From 32e8a0fa45e5b73985a47018fb80efb2fd0a4457 Mon Sep 17 00:00:00 2001 From: Akkadius Date: Tue, 9 Jul 2019 17:39:06 -0500 Subject: [PATCH] Authenticate world admin prior to checking against a world short name [skip ci] --- loginserver/database.cpp | 11 ++++----- loginserver/database.h | 6 ++--- loginserver/world_server.cpp | 45 ++++++++++++++++++++++++++++++++---- 3 files changed, 48 insertions(+), 14 deletions(-) diff --git a/loginserver/database.cpp b/loginserver/database.cpp index 6437cc1ec..523994148 100644 --- a/loginserver/database.cpp +++ b/loginserver/database.cpp @@ -320,14 +320,12 @@ void Database::UpdateLoginHash( /** * @param short_name - * @param remote_ip - * @param local_ip + * @param login_world_server_admin_id * @return */ Database::DbWorldRegistration Database::GetWorldRegistration( const std::string &short_name, - const std::string &remote_ip, - const std::string &local_ip + uint32 login_world_server_admin_id ) { auto query = fmt::format( @@ -342,8 +340,9 @@ Database::DbWorldRegistration Database::GetWorldRegistration( " login_world_servers AS WSR\n" " JOIN login_server_list_types AS SLT ON WSR.login_server_list_type_id = SLT.id\n" "WHERE\n" - " WSR.short_name = '{0}' LIMIT 1", - EscapeString(short_name) + " WSR.short_name = '{0}' WSR.login_server_admin_id = {1} AND LIMIT 1", + EscapeString(short_name), + login_world_server_admin_id ); Database::DbWorldRegistration world_registration{}; diff --git a/loginserver/database.h b/loginserver/database.h index 816a008d3..fec7ad797 100644 --- a/loginserver/database.h +++ b/loginserver/database.h @@ -154,14 +154,12 @@ public: * Returns true if the record was found, false otherwise * * @param short_name - * @param remote_ip - * @param local_ip + * @param login_world_server_admin_id * @return */ Database::DbWorldRegistration GetWorldRegistration( const std::string &short_name, - const std::string &remote_ip, - const std::string &local_ip + uint32 login_world_server_admin_id ); /** diff --git a/loginserver/world_server.cpp b/loginserver/world_server.cpp index de5477a02..b13bb17ef 100644 --- a/loginserver/world_server.cpp +++ b/loginserver/world_server.cpp @@ -505,11 +505,49 @@ void WorldServer::Handle_NewLSInfo(ServerNewLSInfo_Struct *new_world_server_info } } + uint32 world_server_admin_id = 0; + + /** + * If our world is trying to authenticate, let's try and pull the owner first to try associating + * with a world short_name + */ + if (!GetAccountName().empty() && !GetAccountPassword().empty()) { + Database::DbLoginServerAdmin + login_server_admin = server.db->GetLoginServerAdmin(GetAccountName()); + + if (login_server_admin.loaded) { + LogDebug( + "WorldServer::Handle_NewLSInfo | Attempting to authenticate world admin... [{0}] ({1}) against worldserver [{2}]", + GetAccountName(), + login_server_admin.id, + GetServerShortName() + ); + + /** + * Validate password hash + */ + auto mode = server.options.GetEncryptionMode(); + if (eqcrypt_verify_hash( + GetAccountName(), + GetAccountPassword(), + login_server_admin.account_password, + mode + )) { + LogDebug( + "WorldServer::Handle_NewLSInfo | Authenticating world admin... [{0}] ({1}) success! World ({2})", + GetAccountName(), + login_server_admin.id, + GetServerShortName() + ); + world_server_admin_id = login_server_admin.id; + } + } + } + Database::DbWorldRegistration world_registration = server.db->GetWorldRegistration( GetServerShortName(), - GetRemoteIp(), - GetLocalIp() + world_server_admin_id ); if (!server.options.IsUnregisteredAllowed()) { @@ -876,10 +914,9 @@ bool WorldServer::HandleNewLoginserverInfoUnregisteredAllowed( } Database::DbLoginServerAdmin login_server_admin = - server.db->GetLoginServerAdmin(GetAccountName()); + server.db->GetLoginServerAdmin(GetAccountName()); uint32 server_admin_id = 0; - if (login_server_admin.loaded) { auto mode = server.options.GetEncryptionMode(); if (eqcrypt_verify_hash(