本文整理汇总了C++中SHA1Hash类的典型用法代码示例。如果您正苦于以下问题:C++ SHA1Hash类的具体用法?C++ SHA1Hash怎么用?C++ SHA1Hash使用的例子?那么, 这里精选的类代码示例或许可以为您提供帮助。
在下文中一共展示了SHA1Hash类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C++代码示例。
示例1: CalculateShaPassHash
std::string CalculateShaPassHash(std::string& name, std::string& password)
{
SHA1Hash sha;
sha.Initialize();
sha.UpdateData(name);
sha.UpdateData(":");
sha.UpdateData(password);
sha.Finalize();
return ByteArrayToHexStr(sha.GetDigest(), sha.GetLength());
}示例2: TestSHA1
int TestSHA1()
{
SHA1Hash sha1;
const char *teststring = NULL;
size_t length = 0;
/* These tests are from FIPS PUB 180-1 */
teststring = "abc"; length = strlen(teststring);
sha1.Process(teststring, length);
TEST_ASSERT(strcmp(sha1.ToString(), "a9993e364706816aba3e25717850c26c9cd0d89d") == 0);
teststring = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"; length = strlen(teststring);
sha1.Process(teststring, length);
TEST_ASSERT(strcmp(sha1.ToString(), "84983e441c3bd26ebaae4aa1f95129e5e54670f1") == 0);
SHA1Hash otherhash;
otherhash.Process("cheese", 6);
TEST_ASSERT(otherhash != sha1 && sha1 != otherhash);
otherhash.Process(teststring, length);
TEST_ASSERT(otherhash == sha1 && sha1 == otherhash);
#ifdef HIGH_INTENSITY
char *tempstring = new char[1000001];
memset(tempstring, 'a', 1000000);
tempstring[1000000] = '\0';
length = strlen(tempstring);
sha1.Process(tempstring, length);
TEST_ASSERT(strcmp(sha1.ToString(), "34aa973cd4c4daa4f61eeb2bdbad27316534016f") == 0);
delete [] tempstring;
#endif
#ifdef FILE_CHECKSUM
TextReader file;
file.Open("testfile");
sha1.Process((CoreIOReader *)&file);
TEST_ASSERT(strcmp(sha1.ToString(), "951a6307067df1931ee1637a57ea4b9ad4a01a7c") == 0);
#endif
return 0;
}示例3: memcpy
// Make the SRP6 calculation from hash in dB
void AuthSession::SetVSFields(const std::string& rI)
{
s.SetRand(int32(BufferSizes::SRP_6_S) * 8);
BigNumber I;
I.SetHexStr(rI.c_str());
// In case of leading zeros in the rI hash, restore them
uint8 mDigest[SHA_DIGEST_LENGTH];
memcpy(mDigest, I.AsByteArray(SHA_DIGEST_LENGTH).get(), SHA_DIGEST_LENGTH);
std::reverse(mDigest, mDigest + SHA_DIGEST_LENGTH);
SHA1Hash sha;
sha.UpdateData(s.AsByteArray(uint32(BufferSizes::SRP_6_S)).get(), (uint32(BufferSizes::SRP_6_S)));
sha.UpdateData(mDigest, SHA_DIGEST_LENGTH);
sha.Finalize();
BigNumber x;
x.SetBinary(sha.GetDigest(), sha.GetLength());
v = g.ModExp(x, N);
// No SQL injection (username escaped)
char *v_hex, *s_hex;
v_hex = v.AsHexStr();
s_hex = s.AsHexStr();
PreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_UPD_VS);
stmt->setString(0, v_hex);
stmt->setString(1, s_hex);
stmt->setString(2, _login);
LoginDatabase.Execute(stmt);
OPENSSL_free(v_hex);
OPENSSL_free(s_hex);
}示例4: CalculateShaPassHash
std::string CalculateShaPassHash(std::string& name, std::string& password)
{
SHA1Hash sha;
sha.Initialize();
sha.UpdateData(name);
sha.UpdateData(":");
sha.UpdateData(password);
sha.Finalize();
std::string encoded;
hexEncodeByteArray(sha.GetDigest(), sha.GetLength(), encoded);
return encoded;
}示例5: _HandleReconnectProof
