Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Authserver cleanup phase 3 - the account table unfuckening #25135

Merged
merged 14 commits into from Aug 2, 2020
Merged

Authserver cleanup phase 3 - the account table unfuckening #25135

merged 14 commits into from Aug 2, 2020

Conversation

Treeston
Copy link
Member

@Treeston Treeston commented Jul 26, 2020
edited

(This is part 3 of 5 in the deprecation process of sha_pass_hash, as outlined in #25157.)

Changes

  • salt and verifier are now BINARY(32), from VARCHAR(64)
  • SessionKey is now BINARY(40), from VARCHAR(80)

Backwards compatibility

  • sha_pass_hash will still be updated, and external tools can still set it
  • sha_pass_hash will only be read if backwards-compatibility fields s/v were changed by external tools

@jackpoz
Copy link
Member

jackpoz commented Jul 26, 2020
edited

  • sha_pass_hash is no longer updated, though external tools can still set it

This breaks https://github.com/TrinityCore/aowow, in particular login using TC as auth. See https://github.com/TrinityCore/aowow/blob/master/includes/user.class.php#L286 .
https://github.com/TrinityCore/minimanager/ is impacted too, in particular https://github.com/TrinityCore/minimanager/blob/master/login.php#L21 .

It would be nice if that tool (and other tools under the TC umbrella) would be updated before merging this PR

@Treeston
Copy link
Member Author

Treeston commented Jul 26, 2020
edited

@jackpoz we want some of the changes in this PR before updating external tools

re-added sha_pass_hash updating (for now)

@Treeston Treeston changed the title Core/Authserver: Clean up account table Authserver cleanup phase 3 - the account table unfuckening Jul 26, 2020
This was referenced Jul 26, 2020
Merged
Merged
Merged
Closed
@Treeston Treeston marked this pull request as ready for review July 28, 2020 23:09
Shauren
Shauren requested changes Jul 29, 2020
View reviewed changes
src/server/authserver/Server/AuthSession.cpp Outdated Show resolved Hide resolved
src/server/database/Database/Implementation/LoginDatabase.cpp Outdated Show resolved Hide resolved
src/server/authserver/Server/AuthSession.cpp Outdated Show resolved Hide resolved
@Treeston Treeston requested a review from Shauren July 29, 2020 18:19
@jackpoz
Copy link
Member

jackpoz commented Jul 31, 2020

I would add https://github.com/TrinityCore/account-creator also to the list of apps that would be nice to fix before merging this

@Treeston
auth DB sensemaking
02b38b9 
- salt/verifier/sessionkey are now binary
- old s/v/sha_pass_hash fields kept around for backwards compatibility
- sha_pass_hash is only read if s/v have been manually changed
- sha_pass_hash is still updated (for now), s/v are not
- no longer use sha_pass_hash for anything else core-side (.account, SOAP, RA)
@Treeston
GetBinary -> GetBinary for shauren
d8e78bc
@Treeston
remove the session_key wipe at startup
2e2e2a8
@Treeston
convert all legacy hashes on startup (and issue warning if we can be …
9b35dc0 
…definitely sure that this is a legacy tool)
@Treeston Treeston mentioned this pull request Jul 31, 2020
Merged
@Treeston Treeston requested a review from Shauren August 2, 2020 00:09
@Treeston Treeston merged commit 3164b58 into TrinityCore:3.3.5 Aug 2, 2020
@Treeston Treeston deleted the 3.3.5-auth-stage3 branch August 2, 2020 20:52
masterking32 added a commit to masterking32/WoWSimpleRegistration that referenced this pull request Aug 3, 2020
@masterking32
Registration support SRP6 for TC.
b800347 
TrinityCore/TrinityCore#25135
Shauren pushed a commit that referenced this pull request Aug 3, 2020
@Treeston @Shauren
Core/Authserver: Re-organize the accounts table (PR #25135)
73922d2 
- no longer use sha_pass_hash for anything else core-side (.account, SOAP, RA)
- salt/verifier/session_key are now binary
- old s/v/sha_pass_hash fields kept around for backwards compatibility
- sha_pass_hash is still updated (for now), s/v are not
- sha_pass_hash is only read if s/v have been manually changed
- SRP6 b now uses the full 32 bytes of randomness (instead of randomly only using 19)

(cherry picked from commit 3164b58)
masterking32 added a commit to masterking32/WoWSimpleRegistration that referenced this pull request Aug 4, 2020
@masterking32
Change password support SRP6.
4f4c8da 
TrinityCore/TrinityCore#25135
@Meltie2013 Meltie2013 mentioned this pull request Sep 21, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Warpten Warpten Awaiting requested review from Warpten

@Carbenium Carbenium Awaiting requested review from Carbenium

@Shauren Shauren Awaiting requested review from Shauren

Assignees
No one assigned
Labels
Branch-3.3.5a Comp-Core Feedback-PatchFix
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@Treeston @jackpoz @Shauren