Mirroristas/rathena
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fixed login_check_password (#8052)

Browse Source 
Fixes #8043

Thanks to @LasherasGH
This commit is contained in:
Lemongrass3110 2023-12-28 23:56:23 +01:00 committed by GitHub
parent 79ea192032
commit e3a3bfc868
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 45 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/common/md5calc.cpp
View File

@ -235,10 +235,8 @@ void MD5_String(const char * string, char * output)
} }
/** output is a sequence of non-zero characters to be used as password salt. */ /** output is a sequence of non-zero characters to be used as password salt. */
void MD5_Salt(unsigned int len, char * output) void MD5_Salt( size_t len, char* output ){
{ for( size_t i = 0; i < len; ++i ){
unsigned int i; output[i] = static_cast<char>( rnd_value( 1, 255 ) );
for( i = 0; i < len; ++i ) }
output[i] = (char)(1 + rnd() % 255);
} }

4
src/common/md5calc.hpp
View File

@ -4,8 +4,10 @@
#ifndef MD5CALC_HPP #ifndef MD5CALC_HPP
#define MD5CALC_HPP #define MD5CALC_HPP
#include "cbasetypes.hpp"
void MD5_String(const char * string, char * output); void MD5_String(const char * string, char * output);
void MD5_Binary(const char * string, unsigned char * output); void MD5_Binary(const char * string, unsigned char * output);
void MD5_Salt(unsigned int len, char * output); void MD5_Salt(size_t len, char * output);
#endif /* MD5CALC_HPP */ #endif /* MD5CALC_HPP */

66
src/login/login.cpp
View File

@ -56,7 +56,7 @@ int subnet_count = 0; //number of subnet config
int login_fd; // login server file descriptor socket int login_fd; // login server file descriptor socket
//early declaration //early declaration
bool login_check_password(const char* md5key, int passwdenc, const char* passwd, const char* refpass); bool login_check_password( struct login_session_data& sd, struct mmo_account& acc );
///Accessors ///Accessors
AccountDB* login_get_accounts_db(void){ AccountDB* login_get_accounts_db(void){
@ -345,7 +345,7 @@ int login_mmo_auth(struct login_session_data* sd, bool isServer) {
return 0; // 0 = Unregistered ID return 0; // 0 = Unregistered ID
} }
if( !login_check_password(sd->md5key, sd->passwdenc, sd->passwd, acc.pass) ) { if( !login_check_password( *sd, acc ) ) {
ShowNotice("Invalid password (account: '%s', ip: %s)\n", sd->userid, ip); ShowNotice("Invalid password (account: '%s', ip: %s)\n", sd->userid, ip);
return 1; // 1 = Incorrect Password return 1; // 1 = Incorrect Password
} }
@ -426,24 +426,6 @@ int login_mmo_auth(struct login_session_data* sd, bool isServer) {
return -1; // account OK return -1; // account OK
} }
/**
* Sub function of login_check_password.
* Checking if password matches the one in db hashed with client md5key.
* Test if(md5(str1+str2)==passwd).
* @param str1: string (atm:md5key or dbpass)
* @param str2: string (atm:md5key or dbpass)
* @param passwd: pass to check
* @return true if matching else false
*/
bool login_check_encrypted(const char* str1, const char* str2, const char* passwd) {
char tmpstr[64+1], md5str[32+1];
safesnprintf(tmpstr, sizeof(tmpstr), "%s%s", str1, str2);
MD5_String(tmpstr, md5str);
return (0==strcmp(passwd, md5str));
}
/** /**
* Verify if a password is correct. * Verify if a password is correct.
* @param md5key: md5key of client * @param md5key: md5key of client
@ -452,16 +434,44 @@ bool login_check_encrypted(const char* str1, const char* str2, const char* passw
* @param refpass: pass register in db * @param refpass: pass register in db
* @return true if matching else false * @return true if matching else false
*/ */
bool login_check_password(const char* md5key, int passwdenc, const char* passwd, const char* refpass) { bool login_check_password( struct login_session_data& sd, struct mmo_account& acc ){
if(passwdenc == 0){ if( sd.passwdenc == 0 ){
return (0==strcmp(passwd, refpass)); return 0 == strcmp( sd.passwd, acc.pass );
} }
else {
// password mode set to 1 -> md5(md5key, refpass) enable with <passwordencrypt></passwordencrypt> // password mode set to 1 -> md5(md5key, refpass) enable with <passwordencrypt></passwordencrypt>
// password mode set to 2 -> md5(refpass, md5key) enable with <passwordencrypt2></passwordencrypt2> if( sd.passwdenc & 0x01 ){
return ((passwdenc&0x01) && login_check_encrypted(md5key, refpass, passwd)) || std::string pwd;
((passwdenc&0x02) && login_check_encrypted(refpass, md5key, passwd));
pwd.append( sd.md5key, sd.md5keylen );
pwd.append( acc.pass );
char md5str[32 + 1];
MD5_String( pwd.c_str(), md5str );
if( 0 == strcmp( sd.passwd, md5str ) ){
return true;
}
} }
// password mode set to 2 -> md5(refpass, md5key) enable with <passwordencrypt2></passwordencrypt2>
if( sd.passwdenc & 0x02 ){
std::string pwd;
pwd.append( acc.pass );
pwd.append( sd.md5key, sd.md5keylen );
char md5str[32 + 1];
MD5_String( pwd.c_str(), md5str );
if( 0 == strcmp( sd.passwd, md5str ) ){
return true;
}
}
return false;
} }
int login_get_usercount( int users ){ int login_get_usercount( int users ){