araxiaonline/TrinityCore
3
0
Fork 0
mirror of https://github.com/araxiaonline/TrinityCore.git synced 2026-06-21 15:27:47 -04:00
Code Issues Packages Projects Releases Wiki Activity

Core/WorldSession: Added research notes about CMSG_AUTH_SESSION values and reordered checks during login to always initialize encryption first to make sure the client can read failure packet

Browse Source
This commit is contained in:
Shauren
2014-08-21 18:18:13 +02:00
parent 33da371812
commit abfd29ab61
3 changed files with 82 additions and 61 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/server/game/Server/WorldSocket.cpp
+68 -53
View File
@@ -87,8 +87,6 @@ void WorldSocket::ReadDataHandler()
{
ClientPktHeader* header = reinterpret_cast<ClientPktHeader*>(GetHeaderBuffer());
header->size -= sizeof(header->cmd);
uint16 opcode = uint16(header->cmd);
std::string opcodeName = GetOpcodeNameForLogging(opcode);
@@ -173,35 +171,30 @@ void WorldSocket::HandleAuthSession(WorldPacket& recvPacket)
std::string account;
SHA1Hash sha;
uint32 clientBuild;
uint32 unk2, unk3, unk5, unk6, unk7;
uint32 serverId, loginServerType, region, battlegroup, realmIndex;
uint64 unk4;
WorldPacket packet, SendAddonPacked;
BigNumber k;
bool wardenActive = sWorld->getBoolConfig(CONFIG_WARDEN_ENABLED);
if (sWorld->IsClosed())
{
SendAuthResponseError(AUTH_REJECT);
TC_LOG_ERROR("network", "WorldSocket::HandleAuthSession: World closed, denying client (%s).", GetRemoteIpAddress().to_string().c_str());
return;
}
// Read the content of the packet
recvPacket >> clientBuild;
recvPacket >> unk2;
recvPacket >> serverId; // Used for GRUNT only
recvPacket >> account;
recvPacket >> unk3;
recvPacket >> loginServerType; // 0 GRUNT, 1 Battle.net
recvPacket >> clientSeed;
recvPacket >> unk5 >> unk6 >> unk7;
recvPacket >> region >> battlegroup; // Used for Battle.net only
recvPacket >> realmIndex; // realmId from auth_database.realmlist table
recvPacket >> unk4;
recvPacket.read(digest, 20);
TC_LOG_DEBUG("network", "WorldSocket::HandleAuthSession: client %u, unk2 %u, account %s, unk3 %u, clientseed %u",
TC_LOG_INFO("network", "WorldSocket::HandleAuthSession: client %u, serverId %u, account %s, loginServerType %u, clientseed %u, realmIndex %u",
clientBuild,
unk2,
serverId,
account.c_str(),
unk3,
clientSeed);
loginServerType,
clientSeed,
realmIndex);
// Get the account information from the auth database
// 0 1 2 3 4 5 6 7 8
@@ -218,6 +211,7 @@ void WorldSocket::HandleAuthSession(WorldPacket& recvPacket)
// We can not log here, as we do not know the account. Thus, no accountId.
SendAuthResponseError(AUTH_UNKNOWN_ACCOUNT);
TC_LOG_ERROR("network", "WorldSocket::HandleAuthSession: Sent Auth Response (unknown account).");
DelayedCloseSocket();
return;
}
@@ -243,6 +237,57 @@ void WorldSocket::HandleAuthSession(WorldPacket& recvPacket)
// id has to be fetched at this point, so that first actual account response that fails can be logged
id = fields[0].GetUInt32();
k.SetHexStr(fields[1].GetCString());
// even if auth credentials are bad, try using the session key we have - client cannot read auth response error without it
_authCrypt.Init(&k);
// First reject the connection if packet contains invalid data or realm state doesn't allow logging in
if (sWorld->IsClosed())
{
SendAuthResponseError(AUTH_REJECT);
TC_LOG_ERROR("network", "WorldSocket::HandleAuthSession: World closed, denying client (%s).", GetRemoteIpAddress().to_string().c_str());
DelayedCloseSocket();
return;
}
if (realmIndex != realmID)
{
SendAuthResponseError(REALM_LIST_REALM_NOT_FOUND);
TC_LOG_ERROR("network", "WorldSocket::HandleAuthSession: Sent Auth Response (bad realm).");
DelayedCloseSocket();
return;
}
std::string os = fields[8].GetString();
// Must be done before WorldSession is created
if (wardenActive && os != "Win" && os != "OSX")
{
SendAuthResponseError(AUTH_REJECT);
TC_LOG_ERROR("network", "WorldSocket::HandleAuthSession: Client %s attempted to log in using invalid client OS (%s).", address.c_str(), os.c_str());
DelayedCloseSocket();
return;
}
// Check that Key and account name are the same on client and server
uint32 t = 0;
sha.UpdateData(account);
sha.UpdateData((uint8*)&t, 4);
sha.UpdateData((uint8*)&clientSeed, 4);
sha.UpdateData((uint8*)&_authSeed, 4);
sha.UpdateBigNumbers(&k, NULL);
sha.Finalize();
if (memcmp(sha.GetDigest(), digest, 20))
{
SendAuthResponseError(AUTH_FAILED);
TC_LOG_ERROR("network", "WorldSocket::HandleAuthSession: Authentication failed for account: %u ('%s') address: %s", id, account.c_str(), address.c_str());
DelayedCloseSocket();
return;
}
///- Re-check ip locking (same check as in auth).
