#include "AuthSession.h"

Inheritance diagram for AuthSession:

Public Member Functions
	AuthSession (IoContextTcpSocket &&socket)

void	Start () override

bool	Update () final

void	SendPacket (ByteBuffer &packet)

Public Member Functions inherited from Socket< AuthSession >
	Socket (IoContextTcpSocket &&socket)

virtual	~Socket ()

boost::asio::ip::address	GetRemoteIpAddress () const

uint16	GetRemotePort () const

void	AsyncRead ()

void	AsyncReadProxyHeader ()

void	AsyncReadWithCallback (void(T::*callback)(boost::system::error_code, std::size_t))

void	QueuePacket (MessageBuffer &&buffer)

ProxyHeaderReadingState	GetProxyHeaderReadingState () const

bool	IsOpen () const

void	CloseSocket ()

void	DelayedCloseSocket ()
	Marks the socket for closing after write buffer becomes empty.

MessageBuffer &	GetReadBuffer ()

Static Public Member Functions
static std::unordered_map< uint8, AuthHandler >	InitHandlers ()

Protected Member Functions
SocketReadCallbackResult	ReadHandler () final

Protected Member Functions inherited from Socket< AuthSession >
virtual void	OnClose ()

bool	AsyncProcessQueue ()

void	SetNoDelay (bool enable)

Private Types
typedef Socket< AuthSession >	AuthSocket

Private Member Functions
bool	HandleLogonChallenge ()

bool	HandleLogonProof ()

bool	HandleReconnectChallenge ()

bool	HandleReconnectProof ()

bool	HandleRealmList ()

void	CheckIpCallback (PreparedQueryResult result)

void	LogonChallengeCallback (PreparedQueryResult result)

void	ReconnectChallengeCallback (PreparedQueryResult result)

void	RealmListCallback (PreparedQueryResult result)

bool	VerifyVersion (uint8 const *a, int32 aLength, Acore::Crypto::SHA1::Digest const &versionProof, bool isReconnect)

Private Attributes
Optional< Acore::Crypto::SRP6 >	_srp6

SessionKey	_sessionKey = {}

std::array< uint8, 16 >	_reconnectProof = {}

AuthStatus	_status

AccountInfo	_accountInfo

Optional< std::vector< uint8 > >	_totpSecret

std::string	_localizationName

std::string	_os

std::string	_ipCountry

uint16	_build

uint8	_expversion

QueryCallbackProcessor	_queryProcessor

Detailed Description

Member Typedef Documentation

◆ AuthSocket

typedef Socket<AuthSession> AuthSession::AuthSocket

private

Constructor & Destructor Documentation

◆ AuthSession()

AuthSession::AuthSession ( IoContextTcpSocket && socket )

166 :

167 Socket(std::move(socket)), _status(STATUS_CHALLENGE), _build(0), _expversion(0) { }

STATUS_CHALLENGE

@ STATUS_CHALLENGE

Definition AuthSession.h:39

AuthSession::_status

AuthStatus _status

Definition AuthSession.h:99

AuthSession::_build

uint16 _build

Definition AuthSession.h:105

AuthSession::_expversion

uint8 _expversion

Definition AuthSession.h:106

Socket

Definition Socket.h:68

Member Function Documentation

◆ CheckIpCallback()

void AuthSession::CheckIpCallback ( PreparedQueryResult result )

private

{
    if (result)
    {
        bool banned = false;
 
        for (auto const& fields : *result)
        {
            if (fields[0].Get<uint64>() != 0)
            {
                banned = true;
                break;
            }
        }
 
        if (banned)
        {
            ByteBuffer pkt;
            pkt << uint8(AUTH_LOGON_CHALLENGE);
            pkt << uint8(0x00);
            pkt << uint8(WOW_FAIL_BANNED);
            SendPacket(pkt);
            LOG_DEBUG("session", "[AuthSession::CheckIpCallback] Banned ip '{}:{}' tries to login!", GetRemoteIpAddress().to_string(), GetRemotePort());
            return;
        }
    }
 
    AsyncRead();
}

References Socket< AuthSession >::AsyncRead(), AUTH_LOGON_CHALLENGE, Socket< AuthSession >::GetRemoteIpAddress(), Socket< AuthSession >::GetRemotePort(), LOG_DEBUG, SendPacket(), and WOW_FAIL_BANNED.

Referenced by Start().

◆ HandleLogonChallenge()

bool AuthSession::HandleLogonChallenge ( )

private

{
    _status = STATUS_CLOSED;
 
    sAuthLogonChallenge_C* challenge = reinterpret_cast<sAuthLogonChallenge_C*>(GetReadBuffer().GetReadPointer());
    if (challenge->size - (sizeof(sAuthLogonChallenge_C) - AUTH_LOGON_CHALLENGE_INITIAL_SIZE - 1) != challenge->I_len)
        return false;
 
    std::string login((char const*)challenge->I, challenge->I_len);
    LOG_DEBUG("server.authserver", "[AuthChallenge] '{}'", login);
 
    _build = challenge->build;
    _expversion = uint8(AuthHelper::IsPostBCAcceptedClientBuild(_build) ? POST_BC_EXP_FLAG : (AuthHelper::IsPreBCAcceptedClientBuild(_build) ? PRE_BC_EXP_FLAG : NO_VALID_EXP_FLAG));
    std::array<char, 5> os;
    os.fill('\0');
    memcpy(os.data(), challenge->os, sizeof(challenge->os));
    _os = os.data();
 
