From 6d65fae7e4709f03506d5a2a35c0c8a317db8c37 Mon Sep 17 00:00:00 2001
From: Exynox <exynox@old-metin2.com>
Date: Sat, 1 Jun 2024 14:34:27 +0300
Subject: [PATCH] Argon2ID improvements

---
 src/game/src/db.cpp         | 26 +++++++-------------------
 src/game/src/input_auth.cpp | 19 +++----------------
 src/game/src/input_db.cpp   |  6 ++----
 src/game/src/utils.cpp      |  6 ------
 src/game/src/utils.h        |  2 --
 5 files changed, 12 insertions(+), 47 deletions(-)

diff --git a/src/game/src/db.cpp b/src/game/src/db.cpp
index 0ec2446..540b55a 100644
--- a/src/game/src/db.cpp
+++ b/src/game/src/db.cpp
@@ -1,21 +1,19 @@
 #include "stdafx.h"
 #include <sstream>
 #include <common/length.h>
+#include <argon2.h>
 
 #include "db.h"
-
 #include "config.h"
 #include "desc_client.h"
 #include "desc_manager.h"
 #include "char.h"
 #include "char_manager.h"
 #include "item.h"
-#include "item_manager.h"
 #include "p2p.h"
 #include "matrix_card.h"
 #include "log.h"
 #include "login_data.h"
-#include "locale_service.h"
 #include "spam.h"
 
 extern std::string g_stBlockDate;
@@ -275,8 +273,8 @@ void DBManager::AnalyzeReturnQuery(SQLMsg * pMsg)
 
 				if (pMsg->Get()->uiNumRows == 0)
 				{
-                    SPDLOG_DEBUG("   NOID");
-                    LoginFailure(d, "NOID");
+                    SPDLOG_DEBUG("   WRONGCRD");
+                    LoginFailure(d, "WRONGCRD");
                     M2_DELETE(pinfo);
 				}
 				else
@@ -284,23 +282,13 @@ void DBManager::AnalyzeReturnQuery(SQLMsg * pMsg)
 					MYSQL_ROW row = mysql_fetch_row(pMsg->Get()->pSQLResult);
 					int col = 0;
 
-					// '%s', password, securitycode, social_id, id, status
-					char szPlainPassword[128 + 1];
+					// password, securitycode, social_id, id, status
 					char szHashedPassword[128 + 1];
 					char szMatrixCode[MATRIX_CODE_MAX_LEN + 1];
 					char szSocialID[SOCIAL_ID_MAX_LEN + 1];
 					char szStatus[ACCOUNT_STATUS_MAX_LEN + 1];
 					DWORD dwID = 0;
 
-					if (!row[col]) 
-					{ 
-						SPDLOG_ERROR("error column {}", col);
-						M2_DELETE(pinfo);
-						break; 
-					}
-
-					strlcpy(szPlainPassword, row[col++], sizeof(szPlainPassword));
-
 					if (!row[col]) 
 					{
 						SPDLOG_ERROR("error column {}", col);
@@ -374,12 +362,12 @@ void DBManager::AnalyzeReturnQuery(SQLMsg * pMsg)
 					SPDLOG_DEBUG("Create_Time {} {}", retValue, szCreateDate);
 					SPDLOG_DEBUG("Block Time {} ", strncmp(szCreateDate, g_stBlockDate.c_str(), 8));
 
-					bool loginStatus = hash_secure_verify(szHashedPassword, szPlainPassword);
+					bool loginStatus = argon2id_verify(szHashedPassword, pinfo->passwd, strlen(pinfo->passwd)) == ARGON2_OK;
 
 					if (!loginStatus)
 					{
-						LoginFailure(d, "WRONGPWD");
-						SPDLOG_DEBUG("   WRONGPWD");
+						LoginFailure(d, "WRONGCRD");
+						SPDLOG_DEBUG("   WRONGCRD");
 						M2_DELETE(pinfo);
 					}
 					else if (bNotAvail)
diff --git a/src/game/src/input_auth.cpp b/src/game/src/input_auth.cpp
index 325310f..d01dad9 100644
--- a/src/game/src/input_auth.cpp
+++ b/src/game/src/input_auth.cpp
@@ -4,9 +4,6 @@
 #include "input.h"
 #include "desc_client.h"
 #include "desc_manager.h"
-#include "protocol.h"
-#include "matrix_card.h"
-#include "locale_service.h"
 #include "db.h"
 
 extern time_t get_global_time();
@@ -33,13 +30,6 @@ bool FN_IS_VALID_LOGIN_STRING(const char *str)
 	return true;
 }
 
