aboutsummaryrefslogtreecommitdiff
path: root/src/server/game
diff options
context:
space:
mode:
Diffstat (limited to 'src/server/game')
-rw-r--r--src/server/game/Accounts/AccountMgr.cpp71
-rw-r--r--src/server/game/Accounts/AccountMgr.h1
-rw-r--r--src/server/game/Server/WorldSocket.cpp2
3 files changed, 47 insertions, 27 deletions
diff --git a/src/server/game/Accounts/AccountMgr.cpp b/src/server/game/Accounts/AccountMgr.cpp
index 36c2e7955cb..19876a4e192 100644
--- a/src/server/game/Accounts/AccountMgr.cpp
+++ b/src/server/game/Accounts/AccountMgr.cpp
@@ -24,6 +24,7 @@
#include "Player.h"
#include "Realm.h"
#include "ScriptMgr.h"
+#include "SRP6.h"
#include "Util.h"
#include "World.h"
#include "WorldSession.h"
@@ -59,9 +60,11 @@ AccountOpResult AccountMgr::CreateAccount(std::string username, std::string pass
LoginDatabasePreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_INS_ACCOUNT);
stmt->setString(0, username);
- stmt->setString(1, CalculateShaPassHash(username, password));
- stmt->setString(2, email);
+ auto [salt, verifier] = Trinity::Crypto::SRP6::MakeRegistrationData(username, password);
+ stmt->setBinary(1, salt);
+ stmt->setBinary(2, verifier);
stmt->setString(3, email);
+ stmt->setString(4, email);
LoginDatabase.DirectExecute(stmt); // Enforce saving, otherwise AddGroup can fail
@@ -146,6 +149,13 @@ AccountOpResult AccountMgr::DeleteAccount(uint32 accountId)
return AccountOpResult::AOR_OK;
}
+// Do not use this. Use the appropriate methods on Trinity::Crypto::SRP6 to do whatever you are trying to do.
+// See issue #25157.
+static std::string CalculateShaPassHash_DEPRECATED_DONOTUSE(std::string const& name, std::string const& password)
+{
+ return ByteArrayToHexStr(Trinity::Crypto::SHA1::GetDigestOf(name, ":", password));
+}
+
AccountOpResult AccountMgr::ChangeUsername(uint32 accountId, std::string newUsername, std::string newPassword)
{
// Check if accounts exists
@@ -166,13 +176,24 @@ AccountOpResult AccountMgr::ChangeUsername(uint32 accountId, std::string newUser
Utf8ToUpperOnlyLatin(newPassword);
stmt = LoginDatabase.GetPreparedStatement(LOGIN_UPD_USERNAME);
-
stmt->setString(0, newUsername);
- stmt->setString(1, CalculateShaPassHash(newUsername, newPassword));
- stmt->setUInt32(2, accountId);
+ stmt->setUInt32(1, accountId);
+ LoginDatabase.Execute(stmt);
+ auto [salt, verifier] = Trinity::Crypto::SRP6::MakeRegistrationData(newUsername, newPassword);
+ stmt = LoginDatabase.GetPreparedStatement(LOGIN_UPD_LOGON);
+ stmt->setBinary(0, salt);
+ stmt->setBinary(1, verifier);
+ stmt->setUInt32(2, accountId);
LoginDatabase.Execute(stmt);
+ {
+ LoginDatabasePreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_UPD_LOGON_LEGACY);
+ stmt->setString(0, CalculateShaPassHash_DEPRECATED_DONOTUSE(newUsername, newPassword));
+ stmt->setUInt32(1, accountId);
+ LoginDatabase.Execute(stmt);
+ }
+
return AccountOpResult::AOR_OK;
}
@@ -194,21 +215,20 @@ AccountOpResult AccountMgr::ChangePassword(uint32 accountId, std::string newPass
Utf8ToUpperOnlyLatin(username);
Utf8ToUpperOnlyLatin(newPassword);
+ auto [salt, verifier] = Trinity::Crypto::SRP6::MakeRegistrationData(username, newPassword);
- LoginDatabasePreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_UPD_PASSWORD);
-
- stmt->setString(0, CalculateShaPassHash(username, newPassword));
