG_DEBUG("server.authserver", "[ReconnectChallenge] '{}'", login);
631
632 _build = challenge->build;
633 _expversion = uint8(AuthHelper::IsPostBCAcceptedClientBuild(_build) ? POST_BC_EXP_FLAG : (AuthHelper::IsPreBCAcceptedClientBuild(_build) ? PRE_BC_EXP_FLAG : NO_VALID_EXP_FLAG));
634
635 std::array<char, 5> os;
636 os.fill('\0');
637 memcpy(os.data(), challenge->os, sizeof(challenge->os));
638 _os = os.data();
639
640 // Restore string order as its byte order is reversed
641 std::reverse(_os.begin(), _os.end());
642
643 _localizationName.resize(4);
644 for (int i = 0; i < 4; ++i)
645 _localizationName[i] = challenge->country[4 - i - 1];
646
647 // Get the account details from the account table
648 LoginDatabasePreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_RECONNECTCHALLENGE);
649 stmt->SetData(0, GetRemoteIpAddress().to_string());
650 stmt->SetData(1, login);
651
652 _queryProcessor.AddCallback(LoginDatabase.AsyncQuery(stmt).WithPreparedCallback(std::bind(&AuthSession::ReconnectChallengeCallback, this, std::placeholders::_1)));
653 return true;
654}
LOGIN_SEL_RECONNECTCHALLENGE
@ LOGIN_SEL_RECONNECTCHALLENGE
Definition: LoginDatabase.h:45
AuthSession::ReconnectChallengeCallback
void ReconnectChallengeCallback(PreparedQueryResult result)
Definition: AuthSession.cpp:656

References _build, _expversion, _localizationName, _os, _queryProcessor, _status, AsyncCallbackProcessor< T >::AddCallback(), AUTH_LOGON_CHALLENGE_INITIAL_SIZE, AUTH_LOGON_CHALLENGE_C::build, AUTH_LOGON_CHALLENGE_C::country, Socket< AuthSession >::GetReadBuffer(), MessageBuffer::GetReadPointer(), Socket< AuthSession >::GetRemoteIpAddress(), AUTH_LOGON_CHALLENGE_C::I, AUTH_LOGON_CHALLENGE_C::I_len, AuthHelper::IsPostBCAcceptedClientBuild(), AuthHelper::IsPreBCAcceptedClientBuild(), LOG_DEBUG, LOGIN_SEL_RECONNECTCHALLENGE, LoginDatabase, NO_VALID_EXP_FLAG, AUTH_LOGON_CHALLENGE_C::os, POST_BC_EXP_FLAG, PRE_BC_EXP_FLAG, ReconnectChallengeCallback(), AUTH_LOGON_CHALLENGE_C::size, and STATUS_CLOSED.

Referenced by InitHandlers().

◆ HandleReconnectProof()

bool AuthSession::HandleReconnectProof ( )
private
683{
684 LOG_DEBUG("server.authserver", "Entering _HandleReconnectProof");
685 _status = STATUS_CLOSED;
686
687 sAuthReconnectProof_C* reconnectProof = reinterpret_cast<sAuthReconnectProof_C*>(GetReadBuffer().GetReadPointer());
688
689 if (_accountInfo.Login.empty())
690 return false;
691
692 Acore::Crypto::SHA1 sha;
693 sha.UpdateData(_accountInfo.Login);
694 sha.UpdateData(reconnectProof->R1, 16);
695 sha.UpdateData(_reconnectProof);
696 sha.UpdateData(_sessionKey);
697 sha.Finalize();
698
699 if (sha.GetDigest() == reconnectProof->R2)
700 {
701 if (!VerifyVersion(reconnectProof->R1, sizeof(reconnectProof->R1), reconnectProof->R3, true))
702 {
703 ByteBuffer packet;
704 packet << uint8(AUTH_RECONNECT_PROOF);
705 packet << uint8(WOW_FAIL_VERSION_INVALID);
706 SendPacket(packet);
707 return true;
708 }
709
710 // Sending response
711 ByteBuffer pkt;
712 pkt << uint8(AUTH_RECONNECT_PROOF);
713 pkt << uint8(WOW_SUCCESS);
714 pkt << uint16(0); // LoginFlags, 1 has account message
715 SendPacket(pkt);
716 _status = STATUS_AUTHED;
717 return true;
718 }
719 else
720 {
721 LOG_ERROR("server.authserver.hack", "'{}:{}' [ERROR] user {} tried to login, but session is invalid.", GetRemoteIpAddress().to_string(),
722 GetRemotePort(), _accountInfo.Login);
723 return false;
724 }
725}
LOG_ERROR
#define LOG_ERROR(filterType__,...)
Definition: Log.h:156
WOW_SUCCESS
@ WOW_SUCCESS
Definition: AuthCodes.h:26
AUTH_RECONNECT_PROOF
@ AUTH_RECONNECT_PROOF
Definition: AuthSession.cpp:43
Acore::Impl::GenericHash
Definition: CryptoHash.h:43
Acore::Impl::GenericHash::Finalize
void Finalize()
Definition: CryptoHash.h:123
Acore::Impl::GenericHash::UpdateData
void UpdateData(uint8 const *data, std::size_t len)
Definition: CryptoHash.h:110
Acore::Impl::GenericHash::GetDigest
Digest const & GetDigest() const
Definition: CryptoHash.h:131
AUTH_RECONNECT_PROOF_C
Definition: AuthSession.cpp:106
AUTH_RECONNECT_PROOF_C::R1
uint8 R1[16]
Definition: AuthSession.cpp:108
AUTH_RECONNECT_PROOF_C::R2
Acore::Crypto::SHA1::Digest R2
Definition: AuthSession.cpp:109
AUTH_RECONNECT_PROOF_C::R3
Acore::Crypto::SHA1::Digest R3
Definition: AuthSession.cpp:109
AuthSession::_reconnectProof
std::array< uint8, 16 > _reconnectProof
Definition: AuthSession.h:97

