Argon2ID improvements

2024-06-01 14:34:27 +03:00 · 2024-06-01 14:34:27 +03:00 · 6d65fae7e4
parent 8ed1e7879e
commit 6d65fae7e4
5 changed files with 12 additions and 47 deletions
--- a/src/game/src/db.cpp
+++ b/src/game/src/db.cpp
@ -1,21 +1,19 @@
 #include "stdafx.h"
 #include <sstream>
 #include <common/length.h>
+#include <argon2.h>

 #include "db.h"
-
 #include "config.h"
 #include "desc_client.h"
 #include "desc_manager.h"
 #include "char.h"
 #include "char_manager.h"
 #include "item.h"
-#include "item_manager.h"
 #include "p2p.h"
 #include "matrix_card.h"
 #include "log.h"
 #include "login_data.h"
-#include "locale_service.h"
 #include "spam.h"

 extern std::string g_stBlockDate;
@ -275,8 +273,8 @@ void DBManager::AnalyzeReturnQuery(SQLMsg * pMsg)

 				if (pMsg->Get()->uiNumRows == 0)
 				{
-                    SPDLOG_DEBUG("   NOID");
-                    LoginFailure(d, "NOID");
+                    SPDLOG_DEBUG("   WRONGCRD");
+                    LoginFailure(d, "WRONGCRD");
                    M2_DELETE(pinfo);
 				}
 				else
@ -284,23 +282,13 @@ void DBManager::AnalyzeReturnQuery(SQLMsg * pMsg)
 					MYSQL_ROW row = mysql_fetch_row(pMsg->Get()->pSQLResult);
 					int col = 0;

-					// '%s', password, securitycode, social_id, id, status
-					char szPlainPassword[128 + 1];
+					// password, securitycode, social_id, id, status
 					char szHashedPassword[128 + 1];
 					char szMatrixCode[MATRIX_CODE_MAX_LEN + 1];
 					char szSocialID[SOCIAL_ID_MAX_LEN + 1];
 					char szStatus[ACCOUNT_STATUS_MAX_LEN + 1];
 					DWORD dwID = 0;

-					if (!row[col]) 
-					{ 
-						SPDLOG_ERROR("error column {}", col);
-						M2_DELETE(pinfo);
-						break; 
-					}
-
-					strlcpy(szPlainPassword, row[col++], sizeof(szPlainPassword));
-
 					if (!row[col]) 
 					{
 						SPDLOG_ERROR("error column {}", col);
@ -374,12 +362,12 @@ void DBManager::AnalyzeReturnQuery(SQLMsg * pMsg)
 					SPDLOG_DEBUG("Create_Time {} {}", retValue, szCreateDate);
 					SPDLOG_DEBUG("Block Time {} ", strncmp(szCreateDate, g_stBlockDate.c_str(), 8));

-					bool loginStatus = hash_secure_verify(szHashedPassword, szPlainPassword);
+					bool loginStatus = argon2id_verify(szHashedPassword, pinfo->passwd, strlen(pinfo->passwd)) == ARGON2_OK;

 					if (!loginStatus)
 					{
-						LoginFailure(d, "WRONGPWD");
-						SPDLOG_DEBUG("   WRONGPWD");
+						LoginFailure(d, "WRONGCRD");
+						SPDLOG_DEBUG("   WRONGCRD");
 						M2_DELETE(pinfo);
 					}
 					else if (bNotAvail)
--- a/src/game/src/input_auth.cpp
+++ b/src/game/src/input_auth.cpp
@ -4,9 +4,6 @@
 #include "input.h"
 #include "desc_client.h"
 #include "desc_manager.h"
-#include "protocol.h"
-#include "matrix_card.h"
-#include "locale_service.h"
 #include "db.h"

 extern time_t get_global_time();
@ -33,13 +30,6 @@ bool FN_IS_VALID_LOGIN_STRING(const char *str)
 	return true;
 }