    // Restore string order as its byte order is reversed
    std::reverse(_os.begin(), _os.end());
 
    _localizationName.resize(4);
    for (int i = 0; i < 4; ++i)
        _localizationName[i] = challenge->country[4 - i - 1];
 
    // Get the account details from the account table
    LoginDatabasePreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_LOGONCHALLENGE);
    stmt->SetData(0, GetRemoteIpAddress().to_string());
    stmt->SetData(1, login);
 
    _queryProcessor.AddCallback(LoginDatabase.AsyncQuery(stmt).WithPreparedCallback(std::bind(&AuthSession::LogonChallengeCallback, this, std::placeholders::_1)));
    return true;
}

References _build, _expversion, _localizationName, _os, _queryProcessor, _status, AsyncCallbackProcessor< T >::AddCallback(), AUTH_LOGON_CHALLENGE_INITIAL_SIZE, AUTH_LOGON_CHALLENGE_C::build, AUTH_LOGON_CHALLENGE_C::country, Socket< AuthSession >::GetReadBuffer(), MessageBuffer::GetReadPointer(), Socket< AuthSession >::GetRemoteIpAddress(), AUTH_LOGON_CHALLENGE_C::I, AUTH_LOGON_CHALLENGE_C::I_len, AuthHelper::IsPostBCAcceptedClientBuild(), AuthHelper::IsPreBCAcceptedClientBuild(), LOG_DEBUG, LOGIN_SEL_LOGONCHALLENGE, LoginDatabase, LogonChallengeCallback(), NO_VALID_EXP_FLAG, AUTH_LOGON_CHALLENGE_C::os, POST_BC_EXP_FLAG, PRE_BC_EXP_FLAG, PreparedStatementBase::SetData(), AUTH_LOGON_CHALLENGE_C::size, and STATUS_CLOSED.

Referenced by InitHandlers().

◆ HandleLogonProof()

bool AuthSession::HandleLogonProof ( )

private

{
    LOG_DEBUG("server.authserver", "Entering _HandleLogonProof");
    _status = STATUS_CLOSED;
 
    // Read the packet
    sAuthLogonProof_C* logonProof = reinterpret_cast<sAuthLogonProof_C*>(GetReadBuffer().GetReadPointer());
 
    // If the client has no valid version
    if (_expversion == NO_VALID_EXP_FLAG)
    {
        // Check if we have the appropriate patch on the disk
        LOG_DEBUG("network", "Client with invalid version, patching is not implemented");
        return false;
    }
 
    // Check if SRP6 results match (password is correct), else send an error
    if (Optional<SessionKey> K = _srp6->VerifyChallengeResponse(logonProof->A, logonProof->clientM))
    {
        _sessionKey = *K;
        // Check auth token
        bool tokenSuccess = false;
        bool sentToken = (logonProof->securityFlags & 0x04);
        if (sentToken && _totpSecret)
        {
            uint8 size = *(GetReadBuffer().GetReadPointer() + sizeof(sAuthLogonProof_C));
            std::string token(reinterpret_cast<char*>(GetReadBuffer().GetReadPointer() + sizeof(sAuthLogonProof_C) + sizeof(size)), size);
            GetReadBuffer().ReadCompleted(sizeof(size) + size);
 
            uint32 incomingToken = *Acore::StringTo<uint32>(token);
            tokenSuccess = Acore::Crypto::TOTP::ValidateToken(*_totpSecret, incomingToken);
            memset(_totpSecret->data(), 0, _totpSecret->size());
        }
        else if (!sentToken && !_totpSecret)
            tokenSuccess = true;
 
        if (!tokenSuccess)
        {
            ByteBuffer packet;
            packet << uint8(AUTH_LOGON_PROOF);
            packet << uint8(WOW_FAIL_UNKNOWN_ACCOUNT);
            packet << uint16(0);    // LoginFlags, 1 has account message
            SendPacket(packet);
            return true;
        }
 
        if (!VerifyVersion(logonProof->A.data(), logonProof->A.size(), logonProof->crc_hash, false))
        {
            ByteBuffer packet;
            packet << uint8(AUTH_LOGON_PROOF);
            packet << uint8(WOW_FAIL_VERSION_INVALID);
            SendPacket(packet);
            return true;
        }
 
        LOG_DEBUG("server.authserver", "'{}:{}' User '{}' successfully authenticated", GetRemoteIpAddress().to_string(), GetRemotePort(), _accountInfo.Login);
 
        // Update the sessionkey, last_ip, last login time and reset number of failed logins in the account table for this account
        // No SQL injection (escaped user name) and IP address as received by socket
 
        std::string address = sConfigMgr->GetOption<bool>("AllowLoggingIPAddressesInDatabase", true, true) ? GetRemoteIpAddress().to_string() : "0.0.0.0";
        LoginDatabasePreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_UPD_LOGONPROOF);
        stmt->SetData(0, _sessionKey);
        stmt->SetData(1, address);
        stmt->SetData(2, GetLocaleByName(_localizationName));
        stmt->SetData(3, _os);
        stmt->SetData(4, _accountInfo.Login);
        _queryProcessor.AddCallback(LoginDatabase.AsyncQuery(stmt)
            .WithPreparedCallback([this, M2 = Acore::Crypto::SRP6::GetSessionVerifier(logonProof->A, logonProof->clientM, _sessionKey)](PreparedQueryResult const&)
        {
            // Finish SRP6 and send the final result to the client
            ByteBuffer packet;
            if (_expversion & POST_BC_EXP_FLAG)                 // 2.x and 3.x clients
            {
                sAuthLogonProof_S proof;
                proof.M2 = M2;
                proof.cmd = AUTH_LOGON_PROOF;
                proof.error = 0;
                proof.AccountFlags = _accountInfo.Flags;
                proof.SurveyId = 0;
                proof.LoginFlags = 0;               // 0x1 = has account message
 