References _accountInfo, _reconnectProof, _sessionKey, _status, AUTH_RECONNECT_PROOF, Acore::Impl::GenericHash< HashCreator, DigestLength >::Finalize(), Acore::Impl::GenericHash< HashCreator, DigestLength >::GetDigest(), Socket< AuthSession >::GetReadBuffer(), MessageBuffer::GetReadPointer(), Socket< AuthSession >::GetRemoteIpAddress(), Socket< AuthSession >::GetRemotePort(), LOG_DEBUG, LOG_ERROR, AccountInfo::Login, AUTH_RECONNECT_PROOF_C::R1, AUTH_RECONNECT_PROOF_C::R2, AUTH_RECONNECT_PROOF_C::R3, SendPacket(), STATUS_AUTHED, STATUS_CLOSED, Acore::Impl::GenericHash< HashCreator, DigestLength >::UpdateData(), VerifyVersion(), WOW_FAIL_VERSION_INVALID, and WOW_SUCCESS.

Referenced by InitHandlers().

◆ InitHandlers()

std::unordered_map< uint8, AuthHandler > AuthSession::InitHandlers ( )
static
124{
125 std::unordered_map<uint8, AuthHandler> handlers;
126
127 handlers[AUTH_LOGON_CHALLENGE] = { STATUS_CHALLENGE, AUTH_LOGON_CHALLENGE_INITIAL_SIZE, &AuthSession::HandleLogonChallenge };
128 handlers[AUTH_LOGON_PROOF] = { STATUS_LOGON_PROOF, sizeof(AUTH_LOGON_PROOF_C), &AuthSession::HandleLogonProof };
129 handlers[AUTH_RECONNECT_CHALLENGE] = { STATUS_CHALLENGE, AUTH_LOGON_CHALLENGE_INITIAL_SIZE, &AuthSession::HandleReconnectChallenge };
130 handlers[AUTH_RECONNECT_PROOF] = { STATUS_RECONNECT_PROOF, sizeof(AUTH_RECONNECT_PROOF_C), &AuthSession::HandleReconnectProof };
131 handlers[REALM_LIST] = { STATUS_AUTHED, REALM_LIST_PACKET_SIZE, &AuthSession::HandleRealmList };
132
133 return handlers;
134}
STATUS_RECONNECT_PROOF
@ STATUS_RECONNECT_PROOF
Definition: AuthSession.h:42
STATUS_LOGON_PROOF
@ STATUS_LOGON_PROOF
Definition: AuthSession.h:41
REALM_LIST
@ REALM_LIST
Definition: AuthSession.cpp:44
AUTH_RECONNECT_CHALLENGE
@ AUTH_RECONNECT_CHALLENGE
Definition: AuthSession.cpp:42
REALM_LIST_PACKET_SIZE
#define REALM_LIST_PACKET_SIZE
Definition: AuthSession.cpp:121
AuthSession::HandleLogonChallenge
bool HandleLogonChallenge()
Definition: AuthSession.cpp:284
AuthSession::HandleLogonProof
bool HandleLogonProof()
Definition: AuthSession.cpp:457
AuthSession::HandleReconnectChallenge
bool HandleReconnectChallenge()
Definition: AuthSession.cpp:621
AuthSession::HandleRealmList
bool HandleRealmList()
Definition: AuthSession.cpp:727
AuthSession::HandleReconnectProof
bool HandleReconnectProof()
Definition: AuthSession.cpp:682

References AUTH_LOGON_CHALLENGE, AUTH_LOGON_CHALLENGE_INITIAL_SIZE, AUTH_LOGON_PROOF, AUTH_RECONNECT_CHALLENGE, AUTH_RECONNECT_PROOF, HandleLogonChallenge(), HandleLogonProof(), HandleRealmList(), HandleReconnectChallenge(), HandleReconnectProof(), REALM_LIST, REALM_LIST_PACKET_SIZE, STATUS_AUTHED, STATUS_CHALLENGE, STATUS_LOGON_PROOF, and STATUS_RECONNECT_PROOF.

