[z2716] Implement totp auth

Credit goes to TC/Chaosvex for reversing structures, Laizerox for implementing it and Killerwife for porting it

Author: Laizerox

sql/base/realmd.sql

@@ -21,7 +21,7 @@
 
 DROP TABLE IF EXISTS `realmd_db_version`;
 CREATE TABLE `realmd_db_version` (
-  `required_z2678_01_realmd` bit(1) DEFAULT NULL
+  `required_z2716_01_realmd_totp` bit(1) DEFAULT NULL
 ) ENGINE=MyISAM DEFAULT CHARSET=utf8 ROW_FORMAT=DYNAMIC COMMENT='Last applied sql update to DB';
 
 --
@@ -58,6 +58,7 @@ CREATE TABLE `account` (
   `expansion` tinyint(3) unsigned NOT NULL DEFAULT '0',
   `mutetime` bigint(40) unsigned NOT NULL DEFAULT '0',
   `locale` tinyint(3) unsigned NOT NULL DEFAULT '0',
+  `token` text,
   PRIMARY KEY (`id`),
   UNIQUE KEY `idx_username` (`username`),
   KEY `idx_gmlevel` (`gmlevel`)

sql/updates/realmd/z2716_01_realmd_totp.sql

@@ -0,0 +1,3 @@
+ALTER TABLE realmd_db_version CHANGE COLUMN required_z2678_01_realmd required_z2716_01_realmd_totp bit;
+
+ALTER TABLE account ADD COLUMN token text AFTER locale;

src/realmd/AuthSocket.cpp

@@ -21,6 +21,8 @@
 */
 
 #include "Common.h"
+#include "Auth/HMACSHA1.h"
+#include "Auth/base32.h"
 #include "Database/DatabaseEnv.h"
 #include "Config/Config.h"
 #include "Log.h"
@@ -29,6 +31,8 @@
 #include "AuthCodes.h"
 
 #include <openssl/md5.h>
+#include <ctime>
+
 //#include "Util.h" -- for commented utf8ToUpperOnlyLatin
 
 extern DatabaseType LoginDatabase;
@@ -40,6 +44,14 @@ enum AccountFlags
     ACCOUNT_FLAG_PROPASS    = 0x00800000,
 };
 
+enum SecurityFlags
+{
+    SECURITY_FLAG_NONE          = 0x00,
+    SECURITY_FLAG_PIN           = 0x01,
+    SECURITY_FLAG_UNK           = 0x02,
+    SECURITY_FLAG_AUTHENTICATOR = 0x04
+};
+
 // GCC have alternative #pragma pack(N) syntax and old gcc version not support pack(push,N), also any gcc version not support it at some paltform
 #if defined( __GNUC__ )
 #pragma pack(1)
@@ -66,6 +78,18 @@ typedef struct AUTH_LOGON_CHALLENGE_C
     uint8   I[1];
 } sAuthLogonChallenge_C;
 
+typedef struct AUTH_LOGON_PIN_DATA_C
+{
+    uint8 salt[16];
+    uint8 hash[20];
+} sAuthLogonPinData_C;
+
+typedef struct AUTH_LOGON_AUTHENTICATOR_DATA_C
+{
+    uint8 unk; // Has to be 0x01
+    uint8 keys[6]; // Valid code must be 6 digits
+} sAuthLogonAuthenticatorData_C;
+
 // typedef sAuthLogonChallenge_C sAuthReconnectChallenge_C;
 /*
 typedef struct
@@ -265,7 +289,7 @@ void AuthSocket::SendProof(Sha1Hash sha)
         case 6005:                                          // 1.12.2
         case 6141:                                          // 1.12.3
         {
-            sAuthLogonProof_S_BUILD_6005 proof;
+            sAuthLogonProof_S_BUILD_6005 proof{};
             memcpy(proof.M2, sha.GetDigest(), 20);
             proof.cmd = CMD_AUTH_LOGON_PROOF;
             proof.error = 0;
@@ -282,7 +306,7 @@ void AuthSocket::SendProof(Sha1Hash sha)
         case 12340:                                         // 3.3.5a
         default:                                            // or later
         {
-            sAuthLogonProof_S proof;
+            sAuthLogonProof_S proof{};
             memcpy(proof.M2, sha.GetDigest(), 20);
             proof.cmd = CMD_AUTH_LOGON_PROOF;
             proof.error = 0;
@@ -358,30 +382,35 @@ bool AuthSocket::_HandleLogonChallenge()
 
