From 75994b3dd3b36a36390796257fc709a73dde735d Mon Sep 17 00:00:00 2001 From: click Date: Thu, 7 Feb 2013 00:19:19 +0100 Subject: Core: Clean up whitespace, and remove a silly warning in boss_lurker_below.cpp --- src/server/shared/Logging/AppenderFile.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/server/shared') diff --git a/src/server/shared/Logging/AppenderFile.cpp b/src/server/shared/Logging/AppenderFile.cpp index e29459299f7..93d53bcc30d 100644 --- a/src/server/shared/Logging/AppenderFile.cpp +++ b/src/server/shared/Logging/AppenderFile.cpp @@ -48,7 +48,7 @@ void AppenderFile::_write(LogMessage const& message) snprintf(namebuf, TRINITY_PATH_MAX, filename.c_str(), message.param1.c_str()); logfile = OpenFile(namebuf, mode, backup || exceedMaxSize); } - else if (exceedMaxSize) + else if (exceedMaxSize) logfile = OpenFile(filename, "w", true); if (!logfile) -- cgit v1.2.3 From fb43a92cc2aaffab42efebf025b6a12c01af8fde Mon Sep 17 00:00:00 2001 From: Shauren Date: Thu, 7 Feb 2013 16:15:23 +0100 Subject: Core/Accounts: sessionkey field in account table is only a temporary storage to pass data from authserver to worldserver and should only be used as such. Clearing sessionkey from database after a successful login to prevent possible exploits. --- sql/base/auth_database.sql | 2 +- sql/updates/auth/2013_02_07_00_auth_account.sql | 3 ++ src/server/game/Accounts/AccountMgr.cpp | 8 +++++ src/server/game/Server/WorldSocket.cpp | 35 ++++++++-------------- .../Database/Implementation/LoginDatabase.cpp | 3 +- .../shared/Database/Implementation/LoginDatabase.h | 1 + 6 files changed, 28 insertions(+), 24 deletions(-) create mode 100644 sql/updates/auth/2013_02_07_00_auth_account.sql (limited to 'src/server/shared') diff --git a/sql/base/auth_database.sql b/sql/base/auth_database.sql index 9aaadcb55d5..cdff87c245a 100644 --- a/sql/base/auth_database.sql +++ b/sql/base/auth_database.sql @@ -26,7 +26,7 @@ CREATE TABLE `account` ( `id` int(10) unsigned NOT NULL AUTO_INCREMENT COMMENT 'Identifier', `username` varchar(32) NOT NULL DEFAULT '', `sha_pass_hash` varchar(40) NOT NULL DEFAULT '', - `sessionkey` varchar(80) NOT NULL DEFAULT '', + `sessionkey` varchar(80) NOT NULL DEFAULT '' COMMENT 'Temporary storage of session key used to pass data from authserver to worldserver', `v` varchar(64) NOT NULL DEFAULT '', `s` varchar(64) NOT NULL DEFAULT '', `email` varchar(254) NOT NULL DEFAULT '', diff --git a/sql/updates/auth/2013_02_07_00_auth_account.sql b/sql/updates/auth/2013_02_07_00_auth_account.sql new file mode 100644 index 00000000000..03bdf8cdcd5 --- /dev/null +++ b/sql/updates/auth/2013_02_07_00_auth_account.sql @@ -0,0 +1,3 @@ +UPDATE `account` SET `sessionkey`=''; +ALTER TABLE `account` +CHANGE `sessionkey` `sessionkey` varchar(80) NOT NULL DEFAULT '' COMMENT 'Temporary storage of session key used to pass data from authserver to worldserver' AFTER `sha_pass_hash`; diff --git a/src/server/game/Accounts/AccountMgr.cpp b/src/server/game/Accounts/AccountMgr.cpp index ce382342de8..b1d0087c32c 100644 --- a/src/server/game/Accounts/AccountMgr.cpp +++ b/src/server/game/Accounts/AccountMgr.cpp @@ -187,6 +187,14 @@ AccountOpResult AccountMgr::ChangePassword(uint32 