◆ LogonChallengeCallback()

void AuthSession::LogonChallengeCallback ( PreparedQueryResult  result)
private
319{
320 ByteBuffer pkt;
321 pkt << uint8(AUTH_LOGON_CHALLENGE);
322 pkt << uint8(0x00);
323
324 if (!result)
325 {
326 pkt << uint8(WOW_FAIL_UNKNOWN_ACCOUNT);
327 SendPacket(pkt);
328 return;
329 }
330
331 Field* fields = result->Fetch();
332
333 _accountInfo.LoadResult(fields);
334
335 std::string ipAddress = GetRemoteIpAddress().to_string();
336 uint16 port = GetRemotePort();
337
338 // If the IP is 'locked', check that the player comes indeed from the correct IP address
339 if (_accountInfo.IsLockedToIP)
340 {
341 LOG_DEBUG("server.authserver", "[AuthChallenge] Account '{}' is locked to IP - '{}' is logging in from '{}'", _accountInfo.Login, _accountInfo.LastIP, ipAddress);
342 if (_accountInfo.LastIP != ipAddress)
343 {
344 pkt << uint8(WOW_FAIL_LOCKED_ENFORCED);
345 SendPacket(pkt);
346 return;
347 }
348 }
349 else
350 {
351 if (IpLocationRecord const* location = sIPLocation->GetLocationRecord(ipAddress))
352 _ipCountry = location->CountryCode;
353
354 LOG_DEBUG("server.authserver", "[AuthChallenge] Account '{}' is not locked to ip", _accountInfo.Login);
355 if (_accountInfo.LockCountry.empty() || _accountInfo.LockCountry == "00")
356 LOG_DEBUG("server.authserver", "[AuthChallenge] Account '{}' is not locked to country", _accountInfo.Login);
357 else if (!_ipCountry.empty())
358 {
359 LOG_DEBUG("server.authserver", "[AuthChallenge] Account '{}' is locked to country: '{}' Player country is '{}'", _accountInfo.Login, _accountInfo.LockCountry, _ipCountry);
360 if (_ipCountry != _accountInfo.LockCountry)
361 {
362 pkt << uint8(WOW_FAIL_UNLOCKABLE_LOCK);
363 SendPacket(pkt);
364 return;
365 }
366 }
367 }
368
369 // If the account is banned, reject the logon attempt
370 if (_accountInfo.IsBanned)
371 {
372 if (_accountInfo.IsPermanentlyBanned)
373 {
374 pkt << uint8(WOW_FAIL_BANNED);
375 SendPacket(pkt);
376 LOG_INFO("server.authserver.banned", "'{}:{}' [AuthChallenge] Banned account {} tried to login!", ipAddress, port, _accountInfo.Login);
377 return;
378 }
379 else
380 {
381 pkt << uint8(WOW_FAIL_SUSPENDED);
382 SendPacket(pkt);
383 LOG_INFO("server.authserver.banned", "'{}:{}' [AuthChallenge] Temporarily banned account {} tried to login!", ipAddress, port, _accountInfo.Login);
384 return;
385 }
386 }
387
388 uint8 securityFlags = 0;
389
390 // Check if a TOTP token is needed
391 if (!fields[11].IsNull())
392 {
393 securityFlags = 4;
394 _totpSecret = fields[11].Get<Binary>();
395
396 if (auto const& secret = sSecretMgr->GetSecret(SECRET_TOTP_MASTER_KEY))
397 {
398 bool success = Acore::Crypto::AEDecrypt<Acore::Crypto::AES>(*_totpSecret, *secret);
399 if (!success)
400 {
401 pkt << uint8(WOW_FAIL_DB_BUSY);
402 LOG_ERROR("server.authserver", "[AuthChallenge] Account '{}' has invalid ciphertext for TOTP token key stored", _accountInfo.Login);
403 SendPacket(pkt);
404 return;
405 }
406 }
407 }
408
409 _srp6.emplace(_accountInfo.Login,
410 fields[12].Get<Binary, Acore::Crypto::SRP6::SALT_LENGTH>(),
411 fields[13].Get<Binary, Acore::Crypto::SRP6::VERIFIER_LENGTH>());
412
413 // Fill the response packet with the result
414 if (AuthHelper::IsAcceptedClientBuild(_build))
415 {
416 pkt << uint8(WOW_SUCCESS);
417
418 pkt.append(_srp6->B);
419 pkt << uint8(1);
420 pkt.append(_srp6->g);
421 pkt << uint8(32);
422 pkt.append(_srp6->N);
423 pkt.append(_srp6->s);
424 pkt.append(VersionChallenge.data(), VersionChallenge.size());
425 pkt << uint8(securityFlags); // security flags (0x0...0x04)
426
427 if (securityFlags & 0x01) // PIN input
428 {
429 pkt << uint32(0);
430 pkt << uint64(0) << uint64(0); // 16 bytes hash?
431 }
432
433 if (securityFlags & 0x02) // Matrix input
434 {
435 pkt << uint8(0);
436 pkt << uint8(0);
437 pkt << uint8(0);
438 pkt << uint8(0);
439 pkt << uint64(0);
440 }
441
442 if (securityFlags & 0x04) // Security token input
443 pkt << uint8(1);
444
445 LOG_DEBUG("server.authserver", "'{}:{}' [AuthChallenge] account {} is using '{}' locale ({})",
446 ipAddress, port, _accountInfo.Login, _localizationName, GetLocaleByName(_localizationName));
447
448 _status = STATUS_LOGON_PROOF;
449 }
450 else
451 pkt << uint8(WOW_FAIL_VERSION_INVALID);
452
453 SendPacket(pkt);
454}
sIPLocation
#define sIPLocation
Definition: IPLocation.h:49
uint64
std::uint64_t uint64
Definition: Define.h:106
WOW_FAIL_LOCKED_ENFORCED
@ WOW_FAIL_LOCKED_ENFORCED
Definition: AuthCodes.h:40
WOW_FAIL_SUSPENDED
@ WOW_FAIL_SUSPENDED
Definition: AuthCodes.h:36
WOW_FAIL_DB_BUSY
@ WOW_FAIL_DB_BUSY
Definition: AuthCodes.h:32
WOW_FAIL_UNLOCKABLE_LOCK
@ WOW_FAIL_UNLOCKABLE_LOCK
Definition: AuthCodes.h:49
VersionChallenge
std::array< uint8, 16 > VersionChallenge
Definition: AuthSession.cpp:116
Binary
std::vector< uint8 > Binary
Definition: Field.h:41
sSecretMgr
#define sSecretMgr
Definition: SecretMgr.h:73
SECRET_TOTP_MASTER_KEY
@ SECRET_TOTP_MASTER_KEY
Definition: SecretMgr.h:31
AuthHelper::IsAcceptedClientBuild
bool IsAcceptedClientBuild(uint32 build)
Definition: AuthCodes.cpp:35
Acore::Crypto::SRP6::VERIFIER_LENGTH
static constexpr std::size_t VERIFIER_LENGTH
Definition: SRP6.h:34
Acore::Crypto::SRP6::SALT_LENGTH
static constexpr std::size_t SALT_LENGTH
Definition: SRP6.h:31
IpLocationRecord
Definition: IPLocation.h:23
AccountInfo::LockCountry
std::string LockCountry
Definition: AuthSession.h:56
AccountInfo::IsPermanentlyBanned
bool IsPermanentlyBanned
Definition: AuthSession.h:60
AccountInfo::LoadResult
void LoadResult(Field *fields)
Definition: AuthSession.cpp:138
AccountInfo::IsBanned
bool IsBanned
Definition: AuthSession.h:59
AccountInfo::IsLockedToIP
bool IsLockedToIP
Definition: AuthSession.h:55
AccountInfo::LastIP
std::string LastIP
Definition: AuthSession.h:57
AuthSession::_ipCountry
std::string _ipCountry
Definition: AuthSession.h:104
Field
Class used to access individual fields of database query result.
Definition: Field.h:99
Field::Get
std::enable_if_t< std::is_arithmetic_v< T >, T > Get() const
Definition: Field.h:113
ByteBuffer::append
void append(T value)
Definition: ByteBuffer.h:129