                packet.resize(sizeof(proof));
                std::memcpy(packet.contents(), &proof, sizeof(proof));
            }
            else
            {
                sAuthLogonProof_S_Old proof;
                proof.M2 = M2;
                proof.cmd = AUTH_LOGON_PROOF;
                proof.error = 0;
                proof.unk2 = 0x00;
 
                packet.resize(sizeof(proof));
                std::memcpy(packet.contents(), &proof, sizeof(proof));
            }
 
            SendPacket(packet);
            _status = STATUS_AUTHED;
        }));
    }
    else
    {
        ByteBuffer packet;
        packet << uint8(AUTH_LOGON_PROOF);
        packet << uint8(WOW_FAIL_UNKNOWN_ACCOUNT);
        packet << uint16(0);    // LoginFlags, 1 has account message
        SendPacket(packet);
 
        LOG_INFO("server.authserver.hack", "'{}:{}' [AuthChallenge] account {} tried to login with invalid password!",
            GetRemoteIpAddress().to_string(), GetRemotePort(), _accountInfo.Login);
 
        uint32 MaxWrongPassCount = sConfigMgr->GetOption<int32>("WrongPass.MaxCount", 0);
 
        // We can not include the failed account login hook. However, this is a workaround to still log this.
        if (sConfigMgr->GetOption<bool>("WrongPass.Logging", false))
        {
            LoginDatabasePreparedStatement* logstmt = LoginDatabase.GetPreparedStatement(LOGIN_INS_FALP_IP_LOGGING);
            logstmt->SetData(0, _accountInfo.Id);
            logstmt->SetData(1, GetRemoteIpAddress().to_string());
            logstmt->SetData(2, "Login to WoW Failed - Incorrect Password");
 
            LoginDatabase.Execute(logstmt);
        }
 
        if (MaxWrongPassCount > 0)
        {
            //Increment number of failed logins by one and if it reaches the limit temporarily ban that account or IP
            LoginDatabasePreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_UPD_FAILEDLOGINS);
            stmt->SetData(0, _accountInfo.Login);
            LoginDatabase.Execute(stmt);
 
            if (++_accountInfo.FailedLogins >= MaxWrongPassCount)
            {
                uint32 WrongPassBanTime = sConfigMgr->GetOption<int32>("WrongPass.BanTime", 600);
                bool WrongPassBanType = sConfigMgr->GetOption<bool>("WrongPass.BanType", false);
 
                if (WrongPassBanType)
                {
                    stmt = LoginDatabase.GetPreparedStatement(LOGIN_INS_ACCOUNT_AUTO_BANNED);
                    stmt->SetData(0, _accountInfo.Id);
                    stmt->SetData(1, WrongPassBanTime);
                    LoginDatabase.Execute(stmt);
 
                    LOG_DEBUG("server.authserver", "'{}:{}' [AuthChallenge] account {} got banned for '{}' seconds because it failed to authenticate '{}' times",
                        GetRemoteIpAddress().to_string(), GetRemotePort(), _accountInfo.Login, WrongPassBanTime, _accountInfo.FailedLogins);
                }
                else
                {
                    stmt = LoginDatabase.GetPreparedStatement(LOGIN_INS_IP_AUTO_BANNED);
                    stmt->SetData(0, GetRemoteIpAddress().to_string());
                    stmt->SetData(1, WrongPassBanTime);
                    LoginDatabase.Execute(stmt);
 
                    LOG_DEBUG("server.authserver", "'{}:{}' [AuthChallenge] IP got banned for '{}' seconds because account {} failed to authenticate '{}' times",
                        GetRemoteIpAddress().to_string(), GetRemotePort(), WrongPassBanTime, _accountInfo.Login, _accountInfo.FailedLogins);
                }
            }
        }
    }
 
    return true;
}

References _accountInfo, _expversion, _localizationName, _os, _queryProcessor, _sessionKey, _srp6, _status, _totpSecret, AUTH_LOGON_PROOF_C::A, AsyncCallbackProcessor< T >::AddCallback(), AUTH_LOGON_PROOF, AUTH_LOGON_PROOF_C::clientM, AUTH_LOGON_PROOF_C::crc_hash, GetLocaleByName(), Socket< AuthSession >::GetReadBuffer(), MessageBuffer::GetReadPointer(), Socket< AuthSession >::GetRemoteIpAddress(), Socket< AuthSession >::GetRemotePort(), Acore::Crypto::SRP6::GetSessionVerifier(), LOG_DEBUG, AccountInfo::Login, LOGIN_UPD_LOGONPROOF, LoginDatabase, NO_VALID_EXP_FLAG, MessageBuffer::ReadCompleted(), sConfigMgr, AUTH_LOGON_PROOF_C::securityFlags, SendPacket(), PreparedStatementBase::SetData(), STATUS_AUTHED, STATUS_CLOSED, Acore::Crypto::TOTP::ValidateToken(), VerifyVersion(), WOW_FAIL_UNKNOWN_ACCOUNT, and WOW_FAIL_VERSION_INVALID.

