1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
|
/**
* @file lluserauth.cpp
* @brief LLUserAuth class implementation
*
* $LicenseInfo:firstyear=2003&license=viewergpl$
*
* Copyright (c) 2003-2008, Linden Research, Inc.
*
* Second Life Viewer Source Code
* The source code in this file ("Source Code") is provided by Linden Lab
* to you under the terms of the GNU General Public License, version 2.0
* ("GPL"), unless you have obtained a separate licensing agreement
* ("Other License"), formally executed by you and Linden Lab. Terms of
* the GPL can be found in doc/GPL-license.txt in this distribution, or
* online at http://secondlife.com/developers/opensource/gplv2
*
* There are special exceptions to the terms and conditions of the GPL as
* it is applied to this Source Code. View the full text of the exception
* in the file doc/FLOSS-exception.txt in this software distribution, or
* online at http://secondlife.com/developers/opensource/flossexception
*
* By copying, modifying or distributing this software, you acknowledge
* that you have read and understood your obligations described above,
* and agree to abide by those obligations.
*
* ALL LINDEN LAB SOURCE CODE IS PROVIDED "AS IS." LINDEN LAB MAKES NO
* WARRANTIES, EXPRESS, IMPLIED OR OTHERWISE, REGARDING ITS ACCURACY,
* COMPLETENESS OR PERFORMANCE.
* $/LicenseInfo$
*/
#include "llviewerprecompiledheaders.h"
#include "lluserauth.h"
#include <sstream>
#include <iterator>
#include "lldir.h"
#include "llversionviewer.h"
#include "llappviewer.h"
#include "llviewerbuild.h"
#include "llviewercontrol.h"
#include "llxmlrpctransaction.h"
// NOTE: MUST include these after otherincludes since queue gets redefined!?!!
#include <curl/curl.h>
#include <xmlrpc-epi/xmlrpc.h>
// Don't define PLATFORM_STRING for unknown platforms - they need
// to get added to the login cgi script, so we want this to cause an
// error if we get compiled for a different platform.
// *FIX: This is misreporting on linux. Change this so that linux is
// in fact reporting linux.
#if LL_WINDOWS || LL_LINUX
static const char* PLATFORM_STRING = "Win";
#elif LL_DARWIN
static const char* PLATFORM_STRING = "Mac";
#elif LL_LINUX
static const char* PLATFORM_STRING = "Lnx";
#elif LL_SOLARIS
static const char* PLATFORM_STRING = "Sol";
#else
#error("Unknown platform defined!")
#endif
LLUserAuth *gUserAuthp = NULL;
LLUserAuth::LLUserAuth() :
mTransaction(NULL),
mLastTransferRateBPS(0)
{
mAuthResponse = E_NO_RESPONSE_YET;
}
LLUserAuth::~LLUserAuth()
{
delete mTransaction;
mTransaction = NULL;
}
void LLUserAuth::authenticate(
const char* auth_uri,
const char* method,
const char* firstname,
const char* lastname,
LLUUID web_login_key,
const char* start,
BOOL skip_optional,
BOOL accept_tos,
BOOL accept_critical_message,
const LLUUID& viewer_digest,
BOOL last_exec_froze,
const std::vector<const char*>& requested_options,
const std::string& hashed_mac,
const std::string& hashed_volume_serial)
{
llinfos << "Authenticating: " << firstname << " " << lastname << ", "
<< /*dpasswd.c_str() <<*/ llendl;
std::ostringstream option_str;
option_str << "Options: ";
std::ostream_iterator<const char*> appender(option_str, ", ");
std::copy(requested_options.begin(), requested_options.end(), appender);
option_str << "END";
llinfos << option_str.str().c_str() << llendl;
mAuthResponse = E_NO_RESPONSE_YET;
//mDownloadTimer.reset();
// create the request
XMLRPC_REQUEST request = XMLRPC_RequestNew();
XMLRPC_RequestSetMethodName(request, method);
XMLRPC_RequestSetRequestType(request, xmlrpc_request_call);
// stuff the parameters
XMLRPC_VALUE params = XMLRPC_CreateVector(NULL, xmlrpc_vector_struct);
XMLRPC_VectorAppendString(params, "first", firstname, 0);
XMLRPC_VectorAppendString(params, "last", lastname, 0);
XMLRPC_VectorAppendString(params, "web_login_key", web_login_key.getString().c_str(), 0);
XMLRPC_VectorAppendString(params, "start", start, 0);
XMLRPC_VectorAppendString(params, "version", gCurrentVersion.c_str(), 0); // Includes channel name
XMLRPC_VectorAppendString(params, "channel", gChannelName.c_str(), 0);
XMLRPC_VectorAppendString(params, "platform", PLATFORM_STRING, 0);
XMLRPC_VectorAppendString(params, "mac", hashed_mac.c_str(), 0);
// A bit of security through obscurity: id0 is volume_serial
XMLRPC_VectorAppendString(params, "id0", hashed_volume_serial.c_str(), 0);
if (skip_optional)
{
XMLRPC_VectorAppendString(params, "skipoptional", "true", 0);
}
if (accept_tos)
{
XMLRPC_VectorAppendString(params, "agree_to_tos", "true", 0);
}
if (accept_critical_message)
{
XMLRPC_VectorAppendString(params, "read_critical", "true", 0);
}
XMLRPC_VectorAppendString(params, "viewer_digest", viewer_digest.asString().c_str(), 0);
XMLRPC_VectorAppendInt(params, "last_exec_event", (int) last_exec_froze);
// append optional requests in an array
XMLRPC_VALUE options = XMLRPC_CreateVector("options", xmlrpc_vector_array);
std::vector<const char*>::const_iterator it = requested_options.begin();
std::vector<const char*>::const_iterator end = requested_options.end();
for( ; it < end; ++it)
{
XMLRPC_VectorAppendString(options, NULL, (*it), 0);
}
XMLRPC_AddValueToVector(params, options);
// put the parameters on the request
XMLRPC_RequestSetData(request, params);
mTransaction = new LLXMLRPCTransaction(auth_uri, request);
XMLRPC_RequestFree(request, 1);
llinfos << "LLUserAuth::authenticate: uri=" << auth_uri << llendl;
}
LLUserAuth::UserAuthcode LLUserAuth::authResponse()
{
if (!mTransaction)
{
return mAuthResponse;
}
bool done = mTransaction->process();
if (!done) {
if (LLXMLRPCTransaction::StatusDownloading == mTransaction->status(0))
{
mAuthResponse = E_DOWNLOADING;
}
return mAuthResponse;
}
mLastTransferRateBPS = mTransaction->transferRate();
int result;
mTransaction->status(&result);
mErrorMessage = mTransaction->statusMessage();
// if curl was ok, parse the download area.