References _accountInfo, _build, _ipCountry, _localizationName, _srp6, _status, _totpSecret, ByteBuffer::append(), AUTH_LOGON_CHALLENGE, Field::Get(), GetLocaleByName(), Socket< AuthSession >::GetRemoteIpAddress(), Socket< AuthSession >::GetRemotePort(), AuthHelper::IsAcceptedClientBuild(), AccountInfo::IsBanned, AccountInfo::IsLockedToIP, AccountInfo::IsPermanentlyBanned, AccountInfo::LastIP, AccountInfo::LoadResult(), AccountInfo::LockCountry, LOG_DEBUG, LOG_ERROR, LOG_INFO, AccountInfo::Login, Acore::Crypto::SRP6::SALT_LENGTH, SECRET_TOTP_MASTER_KEY, SendPacket(), sIPLocation, sSecretMgr, STATUS_LOGON_PROOF, Acore::Crypto::SRP6::VERIFIER_LENGTH, VersionChallenge, WOW_FAIL_BANNED, WOW_FAIL_DB_BUSY, WOW_FAIL_LOCKED_ENFORCED, WOW_FAIL_SUSPENDED, WOW_FAIL_UNKNOWN_ACCOUNT, WOW_FAIL_UNLOCKABLE_LOCK, WOW_FAIL_VERSION_INVALID, and WOW_SUCCESS.

Referenced by HandleLogonChallenge().

◆ ReadHandler()

void AuthSession::ReadHandler ( )
overrideprotectedvirtual

Implements Socket< AuthSession >.