// Reconnect Proof command handler
bool AuthSocket::_HandleReconnectProof() {
sLog->outStaticDebug("Entering _HandleReconnectProof");
// Read the packet
sAuthReconnectProof_C lp;
if (!socket().recv((char *) &lp, sizeof(sAuthReconnectProof_C)))
return false;
if (_login.empty() || !_reconnectProof.GetNumBytes() || !K.GetNumBytes())
return false;
BigNumber t1;
t1.SetBinary(lp.R1, 16);
SHA1Hash sha;
sha.Initialize();
sha.UpdateData(_login);
sha.UpdateBigNumbers(&t1, &_reconnectProof, &K, NULL);
sha.Finalize();
if (!memcmp(sha.GetDigest(), lp.R2, SHA_DIGEST_LENGTH)) {
// Sending response
ByteBuffer pkt;
pkt << (uint8) AUTH_RECONNECT_PROOF;
pkt << (uint8) 0x00;
pkt << (uint16) 0x00; // 2 bytes zeros
socket().send((char const*) pkt.contents(), pkt.size());
_authed = true;
return true;
} else {
sLog->outError("[ERROR] user %s tried to login, but session invalid.",
_login.c_str());
socket().shutdown();
return false;
}
}示例6: memset
// Make the SRP6 calculation from hash in dB
void AuthSocket::_SetVSFields(const std::string& rI)
{
s.SetRand(s_BYTE_SIZE * 8);
BigNumber I;
I.SetHexStr(rI.c_str());
// In case of leading zeros in the rI hash, restore them
uint8 mDigest[SHA_DIGEST_LENGTH];
memset(mDigest, 0, SHA_DIGEST_LENGTH);
if (I.GetNumBytes() <= SHA_DIGEST_LENGTH)
memcpy(mDigest, I.AsByteArray(), I.GetNumBytes());
std::reverse(mDigest, mDigest + SHA_DIGEST_LENGTH);
SHA1Hash sha;
sha.UpdateData(s.AsByteArray(), s.GetNumBytes());
sha.UpdateData(mDigest, SHA_DIGEST_LENGTH);
sha.Finalize();
BigNumber x;
x.SetBinary(sha.GetDigest(), sha.GetLength());
v = g.ModExp(x, N);
// No SQL injection (username escaped)
const char *v_hex, *s_hex;
v_hex = v.AsHexStr();
s_hex = s.AsHexStr();
LoginDatabase.PExecute("UPDATE account SET v = '%s', s = '%s' WHERE username = '%s'", v_hex, s_hex, _login.c_str());
OPENSSL_free((void*)v_hex);
OPENSSL_free((void*)s_hex);
}示例7: TC_LOG_DEBUG
bool AuthSession::HandleReconnectProof()
{
TC_LOG_DEBUG("server.authserver", "Entering _HandleReconnectProof");
sAuthReconnectProof_C *reconnectProof = reinterpret_cast<sAuthReconnectProof_C*>(GetReadBuffer().GetReadPointer());
if (_login.empty() || !_reconnectProof.GetNumBytes() || !K.GetNumBytes())
return false;
BigNumber t1;
t1.SetBinary(reconnectProof->R1, 16);
SHA1Hash sha;
sha.Initialize();
sha.UpdateData(_login);
sha.UpdateBigNumbers(&t1, &_reconnectProof, &K, NULL);
sha.Finalize();
if (!memcmp(sha.GetDigest(), reconnectProof->R2, SHA_DIGEST_LENGTH))
{
// Sending response
ByteBuffer pkt;
pkt << uint8(AUTH_RECONNECT_PROOF);
pkt << uint8(0x00);
pkt << uint16(0x00); // 2 bytes zeros
SendPacket(pkt);
_isAuthenticated = true;
return true;
}
else
{
TC_LOG_ERROR("server.authserver", "'%s:%d' [ERROR] user %s tried to login, but session is invalid.", GetRemoteIpAddress().to_string().c_str(),
GetRemotePort(), _login.c_str());
return false;
}
}示例8: defined
// Reconnect Proof command handler
bool AuthSocket::_HandleReconnectProof()
{
#if defined(ENABLE_EXTRAS) && defined(ENABLE_EXTRA_LOGS)
sLog->outDebug(LOG_FILTER_NETWORKIO, "Entering _HandleReconnectProof");