if (fields[3].GetUInt8() == 1) // if ip is locked
{
@@ -252,12 +297,11 @@ void WorldSocket::HandleAuthSession(WorldPacket& recvPacket)
TC_LOG_DEBUG("network", "WorldSocket::HandleAuthSession: Sent Auth Response (Account IP differs. Original IP: %s, new IP: %s).", fields[2].GetCString(), address.c_str());
// We could log on hook only instead of an additional db log, however action logger is config based. Better keep DB logging as well
sScriptMgr->OnFailedAccountLogin(id);
DelayedCloseSocket();
return;
}
}
k.SetHexStr(fields[1].GetCString());
int64 mutetime = fields[5].GetInt64();
//! Negative mutetime indicates amount of seconds to be muted effective on next login - which is now.
if (mutetime < 0)
@@ -277,16 +321,6 @@ void WorldSocket::HandleAuthSession(WorldPacket& recvPacket)
locale = LOCALE_enUS;
uint32 recruiter = fields[7].GetUInt32();
std::string os = fields[8].GetString();
// Must be done before WorldSession is created
if (wardenActive && os != "Win" && os != "OSX")
{
SendAuthResponseError(AUTH_REJECT);
TC_LOG_ERROR("network", "WorldSocket::HandleAuthSession: Client %s attempted to log in using invalid client OS (%s).", address.c_str(), os.c_str());
return;
}
// Checks gmlevel per Realm
stmt = LoginDatabase.GetPreparedStatement(LOGIN_GET_GMLEVEL_BY_REALMID);
@@ -316,6 +350,7 @@ void WorldSocket::HandleAuthSession(WorldPacket& recvPacket)
SendAuthResponseError(AUTH_BANNED);
TC_LOG_ERROR("network", "WorldSocket::HandleAuthSession: Sent Auth Response (Account banned).");
sScriptMgr->OnFailedAccountLogin(id);
DelayedCloseSocket();
return;
}
@@ -327,23 +362,7 @@ void WorldSocket::HandleAuthSession(WorldPacket& recvPacket)
SendAuthResponseError(AUTH_UNAVAILABLE);
TC_LOG_INFO("network", "WorldSocket::HandleAuthSession: User tries to login but his security level is not enough");
sScriptMgr->OnFailedAccountLogin(id);
return;
}
// Check that Key and account name are the same on client and server
uint32 t = 0;
sha.UpdateData(account);
sha.UpdateData((uint8*)&t, 4);
sha.UpdateData((uint8*)&clientSeed, 4);
sha.UpdateData((uint8*)&_authSeed, 4);
sha.UpdateBigNumbers(&k, NULL);
sha.Finalize();
if (memcmp(sha.GetDigest(), digest, 20))
{
SendAuthResponseError(AUTH_FAILED);
TC_LOG_ERROR("network", "WorldSocket::HandleAuthSession: Authentication failed for account: %u ('%s') address: %s", id, account.c_str(), address.c_str());
DelayedCloseSocket();
return;
}
@@ -370,19 +389,15 @@ void WorldSocket::HandleAuthSession(WorldPacket& recvPacket)
LoginDatabase.Execute(stmt);
// NOTE ATM the socket is single-threaded, have this in mind ...
// At this point, we can safely hook a successful login
sScriptMgr->OnAccountLogin(id);
_worldSession = new WorldSession(id, shared_from_this(), AccountTypes(security), expansion, mutetime, locale, recruiter, isRecruiter);
_authCrypt.Init(&k);
_worldSession->LoadGlobalAccountData();
_worldSession->LoadTutorialsData();
_worldSession->ReadAddonsInfo(recvPacket);
_worldSession->LoadPermissions();
// At this point, we can safely hook a successful login
sScriptMgr->OnAccountLogin(id);
// Initialize Warden system only if it is enabled by config
if (wardenActive)
_worldSession->InitWarden(&k, os);