221{
222 MessageBuffer& packet = GetReadBuffer();
223
224 while (packet.GetActiveSize())
225 {
226 uint8 cmd = packet.GetReadPointer()[0];
227 auto itr = Handlers.find(cmd);
228 if (itr == Handlers.end())
229 {
230 // well we dont handle this, lets just ignore it
231 packet.Reset();
232 break;
233 }
234
235 if (_status != itr->second.status)
236 {
237 CloseSocket();
238 return;
239 }
240
241 uint16 size = uint16(itr->second.packetSize);
242 if (packet.GetActiveSize() < size)
243 break;
244
245 if (cmd == AUTH_LOGON_CHALLENGE || cmd == AUTH_RECONNECT_CHALLENGE)
246 {
247 sAuthLogonChallenge_C* challenge = reinterpret_cast<sAuthLogonChallenge_C*>(packet.GetReadPointer());
248 size += challenge->size;
249 if (size > MAX_ACCEPTED_CHALLENGE_SIZE)
250 {
251 CloseSocket();
252 return;
253 }
254 }
255
256 if (packet.GetActiveSize() < size)
257 break;
258
259 if (!(*this.*itr->second.handler)())
260 {
261 CloseSocket();
262 return;
263 }
264
265 packet.ReadCompleted(size);
266 }
267
268 AsyncRead();
269}
MAX_ACCEPTED_CHALLENGE_SIZE
#define MAX_ACCEPTED_CHALLENGE_SIZE
Definition: AuthSession.cpp:118
Handlers
std::unordered_map< uint8, AuthHandler > const Handlers
Definition: AuthSession.cpp:136
MessageBuffer
Definition: MessageBuffer.h:26
MessageBuffer::GetActiveSize
size_type GetActiveSize() const
Definition: MessageBuffer.h:64
MessageBuffer::Reset
void Reset()
Definition: MessageBuffer.h:46
Socket< AuthSession >::CloseSocket
void CloseSocket()
Definition: Socket.h:155

References _status, Socket< AuthSession >::AsyncRead(), AUTH_LOGON_CHALLENGE, AUTH_RECONNECT_CHALLENGE, Socket< AuthSession >::CloseSocket(), MessageBuffer::GetActiveSize(), Socket< AuthSession >::GetReadBuffer(), MessageBuffer::GetReadPointer(), Handlers, MAX_ACCEPTED_CHALLENGE_SIZE, MessageBuffer::ReadCompleted(), MessageBuffer::Reset(), and AUTH_LOGON_CHALLENGE_C::size.

◆ RealmListCallback()

