aboutsummaryrefslogtreecommitdiff
path: root/src/server/authserver/Server/AuthSocket.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'src/server/authserver/Server/AuthSocket.cpp')
-rw-r--r--src/server/authserver/Server/AuthSocket.cpp26
1 files changed, 26 insertions, 0 deletions
diff --git a/src/server/authserver/Server/AuthSocket.cpp b/src/server/authserver/Server/AuthSocket.cpp
index c2131f5dbf7..93c03e26c88 100644
--- a/src/server/authserver/Server/AuthSocket.cpp
+++ b/src/server/authserver/Server/AuthSocket.cpp
@@ -27,6 +27,7 @@
#include "RealmList.h"
#include "AuthSocket.h"
#include "AuthCodes.h"
+#include "TOTP.h"
#include "SHA1.h"
#include "openssl/crypto.h"
@@ -492,6 +493,12 @@ bool AuthSocket::_HandleLogonChallenge()
pkt.append(s.AsByteArray().get(), s.GetNumBytes()); // 32 bytes
pkt.append(unk3.AsByteArray(16).get(), 16);
uint8 securityFlags = 0;
+
+ // Check if token is used
+ _tokenKey = fields[8].GetString();
+ if (!_tokenKey.empty())
+ securityFlags = 4;
+
pkt << uint8(securityFlags); // security flags (0x0...0x04)
if (securityFlags & 0x01) // PIN input
@@ -652,6 +659,25 @@ bool AuthSocket::_HandleLogonProof()
sha.UpdateBigNumbers(&A, &M, &K, NULL);
sha.Finalize();
+ // Check auth token
+ if ((lp.securityFlags & 0x04) || !_tokenKey.empty())
+ {
+ uint8 size;
+ socket().recv((char*)&size, 1);
+ char* token = new char[size + 1];
+ token[size] = '\0';
+ socket().recv(token, size);
+ unsigned int validToken = TOTP::GenerateToken(_tokenKey.c_str());
+ unsigned int incomingToken = atoi(token);
+ delete[] token;
+ if (validToken != incomingToken)
+ {
+ char data[] = { AUTH_LOGON_PROOF, WOW_FAIL_UNKNOWN_ACCOUNT, 3, 0 };
+ socket().send(data, sizeof(data));
+ return false;
+ }
+ }
+
if (_expversion & POST_BC_EXP_FLAG) // 2.x and 3.x clients
{
sAuthLogonProof_S proof;