diff options
| author | Andrei Karas <akaras@inbox.ru> | 2015-07-05 00:17:35 +0300 |
|---|---|---|
| committer | Andrei Karas <akaras@inbox.ru> | 2015-08-05 15:54:00 +0300 |
| commit | 838321a36c79e71117320154c9b611c99e93af03 (patch) | |
| tree | 409793dfd26296feeed7b14d4a4a4e489833028d /src/login | |
| parent | 2c1976035dd87ce630fc0ec1feae20be54d8f2d5 (diff) | |
| download | hercules-838321a36c79e71117320154c9b611c99e93af03.tar.gz hercules-838321a36c79e71117320154c9b611c99e93af03.tar.bz2 hercules-838321a36c79e71117320154c9b611c99e93af03.tar.xz hercules-838321a36c79e71117320154c9b611c99e93af03.zip | |
Add checks for servers ip address in inter server connections.
If ip not in configured subnet, connection refused.
This can protect servers from brutforcing attacks.
Diffstat (limited to 'src/login')
| -rw-r--r-- | src/login/login.c | 14 | ||||
| -rw-r--r-- | src/login/login.h | 2 |
2 files changed, 9 insertions, 7 deletions
diff --git a/src/login/login.c b/src/login/login.c index bb8ba51b3..caace34da 100644 --- a/src/login/login.c +++ b/src/login/login.c @@ -1555,8 +1555,8 @@ void login_char_server_connection_status(int fd, struct login_session_data* sd, WFIFOSET(fd,3); } -void login_parse_request_connection(int fd, struct login_session_data* sd, const char *const ip) __attribute__((nonnull (2, 3))); -void login_parse_request_connection(int fd, struct login_session_data* sd, const char *const ip) +void login_parse_request_connection(int fd, struct login_session_data* sd, const char *const ip, uint32 ipl) __attribute__((nonnull (2, 3))); +void login_parse_request_connection(int fd, struct login_session_data* sd, const char *const ip, uint32 ipl) { char server_name[20]; char message[256]; @@ -1584,11 +1584,13 @@ void login_parse_request_connection(int fd, struct login_session_data* sd, const login_log(session[fd]->client_addr, sd->userid, 100, message); result = login->mmo_auth(sd, true); - if( runflag == LOGINSERVER_ST_RUNNING && + if (runflag == LOGINSERVER_ST_RUNNING && result == -1 && sd->sex == 'S' && - sd->account_id >= 0 && sd->account_id < ARRAYLENGTH(server) && - !session_isValid(server[sd->account_id].fd) ) + sd->account_id >= 0 && + sd->account_id < ARRAYLENGTH(server) && + !session_isValid(server[sd->account_id].fd) && + login->lan_subnetcheck(ipl)) { ShowStatus("Connection of the char-server '%s' accepted.\n", server_name); safestrncpy(server[sd->account_id].name, server_name, sizeof(server[sd->account_id].name)); @@ -1714,7 +1716,7 @@ int login_parse_login(int fd) if (RFIFOREST(fd) < 86) return 0; { - login->parse_request_connection(fd, sd, ip); + login->parse_request_connection(fd, sd, ip, ipl); } return 0; // processing will continue elsewhere diff --git a/src/login/login.h b/src/login/login.h index f05ff6d0f..de504db07 100644 --- a/src/login/login.h +++ b/src/login/login.h @@ -204,7 +204,7 @@ struct login_interface { void (*send_coding_key) (int fd, struct login_session_data* sd); void (*parse_request_coding_key) (int fd, struct login_session_data* sd); void (*char_server_connection_status) (int fd, struct login_session_data* sd, uint8 status); - void (*parse_request_connection) (int fd, struct login_session_data* sd, const char *ip); + void (*parse_request_connection) (int fd, struct login_session_data* sd, const char *ip, uint32 ipl); int (*parse_login) (int fd); char *LOGIN_CONF_NAME; char *LAN_CONF_NAME; |