Core/Authserver: Refactoring - moved GetAddressForClient to Realm structure, changed BigNumber string methods to return std::string, added missing prepared statement

10 files changed, 51 insertions, 82 deletions

diff --git a/src/server/authserver/Realms/RealmList.cpp b/src/server/authserver/Realms/RealmList.cpp
index bd856623faf..48b7a178c2d 100644
--- a/src/server/authserver/Realms/RealmList.cpp
+++ b/src/server/authserver/Realms/RealmList.cpp
@@ -20,8 +20,27 @@
 #include "RealmList.h"
 #include "BattlenetManager.h"
 #include "Database/DatabaseEnv.h"
+#include "Util.h"
 
-RealmList::RealmList() : m_UpdateInterval(0), m_NextUpdateTime(time(NULL)) { }
+ACE_INET_Addr const& Realm::GetAddressForClient(ACE_INET_Addr const& clientAddr) const
+{
+    // Attempt to send best address for client
+    if (clientAddr.is_loopback())
+        // Assume that user connecting from the machine that authserver is located on
+        // has all realms available in his local network
+        return LocalAddress;
+
+    // Check if connecting client is in the same network
+    if (IsIPAddrInNetwork(LocalAddress, clientAddr, LocalSubnetMask))
+        return LocalAddress;
+
+    // Return external IP
+    return ExternalAddress;
+}
+
+RealmList::RealmList() : m_UpdateInterval(0), m_NextUpdateTime(time(NULL))
+{
+}
 
 // Load the realm list from the database
 void RealmList::Initialize(uint32 updateInterval)
diff --git a/src/server/authserver/Realms/RealmList.h b/src/server/authserver/Realms/RealmList.h
index ab453720827..c4a6b4eaa0b 100644
--- a/src/server/authserver/Realms/RealmList.h
+++ b/src/server/authserver/Realms/RealmList.h
@@ -53,6 +53,8 @@ struct Realm
     uint32 gamebuild;
     uint8 Region;
     uint8 Battlegroup;
+
+    ACE_INET_Addr const& GetAddressForClient(ACE_INET_Addr const& clientAddr) const;
 };
 
 namespace Battlenet
diff --git a/src/server/authserver/Server/AuthSocket.cpp b/src/server/authserver/Server/AuthSocket.cpp
index 3afce0d77d9..8180967a92e 100644
--- a/src/server/authserver/Server/AuthSocket.cpp
+++ b/src/server/authserver/Server/AuthSocket.cpp
@@ -293,19 +293,11 @@ void AuthSocket::_SetVSFields(const std::string& rI)
     x.SetBinary(sha.GetDigest(), sha.GetLength());
     v = g.ModExp(x, N);
 
-    // No SQL injection (username escaped)
-    char *v_hex, *s_hex;
-    v_hex = v.AsHexStr();
-    s_hex = s.AsHexStr();
-
     PreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_UPD_VS);
-    stmt->setString(0, v_hex);
-    stmt->setString(1, s_hex);
+    stmt->setString(0, v.AsHexStr());
+    stmt->setString(1, s.AsHexStr());
     stmt->setString(2, _login);
     LoginDatabase.Execute(stmt);
-
-    OPENSSL_free(v_hex);
-    OPENSSL_free(s_hex);
 }
 
 // Logon Challenge command handler
@@ -650,19 +642,14 @@ bool AuthSocket::_HandleLogonProof()
         TC_LOG_DEBUG("server.authserver", "'%s:%d' User '%s' successfully authenticated", socket().getRemoteAddress().c_str(), socket().getRemotePort(), _login.c_str());
 
         // Update the sessionkey, last_ip, last login time and reset number of failed logins in the account table for this account
-        // No SQL injection (escaped user name) and IP address as received by socket
-        const char *K_hex = K.AsHexStr();
-
         PreparedStatement *stmt = LoginDatabase.GetPreparedStatement(LOGIN_UPD_LOGONPROOF);
-        stmt->setString(0, K_hex);
+        stmt->setString(0, K.AsHexStr());
         stmt->setString(1, socket().getRemoteAddress().c_str());
         stmt->setUInt32(2, GetLocaleByName(_localizationName));
         stmt->setString(3, _os);
         stmt->setString(4, _login);
         LoginDatabase.DirectExecute(stmt);
 
-        OPENSSL_free((void*)K_hex);
-
         // Finish SRP6 and send the final result to the client
         sha.Initialize();
         sha.UpdateBigNumbers(&A, &M, &K, NULL);
@@ -879,28 +866,6 @@ bool AuthSocket::_HandleReconnectProof()
     }
 }
 