     ///- Verify that this IP is not in the ip_banned table
     // No SQL injection possible (paste the IP address as passed by the socket)
-    QueryResult* result = LoginDatabase.PQuery("SELECT unbandate FROM ip_banned WHERE "
-                          //    permanent                    still banned
-                          "(unbandate = bandate OR unbandate > UNIX_TIMESTAMP()) AND ip = '%s'", m_address.c_str());
-    if (result)
+    std::unique_ptr<QueryResult> ip_banned_result(LoginDatabase.PQuery("SELECT unbandate FROM ip_banned "
+            "WHERE (unbandate = bandate OR unbandate > UNIX_TIMESTAMP()) AND ip = '%s'", m_address.c_str()));
+
+    std::unique_ptr<QueryResult> account_banned_result(LoginDatabase.PQuery(
+            "SELECT ab.unbandate FROM account_banned ab LEFT JOIN account a ON a.id = ab.id "
+                    "WHERE active = 1 AND a.username = '%s' AND (ab.unbandate = ab.bandate OR ab.unbandate > UNIX_TIMESTAMP())", _safelogin.c_str()));
+
+    if (ip_banned_result || account_banned_result)
     {
         pkt << (uint8)WOW_FAIL_BANNED;
         BASIC_LOG("[AuthChallenge] Banned ip %s tries to login!", m_address.c_str());
-        delete result;
     }
     else
     {
         ///- Get the account details from the account table
         // No SQL injection (escaped user name)
 
-        result = LoginDatabase.PQuery("SELECT sha_pass_hash,id,locked,last_ip,gmlevel,v,s FROM account WHERE username = '%s'", _safelogin.c_str());
+        QueryResult* result = LoginDatabase.PQuery("SELECT sha_pass_hash,id,locked,last_ip,gmlevel,v,s,token FROM account WHERE username = '%s'", _safelogin.c_str());
         if (result)
         {
+            Field* fields = result->Fetch();
+
             ///- If the IP is 'locked', check that the player comes indeed from the correct IP address
             bool locked = false;
-            if ((*result)[2].GetUInt8() == 1)               // if ip is locked
+            if (fields[2].GetUInt8() == 1)               // if ip is locked
             {
-                DEBUG_LOG("[AuthChallenge] Account '%s' is locked to IP - '%s'", _login.c_str(), (*result)[3].GetString());
+                DEBUG_LOG("[AuthChallenge] Account '%s' is locked to IP - '%s'", _login.c_str(), fields[3].GetString());
                 DEBUG_LOG("[AuthChallenge] Player address is '%s'", m_address.c_str());
-                if (strcmp((*result)[3].GetString(), m_address.c_str()))
+                if (strcmp(fields[3].GetString(), m_address.c_str()))
                 {
                     DEBUG_LOG("[AuthChallenge] Account IP differs");
                     pkt << (uint8) WOW_FAIL_SUSPENDED;
@@ -401,7 +430,7 @@ bool AuthSocket::_HandleLogonChallenge()
             {
                 ///- If the account is banned, reject the logon attempt
                 QueryResult* banresult = LoginDatabase.PQuery("SELECT bandate,unbandate FROM account_banned WHERE "
-                                         "id = %u AND active = 1 AND (unbandate > UNIX_TIMESTAMP() OR unbandate = bandate)", (*result)[1].GetUInt32());
+                                         "id = %u AND active = 1 AND (unbandate > UNIX_TIMESTAMP() OR unbandate = bandate)", fields[1].GetUInt32());
                 if (banresult)
                 {
                     if ((*banresult)[0].GetUInt64() == (*banresult)[1].GetUInt64())
@@ -420,11 +449,11 @@ bool AuthSocket::_HandleLogonChallenge()
                 else
                 {
                     ///- Get the password from the account table, upper it, and make the SRP6 calculation
-                    std::string rI = (*result)[0].GetCppString();
+                    std::string rI = fields[0].GetCppString();
 
                     ///- Don't calculate (v, s) if there are already some in the database
-                    std::string databaseV = (*result)[5].GetCppString();
-                    std::string databaseS = (*result)[6].GetCppString();
+                    std::string databaseV = fields[5].GetCppString();
+                    std::string databaseS = fields[6].GetCppString();
 
