Core/Authserver: Deprecation of sha_pass_hash (PR #25138)

see also #25157
2026-01-16 07:30:42 +01:00 · 2020-08-06 00:20:23 +02:00
parent 53effff9b2
commit 44a3aad0af
4 changed files with 60 additions and 4 deletions
--- a/src/server/authserver/Server/AuthSession.cpp
+++ b/src/server/authserver/Server/AuthSession.cpp
@@ -134,6 +134,7 @@ std::array<uint8, 16> VersionChallenge = { { 0xBA, 0xA3, 0x1E, 0x99, 0xA0, 0x0B,
        return;
    }

+    bool const shouldUpdate = sConfigMgr->GetBoolDefault("AllowDeprecatedExternalPasswords", false, true);
    bool hadWarning = false;
    uint32 c = 0;
    LoginDatabaseTransaction tx = LoginDatabase.BeginTransaction();
@@ -144,10 +145,37 @@ std::array<uint8, 16> VersionChallenge = { { 0xBA, 0xA3, 0x1E, 0x99, 0xA0, 0x0B,
            HexStrToByteArray<Trinity::Crypto::SHA1::DIGEST_LENGTH>((*result)[1].GetString())
        );

-        if ((*result)[2].GetInt64() && !hadWarning)
+        if ((*result)[2].GetInt64())
        {
-            hadWarning = true;
-            TC_LOG_WARN("server.authserver", "(!) You appear to be using an outdated external account management tool.\n(!!) This is INSECURE, has been deprecated, and will cease to function entirely in the near future.\n(!) Update your external tool.\n(!!) If no update is available, refer your tool's developer to https://github.com/TrinityCore/TrinityCore/issues/25157.");
+            if (!hadWarning)
+            {
+                hadWarning = true;
+                if (shouldUpdate)
+                {
+                    TC_LOG_WARN("server.authserver",
+                        "       ========\n"
+                        "(!) You appear to be using an outdated external account management tool.\n"
+                        "(!!) This is INSECURE, has been deprecated, and will cease to function entirely on September 6, 2020.\n"
+                        "(!) Update your external tool.\n"
+                        "(!!) If no update is available, refer your tool's developer to https://github.com/TrinityCore/TrinityCore/issues/25157.\n"
+                        "       ========");
+                }
+                else
+                {
+                    TC_LOG_ERROR("server.authserver",
+                        "       ========\n"
+                        "(!) You appear to be using an outdated external account management tool.\n"
+                        "(!!) This is INSECURE, and the account(s) in question will not be able to log in.\n"
+                        "(!) Update your external tool.\n"
+                        "(!!) If no update is available, refer your tool's developer to https://github.com/TrinityCore/TrinityCore/issues/25157.\n"
+                        "(!) You can override this behavior by adding \"AllowDeprecatedExternalPasswords = 1\" to your authserver.conf file.\n"
+                        "(!!) Note that this override will cease to function entirely on September 6, 2020.\n"
+                        "       ========");
+                }
+            }
+
+            if (!shouldUpdate)
+                continue;
        }

        LoginDatabasePreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_UPD_LOGON);
@@ -441,6 +469,23 @@ void AuthSession::LogonChallengeCallback(PreparedQueryResult result)

    if (!fields[10].IsNull())
    {
+        if (!sConfigMgr->GetBoolDefault("AllowDeprecatedExternalPasswords", false, true))
+        {
+            TC_LOG_ERROR("server.authserver",
+                "       ========\n"
+                "(!) You appear to be using an outdated external account management tool.\n"
+                "(!!) This is INSECURE, and the login attempt from account '%s' was BLOCKED.\n"
+                "(!) Update your external tool.\n"
+                "(!!) If no update is available, refer your tool's developer to https://github.com/TrinityCore/TrinityCore/issues/25157.\n"
+                "(!) You can override this behavior by adding \"AllowDeprecatedExternalPasswords = 1\" to your authserver.conf file.\n"
+                "(!!) Note that this override will cease to function entirely on September 6, 2020.\n"
+                "       ========", _accountInfo.Login.c_str());
+
+            pkt << uint8(WOW_FAIL_UNLOCKABLE_LOCK);
+            SendPacket(pkt);
+            return;
+        }
+
        // if this is reached, s/v were reset and we need to recalculate from sha_pass_hash
        Trinity::Crypto::SHA1::Digest sha_pass_hash;
        HexStrToByteArray(fields[10].GetString(), sha_pass_hash);
@@ -451,7 +496,13 @@ void AuthSession::LogonChallengeCallback(PreparedQueryResult result)
        stmt->setUInt32(2, _accountInfo.Id);
        LoginDatabase.Execute(stmt);