Referenced by InitHandlers().

◆ HandleRealmList()

bool AuthSession::HandleRealmList ( )

private

{
    LOG_DEBUG("server.authserver", "Entering _HandleRealmList");
 
    LoginDatabasePreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_REALM_CHARACTER_COUNTS);
    stmt->SetData(0, _accountInfo.Id);
 
    _queryProcessor.AddCallback(LoginDatabase.AsyncQuery(stmt).WithPreparedCallback(std::bind(&AuthSession::RealmListCallback, this, std::placeholders::_1)));
    _status = STATUS_WAITING_FOR_REALM_LIST;
    return true;
}

References _accountInfo, _queryProcessor, _status, AsyncCallbackProcessor< T >::AddCallback(), AccountInfo::Id, LOG_DEBUG, LOGIN_SEL_REALM_CHARACTER_COUNTS, LoginDatabase, RealmListCallback(), PreparedStatementBase::SetData(), and STATUS_WAITING_FOR_REALM_LIST.

Referenced by InitHandlers().

◆ HandleReconnectChallenge()

bool AuthSession::HandleReconnectChallenge ( )

private

{
    _status = STATUS_CLOSED;
 
    sAuthLogonChallenge_C* challenge = reinterpret_cast<sAuthLogonChallenge_C*>(GetReadBuffer().GetReadPointer());
    if (challenge->size - (sizeof(sAuthLogonChallenge_C) - AUTH_LOGON_CHALLENGE_INITIAL_SIZE - 1) != challenge->I_len)
        return false;
 
    std::string login((char const*)challenge->I, challenge->I_len);
    LOG_DEBUG("server.authserver", "[ReconnectChallenge] '{}'", login);
 
    _build = challenge->build;
    _expversion = uint8(AuthHelper::IsPostBCAcceptedClientBuild(_build) ? POST_BC_EXP_FLAG : (AuthHelper::IsPreBCAcceptedClientBuild(_build) ? PRE_BC_EXP_FLAG : NO_VALID_EXP_FLAG));
 
    std::array<char, 5> os;
    os.fill('\0');
    memcpy(os.data(), challenge->os, sizeof(challenge->os));
    _os = os.data();
 
    // Restore string order as its byte order is reversed
    std::reverse(_os.begin(), _os.end());
 
    _localizationName.resize(4);
    for (int i = 0; i < 4; ++i)
        _localizationName[i] = challenge->country[4 - i - 1];
 
    // Get the account details from the account table
    LoginDatabasePreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_RECONNECTCHALLENGE);
    stmt->SetData(0, GetRemoteIpAddress().to_string());
    stmt->SetData(1, login);
 
    _queryProcessor.AddCallback(LoginDatabase.AsyncQuery(stmt).WithPreparedCallback(std::bind(&AuthSession::ReconnectChallengeCallback, this, std::placeholders::_1)));
    return true;
}

References _build, _expversion, _localizationName, _os, _queryProcessor, _status, AsyncCallbackProcessor< T >::AddCallback(), AUTH_LOGON_CHALLENGE_INITIAL_SIZE, AUTH_LOGON_CHALLENGE_C::build, AUTH_LOGON_CHALLENGE_C::country, Socket< AuthSession >::GetReadBuffer(), MessageBuffer::GetReadPointer(), Socket< AuthSession >::GetRemoteIpAddress(), AUTH_LOGON_CHALLENGE_C::I, AUTH_LOGON_CHALLENGE_C::I_len, AuthHelper::IsPostBCAcceptedClientBuild(), AuthHelper::IsPreBCAcceptedClientBuild(), LOG_DEBUG, LOGIN_SEL_RECONNECTCHALLENGE, LoginDatabase, NO_VALID_EXP_FLAG, AUTH_LOGON_CHALLENGE_C::os, POST_BC_EXP_FLAG, PRE_BC_EXP_FLAG, ReconnectChallengeCallback(), PreparedStatementBase::SetData(), AUTH_LOGON_CHALLENGE_C::size, and STATUS_CLOSED.

Referenced by InitHandlers().

◆ HandleReconnectProof()

bool AuthSession::HandleReconnectProof ( )

private

{
    LOG_DEBUG("server.authserver", "Entering _HandleReconnectProof");
    _status = STATUS_CLOSED;
 
    sAuthReconnectProof_C* reconnectProof = reinterpret_cast<sAuthReconnectProof_C*>(GetReadBuffer().GetReadPointer());
 
    if (_accountInfo.Login.empty())
        return false;
 
    Acore::Crypto::SHA1 sha;
    sha.UpdateData(_accountInfo.Login);
    sha.UpdateData(reconnectProof->R1, 16);
    sha.UpdateData(_reconnectProof);
    sha.UpdateData(_sessionKey);
    sha.Finalize();
 
    if (sha.GetDigest() == reconnectProof->R2)
    {
        if (!VerifyVersion(reconnectProof->R1, sizeof(reconnectProof->R1), reconnectProof->R3, true))
        {
            ByteBuffer packet;
            packet << uint8(AUTH_RECONNECT_PROOF);
            packet << uint8(WOW_FAIL_VERSION_INVALID);
            SendPacket(packet);
            return true;
        }
 
