Misc fixes

This commit is contained in:
hondacrx
2022-09-05 16:32:07 -04:00
parent efc40de753
commit 313257e852
3 changed files with 187 additions and 4 deletions
+5
View File
@@ -22,10 +22,15 @@ BattlenetPort = 1119
# LoginREST.LocalAddress
# Description: IP address sent to clients connecting from inside the network where bnetserver runs
#
# LoginREST.TicketDuration
# Description: Determines how long the login ticket is valid (in seconds)
# When using client -launcherlogin feature it is recommended to set it to a high value (like a week)
#
LoginREST.Port = 8081
LoginREST.ExternalAddress=127.0.0.1
LoginREST.LocalAddress=127.0.0.1
LoginREST.TicketDuration=3600
#
# BindIP
+4 -4
View File
@@ -253,10 +253,10 @@ namespace Framework.Constants
CommandGmList = 375,
CommandGmVisible = 376,
CommandGo = 377,
// = 378, // DEPRECATED: DON'T REUSE
// = 379, // DEPRECATED: DON'T REUSE
// = 380, // DEPRECATED: DON'T REUSE
// = 381, // DEPRECATED: DON'T REUSE
CommandAccount2Fa = 378,
CommandAccount2FaSetup = 379,
CommandAccount2FaRemove = 380,
CommandAccountSet2Fa = 381,
// = 382, // DEPRECATED: DON'T REUSE
// = 383, // DEPRECATED: DON'T REUSE
// = 384, // DEPRECATED: DON'T REUSE
@@ -68,6 +68,130 @@ namespace Game.Chat
return true;
}
[Command("2fa remove", CypherStrings.CommandAcc2faRemoveHelp, RBACPermissions.CommandAccount2FaRemove)]
static bool HandleAccount2FARemoveCommand(CommandHandler handler, uint? token)
{
/*var masterKey = Global.SecretMgr.GetSecret(Secrets.TOTPMasterKey);
if (!masterKey.IsAvailable())
{
handler.SendSysMessage(CypherStrings.TwoFACommandsNotSetup);
return false;
}
uint accountId = handler.GetSession().GetAccountId();
byte[] secret;
{ // get current TOTP secret
PreparedStatement stmt = DB.Login.GetPreparedStatement(LoginStatements.SEL_ACCOUNT_TOTP_SECRET);
stmt.AddValue(0, accountId);
SQLResult result = DB.Login.Query(stmt);
if (result.IsEmpty())
{
Log.outError(LogFilter.Misc, $"Account {accountId} not found in login database when processing .account 2fa setup command.");
handler.SendSysMessage(CypherStrings.UnknownError);
return false;
}
if (result.IsNull(0))
{ // 2FA not enabled
handler.SendSysMessage(CypherStrings.TwoFANotSetup);
return false;
}
secret = result.Read<byte[]>(0);
}
if (token.HasValue)
{
if (masterKey.IsValid())
{
bool success = AES.Decrypt(secret, masterKey.GetValue());
if (!success)
{
Log.outError(LogFilter.Misc, $"Account {accountId} has invalid ciphertext in TOTP token.");
handler.SendSysMessage(CypherStrings.UnknownError);
return false;
}
}
if (TOTP.ValidateToken(secret, token.Value))
{
PreparedStatement stmt = DB.Login.GetPreparedStatement(LoginStatements.UPD_ACCOUNT_TOTP_SECRET);
stmt.AddNull(0);
stmt.AddValue(1, accountId);
DB.Login.Execute(stmt);
handler.SendSysMessage(CypherStrings.TwoFARemoveComplete);
return true;
}
else
handler.SendSysMessage(CypherStrings.TwoFAInvalidToken);
}
handler.SendSysMessage(CypherStrings.TwoFARemoveNeedToken);*/
return false;
}
[Command("2fa setup", CypherStrings.CommandAcc2faSetupHelp, RBACPermissions.CommandAccount2FaSetup)]
static bool HandleAccount2FASetupCommand(CommandHandler handler, uint? token)
{
/*var masterKey = Global.SecretMgr.GetSecret(Secrets.TOTPMasterKey);
if (!masterKey.IsAvailable())
{
handler.SendSysMessage(CypherStrings.TwoFACommandsNotSetup);
return false;
}
uint accountId = handler.GetSession().GetAccountId();
{ // check if 2FA already enabled
PreparedStatement stmt = DB.Login.GetPreparedStatement(LoginStatements.SEL_ACCOUNT_TOTP_SECRET);
