Drop sha_pass_hash from account database.

Credits to cmangos. cmangos/mangos-classic@62b5e82 cmangos/mangos-classic@f32b2b7 cmangos/mangos-classic@daedec0 cmangos/mangos-classic@af884f8 cmangos/mangos-classic@e0352ec cmangos/mangos-classic@f0c4bb5 Account creation template: https://github.com/masterking32/WoWSimpleRegistration
vmangos · May 19, 2021 · bbebe20 · bbebe20
1 parent b93fdf1
commit bbebe20
Show file tree

Hide file tree

Showing 10 changed files with 450 additions and 165 deletions.
diff --git a/sql/migrations/20210519212944_logon.sql b/sql/migrations/20210519212944_logon.sql
@@ -0,0 +1,21 @@
+DROP PROCEDURE IF EXISTS add_migration;
+delimiter ??
+CREATE PROCEDURE `add_migration`()
+BEGIN
+DECLARE v INT DEFAULT 1;
+SET v = (SELECT COUNT(*) FROM `migrations` WHERE `id`='20210519212944');
+IF v=0 THEN
+INSERT INTO `migrations` VALUES ('20210519212944');
+-- Add your query below.
+
+
+ALTER TABLE `account`
+	DROP COLUMN `sha_pass_hash`;
+
+
+-- End of migration.
+END IF;
+END??
+delimiter ; 
+CALL add_migration();
+DROP PROCEDURE IF EXISTS add_migration;
diff --git a/src/game/AccountMgr.cpp b/src/game/AccountMgr.cpp
@@ -31,7 +31,7 @@
 #include "WorldSession.h"
 #include "MasterPlayer.h"
 #include "Anticheat.h"
-
+#include "SRP6/SRP6.h"
 
 INSTANTIATE_SINGLETON_1(AccountMgr);
 
@@ -54,11 +54,24 @@ AccountOpResult AccountMgr::CreateAccount(std::string username, std::string pass
         return AOR_NAME_ALREDY_EXIST;                       // username does already exist
     }
 
-    if (!LoginDatabase.PExecute("INSERT INTO `account` (`username`, `sha_pass_hash`, `joindate`) VALUES('%s','%s',NOW())", username.c_str(), CalculateShaPassHash(username, password).c_str()))
+    SRP6 srp;
+    srp.CalculateVerifier(CalculateShaPassHash(username, password));
+    const char* s_hex = srp.GetSalt().AsHexStr();
+    const char* v_hex = srp.GetVerifier().AsHexStr();
+
+    bool update_sv = LoginDatabase.PExecute(
+        "INSERT INTO account(`username`, `v`, `s`, `joindate`) VALUES('%s','%s','%s',NOW())",
+        username.c_str(), v_hex, s_hex);
+
+    OPENSSL_free((void*)s_hex);
+    OPENSSL_free((void*)v_hex);
+
+    if (!update_sv)
         return AOR_DB_INTERNAL_ERROR;                       // unexpected error
-    LoginDatabase.Execute("INSERT INTO `realmcharacters` (`realmid`, `acctid`, `numchars`) SELECT `realmlist`.`id`, `account`.`id`, 0 FROM `realmlist`,`account` LEFT JOIN `realmcharacters` ON `acctid`=`account`.`id` WHERE `acctid` IS NULL");
+    LoginDatabase.Execute(
+        "INSERT INTO `realmcharacters` (`realmid`, `acctid`, `numchars`) SELECT `realmlist`.`id`, `account`.`id`, 0 FROM `realmlist`, `account` LEFT JOIN `realmcharacters` ON `acctid`=`account`.`id` WHERE `acctid` IS NULL");
 
-    return AOR_OK;                                          // everything's fine
+    return AOR_OK;                                          // everything's fine                                        // everything's fine
 }
 
 AccountOpResult AccountMgr::DeleteAccount(uint32 accid)
@@ -121,11 +134,24 @@ AccountOpResult AccountMgr::ChangeUsername(uint32 accid, std::string new_uname,
     normalizeString(new_uname);
     normalizeString(new_passwd);
 
+    SRP6 srp;
+
+    srp.CalculateVerifier(CalculateShaPassHash(new_uname, new_passwd));
+
     std::string safe_new_uname = new_uname;
     LoginDatabase.escape_string(safe_new_uname);
 
-    if (!LoginDatabase.PExecute("UPDATE `account` SET `v`='0', `s`='0', `username`='%s', `sha_pass_hash`='%s' WHERE `id`='%u'", safe_new_uname.c_str(),
-                                CalculateShaPassHash(new_uname, new_passwd).c_str(), accid))
+    const char* s_hex = srp.GetSalt().AsHexStr();
+    const char* v_hex = srp.GetVerifier().AsHexStr();
+
+    bool update_sv = LoginDatabase.PExecute(
+        "UPDATE `account` SET `v`='%s', `s`='%s', `username`='%s' WHERE `id`='%u'",
+        v_hex, s_hex, safe_new_uname.c_str(), accid);
+
+    OPENSSL_free((void*)s_hex);
+    OPENSSL_free((void*)v_hex);
+
+    if (!update_sv)
         return AOR_DB_INTERNAL_ERROR;                       // unexpected error
 
     return AOR_OK;
@@ -146,9 +172,22 @@ AccountOpResult AccountMgr::ChangePassword(uint32 accid, std::string new_passwd,
 
     normalizeString(new_passwd);
 
+    SRP6 srp;
+
+    srp.CalculateVerifier(CalculateShaPassHash(username, new_passwd));
+
+    const char* s_hex = srp.GetSalt().AsHexStr();
+    const char* v_hex = srp.GetVerifier().AsHexStr();
+
+    bool update_sv = LoginDatabase.PExecute(
+        "UPDATE `account` SET `v`='%s', `s`='%s' WHERE `id`='%u'",
+        v_hex, s_hex, accid);
+
+    OPENSSL_free((void*)s_hex);
+    OPENSSL_free((void*)v_hex);
+
     // also reset s and v to force update at next realmd login
-    if (!LoginDatabase.PExecute("UPDATE `account` SET `v`='0', `s`='0', `sha_pass_hash`='%s' WHERE `id`='%u'",
-                                CalculateShaPassHash(username, new_passwd).c_str(), accid))
+    if (!update_sv)
         return AOR_DB_INTERNAL_ERROR;                       // unexpected error
 
     return AOR_OK;
@@ -273,11 +312,22 @@ bool AccountMgr::CheckPassword(uint32 accid, std::string passwd, std::string use
 
     normalizeString(passwd);
 
-    QueryResult* result = LoginDatabase.PQuery("SELECT 1 FROM `account` WHERE `id`='%u' AND `sha_pass_hash`='%s'", accid, CalculateShaPassHash(username, passwd).c_str());
+    QueryResult* result = LoginDatabase.PQuery("SELECT `s`, `v` FROM `account` WHERE `id`='%u'", accid);
     if (result)
     {
+        Field* fields = result->Fetch();
+        SRP6 srp;
+
+        bool calcv = srp.CalculateVerifier(
+            CalculateShaPassHash(username, passwd), fields[0].GetCppString().c_str());
+
+        if (calcv && srp.ProofVerifier(fields[1].GetCppString()))
+        {
+            delete result;
+            return true;
+        }
+
         delete result;
-        return true;
     }
 
     return false;