accountId, std::string newPass LoginDatabase.Execute(stmt); + stmt = LoginDatabase.GetPreparedStatement(LOGIN_UPD_VS); + + stmt->setString(0, ""); + stmt->setString(1, ""); + stmt->setString(2, username); + + LoginDatabase.Execute(stmt); + return AOR_OK; } diff --git a/src/server/game/Server/WorldSocket.cpp b/src/server/game/Server/WorldSocket.cpp index 8b102518e84..5260b5f77a9 100644 --- a/src/server/game/Server/WorldSocket.cpp +++ b/src/server/game/Server/WorldSocket.cpp @@ -750,7 +750,6 @@ int WorldSocket::HandleAuthSession(WorldPacket& recvPacket) uint32 clientBuild; uint32 unk2, unk3, unk5, unk6, unk7; uint64 unk4; - BigNumber v, s, g, N; WorldPacket packet, SendAddonPacked; BigNumber k; @@ -779,6 +778,8 @@ int WorldSocket::HandleAuthSession(WorldPacket& recvPacket) clientSeed); // Get the account information from the realmd database + // 0 1 2 3 4 5 6 7 8 + // SELECT id, sessionkey, last_ip, locked, expansion, mutetime, locale, recruiter, os FROM account WHERE username = ? PreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_ACCOUNT_INFO_BY_NAME); stmt->setString(0, account); @@ -795,27 +796,11 @@ int WorldSocket::HandleAuthSession(WorldPacket& recvPacket) Field* fields = result->Fetch(); - uint8 expansion = fields[6].GetUInt8(); + uint8 expansion = fields[4].GetUInt8(); uint32 world_expansion = sWorld->getIntConfig(CONFIG_EXPANSION); if (expansion > world_expansion) expansion = world_expansion; - N.SetHexStr ("894B645E89E1535BBDAD5B8B290650530801B18EBFBF5E8FAB3C82872A3E9BB7"); - g.SetDword (7); - - v.SetHexStr(fields[4].GetCString()); - s.SetHexStr (fields[5].GetCString()); - - const char* sStr = s.AsHexStr(); // Must be freed by OPENSSL_free() - const char* vStr = v.AsHexStr(); // Must be freed by OPENSSL_free() - - sLog->outDebug(LOG_FILTER_NETWORKIO, "WorldSocket::HandleAuthSession: (s, v) check s: %s v: %s", - sStr, - vStr); - - OPENSSL_free((void*)sStr); - OPENSSL_free((void*)vStr); - ///- Re-check ip locking (same check as in realmd). if (fields[3].GetUInt8() == 1) // if ip is locked { @@ -831,7 +816,7 @@ int WorldSocket::HandleAuthSession(WorldPacket& recvPacket) k.SetHexStr(fields[1].GetCString()); - int64 mutetime = fields[7].GetInt64(); + int64 mutetime = fields[5].GetInt64(); //! Negative mutetime indicates amount of seconds to be muted effective on next login - which is now. if (mutetime < 0) { @@ -845,12 +830,12 @@ int WorldSocket::HandleAuthSession(WorldPacket& recvPacket) LoginDatabase.Execute(stmt); } - locale = LocaleConstant (fields[8].GetUInt8()); + locale = LocaleConstant (fields[6].GetUInt8()); if (locale >= TOTAL_LOCALES) locale = LOCALE_enUS; - uint32 recruiter = fields[9].GetUInt32(); - std::string os = fields[10].GetString(); + uint32 recruiter = fields[7].GetUInt32(); + std::string os = fields[8].GetString(); // Must be done before WorldSession is created if (sWorld->getBoolConfig(CONFIG_WARDEN_ENABLED) && os != "Win" && os != "OSX") @@ -948,6 +933,12 @@ int WorldSocket::HandleAuthSession(WorldPacket& recvPacket) // NOTE ATM the socket is single-threaded, have this in mind ... ACE_NEW_RETURN(m_Session, WorldSession(id, this, AccountTypes(security), expansion, mutetime, locale, recruiter, isRecruiter), -1); + stmt = LoginDatabase.GetPreparedStatement(LOGIN_UPD_CLEAR_SESSIONKEY); + + stmt->setUInt32(0, id); + + LoginDatabase.Execute(stmt); + m_Crypt.Init(&k); m_Session->LoadGlobalAccountData(); diff --git a/src/server/shared/Database/Implementation/LoginDatabase.cpp b/src/server/shared/Database/Implementation/LoginDatabase.cpp index bbb51cfbde6..747f3ef1dc6 100644 --- a/src/server/shared/Database/Implementation/LoginDatabase.cpp +++ b/src/server/shared/Database/Implementation/LoginDatabase.cpp @@ -35,6 +35,7 @@ void LoginDatabaseConnection::DoPrepareStatements() PrepareStatement(LOGIN_INS_ACCOUNT_AUTO_BANNED, "INSERT INTO account_banned VALUES (?, UNIX_TIMESTAMP(), UNIX_TIMESTAMP()+?, 'Trinity realmd', 'Failed login autoban', 1)", CONNECTION_ASYNC); PrepareStatement(LOGIN_DEL_ACCOUNT_BANNED, "DELETE FROM account_banned WHERE id = ?", CONNECTION_ASYNC); PrepareStatement(LOGIN_SEL_SESSIONKEY, "SELECT a.sessionkey, a.id, aa.gmlevel FROM account a LEFT JOIN account_access aa ON (a.id = aa.id) WHERE username = ?", CONNECTION_SYNCH); + PrepareStatement(LOGIN_UPD_CLEAR_SESSIONKEY, "UPDATE account SET sessionkey = '' WHERE id = ?", CONNECTION_ASYNC); PrepareStatement(LOGIN_UPD_VS, "UPDATE account SET v = ?, s = ? WHERE username = ?", CONNECTION_ASYNC); PrepareStatement(LOGIN_UPD_LOGONPROOF, "UPDATE account SET sessionkey = ?, last_ip = ?, last_login = NOW(), locale = ?, failed_logins = 0, os = ? WHERE username = ?", CONNECTION_ASYNC); PrepareStatement(LOGIN_SEL_LOGONCHALLENGE, "SELECT a.sha_pass_hash, a.id, a.locked, a.last_ip, aa.gmlevel, a.v, a.s FROM account a LEFT JOIN account_access aa ON (a.id = aa.id) WHERE a.username = ?", CONNECTION_SYNCH); @@ -42,7 +43,7 @@ void LoginDatabaseConnection::DoPrepareStatements() PrepareStatement(LOGIN_SEL_FAILEDLOGINS, "SELECT id, failed_logins FROM account WHERE username = ?", CONNECTION_SYNCH); PrepareStatement(LOGIN_SEL_ACCOUNT_ID_BY_NAME, "SELECT id FROM account WHERE username = ?", CONNECTION_SYNCH); PrepareStatement(LOGIN_SEL_ACCOUNT_LIST_BY_NAME, "SELECT id, username FROM account WHERE username = ?", CONNECTION_SYNCH); - PrepareStatement(LOGIN_SEL_ACCOUNT_INFO_BY_NAME, "SELECT id, sessionkey, last_ip, locked, v, s, expansion, mutetime, locale, recruiter, os FROM account WHERE username = ?", CONNECTION_SYNCH); + PrepareStatement(LOGIN_SEL_ACCOUNT_INFO_BY_NAME, "SELECT id, sessionkey, last_ip, locked, expansion, mutetime, locale, recruiter, os FROM account WHERE username = ?", CONNECTION_SYNCH); PrepareStatement(LOGIN_SEL_ACCOUNT_LIST_BY_EMAIL, "SELECT id, username FROM account WHERE email = ?", CONNECTION_SYNCH); PrepareStatement(LOGIN_SEL_NUM_CHARS_ON_REALM, "SELECT numchars FROM realmcharacters WHERE realmid = ? AND acctid= ?", CONNECTION_SYNCH); PrepareStatement(LOGIN_SEL_ACCOUNT_BY_IP, "SELECT id, username FROM account WHERE last_ip = ?", CONNECTION_SYNCH); diff --git a/src/server/shared/Database/Implementation/LoginDatabase.h b/src/server/shared/Database/Implementation/LoginDatabase.h index 939cc4b4790..6cd4ec99b79 100644 --- a/src/server/shared/Database/Implementation/LoginDatabase.h +++ b/src/server/shared/Database/Implementation/LoginDatabase.h @@ -53,6 +53,7 @@ enum LoginDatabaseStatements