WorldSocket.cpp

Go to the documentation of this file.

/*
 * This file is part of the TrinityCore Project. See AUTHORS file for Copyright information
 *
 * This program is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License as published by the
 * Free Software Foundation; either version 2 of the License, or (at your
 * option) any later version.
 *
 * This program is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
 * more details.
 *
 * You should have received a copy of the GNU General Public License along
 * with this program. If not, see <http://www.gnu.org/licenses/>.
 */
 
#include "WorldSocket.h"
#include "AuthenticationPackets.h"
#include "BattlenetRpcErrorCodes.h"
#include "CharacterPackets.h"
#include "CryptoHash.h"
#include "CryptoRandom.h"
#include "DatabaseEnv.h"
#include "Errors.h"
#include "GameTime.h"
#include "HMAC.h"
#include "IPLocation.h"
#include "PacketLog.h"
#include "RealmList.h"
#include "RBAC.h"
#include "ScriptMgr.h"
#include "SessionKeyGenerator.h"
#include "World.h"
#include "WorldPacket.h"
#include "WorldSession.h"
#include <zlib.h>
 
#pragma pack(push, 1)
 
struct CompressedWorldPacket
{
 uint32 UncompressedSize;
 uint32 UncompressedAdler;
 uint32 CompressedAdler;
};
 
#pragma pack(pop)
 
std::string const WorldSocket::ServerConnectionInitialize("WORLD OF WARCRAFT CONNECTION - SERVER TO CLIENT - V2");
std::string const WorldSocket::ClientConnectionInitialize("WORLD OF WARCRAFT CONNECTION - CLIENT TO SERVER - V2");
uint32 const WorldSocket::MinSizeForCompression = 0x400;
 
uint8 const WorldSocket::AuthCheckSeed[16] = { 0xC5, 0xC6, 0x98, 0x95, 0x76, 0x3F, 0x1D, 0xCD, 0xB6, 0xA1, 0x37, 0x28, 0xB3, 0x12, 0xFF, 0x8A };
uint8 const WorldSocket::SessionKeySeed[16] = { 0x58, 0xCB, 0xCF, 0x40, 0xFE, 0x2E, 0xCE, 0xA6, 0x5A, 0x90, 0xB8, 0x01, 0x68, 0x6C, 0x28, 0x0B };
uint8 const WorldSocket::ContinuedSessionSeed[16] = { 0x16, 0xAD, 0x0C, 0xD4, 0x46, 0xF9, 0x4F, 0xB2, 0xEF, 0x7D, 0xEA, 0x2A, 0x17, 0x66, 0x4D, 0x2F };
uint8 const WorldSocket::EncryptionKeySeed[16] = { 0xE9, 0x75, 0x3C, 0x50, 0x90, 0x93, 0x61, 0xDA, 0x3B, 0x07, 0xEE, 0xFA, 0xFF, 0x9D, 0x41, 0xB8 };
 
WorldSocket::WorldSocket(boost::asio::ip::tcp::socket&& socket) : Socket(std::move(socket)),
 _type(CONNECTION_TYPE_REALM), _key(0), _OverSpeedPings(0),
 _worldSession(nullptr), _authed(false), _canRequestHotfixes(true), _sendBufferSize(4096), _compressionStream(nullptr)
{
 Trinity::Crypto::GetRandomBytes(_serverChallenge);
 _sessionKey.fill(0);
 _encryptKey.fill(0);
 _headerBuffer.Resize(sizeof(IncomingPacketHeader));
}
 
WorldSocket::~WorldSocket()
{
 if (_compressionStream)
 {
 deflateEnd(_compressionStream);
 delete _compressionStream;
 }
}
 
void WorldSocket::Start()
{
 std::string ip_address = GetRemoteIpAddress().to_string();
 LoginDatabasePreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_IP_INFO);
 stmt->setString(0, ip_address);
 
 _queryProcessor.AddCallback(LoginDatabase.AsyncQuery(stmt).WithPreparedCallback([self = shared_from_this()](PreparedQueryResult result)
 {
 self->CheckIpCallback(std::move(result));
 }));
}
 
void WorldSocket::CheckIpCallback(PreparedQueryResult result)
{
 if (result)
 {
 bool banned = false;
 do
 {
 Field* fields = result->Fetch();
 if (fields[0].GetUInt64() != 0)
 banned = true;
 
 } while (result->NextRow());
 
 if (banned)
 {
 TC_LOG_ERROR("network", "WorldSocket::CheckIpCallback: Sent Auth Response (IP {} banned).", GetRemoteIpAddress().to_string());
 DelayedCloseSocket();
 return;
 }
 }
 
 _packetBuffer.Resize(ClientConnectionInitialize.length() + 1);
 
 AsyncReadWithCallback(&WorldSocket::InitializeHandler);
 
 MessageBuffer initializer;
 initializer.Write(ServerConnectionInitialize.c_str(), ServerConnectionInitialize.length());
 initializer.Write("\n", 1);
 
 // - IoContext.run thread, safe.
 QueuePacket(std::move(initializer));
}
 
void WorldSocket::InitializeHandler(boost::system::error_code const& error, std::size_t transferedBytes)
{
 if (error)
 {
 CloseSocket();
 return;
 }
 
 GetReadBuffer().WriteCompleted(transferedBytes);
 
