Core/BnetServer: Bnetserver cleanup

Port From (https://github.com/TrinityCore/TrinityCore/commit/e9392ad28767626e519c463e2110184d71ba8426)
This commit is contained in:
hondacrx
2020-08-12 17:43:37 -04:00
parent 7eb9b2201f
commit 459d49f899
12 changed files with 201 additions and 56 deletions
+44
View File
@@ -15,6 +15,7 @@ using System.Text.Json.Serialization;
using System.Timers;
using System.Collections.Generic;
using System.Threading.Tasks;
using Framework.Cryptography;
namespace BNetServer
{
@@ -33,6 +34,8 @@ namespace BNetServer
if (!StartDB())
ExitNow();
FixLegacyAuthHashes();
string bindIp = ConfigMgr.GetDefaultValue("BindIP", "0.0.0.0");
var restSocketServer = new SocketManager<RestSession>();
@@ -93,6 +96,47 @@ namespace BNetServer
Environment.Exit(-1);
}
static void FixLegacyAuthHashes()
{
Log.outInfo(LogFilter.Server, "Updating password hashes...");
uint start = Time.GetMSTime();
// the auth update query nulls salt/verifier if they cannot be converted
// if they are non-null but s/v have been cleared, that means a legacy tool touched our auth DB (otherwise, the core might've done it itself, it used to use those hacks too)
SQLResult result = DB.Login.Query("SELECT id, sha_pass_hash, IF((salt IS null) AND (verifier IS null), 0, 1) AS shouldWarn FROM account WHERE s != DEFAULT(s) OR v != DEFAULT(v) OR salt IS NULL OR verifier IS NULL");
if (result.IsEmpty())
{
Log.outInfo(LogFilter.Server, $"No password hashes to update - this took us {Time.GetMSTimeDiffToNow(start)} ms to realize");
return;
}
bool hadWarning = false;
uint count = 0;
SQLTransaction trans = new SQLTransaction();
do
{
uint id = result.Read<uint>(0);
(byte[] salt, byte[] verifier) registrationData = SRP6.MakeRegistrationDataFromHash(result.Read<string>(1).ToByteArray());
if (result.Read<long>(2) != 0 && !hadWarning)
{
hadWarning = true;
Log.outWarn(LogFilter.Server, "(!) You appear to be using an outdated external account management tool.\n(!!) This is INSECURE, has been deprecated, and will cease to function entirely in the near future.\n(!) Update your external tool.\n(!!) If no update is available, refer your tool's developer to https://github.com/TrinityCore/TrinityCore/issues/25157.");
}
PreparedStatement stmt = DB.Login.GetPreparedStatement(LoginStatements.UPD_LOGON);
stmt.AddValue(0, registrationData.salt);
stmt.AddValue(1, registrationData.verifier);
stmt.AddValue(2, id);
trans.Append(stmt);
++count;
} while (result.NextRow());
DB.Login.CommitTransaction(trans);
Log.outInfo(LogFilter.Server, $"{count} password hashes updated in {Time.GetMSTimeDiffToNow(start)} ms");
}
static void BanExpiryCheckTimer_Elapsed(object sender, ElapsedEventArgs e)
{
DB.Login.Execute(DB.Login.GetPreparedStatement(LoginStatements.DelExpiredIpBans));
+57
View File
@@ -0,0 +1,57 @@
using System;
using System.Collections.Generic;
using System.Text;
using System.Security.Cryptography;
using System.Numerics;
namespace Framework.Cryptography
{
public class SRP6
{
static SHA1 _sha1;
static BigInteger _g;