-bool Login_IsInChannelService(const char* c_login)
-{
-	if (c_login[0] == '[')
-		return true;
-	return false;
-}
-
 CInputAuth::CInputAuth()
 {
 }
@@ -70,7 +60,7 @@ void CInputAuth::Login(LPDESC d, const char * c_pData)
 	{
 		SPDLOG_DEBUG("InputAuth::Login : IS_NOT_VALID_LOGIN_STRING({}) desc {}",
 				login, (void*) get_pointer(d));
-		LoginFailure(d, "NOID");
+		LoginFailure(d, "WRONGCRD");
 		return;
 	}
 
@@ -100,14 +90,11 @@ void CInputAuth::Login(LPDESC d, const char * c_pData)
 	TPacketCGLogin3 * p = M2_NEW TPacketCGLogin3;
 	memcpy(p, pinfo, sizeof(TPacketCGLogin3));
 
-	char szPasswd[PASSWD_MAX_LEN * 2 + 1];
-	DBManager::instance().EscapeString(szPasswd, sizeof(szPasswd), passwd, strlen(passwd));
-
 	char szLogin[LOGIN_MAX_LEN * 2 + 1];
 	DBManager::instance().EscapeString(szLogin, sizeof(szLogin), login, strlen(login));
 
 	DBManager::instance().ReturnQuery(QID_AUTH_LOGIN, dwKey, p, 
-			"SELECT '%s',password,securitycode,social_id,id,status,availDt - NOW() > 0,"
+			"SELECT password,securitycode,social_id,id,status,availDt - NOW() > 0,"
 			"UNIX_TIMESTAMP(silver_expire),"
 			"UNIX_TIMESTAMP(gold_expire),"
 			"UNIX_TIMESTAMP(safebox_expire),"
@@ -117,7 +104,7 @@ void CInputAuth::Login(LPDESC d, const char * c_pData)
 			"UNIX_TIMESTAMP(money_drop_rate_expire),"
 			"UNIX_TIMESTAMP(create_time)"
 			" FROM account WHERE login='%s'",
-			szPasswd, szLogin);
+			szLogin);
 }
 
 int CInputAuth::Analyze(LPDESC d, BYTE bHeader, const char * c_pData)
diff --git a/src/game/src/input_db.cpp b/src/game/src/input_db.cpp
index 9ee7b68..e0d2f07 100644
--- a/src/game/src/input_db.cpp
+++ b/src/game/src/input_db.cpp
@@ -26,11 +26,9 @@
 #include "building.h"
 #include "login_sim.h"
 #include "wedding.h"
-#include "login_data.h"
 #include "unique_item.h"
 
 #include "monarch.h"
-#include "affect.h"
 #include "castle.h"
 #include "motion.h"
 
@@ -1956,11 +1954,11 @@ int CInputDB::Analyze(LPDESC d, BYTE bHeader, const char * c_pData)
 		break;
 
 	case HEADER_DG_LOGIN_NOT_EXIST:
-		LoginFailure(DESC_MANAGER::instance().FindByHandle(m_dwHandle), "NOID");
+		LoginFailure(DESC_MANAGER::instance().FindByHandle(m_dwHandle), "WRONGCRD");
 		break;
 
 	case HEADER_DG_LOGIN_WRONG_PASSWD:
-		LoginFailure(DESC_MANAGER::instance().FindByHandle(m_dwHandle), "WRONGPWD");
+		LoginFailure(DESC_MANAGER::instance().FindByHandle(m_dwHandle), "WRONGCRD");
 		break;
 
 	case HEADER_DG_LOGIN_ALREADY:
diff --git a/src/game/src/utils.cpp b/src/game/src/utils.cpp
index 556950a..f12ab0d 100644
--- a/src/game/src/utils.cpp
+++ b/src/game/src/utils.cpp
@@ -1,11 +1,5 @@
-#include <argon2.h>
 #include "stdafx.h"
 
-bool hash_secure_verify(const char *hashed_pwd, const char *plain_pwd)
-{
-	return argon2id_verify(hashed_pwd, plain_pwd, strlen(plain_pwd)) == ARGON2_OK;
-}
-
 static int global_time_gap = 0;
 
 time_t get_global_time()
diff --git a/src/game/src/utils.h b/src/game/src/utils.h
index 63252f0..f3baec5 100644
--- a/src/game/src/utils.h
+++ b/src/game/src/utils.h
@@ -9,8 +9,6 @@
 #define REMOVE_BIT(var, bit)	((var) &= ~(bit))
 #define TOGGLE_BIT(var, bit)	((var) = (var) ^ (bit))
 
-bool hash_secure_verify(const char *, const char *);
-
 inline float DISTANCE_SQRT(int dx, int dy)
 {
     return ::sqrt((float)dx * dx + (float)dy * dy);