 MessageBuffer& packet = GetReadBuffer();
 if (packet.GetActiveSize() > 0)
 {
 if (_packetBuffer.GetRemainingSpace() > 0)
 {
 // need to receive the header
 std::size_t readHeaderSize = std::min(packet.GetActiveSize(), _packetBuffer.GetRemainingSpace());
 _packetBuffer.Write(packet.GetReadPointer(), readHeaderSize);
 packet.ReadCompleted(readHeaderSize);
 
 if (_packetBuffer.GetRemainingSpace() > 0)
 {
 // Couldn't receive the whole header this time.
 ASSERT(packet.GetActiveSize() == 0);
 AsyncReadWithCallback(&WorldSocket::InitializeHandler);
 return;
 }
 
 try
 {
 ByteBuffer buffer(std::move(_packetBuffer));
 std::string initializer = buffer.ReadString(ClientConnectionInitialize.length());
 if (initializer != ClientConnectionInitialize)
 {
 CloseSocket();
 return;
 }
 
 uint8 terminator;
 buffer >> terminator;
 if (terminator != '\n')
 {
 CloseSocket();
 return;
 }
 }
 catch (ByteBufferException const& ex)
 {
 TC_LOG_ERROR("network", "WorldSocket::InitializeHandler ByteBufferException {} occured while parsing initial packet from {}",
 ex.what(), GetRemoteIpAddress().to_string());
 CloseSocket();
 return;
 }
 
 _compressionStream = new z_stream();
 _compressionStream->zalloc = (alloc_func)nullptr;
 _compressionStream->zfree = (free_func)nullptr;
 _compressionStream->opaque = (voidpf)nullptr;
 _compressionStream->avail_in = 0;
 _compressionStream->next_in = nullptr;
 int32 z_res = deflateInit2(_compressionStream, sWorld->getIntConfig(CONFIG_COMPRESSION), Z_DEFLATED, -15, 8, Z_DEFAULT_STRATEGY);
 if (z_res != Z_OK)
 {
 CloseSocket();
 TC_LOG_ERROR("network", "Can't initialize packet compression (zlib: deflateInit) Error code: {} ({})", z_res, zError(z_res));
 return;
 }
 
 _packetBuffer.Reset();
 HandleSendAuthSession();
 AsyncRead();
 return;
 }
 }
 
 AsyncReadWithCallback(&WorldSocket::InitializeHandler);
}
 
bool WorldSocket::Update()
{
 EncryptablePacket* queued;
 MessageBuffer buffer(_sendBufferSize);
 while (_bufferQueue.Dequeue(queued))
 {
 uint32 packetSize = queued->size() + 2 /*opcode*/;
 if (packetSize > MinSizeForCompression && queued->NeedsEncryption())
 packetSize = deflateBound(_compressionStream, packetSize) + sizeof(CompressedWorldPacket);
 
 // Flush current buffer if too small for next packet
 if (buffer.GetRemainingSpace() < packetSize + sizeof(PacketHeader))
 {
 QueuePacket(std::move(buffer));
 buffer.Resize(_sendBufferSize);
 }
 
 if (buffer.GetRemainingSpace() >= packetSize + sizeof(PacketHeader))
 WritePacketToBuffer(*queued, buffer);
 else // single packet larger than _sendBufferSize
 {
 MessageBuffer packetBuffer(packetSize + sizeof(PacketHeader));
 WritePacketToBuffer(*queued, packetBuffer);
 QueuePacket(std::move(packetBuffer));
 }
 
 delete queued;
 }
 
 if (buffer.GetActiveSize() > 0)
 QueuePacket(std::move(buffer));
 
 if (!BaseSocket::Update())
 return false;
 
 _queryProcessor.ProcessReadyCallbacks();
 
 return true;
}
 
void WorldSocket::HandleSendAuthSession()
{
 WorldPackets::Auth::AuthChallenge challenge;
 challenge.Challenge = _serverChallenge;
 memcpy(challenge.DosChallenge.data(), Trinity::Crypto::GetRandomBytes<32>().data(), 32);
 challenge.DosZeroBits = 1;
 
 SendPacketAndLogOpcode(*challenge.Write());
}
 
void WorldSocket::OnClose()
{
 {
 std::lock_guard<std::mutex> sessionGuard(_worldSessionLock);
 _worldSession = nullptr;
 }
}
 
void WorldSocket::ReadHandler()
{
 if (!IsOpen())
 return;
 
 MessageBuffer& packet = GetReadBuffer();
 while (packet.GetActiveSize() > 0)
 {
 if (_headerBuffer.GetRemainingSpace() > 0)
 {
 // need to receive the header
 std::size_t readHeaderSize = std::min(packet.GetActiveSize(), _headerBuffer.GetRemainingSpace());
 _headerBuffer.Write(packet.GetReadPointer(), readHeaderSize);
 packet.ReadCompleted(readHeaderSize);
 
 if (_headerBuffer.GetRemainingSpace() > 0)
 {
 // Couldn't receive the whole header this time.
 ASSERT(packet.GetActiveSize() == 0);
 break;
 }
 
 // We just received nice new header
 if (!ReadHeaderHandler())
 {
 CloseSocket();
 return;
 }
 }
 
 // We have full read header, now check the data payload
 if (_packetBuffer.GetRemainingSpace() > 0)
 {
 // need more data in the payload
 std::size_t readDataSize = std::min(packet.GetActiveSize(), _packetBuffer.GetRemainingSpace());
 _packetBuffer.Write(packet.GetReadPointer(), readDataSize);
 packet.ReadCompleted(readDataSize);
 
 if (_packetBuffer.GetRemainingSpace() > 0)
 {
 // Couldn't receive the whole data this time.
 ASSERT(packet.GetActiveSize() == 0);
 break;
 }
 }
 
 // just received fresh new payload
 ReadDataHandlerResult result = ReadDataHandler();
 _headerBuffer.Reset();
 if (result != ReadDataHandlerResult::Ok)
 {
 if (result != ReadDataHandlerResult::WaitingForQuery)
 CloseSocket();
 
 return;
 }
 }
 
 AsyncRead();
}
 
void WorldSocket::SetWorldSession(WorldSession* session)
{
 std::lock_guard<std::mutex> sessionGuard(_worldSessionLock);
 _worldSession = session;
 _authed = true;
}
 
bool WorldSocket::ReadHeaderHandler()
{
 ASSERT(_headerBuffer.GetActiveSize() == sizeof(IncomingPacketHeader), "Header size " SZFMTD " different than expected " SZFMTD, _headerBuffer.GetActiveSize(), sizeof(IncomingPacketHeader));
 
