aboutsummaryrefslogtreecommitdiff
path: root/src/server/game/Accounts/AccountMgr.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'src/server/game/Accounts/AccountMgr.cpp')
-rw-r--r--src/server/game/Accounts/AccountMgr.cpp78
1 files changed, 50 insertions, 28 deletions
diff --git a/src/server/game/Accounts/AccountMgr.cpp b/src/server/game/Accounts/AccountMgr.cpp
index d29b93e859b..7e5528136f5 100644
--- a/src/server/game/Accounts/AccountMgr.cpp
+++ b/src/server/game/Accounts/AccountMgr.cpp
@@ -24,6 +24,7 @@
#include "Player.h"
#include "Realm.h"
#include "ScriptMgr.h"
+#include "SRP6.h"
#include "Util.h"
#include "World.h"
#include "WorldSession.h"
@@ -59,18 +60,21 @@ AccountOpResult AccountMgr::CreateAccount(std::string username, std::string pass
LoginDatabasePreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_INS_ACCOUNT);
stmt->setString(0, username);
- stmt->setString(1, CalculateShaPassHash(username, password));
- stmt->setString(2, email);
+ std::pair<Trinity::Crypto::SRP6::Salt, Trinity::Crypto::SRP6::Verifier> registrationData = Trinity::Crypto::SRP6::MakeRegistrationData(username, password);
+ stmt->setBinary(1, registrationData.first);
+ stmt->setBinary(2, registrationData.second);
stmt->setString(3, email);
+ stmt->setString(4, email);
+
if (bnetAccountId && bnetIndex)
{
- stmt->setUInt32(4, bnetAccountId);
- stmt->setUInt8(5, bnetIndex);
+ stmt->setUInt32(5, bnetAccountId);
+ stmt->setUInt8(6, bnetIndex);
}
else
{
- stmt->setNull(4);
stmt->setNull(5);
+ stmt->setNull(6);
}
LoginDatabase.DirectExecute(stmt); // Enforce saving, otherwise AddGroup can fail
@@ -156,6 +160,13 @@ AccountOpResult AccountMgr::DeleteAccount(uint32 accountId)
return AccountOpResult::AOR_OK;
}
+// Do not use this. Use the appropriate methods on Trinity::Crypto::SRP6 to do whatever you are trying to do.
+// See issue #25157.
+static std::string CalculateShaPassHash_DEPRECATED_DONOTUSE(std::string const& name, std::string const& password)
+{
+ return ByteArrayToHexStr(Trinity::Crypto::SHA1::GetDigestOf(name, ":", password));
+}
+
AccountOpResult AccountMgr::ChangeUsername(uint32 accountId, std::string newUsername, std::string newPassword)
{
// Check if accounts exists
@@ -176,13 +187,24 @@ AccountOpResult AccountMgr::ChangeUsername(uint32 accountId, std::string newUser
Utf8ToUpperOnlyLatin(newPassword);
stmt = LoginDatabase.GetPreparedStatement(LOGIN_UPD_USERNAME);
-
stmt->setString(0, newUsername);
- stmt->setString(1, CalculateShaPassHash(newUsername, newPassword));
- stmt->setUInt32(2, accountId);
+ stmt->setUInt32(1, accountId);
+ LoginDatabase.Execute(stmt);
+ std::pair<Trinity::Crypto::SRP6::Salt, Trinity::Crypto::SRP6::Verifier> registrationData = Trinity::Crypto::SRP6::MakeRegistrationData(newUsername, newPassword);
+ stmt = LoginDatabase.GetPreparedStatement(LOGIN_UPD_LOGON);
+ stmt->setBinary(0, registrationData.first);
+ stmt->setBinary(1, registrationData.second);
+ stmt->setUInt32(2, accountId);
LoginDatabase.Execute(stmt);
+ {
+ LoginDatabasePreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_UPD_LOGON_LEGACY);
+ stmt->setString(0, CalculateShaPassHash_DEPRECATED_DONOTUSE(newUsername, newPassword));
+ stmt->setUInt32(1, accountId);
+ LoginDatabase.Execute(stmt);
+ }
+
return AccountOpResult::AOR_OK;
}
@@ -204,22 +226,21 @@ AccountOpResult AccountMgr::ChangePassword(uint32 accountId, std::string newPass
Utf8ToUpperOnlyLatin(username);
Utf8ToUpperOnlyLatin(newPassword);
+ std::pair<Trinity::Crypto::SRP6::Salt, Trinity::Crypto::SRP6::Verifier> registrationData = Trinity::Crypto::SRP6::MakeRegistrationData(username, newPassword);
- LoginDatabasePreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_UPD_PASSWORD);
-
- stmt->setString(0, CalculateShaPassHash(username, newPassword));
- stmt->setUInt32(1, accountId);
-
- LoginDatabase.Execute(stmt);
-
- stmt = LoginDatabase.GetPreparedStatement(LOGIN_UPD_SV);
-
- stmt->setString(0, "");
- stmt->setString(1, "");
+ LoginDatabasePreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_UPD_LOGON);
+ stmt->setBinary(0, registrationData.first);
+ stmt->setBinary(1, registrationData.second);
stmt->setUInt32(2, accountId);
-
LoginDatabase.Execute(stmt);
+ {
+ LoginDatabasePreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_UPD_LOGON_LEGACY);
+ stmt->setString(0, CalculateShaPassHash_DEPRECATED_DONOTUSE(username, newPassword));
+ stmt->setUInt32(1, accountId);
+ LoginDatabase.Execute(stmt);
+ }
+
sScriptMgr->OnPasswordChange(accountId);
return AccountOpResult::AOR_OK;
}
@@ -354,10 +375,16 @@ bool AccountMgr::CheckPassword(uint32 accountId, std::string password)
LoginDatabasePreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_CHECK_PASSWORD);
stmt->setUInt32(0, accountId);
- stmt->setString(1, CalculateShaPassHash(username, password));
- PreparedQueryResult result = LoginDatabase.Query(stmt);
- return (result) ? true : false;
+ if (PreparedQueryResult result = LoginDatabase.Query(stmt))
+ {
+ Trinity::Crypto::SRP6::Salt salt = (*result)[0].GetBinary<Trinity::Crypto::SRP6::SALT_LENGTH>();
+ Trinity::Crypto::SRP6::Verifier verifier = (*result)[1].GetBinary<Trinity::Crypto::SRP6::VERIFIER_LENGTH>();
+ if (Trinity::Crypto::SRP6::CheckLogin(username, password, salt, verifier))
+ return true;
+ }
+
+ return false;
}
bool AccountMgr::CheckEmail(uint32 accountId, std::string newEmail)
@@ -387,11 +414,6 @@ uint32 AccountMgr::GetCharactersCount(uint32 accountId)
return (result) ? (*result)[0].GetUInt64() : 0;
}
-std::string AccountMgr::CalculateShaPassHash(std::string const& name, std::string const& password)
-{
- return ByteArrayToHexStr(Trinity::Crypto::SHA1::GetDigestOf(name, ":", password));
-}
-
bool AccountMgr::IsBannedAccount(std::string const& name)
{
LoginDatabasePreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_ACCOUNT_BANNED_BY_USERNAME);