From 838321a36c79e71117320154c9b611c99e93af03 Mon Sep 17 00:00:00 2001
From: Andrei Karas <akaras@inbox.ru>
Date: Sun, 5 Jul 2015 00:17:35 +0300
Subject: Add checks for servers ip address in inter server connections.

If ip not in configured subnet, connection refused.
This can protect servers from brutforcing attacks.
---
 src/char/char.c   | 10 ++++++----
 src/char/char.h   |  2 +-
 src/login/login.c | 14 ++++++++------
 src/login/login.h |  2 +-
 4 files changed, 16 insertions(+), 12 deletions(-)

diff --git a/src/char/char.c b/src/char/char.c
index 5f5dad539..7b1078e37 100644
--- a/src/char/char.c
+++ b/src/char/char.c
@@ -4959,18 +4959,20 @@ void char_login_map_server_ack(int fd, uint8 flag)
 	WFIFOSET(fd,3);
 }
 
-void char_parse_char_login_map_server(int fd)
+void char_parse_char_login_map_server(int fd, uint32 ipl)
 {
 	char* l_user = (char*)RFIFOP(fd,2);
 	char* l_pass = (char*)RFIFOP(fd,26);
 	int i;
 	l_user[23] = '\0';
 	l_pass[23] = '\0';
+
 	ARR_FIND( 0, ARRAYLENGTH(chr->server), i, chr->server[i].fd <= 0 );
-	if( runflag != CHARSERVER_ST_RUNNING ||
+	if (runflag != CHARSERVER_ST_RUNNING ||
 		i == ARRAYLENGTH(chr->server) ||
 		strcmp(l_user, chr->userid) != 0 ||
-		strcmp(l_pass, chr->passwd) != 0 )
+		strcmp(l_pass, chr->passwd) != 0 ||
+		!chr->lan_subnetcheck(ipl))
 	{
 		chr->login_map_server_ack(fd, 3); // Failure
 	} else {
@@ -5220,7 +5222,7 @@ int char_parse_char(int fd)
 				if (RFIFOREST(fd) < 60)
 					return 0;
 			{
-				chr->parse_char_login_map_server(fd);
+				chr->parse_char_login_map_server(fd, ipl);
 			}
 			return 0; // avoid processing of follow-up packets here
 
diff --git a/src/char/char.h b/src/char/char.h
index 0f351ca8c..5f2f8571a 100644
--- a/src/char/char.h
+++ b/src/char/char.h
@@ -290,7 +290,7 @@ struct char_interface {
 	void (*parse_char_delete2_accept) (int fd, struct char_session_data* sd);
 	void (*parse_char_delete2_cancel) (int fd, struct char_session_data* sd);
 	void (*login_map_server_ack) (int fd, uint8 flag);
-	void (*parse_char_login_map_server) (int fd);
+	void (*parse_char_login_map_server) (int fd, uint32 ipl);
 	void (*parse_char_pincode_check) (int fd, struct char_session_data* sd);
 	void (*parse_char_pincode_window) (int fd, struct char_session_data* sd);
 	void (*parse_char_pincode_change) (int fd, struct char_session_data* sd);
diff --git a/src/login/login.c b/src/login/login.c
index bb8ba51b3..caace34da 100644
--- a/src/login/login.c
+++ b/src/login/login.c
@@ -1555,8 +1555,8 @@ void login_char_server_connection_status(int fd, struct login_session_data* sd,
 	WFIFOSET(fd,3);
 }
 
-void login_parse_request_connection(int fd, struct login_session_data* sd, const char *const ip) __attribute__((nonnull (2, 3)));
-void login_parse_request_connection(int fd, struct login_session_data* sd, const char *const ip)
+void login_parse_request_connection(int fd, struct login_session_data* sd, const char *const ip, uint32 ipl) __attribute__((nonnull (2, 3)));
+void login_parse_request_connection(int fd, struct login_session_data* sd, const char *const ip, uint32 ipl)
 {
 	char server_name[20];
 	char message[256];
@@ -1584,11 +1584,13 @@ void login_parse_request_connection(int fd, struct login_session_data* sd, const
 	login_log(session[fd]->client_addr, sd->userid, 100, message);
 
 	result = login->mmo_auth(sd, true);
-	if( runflag == LOGINSERVER_ST_RUNNING &&
+	if (runflag == LOGINSERVER_ST_RUNNING &&
 		result == -1 &&
 		sd->sex == 'S' &&
-		sd->account_id >= 0 && sd->account_id < ARRAYLENGTH(server) &&
-		!session_isValid(server[sd->account_id].fd) )
+		sd->account_id >= 0 &&
+		sd->account_id < ARRAYLENGTH(server) &&
+		!session_isValid(server[sd->account_id].fd) &&
+		login->lan_subnetcheck(ipl))
 	{
 		ShowStatus("Connection of the char-server '%s' accepted.\n", server_name);
 		safestrncpy(server[sd->account_id].name, server_name, sizeof(server[sd->account_id].name));
@@ -1714,7 +1716,7 @@ int login_parse_login(int fd)
 			if (RFIFOREST(fd) < 86)
 				return 0;
 		{
-			login->parse_request_connection(fd, sd, ip);
+			login->parse_request_connection(fd, sd, ip, ipl);
 		}
 		return 0; // processing will continue elsewhere
 
diff --git a/src/login/login.h b/src/login/login.h
index f05ff6d0f..de504db07 100644
--- a/src/login/login.h
+++ b/src/login/login.h
@@ -204,7 +204,7 @@ struct login_interface {
 	void (*send_coding_key) (int fd, struct login_session_data* sd);
 	void (*parse_request_coding_key) (int fd, struct login_session_data* sd);
 	void (*char_server_connection_status) (int fd, struct login_session_data* sd, uint8 status);
-	void (*parse_request_connection) (int fd, struct login_session_data* sd, const char *ip);
+	void (*parse_request_connection) (int fd, struct login_session_data* sd, const char *ip, uint32 ipl);
 	int (*parse_login) (int fd);
 	char *LOGIN_CONF_NAME;
 	char *LAN_CONF_NAME;
-- 
cgit v1.2.3-70-g09d2