 IncomingPacketHeader* header = reinterpret_cast<IncomingPacketHeader*>(_headerBuffer.GetReadPointer());
 uint16 encryptedOpcode = header->EncryptedOpcode;
 
 if (!header->IsValidSize())
 {
 _authCrypt.PeekDecryptRecv(reinterpret_cast<uint8*>(&header->EncryptedOpcode), sizeof(encryptedOpcode));
 
 // CMSG_HOTFIX_REQUEST can be much larger than normal packets, allow receiving it once per session
 if (header->EncryptedOpcode != CMSG_HOTFIX_REQUEST || header->Size > 0x100000 || !_canRequestHotfixes)
 {
 TC_LOG_ERROR("network", "WorldSocket::ReadHeaderHandler(): client {} sent malformed packet (size: {}, opcode {})",
 GetRemoteIpAddress().to_string(), header->Size, uint32(header->EncryptedOpcode));
 return false;
 }
 }
 
 _packetBuffer.Resize(header->Size);
 _packetBuffer.Write(&encryptedOpcode, sizeof(encryptedOpcode));
 return true;
}
 
WorldSocket::ReadDataHandlerResult WorldSocket::ReadDataHandler()
{
 PacketHeader* header = reinterpret_cast<PacketHeader*>(_headerBuffer.GetReadPointer());
 
 if (!_authCrypt.DecryptRecv(_packetBuffer.GetReadPointer(), header->Size, header->Tag))
 {
 TC_LOG_ERROR("network", "WorldSocket::ReadHeaderHandler(): client {} failed to decrypt packet (size: {})",
 GetRemoteIpAddress().to_string(), header->Size);
 return ReadDataHandlerResult::Error;
 }
 
 WorldPacket packet(std::move(_packetBuffer), GetConnectionType());
 OpcodeClient opcode = packet.read<OpcodeClient>();
 if (uint32(opcode) >= uint32(NUM_OPCODE_HANDLERS))
 {
 TC_LOG_ERROR("network", "WorldSocket::ReadHeaderHandler(): client {} sent wrong opcode (opcode: {})",
 GetRemoteIpAddress().to_string(), uint32(opcode));
 return ReadDataHandlerResult::Error;
 }
 
 packet.SetOpcode(opcode);
 
 if (sPacketLog->CanLogPacket())
 sPacketLog->LogPacket(packet, CLIENT_TO_SERVER, GetRemoteIpAddress(), GetRemotePort(), GetConnectionType());
 
 std::unique_lock<std::mutex> sessionGuard(_worldSessionLock, std::defer_lock);
 
 switch (opcode)
 {
 case CMSG_PING:
 {
 LogOpcodeText(opcode, sessionGuard);
 WorldPackets::Auth::Ping ping(std::move(packet));
 if (!ping.ReadNoThrow())
 {
 TC_LOG_ERROR("network", "WorldSocket::ReadDataHandler(): client {} sent malformed CMSG_PING", GetRemoteIpAddress().to_string());
 return ReadDataHandlerResult::Error;
 }
 if (!HandlePing(ping))
 return ReadDataHandlerResult::Error;
 break;
 }
 case CMSG_AUTH_SESSION:
 {
 LogOpcodeText(opcode, sessionGuard);
 if (_authed)
 {
 // locking just to safely log offending user is probably overkill but we are disconnecting him anyway
 if (sessionGuard.try_lock())
 TC_LOG_ERROR("network", "WorldSocket::ProcessIncoming: received duplicate CMSG_AUTH_SESSION from {}", _worldSession->GetPlayerInfo());
 return ReadDataHandlerResult::Error;
 }
 
 std::shared_ptr<WorldPackets::Auth::AuthSession> authSession = std::make_shared<WorldPackets::Auth::AuthSession>(std::move(packet));
 if (!authSession->ReadNoThrow())
 {
 TC_LOG_ERROR("network", "WorldSocket::ReadDataHandler(): client {} sent malformed CMSG_AUTH_SESSION", GetRemoteIpAddress().to_string());
 return ReadDataHandlerResult::Error;
 }
 HandleAuthSession(authSession);
 return ReadDataHandlerResult::WaitingForQuery;
 }
 case CMSG_AUTH_CONTINUED_SESSION:
 {
 LogOpcodeText(opcode, sessionGuard);
 if (_authed)
 {
 // locking just to safely log offending user is probably overkill but we are disconnecting him anyway
 if (sessionGuard.try_lock())
 TC_LOG_ERROR("network", "WorldSocket::ProcessIncoming: received duplicate CMSG_AUTH_CONTINUED_SESSION from {}", _worldSession->GetPlayerInfo());
 return ReadDataHandlerResult::Error;
 }
 
 std::shared_ptr<WorldPackets::Auth::AuthContinuedSession> authSession = std::make_shared<WorldPackets::Auth::AuthContinuedSession>(std::move(packet));
 if (!authSession->ReadNoThrow())
 {
 TC_LOG_ERROR("network", "WorldSocket::ReadDataHandler(): client {} sent malformed CMSG_AUTH_CONTINUED_SESSION", GetRemoteIpAddress().to_string());
 return ReadDataHandlerResult::Error;
 }
 HandleAuthContinuedSession(authSession);
 return ReadDataHandlerResult::WaitingForQuery;
 }
 case CMSG_KEEP_ALIVE:
 sessionGuard.lock();
 LogOpcodeText(opcode, sessionGuard);
 if (_worldSession)
 {
 _worldSession->ResetTimeOutTime(true);
 return ReadDataHandlerResult::Ok;
 }
 TC_LOG_ERROR("network", "WorldSocket::ReadDataHandler: client {} sent CMSG_KEEP_ALIVE without being authenticated", GetRemoteIpAddress().to_string());
 return ReadDataHandlerResult::Error;
 case CMSG_LOG_DISCONNECT:
 LogOpcodeText(opcode, sessionGuard);
 packet.rfinish(); // contains uint32 disconnectReason;
 break;
 case CMSG_ENABLE_NAGLE:
 LogOpcodeText(opcode, sessionGuard);
 SetNoDelay(false);
 break;
 case CMSG_CONNECT_TO_FAILED:
 {
 sessionGuard.lock();
 