void AuthSession::RealmListCallback ( PreparedQueryResult  result)
private
740{
741 std::map<uint32, uint8> characterCounts;
742 if (result)
743 {
744 do
745 {
746 Field* fields = result->Fetch();
747 characterCounts[fields[0].Get<uint32>()] = fields[1].Get<uint8>();
748 } while (result->NextRow());
749 }
750
751 // Circle through realms in the RealmList and construct the return packet (including # of user characters in each realm)
752 ByteBuffer pkt;
753
754 std::size_t RealmListSize = 0;
755 for (auto const& [realmHandle, realm] : sRealmList->GetRealms())
756 {
757 // don't work with realms which not compatible with the client
758 bool okBuild = ((_expversion & POST_BC_EXP_FLAG) && realm.Build == _build) || ((_expversion & PRE_BC_EXP_FLAG) && !AuthHelper::IsPreBCAcceptedClientBuild(realm.Build));
759
760 // No SQL injection. id of realm is controlled by the database.
761 uint32 flag = realm.Flags;
762 RealmBuildInfo const* buildInfo = sRealmList->GetBuildInfo(realm.Build);
763 if (!okBuild)
764 {
765 if (!buildInfo)
766 continue;
767
768 flag |= REALM_FLAG_OFFLINE | REALM_FLAG_SPECIFYBUILD; // tell the client what build the realm is for
769 }
770
771 if (!buildInfo)
772 flag &= ~REALM_FLAG_SPECIFYBUILD;
773
774 std::string name = realm.Name;
775 if (_expversion & PRE_BC_EXP_FLAG && flag & REALM_FLAG_SPECIFYBUILD)
776 {
777 std::ostringstream ss;
778 ss << name << " (" << buildInfo->MajorVersion << '.' << buildInfo->MinorVersion << '.' << buildInfo->BugfixVersion << ')';
779 name = ss.str();
780 }
781
782 uint8 lock = (realm.AllowedSecurityLevel > _accountInfo.SecurityLevel) ? 1 : 0;
783
784 pkt << uint8(realm.Type); // realm type
785 if (_expversion & POST_BC_EXP_FLAG) // only 2.x and 3.x clients
786 pkt << uint8(lock); // if 1, then realm locked
787
788 pkt << uint8(flag); // RealmFlags
789 pkt << name;
790 pkt << boost::lexical_cast<std::string>(realm.GetAddressForClient(GetRemoteIpAddress()));
791 pkt << float(realm.PopulationLevel);
792 pkt << uint8(characterCounts[realm.Id.Realm]);
793 pkt << uint8(realm.Timezone); // realm category
794
795 if (_expversion & POST_BC_EXP_FLAG) // 2.x and 3.x clients
796 pkt << uint8(realm.Id.Realm);
797 else
798 pkt << uint8(0x0); // 1.12.1 and 1.12.2 clients
799
800 if (_expversion & POST_BC_EXP_FLAG && flag & REALM_FLAG_SPECIFYBUILD)
801 {
802 pkt << uint8(buildInfo->MajorVersion);
803 pkt << uint8(buildInfo->MinorVersion);
804 pkt << uint8(buildInfo->BugfixVersion);
805 pkt << uint16(buildInfo->Build);
806 }
807
808 ++RealmListSize;
809 }
810
811 if (_expversion & POST_BC_EXP_FLAG) // 2.x and 3.x clients
812 {
813 pkt << uint8(0x10);
814 pkt << uint8(0x00);
815 }
816 else // 1.12.1 and 1.12.2 clients
817 {
818 pkt << uint8(0x00);
819 pkt << uint8(0x02);
820 }
821
822 // make a ByteBuffer which stores the RealmList's size
823 ByteBuffer RealmListSizeBuffer;
824 RealmListSizeBuffer << uint32(0);
825
826 if (_expversion & POST_BC_EXP_FLAG) // only 2.x and 3.x clients
827 RealmListSizeBuffer << uint16(RealmListSize);
828 else
829 RealmListSizeBuffer << uint32(RealmListSize);
830
831 ByteBuffer hdr;
832 hdr << uint8(REALM_LIST);
833 hdr << uint16(pkt.size() + RealmListSizeBuffer.size());
834 hdr.append(RealmListSizeBuffer); // append RealmList's size buffer
835 hdr.append(pkt); // append realms in the realmlist
836 SendPacket(hdr);
837
838 _status = STATUS_AUTHED;
839}
sRealmList
#define sRealmList
Definition: RealmList.h:77
REALM_FLAG_OFFLINE
@ REALM_FLAG_OFFLINE
Definition: Realm.h:29
REALM_FLAG_SPECIFYBUILD
@ REALM_FLAG_SPECIFYBUILD
Definition: Realm.h:30
realm
Realm realm
Definition: World.cpp:112
AccountInfo::SecurityLevel
AccountTypes SecurityLevel
Definition: AuthSession.h:61
ByteBuffer::size
std::size_t size() const
Definition: ByteBuffer.h:444
RealmHandle::Realm
uint32 Realm
Definition: Realm.h:43
Realm::Flags
RealmFlags Flags
Definition: Realm.h:77
Realm::AllowedSecurityLevel
AccountTypes AllowedSecurityLevel
Definition: Realm.h:79
Realm::GetAddressForClient
boost::asio::ip::tcp_endpoint GetAddressForClient(boost::asio::ip::address const &clientAddr) const
Definition: Realm.cpp:23
Realm::Timezone
uint8 Timezone
Definition: Realm.h:78
Realm::PopulationLevel
float PopulationLevel
Definition: Realm.h:80
Realm::Build
uint32 Build
Definition: Realm.h:70
Realm::Name
std::string Name
Definition: Realm.h:75
Realm::Id
RealmHandle Id
Definition: Realm.h:69
Realm::Type
uint8 Type
Definition: Realm.h:76
RealmBuildInfo
Definition: RealmList.h:29
RealmBuildInfo::MajorVersion
uint32 MajorVersion
Definition: RealmList.h:31
RealmBuildInfo::BugfixVersion
uint32 BugfixVersion
Definition: RealmList.h:33
RealmBuildInfo::Build
uint32 Build
Definition: RealmList.h:30
RealmBuildInfo::MinorVersion
uint32 MinorVersion
Definition: RealmList.h:32

References _accountInfo, _build, _expversion, _status, Realm::AllowedSecurityLevel, ByteBuffer::append(), RealmBuildInfo::BugfixVersion, Realm::Build, RealmBuildInfo::Build, Realm::Flags, Field::Get(), Realm::GetAddressForClient(), Socket< AuthSession >::GetRemoteIpAddress(), Realm::Id, AuthHelper::IsPreBCAcceptedClientBuild(), RealmBuildInfo::MajorVersion, RealmBuildInfo::MinorVersion, Realm::Name, Realm::PopulationLevel, POST_BC_EXP_FLAG, PRE_BC_EXP_FLAG, realm, RealmHandle::Realm, REALM_FLAG_OFFLINE, REALM_FLAG_SPECIFYBUILD, REALM_LIST, AccountInfo::SecurityLevel, SendPacket(), ByteBuffer::size(), sRealmList, STATUS_AUTHED, Realm::Timezone, and Realm::Type.

