Close#17419
*Fixed exploit with SPELLMOD_COOLDOWN
*Fixed exploit with some items (like Sylvanas' Music Box)
*Little cleanup
(cherry picked from commit 0048d4b618)
* Combat/Threat rewrite (PR #19930) prep work. Mostly refactors, and a compatibility layer on ThreatManager/HostileReference that allows scripts to be changed already.
(cherry picked from commit e2a1ccd118)
* Scripts/Stockades: Cleanup the scripts
Scripts looked ugly before, now they are less ugly
Move Mortimer Moloch and Warden Thelwater to use TaskScheduler rather than EventMap
Use new script registers
Cleanup some other code
Co-authored-by: Carbenium <carbenium@outlook.com>
- no longer use sha_pass_hash for anything else core-side (.account, SOAP, RA)
- salt/verifier/session_key are now binary
- old s/v/sha_pass_hash fields kept around for backwards compatibility
- sha_pass_hash is still updated (for now), s/v are not
- sha_pass_hash is only read if s/v have been manually changed
- SRP6 b now uses the full 32 bytes of randomness (instead of randomly only using 19)
(cherry picked from commit 3164b58c7d)
- Did you know BigNumber quietly assumes every byte array it gets is little-endian, even though openssl bignums use big-endian? Now you do!
- In entirely unrelated news, make the above behavior explicit through a default-true boolean, same as existing GetBytes derivatives.
- Also, if you are in the enlightened openssl 1.1 crowd, there's no more endian wrangling involved, because openssl now does all of that for us. Progress!
(cherry picked from commit 5e36bf7c67)
- Fix a handful of 1/256 bugs with most significant byte zero in BigNumber
- Get rid of (most of) the C-style arrays in authserver
- CryptoRandom as a unified source for cryptographic randomness
- Bring our other crypto APIs into 2020
- BigNumber usability improvements
- Authserver is now actually readable as a result of all of the above
(cherry picked from commit 210176fd91)
- Changed insert queries to include column names, check columns on dump load
- Modify and search columns by name instead of storing magic offsets
- Fully forward and backward compatible with previous dumps
- Added better logs, C++11-ize code
(cherry picked from commit 9bdbd69655)
(cherry picked from commit 545f1a8385)
(cherry picked from commit 4bf8802da1)
(cherry picked from commit 44381a7873)
(cherry picked from commit f50575ca77)
- Properly detect client timeout when logged into a character after a configurable time (default 60s) has passed without the client sending any packets.
- Fixes issues with crashed clients leaving characters in the world for a very long time (default 15 minutes), as well as edge case exploits involving intentionally pausing client execution for some amount of time.
(cherry picked from commit 7dfd472f8d)
- Move on-create customs (all explored, all reputations) to CharacterHandler::HandlePlayerLogin for first login. Fixes#19839.
- Add Wrath factions to all reputations custom (it only had BC factions).
- Remove unused ReputationMgr::SendStates. Add ReputationMgr::SendState handling for sending all updated states in arbitrary order if nullptr is passed (used in point #1).
- Fix all weapon skills max custom to properly apply on learning new weapon skills.
(cherry picked from commit 4b6351e6a5)
- Leader can invite multiple people before the first invite is accepted
- Leader can cancel group formation by sending CMSG_GROUP_DISBAND (using /run LeaveParty() or similar)
Fixes#17258.
(cherry picked from commit 132538db1d)
- Now only requires the either target's group leader or target itself to be on your map
- Now summons all applicable group members even if one member fails checks
- No longer has some truly weird edge case instance unbind code that could cause exploit behavior (Really, I have no idea why this existed, because it certainly didn't do what it might've been meant to do.)
(cherry picked from commit ca02629950)