 LogOpcodeText(opcode, sessionGuard);
 WorldPackets::Auth::ConnectToFailed connectToFailed(std::move(packet));
 if (!connectToFailed.ReadNoThrow())
 {
 TC_LOG_ERROR("network", "WorldSocket::ReadDataHandler(): client {} sent malformed CMSG_CONNECT_TO_FAILED", GetRemoteIpAddress().to_string());
 return ReadDataHandlerResult::Error;
 }
 HandleConnectToFailed(connectToFailed);
 break;
 }
 case CMSG_ENTER_ENCRYPTED_MODE_ACK:
 LogOpcodeText(opcode, sessionGuard);
 HandleEnterEncryptedModeAck();
 break;
 case CMSG_HOTFIX_REQUEST:
 _canRequestHotfixes = false;
 [[fallthrough]];
 default:
 {
 if (opcode == CMSG_TIME_SYNC_RESPONSE)
 packet.SetReceiveTime(std::chrono::steady_clock::now());
 
 sessionGuard.lock();
 
 LogOpcodeText(opcode, sessionGuard);
 
 if (!_worldSession)
 {
 TC_LOG_ERROR("network.opcode", "ProcessIncoming: Client not authed opcode = {}", uint32(opcode));
 return ReadDataHandlerResult::Error;
 }
 
 OpcodeHandler const* handler = opcodeTable[opcode];
 if (!handler)
 {
 TC_LOG_ERROR("network.opcode", "No defined handler for opcode {} sent by {}", GetOpcodeNameForLogging(static_cast<OpcodeClient>(packet.GetOpcode())), _worldSession->GetPlayerInfo());
 break;
 }
 
 // Our Idle timer will reset on any non PING opcodes on login screen, allowing us to catch people idling.
 _worldSession->ResetTimeOutTime(false);
 
 // Copy the packet to the heap before enqueuing
 _worldSession->QueuePacket(new WorldPacket(std::move(packet)));
 break;
 }
 }
 
 return ReadDataHandlerResult::Ok;
}
 
void WorldSocket::LogOpcodeText(OpcodeClient opcode, std::unique_lock<std::mutex> const& guard) const
{
 if (!guard)
 {
 TC_LOG_TRACE("network.opcode", "C->S: {} {}", GetRemoteIpAddress().to_string(), GetOpcodeNameForLogging(opcode));
 }
 else
 {
 TC_LOG_TRACE("network.opcode", "C->S: {} {}", (_worldSession ? _worldSession->GetPlayerInfo() : GetRemoteIpAddress().to_string()),
 GetOpcodeNameForLogging(opcode));
 }
}
 
void WorldSocket::SendPacketAndLogOpcode(WorldPacket const& packet)
{
 TC_LOG_TRACE("network.opcode", "S->C: {} {}", GetRemoteIpAddress().to_string(), GetOpcodeNameForLogging(static_cast<OpcodeServer>(packet.GetOpcode())));
 SendPacket(packet);
}
 
void WorldSocket::SendPacket(WorldPacket const& packet)
{
 if (!IsOpen())
 return;
 
 if (sPacketLog->CanLogPacket())
 sPacketLog->LogPacket(packet, SERVER_TO_CLIENT, GetRemoteIpAddress(), GetRemotePort(), GetConnectionType());
 
 _bufferQueue.Enqueue(new EncryptablePacket(packet, _authCrypt.IsInitialized()));
}
 
void WorldSocket::WritePacketToBuffer(EncryptablePacket const& packet, MessageBuffer& buffer)
{
 uint16 opcode = packet.GetOpcode();
 uint32 packetSize = packet.size();
 
 // Reserve space for buffer
 uint8* headerPos = buffer.GetWritePointer();
 buffer.WriteCompleted(sizeof(PacketHeader));
 uint8* dataPos = buffer.GetWritePointer();
 buffer.WriteCompleted(sizeof(opcode));
 
 if (packetSize > MinSizeForCompression && packet.NeedsEncryption())
 {
 CompressedWorldPacket cmp;
 cmp.UncompressedSize = packetSize + 2;
 cmp.UncompressedAdler = adler32(adler32(0x9827D8F1, (Bytef*)&opcode, 2), packet.contents(), packetSize);
 
 // Reserve space for compression info - uncompressed size and checksums
 uint8* compressionInfo = buffer.GetWritePointer();
 buffer.WriteCompleted(sizeof(CompressedWorldPacket));
 
 uint32 compressedSize = CompressPacket(buffer.GetWritePointer(), packet);
 
 cmp.CompressedAdler = adler32(0x9827D8F1, buffer.GetWritePointer(), compressedSize);
 
 memcpy(compressionInfo, &cmp, sizeof(CompressedWorldPacket));
 buffer.WriteCompleted(compressedSize);
 packetSize = compressedSize + sizeof(CompressedWorldPacket);
 
 opcode = SMSG_COMPRESSED_PACKET;
 }
 else if (!packet.empty())
 buffer.Write(packet.contents(), packet.size());
 
 memcpy(dataPos, &opcode, sizeof(opcode));
 packetSize += 2 /*opcode*/;
 
