Core/Authserver: Refactoring - moved GetAddressForClient to Realm structure, changed BigNumber string methods to return std::string, added missing prepared statement

author: Shauren <shauren.trinity@gmail.com> 2014-06-01 13:03:30 +0200
committer: Shauren <shauren.trinity@gmail.com> 2014-06-01 13:03:30 +0200
commit: dc5c5ef6361f3f4dbb5fc9b5a755951c83f954fa (patch)
tree: 207e7b43ddbc9acd09b4c279b04e9a284d4709e5 /src/server/authserver/Server
parent: db2cb70120dde10ffa210ad5af8a973cc1644355 (diff)
4 files changed, 13 insertions, 74 deletions
diff --git a/src/server/authserver/Server/AuthSocket.cpp b/src/server/authserver/Server/AuthSocket.cpp
index 3afce0d77d9..8180967a92e 100644
--- a/src/server/authserver/Server/AuthSocket.cpp
+++ b/src/server/authserver/Server/AuthSocket.cpp
@@ -293,19 +293,11 @@ void AuthSocket::_SetVSFields(const std::string& rI)
     x.SetBinary(sha.GetDigest(), sha.GetLength());
     v = g.ModExp(x, N);
 
-    // No SQL injection (username escaped)
-    char *v_hex, *s_hex;
-    v_hex = v.AsHexStr();
-    s_hex = s.AsHexStr();
-
     PreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_UPD_VS);
-    stmt->setString(0, v_hex);
-    stmt->setString(1, s_hex);
+    stmt->setString(0, v.AsHexStr());
+    stmt->setString(1, s.AsHexStr());
     stmt->setString(2, _login);
     LoginDatabase.Execute(stmt);
-
-    OPENSSL_free(v_hex);
-    OPENSSL_free(s_hex);
 }
 
 // Logon Challenge command handler
@@ -650,19 +642,14 @@ bool AuthSocket::_HandleLogonProof()
         TC_LOG_DEBUG("server.authserver", "'%s:%d' User '%s' successfully authenticated", socket().getRemoteAddress().c_str(), socket().getRemotePort(), _login.c_str());
 
         // Update the sessionkey, last_ip, last login time and reset number of failed logins in the account table for this account
-        // No SQL injection (escaped user name) and IP address as received by socket
-        const char *K_hex = K.AsHexStr();
-
         PreparedStatement *stmt = LoginDatabase.GetPreparedStatement(LOGIN_UPD_LOGONPROOF);
-        stmt->setString(0, K_hex);
+        stmt->setString(0, K.AsHexStr());
         stmt->setString(1, socket().getRemoteAddress().c_str());
         stmt->setUInt32(2, GetLocaleByName(_localizationName));
         stmt->setString(3, _os);
         stmt->setString(4, _login);
         LoginDatabase.DirectExecute(stmt);
 
-        OPENSSL_free((void*)K_hex);
-
         // Finish SRP6 and send the final result to the client
         sha.Initialize();
         sha.UpdateBigNumbers(&A, &M, &K, NULL);
@@ -879,28 +866,6 @@ bool AuthSocket::_HandleReconnectProof()
     }
 }
 
-ACE_INET_Addr const& AuthSocket::GetAddressForClient(Realm const& realm, ACE_INET_Addr const& clientAddr)
-{
-    // Attempt to send best address for client
-    if (clientAddr.is_loopback())
-    {
-        // Try guessing if realm is also connected locally
-        if (realm.LocalAddress.is_loopback() || realm.ExternalAddress.is_loopback())
-            return clientAddr;
-
-        // Assume that user connecting from the machine that authserver is located on
-        // has all realms available in his local network
-        return realm.LocalAddress;
-    }
-
-    // Check if connecting client is in the same network
-    if (IsIPAddrInNetwork(realm.LocalAddress, clientAddr, realm.LocalSubnetMask))
-        return realm.LocalAddress;
-
-    // Return external IP
-    return realm.ExternalAddress;
-}
-
 // Realm List command handler
 bool AuthSocket::_HandleRealmList()
 {
@@ -981,7 +946,7 @@ bool AuthSocket::_HandleRealmList()
             pkt << lock;                                    // if 1, then realm locked
         pkt << uint8(flag);                                 // RealmFlags
         pkt << name;
-        pkt << GetAddressString(GetAddressForClient(realm, clientAddr));
+        pkt << GetAddressString(realm.GetAddressForClient(clientAddr));
         pkt << realm.populationLevel;
         pkt << AmountOfCharacters;
         pkt << realm.timezone;                              // realm category
diff --git a/src/server/authserver/Server/AuthSocket.h b/src/server/authserver/Server/AuthSocket.h
index 5e04d459ba1..e81944389ef 100644
--- a/src/server/authserver/Server/AuthSocket.h
+++ b/src/server/authserver/Server/AuthSocket.h
@@ -39,8 +39,6 @@ public:
     virtual void OnAccept(void);
     virtual void OnClose(void);
 