        // Sending response
        ByteBuffer pkt;
        pkt << uint8(AUTH_RECONNECT_PROOF);
        pkt << uint8(WOW_SUCCESS);
        pkt << uint16(0);    // LoginFlags, 1 has account message
        SendPacket(pkt);
        _status = STATUS_AUTHED;
        return true;
    }
    else
    {
        LOG_ERROR("server.authserver.hack", "'{}:{}' [ERROR] user {} tried to login, but session is invalid.", GetRemoteIpAddress().to_string(),
            GetRemotePort(), _accountInfo.Login);
        return false;
    }
}

References _accountInfo, _reconnectProof, _sessionKey, _status, AUTH_RECONNECT_PROOF, Acore::Impl::GenericHash< HashCreator, DigestLength >::Finalize(), Acore::Impl::GenericHash< HashCreator, DigestLength >::GetDigest(), Socket< AuthSession >::GetReadBuffer(), MessageBuffer::GetReadPointer(), Socket< AuthSession >::GetRemoteIpAddress(), Socket< AuthSession >::GetRemotePort(), LOG_DEBUG, LOG_ERROR, AccountInfo::Login, AUTH_RECONNECT_PROOF_C::R1, AUTH_RECONNECT_PROOF_C::R2, AUTH_RECONNECT_PROOF_C::R3, SendPacket(), STATUS_AUTHED, STATUS_CLOSED, Acore::Impl::GenericHash< HashCreator, DigestLength >::UpdateData(), VerifyVersion(), WOW_FAIL_VERSION_INVALID, and WOW_SUCCESS.

Referenced by InitHandlers().

◆ InitHandlers()

std::unordered_map< uint8, AuthHandler > AuthSession::InitHandlers ( )

static

{
    std::unordered_map<uint8, AuthHandler> handlers;
 
    handlers[AUTH_LOGON_CHALLENGE] =        { STATUS_CHALLENGE,         AUTH_LOGON_CHALLENGE_INITIAL_SIZE, &AuthSession::HandleLogonChallenge };
    handlers[AUTH_LOGON_PROOF] =            { STATUS_LOGON_PROOF,       sizeof(AUTH_LOGON_PROOF_C),        &AuthSession::HandleLogonProof };
    handlers[AUTH_RECONNECT_CHALLENGE] =    { STATUS_CHALLENGE,         AUTH_LOGON_CHALLENGE_INITIAL_SIZE, &AuthSession::HandleReconnectChallenge };
    handlers[AUTH_RECONNECT_PROOF] =        { STATUS_RECONNECT_PROOF,   sizeof(AUTH_RECONNECT_PROOF_C),    &AuthSession::HandleReconnectProof };
    handlers[REALM_LIST] =                  { STATUS_AUTHED,            REALM_LIST_PACKET_SIZE,            &AuthSession::HandleRealmList };
 
    return handlers;
}

References AUTH_LOGON_CHALLENGE, AUTH_LOGON_CHALLENGE_INITIAL_SIZE, AUTH_LOGON_PROOF, AUTH_RECONNECT_CHALLENGE, AUTH_RECONNECT_PROOF, HandleLogonChallenge(), HandleLogonProof(), HandleRealmList(), HandleReconnectChallenge(), HandleReconnectProof(), REALM_LIST, REALM_LIST_PACKET_SIZE, STATUS_AUTHED, STATUS_CHALLENGE, STATUS_LOGON_PROOF, and STATUS_RECONNECT_PROOF.

◆ LogonChallengeCallback()

void AuthSession::LogonChallengeCallback ( PreparedQueryResult result )

private

{
    ByteBuffer pkt;
    pkt << uint8(AUTH_LOGON_CHALLENGE);
    pkt << uint8(0x00);
 
    if (!result)
    {
        pkt << uint8(WOW_FAIL_UNKNOWN_ACCOUNT);
        SendPacket(pkt);
        return;
    }
 
    Field* fields = result->Fetch();
 
    _accountInfo.LoadResult(fields);
 
    std::string ipAddress = GetRemoteIpAddress().to_string();
    uint16 port = GetRemotePort();
 
    // If the IP is 'locked', check that the player comes indeed from the correct IP address
    if (_accountInfo.IsLockedToIP)
    {
        LOG_DEBUG("server.authserver", "[AuthChallenge] Account '{}' is locked to IP - '{}' is logging in from '{}'", _accountInfo.Login, _accountInfo.LastIP, ipAddress);
        if (_accountInfo.LastIP != ipAddress)
        {
            pkt << uint8(WOW_FAIL_LOCKED_ENFORCED);
            SendPacket(pkt);
            return;
        }
    }
    else
    {
        if (IpLocationRecord const* location = sIPLocation->GetLocationRecord(ipAddress))
            _ipCountry = location->CountryCode;
 
        LOG_DEBUG("server.authserver", "[AuthChallenge] Account '{}' is not locked to ip", _accountInfo.Login);
        if (_accountInfo.LockCountry.empty() || _accountInfo.LockCountry == "00")
            LOG_DEBUG("server.authserver", "[AuthChallenge] Account '{}' is not locked to country", _accountInfo.Login);
        else if (!_ipCountry.empty())
        {
            LOG_DEBUG("server.authserver", "[AuthChallenge] Account '{}' is locked to country: '{}' Player country is '{}'", _accountInfo.Login, _accountInfo.LockCountry, _ipCountry);
            if (_ipCountry != _accountInfo.LockCountry)
            {
                pkt << uint8(WOW_FAIL_UNLOCKABLE_LOCK);
                SendPacket(pkt);
                return;
            }
        }
    }
 