Referenced by HandleRealmList().

◆ ReconnectChallengeCallback()

void AuthSession::ReconnectChallengeCallback ( PreparedQueryResult  result)
private
657{
658 ByteBuffer pkt;
659 pkt << uint8(AUTH_RECONNECT_CHALLENGE);
660
661 if (!result)
662 {
663 pkt << uint8(WOW_FAIL_UNKNOWN_ACCOUNT);
664 SendPacket(pkt);
665 return;
666 }
667
668 Field* fields = result->Fetch();
669
670 _accountInfo.LoadResult(fields);
671 _sessionKey = fields[11].Get<Binary, SESSION_KEY_LENGTH>();
672 Acore::Crypto::GetRandomBytes(_reconnectProof);
673 _status = STATUS_RECONNECT_PROOF;
674
675 pkt << uint8(WOW_SUCCESS);
676 pkt.append(_reconnectProof);
677 pkt.append(VersionChallenge.data(), VersionChallenge.size());
678
679 SendPacket(pkt);
680}
SESSION_KEY_LENGTH
constexpr std::size_t SESSION_KEY_LENGTH
Definition: AuthDefines.h:24
Acore::Crypto::GetRandomBytes
std::array< uint8, S > GetRandomBytes()
Definition: CryptoRandom.h:35

References _accountInfo, _reconnectProof, _sessionKey, _status, ByteBuffer::append(), AUTH_RECONNECT_CHALLENGE, Field::Get(), Acore::Crypto::GetRandomBytes(), AccountInfo::LoadResult(), SendPacket(), SESSION_KEY_LENGTH, STATUS_RECONNECT_PROOF, VersionChallenge, WOW_FAIL_UNKNOWN_ACCOUNT, and WOW_SUCCESS.

Referenced by HandleReconnectChallenge().

◆ SendPacket()

void AuthSession::SendPacket ( ByteBuffer packet)
272{
273 if (!IsOpen())
274 return;
275
276 if (!packet.empty())
277 {
278 MessageBuffer buffer(packet.size());
279 buffer.Write(packet.contents(), packet.size());
280 QueuePacket(std::move(buffer));
281 }
282}
Socket< AuthSession >::QueuePacket
void QueuePacket(MessageBuffer &&buffer)
Definition: Socket.h:142
Socket< AuthSession >::IsOpen
bool IsOpen() const
Definition: Socket.h:153
ByteBuffer::empty
bool empty() const
Definition: ByteBuffer.h:445

References ByteBuffer::contents(), ByteBuffer::empty(), Socket< AuthSession >::IsOpen(), Socket< AuthSession >::QueuePacket(), ByteBuffer::size(), and MessageBuffer::Write().

Referenced by CheckIpCallback(), HandleLogonProof(), HandleReconnectProof(), LogonChallengeCallback(), RealmListCallback(), and ReconnectChallengeCallback().

◆ Start()

void AuthSession::Start ( )
overridevirtual

Implements Socket< AuthSession >.

170{
171 std::string ip_address = GetRemoteIpAddress().to_string();
172 LOG_TRACE("session", "Accepted connection from {}", ip_address);
173
174 LoginDatabasePreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_IP_INFO);
175 stmt->SetData(0, ip_address);
176
177 _queryProcessor.AddCallback(LoginDatabase.AsyncQuery(stmt).WithPreparedCallback(std::bind(&AuthSession::CheckIpCallback, this, std::placeholders::_1)));
178}
LOG_TRACE
#define LOG_TRACE(filterType__,...)
Definition: Log.h:172
LOGIN_SEL_IP_INFO
@ LOGIN_SEL_IP_INFO
Definition: LoginDatabase.h:34
AuthSession::CheckIpCallback
void CheckIpCallback(PreparedQueryResult result)
Definition: AuthSession.cpp:190

References _queryProcessor, AsyncCallbackProcessor< T >::AddCallback(), CheckIpCallback(), Socket< AuthSession >::GetRemoteIpAddress(), LOG_TRACE, LOGIN_SEL_IP_INFO, LoginDatabase, and PreparedStatementBase::SetData().

◆ Update()

bool AuthSession::Update ( )
overridevirtual

Reimplemented from Socket< AuthSession >.

181{
182 if (!AuthSocket::Update())
183 return false;
184
185 _queryProcessor.ProcessReadyCallbacks();
186
187 return true;
188}
AsyncCallbackProcessor::ProcessReadyCallbacks
void ProcessReadyCallbacks()
Definition: AsyncCallbackProcessor.h:40
Socket< AuthSession >::Update
virtual bool Update()
Definition: Socket.h:70

References _queryProcessor, AsyncCallbackProcessor< T >::ProcessReadyCallbacks(), and Socket< AuthSession >::Update().