-bool Login_IsInChannelService(const char* c_login)
-{
-	if (c_login[0] == '[')
-		return true;
-	return false;
-}
-
 CInputAuth::CInputAuth()
 {
 }
@ -70,7 +60,7 @@ void CInputAuth::Login(LPDESC d, const char * c_pData)
 	{
 		SPDLOG_DEBUG("InputAuth::Login : IS_NOT_VALID_LOGIN_STRING({}) desc {}",
 				login, (void*) get_pointer(d));
-		LoginFailure(d, "NOID");
+		LoginFailure(d, "WRONGCRD");
 		return;
 	}

@ -100,14 +90,11 @@ void CInputAuth::Login(LPDESC d, const char * c_pData)
 	TPacketCGLogin3 * p = M2_NEW TPacketCGLogin3;
 	memcpy(p, pinfo, sizeof(TPacketCGLogin3));

-	char szPasswd[PASSWD_MAX_LEN * 2 + 1];
-	DBManager::instance().EscapeString(szPasswd, sizeof(szPasswd), passwd, strlen(passwd));
-
 	char szLogin[LOGIN_MAX_LEN * 2 + 1];
 	DBManager::instance().EscapeString(szLogin, sizeof(szLogin), login, strlen(login));

 	DBManager::instance().ReturnQuery(QID_AUTH_LOGIN, dwKey, p, 
-			"SELECT '%s',password,securitycode,social_id,id,status,availDt - NOW() > 0,"
+			"SELECT password,securitycode,social_id,id,status,availDt - NOW() > 0,"
 			"UNIX_TIMESTAMP(silver_expire),"
 			"UNIX_TIMESTAMP(gold_expire),"
 			"UNIX_TIMESTAMP(safebox_expire),"
@ -117,7 +104,7 @@ void CInputAuth::Login(LPDESC d, const char * c_pData)
 			"UNIX_TIMESTAMP(money_drop_rate_expire),"
 			"UNIX_TIMESTAMP(create_time)"
 			" FROM account WHERE login='%s'",
-			szPasswd, szLogin);
+			szLogin);
 }

 int CInputAuth::Analyze(LPDESC d, BYTE bHeader, const char * c_pData)
--- a/src/game/src/input_db.cpp
+++ b/src/game/src/input_db.cpp
@ -26,11 +26,9 @@
 #include "building.h"
 #include "login_sim.h"
 #include "wedding.h"
-#include "login_data.h"
 #include "unique_item.h"

 #include "monarch.h"
-#include "affect.h"
 #include "castle.h"
 #include "motion.h"

@ -1956,11 +1954,11 @@ int CInputDB::Analyze(LPDESC d, BYTE bHeader, const char * c_pData)
 		break;

 	case HEADER_DG_LOGIN_NOT_EXIST:
-		LoginFailure(DESC_MANAGER::instance().FindByHandle(m_dwHandle), "NOID");
+		LoginFailure(DESC_MANAGER::instance().FindByHandle(m_dwHandle), "WRONGCRD");
 		break;

 	case HEADER_DG_LOGIN_WRONG_PASSWD:
-		LoginFailure(DESC_MANAGER::instance().FindByHandle(m_dwHandle), "WRONGPWD");
+		LoginFailure(DESC_MANAGER::instance().FindByHandle(m_dwHandle), "WRONGCRD");
 		break;

 	case HEADER_DG_LOGIN_ALREADY:
--- a/src/game/src/utils.cpp
+++ b/src/game/src/utils.cpp
@ -1,11 +1,5 @@
-#include <argon2.h>
 #include "stdafx.h"

-bool hash_secure_verify(const char *hashed_pwd, const char *plain_pwd)
-{
-	return argon2id_verify(hashed_pwd, plain_pwd, strlen(plain_pwd)) == ARGON2_OK;
-}
-
 static int global_time_gap = 0;

 time_t get_global_time()
--- a/src/game/src/utils.h
+++ b/src/game/src/utils.h
@ -9,8 +9,6 @@
 #define REMOVE_BIT(var, bit)	((var) &= ~(bit))
 #define TOGGLE_BIT(var, bit)	((var) = (var) ^ (bit))

-bool hash_secure_verify(const char *, const char *);
-
 inline float DISTANCE_SQRT(int dx, int dy)
 {
    return ::sqrt((float)dx * dx + (float)dy * dy);