 PacketHeader header;
 header.Size = packetSize;
 _authCrypt.EncryptSend(dataPos, header.Size, header.Tag);
 
 memcpy(headerPos, &header, sizeof(PacketHeader));
}
 
uint32 WorldSocket::CompressPacket(uint8* buffer, WorldPacket const& packet)
{
 uint32 opcode = packet.GetOpcode();
 uint32 bufferSize = deflateBound(_compressionStream, packet.size() + sizeof(uint16));
 
 _compressionStream->next_out = buffer;
 _compressionStream->avail_out = bufferSize;
 _compressionStream->next_in = (Bytef*)&opcode;
 _compressionStream->avail_in = sizeof(uint16);
 
 int32 z_res = deflate(_compressionStream, Z_NO_FLUSH);
 if (z_res != Z_OK)
 {
 TC_LOG_ERROR("network", "Can't compress packet opcode (zlib: deflate) Error code: {} ({}, msg: {})", z_res, zError(z_res), _compressionStream->msg);
 return 0;
 }
 
 _compressionStream->next_in = (Bytef*)packet.contents();
 _compressionStream->avail_in = packet.size();
 
 z_res = deflate(_compressionStream, Z_SYNC_FLUSH);
 if (z_res != Z_OK)
 {
 TC_LOG_ERROR("network", "Can't compress packet data (zlib: deflate) Error code: {} ({}, msg: {})", z_res, zError(z_res), _compressionStream->msg);
 return 0;
 }
 
 return bufferSize - _compressionStream->avail_out;
}
 
struct AccountInfo
{
 struct
 {
 uint32 Id;
 bool IsLockedToIP;
 std::string LastIP;
 std::string LockCountry;
 LocaleConstant Locale;
 bool IsBanned;
 
 } BattleNet;
 
 struct
 {
 uint32 Id;
 std::array<uint8, 64> KeyData;
 uint8 Expansion;
 int64 MuteTime;
 uint32 Recruiter;
 std::string OS;
 Minutes TimezoneOffset;
 bool IsRectuiter;
 AccountTypes Security;
 bool IsBanned;
 } Game;
 
 bool IsBanned() const { return BattleNet.IsBanned || Game.IsBanned; }
 
 explicit AccountInfo(Field const* fields)
 {
 // 0 1 2 3 4 5 6 7 8 9 10 11 12
 // SELECT a.id, a.session_key, ba.last_ip, ba.locked, ba.lock_country, a.expansion, a.mutetime, ba.locale, a.recruiter, a.os, a.timezone_offset, ba.id, aa.SecurityLevel,
 // 13 14 15
 // bab.unbandate > UNIX_TIMESTAMP() OR bab.unbandate = bab.bandate, ab.unbandate > UNIX_TIMESTAMP() OR ab.unbandate = ab.bandate, r.id
 // FROM account a LEFT JOIN battlenet_accounts ba ON a.battlenet_account = ba.id LEFT JOIN account_access aa ON a.id = aa.AccountID AND aa.RealmID IN (-1, ?)
 // LEFT JOIN battlenet_account_bans bab ON ba.id = bab.id LEFT JOIN account_banned ab ON a.id = ab.id LEFT JOIN account r ON a.id = r.recruiter
 // WHERE a.username = ? AND LENGTH(a.session_key) = 40 ORDER BY aa.RealmID DESC LIMIT 1
 Game.Id = fields[0].GetUInt32();
 Game.KeyData = fields[1].GetBinary<64>();
 BattleNet.LastIP = fields[2].GetString();
 BattleNet.IsLockedToIP = fields[3].GetBool();
 BattleNet.LockCountry = fields[4].GetString();
 Game.Expansion = fields[5].GetUInt8();
 Game.MuteTime = fields[6].GetInt64();
 BattleNet.Locale = LocaleConstant(fields[7].GetUInt8());
 Game.Recruiter = fields[8].GetUInt32();
 Game.OS = fields[9].GetString();
 Game.TimezoneOffset = Minutes(fields[10].GetInt16());
 BattleNet.Id = fields[11].GetUInt32();
 Game.Security = AccountTypes(fields[12].GetUInt8());
 BattleNet.IsBanned = fields[13].GetUInt32() != 0;
 Game.IsBanned = fields[14].GetUInt32() != 0;
 Game.IsRectuiter = fields[15].GetUInt32() != 0;
 
 if (BattleNet.Locale >= TOTAL_LOCALES)
 BattleNet.Locale = LOCALE_enUS;
 }
};
 
void WorldSocket::HandleAuthSession(std::shared_ptr<WorldPackets::Auth::AuthSession> authSession)
{
 // Get the account information from the auth database
 LoginDatabasePreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_ACCOUNT_INFO_BY_NAME);
 stmt->setInt32(0, int32(realm.Id.Realm));
 stmt->setString(1, authSession->RealmJoinTicket);
 
 _queryProcessor.AddCallback(LoginDatabase.AsyncQuery(stmt).WithPreparedCallback([this, authSession = std::move(authSession)](PreparedQueryResult result) mutable
 {
 HandleAuthSessionCallback(std::move(authSession), std::move(result));
 }));
}
 
void WorldSocket::HandleAuthSessionCallback(std::shared_ptr<WorldPackets::Auth::AuthSession> authSession, PreparedQueryResult result)
{
 // Stop if the account is not found
 if (!result)
 {
 // We can not log here, as we do not know the account. Thus, no accountId.
 TC_LOG_ERROR("network", "WorldSocket::HandleAuthSession: Sent Auth Response (unknown account).");
 DelayedCloseSocket();
 return;
 }
 
