Home Explore Help
Sign In
oversu
/
fRO_french_translation_rAthena
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Fixed login_check_password (#8052)

Fixes #8043

Thanks to @LasherasGH
Lemongrass3110 1 year ago
parent
79ea192032
commit
e3a3bfc868
3 changed files with 45 additions and 35 deletions
Unified View Show Diff Stats
  1. 4 6
      src/common/md5calc.cpp
  2. 3 1
      src/common/md5calc.hpp
  3. 38 28
      src/login/login.cpp

+ 4 - 6
src/common/md5calc.cpp
View File 

@@ -235,10 +235,8 @@ void MD5_String(const char * string, char * output)
 
 }
 
 }
 
 
 
 /** output is a sequence of non-zero characters to be used as password salt. */
 
 /** output is a sequence of non-zero characters to be used as password salt. */
 
-void MD5_Salt(unsigned int len, char * output)
 
-{
 
-	unsigned int i;
 
-	for( i = 0; i < len; ++i )
 
-		output[i] = (char)(1 + rnd() % 255);
 
-
 
+void MD5_Salt( size_t len, char* output ){
 
+	for( size_t i = 0; i < len; ++i ){
 
+		output[i] = static_cast<char>( rnd_value( 1, 255 ) );
 
+	}
 
 }
 
 }

+ 3 - 1
src/common/md5calc.hpp
View File 

@@ -4,8 +4,10 @@
 
 #ifndef MD5CALC_HPP
 
 #ifndef MD5CALC_HPP
 
 #define MD5CALC_HPP
 
 #define MD5CALC_HPP
 
 
 
+#include "cbasetypes.hpp"
 
+
 
 void MD5_String(const char * string, char * output);
 
 void MD5_String(const char * string, char * output);
 
 void MD5_Binary(const char * string, unsigned char * output);
 
 void MD5_Binary(const char * string, unsigned char * output);
 
-void MD5_Salt(unsigned int len, char * output);
 
+void MD5_Salt(size_t len, char * output);
 
 
 
 #endif /* MD5CALC_HPP */
 
 #endif /* MD5CALC_HPP */

+ 38 - 28
src/login/login.cpp
View File 

@@ -56,7 +56,7 @@ int subnet_count = 0; //number of subnet config
 
 int login_fd; // login server file descriptor socket
 
 int login_fd; // login server file descriptor socket
 
 
 
 //early declaration
 
 //early declaration
 
-bool login_check_password(const char* md5key, int passwdenc, const char* passwd, const char* refpass);
 
+bool login_check_password( struct login_session_data& sd, struct mmo_account& acc );
 
 
 
 ///Accessors
 
 ///Accessors
 
 AccountDB* login_get_accounts_db(void){
 
 AccountDB* login_get_accounts_db(void){
 
@@ -345,7 +345,7 @@ int login_mmo_auth(struct login_session_data* sd, bool isServer) {
 
 		return 0; // 0 = Unregistered ID
 
 		return 0; // 0 = Unregistered ID
 
 	}
 
 	}
 
 
 
-	if( !login_check_password(sd->md5key, sd->passwdenc, sd->passwd, acc.pass) ) {
 
+	if( !login_check_password( *sd, acc ) ) {
 
 		ShowNotice("Invalid password (account: '%s', ip: %s)\n", sd->userid, ip);
 
 		ShowNotice("Invalid password (account: '%s', ip: %s)\n", sd->userid, ip);
 
 		return 1; // 1 = Incorrect Password
 
 		return 1; // 1 = Incorrect Password
 
 	}
 
 	}
 
@@ -426,24 +426,6 @@ int login_mmo_auth(struct login_session_data* sd, bool isServer) {
 
 	return -1; // account OK
 
 	return -1; // account OK
 
 }
 
 }
 
 
 
-/**
 
- * Sub function of login_check_password.
 
- *  Checking if password matches the one in db hashed with client md5key.
 
- *  Test if(md5(str1+str2)==passwd).
 
- * @param str1: string (atm:md5key or dbpass)
 
- * @param str2: string (atm:md5key or dbpass)
 
- * @param passwd: pass to check
 
- * @return true if matching else false
 
- */
 
-bool login_check_encrypted(const char* str1, const char* str2, const char* passwd) {
 
-	char tmpstr[64+1], md5str[32+1];
 
-
 
-	safesnprintf(tmpstr, sizeof(tmpstr), "%s%s", str1, str2);
 
-	MD5_String(tmpstr, md5str);
 
-
 
-	return (0==strcmp(passwd, md5str));
 
-}
 
-
 
 /**
 
 /**
 
  * Verify if a password is correct.
 
  * Verify if a password is correct.
 
  * @param md5key: md5key of client
 
  * @param md5key: md5key of client
 
@@ -452,16 +434,44 @@ bool login_check_encrypted(const char* str1, const char* str2, const char* passw
 
  * @param refpass: pass register in db
 
  * @param refpass: pass register in db
 
  * @return true if matching else false
 
  * @return true if matching else false
 
  */
 
  */
 
-bool login_check_password(const char* md5key, int passwdenc, const char* passwd, const char* refpass) {
 
-	if(passwdenc == 0){
 
-		return (0==strcmp(passwd, refpass));
 
+bool login_check_password( struct login_session_data& sd, struct mmo_account& acc ){
 
+	if( sd.passwdenc == 0 ){
 
+		return 0 == strcmp( sd.passwd, acc.pass );
 
+	}
 
+
 
+	// password mode set to 1 -> md5(md5key, refpass) enable with <passwordencrypt></passwordencrypt>
 
+	if( sd.passwdenc & 0x01 ){
 
+		std::string pwd;
 
+
 
+		pwd.append( sd.md5key, sd.md5keylen );
 
+		pwd.append( acc.pass );
 
+
 
+		char md5str[32 + 1];
 
+
 
+		MD5_String( pwd.c_str(), md5str );
 
+
 
+		if( 0 == strcmp( sd.passwd, md5str ) ){
 
+			return true;
 
+		}
 
 	}
 
 	}
 
-	else {
 
-		// password mode set to 1 -> md5(md5key, refpass) enable with <passwordencrypt></passwordencrypt>
 
-		// password mode set to 2 -> md5(refpass, md5key) enable with <passwordencrypt2></passwordencrypt2>
 
-		return ((passwdenc&0x01) && login_check_encrypted(md5key, refpass, passwd)) ||
 
-		       ((passwdenc&0x02) && login_check_encrypted(refpass, md5key, passwd));
 
+
 
+	// password mode set to 2 -> md5(refpass, md5key) enable with <passwordencrypt2></passwordencrypt2>
 
+	if( sd.passwdenc & 0x02 ){
 
+		std::string pwd;
 
+
 
+		pwd.append( acc.pass );
 
+		pwd.append( sd.md5key, sd.md5keylen );
 
+
 
+		char md5str[32 + 1];
 
+
 
+		MD5_String( pwd.c_str(), md5str );
 
+
 
+		if( 0 == strcmp( sd.passwd, md5str ) ){
 
+			return true;
 
+		}
 
 	}
 
 	}
 
+
 
+	return false;
 
 }
 
 }
 
 
 
 int login_get_usercount( int users ){
 
 int login_get_usercount( int users ){