#endif
// Read the packet
sAuthReconnectProof_C lp;
if (!socket().recv((char *)&lp, sizeof(sAuthReconnectProof_C)))
return false;
_status = STATUS_CLOSED;
if (_login.empty() || !_reconnectProof.GetNumBytes() || !K.GetNumBytes())
return false;
BigNumber t1;
t1.SetBinary(lp.R1, 16);
SHA1Hash sha;
sha.Initialize();
sha.UpdateData(_login);
sha.UpdateBigNumbers(&t1, &_reconnectProof, &K, NULL);
sha.Finalize();
if (!memcmp(sha.GetDigest(), lp.R2, SHA_DIGEST_LENGTH))
{
// Sending response
ByteBuffer pkt;
pkt << uint8(AUTH_RECONNECT_PROOF);
pkt << uint8(0x00);
pkt << uint16(0x00); // 2 bytes zeros
socket().send((char const*)pkt.contents(), pkt.size());
///- Set _status to authed!
_status = STATUS_AUTHED;
return true;
}
else
{
sLog->outError("'%s:%d' [ERROR] user %s tried to login, but session is invalid.", socket().getRemoteAddress().c_str(), socket().getRemotePort(), _login.c_str());
socket().shutdown();
return false;
}
}示例9: PAIR64_LOPART
void WorldSocket::HandleAuthContinuedSession(WorldPackets::Auth::AuthContinuedSession& authSession)
{
uint32 accountId = PAIR64_LOPART(authSession.Key);
_type = ConnectionType(PAIR64_HIPART(authSession.Key));
PreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_ACCOUNT_INFO_CONTINUED_SESSION);
stmt->setUInt32(0, accountId);
PreparedQueryResult result = LoginDatabase.Query(stmt);
if (!result)
{
SendAuthResponseError(AUTH_UNKNOWN_ACCOUNT);
DelayedCloseSocket();
return;
}
Field* fields = result->Fetch();
std::string login = fields[0].GetString();
BigNumber k;
k.SetHexStr(fields[1].GetCString());
_authCrypt.Init(&k, _encryptSeed.AsByteArray().get(), _decryptSeed.AsByteArray().get());
_headerBuffer.Resize(SizeOfClientHeader[1][1]);
SHA1Hash sha;
sha.UpdateData(login);
sha.UpdateBigNumbers(&k, NULL);
sha.UpdateData((uint8*)&_authSeed, 4);
sha.Finalize();
if (memcmp(sha.GetDigest(), authSession.Digest, sha.GetLength()))
{
SendAuthResponseError(AUTH_UNKNOWN_ACCOUNT);
TC_LOG_ERROR("network", "WorldSocket::HandleAuthContinuedSession: Authentication failed for account: %u ('%s') address: %s", accountId, login.c_str(), GetRemoteIpAddress().to_string().c_str());
DelayedCloseSocket();
return;
}
sWorld->AddInstanceSocket(shared_from_this(), accountId);
}示例10: memset
// Make the SRP6 calculation from hash in dB
void AuthSocket::_SetVSFields(const std::string& rI)
{
s.SetRand(s_BYTE_SIZE * 8);
BigNumber I;
I.SetHexStr(rI.c_str());
// In case of leading zeros in the rI hash, restore them
uint8 mDigest[SHA_DIGEST_LENGTH];
memset(mDigest, 0, SHA_DIGEST_LENGTH);
if (I.GetNumBytes() <= SHA_DIGEST_LENGTH)
{
memcpy(mDigest, I.AsByteArray(), I.GetNumBytes());
}
std::reverse(mDigest, mDigest + SHA_DIGEST_LENGTH);
SHA1Hash sha;
sha.UpdateData(s.AsByteArray(), s.GetNumBytes());
sha.UpdateData(mDigest, SHA_DIGEST_LENGTH);
sha.Finalize();
BigNumber x;
x.SetBinary(sha.GetDigest(), sha.GetLength());
v = g.ModExp(x, N);
// No SQL injection (username escaped)
const char *v_hex, *s_hex;
v_hex = v.AsHexStr();
s_hex = s.AsHexStr();
PreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_UPD_VS);