    // If the account is banned, reject the logon attempt
    if (_accountInfo.IsBanned)
    {
        if (_accountInfo.IsPermanentlyBanned)
        {
            pkt << uint8(WOW_FAIL_BANNED);
            SendPacket(pkt);
            LOG_INFO("server.authserver.banned", "'{}:{}' [AuthChallenge] Banned account {} tried to login!", ipAddress, port, _accountInfo.Login);
            return;
        }
        else
        {
            pkt << uint8(WOW_FAIL_SUSPENDED);
            SendPacket(pkt);
            LOG_INFO("server.authserver.banned", "'{}:{}' [AuthChallenge] Temporarily banned account {} tried to login!", ipAddress, port, _accountInfo.Login);
            return;
        }
    }
 
    uint8 securityFlags = 0;
 
    // Check if a TOTP token is needed
    if (!fields[12].IsNull())
    {
        securityFlags = 4;
        _totpSecret = fields[12].Get<Binary>();
 
        if (auto const& secret = sSecretMgr->GetSecret(SECRET_TOTP_MASTER_KEY))
        {
            bool success = Acore::Crypto::AEDecrypt<Acore::Crypto::AES>(*_totpSecret, *secret);
            if (!success)
            {
                pkt << uint8(WOW_FAIL_DB_BUSY);
                LOG_ERROR("server.authserver", "[AuthChallenge] Account '{}' has invalid ciphertext for TOTP token key stored", _accountInfo.Login);
                SendPacket(pkt);
                return;
            }
        }
    }
 
    _srp6.emplace(_accountInfo.Login,
        fields[13].Get<Binary, Acore::Crypto::SRP6::SALT_LENGTH>(),
        fields[14].Get<Binary, Acore::Crypto::SRP6::VERIFIER_LENGTH>());
 
    // Fill the response packet with the result
    if (AuthHelper::IsAcceptedClientBuild(_build))
    {
        pkt << uint8(WOW_SUCCESS);
 
        pkt.append(_srp6->B);
        pkt << uint8(1);
        pkt.append(_srp6->g);
        pkt << uint8(32);
        pkt.append(_srp6->N);
        pkt.append(_srp6->s);
        pkt.append(VersionChallenge.data(), VersionChallenge.size());
        pkt << uint8(securityFlags);            // security flags (0x0...0x04)
 
        if (securityFlags & 0x01)               // PIN input
        {
            pkt << uint32(0);
            pkt << uint64(0) << uint64(0);      // 16 bytes hash?
        }
 
        if (securityFlags & 0x02)               // Matrix input
        {
            pkt << uint8(0);
            pkt << uint8(0);
            pkt << uint8(0);
            pkt << uint8(0);
            pkt << uint64(0);
        }
 
        if (securityFlags & 0x04)               // Security token input
            pkt << uint8(1);
 
        LOG_DEBUG("server.authserver", "'{}:{}' [AuthChallenge] account {} is using '{}' locale ({})",
            ipAddress, port, _accountInfo.Login, _localizationName, GetLocaleByName(_localizationName));
 
        _status = STATUS_LOGON_PROOF;
    }
    else
        pkt << uint8(WOW_FAIL_VERSION_INVALID);
 
    SendPacket(pkt);
}

References _accountInfo, _build, _ipCountry, _localizationName, _srp6, _status, _totpSecret, ByteBuffer::append(), AUTH_LOGON_CHALLENGE, Field::Get(), GetLocaleByName(), Socket< AuthSession >::GetRemoteIpAddress(), Socket< AuthSession >::GetRemotePort(), AuthHelper::IsAcceptedClientBuild(), AccountInfo::IsBanned, AccountInfo::IsLockedToIP, AccountInfo::IsPermanentlyBanned, AccountInfo::LastIP, AccountInfo::LoadResult(), AccountInfo::LockCountry, LOG_DEBUG, LOG_ERROR, LOG_INFO, AccountInfo::Login, Acore::Crypto::SRP6::SALT_LENGTH, SECRET_TOTP_MASTER_KEY, SendPacket(), sIPLocation, sSecretMgr, STATUS_LOGON_PROOF, Acore::Crypto::SRP6::VERIFIER_LENGTH, VersionChallenge, WOW_FAIL_BANNED, WOW_FAIL_DB_BUSY, WOW_FAIL_LOCKED_ENFORCED, WOW_FAIL_SUSPENDED, WOW_FAIL_UNKNOWN_ACCOUNT, WOW_FAIL_UNLOCKABLE_LOCK, WOW_FAIL_VERSION_INVALID, and WOW_SUCCESS.

Referenced by HandleLogonChallenge().

◆ ReadHandler()

SocketReadCallbackResult AuthSession::ReadHandler ( )

finalprotectedvirtual

Implements Socket< AuthSession >.

{
    MessageBuffer& packet = GetReadBuffer();
 
    while (packet.GetActiveSize())
    {
        uint8 cmd = packet.GetReadPointer()[0];
        auto itr = Handlers.find(cmd);
        if (itr == Handlers.end())
        {
            // well we dont handle this, lets just ignore it
            packet.Reset();
            break;
        }
 
        if (_status != itr->second.status)
        {
            CloseSocket();
            return SocketReadCallbackResult::Stop;
        }
 
        uint16 size = uint16(itr->second.packetSize);
        if (packet.GetActiveSize() < size)
            break;
 
        if (cmd == AUTH_LOGON_CHALLENGE || cmd == AUTH_RECONNECT_CHALLENGE)
        {
            sAuthLogonChallenge_C* challenge = reinterpret_cast<sAuthLogonChallenge_C*>(packet.GetReadPointer());
            size += challenge->size;
            if (size > MAX_ACCEPTED_CHALLENGE_SIZE)
            {
                CloseSocket();
                return SocketReadCallbackResult::Stop;
            }
        }
 
