From e9360f56c4c791cae4caf0df7d2d0a1052dc98a9 Mon Sep 17 00:00:00 2001 From: Benjamin Jackson <38561765+heyitsbench@users.noreply.github.com> Date: Mon, 23 Feb 2026 19:47:23 -0500 Subject: [PATCH] fix(Core/AuthSession): Send proper account flags for authentication responses. (#24829) --- .../apps/authserver/Server/AuthSession.cpp | 31 ++++++++++--------- .../apps/authserver/Server/AuthSession.h | 1 + .../Database/Implementation/LoginDatabase.cpp | 4 +-- 3 files changed, 19 insertions(+), 17 deletions(-) diff --git a/src/server/apps/authserver/Server/AuthSession.cpp b/src/server/apps/authserver/Server/AuthSession.cpp index e5315c9ec..ce4a1e590 100644 --- a/src/server/apps/authserver/Server/AuthSession.cpp +++ b/src/server/apps/authserver/Server/AuthSession.cpp @@ -136,13 +136,13 @@ std::unordered_map const Handlers = AuthSession::InitHandler void AccountInfo::LoadResult(Field* fields) { - // 0 1 2 3 4 5 - // SELECT a.id, a.username, a.locked, a.lock_country, a.last_ip, a.failed_logins, - // 6 7 + // 0 1 2 3 4 5 6 + // SELECT a.id, a.username, a.locked, a.lock_country, a.last_ip, a.Flags, a.failed_logins, + // 7 8 // ab.unbandate > UNIX_TIMESTAMP() OR ab.unbandate = ab.bandate, ab.unbandate = ab.bandate, - // 8 9 + // 9 10 // ipb.unbandate > UNIX_TIMESTAMP() OR ipb.unbandate = ipb.bandate, ipb.unbandate = ipb.bandate, - // 10 + // 11 // aa.gmlevel (, more query-specific fields) // FROM account a LEFT JOIN account_access aa ON a.id = aa.id LEFT JOIN account_banned ab ON ab.id = a.id AND ab.active = 1 LEFT JOIN ip_banned ipb ON ipb.ip = ? WHERE a.username = ? @@ -151,10 +151,11 @@ void AccountInfo::LoadResult(Field* fields) IsLockedToIP = fields[2].Get(); LockCountry = fields[3].Get(); LastIP = fields[4].Get(); - FailedLogins = fields[5].Get(); - IsBanned = fields[6].Get() || fields[8].Get(); - IsPermanentlyBanned = fields[7].Get() || fields[9].Get(); - SecurityLevel = static_cast(fields[10].Get()) > SEC_CONSOLE ? SEC_CONSOLE : static_cast(fields[10].Get()); + Flags = fields[5].Get(); + FailedLogins = fields[6].Get(); + IsBanned = fields[7].Get() || fields[9].Get(); + IsPermanentlyBanned = fields[8].Get() || fields[10].Get(); + SecurityLevel = static_cast(fields[11].Get()) > SEC_CONSOLE ? SEC_CONSOLE : static_cast(fields[12].Get()); // Use our own uppercasing of the account name instead of using UPPER() in mysql query // This is how the account was created in the first place and changing it now would result in breaking @@ -387,10 +388,10 @@ void AuthSession::LogonChallengeCallback(PreparedQueryResult result) uint8 securityFlags = 0; // Check if a TOTP token is needed - if (!fields[11].IsNull()) + if (!fields[12].IsNull()) { securityFlags = 4; - _totpSecret = fields[11].Get(); + _totpSecret = fields[12].Get(); if (auto const& secret = sSecretMgr->GetSecret(SECRET_TOTP_MASTER_KEY)) { @@ -406,8 +407,8 @@ void AuthSession::LogonChallengeCallback(PreparedQueryResult result) } _srp6.emplace(_accountInfo.Login, - fields[12].Get(), - fields[13].Get()); + fields[13].Get(), + fields[14].Get()); // Fill the response packet with the result if (AuthHelper::IsAcceptedClientBuild(_build)) @@ -531,7 +532,7 @@ bool AuthSession::HandleLogonProof() proof.M2 = M2; proof.cmd = AUTH_LOGON_PROOF; proof.error = 0; - proof.AccountFlags = ACCOUNT_FLAG_PROPASS_LOCK; // enum AccountFlag + proof.AccountFlags = _accountInfo.Flags; proof.SurveyId = 0; proof.LoginFlags = 0; // 0x1 = has account message @@ -667,7 +668,7 @@ void AuthSession::ReconnectChallengeCallback(PreparedQueryResult result) Field* fields = result->Fetch(); _accountInfo.LoadResult(fields); - _sessionKey = fields[11].Get(); + _sessionKey = fields[12].Get(); Acore::Crypto::GetRandomBytes(_reconnectProof); _status = STATUS_RECONNECT_PROOF; diff --git a/src/server/apps/authserver/Server/AuthSession.h b/src/server/apps/authserver/Server/AuthSession.h index 0c61e5e2f..0ea2fafff 100644 --- a/src/server/apps/authserver/Server/AuthSession.h +++ b/src/server/apps/authserver/Server/AuthSession.h @@ -54,6 +54,7 @@ struct AccountInfo bool IsLockedToIP = false; std::string LockCountry; std::string LastIP; + uint32 Flags; uint32 FailedLogins = 0; bool IsBanned = false; bool IsPermanentlyBanned = false; diff --git a/src/server/database/Database/Implementation/LoginDatabase.cpp b/src/server/database/Database/Implementation/LoginDatabase.cpp index 1e091b56e..298ae09d5 100644 --- a/src/server/database/Database/Implementation/LoginDatabase.cpp +++ b/src/server/database/Database/Implementation/LoginDatabase.cpp @@ -24,7 +24,7 @@ void LoginDatabaseConnection::DoPrepareStatements() m_stmts.resize(MAX_LOGINDATABASE_STATEMENTS); PrepareStatement(LOGIN_SEL_LOGONCHALLENGE, - "SELECT a.id, a.username, a.locked, a.lock_country, a.last_ip, a.failed_logins, " + "SELECT a.id, a.username, a.locked, a.lock_country, a.last_ip, a.Flags, a.failed_logins, " "ab.unbandate > UNIX_TIMESTAMP() OR ab.unbandate = ab.bandate, ab.unbandate = ab.bandate, " "ipb.unbandate > UNIX_TIMESTAMP() OR ipb.unbandate = ipb.bandate, ipb.unbandate = ipb.bandate, " "aa.gmlevel, a.totp_secret, a.salt, a.verifier " @@ -34,7 +34,7 @@ void LoginDatabaseConnection::DoPrepareStatements() "LEFT JOIN ip_banned ipb ON ipb.ip = ? " "WHERE a.username = ?", CONNECTION_ASYNC); PrepareStatement(LOGIN_SEL_RECONNECTCHALLENGE, - "SELECT a.id, a.username, a.locked, a.lock_country, a.last_ip, a.failed_logins, " + "SELECT a.id, a.username, a.locked, a.lock_country, a.last_ip, a.Flags, a.failed_logins, " "ab.unbandate > UNIX_TIMESTAMP() OR ab.unbandate = ab.bandate, ab.unbandate = ab.bandate, " "ipb.unbandate > UNIX_TIMESTAMP() OR ipb.unbandate = ipb.bandate, ipb.unbandate = ipb.bandate, " "aa.gmlevel, a.session_key "