summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--Changelog-Trunk.txt2
-rw-r--r--src/char/char.c22
-rw-r--r--src/char_sql/char.c21
3 files changed, 31 insertions, 14 deletions
diff --git a/Changelog-Trunk.txt b/Changelog-Trunk.txt
index 8aafd0318..9000eafff 100644
--- a/Changelog-Trunk.txt
+++ b/Changelog-Trunk.txt
@@ -4,6 +4,8 @@ AS OF SVN REV. 5091, WE ARE NOW USING TRUNK. ALL UNTESTED BUGFIXES/FEATURES GO
IF YOU HAVE A WORKING AND TESTED BUGFIX PUT IT INTO STABLE AS WELL AS TRUNK.
2008/01/08
+ * Added missing session auth checks to charserver. [ultramage]
+ Packets from non-authed clients will now be discarded.
* Fixed Wand of Hermod not starting the SC_HERMOD status change (which
blocks spells)
* Fixed additional def/mdef from vit/int bonuses being lost when a status
diff --git a/src/char/char.c b/src/char/char.c
index e43ea9e7c..42f5b83b0 100644
--- a/src/char/char.c
+++ b/src/char/char.c
@@ -104,8 +104,9 @@ struct s_subnet {
int subnet_count = 0;
struct char_session_data {
+ bool auth; // whether the session is authed or not
int account_id, login_id1, login_id2, sex;
- int found_char[MAX_CHARS];
+ int found_char[MAX_CHARS]; // ids of chars on this account
char email[40]; // e-mail (default: a@a.com) by [Yor]
time_t connect_until_time; // # of seconds 1/1/1970 (timestamp): Validity limit of the account (0 = unlimited)
};
@@ -1735,8 +1736,6 @@ int mmo_char_send006b(int fd, struct char_session_data* sd)
{
int i, j, found_num;
- set_char_online(-1, 99, sd->account_id);
-
found_num = 0;
for(i = 0; i < char_num; i++) {
if (char_dat[i].status.account_id == sd->account_id) {
@@ -1912,7 +1911,7 @@ static void char_auth_ok(int fd, struct char_session_data *sd)
return;
}
- if (online_check && (character = idb_get(online_char_db, sd->account_id)))
+ if( online_check && (character = idb_get(online_char_db, sd->account_id)) != NULL )
{ // check if character is not online already. [Skotlex]
if (character->server > -1)
{ //Character already online. KICK KICK KICK
@@ -1933,13 +1932,22 @@ static void char_auth_ok(int fd, struct char_session_data *sd)
}
character->fd = fd;
}
+
if (login_fd > 0) {
// request to login-server to obtain e-mail/time limit
+ //FIXME: isn't this part of the auth_ok packet? [ultramage]
WFIFOHEAD(login_fd,6);
WFIFOW(login_fd,0) = 0x2716;
WFIFOL(login_fd,2) = sd->account_id;
WFIFOSET(login_fd,6);
}
+
+ // mark session as 'authed'
+ sd->auth = true;
+
+ // set char online on charserver
+ set_char_online(-1, 99, sd->account_id);
+
// send characters to player
mmo_char_send006b(fd, sd);
}
@@ -3242,7 +3250,7 @@ int parse_char(int fd)
while( RFIFOREST(fd) >= 2 )
{
//For use in packets that depend on an sd being present [Skotlex]
- #define FIFOSD_CHECK(rest) { if(RFIFOREST(fd) < rest) return 0; if (sd==NULL) { RFIFOSKIP(fd,rest); return 0; } }
+ #define FIFOSD_CHECK(rest) { if(RFIFOREST(fd) < rest) return 0; if (sd==NULL || !sd->auth) { RFIFOSKIP(fd,rest); return 0; } }
cmd = RFIFOW(fd,0);
switch( cmd )
@@ -3276,6 +3284,7 @@ int parse_char(int fd)