-    static ACE_INET_Addr const& GetAddressForClient(Realm const& realm, ACE_INET_Addr const& clientAddr);
-
     bool _HandleLogonChallenge();
     bool _HandleLogonProof();
     bool _HandleReconnectChallenge();
diff --git a/src/server/authserver/Server/BattlenetSocket.cpp b/src/server/authserver/Server/BattlenetSocket.cpp
index 12b02b5963e..258ae371075 100644
--- a/src/server/authserver/Server/BattlenetSocket.cpp
+++ b/src/server/authserver/Server/BattlenetSocket.cpp
@@ -94,35 +94,12 @@ void Battlenet::Socket::_SetVSFields(std::string const& pstr)
     x.SetBinary(sha.GetDigest(), sha.GetLength());
     v = g.ModExp(x, N);
 
-    char* v_hex = v.AsHexStr();
-    char* s_hex = s.AsHexStr();
+    PreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_UPD_BNET_VS_FIELDS);
+    stmt->setString(0, v.AsHexStr());
+    stmt->setString(1, s.AsHexStr());
+    stmt->setString(2, _accountName);
 
-    LoginDatabase.PExecute("UPDATE battlenet_accounts SET s = '%s', v = '%s' WHERE email ='%s'", s_hex, v_hex, _accountName.c_str());
-
-    OPENSSL_free(v_hex);
-    OPENSSL_free(s_hex);
-}
-
-ACE_INET_Addr const& Battlenet::Socket::GetAddressForClient(Realm const& realm, ACE_INET_Addr const& clientAddr)
-{
-    // Attempt to send best address for client
-    if (clientAddr.is_loopback())
-    {
-        // Try guessing if realm is also connected locally
-        if (realm.LocalAddress.is_loopback() || realm.ExternalAddress.is_loopback())
-            return clientAddr;
-
-        // Assume that user connecting from the machine that authserver is located on
-        // has all realms available in his local network
-        return realm.LocalAddress;
-    }
-
-    // Check if connecting client is in the same network
-    if (IsIPAddrInNetwork(realm.LocalAddress, clientAddr, realm.LocalSubnetMask))
-        return realm.LocalAddress;
-
-    // Return external IP
-    return realm.ExternalAddress;
+    LoginDatabase.Execute(stmt);
 }
 
 bool Battlenet::Socket::HandleAuthChallenge(PacketHeader& header, BitStream& packet)
@@ -425,7 +402,7 @@ bool Battlenet::Socket::HandleRealmUpdateSubscribe(PacketHeader& /*header*/, Bit
             version << buildInfo->MajorVersion << '.' << buildInfo->MinorVersion << '.' << buildInfo->BugfixVersion << '.' << buildInfo->HotfixVersion;
 
             update->Version = version.str();
-            update->Address = GetAddressForClient(realm, clientAddr);
+            update->Address = realm.GetAddressForClient(clientAddr);
             update->Build = realm.gamebuild;
         }
 
@@ -821,7 +798,7 @@ bool Battlenet::Socket::HandleRiskFingerprintModule(BitStream* dataStream, Serve
         complete->GameAccountName = str.str();
         complete->AccountFlags = 0x800000;      // 0x1 IsGMAccount, 0x8 IsTrialAccount, 0x800000 IsProPassAccount
 
-        PreparedStatement *stmt = LoginDatabase.GetPreparedStatement(LOGIN_UPD_BNET_LAST_LOGIN_INFO);
+        PreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_UPD_BNET_LAST_LOGIN_INFO);
         stmt->setString(0, _socket.getRemoteAddress());
         stmt->setUInt8(1, GetLocaleByName(_locale));
         stmt->setString(2, _os);
@@ -832,7 +809,7 @@ bool Battlenet::Socket::HandleRiskFingerprintModule(BitStream* dataStream, Serve
         complete->SetAuthResult(AUTH_BAD_VERSION_HASH);
 
     ReplaceResponse(response, complete);
-    return false;
+    return true;
 }
 
 bool Battlenet::Socket::UnhandledModule(BitStream* /*dataStream*/, ServerPacket** response)
diff --git a/src/server/authserver/Server/BattlenetSocket.h b/src/server/authserver/Server/BattlenetSocket.h
index ef6157b022a..ff441b19cdd 100644
--- a/src/server/authserver/Server/BattlenetSocket.h
+++ b/src/server/authserver/Server/BattlenetSocket.h
@@ -47,7 +47,7 @@ namespace Battlenet
         static uint32 const SRP6_V_Size;
         static uint32 const SRP6_S_Size;
 
-        Socket(RealmSocket& socket);
+        explicit Socket(RealmSocket& socket);
 
         typedef bool(Socket::*PacketHandler)(PacketHeader& socket, BitStream& packet);
 
@@ -71,7 +71,6 @@ namespace Battlenet
 
     private:
         void _SetVSFields(std::string const& rI);
-        static ACE_INET_Addr const& GetAddressForClient(Realm const& realm, ACE_INET_Addr const& clientAddr);
 
         typedef bool(Socket::*ModuleHandler)(BitStream* dataStream, ServerPacket** response);
         static ModuleHandler const ModuleHandlers[MODULE_COUNT];
author	Shauren <shauren.trinity@gmail.com>	2014-06-01 13:03:30 +0200
committer	Shauren <shauren.trinity@gmail.com>	2014-06-01 13:03:30 +0200
commit	dc5c5ef6361f3f4dbb5fc9b5a755951c83f954fa (patch)
tree	207e7b43ddbc9acd09b4c279b04e9a284d4709e5 /src/server/authserver/Server
parent	db2cb70120dde10ffa210ad5af8a973cc1644355 (diff)