 RealmBuildInfo const* buildInfo = sRealmList->GetBuildInfo(realm.Build);
 if (!buildInfo)
 {
 SendAuthResponseError(ERROR_BAD_VERSION);
 TC_LOG_ERROR("network", "WorldSocket::HandleAuthSession: Missing auth seed for realm build {} ({}).", realm.Build, GetRemoteIpAddress().to_string());
 DelayedCloseSocket();
 return;
 }
 
 AccountInfo account(result->Fetch());
 
 // For hook purposes, we get Remoteaddress at this point.
 std::string address = GetRemoteIpAddress().to_string();
 
 Trinity::Crypto::SHA256 digestKeyHash;
 digestKeyHash.UpdateData(account.Game.KeyData.data(), account.Game.KeyData.size());
 if (account.Game.OS == "Wn64")
 digestKeyHash.UpdateData(buildInfo->Win64AuthSeed.data(), buildInfo->Win64AuthSeed.size());
 else if (account.Game.OS == "Mc64")
 digestKeyHash.UpdateData(buildInfo->Mac64AuthSeed.data(), buildInfo->Mac64AuthSeed.size());
 
 digestKeyHash.Finalize();
 
 Trinity::Crypto::HMAC_SHA256 hmac(digestKeyHash.GetDigest());
 hmac.UpdateData(authSession->LocalChallenge);
 hmac.UpdateData(_serverChallenge);
 hmac.UpdateData(AuthCheckSeed, 16);
 hmac.Finalize();
 
 // Check that Key and account name are the same on client and server
 if (memcmp(hmac.GetDigest().data(), authSession->Digest.data(), authSession->Digest.size()) != 0)
 {
 TC_LOG_ERROR("network", "WorldSocket::HandleAuthSession: Authentication failed for account: {} ('{}') address: {}", account.Game.Id, authSession->RealmJoinTicket, address);
 DelayedCloseSocket();
 return;
 }
 
 Trinity::Crypto::SHA256 keyData;
 keyData.UpdateData(account.Game.KeyData.data(), account.Game.KeyData.size());
 keyData.Finalize();
 
 Trinity::Crypto::HMAC_SHA256 sessionKeyHmac(keyData.GetDigest());
 sessionKeyHmac.UpdateData(_serverChallenge);
 sessionKeyHmac.UpdateData(authSession->LocalChallenge);
 sessionKeyHmac.UpdateData(SessionKeySeed, 16);
 sessionKeyHmac.Finalize();
 
 SessionKeyGenerator<Trinity::Crypto::SHA256> sessionKeyGenerator(sessionKeyHmac.GetDigest());
 sessionKeyGenerator.Generate(_sessionKey.data(), 40);
 
 Trinity::Crypto::HMAC_SHA256 encryptKeyGen(_sessionKey);
 encryptKeyGen.UpdateData(authSession->LocalChallenge);
 encryptKeyGen.UpdateData(_serverChallenge);
 encryptKeyGen.UpdateData(EncryptionKeySeed, 16);
 encryptKeyGen.Finalize();
 
 // only first 16 bytes of the hmac are used
 memcpy(_encryptKey.data(), encryptKeyGen.GetDigest().data(), 16);
 
 LoginDatabasePreparedStatement* stmt = nullptr;
 
 if (sWorld->getBoolConfig(CONFIG_ALLOW_LOGGING_IP_ADDRESSES_IN_DATABASE))
 {
 // As we don't know if attempted login process by ip works, we update last_attempt_ip right away
 stmt = LoginDatabase.GetPreparedStatement(LOGIN_UPD_LAST_ATTEMPT_IP);
 stmt->setString(0, address);
 stmt->setString(1, authSession->RealmJoinTicket);
 LoginDatabase.Execute(stmt);
 // This also allows to check for possible "hack" attempts on account
 }
 
 stmt = LoginDatabase.GetPreparedStatement(LOGIN_UPD_ACCOUNT_INFO_CONTINUED_SESSION);
 stmt->setBinary(0, _sessionKey);
 stmt->setUInt32(1, account.Game.Id);
 LoginDatabase.Execute(stmt);
 
 // First reject the connection if packet contains invalid data or realm state doesn't allow logging in
 if (sWorld->IsClosed())
 {
 SendAuthResponseError(ERROR_DENIED);
 TC_LOG_ERROR("network", "WorldSocket::HandleAuthSession: World closed, denying client ({}).", GetRemoteIpAddress().to_string());
 DelayedCloseSocket();
 return;
 }
 
 if (authSession->RealmID != realm.Id.Realm)
 {
 SendAuthResponseError(ERROR_DENIED);
 TC_LOG_ERROR("network", "WorldSocket::HandleAuthSession: Client {} requested connecting with realm id {} but this realm has id {} set in config.",
 GetRemoteIpAddress().to_string(), authSession->RealmID, realm.Id.Realm);
 DelayedCloseSocket();
 return;
 }
 
 // Must be done before WorldSession is created
 bool wardenActive = sWorld->getBoolConfig(CONFIG_WARDEN_ENABLED);
 if (wardenActive && account.Game.OS != "Win" && account.Game.OS != "Wn64" && account.Game.OS != "Mc64")
 {
 SendAuthResponseError(ERROR_DENIED);
 TC_LOG_ERROR("network", "WorldSocket::HandleAuthSession: Client {} attempted to log in using invalid client OS ({}).", address, account.Game.OS);
 DelayedCloseSocket();
 return;
 }
 
 if (IpLocationRecord const* location = sIPLocation->GetLocationRecord(address))
 _ipCountry = location->CountryCode;
 