-ACE_INET_Addr const& AuthSocket::GetAddressForClient(Realm const& realm, ACE_INET_Addr const& clientAddr)
-{
-    // Attempt to send best address for client
-    if (clientAddr.is_loopback())
-    {
-        // Try guessing if realm is also connected locally
-        if (realm.LocalAddress.is_loopback() || realm.ExternalAddress.is_loopback())
-            return clientAddr;
-
-        // Assume that user connecting from the machine that authserver is located on
-        // has all realms available in his local network
-        return realm.LocalAddress;
-    }
-
-    // Check if connecting client is in the same network
-    if (IsIPAddrInNetwork(realm.LocalAddress, clientAddr, realm.LocalSubnetMask))
-        return realm.LocalAddress;
-
-    // Return external IP
-    return realm.ExternalAddress;
-}
-
 // Realm List command handler
 bool AuthSocket::_HandleRealmList()
 {
@@ -981,7 +946,7 @@ bool AuthSocket::_HandleRealmList()
             pkt << lock;                                    // if 1, then realm locked
         pkt << uint8(flag);                                 // RealmFlags
         pkt << name;
-        pkt << GetAddressString(GetAddressForClient(realm, clientAddr));
+        pkt << GetAddressString(realm.GetAddressForClient(clientAddr));
         pkt << realm.populationLevel;
         pkt << AmountOfCharacters;
         pkt << realm.timezone;                              // realm category
diff --git a/src/server/authserver/Server/AuthSocket.h b/src/server/authserver/Server/AuthSocket.h
index 5e04d459ba1..e81944389ef 100644
--- a/src/server/authserver/Server/AuthSocket.h
+++ b/src/server/authserver/Server/AuthSocket.h
@@ -39,8 +39,6 @@ public:
     virtual void OnAccept(void);
     virtual void OnClose(void);
 
-    static ACE_INET_Addr const& GetAddressForClient(Realm const& realm, ACE_INET_Addr const& clientAddr);
-
     bool _HandleLogonChallenge();
     bool _HandleLogonProof();
     bool _HandleReconnectChallenge();
diff --git a/src/server/authserver/Server/BattlenetSocket.cpp b/src/server/authserver/Server/BattlenetSocket.cpp
index 12b02b5963e..258ae371075 100644
--- a/src/server/authserver/Server/BattlenetSocket.cpp
+++ b/src/server/authserver/Server/BattlenetSocket.cpp
@@ -94,35 +94,12 @@ void Battlenet::Socket::_SetVSFields(std::string const& pstr)
     x.SetBinary(sha.GetDigest(), sha.GetLength());
     v = g.ModExp(x, N);
 
-    char* v_hex = v.AsHexStr();
-    char* s_hex = s.AsHexStr();
+    PreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_UPD_BNET_VS_FIELDS);
+    stmt->setString(0, v.AsHexStr());
+    stmt->setString(1, s.AsHexStr());
+    stmt->setString(2, _accountName);
 
-    LoginDatabase.PExecute("UPDATE battlenet_accounts SET s = '%s', v = '%s' WHERE email ='%s'", s_hex, v_hex, _accountName.c_str());
-
-    OPENSSL_free(v_hex);
-    OPENSSL_free(s_hex);
-}
-
-ACE_INET_Addr const& Battlenet::Socket::GetAddressForClient(Realm const& realm, ACE_INET_Addr const& clientAddr)
-{
-    // Attempt to send best address for client
-    if (clientAddr.is_loopback())
-    {
-        // Try guessing if realm is also connected locally
-        if (realm.LocalAddress.is_loopback() || realm.ExternalAddress.is_loopback())
-            return clientAddr;
-
-        // Assume that user connecting from the machine that authserver is located on
-        // has all realms available in his local network
-        return realm.LocalAddress;
-    }
-
-    // Check if connecting client is in the same network
-    if (IsIPAddrInNetwork(realm.LocalAddress, clientAddr, realm.LocalSubnetMask))
-        return realm.LocalAddress;
-
-    // Return external IP
-    return realm.ExternalAddress;
+    LoginDatabase.Execute(stmt);
 }
 
 bool Battlenet::Socket::HandleAuthChallenge(PacketHeader& header, BitStream& packet)
@@ -425,7 +402,7 @@ bool Battlenet::Socket::HandleRealmUpdateSubscribe(PacketHeader& /*header*/, Bit
             version << buildInfo->MajorVersion << '.' << buildInfo->MinorVersion << '.' << buildInfo->BugfixVersion << '.' << buildInfo->HotfixVersion;
 
             update->Version = version.str();
-            update->Address = GetAddressForClient(realm, clientAddr);
+            update->Address = realm.GetAddressForClient(clientAddr);
             update->Build = realm.gamebuild;
         }
 