◆ VerifyVersion()

bool AuthSession::VerifyVersion ( uint8 const *  a,
int32  aLength,
Acore::Crypto::SHA1::Digest const &  versionProof,
bool  isReconnect 
)
private
842{
843 if (!sConfigMgr->GetOption<bool>("StrictVersionCheck", false))
844 return true;
845
846 Acore::Crypto::SHA1::Digest zeros{};
847 Acore::Crypto::SHA1::Digest const* versionHash{ nullptr };
848
849 if (!isReconnect)
850 {
851 RealmBuildInfo const* buildInfo = sRealmList->GetBuildInfo(_build);
852 if (!buildInfo)
853 return false;
854
855 if (_os == "Win")
856 versionHash = &buildInfo->WindowsHash;
857 else if (_os == "OSX")
858 versionHash = &buildInfo->MacHash;
859
860 if (!versionHash)
861 return false;
862
863 if (zeros == *versionHash)
864 return true; // not filled serverside
865 }
866 else
867 versionHash = &zeros;
868
869 Acore::Crypto::SHA1 version;
870 version.UpdateData(a, aLength);
871 version.UpdateData(*versionHash);
872 version.Finalize();
873
874 return (versionProof == version.GetDigest());
875}
RealmBuildInfo::WindowsHash
std::array< uint8, 20 > WindowsHash
Definition: RealmList.h:35
RealmBuildInfo::MacHash
std::array< uint8, 20 > MacHash
Definition: RealmList.h:36

References _build, _os, Acore::Impl::GenericHash< HashCreator, DigestLength >::Finalize(), Acore::Impl::GenericHash< HashCreator, DigestLength >::GetDigest(), RealmBuildInfo::MacHash, sConfigMgr, sRealmList, Acore::Impl::GenericHash< HashCreator, DigestLength >::UpdateData(), and RealmBuildInfo::WindowsHash.

Referenced by HandleLogonProof(), and HandleReconnectProof().

Member Data Documentation

◆ _accountInfo

AccountInfo AuthSession::_accountInfo
private

Referenced by HandleLogonProof(), HandleRealmList(), HandleReconnectProof(), LogonChallengeCallback(), RealmListCallback(), and ReconnectChallengeCallback().

◆ _build

uint16 AuthSession::_build
private

Referenced by HandleLogonChallenge(), HandleReconnectChallenge(), LogonChallengeCallback(), RealmListCallback(), and VerifyVersion().

◆ _expversion

uint8 AuthSession::_expversion
private

Referenced by HandleLogonChallenge(), HandleLogonProof(), HandleReconnectChallenge(), and RealmListCallback().

◆ _ipCountry

std::string AuthSession::_ipCountry
private

Referenced by LogonChallengeCallback().

◆ _localizationName

std::string AuthSession::_localizationName
private

Referenced by HandleLogonChallenge(), HandleLogonProof(), HandleReconnectChallenge(), and LogonChallengeCallback().

◆ _os

std::string AuthSession::_os
private

Referenced by HandleLogonChallenge(), HandleLogonProof(), HandleReconnectChallenge(), and VerifyVersion().

◆ _queryProcessor

QueryCallbackProcessor AuthSession::_queryProcessor
private

Referenced by HandleLogonChallenge(), HandleRealmList(), HandleReconnectChallenge(), Start(), and Update().

◆ _reconnectProof

std::array<uint8, 16> AuthSession::_reconnectProof = {}
private

Referenced by HandleReconnectProof(), and ReconnectChallengeCallback().

◆ _sessionKey

SessionKey AuthSession::_sessionKey = {}
private

Referenced by HandleLogonProof(), HandleReconnectProof(), and ReconnectChallengeCallback().

◆ _srp6

Optional<Acore::Crypto::SRP6> AuthSession::_srp6
private

Referenced by HandleLogonProof(), and LogonChallengeCallback().

◆ _status

AuthStatus AuthSession::_status
private

Referenced by HandleLogonChallenge(), HandleLogonProof(), HandleRealmList(), HandleReconnectChallenge(), HandleReconnectProof(), LogonChallengeCallback(), ReadHandler(), RealmListCallback(), and ReconnectChallengeCallback().

◆ _totpSecret

Optional<std::vector<uint8> > AuthSession::_totpSecret
private

Referenced by HandleLogonProof(), and LogonChallengeCallback().

◆ Account

std::string AuthSession::Account

◆ AddonInfo

ByteBuffer AuthSession::AddonInfo

◆ BattlegroupID

uint32 AuthSession::BattlegroupID = 0

◆ Build

uint32 AuthSession::Build = 0

◆ Digest

Acore::Crypto::SHA1::Digest AuthSession::Digest = {}

◆ DosResponse

uint64 AuthSession::DosResponse = 0

◆ LocalChallenge

std::array<uint8, 4> AuthSession::LocalChallenge = {}

◆ LoginServerID

uint32 AuthSession::LoginServerID = 0

◆ LoginServerType

uint32 AuthSession::LoginServerType = 0

◆ RealmID

uint32 AuthSession::RealmID = 0

◆ RegionID

uint32 AuthSession::RegionID = 0