 if (account.BattleNet.IsLockedToIP)
 {
 if (account.BattleNet.LastIP != address)
 {
 SendAuthResponseError(ERROR_RISK_ACCOUNT_LOCKED);
 TC_LOG_DEBUG("network", "WorldSocket::HandleAuthSession: Sent Auth Response (Account IP differs. Original IP: {}, new IP: {}).", account.BattleNet.LastIP, address);
 // We could log on hook only instead of an additional db log, however action logger is config based. Better keep DB logging as well
 sScriptMgr->OnFailedAccountLogin(account.Game.Id);
 DelayedCloseSocket();
 return;
 }
 }
 else if (!account.BattleNet.LockCountry.empty() && account.BattleNet.LockCountry != "00" && !_ipCountry.empty())
 {
 if (account.BattleNet.LockCountry != _ipCountry)
 {
 SendAuthResponseError(ERROR_RISK_ACCOUNT_LOCKED);
 TC_LOG_DEBUG("network", "WorldSocket::HandleAuthSession: Sent Auth Response (Account country differs. Original country: {}, new country: {}).", account.BattleNet.LockCountry, _ipCountry);
 // We could log on hook only instead of an additional db log, however action logger is config based. Better keep DB logging as well
 sScriptMgr->OnFailedAccountLogin(account.Game.Id);
 DelayedCloseSocket();
 return;
 }
 }
 
 int64 mutetime = account.Game.MuteTime;
 if (mutetime < 0)
 {
 mutetime = GameTime::GetGameTime() + std::llabs(mutetime);
 
 stmt = LoginDatabase.GetPreparedStatement(LOGIN_UPD_MUTE_TIME_LOGIN);
 stmt->setInt64(0, mutetime);
 stmt->setUInt32(1, account.Game.Id);
 LoginDatabase.Execute(stmt);
 }
 
 if (account.IsBanned())
 {
 SendAuthResponseError(ERROR_GAME_ACCOUNT_BANNED);
 TC_LOG_ERROR("network", "WorldSocket::HandleAuthSession: Sent Auth Response (Account banned).");
 sScriptMgr->OnFailedAccountLogin(account.Game.Id);
 DelayedCloseSocket();
 return;
 }
 
 // Check locked state for server
 AccountTypes allowedAccountType = sWorld->GetPlayerSecurityLimit();
 TC_LOG_DEBUG("network", "Allowed Level: {} Player Level {}", allowedAccountType, account.Game.Security);
 if (allowedAccountType > SEC_PLAYER && account.Game.Security < allowedAccountType)
 {
 SendAuthResponseError(ERROR_SERVER_IS_PRIVATE);
 TC_LOG_DEBUG("network", "WorldSocket::HandleAuthSession: User tries to login but his security level is not enough");
 sScriptMgr->OnFailedAccountLogin(account.Game.Id);
 DelayedCloseSocket();
 return;
 }
 
 TC_LOG_DEBUG("network", "WorldSocket::HandleAuthSession: Client '{}' authenticated successfully from {}.", authSession->RealmJoinTicket, address);
 
 if (sWorld->getBoolConfig(CONFIG_ALLOW_LOGGING_IP_ADDRESSES_IN_DATABASE))
 {
 // Update the last_ip in the database as it was successful for login
 stmt = LoginDatabase.GetPreparedStatement(LOGIN_UPD_LAST_IP);
 
 stmt->setString(0, address);
 stmt->setString(1, authSession->RealmJoinTicket);
 
 LoginDatabase.Execute(stmt);
 }
 
 // At this point, we can safely hook a successful login
 sScriptMgr->OnAccountLogin(account.Game.Id);
 
 _authed = true;
 _worldSession = new WorldSession(account.Game.Id, std::move(authSession->RealmJoinTicket), account.BattleNet.Id, shared_from_this(), account.Game.Security,
 account.Game.Expansion, mutetime, account.Game.OS, account.Game.TimezoneOffset, account.BattleNet.Locale, account.Game.Recruiter, account.Game.IsRectuiter);
 
 // Initialize Warden system only if it is enabled by config
 if (wardenActive)
 _worldSession->InitWarden(_sessionKey);
 
 _queryProcessor.AddCallback(_worldSession->LoadPermissionsAsync().WithPreparedCallback([this](PreparedQueryResult result)
 {
 LoadSessionPermissionsCallback(std::move(result));
 }));
 AsyncRead();
}
 
void WorldSocket::LoadSessionPermissionsCallback(PreparedQueryResult result)
{
 // RBAC must be loaded before adding session to check for skip queue permission
 _worldSession->GetRBACData()->LoadFromDBCallback(result);
 
 SendPacketAndLogOpcode(*WorldPackets::Auth::EnterEncryptedMode(_encryptKey, true).Write());
}
 
void WorldSocket::HandleAuthContinuedSession(std::shared_ptr<WorldPackets::Auth::AuthContinuedSession> authSession)
{
 WorldSession::ConnectToKey key;
 key.Raw = authSession->Key;
 
 _type = ConnectionType(key.Fields.ConnectionType);
 if (_type != CONNECTION_TYPE_INSTANCE)
 {
 SendAuthResponseError(ERROR_DENIED);
 DelayedCloseSocket();
 return;
 }
 
 uint32 accountId = uint32(key.Fields.AccountId);
 LoginDatabasePreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_ACCOUNT_INFO_CONTINUED_SESSION);
 stmt->setUInt32(0, accountId);
 
 _queryProcessor.AddCallback(LoginDatabase.AsyncQuery(stmt).WithPreparedCallback([this, authSession = std::move(authSession)](PreparedQueryResult result) mutable
 {
 HandleAuthContinuedSessionCallback(std::move(authSession), std::move(result));
 }));
}
 
void WorldSocket::HandleAuthContinuedSessionCallback(std::shared_ptr<WorldPackets::Auth::AuthContinuedSession> authSession, PreparedQueryResult result)
{
 if (!result)
 {
 SendAuthResponseError(ERROR_DENIED);
 DelayedCloseSocket();
 return;
 }
 