                     DEBUG_LOG("database authentication values: v='%s' s='%s'", databaseV.c_str(), databaseS.c_str());
 
@@ -458,15 +487,21 @@ bool AuthSocket::_HandleLogonChallenge()
                     pkt.append(s.AsByteArray(), s.GetNumBytes());// 32 bytes
                     pkt.append(unk3.AsByteArray(16), 16);
                     uint8 securityFlags = 0;
-                    pkt << uint8(securityFlags);            // security flags (0x0...0x04)
 
-                    if (securityFlags & 0x01)               // PIN input
+                    _token = fields[7].GetCppString();
+                    if (!_token.empty() && _build >= 8606) // authenticator was added in 2.4.3
+                        securityFlags = SECURITY_FLAG_AUTHENTICATOR;
+
+                    pkt << uint8(securityFlags);                    // security flags (0x0...0x04)
+
+                    if (securityFlags & SECURITY_FLAG_PIN)          // PIN input
                     {
                         pkt << uint32(0);
-                        pkt << uint64(0) << uint64(0);      // 16 bytes hash?
+                        pkt << uint64(0);
+                        pkt << uint64(0);
                     }
 
-                    if (securityFlags & 0x02)               // Matrix input
+                    if (securityFlags & SECURITY_FLAG_UNK)          // Matrix input
                     {
                         pkt << uint8(0);
                         pkt << uint8(0);
@@ -475,12 +510,10 @@ bool AuthSocket::_HandleLogonChallenge()
                         pkt << uint64(0);
                     }
 
-                    if (securityFlags & 0x04)               // Security token input
-                    {
+                    if (securityFlags & SECURITY_FLAG_AUTHENTICATOR)    // Authenticator input
                         pkt << uint8(1);
-                    }
 
-                    uint8 secLevel = (*result)[4].GetUInt8();
+                    uint8 secLevel = fields[4].GetUInt8();
                     _accountSecurityLevel = secLevel <= SEC_ADMINISTRATOR ? AccountTypes(secLevel) : SEC_ADMINISTRATOR;
 
                     _localizationName.resize(4);
@@ -496,10 +529,9 @@ bool AuthSocket::_HandleLogonChallenge()
             delete result;
         }
         else                                                // no account
-        {
             pkt << (uint8) WOW_FAIL_UNKNOWN_ACCOUNT;
-        }
     }
+
     Write((const char *)pkt.contents(), pkt.size());
     return true;
 }
@@ -509,7 +541,7 @@ bool AuthSocket::_HandleLogonProof()
 {
     DEBUG_LOG("Entering _HandleLogonProof");
     ///- Read the packet
-    sAuthLogonProof_C lp;
+    sAuthLogonProof_C lp{};
     if (!Read((char*)&lp, sizeof(sAuthLogonProof_C)))
         return false;
 
@@ -519,7 +551,6 @@ bool AuthSocket::_HandleLogonProof()
     /// <ul><li> If the client has no valid version
     if (!FindBuildInfo(_build))
     {
-
         // no patch found
         ByteBuffer pkt;
         pkt << (uint8) CMD_AUTH_LOGON_CHALLENGE;
@@ -533,7 +564,6 @@ bool AuthSocket::_HandleLogonProof()
 
     ///- Continue the SRP6 calculation based on data received from the client
     BigNumber A;
-
     A.SetBinary(lp.A, 32);
 
     // SRP safeguard: abort if A==0
@@ -611,6 +641,28 @@ bool AuthSocket::_HandleLogonProof()
     ///- Check if SRP6 results match (password is correct), else send an error
     if (!memcmp(M.AsByteArray(), lp.M1, 20))
     {
+        if (lp.securityFlags & SECURITY_FLAG_AUTHENTICATOR || !_token.empty())
+        {
+            sAuthLogonAuthenticatorData_C authData{};
+            if (!Read((char*) &authData, sizeof(sAuthLogonAuthenticatorData_C)))
+            {
+                const char data[4] = {CMD_AUTH_LOGON_PROOF, WOW_FAIL_UNKNOWN_ACCOUNT, 3, 0};
+                Write(data, sizeof(data));
+                return true;
+            }
+
+            auto ServerToken = generateToken(_token.c_str());
+            auto clientToken = atoi((const char*) authData.keys);
+            if (ServerToken != clientToken)
+            {
+                BASIC_LOG("[AuthChallenge] Account %s tried to login with wrong pincode! Given %u Expected %u", _login.c_str(), clientToken, ServerToken);
+
+                const char data[4] = { CMD_AUTH_LOGON_PROOF, WOW_FAIL_UNKNOWN_ACCOUNT, 3, 0};
+                Write(data, sizeof(data));
+                return true;
+            }
+        }
+
         BASIC_LOG("User '%s' successfully authenticated", _login.c_str());
 
