From fb43a92cc2aaffab42efebf025b6a12c01af8fde Mon Sep 17 00:00:00 2001 From: Shauren Date: Thu, 7 Feb 2013 16:15:23 +0100 Subject: Core/Accounts: sessionkey field in account table is only a temporary storage to pass data from authserver to worldserver and should only be used as such. Clearing sessionkey from database after a successful login to prevent possible exploits. --- src/server/shared/Database/Implementation/LoginDatabase.cpp | 3 ++- src/server/shared/Database/Implementation/LoginDatabase.h | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) (limited to 'src/server/shared/Database/Implementation') diff --git a/src/server/shared/Database/Implementation/LoginDatabase.cpp b/src/server/shared/Database/Implementation/LoginDatabase.cpp index bbb51cfbde6..747f3ef1dc6 100644 --- a/src/server/shared/Database/Implementation/LoginDatabase.cpp +++ b/src/server/shared/Database/Implementation/LoginDatabase.cpp @@ -35,6 +35,7 @@ void LoginDatabaseConnection::DoPrepareStatements() PrepareStatement(LOGIN_INS_ACCOUNT_AUTO_BANNED, "INSERT INTO account_banned VALUES (?, UNIX_TIMESTAMP(), UNIX_TIMESTAMP()+?, 'Trinity realmd', 'Failed login autoban', 1)", CONNECTION_ASYNC); PrepareStatement(LOGIN_DEL_ACCOUNT_BANNED, "DELETE FROM account_banned WHERE id = ?", CONNECTION_ASYNC); PrepareStatement(LOGIN_SEL_SESSIONKEY, "SELECT a.sessionkey, a.id, aa.gmlevel FROM account a LEFT JOIN account_access aa ON (a.id = aa.id) WHERE username = ?", CONNECTION_SYNCH); + PrepareStatement(LOGIN_UPD_CLEAR_SESSIONKEY, "UPDATE account SET sessionkey = '' WHERE id = ?", CONNECTION_ASYNC); PrepareStatement(LOGIN_UPD_VS, "UPDATE account SET v = ?, s = ? WHERE username = ?", CONNECTION_ASYNC); PrepareStatement(LOGIN_UPD_LOGONPROOF, "UPDATE account SET sessionkey = ?, last_ip = ?, last_login = NOW(), locale = ?, failed_logins = 0, os = ? WHERE username = ?", CONNECTION_ASYNC); PrepareStatement(LOGIN_SEL_LOGONCHALLENGE, "SELECT a.sha_pass_hash, a.id, a.locked, a.last_ip, aa.gmlevel, a.v, a.s FROM account a LEFT JOIN account_access aa ON (a.id = aa.id) WHERE a.username = ?", CONNECTION_SYNCH); @@ -42,7 +43,7 @@ void LoginDatabaseConnection::DoPrepareStatements() PrepareStatement(LOGIN_SEL_FAILEDLOGINS, "SELECT id, failed_logins FROM account WHERE username = ?", CONNECTION_SYNCH); PrepareStatement(LOGIN_SEL_ACCOUNT_ID_BY_NAME, "SELECT id FROM account WHERE username = ?", CONNECTION_SYNCH); PrepareStatement(LOGIN_SEL_ACCOUNT_LIST_BY_NAME, "SELECT id, username FROM account WHERE username = ?", CONNECTION_SYNCH); - PrepareStatement(LOGIN_SEL_ACCOUNT_INFO_BY_NAME, "SELECT id, sessionkey, last_ip, locked, v, s, expansion, mutetime, locale, recruiter, os FROM account WHERE username = ?", CONNECTION_SYNCH); + PrepareStatement(LOGIN_SEL_ACCOUNT_INFO_BY_NAME, "SELECT id, sessionkey, last_ip, locked, expansion, mutetime, locale, recruiter, os FROM account WHERE username = ?", CONNECTION_SYNCH); PrepareStatement(LOGIN_SEL_ACCOUNT_LIST_BY_EMAIL, "SELECT id, username FROM account WHERE email = ?", CONNECTION_SYNCH); PrepareStatement(LOGIN_SEL_NUM_CHARS_ON_REALM, "SELECT numchars FROM realmcharacters WHERE realmid = ? AND acctid= ?", CONNECTION_SYNCH); PrepareStatement(LOGIN_SEL_ACCOUNT_BY_IP, "SELECT id, username FROM account WHERE last_ip = ?", CONNECTION_SYNCH); diff --git a/src/server/shared/Database/Implementation/LoginDatabase.h b/src/server/shared/Database/Implementation/LoginDatabase.h index 939cc4b4790..6cd4ec99b79 100644 --- a/src/server/shared/Database/Implementation/LoginDatabase.h +++ b/src/server/shared/Database/Implementation/LoginDatabase.h @@ -53,6 +53,7 @@ enum LoginDatabaseStatements LOGIN_INS_ACCOUNT_AUTO_BANNED, LOGIN_DEL_ACCOUNT_BANNED, LOGIN_SEL_SESSIONKEY, + LOGIN_UPD_CLEAR_SESSIONKEY, LOGIN_UPD_VS, LOGIN_UPD_LOGONPROOF, LOGIN_SEL_LOGONCHALLENGE, -- cgit v1.2.3 From b6e56e42eaebbe509cb0574829afafdf31ba9d2c Mon Sep 17 00:00:00 2001 From: Shauren Date: Fri, 8 Feb 2013 01:03:56 +0100 Subject: Core/Auth: Reverted part of fb43a92cc2aaffab42efebf025b6a12c01af8fde - session key is still needed after logging in to be able to switch realms --- sql/base/auth_database.sql | 2 +- sql/updates/auth/2013_02_08_00_auth_account.sql | 1 + src/server/authserver/Server/AuthSocket.cpp | 2 +- src/server/game/Server/WorldSocket.cpp | 6 ------ src/server/shared/Database/Implementation/LoginDatabase.cpp | 1 - src/server/shared/Database/Implementation/LoginDatabase.h | 1 - 6 files changed, 3 insertions(+), 10 deletions(-) create mode 100644 sql/updates/auth/2013_02_08_00_auth_account.sql (limited to 'src/server/shared/Database/Implementation') diff --git a/sql/base/auth_database.sql b/sql/base/auth_database.sql index cdff87c245a..9aaadcb55d5 100644 --- a/sql/base/auth_database.sql +++ b/sql/base/auth_database.sql @@ -26,7 +26,7 @@ CREATE TABLE `account` ( `id` int(10) unsigned NOT NULL AUTO_INCREMENT COMMENT 'Identifier', `username` varchar(32) NOT NULL DEFAULT '', `sha_pass_hash` varchar(40) NOT NULL DEFAULT '', - `sessionkey` varchar(80) NOT NULL DEFAULT '' COMMENT 'Temporary storage of session key used to pass data from authserver to worldserver', + `sessionkey` varchar(80) NOT NULL DEFAULT '', `v` varchar(64) NOT NULL DEFAULT '', `s` varchar(64) NOT NULL DEFAULT '', `email` varchar(254) NOT NULL DEFAULT '', diff --git a/sql/updates/auth/2013_02_08_00_auth_account.sql b/sql/updates/auth/2013_02_08_00_auth_account.sql new file mode 100644 index 00000000000..49948781444 --- /dev/null +++ b/sql/updates/auth/2013_02_08_00_auth_account.sql @@ -0,0 +1 @@ +ALTER TABLE `account` CHANGE `sessionkey` `sessionkey` varchar(80) NOT NULL DEFAULT '' AFTER `sha_pass_hash`; diff --git a/src/server/authserver/Server/AuthSocket.cpp b/src/server/authserver/Server/AuthSocket.cpp index b0bce520d4f..32ddf029f1c 100644 --- a/src/server/authserver/Server/AuthSocket.cpp +++ b/src/server/authserver/Server/AuthSocket.cpp @@ -207,7 +207,7 @@ AuthSocket::AuthSocket(RealmSocket& socket) : pPatch(NULL), socket_(socket) // Close patch file descriptor before