static BigInteger _N;
static SRP6()
{
_sha1 = new SHA1Managed();
_g = new byte[] { 7 }.ToBigInteger();
_N = new byte[]
{
0x89, 0x4B, 0x64, 0x5E, 0x89, 0xE1, 0x53, 0x5B, 0xBD, 0xAD, 0x5B, 0x8B, 0x29, 0x06, 0x50, 0x53,
0x08, 0x01, 0xB1, 0x8E, 0xBF, 0xBF, 0x5E, 0x8F, 0xAB, 0x3C, 0x82, 0x87, 0x2A, 0x3E, 0x9B, 0xB7,
}.ToBigInteger(true);
}
public static (byte[] Salt, byte[] Verifier) MakeRegistrationData(string username, string password)
{
var salt = new byte[0].GenerateRandomKey(32); // random salt
return (salt, CalculateVerifier(username, password, salt));
}
[Obsolete]
public static (byte[] Salt, byte[] Verifier) MakeRegistrationDataFromHash(byte[] hash)
{
var salt = new byte[0].GenerateRandomKey(32); // random salt
return (salt, CalculateVerifierFromHash(hash, salt));
}
public static byte[] CalculateVerifier(string username, string password, byte[] salt)
{
// v = g ^ H(s || H(u || ':' || p)) mod N
return CalculateVerifierFromHash(_sha1.ComputeHash(Encoding.ASCII.GetBytes(username.ToUpper() + ":" + password.ToUpper())), salt);
}
// merge this into CalculateVerifier once the sha_pass hack finally gets nuked from orbit
public static byte[] CalculateVerifierFromHash(byte[] hash, byte[] salt)
{
// v = BigInteger.ModPow(gBN, x, BN);
return BigInteger.ModPow(_g, _sha1.ComputeHash(salt.Combine(hash)).ToBigInteger(), _N).ToByteArray();
}
public static bool CheckLogin(string username, string password, byte[] salt, byte[] verifier)
{
return verifier.Compare(CalculateVerifier(username, password, salt));
}
}
}
@@ -35,15 +35,17 @@ namespace Framework.Database
PrepareStatement(LoginStatements.SEL_ACCOUNT_BANNED_ALL, "SELECT account.id, username FROM account, account_banned WHERE account.id = account_banned.id AND active = 1 GROUP BY account.id");
PrepareStatement(LoginStatements.SEL_ACCOUNT_BANNED_BY_USERNAME, "SELECT account.id, username FROM account, account_banned WHERE account.id = account_banned.id AND active = 1 AND username LIKE CONCAT('%%', ?, '%%') GROUP BY account.id");
PrepareStatement(LoginStatements.DEL_ACCOUNT_BANNED, "DELETE FROM account_banned WHERE id = ?");
PrepareStatement(LoginStatements.UPD_ACCOUNT_INFO_CONTINUED_SESSION, "UPDATE account SET sessionkey = ? WHERE id = ?");
PrepareStatement(LoginStatements.SEL_ACCOUNT_INFO_CONTINUED_SESSION, "SELECT username, sessionkey FROM account WHERE id = ?");
PrepareStatement(LoginStatements.UPD_ACCOUNT_INFO_CONTINUED_SESSION, "UPDATE account SET session_key_bnet = ? WHERE id = ?");
PrepareStatement(LoginStatements.SEL_ACCOUNT_INFO_CONTINUED_SESSION, "SELECT username, session_key_bnet FROM account WHERE id = ? AND LENGTH(session_key_bnet) = 40");
PrepareStatement(LoginStatements.UPD_LOGON, "UPDATE account SET salt = ?, verifier = ?, s = DEFAULT, v = DEFAULT WHERE id = ?");
PrepareStatement(LoginStatements.UPD_LOGON_LEGACY, "UPDATE account SET sha_pass_hash = ? WHERE id = ?");
PrepareStatement(LoginStatements.SEL_ACCOUNT_ID_BY_NAME, "SELECT id FROM account WHERE username = ?");