stmt->setString(0, v_hex);
stmt->setString(1, s_hex);
stmt->setString(2, _login);
LoginDatabase.Execute(stmt);
OPENSSL_free((void*)v_hex);
OPENSSL_free((void*)s_hex);
}示例11: TC_LOG_DEBUG
// Reconnect Proof command handler
bool AuthSocket::_HandleReconnectProof()
{
TC_LOG_DEBUG(LOG_FILTER_AUTHSERVER, "Entering _HandleReconnectProof");
// Read the packet
sAuthReconnectProof_C lp;
if (!socket().recv((char *)&lp, sizeof(sAuthReconnectProof_C)))
return false;
if (_login.empty() || !_reconnectProof.GetNumBytes() || !K.GetNumBytes())
return false;
BigNumber t1;
t1.SetBinary(lp.R1, 16);
SHA1Hash sha;
sha.Initialize();
sha.UpdateData(_login);
sha.UpdateBigNumbers(&t1, &_reconnectProof, &K, NULL);
sha.Finalize();
if (!memcmp(sha.GetDigest(), lp.R2, SHA_DIGEST_LENGTH))
{
// Sending response
ByteBuffer pkt;
pkt << uint8(AUTH_RECONNECT_PROOF);
pkt << uint8(0x00);
pkt << uint16(0x00); // 2 bytes zeros
socket().send((char const*)pkt.contents(), pkt.size());
_authed = true;
return true;
}
else
{
TC_LOG_ERROR(LOG_FILTER_AUTHSERVER, "'%s:%d' [ERROR] user %s tried to login, but session is invalid.", socket().getRemoteAddress().c_str(), socket().getRemotePort(), _login.c_str());
socket().shutdown();
return false;
}
}示例12: TC_LOG_DEBUG
// Logon Proof command handler
bool AuthSession::_HandleLogonProof()
{
TC_LOG_DEBUG("server.authserver", "Entering _HandleLogonProof");
// Read the packet
sAuthLogonProof_C *logonProof = (sAuthLogonProof_C*)&_readBuffer;
// If the client has no valid version
if (_expversion == NO_VALID_EXP_FLAG)
{
// Check if we have the appropriate patch on the disk
TC_LOG_DEBUG("network", "Client with invalid version, patching is not implemented");
return false;
}
// Continue the SRP6 calculation based on data received from the client
BigNumber A;
A.SetBinary(logonProof->A, 32);
// SRP safeguard: abort if A == 0
if (A.isZero())
{
return false;
}
SHA1Hash sha;
sha.UpdateBigNumbers(&A, &B, NULL);
sha.Finalize();
BigNumber u;
u.SetBinary(sha.GetDigest(), 20);
BigNumber S = (A * (v.ModExp(u, N))).ModExp(b, N);
uint8 t[32];
uint8 t1[16];
uint8 vK[40];
memcpy(t, S.AsByteArray(32).get(), 32);
for (int i = 0; i < 16; ++i)
t1[i] = t[i * 2];
sha.Initialize();
sha.UpdateData(t1, 16);
sha.Finalize();
for (int i = 0; i < 20; ++i)
vK[i * 2] = sha.GetDigest()[i];
for (int i = 0; i < 16; ++i)
t1[i] = t[i * 2 + 1];
sha.Initialize();
sha.UpdateData(t1, 16);
sha.Finalize();
for (int i = 0; i < 20; ++i)
vK[i * 2 + 1] = sha.GetDigest()[i];
K.SetBinary(vK, 40);
uint8 hash[20];
sha.Initialize();
sha.UpdateBigNumbers(&N, NULL);
sha.Finalize();
memcpy(hash, sha.GetDigest(), 20);
sha.Initialize();
sha.UpdateBigNumbers(&g, NULL);
sha.Finalize();
for (int i = 0; i < 20; ++i)
hash[i] ^= sha.GetDigest()[i];
BigNumber t3;
t3.SetBinary(hash, 20);
sha.Initialize();
sha.UpdateData(_login);
sha.Finalize();
uint8 t4[SHA_DIGEST_LENGTH];
memcpy(t4, sha.GetDigest(), SHA_DIGEST_LENGTH);
sha.Initialize();
sha.UpdateBigNumbers(&t3, NULL);
sha.UpdateData(t4, SHA_DIGEST_LENGTH);
sha.UpdateBigNumbers(&s, &A, &B, &K, NULL);
sha.Finalize();
