diff options
| author | raczman <raczman@gmail.com> | 2013-08-25 14:02:40 +0100 |
|---|---|---|
| committer | Nay <dnpd.dd@gmail.com> | 2013-08-25 14:02:40 +0100 |
| commit | ba22baebbd1394cc69366d7a19d879da43885430 (patch) | |
| tree | ef30974328e765cde2b8fea6be2bc4fca53a5bf1 /src/server/shared | |
| parent | e96aa444b07eb6d9b96b37bcef7742ad96225fb4 (diff) | |
Core/Auth: Implement time-based token for user login as described in RFC 6238.
New column in account table is a base32 of token key bytes,
coincidentally it is the same format Google's Authenticator Android app uses.
If you want that to work, set system time on server correctly and use ntpd.
Closes #10527
Signed-off-by: Nay <dnpd.dd@gmail.com>
Diffstat (limited to 'src/server/shared')
| -rw-r--r-- | src/server/shared/Cryptography/HMACSHA1.cpp | 5 | ||||
| -rw-r--r-- | src/server/shared/Cryptography/HMACSHA1.h | 1 | ||||
| -rw-r--r-- | src/server/shared/Database/Implementation/LoginDatabase.cpp | 2 |
3 files changed, 7 insertions, 1 deletions
diff --git a/src/server/shared/Cryptography/HMACSHA1.cpp b/src/server/shared/Cryptography/HMACSHA1.cpp index 62d1997ded2..c6c49f14a8e 100644 --- a/src/server/shared/Cryptography/HMACSHA1.cpp +++ b/src/server/shared/Cryptography/HMACSHA1.cpp @@ -36,6 +36,11 @@ void HmacHash::UpdateData(const std::string &str) HMAC_Update(&m_ctx, (uint8 const*)str.c_str(), str.length()); } +void HmacHash::UpdateData(const uint8* data, size_t len) +{ + HMAC_Update(&m_ctx, data, len); +} + void HmacHash::Finalize() { uint32 length = 0; diff --git a/src/server/shared/Cryptography/HMACSHA1.h b/src/server/shared/Cryptography/HMACSHA1.h index e09e7fdb43c..04b8f7d0277 100644 --- a/src/server/shared/Cryptography/HMACSHA1.h +++ b/src/server/shared/Cryptography/HMACSHA1.h @@ -34,6 +34,7 @@ class HmacHash HmacHash(uint32 len, uint8 *seed); ~HmacHash(); void UpdateData(const std::string &str); + void UpdateData(const uint8* data, size_t len); void Finalize(); uint8 *ComputeHash(BigNumber* bn); uint8 *GetDigest() { return (uint8*)m_digest; } diff --git a/src/server/shared/Database/Implementation/LoginDatabase.cpp b/src/server/shared/Database/Implementation/LoginDatabase.cpp index 6113dd61d70..26940c8a599 100644 --- a/src/server/shared/Database/Implementation/LoginDatabase.cpp +++ b/src/server/shared/Database/Implementation/LoginDatabase.cpp @@ -37,7 +37,7 @@ void LoginDatabaseConnection::DoPrepareStatements() PrepareStatement(LOGIN_SEL_SESSIONKEY, "SELECT a.sessionkey, a.id, aa.gmlevel FROM account a LEFT JOIN account_access aa ON (a.id = aa.id) WHERE username = ?", CONNECTION_SYNCH); PrepareStatement(LOGIN_UPD_VS, "UPDATE account SET v = ?, s = ? WHERE username = ?", CONNECTION_ASYNC); PrepareStatement(LOGIN_UPD_LOGONPROOF, "UPDATE account SET sessionkey = ?, last_ip = ?, last_login = NOW(), locale = ?, failed_logins = 0, os = ? WHERE username = ?", CONNECTION_ASYNC); - PrepareStatement(LOGIN_SEL_LOGONCHALLENGE, "SELECT a.sha_pass_hash, a.id, a.locked, a.lock_country, a.last_ip, aa.gmlevel, a.v, a.s FROM account a LEFT JOIN account_access aa ON (a.id = aa.id) WHERE a.username = ?", CONNECTION_SYNCH); + PrepareStatement(LOGIN_SEL_LOGONCHALLENGE, "SELECT a.sha_pass_hash, a.id, a.locked, a.lock_country, a.last_ip, aa.gmlevel, a.v, a.s, a.token_key FROM account a LEFT JOIN account_access aa ON (a.id = aa.id) WHERE a.username = ?", CONNECTION_SYNCH); PrepareStatement(LOGIN_SEL_LOGON_COUNTRY, "SELECT country FROM ip2nation WHERE ip < ? ORDER BY ip DESC LIMIT 0,1", CONNECTION_SYNCH); PrepareStatement(LOGIN_UPD_FAILEDLOGINS, "UPDATE account SET failed_logins = failed_logins + 1 WHERE username = ?", CONNECTION_ASYNC); PrepareStatement(LOGIN_SEL_FAILEDLOGINS, "SELECT id, failed_logins FROM account WHERE username = ?", CONNECTION_SYNCH); |