PrepareStatement(LoginStatements.SEL_ACCOUNT_LIST_BY_NAME, "SELECT id, username FROM account WHERE username = ?");
PrepareStatement(LoginStatements.SEL_ACCOUNT_INFO_BY_NAME, "SELECT a.id, a.sessionkey, ba.last_ip, ba.locked, ba.lock_country, a.expansion, a.mutetime, ba.locale, a.recruiter, a.os, ba.id, aa.SecurityLevel, " +
PrepareStatement(LoginStatements.SEL_ACCOUNT_INFO_BY_NAME, "SELECT a.id, a.session_key_bnet, ba.last_ip, ba.locked, ba.lock_country, a.expansion, a.mutetime, ba.locale, a.recruiter, a.os, ba.id, aa.SecurityLevel, " +
"bab.unbandate > UNIX_TIMESTAMP() OR bab.unbandate = bab.bandate, ab.unbandate > UNIX_TIMESTAMP() OR ab.unbandate = ab.bandate, r.id " +
"FROM account a LEFT JOIN account r ON a.id = r.recruiter LEFT JOIN battlenet_accounts ba ON a.battlenet_account = ba.id " +
"LEFT JOIN account_access aa ON a.id = aa.AccountID AND aa.RealmID IN (-1, ?) LEFT JOIN battlenet_account_bans bab ON ba.id = bab.id LEFT JOIN account_banned ab ON a.id = ab.id AND ab.active = 1 " +
"WHERE a.username = ? ORDER BY aa.RealmID DESC LIMIT 1");
"WHERE a.username = ? AND LENGTH(a.session_key_bnet) = 64 ORDER BY aa.RealmID DESC LIMIT 1");
PrepareStatement(LoginStatements.SEL_ACCOUNT_LIST_BY_EMAIL, "SELECT id, username FROM account WHERE email = ?");
PrepareStatement(LoginStatements.SEL_ACCOUNT_BY_IP, "SELECT id, username FROM account WHERE last_ip = ?");
@@ -56,14 +58,13 @@ namespace Framework.Database
PrepareStatement(LoginStatements.DEL_REALM_CHARACTERS, "DELETE FROM realmcharacters WHERE acctid = ?");
PrepareStatement(LoginStatements.INS_REALM_CHARACTERS, "INSERT INTO realmcharacters (numchars, acctid, realmid) VALUES (?, ?, ?)");
PrepareStatement(LoginStatements.SEL_SUM_REALM_CHARACTERS, "SELECT SUM(numchars) FROM realmcharacters WHERE acctid = ?");
PrepareStatement(LoginStatements.INS_ACCOUNT, "INSERT INTO account(username, sha_pass_hash, reg_mail, email, joindate, battlenet_account, battlenet_index) VALUES(?, ?, ?, ?, NOW(), ?, ?)");
PrepareStatement(LoginStatements.INS_REALM_CHARACTERS_INIT, "INSERT INTO realmcharacters (realmid, acctid, numchars) SELECT realmlist.id, account.id, 0 FROM realmlist, account LEFT JOIN realmcharacters ON acctid=account.id WHERE acctid IS NULL");
PrepareStatement(LoginStatements.INS_ACCOUNT, "INSERT INTO account(username, salt, verifier, reg_mail, email, joindate, battlenet_account, battlenet_index) VALUES(?, ?, ?, ?, ?, NOW(), ?, ?)");
PrepareStatement(LoginStatements.INS_REALM_CHARACTERS_INIT, "INSERT INTO realmcharacters (realmid, acctid, numchars) SELECT realmlist.id, account.id, 0 FROM realmlist, account LEFT JOIN realmcharacters ON acctid = account.id WHERE acctid IS NULL");
PrepareStatement(LoginStatements.UPD_EXPANSION, "UPDATE account SET expansion = ? WHERE id = ?");
PrepareStatement(LoginStatements.UPD_ACCOUNT_LOCK, "UPDATE account SET locked = ? WHERE id = ?");
PrepareStatement(LoginStatements.UPD_ACCOUNT_LOCK_COUNTRY, "UPDATE account SET lock_country = ? WHERE id = ?");
PrepareStatement(LoginStatements.INS_LOG, "INSERT INTO logs (time, realm, type, level, string) VALUES (?, ?, ?, ?, ?)");
