Authenticate world admin prior to checking against a world short name [skip ci]

2026-03-29 00:02:50 +00:00 · 2019-07-09 17:39:06 -05:00 · 2019-07-09 17:39:06 -05:00 · 32e8a0fa45
commit 32e8a0fa45
parent 193dbe5938
3 changed files with 48 additions and 14 deletions
--- a/loginserver/database.cpp
+++ b/loginserver/database.cpp
@ -320,14 +320,12 @@ void Database::UpdateLoginHash(
 /**
 * @param short_name
- * @param remote_ip
+ * @param login_world_server_admin_id
 * @param local_ip
 * @return
 */
 Database::DbWorldRegistration Database::GetWorldRegistration(
 	const std::string &short_name,
-	const std::string &remote_ip,
+	uint32 login_world_server_admin_id
 	const std::string &local_ip
 )
 {
 	auto query = fmt::format(
@ -342,8 +340,9 @@ Database::DbWorldRegistration Database::GetWorldRegistration(
 		"  login_world_servers AS WSR\n"
 		"  JOIN login_server_list_types AS SLT ON WSR.login_server_list_type_id = SLT.id\n"
 		"WHERE\n"
-		"  WSR.short_name = '{0}' LIMIT 1",
+		"  WSR.short_name = '{0}' WSR.login_server_admin_id = {1} AND LIMIT 1",
-		EscapeString(short_name)
+		EscapeString(short_name),
 		login_world_server_admin_id
 	);
 	Database::DbWorldRegistration world_registration{};
--- a/loginserver/database.h
+++ b/loginserver/database.h
@ -154,14 +154,12 @@ public:
 	 * Returns true if the record was found, false otherwise
 	 *
 	 * @param short_name
-	 * @param remote_ip
+	 * @param login_world_server_admin_id
 	 * @param local_ip
 	 * @return
 	 */
 	Database::DbWorldRegistration GetWorldRegistration(
 		const std::string &short_name,
-		const std::string &remote_ip,
+		uint32 login_world_server_admin_id
 		const std::string &local_ip
 	);
 	/**
--- a/loginserver/world_server.cpp
+++ b/loginserver/world_server.cpp
@ -505,11 +505,49 @@ void WorldServer::Handle_NewLSInfo(ServerNewLSInfo_Struct *new_world_server_info
 		}
 	}
 	uint32 world_server_admin_id = 0;
 	/**
 	 * If our world is trying to authenticate, let's try and pull the owner first to try associating
 	 * with a world short_name
 	 */
 	if (!GetAccountName().empty() && !GetAccountPassword().empty()) {
 		Database::DbLoginServerAdmin
 			login_server_admin = server.db->GetLoginServerAdmin(GetAccountName());
 		if (login_server_admin.loaded) {
 			LogDebug(
 				"WorldServer::Handle_NewLSInfo | Attempting to authenticate world admin... [{0}] ({1}) against worldserver [{2}]",
 				GetAccountName(),
 				login_server_admin.id,
 				GetServerShortName()
 			);
 			/**
 			 * Validate password hash
 			 */
 			auto mode = server.options.GetEncryptionMode();
 			if (eqcrypt_verify_hash(
 				GetAccountName(),
 				GetAccountPassword(),
 				login_server_admin.account_password,
 				mode
 			)) {
 				LogDebug(
 					"WorldServer::Handle_NewLSInfo | Authenticating world admin... [{0}] ({1}) success! World ({2})",
 					GetAccountName(),
 					login_server_admin.id,
 					GetServerShortName()
 				);
 				world_server_admin_id = login_server_admin.id;
 			}
 		}
 	}
 	Database::DbWorldRegistration
 		world_registration = server.db->GetWorldRegistration(
 		GetServerShortName(),
-		GetRemoteIp(),
+		world_server_admin_id
 		GetLocalIp()
 	);
 	if (!server.options.IsUnregisteredAllowed()) {
@ -876,10 +914,9 @@ bool WorldServer::HandleNewLoginserverInfoUnregisteredAllowed(
 		}
 		Database::DbLoginServerAdmin login_server_admin =
-			server.db->GetLoginServerAdmin(GetAccountName());
+										 server.db->GetLoginServerAdmin(GetAccountName());
 		uint32 server_admin_id = 0;
 		if (login_server_admin.loaded) {
 			auto mode = server.options.GetEncryptionMode();
 			if (eqcrypt_verify_hash(