Client logs in with salted password now.

The password is salted by a random number sent by server. Reviewed by Bertram.
author: Stefan Beller <stefanbeller@googlemail.com> 2011-08-06 03:25:31 +0200
committer: Stefan Beller <stefanbeller@googlemail.com> 2011-08-10 21:32:50 +0200
commit: 5c5e17c0b200004c6d18a51e2c02fd21d710f04f (patch)
tree: 677f019f2d7c84abb51007e8860b8ee95d0b6913 /src/net/manaserv/loginhandler.cpp
parent: 7342860e6c7b8d817410d886c7b89ff36e5c26f7 (diff)
download: mana-client-5c5e17c0b200004c6d18a51e2c02fd21d710f04f.tar.gz
mana-client-5c5e17c0b200004c6d18a51e2c02fd21d710f04f.tar.bz2
mana-client-5c5e17c0b200004c6d18a51e2c02fd21d710f04f.tar.xz
mana-client-5c5e17c0b200004c6d18a51e2c02fd21d710f04f.zip
1 files changed, 24 insertions, 2 deletions
diff --git a/src/net/manaserv/loginhandler.cpp b/src/net/manaserv/loginhandler.cpp
index 2f802e21..f06c3262 100644
--- a/src/net/manaserv/loginhandler.cpp
+++ b/src/net/manaserv/loginhandler.cpp
@@ -44,6 +44,7 @@ extern std::string netToken;
 LoginHandler::LoginHandler()
 {
     static const Uint16 _messages[] = {
+        APMSG_LOGIN_RNDTRGR_RESPONSE,
         APMSG_LOGIN_RESPONSE,
         APMSG_REGISTER_RESPONSE,
         APMSG_RECONNECT_RESPONSE,
@@ -62,6 +63,10 @@ void LoginHandler::handleMessage(Net::MessageIn &msg)
 {
     switch (msg.getId())
     {
+        case APMSG_LOGIN_RNDTRGR_RESPONSE:
+            handleLoginRandomResponse(msg);
+            break;
+
         case APMSG_LOGIN_RESPONSE:
             handleLoginResponse(msg);
             break;
@@ -245,6 +250,12 @@ void LoginHandler::handleMessage(Net::MessageIn &msg)
     }
 }
 
+void LoginHandler::handleLoginRandomResponse(Net::MessageIn &msg)
+{
+    mLoginData->randomSeed = msg.readString();
+    loginAccountContinue();
+}
+
 void LoginHandler::handleLoginResponse(Net::MessageIn &msg)
 {
     const int errMsg = msg.readInt8();
@@ -385,14 +396,25 @@ unsigned int LoginHandler::getMaxUserNameLength() const
 void LoginHandler::loginAccount(LoginData *loginData)
 {
     mLoginData = loginData;
+    mTmpPassword = loginData->password;
+
+    MessageOut msg(PAMSG_LOGIN_RNDTRGR);
+    msg.writeString(mLoginData->username);
 
+    accountServerConnection->send(msg);
+}
+
+void LoginHandler::loginAccountContinue()
+{
     MessageOut msg(PAMSG_LOGIN);
 
     msg.writeInt32(PROTOCOL_VERSION); // client version
-    msg.writeString(loginData->username);
-    msg.writeString(sha256(loginData->username + loginData->password));
+    msg.writeString(mLoginData->username);
+
+    msg.writeString(sha256(sha256(sha256(mLoginData->username + mTmpPassword)) + mLoginData->randomSeed));
 
     accountServerConnection->send(msg);
+    mTmpPassword = "";
 }
 
 void LoginHandler::logout()
author	Stefan Beller <stefanbeller@googlemail.com>	2011-08-06 03:25:31 +0200
committer	Stefan Beller <stefanbeller@googlemail.com>	2011-08-10 21:32:50 +0200
commit	5c5e17c0b200004c6d18a51e2c02fd21d710f04f (patch)
tree	677f019f2d7c84abb51007e8860b8ee95d0b6913 /src/net/manaserv/loginhandler.cpp
parent	7342860e6c7b8d817410d886c7b89ff36e5c26f7 (diff)
download	mana-client-5c5e17c0b200004c6d18a51e2c02fd21d710f04f.tar.gz mana-client-5c5e17c0b200004c6d18a51e2c02fd21d710f04f.tar.bz2 mana-client-5c5e17c0b200004c6d18a51e2c02fd21d710f04f.tar.xz mana-client-5c5e17c0b200004c6d18a51e2c02fd21d710f04f.zip