leaving AuthSocket::~AuthSocket(void) {} -// Accept the connection and set the s random value for SRP6 +// Accept the connection void AuthSocket::OnAccept(void) { sLog->outDebug(LOG_FILTER_AUTHSERVER, "'%s:%d' Accepting connection", socket().getRemoteAddress().c_str(), socket().getRemotePort()); diff --git a/src/server/game/Server/WorldSocket.cpp b/src/server/game/Server/WorldSocket.cpp index 5260b5f77a9..b2534bfbb0c 100644 --- a/src/server/game/Server/WorldSocket.cpp +++ b/src/server/game/Server/WorldSocket.cpp @@ -933,12 +933,6 @@ int WorldSocket::HandleAuthSession(WorldPacket& recvPacket) // NOTE ATM the socket is single-threaded, have this in mind ... ACE_NEW_RETURN(m_Session, WorldSession(id, this, AccountTypes(security), expansion, mutetime, locale, recruiter, isRecruiter), -1); - stmt = LoginDatabase.GetPreparedStatement(LOGIN_UPD_CLEAR_SESSIONKEY); - - stmt->setUInt32(0, id); - - LoginDatabase.Execute(stmt); - m_Crypt.Init(&k); m_Session->LoadGlobalAccountData(); diff --git a/src/server/shared/Database/Implementation/LoginDatabase.cpp b/src/server/shared/Database/Implementation/LoginDatabase.cpp index 747f3ef1dc6..a23294a038c 100644 --- a/src/server/shared/Database/Implementation/LoginDatabase.cpp +++ b/src/server/shared/Database/Implementation/LoginDatabase.cpp @@ -35,7 +35,6 @@ void LoginDatabaseConnection::DoPrepareStatements() PrepareStatement(LOGIN_INS_ACCOUNT_AUTO_BANNED, "INSERT INTO account_banned VALUES (?, UNIX_TIMESTAMP(), UNIX_TIMESTAMP()+?, 'Trinity realmd', 'Failed login autoban', 1)", CONNECTION_ASYNC); PrepareStatement(LOGIN_DEL_ACCOUNT_BANNED, "DELETE FROM account_banned WHERE id = ?", CONNECTION_ASYNC); PrepareStatement(LOGIN_SEL_SESSIONKEY, "SELECT a.sessionkey, a.id, aa.gmlevel FROM account a LEFT JOIN account_access aa ON (a.id = aa.id) WHERE username = ?", CONNECTION_SYNCH); - PrepareStatement(LOGIN_UPD_CLEAR_SESSIONKEY, "UPDATE account SET sessionkey = '' WHERE id = ?", CONNECTION_ASYNC); PrepareStatement(LOGIN_UPD_VS, "UPDATE account SET v = ?, s = ? WHERE username = ?", CONNECTION_ASYNC); PrepareStatement(LOGIN_UPD_LOGONPROOF, "UPDATE account SET sessionkey = ?, last_ip = ?, last_login = NOW(), locale = ?, failed_logins = 0, os = ? WHERE username = ?", CONNECTION_ASYNC); PrepareStatement(LOGIN_SEL_LOGONCHALLENGE, "SELECT a.sha_pass_hash, a.id, a.locked, a.last_ip, aa.gmlevel, a.v, a.s FROM account a LEFT JOIN account_access aa ON (a.id = aa.id) WHERE a.username = ?", CONNECTION_SYNCH); diff --git a/src/server/shared/Database/Implementation/LoginDatabase.h b/src/server/shared/Database/Implementation/LoginDatabase.h index 6cd4ec99b79..939cc4b4790 100644 --- a/src/server/shared/Database/Implementation/LoginDatabase.h +++ b/src/server/shared/Database/Implementation/LoginDatabase.h @@ -53,7 +53,6 @@ enum LoginDatabaseStatements LOGIN_INS_ACCOUNT_AUTO_BANNED, LOGIN_DEL_ACCOUNT_BANNED, LOGIN_SEL_SESSIONKEY, - LOGIN_UPD_CLEAR_SESSIONKEY, LOGIN_UPD_VS, LOGIN_UPD_LOGONPROOF, LOGIN_SEL_LOGONCHALLENGE, -- cgit v1.2.3