BigNumber M;
M.SetBinary(sha.GetDigest(), 20);
// Check if SRP6 results match (password is correct), else send an error
if (!memcmp(M.AsByteArray().get(), logonProof->M1, 20))
{
TC_LOG_DEBUG("server.authserver", "'%s:%d' User '%s' successfully authenticated", GetRemoteIpAddress().c_str(), GetRemotePort(), _login.c_str());
// Update the sessionkey, last_ip, last login time and reset number of failed logins in the account table for this account
// No SQL injection (escaped user name) and IP address as received by socket
const char *K_hex = K.AsHexStr();
//.........这里部分代码省略.........
示例13: socket
// Logon Proof command handler
bool AuthSocket::_HandleLogonProof()
{
sLog->outDebug(LOG_FILTER_AUTHSERVER, "Entering _HandleLogonProof");
// Read the packet
sAuthLogonProof_C lp;
if (!socket().recv((char *)&lp, sizeof(sAuthLogonProof_C)))
return false;
// Continue the SRP6 calculation based on data received from the client
BigNumber A;
A.SetBinary(lp.A, 32);
// SRP safeguard: abort if A == 0
if (A.isZero())
{
socket().shutdown();
return true;
}
SHA1Hash sha;
sha.UpdateBigNumbers(&A, &B, NULL);
sha.Finalize();
BigNumber u;
u.SetBinary(sha.GetDigest(), 20);
BigNumber S = (A * (v.ModExp(u, N))).ModExp(b, N);
uint8 t[32];
uint8 t1[16];
uint8 vK[40];
memcpy(t, S.AsByteArray(32), 32);
for (int i = 0; i < 16; ++i)
t1[i] = t[i * 2];
sha.Initialize();
sha.UpdateData(t1, 16);
sha.Finalize();
for (int i = 0; i < 20; ++i)
vK[i * 2] = sha.GetDigest()[i];
for (int i = 0; i < 16; ++i)
t1[i] = t[i * 2 + 1];
sha.Initialize();
sha.UpdateData(t1, 16);
sha.Finalize();
for (int i = 0; i < 20; ++i)
vK[i * 2 + 1] = sha.GetDigest()[i];
K.SetBinary(vK, 40);
uint8 hash[20];
sha.Initialize();
sha.UpdateBigNumbers(&N, NULL);
sha.Finalize();
memcpy(hash, sha.GetDigest(), 20);
sha.Initialize();
sha.UpdateBigNumbers(&g, NULL);
sha.Finalize();
for (int i = 0; i < 20; ++i)
hash[i] ^= sha.GetDigest()[i];
BigNumber t3;
t3.SetBinary(hash, 20);
sha.Initialize();
sha.UpdateData(_login);
sha.Finalize();
uint8 t4[SHA_DIGEST_LENGTH];
memcpy(t4, sha.GetDigest(), SHA_DIGEST_LENGTH);
sha.Initialize();
sha.UpdateBigNumbers(&t3, NULL);
sha.UpdateData(t4, SHA_DIGEST_LENGTH);
sha.UpdateBigNumbers(&s, &A, &B, &K, NULL);
sha.Finalize();
BigNumber M;
M.SetBinary(sha.GetDigest(), 20);
// Check if SRP6 results match (password is correct), else send an error
if (!memcmp(M.AsByteArray(), lp.M1, 20))
{
sLog->outDebug(LOG_FILTER_AUTHSERVER, "'%s:%d' User '%s' successfully authenticated", socket().getRemoteAddress().c_str(), socket().getRemotePort(), _login.c_str());
// Update the sessionkey, last_ip, last login time and reset number of failed logins in the account table for this account
// No SQL injection (escaped user name) and IP address as received by socket
const char *K_hex = K.AsHexStr();
PreparedStatement *stmt = LoginDatabase.GetPreparedStatement(LOGIN_UPD_LOGONPROOF);
stmt->setString(0, K_hex);
stmt->setString(1, socket().getRemoteAddress().c_str());
stmt->setUInt32(2, GetLocaleByName(_localizationName));
stmt->setString(3, _os);
//.........这里部分代码省略.........
