diff options
| author | Machiavelli <none@none> | 2010-09-24 22:16:21 +0200 |
|---|---|---|
| committer | Machiavelli <none@none> | 2010-09-24 22:16:21 +0200 |
| commit | 3c6dc320308880bde4ef9eddd695db28a74aa0d9 (patch) | |
| tree | f209e6c487e436fc1cd978487dddf3604ce2b594 /src/server/authserver/Server/AuthSocket.cpp | |
| parent | b46b498141cc167163c6112e8e2bfa32fec2d7dc (diff) | |
Core/DBLayer:
- Rewrite Field class to be able to store both binary prepared statement data and data from adhoc query resultsets
- Buffer the data of prepared statements using ResultSet and Field classes and let go of mysql c api structures after PreparedResultSet constructor. Fixes a race condition and thus a possible crash/data corruption (issue pointed out to Derex, basic suggestion by raczman)
- Conform PreparedResultSet and ResultSet to the same design standards, and using Field class as data buffer class for both
* NOTE: This means the fetching methods are uniform again, using ¨Field* fields = result->Fetch();¨ and access to elements trough fields[x].
* NOTE: for access to the correct row in prepared statements, ¨Field* fields = result->Fetch();¨ must ALWAYS be called inside the do { }while(result->NextRow()) loop.
* NOTE: This means that Field::GetString() returns std::string object and Field::GetCString() returns const char* pointer.
Still experimental and all that jazz, not recommended for production servers until feedback is given.
--HG--
branch : trunk
Diffstat (limited to 'src/server/authserver/Server/AuthSocket.cpp')
| -rw-r--r-- | src/server/authserver/Server/AuthSocket.cpp | 32 |
1 files changed, 18 insertions, 14 deletions
diff --git a/src/server/authserver/Server/AuthSocket.cpp b/src/server/authserver/Server/AuthSocket.cpp index d908f60ef52..529cfc8ff3d 100644 --- a/src/server/authserver/Server/AuthSocket.cpp +++ b/src/server/authserver/Server/AuthSocket.cpp @@ -383,13 +383,15 @@ bool AuthSocket::_HandleLogonChallenge() PreparedQueryResult res2 = LoginDatabase.Query(stmt); if (res2) { + Field* fields = res2->Fetch(); + ///- If the IP is 'locked', check that the player comes indeed from the correct IP address bool locked = false; - if (res2->GetUInt8(2) == 1) // if ip is locked + if (fields[2].GetUInt8() == 1) // if ip is locked { - sLog.outStaticDebug("[AuthChallenge] Account '%s' is locked to IP - '%s'", _login.c_str(), res2->GetCString(3)); + sLog.outStaticDebug("[AuthChallenge] Account '%s' is locked to IP - '%s'", _login.c_str(), fields[3].GetCString()); sLog.outStaticDebug("[AuthChallenge] Player address is '%s'", ip_address.c_str()); - if (strcmp(res2->GetCString(3), ip_address.c_str())) + if (strcmp(fields[3].GetCString(), ip_address.c_str())) { sLog.outStaticDebug("[AuthChallenge] Account IP differs"); pkt << (uint8) WOW_FAIL_SUSPENDED; @@ -410,11 +412,11 @@ bool AuthSocket::_HandleLogonChallenge() ///- If the account is banned, reject the logon attempt stmt = LoginDatabase.GetPreparedStatement(LOGIN_GET_ACCBANNED); - stmt->setUInt32(0, res2->GetUInt32(1)); + stmt->setUInt32(0, fields[1].GetUInt32()); PreparedQueryResult banresult = LoginDatabase.Query(stmt); if (banresult) { - if (banresult->GetUInt64(0) == banresult->GetUInt64(1)) + if ((*banresult)[0].GetUInt64() == (*banresult)[1].GetUInt64()) { pkt << (uint8) WOW_FAIL_BANNED; sLog.outBasic("[AuthChallenge] Banned account %s tries to login!", _login.c_str()); @@ -428,11 +430,11 @@ bool AuthSocket::_HandleLogonChallenge() else { ///- Get the password from the account table, upper it, and make the SRP6 calculation - std::string rI = res2->GetString(0); + std::string rI = fields[0].GetString(); ///- Don't calculate (v, s) if there are already some in the database - std::string databaseV = res2->GetString(5); - std::string databaseS = res2->GetString(6); + std::string databaseV = fields[5].GetString(); + std::string databaseS = fields[6].GetString(); sLog.outDebug("database authentication values: v='%s' s='%s'", databaseV.c_str(), databaseS.c_str()); @@ -486,7 +488,7 @@ bool AuthSocket::_HandleLogonChallenge() if (securityFlags & 0x04) // Security token input pkt << uint8(1); - uint8 secLevel = res2->GetUInt8(4); + uint8 secLevel = fields[4].GetUInt8(); _accountSecurityLevel = secLevel <= SEC_ADMINISTRATOR ? AccountTypes(secLevel) : SEC_ADMINISTRATOR; _localizationName.resize(4); @@ -658,6 +660,7 @@ bool AuthSocket::_HandleLogonProof() { char data[4]= { AUTH_LOGON_PROOF, WOW_FAIL_UNKNOWN_ACCOUNT, 3, 0}; socket().send(data, sizeof(data)); + sLog.outBasic("[AuthChallenge] account %s tried to login with wrong password!",_login.c_str ()); uint32 MaxWrongPassCount = sConfig.GetIntDefault("WrongPass.MaxCount", 0); @@ -673,7 +676,7 @@ bool AuthSocket::_HandleLogonProof() if (PreparedQueryResult loginfail = LoginDatabase.Query(stmt)) { - uint32 failed_logins = loginfail->GetUInt32(1); + uint32 failed_logins = (*loginfail)[1].GetUInt32(); if (failed_logins >= MaxWrongPassCount) { @@ -682,7 +685,7 @@ bool AuthSocket::_HandleLogonProof() if (WrongPassBanType) { - uint32 acc_id = loginfail->GetUInt32(0); + uint32 acc_id = (*loginfail)[0].GetUInt32(); stmt = LoginDatabase.GetPreparedStatement(LOGIN_SET_ACCAUTOBANNED); stmt->setUInt32(0, acc_id); stmt->setUInt32(1, WrongPassBanTime); @@ -753,7 +756,7 @@ bool AuthSocket::_HandleReconnectChallenge() return false; } - K.SetHexStr (result->GetCString(0)); + K.SetHexStr ((*result)[0].GetCString()); ///- Sending response ByteBuffer pkt; @@ -831,7 +834,8 @@ bool AuthSocket::_HandleRealmList() return false; } - uint32 id = result->GetUInt32(0); + Field* fields = result->Fetch(); + uint32 id = fields[0].GetUInt32(); ///- Update realm list if need sRealmList->UpdateIfNeed(); @@ -862,7 +866,7 @@ bool AuthSocket::_HandleRealmList() stmt->setUInt32(1, id); result = LoginDatabase.Query(stmt); if (result) - AmountOfCharacters = result->GetUInt8(0); + AmountOfCharacters = (*result)[0].GetUInt8(); else AmountOfCharacters = 0; |