stmt.AddValue(0, accountId);
SQLResult result = DB.Login.Query(stmt);
if (result.IsEmpty())
{
Log.outError(LogFilter.Misc, $"Account {accountId} not found in login database when processing .account 2fa setup command.");
handler.SendSysMessage(CypherStrings.UnknownError);
return false;
}
if (!result.IsNull(0))
{
handler.SendSysMessage(CypherStrings.TwoFAAlreadySetup);
return false;
}
}
// store random suggested secrets
Dictionary<uint, byte[]> suggestions = new();
var pair = suggestions.TryAdd(accountId, new byte[20]); // std::vector 1-argument size_t constructor invokes resize
if (pair) // no suggestion yet, generate random secret
suggestions[accountId] = new byte[0].GenerateRandomKey(20);
if (!pair && token.HasValue) // suggestion already existed and token specified - validate
{
if (TOTP.ValidateToken(suggestions[accountId], token.Value))
{
if (masterKey.IsValid())
AES.Encrypt(suggestions[accountId], masterKey.GetValue());
PreparedStatement stmt = DB.Login.GetPreparedStatement(LoginStatements.UPD_ACCOUNT_TOTP_SECRET);
stmt.AddValue(0, suggestions[accountId]);
stmt.AddValue(1, accountId);
DB.Login.Execute(stmt);
suggestions.Remove(accountId);
handler.SendSysMessage(CypherStrings.TwoFASetupComplete);
return true;
}
else
handler.SendSysMessage(CypherStrings.TwoFAInvalidToken);
}
// new suggestion, or no token specified, output TOTP parameters
handler.SendSysMessage(CypherStrings.TwoFASecretSuggestion, suggestions[accountId].ToBase32());*/
return false;
}
[Command("addon", CypherStrings.CommandAccAddonHelp, RBACPermissions.CommandAccountAddon)]
static bool HandleAccountAddonCommand(CommandHandler handler, byte expansion)
{
@@ -440,6 +564,60 @@ namespace Game.Chat
[CommandGroup("set")]
class AccountSetCommands
{
[Command("2fa", CypherStrings.CommandAccSet2faHelp, RBACPermissions.CommandAccountSet2Fa, true)]
static bool HandleAccountSet2FACommand(CommandHandler handler, string accountName, string secret)
{
/*uint targetAccountId = Global.AccountMgr.GetId(accountName);
if (targetAccountId == 0)
{
handler.SendSysMessage(CypherStrings.AccountNotExist, accountName);
return false;
}
if (handler.HasLowerSecurityAccount(null, targetAccountId, true))
return false;
PreparedStatement stmt;
if (secret == "off")
{
stmt = DB.Login.GetPreparedStatement(LoginStatements.UPD_ACCOUNT_TOTP_SECRET);
stmt.AddNull(0);
stmt.AddValue(1, targetAccountId);
DB.Login.Execute(stmt);
handler.SendSysMessage(CypherStrings.TwoFARemoveComplete);
return true;
}
var masterKey = Global.SecretMgr.GetSecret(Secrets.TOTPMasterKey);
if (!masterKey.IsAvailable())
{
handler.SendSysMessage(CypherStrings.TwoFACommandsNotSetup);
return false;
}
var decoded = secret.FromBase32();
if (decoded == null)
{
handler.SendSysMessage(CypherStrings.TwoFASecretInvalid);
return false;
}
if (128 < (decoded.Length + 12 + 12))
{
handler.SendSysMessage(CypherStrings.TwoFASecretTooLong);
return false;
}
if (masterKey.IsValid())
AES.Encrypt(decoded, masterKey.GetValue());
stmt = DB.Login.GetPreparedStatement(LoginStatements.UPD_ACCOUNT_TOTP_SECRET);
stmt.AddValue(0, decoded);
stmt.AddValue(1, targetAccountId);
DB.Login.Execute(stmt);
handler.SendSysMessage(CypherStrings.TwoFASecretSetComplete, accountName);*/
return true;
}
[Command("addon", CypherStrings.CommandAccSetAddonHelp, RBACPermissions.CommandAccountSetAddon, true)]
static bool HandleAccountSetAddonCommand(CommandHandler handler, [OptionalArg] string accountName, byte expansion)
{