PrepareStatement(LoginStatements.UPD_USERNAME, "UPDATE account SET username = ?, sha_pass_hash = ? WHERE id = ?");
PrepareStatement(LoginStatements.UPD_PASSWORD, "UPDATE account SET sha_pass_hash = ? WHERE id = ?");
PrepareStatement(LoginStatements.UPD_USERNAME, "UPDATE account SET username = ? WHERE id = ?");
PrepareStatement(LoginStatements.UPD_EMAIL, "UPDATE account SET email = ? WHERE id = ?");
PrepareStatement(LoginStatements.UPD_REG_EMAIL, "UPDATE account SET reg_mail = ? WHERE id = ?");
PrepareStatement(LoginStatements.UPD_MUTE_TIME, "UPDATE account SET mutetime = ? , mutereason = ? , muteby = ? WHERE id = ?");
@@ -80,8 +81,8 @@ namespace Framework.Database
PrepareStatement(LoginStatements.GET_ACCOUNT_ACCESS_GMLEVEL, "SELECT SecurityLevel FROM account_access WHERE AccountID = ?");
PrepareStatement(LoginStatements.GET_GMLEVEL_BY_REALMID, "SELECT SecurityLevel FROM account_access WHERE AccountID = ? AND (RealmID = ? OR RealmID = -1)");
PrepareStatement(LoginStatements.GET_USERNAME_BY_ID, "SELECT username FROM account WHERE id = ?");
PrepareStatement(LoginStatements.SEL_CHECK_PASSWORD, "SELECT 1 FROM account WHERE id = ? AND sha_pass_hash = ?");
PrepareStatement(LoginStatements.SEL_CHECK_PASSWORD_BY_NAME, "SELECT 1 FROM account WHERE username = ? AND sha_pass_hash = ?");
PrepareStatement(LoginStatements.SEL_CHECK_PASSWORD, "SELECT salt, verifier FROM account WHERE id = ? AND salt IS NOT NULL AND verifier IS NOT NULL");
PrepareStatement(LoginStatements.SEL_CHECK_PASSWORD_BY_NAME, "SELECT salt, verifier FROM account WHERE username = ? AND salt IS NOT NULL AND verifier IS NOT NULL");
PrepareStatement(LoginStatements.SEL_PINFO, "SELECT a.username, aa.SecurityLevel, a.email, a.reg_mail, a.last_ip, DATE_FORMAT(a.last_login, '%Y-%m-%d %T'), a.mutetime, a.mutereason, a.muteby, a.failed_logins, a.locked, a.OS FROM account a LEFT JOIN account_access aa ON (a.id = aa.AccountID AND (aa.RealmID = ? OR aa.RealmID = -1)) WHERE a.id = ?");
PrepareStatement(LoginStatements.SEL_PINFO_BANS, "SELECT unbandate, bandate = unbandate, bannedby, banreason FROM account_banned WHERE id = ? AND active ORDER BY bandate ASC LIMIT 1");
PrepareStatement(LoginStatements.SEL_GM_ACCOUNTS, "SELECT a.username, aa.SecurityLevel FROM account a, account_access aa WHERE a.id=aa.AccountID AND aa.SecurityLevel >= ? AND (aa.realmid = -1 OR aa.realmid = ?)");
@@ -119,7 +120,7 @@ namespace Framework.Database
" FROM battlenet_accounts ba LEFT JOIN battlenet_account_bans bab ON ba.id = bab.id LEFT JOIN account a ON ba.id = a.battlenet_account" +
" LEFT JOIN account_banned ab ON a.id = ab.id AND ab.active = 1 LEFT JOIN account_access aa ON a.id = aa.AccountID AND aa.RealmID = -1 WHERE ba.LoginTicket = ? ORDER BY a.id");
PrepareStatement(LoginStatements.UpdBnetLastLoginInfo, "UPDATE battlenet_accounts SET last_ip = ?, last_login = NOW(), locale = ?, failed_logins = 0, os = ? WHERE id = ?");