         ///- Update the sessionkey, last_ip, last login time and reset number of failed logins in the account table for this account
@@ -839,7 +891,6 @@ bool AuthSocket::_HandleRealmList()
     hdr.append(pkt);
 
     Write((const char *)hdr.contents(), hdr.size());
-
     return true;
 }
 
@@ -1004,4 +1055,29 @@ bool AuthSocket::_HandleXferAccept()
     ReadSkip(1);
 
     return true;
+}
+
+int32 AuthSocket::generateToken(char const* b32key)
+{
+    size_t keySize = strlen(b32key);
+    size_t bufSize = (keySize + 7) / 8 * 5;
+    char* encoded = new char[bufSize];
+    memset(encoded, 0, bufSize);
+    unsigned int hmac_result_size = HMAC_RES_SIZE;
+    unsigned char hmac_result[HMAC_RES_SIZE];
+    unsigned long timestamp = time(nullptr)/30;
+    unsigned char challenge[8];
+
+    for (int i = 8; i--; timestamp >>= 8)
+        challenge[i] = timestamp;
+
+    base32_decode(b32key, encoded, bufSize);
+    HMAC(EVP_sha1(), encoded, bufSize, challenge, 8, hmac_result, &hmac_result_size);
+    unsigned int offset = hmac_result[19] & 0xF;
+    unsigned int truncHash = (hmac_result[offset] << 24) | (hmac_result[offset + 1] << 16 ) | (hmac_result[offset + 2] << 8) | (hmac_result[offset + 3]);
+    truncHash &= 0x7FFFFFFF;
+
+    delete[] encoded;
+
+    return truncHash % 1000000;
 }

src/realmd/AuthSocket.h

@@ -34,6 +34,8 @@
 
 #include <functional>
 
+#define HMAC_RES_SIZE 20
+
 class AuthSocket : public MaNGOS::Socket
 {
     public:
@@ -43,6 +45,7 @@ class AuthSocket : public MaNGOS::Socket
 
         void SendProof(Sha1Hash sha);
         void LoadRealmlist(ByteBuffer& pkt, uint32 acctid);
+        int32 generateToken(char const* b32key);
 
         bool _HandleLogonChallenge();
         bool _HandleLogonProof();
@@ -77,6 +80,7 @@ class AuthSocket : public MaNGOS::Socket
 
         std::string _login;
         std::string _safelogin;
+        std::string _token;
 
         // Since GetLocaleByName() is _NOT_ bijective, we have to store the locale as a string. Otherwise we can't differ
         // between enUS and enGB, which is important for the patch system

src/shared/Auth/AuthCrypt.cpp

@@ -17,24 +17,12 @@
  */
 
 #include "AuthCrypt.h"
-#include "Hmac.h"
+#include "HMACSHA1.h"
+#include "Log.h"
 #include "BigNumber.h"
 
 AuthCrypt::AuthCrypt() : _initialized(false) {}
 
-void AuthCrypt::Init(BigNumber *bn)
-{
-    _send_i = _send_j = _recv_i = _recv_j = 0;
-
-    const size_t len = 40;
-
-    _key.resize(len);
-    auto const key = bn->AsByteArray();
-    std::copy(key, key + len, _key.begin());
-
-    _initialized = true;
-}
-
 void AuthCrypt::DecryptRecv(uint8* data, size_t len)
 {
     if (!_initialized) return;
@@ -63,3 +51,16 @@ void AuthCrypt::EncryptSend(uint8* data, size_t len)
         data[t] = _send_j = x;
     }
 }
+
+void AuthCrypt::Init(BigNumber *bn)
+{
+    _send_i = _send_j = _recv_i = _recv_j = 0;
+
+    const size_t len = 40;
+
+    _key.resize(len);
+    auto const key = bn->AsByteArray();
+    std::copy(key, key + len, _key.begin());
+
+    _initialized = true;
+}