Add authenticator opcode support + auth_probe tool

include/auth/auth_handler.hpp

@@ -21,6 +21,7 @@ enum class AuthState {
     CHALLENGE_SENT,
     CHALLENGE_RECEIVED,
     PIN_REQUIRED,
+    AUTHENTICATOR_REQUIRED,
     PROOF_SENT,
     AUTHENTICATED,
     REALM_LIST_REQUESTED,
@@ -51,6 +52,8 @@ public:
     // Optional: when the auth server requires a PIN (securityFlags & 0x01), call this to continue.
     // PIN must be 4-10 digits.
     void submitPin(const std::string& pin);
+    // Generic continuation for PIN / authenticator-required servers.
+    void submitSecurityCode(const std::string& code);
 
     // Set client version info (call before authenticate)
     void setClientInfo(const ClientInfo& info) { clientInfo = info; }
@@ -108,7 +111,7 @@ private:
     uint8_t securityFlags_ = 0;
     uint32_t pinGridSeed_ = 0;
     std::array<uint8_t, 16> pinServerSalt_{}; // from LOGON_CHALLENGE response
-    std::string pendingPin_;
+    std::string pendingSecurityCode_;
 };
 
 } // namespace auth

include/auth/auth_opcodes.hpp

@@ -11,6 +11,7 @@ enum class AuthOpcode : uint8_t {
     LOGON_PROOF = 0x01,
     RECONNECT_CHALLENGE = 0x02,
     RECONNECT_PROOF = 0x03,
+    AUTHENTICATOR = 0x04,  // TrinityCore-style Google Authenticator token
     REALM_LIST = 0x10,
 };
 

include/auth/auth_packets.hpp

@@ -43,6 +43,9 @@ struct LogonChallengeResponse {
     uint32_t pinGridSeed = 0;
     std::array<uint8_t, 16> pinSalt{};
 
+    // Authenticator extension (securityFlags & 0x04)
+    uint8_t authenticatorRequired = 0;
+
     bool isSuccess() const { return result == AuthResult::SUCCESS; }
 };
 
@@ -64,6 +67,12 @@ public:
                                   const std::array<uint8_t, 20>* pinHash);
 };
 
+// AUTHENTICATOR token packet builder (opcode 0x04 on many TrinityCore-derived servers)
+class AuthenticatorTokenPacket {
+public:
+    static network::Packet build(const std::string& token);
+};
+
 // LOGON_PROOF response data
 struct LogonProofResponse {
     uint8_t status;