- stmt->setUInt32(1, accountId);
-
+ LoginDatabasePreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_UPD_LOGON);
+ stmt->setBinary(0, salt);
+ stmt->setBinary(1, verifier);
+ stmt->setUInt32(2, accountId);;
LoginDatabase.Execute(stmt);
- stmt = LoginDatabase.GetPreparedStatement(LOGIN_UPD_SV);
-
- stmt->setString(0, "");
- stmt->setString(1, "");
- stmt->setString(2, username);
-
- LoginDatabase.Execute(stmt);
+ {
+ LoginDatabasePreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_UPD_LOGON_LEGACY);
+ stmt->setString(0, CalculateShaPassHash_DEPRECATED_DONOTUSE(username, newPassword));
+ stmt->setUInt32(1, accountId);
+ LoginDatabase.Execute(stmt);
+ }
sScriptMgr->OnPasswordChange(accountId);
return AccountOpResult::AOR_OK;
@@ -346,10 +366,16 @@ bool AccountMgr::CheckPassword(uint32 accountId, std::string password)
LoginDatabasePreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_CHECK_PASSWORD);
stmt->setUInt32(0, accountId);
- stmt->setString(1, CalculateShaPassHash(username, password));
- PreparedQueryResult result = LoginDatabase.Query(stmt);
- return (result) ? true : false;
+ if (PreparedQueryResult result = LoginDatabase.Query(stmt))
+ {
+ Trinity::Crypto::SRP6::Salt salt = (*result)[0].GetBinary<Trinity::Crypto::SRP6::SALT_LENGTH>();
+ Trinity::Crypto::SRP6::Verifier verifier = (*result)[1].GetBinary<Trinity::Crypto::SRP6::VERIFIER_LENGTH>();
+ if (Trinity::Crypto::SRP6::CheckLogin(username, password, salt, verifier))
+ return true;
+ }
+
+ return false;
}
bool AccountMgr::CheckEmail(uint32 accountId, std::string newEmail)
@@ -379,11 +405,6 @@ uint32 AccountMgr::GetCharactersCount(uint32 accountId)
return (result) ? (*result)[0].GetUInt64() : 0;
}
-std::string AccountMgr::CalculateShaPassHash(std::string const& name, std::string const& password)
-{
- return ByteArrayToHexStr(Trinity::Crypto::SHA1::GetDigestOf(name, ":", password));
-}
-
bool AccountMgr::IsBannedAccount(std::string const& name)
{
LoginDatabasePreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_ACCOUNT_BANNED_BY_USERNAME);
diff --git a/src/server/game/Accounts/AccountMgr.h b/src/server/game/Accounts/AccountMgr.h
index 07a3d694492..446ec93f7a3 100644
--- a/src/server/game/Accounts/AccountMgr.h
+++ b/src/server/game/Accounts/AccountMgr.h
@@ -73,7 +73,6 @@ class TC_GAME_API AccountMgr
static bool GetEmail(uint32 accountId, std::string& email);
static uint32 GetCharactersCount(uint32 accountId);
- static std::string CalculateShaPassHash(std::string const& name, std::string const& password);
static bool IsBannedAccount(std::string const& name);
static bool IsPlayerAccount(uint32 gmlevel);
static bool IsAdminAccount(uint32 gmlevel);
diff --git a/src/server/game/Server/WorldSocket.cpp b/src/server/game/Server/WorldSocket.cpp
index 35fc14aa034..90b42221598 100644
--- a/src/server/game/Server/WorldSocket.cpp
+++ b/src/server/game/Server/WorldSocket.cpp
@@ -270,7 +270,7 @@ struct AccountInfo
// LEFT JOIN account r ON a.id = r.recruiter
// WHERE a.username = ? ORDER BY aa.RealmID DESC LIMIT 1
Id = fields[0].GetUInt32();
- HexStrToByteArray(fields[1].GetCString(), SessionKey);
+ SessionKey = fields[1].GetBinary<SESSION_KEY_LENGTH>();
LastIP = fields[2].GetString();
IsLockedToIP = fields[3].GetBool();
LockCountry = fields[4].GetString();