-        TC_LOG_WARN("server.authserver", "(!) You appear to be using an outdated external account management tool.\n(!!) This is INSECURE, has been deprecated, and will cease to function entirely in the near future.\n(!) Update your external tool.\n(!!) If no update is available, refer your tool's developer to https://github.com/TrinityCore/TrinityCore/issues/25157.");
+        TC_LOG_WARN("server.authserver",
+            "       ========\n"
+            "(!) You appear to be using an outdated external account management tool.\n"
+            "(!!) This is INSECURE, has been deprecated, and will cease to function entirely on September 6, 2020.\n"
+            "(!) Update your external tool.\n"
+            "(!!) If no update is available, refer your tool's developer to https://github.com/TrinityCore/TrinityCore/issues/25157.\n"
+            "       ========");

        _srp6.emplace(_accountInfo.Login, salt, verifier);
    }
--- a/src/server/game/Accounts/AccountMgr.cpp
+++ b/src/server/game/Accounts/AccountMgr.cpp
@@ -187,6 +187,7 @@ AccountOpResult AccountMgr::ChangeUsername(uint32 accountId, std::string newUser
    stmt->setUInt32(2, accountId);
    LoginDatabase.Execute(stmt);

+    if (sWorld->getBoolConfig(CONFIG_SET_SHAPASSHASH))
    {
        LoginDatabasePreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_UPD_LOGON_LEGACY);
        stmt->setString(0, CalculateShaPassHash_DEPRECATED_DONOTUSE(newUsername, newPassword));
@@ -223,6 +224,7 @@ AccountOpResult AccountMgr::ChangePassword(uint32 accountId, std::string newPass
    stmt->setUInt32(2, accountId);;
    LoginDatabase.Execute(stmt);

+    if (sWorld->getBoolConfig(CONFIG_SET_SHAPASSHASH))
    {
        LoginDatabasePreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_UPD_LOGON_LEGACY);
        stmt->setString(0, CalculateShaPassHash_DEPRECATED_DONOTUSE(username, newPassword));
--- a/src/server/game/World/World.cpp
+++ b/src/server/game/World/World.cpp
@@ -1489,6 +1489,8 @@ void World::LoadConfigSettings(bool reload)

    m_int_configs[CONFIG_BIRTHDAY_TIME] = sConfigMgr->GetIntDefault("BirthdayTime", 1222964635);

+    m_bool_configs[CONFIG_SET_SHAPASSHASH] = sConfigMgr->GetBoolDefault("SetDeprecatedExternalPasswords", false, true);
+
    m_bool_configs[CONFIG_IP_BASED_ACTION_LOGGING] = sConfigMgr->GetBoolDefault("Allow.IP.Based.Action.Logging", false);

    // AHBot
--- a/src/server/game/World/World.h
+++ b/src/server/game/World/World.h
@@ -159,6 +159,7 @@ enum WorldBoolConfigs
    CONFIG_EVENT_ANNOUNCE,
    CONFIG_STATS_LIMITS_ENABLE,
    CONFIG_INSTANCES_RESET_ANNOUNCE,
+    CONFIG_SET_SHAPASSHASH,
    CONFIG_IP_BASED_ACTION_LOGGING,
    CONFIG_ALLOW_TRACK_BOTH_RESOURCES,
    CONFIG_CALCULATE_CREATURE_ZONE_AREA_DATA,