switch (result)
{
case CURLE_OK:
mAuthResponse = parseResponse();
break;
case CURLE_COULDNT_RESOLVE_HOST:
mAuthResponse = E_COULDNT_RESOLVE_HOST;
break;
case CURLE_SSL_PEER_CERTIFICATE:
mAuthResponse = E_SSL_PEER_CERTIFICATE;
break;
case CURLE_SSL_CACERT:
mAuthResponse = E_SSL_CACERT;
break;
case CURLE_SSL_CONNECT_ERROR:
mAuthResponse = E_SSL_CONNECT_ERROR;
break;
default:
mAuthResponse = E_UNHANDLED_ERROR;
break;
}
llinfos << "Processed response: " << result << llendl;
delete mTransaction;
mTransaction = NULL;
return mAuthResponse;
}
static void parseOptionInto(
const std::string& id, XMLRPC_VALUE option, LLUserAuth::options_t& options)
{
std::string key;
std::string val;
XMLRPC_VALUE_TYPE_EASY type;
XMLRPC_VALUE row = XMLRPC_VectorRewind(option);
while(row)
{
XMLRPC_VALUE opt = XMLRPC_VectorRewind(row);
LLUserAuth::response_t responses;
while(opt)
{
key.assign(XMLRPC_GetValueID(opt));
//llinfos "option key: " << key << llendl;
type = XMLRPC_GetValueTypeEasy(opt);
if(xmlrpc_type_string == type)
{
val.assign(XMLRPC_GetValueString(opt));
}
else if(xmlrpc_type_int == type)
{
val = llformat("%d", XMLRPC_GetValueInt(opt));
}
//llinfos "option val: " << val << llendl;
responses.insert(LLUserAuth::response_t::value_type(key, val));
opt = XMLRPC_VectorNext(row);
}
options.push_back(responses);
row = XMLRPC_VectorNext(option);
}
}
LLUserAuth::UserAuthcode LLUserAuth::parseResponse()
{
// The job of this function is to parse sCurlDownloadArea and
// extract every member into either the mResponses or
// mOptions. For now, we will only be looking at mResponses, which
// will all be string => string pairs.
UserAuthcode rv = E_UNHANDLED_ERROR;
XMLRPC_REQUEST response = mTransaction->response();
if(!response) return rv;
// clear out any old parsing
mResponses.clear();
mOptions.clear();
// Now, parse everything
std::string key;
std::string val;
XMLRPC_VALUE param = NULL;
XMLRPC_VALUE current = NULL;
XMLRPC_VALUE_TYPE_EASY type;
param = XMLRPC_RequestGetData(response);
if(!param) goto exit;
current = XMLRPC_VectorRewind(param);
while(current)
{
key.assign(XMLRPC_GetValueID(current));
lldebugs << "key: " << key << llendl;
type = XMLRPC_GetValueTypeEasy(current);
if(xmlrpc_type_string == type)
{
val.assign(XMLRPC_GetValueString(current));
lldebugs << "val: " << val << llendl;
mResponses.insert(response_t::value_type(key, val));
}
else if(xmlrpc_type_int == type)
{
char buf[MAX_STRING]; /* Flawfinder: ignore */
snprintf(buf, MAX_STRING, "%d", XMLRPC_GetValueInt(current)); /* Flawfinder: ignore */
val.assign(buf);
lldebugs << "val: " << val << llendl;
mResponses.insert(response_t::value_type(key, val));
}
else if(xmlrpc_type_array == type)
{
options_t options;
parseOptionInto(key, current, options);
mOptions.insert(all_options_t::value_type(key, options));
}
else
{
// whoops - bad response
llwarns << "Unhandled xmlrpc type, key, value: " << type << " "
<< key << " " << val << "." << llendl;
rv = E_UNHANDLED_ERROR;
break;
}
current = XMLRPC_VectorNext(param);
rv = E_OK;
}
exit:
return rv;
}
const char* LLUserAuth::getResponse(const char* name) const
{
if(!name) return NULL;
std::string key(name);
response_t::const_iterator it = mResponses.find(key);
if(it != mResponses.end())
{
return((*it).second.c_str());
}
return NULL;
}
BOOL LLUserAuth::getOptions(const char* name, options_t& options) const
{
if(!name) return FALSE;
std::string key(name);
all_options_t::const_iterator it = mOptions.find(key);
if(it != mOptions.end())
{
// found the option set, copyt them onto the container.
std::back_insert_iterator<options_t> ii(options);
std::copy((*it).second.begin(), (*it).second.end(), ii);
return TRUE;
}
return FALSE;
}
|