PrepareStatement(LoginStatements.UPD_BNET_GAME_ACCOUNT_LOGIN_INFO, "UPDATE account SET sessionkey = ?, last_ip = ?, last_login = NOW(), locale = ?, failed_logins = 0, os = ? WHERE username = ?");
PrepareStatement(LoginStatements.UPD_BNET_GAME_ACCOUNT_LOGIN_INFO, "UPDATE account SET session_key_bnet = ?, last_ip = ?, last_login = NOW(), locale = ?, failed_logins = 0, os = ? WHERE username = ?");
PrepareStatement(LoginStatements.SelBnetCharacterCountsByAccountId, "SELECT rc.acctid, rc.numchars, r.id, r.Region, r.Battlegroup FROM realmcharacters rc INNER JOIN realmlist r ON rc.realmid = r.id WHERE rc.acctid = ?");
PrepareStatement(LoginStatements.SEL_BNET_CHARACTER_COUNTS_BY_BNET_ID, "SELECT rc.acctid, rc.numchars, r.id, r.Region, r.Battlegroup FROM realmcharacters rc INNER JOIN realmlist r ON rc.realmid = r.id LEFT JOIN account a ON rc.acctid = a.id WHERE a.battlenet_account = ?");
PrepareStatement(LoginStatements.SelBnetLastPlayerCharacters, "SELECT lpc.accountId, lpc.region, lpc.battlegroup, lpc.realmId, lpc.characterName, lpc.characterGUID, lpc.lastPlayedTime FROM account_last_played_character lpc LEFT JOIN account a ON lpc.accountId = a.id WHERE a.battlenet_account = ?");
@@ -187,7 +188,8 @@ namespace Framework.Database
DEL_ACCOUNT_BANNED,
UPD_ACCOUNT_INFO_CONTINUED_SESSION,
SEL_ACCOUNT_INFO_CONTINUED_SESSION,
UPD_VS,
UPD_LOGON,
UPD_LOGON_LEGACY,
SEL_ACCOUNT_ID_BY_NAME,
SEL_ACCOUNT_LIST_BY_NAME,
SEL_ACCOUNT_INFO_BY_NAME,
@@ -211,7 +213,6 @@ namespace Framework.Database
UPD_ACCOUNT_LOCK_COUNTRY,
INS_LOG,
UPD_USERNAME,
UPD_PASSWORD,
UPD_EMAIL,
UPD_REG_EMAIL,
UPD_MUTE_TIME,
+1 -1
View File
@@ -295,7 +295,7 @@ public class RealmManager : Singleton<RealmManager>
byte[] keyData = clientSecret.ToArray().Combine(serverSecret);
PreparedStatement stmt = DB.Login.GetPreparedStatement(LoginStatements.UPD_BNET_GAME_ACCOUNT_LOGIN_INFO);
stmt.AddValue(0, keyData.ToHexString());
stmt.AddValue(0, keyData);
stmt.AddValue(1, clientAddress.ToString());
stmt.AddValue(2, locale);
stmt.AddValue(3, os);
+45 -16
View File
@@ -23,6 +23,7 @@ using System;
using System.Collections.Generic;
using System.Security.Cryptography;
using System.Text;
using Framework.Cryptography;
namespace Game
{
@@ -44,20 +45,23 @@ namespace Game
if (GetId(username) != 0)
return AccountOpResult.NameAlreadyExist; // username does already exist
(byte[] salt, byte[] verifier) registrationData = SRP6.MakeRegistrationData(username, password);
PreparedStatement stmt = DB.Login.GetPreparedStatement(LoginStatements.INS_ACCOUNT);
stmt.AddValue(0, username);
stmt.AddValue(1, CalculateShaPassHash(username, password));
stmt.AddValue(1, registrationData.Item1);
stmt.AddValue(2, registrationData.Item2);
stmt.AddValue(2, email);
stmt.AddValue(3, email);
stmt.AddValue(4, email);
if (bnetAccountId != 0 && bnetIndex != 0)
{
stmt.AddValue(4, bnetAccountId);
stmt.AddValue(5, bnetIndex);
stmt.AddValue(5, bnetAccountId);
stmt.AddValue(6, bnetIndex);
}
else
{
stmt.AddValue(4, null);
stmt.AddValue(5, null);
stmt.AddValue(6, null);
}
DB.Login.DirectExecute(stmt); // Enforce saving, otherwise AddGroup can fail