LOGIN_INS_ACCOUNT_AUTO_BANNED, LOGIN_DEL_ACCOUNT_BANNED, LOGIN_SEL_SESSIONKEY, + LOGIN_UPD_CLEAR_SESSIONKEY, LOGIN_UPD_VS, LOGIN_UPD_LOGONPROOF, LOGIN_SEL_LOGONCHALLENGE, -- cgit v1.2.3 From b6e56e42eaebbe509cb0574829afafdf31ba9d2c Mon Sep 17 00:00:00 2001 From: Shauren Date: Fri, 8 Feb 2013 01:03:56 +0100 Subject: Core/Auth: Reverted part of fb43a92cc2aaffab42efebf025b6a12c01af8fde - session key is still needed after logging in to be able to switch realms --- sql/base/auth_database.sql | 2 +- sql/updates/auth/2013_02_08_00_auth_account.sql | 1 + src/server/authserver/Server/AuthSocket.cpp | 2 +- src/server/game/Server/WorldSocket.cpp | 6 ------ src/server/shared/Database/Implementation/LoginDatabase.cpp | 1 - src/server/shared/Database/Implementation/LoginDatabase.h | 1 - 6 files changed, 3 insertions(+), 10 deletions(-) create mode 100644 sql/updates/auth/2013_02_08_00_auth_account.sql (limited to 'src/server/shared') diff --git a/sql/base/auth_database.sql b/sql/base/auth_database.sql index cdff87c245a..9aaadcb55d5 100644 --- a/sql/base/auth_database.sql +++ b/sql/base/auth_database.sql @@ -26,7 +26,7 @@ CREATE TABLE `account` ( `id` int(10) unsigned NOT NULL AUTO_INCREMENT COMMENT 'Identifier', `username` varchar(32) NOT NULL DEFAULT '', `sha_pass_hash` varchar(40) NOT NULL DEFAULT '', - `sessionkey` varchar(80) NOT NULL DEFAULT '' COMMENT 'Temporary storage of session key used to pass data from authserver to worldserver', + `sessionkey` varchar(80) NOT NULL DEFAULT '', `v` varchar(64) NOT NULL DEFAULT '', `s` varchar(64) NOT NULL DEFAULT '', `email` varchar(254) NOT NULL DEFAULT '', diff --git a/sql/updates/auth/2013_02_08_00_auth_account.sql b/sql/updates/auth/2013_02_08_00_auth_account.sql new file mode 100644 index 00000000000..49948781444 --- /dev/null +++ b/sql/updates/auth/2013_02_08_00_auth_account.sql @@ -0,0 +1 @@ +ALTER TABLE `account` CHANGE `sessionkey` `sessionkey` varchar(80) NOT NULL DEFAULT '' AFTER `sha_pass_hash`; diff --git a/src/server/authserver/Server/AuthSocket.cpp b/src/server/authserver/Server/AuthSocket.cpp index b0bce520d4f..32ddf029f1c 100644 --- a/src/server/authserver/Server/AuthSocket.cpp +++ b/src/server/authserver/Server/AuthSocket.cpp @@ -207,7 +207,7 @@ AuthSocket::AuthSocket(RealmSocket& socket) : pPatch(NULL), socket_(socket) // Close patch file descriptor before leaving AuthSocket::~AuthSocket(void) {} -// Accept the connection and set the s random value for SRP6 +// Accept the connection void AuthSocket::OnAccept(void) { sLog->outDebug(LOG_FILTER_AUTHSERVER, "'%s:%d' Accepting connection", socket().getRemoteAddress().c_str(), socket().getRemotePort()); diff --git a/src/server/game/Server/WorldSocket.cpp b/src/server/game/Server/WorldSocket.cpp index 5260b5f77a9..b2534bfbb0c 100644 --- a/src/server/game/Server/WorldSocket.cpp +++ b/src/server/game/Server/WorldSocket.cpp @@ -933,12 +933,6 @@ int WorldSocket::HandleAuthSession(WorldPacket& recvPacket) // NOTE ATM the socket is single-threaded, have this in mind ... ACE_NEW_RETURN(m_Session, WorldSession(id, this, AccountTypes(security), expansion, mutetime, locale, recruiter, isRecruiter), -1); - stmt = LoginDatabase.GetPreparedStatement(LOGIN_UPD_CLEAR_SESSIONKEY); - - stmt->setUInt32(0, id); - - LoginDatabase.Execute(stmt); - m_Crypt.Init(&k); m_Session->LoadGlobalAccountData(); diff --git a/src/server/shared/Database/Implementation/LoginDatabase.cpp b/src/server/shared/Database/Implementation/LoginDatabase.cpp index 747f3ef1dc6..a23294a038c 100644 --- a/src/server/shared/Database/Implementation/LoginDatabase.cpp +++ b/src/server/shared/Database/Implementation/LoginDatabase.cpp @@ -35,7 +35,6 @@ void LoginDatabaseConnection::DoPrepareStatements() PrepareStatement(LOGIN_INS_ACCOUNT_AUTO_BANNED, "INSERT INTO account_banned VALUES (?, UNIX_TIMESTAMP(), UNIX_TIMESTAMP()+?, 'Trinity realmd', 'Failed login autoban', 1)", CONNECTION_ASYNC); PrepareStatement(LOGIN_DEL_ACCOUNT_BANNED, "DELETE FROM account_banned WHERE id = ?", CONNECTION_ASYNC); PrepareStatement(LOGIN_SEL_SESSIONKEY, "SELECT a.sessionkey, a.id, aa.gmlevel FROM account a LEFT JOIN account_access aa ON (a.id = aa.id) WHERE username = ?", CONNECTION_SYNCH); - PrepareStatement(LOGIN_UPD_CLEAR_SESSIONKEY, "UPDATE account SET sessionkey = '' WHERE id = ?", CONNECTION_ASYNC); PrepareStatement(LOGIN_UPD_VS, "UPDATE account SET v = ?, s = ? WHERE username = ?", CONNECTION_ASYNC); PrepareStatement(LOGIN_UPD_LOGONPROOF, "UPDATE account SET sessionkey = ?, last_ip = ?, last_login = NOW(), locale = ?, failed_logins = 0, os = ? WHERE username = ?", CONNECTION_ASYNC); PrepareStatement(LOGIN_SEL_LOGONCHALLENGE, "SELECT a.sha_pass_hash, a.id, a.locked, a.last_ip, aa.gmlevel, a.v, a.s FROM account a LEFT JOIN account_access aa ON (a.id = aa.id) WHERE a.username = ?", CONNECTION_SYNCH); diff --git a/src/server/shared/Database/Implementation/LoginDatabase.h b/src/server/shared/Database/Implementation/LoginDatabase.h index 6cd4ec99b79..939cc4b4790 100644 --- a/src/server/shared/Database/Implementation/LoginDatabase.h +++ b/src/server/shared/Database/Implementation/LoginDatabase.h @@ -53,7 +53,6 @@ enum LoginDatabaseStatements LOGIN_INS_ACCOUNT_AUTO_BANNED, LOGIN_DEL_ACCOUNT_BANNED, LOGIN_SEL_SESSIONKEY, - LOGIN_UPD_CLEAR_SESSIONKEY, LOGIN_UPD_VS, LOGIN_UPD_LOGONPROOF, LOGIN_SEL_LOGONCHALLENGE, -- cgit v1.2.3 From f902362ad1fb5681305a9eaac14e1c0ec55449e9 Mon Sep 17 00:00:00 2001 From: Nay Date: Fri, 8 Feb 2013 23:06:00 +0000 Subject: Core/DBLayer: Avoid a crash when calling mysql_get_server_version if connection was not open --- src/server/shared/Database/DatabaseWorkerPool.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'src/server/shared') diff --git a/src/server/shared/Database/DatabaseWorkerPool.h b/src/server/shared/Database/DatabaseWorkerPool.h index 9f93e99ab26..fa02b1d369a 100644 --- a/src/server/shared/Database/DatabaseWorkerPool.h +++ b/src/server/shared/Database/DatabaseWorkerPool.h @@ -77,7 +77,8 @@ class DatabaseWorkerPool { T* t = new T(_queue, _connectionInfo); res &= t->Open(); - WPFatal (mysql_get_server_version(t->GetHandle()) >= MIN_MYSQL_SERVER_VERSION, "TrinityCore does not support MySQL versions below 5.1"); + if (res) // only check mysql version if connection is valid + WPFatal(mysql_get_server_version(t->GetHandle()) >= MIN_MYSQL_SERVER_VERSION, "TrinityCore does not support MySQL versions below 5.1"); _connections[IDX_ASYNC][i] = t; ++_connectionCount[IDX_ASYNC]; } -- cgit v1.2.3