示例14: socket
// Logon Proof command handler
bool AuthSocket::_HandleLogonProof()
{
sLog->outStaticDebug("Entering _HandleLogonProof");
// Read the packet
sAuthLogonProof_C lp;
if (!socket().recv((char *)&lp, sizeof(sAuthLogonProof_C)))
return false;
// If the client has no valid version
if (_expversion == NO_VALID_EXP_FLAG)
{
// Check if we have the appropriate patch on the disk
sLog->outDebug(LOG_FILTER_NETWORKIO, "Client with invalid version, patching is not implemented");
socket().shutdown();
return true;
}
// Continue the SRP6 calculation based on data received from the client
BigNumber A;
A.SetBinary(lp.A, 32);
// SRP safeguard: abort if A == 0
if (A.isZero())
{
socket().shutdown();
return true;
}
SHA1Hash sha;
sha.UpdateBigNumbers(&A, &B, NULL);
sha.Finalize();
BigNumber u;
u.SetBinary(sha.GetDigest(), 20);
BigNumber S = (A * (v.ModExp(u, N))).ModExp(b, N);
uint8 t[32];
uint8 t1[16];
uint8 vK[40];
memcpy(t, S.AsByteArray(32), 32);
for (int i = 0; i < 16; ++i)
t1[i] = t[i * 2];
sha.Initialize();
sha.UpdateData(t1, 16);
sha.Finalize();
for (int i = 0; i < 20; ++i)
vK[i * 2] = sha.GetDigest()[i];
for (int i = 0; i < 16; ++i)
t1[i] = t[i * 2 + 1];
sha.Initialize();
sha.UpdateData(t1, 16);
sha.Finalize();
for (int i = 0; i < 20; ++i)
vK[i * 2 + 1] = sha.GetDigest()[i];
K.SetBinary(vK, 40);
uint8 hash[20];
sha.Initialize();
sha.UpdateBigNumbers(&N, NULL);
sha.Finalize();
memcpy(hash, sha.GetDigest(), 20);
sha.Initialize();
sha.UpdateBigNumbers(&g, NULL);
sha.Finalize();
for (int i = 0; i < 20; ++i)
hash[i] ^= sha.GetDigest()[i];
BigNumber t3;
t3.SetBinary(hash, 20);
sha.Initialize();
sha.UpdateData(_login);
sha.Finalize();
uint8 t4[SHA_DIGEST_LENGTH];
memcpy(t4, sha.GetDigest(), SHA_DIGEST_LENGTH);
sha.Initialize();
sha.UpdateBigNumbers(&t3, NULL);
sha.UpdateData(t4, SHA_DIGEST_LENGTH);
sha.UpdateBigNumbers(&s, &A, &B, &K, NULL);
sha.Finalize();
BigNumber M;
M.SetBinary(sha.GetDigest(), 20);
// Check if SRP6 results match (password is correct), else send an error
if (!memcmp(M.AsByteArray(), lp.M1, 20))
{
sLog->outBasic("User '%s' successfully authenticated", _login.c_str());
//.........这里部分代码省略.........
示例15: SendAuthResponseError
void WorldSocket::HandleAuthSessionCallback(std::shared_ptr<AuthSession> authSession, PreparedQueryResult result)
{
// Stop if the account is not found
if (!result)
{
// We can not log here, as we do not know the account. Thus, no accountId.