 WorldSession::ConnectToKey key;
 _key = key.Raw = authSession->Key;
 
 uint32 accountId = uint32(key.Fields.AccountId);
 Field* fields = result->Fetch();
 std::string login = fields[0].GetString();
 _sessionKey = fields[1].GetBinary<SESSION_KEY_LENGTH>();
 
 Trinity::Crypto::HMAC_SHA256 hmac(_sessionKey);
 hmac.UpdateData(reinterpret_cast<uint8 const*>(&authSession->Key), sizeof(authSession->Key));
 hmac.UpdateData(authSession->LocalChallenge);
 hmac.UpdateData(_serverChallenge);
 hmac.UpdateData(ContinuedSessionSeed, 16);
 hmac.Finalize();
 
 if (memcmp(hmac.GetDigest().data(), authSession->Digest.data(), authSession->Digest.size()))
 {
 TC_LOG_ERROR("network", "WorldSocket::HandleAuthContinuedSession: Authentication failed for account: {} ('{}') address: {}", accountId, login, GetRemoteIpAddress().to_string());
 DelayedCloseSocket();
 return;
 }
 
 Trinity::Crypto::HMAC_SHA256 encryptKeyGen(_sessionKey);
 encryptKeyGen.UpdateData(authSession->LocalChallenge);
 encryptKeyGen.UpdateData(_serverChallenge);
 encryptKeyGen.UpdateData(EncryptionKeySeed, 16);
 encryptKeyGen.Finalize();
 
 // only first 16 bytes of the hmac are used
 memcpy(_encryptKey.data(), encryptKeyGen.GetDigest().data(), 16);
 
 SendPacketAndLogOpcode(*WorldPackets::Auth::EnterEncryptedMode(_encryptKey, true).Write());
 AsyncRead();
}
 
void WorldSocket::HandleConnectToFailed(WorldPackets::Auth::ConnectToFailed& connectToFailed)
{
 if (_worldSession)
 {
 if (_worldSession->PlayerLoading())
 {
 switch (connectToFailed.Serial)
 {
 case WorldPackets::Auth::ConnectToSerial::WorldAttempt1:
 _worldSession->SendConnectToInstance(WorldPackets::Auth::ConnectToSerial::WorldAttempt2);
 break;
 case WorldPackets::Auth::ConnectToSerial::WorldAttempt2:
 _worldSession->SendConnectToInstance(WorldPackets::Auth::ConnectToSerial::WorldAttempt3);
 break;
 case WorldPackets::Auth::ConnectToSerial::WorldAttempt3:
 _worldSession->SendConnectToInstance(WorldPackets::Auth::ConnectToSerial::WorldAttempt4);
 break;
 case WorldPackets::Auth::ConnectToSerial::WorldAttempt4:
 _worldSession->SendConnectToInstance(WorldPackets::Auth::ConnectToSerial::WorldAttempt5);
 break;
 case WorldPackets::Auth::ConnectToSerial::WorldAttempt5:
 {
 TC_LOG_ERROR("network", "{} failed to connect 5 times to world socket, aborting login", _worldSession->GetPlayerInfo());
 _worldSession->AbortLogin(WorldPackets::Character::LoginFailureReason::NoWorld);
 break;
 }
 default:
 return;
 }
 }
 //else
 //{
 // transfer_aborted when/if we get map node redirection
 // SendPacketAndLogOpcode(*WorldPackets::Auth::ResumeComms().Write());
 //}
 }
}
 
void WorldSocket::HandleEnterEncryptedModeAck()
{
 _authCrypt.Init(_encryptKey);
 if (_type == CONNECTION_TYPE_REALM)
 sWorld->AddSession(_worldSession);
 else
 sWorld->AddInstanceSocket(shared_from_this(), _key);
}
 
void WorldSocket::SendAuthResponseError(uint32 code)
{
 WorldPackets::Auth::AuthResponse response;
 response.Result = code;
 SendPacketAndLogOpcode(*response.Write());
}
 
bool WorldSocket::HandlePing(WorldPackets::Auth::Ping& ping)
{
 using namespace std::chrono;
 
 if (_LastPingTime == steady_clock::time_point())
 {
 _LastPingTime = steady_clock::now();
 }
 else
 {
 steady_clock::time_point now = steady_clock::now();
 
 steady_clock::duration diff = now - _LastPingTime;
 
 _LastPingTime = now;
 
 if (diff < seconds(27))
 {
 ++_OverSpeedPings;
 
 uint32 maxAllowed = sWorld->getIntConfig(CONFIG_MAX_OVERSPEED_PINGS);
 
 if (maxAllowed && _OverSpeedPings > maxAllowed)
 {
 std::unique_lock<std::mutex> sessionGuard(_worldSessionLock);
 
 if (_worldSession && !_worldSession->HasPermission(rbac::RBAC_PERM_SKIP_CHECK_OVERSPEED_PING))
 {
 TC_LOG_ERROR("network", "WorldSocket::HandlePing: {} kicked for over-speed pings (address: {})",
 _worldSession->GetPlayerInfo(), GetRemoteIpAddress().to_string());
 
 return false;
 }
 }
 }
 else
 _OverSpeedPings = 0;
 }
 
 {
 std::lock_guard<std::mutex> sessionGuard(_worldSessionLock);
 
 if (_worldSession)
 _worldSession->SetLatency(ping.Latency);
 else
 {
 TC_LOG_ERROR("network", "WorldSocket::HandlePing: peer sent CMSG_PING, but is not authenticated or got recently kicked, address = {}", GetRemoteIpAddress().to_string());
 return false;
 }
 }
 
 SendPacketAndLogOpcode(*WorldPackets::Auth::Pong(ping.Serial).Write());
 return true;
}