@@ -156,10 +160,23 @@ namespace Game
stmt = DB.Login.GetPreparedStatement(LoginStatements.UPD_USERNAME);
stmt.AddValue(0, newUsername);
stmt.AddValue(1, CalculateShaPassHash(newUsername, newPassword));
stmt.AddValue(1, accountId);
DB.Login.Execute(stmt);
(byte[] salt, byte[] verifier) registrationData = SRP6.MakeRegistrationData(newUsername, newPassword);
stmt = DB.Login.GetPreparedStatement(LoginStatements.UPD_LOGON);
stmt.AddValue(0, registrationData.salt);
stmt.AddValue(1, registrationData.verifier);
stmt.AddValue(2, accountId);
DB.Login.Execute(stmt);
{
stmt = DB.Login.GetPreparedStatement(LoginStatements.UPD_LOGON_LEGACY);
stmt.AddValue(0, CalculateShaPassHash(newUsername, newPassword));
stmt.AddValue(1, accountId);
DB.Login.Execute(stmt);
}
return AccountOpResult.Ok;
}
@@ -173,16 +190,20 @@ namespace Game
if (newPassword.Length > MaxAccountLength)
return AccountOpResult.PassTooLong;
PreparedStatement stmt = DB.Login.GetPreparedStatement(LoginStatements.UPD_PASSWORD);
stmt.AddValue(0, CalculateShaPassHash(username, newPassword));
stmt.AddValue(1, accountId);
(byte[] salt, byte[] verifier) registrationData = SRP6.MakeRegistrationData(username, newPassword);
PreparedStatement stmt = DB.Login.GetPreparedStatement(LoginStatements.UPD_LOGON);
stmt.AddValue(0, registrationData.salt);
stmt.AddValue(1, registrationData.verifier);
stmt.AddValue(2, accountId);
DB.Login.Execute(stmt);
stmt = DB.Login.GetPreparedStatement(LoginStatements.UPD_VS);
stmt.AddValue(0, "");
stmt.AddValue(1, "");
stmt.AddValue(2, username);
DB.Login.Execute(stmt);
{
stmt = DB.Login.GetPreparedStatement(LoginStatements.UPD_LOGON_LEGACY);
stmt.AddValue(0, CalculateShaPassHash(username, newPassword));
stmt.AddValue(1, accountId);
DB.Login.Execute(stmt);
}
return AccountOpResult.Ok;
}
@@ -283,9 +304,16 @@ namespace Game
PreparedStatement stmt = DB.Login.GetPreparedStatement(LoginStatements.SEL_CHECK_PASSWORD);
stmt.AddValue(0, accountId);
stmt.AddValue(1, CalculateShaPassHash(username, password));
SQLResult result = DB.Login.Query(stmt);
return !result.IsEmpty();
if (!result.IsEmpty())
{
byte[] salt = result.Read<byte[]>(0);
byte[] verifier = result.Read<byte[]>(1);
if (SRP6.CheckLogin(username, password, salt, verifier))
return true;
}
return false;
}
public bool CheckEmail(uint accountId, string newEmail)
@@ -311,6 +339,7 @@ namespace Game
return result.IsEmpty() ? 0 : (uint)result.Read<ulong>(0);
}
[Obsolete]
string CalculateShaPassHash(string name, string password)
{
SHA1 sha = SHA1.Create();
@@ -99,7 +99,9 @@ namespace Game.Chat.Commands
byte index = (byte)(Global.BNetAccountMgr.GetMaxIndex(accountId) + 1);
string accountName = accountId.ToString() + '#' + index;
switch (Global.AccountMgr.CreateAccount(accountName, "DUMMY", bnetAccountName, accountId, index))
// Generate random hex string for password, these accounts must not be logged on with GRUNT
byte[] randPassword = new byte[0].GenerateRandomKey(16);
switch (Global.AccountMgr.CreateAccount(accountName, randPassword.ToHexString(), bnetAccountName, accountId, index))