        if (packet.GetActiveSize() < size)
            break;
 
        if (!(*this.*itr->second.handler)())
        {
            CloseSocket();
            return SocketReadCallbackResult::Stop;
        }
 
        packet.ReadCompleted(size);
    }
 
    return SocketReadCallbackResult::KeepReading;
}

References _status, AUTH_LOGON_CHALLENGE, AUTH_RECONNECT_CHALLENGE, Socket< AuthSession >::CloseSocket(), MessageBuffer::GetActiveSize(), Socket< AuthSession >::GetReadBuffer(), MessageBuffer::GetReadPointer(), Handlers, KeepReading, MAX_ACCEPTED_CHALLENGE_SIZE, MessageBuffer::ReadCompleted(), MessageBuffer::Reset(), AUTH_LOGON_CHALLENGE_C::size, and Stop.

◆ RealmListCallback()

void AuthSession::RealmListCallback ( PreparedQueryResult result )

private

{
    std::map<uint32, uint8> characterCounts;
    if (result)
    {
        do
        {
            Field* fields = result->Fetch();
            characterCounts[fields[0].Get<uint32>()] = fields[1].Get<uint8>();
        } while (result->NextRow());
    }
 
    // Circle through realms in the RealmList and construct the return packet (including # of user characters in each realm)
    ByteBuffer pkt;
 
    std::size_t RealmListSize = 0;
    for (auto const& [realmHandle, realm] : sRealmList->GetRealms())
    {
        // don't work with realms which not compatible with the client
        bool okBuild = ((_expversion & POST_BC_EXP_FLAG) && realm.Build == _build) || ((_expversion & PRE_BC_EXP_FLAG) && !AuthHelper::IsPreBCAcceptedClientBuild(realm.Build));
 
        // No SQL injection. id of realm is controlled by the database.
        uint32 flag = realm.Flags;
        RealmBuildInfo const* buildInfo = sRealmList->GetBuildInfo(realm.Build);
        if (!okBuild)
        {
            if (!buildInfo)
                continue;
 
            flag |= REALM_FLAG_OFFLINE | REALM_FLAG_SPECIFYBUILD;   // tell the client what build the realm is for
        }
 
        if (!buildInfo)
            flag &= ~REALM_FLAG_SPECIFYBUILD;
 
        std::string name = realm.Name;
        if (_expversion & PRE_BC_EXP_FLAG && flag & REALM_FLAG_SPECIFYBUILD)
        {
            std::ostringstream ss;
            ss << name << " (" << buildInfo->MajorVersion << '.' << buildInfo->MinorVersion << '.' << buildInfo->BugfixVersion << ')';
            name = ss.str();
        }
 
        uint8 lock = (realm.AllowedSecurityLevel > _accountInfo.SecurityLevel) ? 1 : 0;
 
        pkt << uint8(realm.Type);                           // realm type
        if (_expversion & POST_BC_EXP_FLAG)                 // only 2.x and 3.x clients
            pkt << uint8(lock);                             // if 1, then realm locked
 
        pkt << uint8(flag);                                 // RealmFlags
        pkt << name;
        pkt << boost::lexical_cast<std::string>(realm.GetAddressForClient(GetRemoteIpAddress()));
        pkt << float(realm.PopulationLevel);
        pkt << uint8(characterCounts[realm.Id.Realm]);
        pkt << uint8(realm.Timezone);                       // realm category
 
        if (_expversion & POST_BC_EXP_FLAG)                 // 2.x and 3.x clients
            pkt << uint8(realm.Id.Realm);
        else
            pkt << uint8(0x0);                              // 1.12.1 and 1.12.2 clients
 
        if (_expversion & POST_BC_EXP_FLAG && flag & REALM_FLAG_SPECIFYBUILD)
        {
            pkt << uint8(buildInfo->MajorVersion);
            pkt << uint8(buildInfo->MinorVersion);
            pkt << uint8(buildInfo->BugfixVersion);
            pkt << uint16(buildInfo->Build);
        }
 
        ++RealmListSize;
    }
 
    if (_expversion & POST_BC_EXP_FLAG)                     // 2.x and 3.x clients
    {
        pkt << uint8(0x10);
        pkt << uint8(0x00);
    }
    else                                                    // 1.12.1 and 1.12.2 clients
    {
        pkt << uint8(0x00);
        pkt << uint8(0x02);
    }
 
    // make a ByteBuffer which stores the RealmList's size
    ByteBuffer RealmListSizeBuffer;
    RealmListSizeBuffer << uint32(0);
 
    if (_expversion & POST_BC_EXP_FLAG)                     // only 2.x and 3.x clients
        RealmListSizeBuffer << uint16(RealmListSize);
    else
        RealmListSizeBuffer << uint32(RealmListSize);
 
    ByteBuffer hdr;
    hdr << uint8(REALM_LIST);
    hdr << uint16(pkt.size() + RealmListSizeBuffer.size());
    hdr.append(RealmListSizeBuffer);                        // append RealmList's size buffer
    hdr.append(pkt);                                        // append realms in the realmlist
    SendPacket(hdr);
 
