summaryrefslogtreecommitdiff
path: root/src/login
diff options
context:
space:
mode:
authorAndrei Karas <akaras@inbox.ru>2015-07-05 00:17:35 +0300
committerAndrei Karas <akaras@inbox.ru>2015-08-05 15:54:00 +0300
commit838321a36c79e71117320154c9b611c99e93af03 (patch)
tree409793dfd26296feeed7b14d4a4a4e489833028d /src/login
parent2c1976035dd87ce630fc0ec1feae20be54d8f2d5 (diff)
downloadhercules-838321a36c79e71117320154c9b611c99e93af03.tar.gz
hercules-838321a36c79e71117320154c9b611c99e93af03.tar.bz2
hercules-838321a36c79e71117320154c9b611c99e93af03.tar.xz
hercules-838321a36c79e71117320154c9b611c99e93af03.zip
Add checks for servers ip address in inter server connections.
If ip not in configured subnet, connection refused. This can protect servers from brutforcing attacks.
Diffstat (limited to 'src/login')
-rw-r--r--src/login/login.c14
-rw-r--r--src/login/login.h2
2 files changed, 9 insertions, 7 deletions
diff --git a/src/login/login.c b/src/login/login.c
index bb8ba51b3..caace34da 100644
--- a/src/login/login.c
+++ b/src/login/login.c
@@ -1555,8 +1555,8 @@ void login_char_server_connection_status(int fd, struct login_session_data* sd,
WFIFOSET(fd,3);
}
-void login_parse_request_connection(int fd, struct login_session_data* sd, const char *const ip) __attribute__((nonnull (2, 3)));
-void login_parse_request_connection(int fd, struct login_session_data* sd, const char *const ip)
+void login_parse_request_connection(int fd, struct login_session_data* sd, const char *const ip, uint32 ipl) __attribute__((nonnull (2, 3)));
+void login_parse_request_connection(int fd, struct login_session_data* sd, const char *const ip, uint32 ipl)
{
char server_name[20];
char message[256];
@@ -1584,11 +1584,13 @@ void login_parse_request_connection(int fd, struct login_session_data* sd, const
login_log(session[fd]->client_addr, sd->userid, 100, message);
result = login->mmo_auth(sd, true);
- if( runflag == LOGINSERVER_ST_RUNNING &&
+ if (runflag == LOGINSERVER_ST_RUNNING &&
result == -1 &&
sd->sex == 'S' &&
- sd->account_id >= 0 && sd->account_id < ARRAYLENGTH(server) &&
- !session_isValid(server[sd->account_id].fd) )
+ sd->account_id >= 0 &&
+ sd->account_id < ARRAYLENGTH(server) &&
+ !session_isValid(server[sd->account_id].fd) &&
+ login->lan_subnetcheck(ipl))
{
ShowStatus("Connection of the char-server '%s' accepted.\n", server_name);
safestrncpy(server[sd->account_id].name, server_name, sizeof(server[sd->account_id].name));
@@ -1714,7 +1716,7 @@ int login_parse_login(int fd)
if (RFIFOREST(fd) < 86)
return 0;
{
- login->parse_request_connection(fd, sd, ip);
+ login->parse_request_connection(fd, sd, ip, ipl);
}
return 0; // processing will continue elsewhere
diff --git a/src/login/login.h b/src/login/login.h
index f05ff6d0f..de504db07 100644
--- a/src/login/login.h
+++ b/src/login/login.h
@@ -204,7 +204,7 @@ struct login_interface {
void (*send_coding_key) (int fd, struct login_session_data* sd);
void (*parse_request_coding_key) (int fd, struct login_session_data* sd);
void (*char_server_connection_status) (int fd, struct login_session_data* sd, uint8 status);
- void (*parse_request_connection) (int fd, struct login_session_data* sd, const char *ip);
+ void (*parse_request_connection) (int fd, struct login_session_data* sd, const char *ip, uint32 ipl);
int (*parse_login) (int fd);
char *LOGIN_CONF_NAME;
char *LAN_CONF_NAME;