@@ -821,7 +798,7 @@ bool Battlenet::Socket::HandleRiskFingerprintModule(BitStream* dataStream, Serve
         complete->GameAccountName = str.str();
         complete->AccountFlags = 0x800000;      // 0x1 IsGMAccount, 0x8 IsTrialAccount, 0x800000 IsProPassAccount
 
-        PreparedStatement *stmt = LoginDatabase.GetPreparedStatement(LOGIN_UPD_BNET_LAST_LOGIN_INFO);
+        PreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_UPD_BNET_LAST_LOGIN_INFO);
         stmt->setString(0, _socket.getRemoteAddress());
         stmt->setUInt8(1, GetLocaleByName(_locale));
         stmt->setString(2, _os);
@@ -832,7 +809,7 @@ bool Battlenet::Socket::HandleRiskFingerprintModule(BitStream* dataStream, Serve
         complete->SetAuthResult(AUTH_BAD_VERSION_HASH);
 
     ReplaceResponse(response, complete);
-    return false;
+    return true;
 }
 
 bool Battlenet::Socket::UnhandledModule(BitStream* /*dataStream*/, ServerPacket** response)
diff --git a/src/server/authserver/Server/BattlenetSocket.h b/src/server/authserver/Server/BattlenetSocket.h
index ef6157b022a..ff441b19cdd 100644
--- a/src/server/authserver/Server/BattlenetSocket.h
+++ b/src/server/authserver/Server/BattlenetSocket.h
@@ -47,7 +47,7 @@ namespace Battlenet
         static uint32 const SRP6_V_Size;
         static uint32 const SRP6_S_Size;
 
-        Socket(RealmSocket& socket);
+        explicit Socket(RealmSocket& socket);
 
         typedef bool(Socket::*PacketHandler)(PacketHeader& socket, BitStream& packet);
 
@@ -71,7 +71,6 @@ namespace Battlenet
 
     private:
         void _SetVSFields(std::string const& rI);
-        static ACE_INET_Addr const& GetAddressForClient(Realm const& realm, ACE_INET_Addr const& clientAddr);
 
         typedef bool(Socket::*ModuleHandler)(BitStream* dataStream, ServerPacket** response);
         static ModuleHandler const ModuleHandlers[MODULE_COUNT];
diff --git a/src/server/shared/Cryptography/BigNumber.cpp b/src/server/shared/Cryptography/BigNumber.cpp
index 1f3fc96e28d..1c82314bdba 100644
--- a/src/server/shared/Cryptography/BigNumber.cpp
+++ b/src/server/shared/Cryptography/BigNumber.cpp
@@ -190,13 +190,19 @@ ACE_Auto_Array_Ptr<uint8> BigNumber::AsByteArray(int32 minSize, bool littleEndia
     return ret;
 }
 
-char * BigNumber::AsHexStr() const
+std::string BigNumber::AsHexStr() const
 {
-    return BN_bn2hex(_bn);
+    char* ch = BN_bn2hex(_bn);
+    std::string ret = ch;
+    OPENSSL_free(ch);
+    return ret;
 }
 
-char * BigNumber::AsDecStr() const
+std::string BigNumber::AsDecStr() const
 {
-    return BN_bn2dec(_bn);
+    char* ch = BN_bn2dec(_bn);
+    std::string ret = ch;
+    OPENSSL_free(ch);
+    return ret;
 }
 
diff --git a/src/server/shared/Cryptography/BigNumber.h b/src/server/shared/Cryptography/BigNumber.h
index dc553babec9..7de53b442ae 100644
--- a/src/server/shared/Cryptography/BigNumber.h
+++ b/src/server/shared/Cryptography/BigNumber.h
@@ -21,6 +21,7 @@
 
 #include "Define.h"
 #include <ace/Auto_Ptr.h>
+#include <string>
 
 struct bignum_st;
 
@@ -89,8 +90,8 @@ class BigNumber
 
         ACE_Auto_Array_Ptr<uint8> AsByteArray(int32 minSize = 0, bool littleEndian = true);
 