SendAuthResponseError(AUTH_UNKNOWN_ACCOUNT);
TC_LOG_ERROR("network", "WorldSocket::HandleAuthSession: Sent Auth Response (unknown account).");
DelayedCloseSocket();
return;
}
AccountInfo account(result->Fetch());
// For hook purposes, we get Remoteaddress at this point.
std::string address = GetRemoteIpAddress().to_string();
// As we don't know if attempted login process by ip works, we update last_attempt_ip right away
PreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_UPD_LAST_ATTEMPT_IP);
stmt->setString(0, address);
stmt->setString(1, authSession->Account);
LoginDatabase.Execute(stmt);
// This also allows to check for possible "hack" attempts on account
// even if auth credentials are bad, try using the session key we have - client cannot read auth response error without it
_authCrypt.Init(&account.SessionKey);
// First reject the connection if packet contains invalid data or realm state doesn't allow logging in
if (sWorld->IsClosed())
{
SendAuthResponseError(AUTH_REJECT);
TC_LOG_ERROR("network", "WorldSocket::HandleAuthSession: World closed, denying client (%s).", GetRemoteIpAddress().to_string().c_str());
DelayedCloseSocket();
return;
}
if (authSession->RealmID != realmID)
{
SendAuthResponseError(REALM_LIST_REALM_NOT_FOUND);
TC_LOG_ERROR("network", "WorldSocket::HandleAuthSession: Sent Auth Response (bad realm).");
DelayedCloseSocket();
return;
}
// Must be done before WorldSession is created
bool wardenActive = sWorld->getBoolConfig(CONFIG_WARDEN_ENABLED);
if (wardenActive && account.OS != "Win" && account.OS != "OSX")
{
SendAuthResponseError(AUTH_REJECT);
TC_LOG_ERROR("network", "WorldSocket::HandleAuthSession: Client %s attempted to log in using invalid client OS (%s).", address.c_str(), account.OS.c_str());
DelayedCloseSocket();
return;
}
// Check that Key and account name are the same on client and server
uint32 t = 0;
SHA1Hash sha;
sha.UpdateData(authSession->Account);
sha.UpdateData((uint8*)&t, 4);
sha.UpdateData((uint8*)&authSession->LocalChallenge, 4);
sha.UpdateData((uint8*)&_authSeed, 4);
sha.UpdateBigNumbers(&account.SessionKey, NULL);
sha.Finalize();
if (memcmp(sha.GetDigest(), authSession->Digest, SHA_DIGEST_LENGTH) != 0)
{
SendAuthResponseError(AUTH_FAILED);
TC_LOG_ERROR("network", "WorldSocket::HandleAuthSession: Authentication failed for account: %u ('%s') address: %s", account.Id, authSession->Account.c_str(), address.c_str());
DelayedCloseSocket();
return;
}
///- Re-check ip locking (same check as in auth).
if (account.IsLockedToIP)
{
if (account.LastIP != address)
{
SendAuthResponseError(AUTH_FAILED);
TC_LOG_DEBUG("network", "WorldSocket::HandleAuthSession: Sent Auth Response (Account IP differs. Original IP: %s, new IP: %s).", account.LastIP.c_str(), address.c_str());
// We could log on hook only instead of an additional db log, however action logger is config based. Better keep DB logging as well
sScriptMgr->OnFailedAccountLogin(account.Id);
DelayedCloseSocket();
return;
}
}
else if (!account.LockCountry.empty() && account.LockCountry != "00" && !_ipCountry.empty())
{
if (account.LockCountry != _ipCountry)
{
SendAuthResponseError(AUTH_FAILED);
TC_LOG_DEBUG("network", "WorldSocket::HandleAuthSession: Sent Auth Response (Account country differs. Original country: %s, new country: %s).", account.LockCountry.c_str(), _ipCountry.c_str());
// We could log on hook only instead of an additional db log, however action logger is config based. Better keep DB logging as well
sScriptMgr->OnFailedAccountLogin(account.Id);
DelayedCloseSocket();
return;
}
}
int64 mutetime = account.MuteTime;
//.........这里部分代码省略.........