    _status = STATUS_AUTHED;
}

References _accountInfo, _build, _expversion, _status, Realm::AllowedSecurityLevel, ByteBuffer::append(), RealmBuildInfo::BugfixVersion, Realm::Build, RealmBuildInfo::Build, Realm::Flags, Field::Get(), Realm::GetAddressForClient(), Socket< AuthSession >::GetRemoteIpAddress(), Realm::Id, AuthHelper::IsPreBCAcceptedClientBuild(), RealmBuildInfo::MajorVersion, RealmBuildInfo::MinorVersion, Realm::Name, Realm::PopulationLevel, POST_BC_EXP_FLAG, PRE_BC_EXP_FLAG, realm, RealmHandle::Realm, REALM_FLAG_OFFLINE, REALM_FLAG_SPECIFYBUILD, REALM_LIST, AccountInfo::SecurityLevel, SendPacket(), ByteBuffer::size(), sRealmList, STATUS_AUTHED, Realm::Timezone, and Realm::Type.

Referenced by HandleRealmList().

◆ ReconnectChallengeCallback()

void AuthSession::ReconnectChallengeCallback ( PreparedQueryResult result )

private

{
    ByteBuffer pkt;
    pkt << uint8(AUTH_RECONNECT_CHALLENGE);
 
    if (!result)
    {
        pkt << uint8(WOW_FAIL_UNKNOWN_ACCOUNT);
        SendPacket(pkt);
        return;
    }
 
    Field* fields = result->Fetch();
 
    _accountInfo.LoadResult(fields);
    _sessionKey = fields[12].Get<Binary, SESSION_KEY_LENGTH>();
    Acore::Crypto::GetRandomBytes(_reconnectProof);
    _status = STATUS_RECONNECT_PROOF;
 
    pkt << uint8(WOW_SUCCESS);
    pkt.append(_reconnectProof);
    pkt.append(VersionChallenge.data(), VersionChallenge.size());
 
    SendPacket(pkt);
}

References _accountInfo, _reconnectProof, _sessionKey, _status, ByteBuffer::append(), AUTH_RECONNECT_CHALLENGE, Field::Get(), Acore::Crypto::GetRandomBytes(), AccountInfo::LoadResult(), SendPacket(), SESSION_KEY_LENGTH, STATUS_RECONNECT_PROOF, VersionChallenge, WOW_FAIL_UNKNOWN_ACCOUNT, and WOW_SUCCESS.

Referenced by HandleReconnectChallenge().

◆ SendPacket()

void AuthSession::SendPacket ( ByteBuffer & packet )

{
    if (!IsOpen())
        return;
 
    if (!packet.empty())
    {
        MessageBuffer buffer(packet.size());
        buffer.Write(packet.contents(), packet.size());
        QueuePacket(std::move(buffer));
    }
}

References ByteBuffer::contents(), ByteBuffer::empty(), Socket< AuthSession >::IsOpen(), Socket< AuthSession >::QueuePacket(), ByteBuffer::size(), and MessageBuffer::Write().

Referenced by CheckIpCallback(), HandleLogonProof(), HandleReconnectProof(), LogonChallengeCallback(), RealmListCallback(), and ReconnectChallengeCallback().

◆ Start()

void AuthSession::Start ( )

overridevirtual

Implements Socket< AuthSession >.

{
    std::string ip_address = GetRemoteIpAddress().to_string();
    LOG_TRACE("session", "Accepted connection from {}", ip_address);
 
    LoginDatabasePreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_IP_INFO);
    stmt->SetData(0, ip_address);
 
    _queryProcessor.AddCallback(LoginDatabase.AsyncQuery(stmt).WithPreparedCallback(std::bind(&AuthSession::CheckIpCallback, this, std::placeholders::_1)));
}

References _queryProcessor, AsyncCallbackProcessor< T >::AddCallback(), CheckIpCallback(), Socket< AuthSession >::GetRemoteIpAddress(), LOG_TRACE, LOGIN_SEL_IP_INFO, LoginDatabase, and PreparedStatementBase::SetData().

◆ Update()

bool AuthSession::Update ( )

finalvirtual

Reimplemented from Socket< AuthSession >.

{
    if (!AuthSocket::Update())
        return false;
 
    _queryProcessor.ProcessReadyCallbacks();
 
    return true;
}

References _queryProcessor, AsyncCallbackProcessor< T >::ProcessReadyCallbacks(), and Socket< AuthSession >::Update().

◆ VerifyVersion()

bool AuthSession::VerifyVersion	(	uint8 const *	a,
		int32	aLength,
		Acore::Crypto::SHA1::Digest const &	versionProof,
		bool	isReconnect
	)

private

{
    if (!sConfigMgr->GetOption<bool>("StrictVersionCheck", false))
        return true;
 
    Acore::Crypto::SHA1::Digest zeros{};
    Acore::Crypto::SHA1::Digest const* versionHash{ nullptr };
 
    if (!isReconnect)
    {
        RealmBuildInfo const* buildInfo = sRealmList->GetBuildInfo(_build);
        if (!buildInfo)
            return false;
 
        if (_os == "Win")
            versionHash = &buildInfo->WindowsHash;
        else if (_os == "OSX")
            versionHash = &buildInfo->MacHash;
 
        if (!versionHash)
            return false;
 
        if (zeros == *versionHash)
            return true;                                                            // not filled serverside
    }
    else
        versionHash = &zeros;
 
    Acore::Crypto::SHA1 version;
    version.UpdateData(a, aLength);
    version.UpdateData(*versionHash);
    version.Finalize();
 
    return (versionProof == version.GetDigest());
}