-        char * AsHexStr() const;
-        char * AsDecStr() const;
+        std::string AsHexStr() const;
+        std::string AsDecStr() const;
 
     private:
         struct bignum_st *_bn;
diff --git a/src/server/shared/Database/Implementation/LoginDatabase.cpp b/src/server/shared/Database/Implementation/LoginDatabase.cpp
index 208873448c6..a54557310e1 100644
--- a/src/server/shared/Database/Implementation/LoginDatabase.cpp
+++ b/src/server/shared/Database/Implementation/LoginDatabase.cpp
@@ -106,6 +106,7 @@ void LoginDatabaseConnection::DoPrepareStatements()
     PrepareStatement(LOGIN_SEL_BNET_ACCOUNT_INFO, "SELECT sha_pass_hash, id, locked, lock_country, last_ip, v, s FROM battlenet_accounts WHERE email = ?", CONNECTION_SYNCH);
     PrepareStatement(LOGIN_DEL_BNET_EXPIRED_BANS, "UPDATE battlenet_account_bans SET active = 0 WHERE active = 1 AND unbandate <> bandate AND unbandate <= UNIX_TIMESTAMP()", CONNECTION_SYNCH);
     PrepareStatement(LOGIN_SEL_BNET_ACTIVE_ACCOUNT_BAN, "SELECT bandate, unbandate FROM battlenet_account_bans WHERE id = ? AND active = 1", CONNECTION_SYNCH);
+    PrepareStatement(LOGIN_UPD_BNET_VS_FIELDS, "UPDATE battlenet_accounts SET v = ?, s = ? WHERE email = ?", CONNECTION_ASYNC);
     PrepareStatement(LOGIN_SEL_BNET_GAME_ACCOUNTS, "SELECT a.username, a.id, ab.bandate, ab.unbandate, ab.active FROM account a LEFT JOIN account_banned ab ON a.id = ab.id WHERE battlenet_account = ?", CONNECTION_SYNCH);
     PrepareStatement(LOGIN_SEL_BNET_GAME_ACCOUNT, "SELECT a.id, ab.bandate, ab.unbandate, ab.active FROM account a LEFT JOIN account_banned ab ON a.id = ab.id WHERE username = ? AND battlenet_account = ?", CONNECTION_SYNCH);
     PrepareStatement(LOGIN_UPD_BNET_LAST_LOGIN_INFO, "UPDATE battlenet_accounts SET last_ip = ?, last_login = NOW(), locale = ?, failed_logins = 0, os = ? WHERE id = ?", CONNECTION_ASYNC);
@@ -114,5 +115,5 @@ void LoginDatabaseConnection::DoPrepareStatements()
     PrepareStatement(LOGIN_SEL_BNET_ACCOUNT_EMAIL_BY_ID, "SELECT email FROM battlenet_accounts WHERE id = ?", CONNECTION_SYNCH);
     PrepareStatement(LOGIN_SEL_BNET_ACCOUNT_ID_BY_EMAIL, "SELECT id FROM battlenet_accounts WHERE email = ?", CONNECTION_SYNCH);
     PrepareStatement(LOGIN_UPD_BNET_PASSWORD, "UPDATE account SET v = '', s = '', username = ?, sha_pass_hash = ? WHERE id = ?", CONNECTION_ASYNC);
-    PrepareStatement(LOGIN_SEL_BNET_CHECK_PASSWORD, "SELECT 1 FROM battlenet_accounts WHERE id = %u AND sha_pass_hash = ?", CONNECTION_ASYNC);
+    PrepareStatement(LOGIN_SEL_BNET_CHECK_PASSWORD, "SELECT 1 FROM battlenet_accounts WHERE id = ? AND sha_pass_hash = ?", CONNECTION_ASYNC);
 }
diff --git a/src/server/shared/Database/Implementation/LoginDatabase.h b/src/server/shared/Database/Implementation/LoginDatabase.h
index 18f9110409d..fff7a36766c 100644
--- a/src/server/shared/Database/Implementation/LoginDatabase.h
+++ b/src/server/shared/Database/Implementation/LoginDatabase.h
@@ -125,6 +125,7 @@ enum LoginDatabaseStatements
     LOGIN_SEL_BNET_ACCOUNT_INFO,
     LOGIN_DEL_BNET_EXPIRED_BANS,
     LOGIN_SEL_BNET_ACTIVE_ACCOUNT_BAN,
+    LOGIN_UPD_BNET_VS_FIELDS,
     LOGIN_SEL_BNET_GAME_ACCOUNTS,
     LOGIN_SEL_BNET_GAME_ACCOUNT,
     LOGIN_UPD_BNET_LAST_LOGIN_INFO,