sd->login_id1 = RFIFOL(fd,6);
sd->login_id2 = RFIFOL(fd,10);
sd->sex = RFIFOB(fd,16);
+ sd->auth = false; // not authed yet
// send back account_id
WFIFOHEAD(fd,4);
@@ -3606,8 +3615,7 @@ int parse_char(int fd)
// char rename request
// R 028d <account ID>.l <char ID>.l <new name>.24B
case 0x28d:
- if (RFIFOREST(fd) < 34)
- return 0;
+ FIFOSD_CHECK(34);
//not implemented
RFIFOSKIP(fd,34);
break;
diff --git a/src/char_sql/char.c b/src/char_sql/char.c
index 233b87050..8dd8738b2 100644
--- a/src/char_sql/char.c
+++ b/src/char_sql/char.c
@@ -133,8 +133,9 @@ struct s_subnet {
int subnet_count = 0;
struct char_session_data {
+ bool auth; // whether the session is authed or not
int account_id, login_id1, login_id2, sex;
- int found_char[MAX_CHARS];
+ int found_char[MAX_CHARS]; // ids of chars on this account
char email[40]; // e-mail (default: a@a.com) by [Yor]
time_t connect_until_time; // # of seconds 1/1/1970 (timestamp): Validity limit of the account (0 = unlimited)
};
@@ -1488,8 +1489,6 @@ int mmo_char_send006b(int fd, struct char_session_data* sd)
{
int j;
- set_char_online(-1, 99, sd->account_id);
-
if (save_log)
ShowInfo("Loading Char Data ("CL_BOLD"%d"CL_RESET")\n",sd->account_id);
@@ -1581,7 +1580,7 @@ static void char_auth_ok(int fd, struct char_session_data *sd)
return;
}
- if (online_check && (character = idb_get(online_char_db, sd->account_id)))
+ if( online_check && (character = idb_get(online_char_db, sd->account_id)) != NULL )
{ // check if character is not online already. [Skotlex]
if (character->server > -1)
{ //Character already online. KICK KICK KICK
@@ -1602,6 +1601,7 @@ static void char_auth_ok(int fd, struct char_session_data *sd)
}
character->fd = fd;
}
+
if (login_fd > 0) {
// request to login-server to obtain e-mail/time limit
WFIFOHEAD(login_fd,6);
@@ -1609,6 +1609,13 @@ static void char_auth_ok(int fd, struct char_session_data *sd)
WFIFOL(login_fd,2) = sd->account_id;
WFIFOSET(login_fd,6);
}
+
+ // mark session as 'authed'
+ sd->auth = true;
+
+ // set char online on charserver
+ set_char_online(-1, 99, sd->account_id);
+
// send characters to player
mmo_char_send006b(fd, sd);
}
@@ -2817,7 +2824,7 @@ int parse_char(int fd)
while( RFIFOREST(fd) >= 2 )
{
//For use in packets that depend on an sd being present [Skotlex]
- #define FIFOSD_CHECK(rest) { if(RFIFOREST(fd) < rest) return 0; if (sd==NULL) { RFIFOSKIP(fd,rest); return 0; } }
+ #define FIFOSD_CHECK(rest) { if(RFIFOREST(fd) < rest) return 0; if (sd==NULL || !sd->auth) { RFIFOSKIP(fd,rest); return 0; } }
cmd = RFIFOW(fd,0);
switch( cmd )
@@ -2844,6 +2851,7 @@ int parse_char(int fd)
sd->login_id1 = RFIFOL(fd,6);
sd->login_id2 = RFIFOL(fd,10);
sd->sex = RFIFOB(fd,16);
+ sd->auth = false; // not authed yet
// send back account_id
WFIFOHEAD(fd,4);
@@ -3155,8 +3163,7 @@ int parse_char(int fd)
// char rename request
// R 028d <account ID>.l <char ID>.l <new name>.24B
case 0x28d:
- if (RFIFOREST(fd) < 34)
- return 0;
+ FIFOSD_CHECK(34);
//not implemented
RFIFOSKIP(fd,34);
break;