Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions src/common/length.h
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ enum EMisc
EMPIRE_MAX_NUM = 4,
BANWORD_MAX_LEN = 24,
SOCIAL_ID_MAX_LEN = 18,
HASH_MAX_LEN = 255,

GUILD_NAME_MAX_LEN = 12,

Expand Down
2 changes: 1 addition & 1 deletion src/common/tables.h
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,7 @@ typedef struct SAccountTable
{
uint32_t id;
char login[LOGIN_MAX_LEN + 1];
char passwd[PASSWD_MAX_LEN + 1];
char passwd[HASH_MAX_LEN + 1];
char social_id[SOCIAL_ID_MAX_LEN + 1];
char status[ACCOUNT_STATUS_MAX_LEN + 1];
uint8_t bEmpire;
Expand Down
1 change: 1 addition & 0 deletions src/db/CMakeLists.txt
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ target_link_libraries(db

# external
mariadbclient
sodium
)

if (WIN32)
Expand Down
7 changes: 7 additions & 0 deletions src/db/Main.cpp
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
#include "stdafx.h"
#include <sodium.h>
#include "Config.h"
#include "Peer.h"
#include "DBManager.h"
Expand Down Expand Up @@ -60,6 +61,12 @@ int main()
{
log_init();

if (sodium_init() < 0)
{
fprintf(stderr, "Could not initialize libsodium\n");
return 1;
}

WriteVersion();

#ifdef OS_FREEBSD
Expand Down
22 changes: 8 additions & 14 deletions src/game/db.cpp
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
#include "stdafx.h"
#include <sodium.h>
#include <sstream>
#include "common/length.h"

Expand Down Expand Up @@ -265,9 +266,8 @@ void DBManager::AnalyzeReturnQuery(SQLMsg * pMsg)
MYSQL_ROW row = mysql_fetch_row(pMsg->Get()->pSQLResult);
int col = 0;

// PASSWORD('%s'), password, securitycode, social_id, id, status
char szEncrytPassword[45 + 1];
char szPassword[45 + 1];
// password, social_id, id, status
char szPassword[crypto_pwhash_STRBYTES];
char szSocialID[SOCIAL_ID_MAX_LEN + 1];
char szStatus[ACCOUNT_STATUS_MAX_LEN + 1];
DWORD dwID = 0;
Expand All @@ -279,15 +279,6 @@ void DBManager::AnalyzeReturnQuery(SQLMsg * pMsg)
break;
}

strlcpy(szEncrytPassword, row[col++], sizeof(szEncrytPassword));

if (!row[col])
{
sys_err("error column %d", col);
M2_DELETE(pinfo);
break;
}

strlcpy(szPassword, row[col++], sizeof(szPassword));

if (!row[col])
Expand Down Expand Up @@ -360,7 +351,10 @@ void DBManager::AnalyzeReturnQuery(SQLMsg * pMsg)
}
}

int nPasswordDiff = strcmp(szEncrytPassword, szPassword);
int nPasswordDiff = crypto_pwhash_str_verify(szPassword, pinfo->passwd, strlen(pinfo->passwd));

// Wipe clear text password immediately
sodium_memzero(pinfo->passwd, sizeof(pinfo->passwd));

if (nPasswordDiff)
{
Expand Down Expand Up @@ -409,7 +403,7 @@ void DBManager::AnalyzeReturnQuery(SQLMsg * pMsg)

r.id = dwID;
trim_and_lower(pinfo->login, r.login, sizeof(r.login));
strlcpy(r.passwd, pinfo->passwd, sizeof(r.passwd));
strlcpy(r.passwd, "TEMP", sizeof(r.passwd));
strlcpy(r.social_id, szSocialID, sizeof(r.social_id));
DESC_MANAGER::instance().ConnectAccount(r.login, d);
ClearLoginFailure(d->GetHostName());
Expand Down
11 changes: 4 additions & 7 deletions src/game/input_auth.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -236,9 +236,6 @@ void CInputAuth::Login(LPDESC d, const char * c_pData)
TPacketCGLogin3 * p = M2_NEW TPacketCGLogin3;
thecore_memcpy(p, pinfo, sizeof(TPacketCGLogin3));

char szPasswd[PASSWD_MAX_LEN * 2 + 1];
DBManager::instance().EscapeString(szPasswd, sizeof(szPasswd), passwd, strlen(passwd));

char szLogin[LOGIN_MAX_LEN * 2 + 1];
DBManager::instance().EscapeString(szLogin, sizeof(szLogin), login, strlen(login));

Expand All @@ -248,7 +245,7 @@ void CInputAuth::Login(LPDESC d, const char * c_pData)
sys_log(0, "ChannelServiceLogin [%s]", szLogin);

DBManager::instance().ReturnQuery(QID_AUTH_LOGIN, dwKey, p,
"SELECT '%s',password,social_id,id,status,availDt - NOW() > 0,"
"SELECT password,social_id,id,status,availDt - NOW() > 0,"
"UNIX_TIMESTAMP(silver_expire),"
"UNIX_TIMESTAMP(gold_expire),"
"UNIX_TIMESTAMP(safebox_expire),"
Expand All @@ -259,13 +256,13 @@ void CInputAuth::Login(LPDESC d, const char * c_pData)
"UNIX_TIMESTAMP(create_time)"
" FROM account WHERE login='%s'",

szPasswd, szLogin);
szLogin);
}
// END_OF_CHANNEL_SERVICE_LOGIN
else
{
DBManager::instance().ReturnQuery(QID_AUTH_LOGIN, dwKey, p,
"SELECT PASSWORD('%s'),password,social_id,id,status,availDt - NOW() > 0,"
"SELECT password,social_id,id,status,availDt - NOW() > 0,"
"UNIX_TIMESTAMP(silver_expire),"
"UNIX_TIMESTAMP(gold_expire),"
"UNIX_TIMESTAMP(safebox_expire),"
Expand All @@ -275,7 +272,7 @@ void CInputAuth::Login(LPDESC d, const char * c_pData)
"UNIX_TIMESTAMP(money_drop_rate_expire),"
"UNIX_TIMESTAMP(create_time)"
" FROM account WHERE login='%s'",
szPasswd, szLogin);
szLogin);
}
}

Expand Down
7 changes: 7 additions & 0 deletions src/game/main.cpp
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
#include "stdafx.h"
#include <sodium.h>
#include "constants.h"
#include "config.h"
#include "event.h"
Expand Down Expand Up @@ -516,6 +517,12 @@ int start(int argc, char **argv)
config_init(st_localeServiceName);
// END_OF_LOCALE_SERVICE

if (sodium_init() < 0)
{
fprintf(stderr, "Could not initialize libsodium\n");
exit(0);
}

#ifdef OS_WINDOWS
// In Windows dev mode, "verbose" option is [on] by default.
bVerbose = true;
Expand Down