{
case AccountOpResult.Ok:
handler.SendSysMessage(CypherStrings.AccountCreated, accountName);
+1 -1
View File
@@ -59,7 +59,7 @@ namespace Game
_battlePetMgr = new BattlePetMgr(this);
_collectionMgr = new CollectionMgr(this);
m_Address = sock.GetRemoteIpAddress().ToString();
m_Address = sock.GetRemoteIpAddress().Address.ToString();
ResetTimeOutTime(false);
DB.Login.Execute("UPDATE account SET online = 1 WHERE id = {0};", GetAccountId()); // One-time query
}
-17
View File
@@ -64,17 +64,7 @@ namespace Game
wardenCheck.Action = (WardenActions)WorldConfig.GetIntValue(WorldCfg.WardenClientFailAction);
if (checkType == WardenCheckType.PageA || checkType == WardenCheckType.PageB || checkType == WardenCheckType.Driver)
{
wardenCheck.Data = new BigInteger(data.ToByteArray());
int len = data.Length / 2;
if (wardenCheck.Data.ToByteArray().Length < len)
{
byte[] temp = wardenCheck.Data.ToByteArray();
Array.Reverse(temp);
wardenCheck.Data = new BigInteger(temp);
}
}
if (checkType == WardenCheckType.Memory || checkType == WardenCheckType.Module)
MemChecksIdPool.Add(id);
@@ -96,13 +86,6 @@ namespace Game
if (checkType == WardenCheckType.MPQ || checkType == WardenCheckType.Memory)
{
BigInteger Result = new BigInteger(checkResult.ToByteArray());
int len = checkResult.Length / 2;
if (Result.ToByteArray().Length < len)
{
byte[] temp = Result.ToByteArray();
Array.Reverse(temp);
Result = new BigInteger(temp);
}
CheckResultStore[id] = Result;
}
+17 -7
View File
@@ -25,10 +25,13 @@ DROP TABLE IF EXISTS `account`;
CREATE TABLE `account` (
`id` int(10) unsigned NOT NULL AUTO_INCREMENT COMMENT 'Identifier',
`username` varchar(32) NOT NULL DEFAULT '',
`salt` BINARY(32),
`verifier` BINARY(32),
`session_key_auth` BINARY(40) DEFAULT NULL,
`session_key_bnet` VARBINARY(64) DEFAULT NULL,
`sha_pass_hash` varchar(40) NOT NULL DEFAULT '',
`sessionkey` varchar(128) NOT NULL DEFAULT '',
`v` varchar(64) NOT NULL DEFAULT '',
`s` varchar(64) NOT NULL DEFAULT '',
`v` varchar(64) NOT NULL DEFAULT 'dummy value, use `verifier` instead',
`s` varchar(64) NOT NULL DEFAULT 'dummy value, use `salt` instead',
`token_key` varchar(100) NOT NULL DEFAULT '',
`email` varchar(255) NOT NULL DEFAULT '',
`reg_mail` varchar(255) NOT NULL DEFAULT '',
@@ -561,7 +564,8 @@ INSERT INTO `build_info` VALUES
(34769,8,3,0,NULL,NULL,'93F9B9AF6397E3E4EED94D36D16907D2',NULL,NULL,NULL),
(34963,8,3,0,NULL,NULL,'7BA50C879C5D04221423B02AC3603A11','C5658A17E702163447BAAAE46D130A1B',NULL,NULL),
(35249,8,3,7,NULL,NULL,'C7B11F9AE9FF1409F5582902B3D10D1C',NULL,NULL,NULL),
(35284,8,3,7,NULL,NULL,'EA3818E7DCFD2009DBFC83EE3C1E4F1B',NULL,NULL,NULL);
(35284,8,3,7,NULL,NULL,'EA3818E7DCFD2009DBFC83EE3C1E4F1B','A6201B0AC5A73D13AB2FDCC79BB252AF',NULL,NULL),
(35435,8,3,7,NULL,NULL,'BB397A92FE23740EA52FC2B5BA2EC8E0','8FE657C14A46BCDB2CE6DA37E430450E',NULL,NULL);
/*!40000 ALTER TABLE `build_info` ENABLE KEYS */;
UNLOCK TABLES;
@@ -2153,7 +2157,7 @@ CREATE TABLE `realmlist` (
`timezone` tinyint(3) unsigned NOT NULL DEFAULT '0',
`allowedSecurityLevel` tinyint(3) unsigned NOT NULL DEFAULT '0',
`population` float unsigned NOT NULL DEFAULT '0',
`gamebuild` int(10) unsigned NOT NULL DEFAULT '35284',
`gamebuild` int(10) unsigned NOT NULL DEFAULT '35435',
`Region` tinyint(3) unsigned NOT NULL DEFAULT '1',
`Battlegroup` tinyint(3) unsigned NOT NULL DEFAULT '1',
PRIMARY KEY (`id`),
@@ -2168,7 +2172,7 @@ CREATE TABLE `realmlist` (
LOCK TABLES `realmlist` WRITE;
/*!40000 ALTER TABLE `realmlist` DISABLE KEYS */;
INSERT INTO `realmlist` VALUES
(1,'Trinity','127.0.0.1','127.0.0.1','255.255.255.0',8085,0,0,1,0,0,35284,1,1);
(1,'Trinity','127.0.0.1','127.0.0.1','255.255.255.0',8085,0,0,1,0,0,35435,1,1);
/*!40000 ALTER TABLE `realmlist` ENABLE KEYS */;
UNLOCK TABLES;
@@ -2362,7 +2366,13 @@ INSERT INTO `updates` VALUES
('2020_07_02_00_auth.sql','08D0F9D70AE625285172B3E02A3DAFE17D88E118','RELEASED','2020-07-02 10:29:25',0),
('2020_07_03_00_auth.sql','ED7175E51F248ADC5EF60E7CEA9627CC3191ED4C','RELEASED','2020-07-03 20:09:39',0),
('2020_07_23_00_auth.sql','5F47E1CEECA9F837C85C2DAC7ECD47AED321F502','RELEASED','2020-07-23 19:54:42',0),
('2020_07_24_00_auth.sql','06598162E9C84DDF8AA1F83D0410D056C3F7F69E','RELEASED','2020-07-24 00:44:34',0);
('2020_07_24_00_auth.sql','06598162E9C84DDF8AA1F83D0410D056C3F7F69E','RELEASED','2020-07-24 00:44:34',0),
('2020_07_25_00_auth.sql','BE376B619ECB6FE827270D5022F311E20AD6E177','RELEASED','2020-07-25 00:00:49',0),
('2020_08_02_00_auth.sql','B0290F6558C59262D9DDD8071060A8803DD56930','RELEASED','2020-08-02 00:00:00',0),
('2020_08_03_00_auth.sql','492CA77C0FAEEEF3E0492121B3A92689373ECFA3','RELEASED','2020-08-03 09:24:47',0),
('2020_08_03_01_auth.sql','EC1063396CA20A2303D83238470D41EF4439EC72','RELEASED','2020-08-03 00:00:01',0),
('2020_08_06_00_auth.sql','5D3C5B25132DAFCA3933E9CBE14F5E8A290C4AFA','RELEASED','2020-08-06 20:26:11',0),
('2020_08_08_00_auth.sql','BC6A08BE42A6F2C30C9286CBDD47D57B718C4635','RELEASED','2020-08-08 00:16:57',0);
/*!40000 ALTER TABLE `updates` ENABLE KEYS */;
UNLOCK TABLES;
@@ -0,0 +1,13 @@
-- AUTH CLEANUP PHASE 3
-- update `account` structure
-- sha_pass_hash/s/v kept around for now, for backwards compatibility
ALTER TABLE `account`
DROP COLUMN `sessionkey`,
ADD COLUMN `salt` BINARY(32) AFTER `username`,
ADD COLUMN `verifier` BINARY(32) AFTER `salt`,
ADD COLUMN `session_key` BINARY(40) AFTER `verifier`,
MODIFY COLUMN `s` VARCHAR(64) NOT NULL DEFAULT 'dummy value, use `salt` instead',
MODIFY COLUMN `v` VARCHAR(64) NOT NULL DEFAULT 'dummy value, use `verifier` instead';
UPDATE `account` SET `salt`=REVERSE(UNHEX(`s`)), `s`=DEFAULT WHERE LENGTH(`s`)=64;
UPDATE `account` SET `verifier`=REVERSE(UNHEX(`v`)), `v`=DEFAULT WHERE LENGTH(`v`)=64;
@@ -0,0 +1 @@
ALTER TABLE `account` MODIFY COLUMN `session_key` VARBINARY(64) AFTER `verifier`;
@@ -0,0 +1,5 @@
--
ALTER TABLE `account`
DROP COLUMN `session_key`,
ADD COLUMN `session_key_auth` BINARY(40) DEFAULT NULL AFTER `verifier`,
ADD COLUMN `session_key_bnet` VARBINARY(64) DEFAULT NULL AFTER `session_key_auth`;