diff options
author | onefang | 2019-09-11 16:36:50 +1000 |
---|---|---|
committer | onefang | 2019-09-11 16:36:50 +1000 |
commit | 50cd1ffd32f69228e566f2b0b89f86ea0d9fe489 (patch) | |
tree | 52f2ab0c04f1a5d7d6ac5dc872981b4b156447e7 /OpenSim/Services/AuthenticationService | |
parent | Renamed branch to SledjChisl. (diff) | |
parent | Bump to release flavour, build 0. (diff) | |
download | opensim-SC-50cd1ffd32f69228e566f2b0b89f86ea0d9fe489.zip opensim-SC-50cd1ffd32f69228e566f2b0b89f86ea0d9fe489.tar.gz opensim-SC-50cd1ffd32f69228e566f2b0b89f86ea0d9fe489.tar.bz2 opensim-SC-50cd1ffd32f69228e566f2b0b89f86ea0d9fe489.tar.xz |
Merge branch 'SledjChisl'
Diffstat (limited to 'OpenSim/Services/AuthenticationService')
5 files changed, 125 insertions, 36 deletions
diff --git a/OpenSim/Services/AuthenticationService/AuthenticationServiceBase.cs b/OpenSim/Services/AuthenticationService/AuthenticationServiceBase.cs index 229f557..f66b4e2 100644 --- a/OpenSim/Services/AuthenticationService/AuthenticationServiceBase.cs +++ b/OpenSim/Services/AuthenticationService/AuthenticationServiceBase.cs | |||
@@ -30,17 +30,18 @@ using OpenMetaverse; | |||
30 | using log4net; | 30 | using log4net; |
31 | using Nini.Config; | 31 | using Nini.Config; |
32 | using System.Reflection; | 32 | using System.Reflection; |
33 | using OpenSim.Server.Base; | ||
34 | using OpenSim.Services.Interfaces; | ||
33 | using OpenSim.Data; | 35 | using OpenSim.Data; |
34 | using OpenSim.Framework; | 36 | using OpenSim.Framework; |
35 | using OpenSim.Services.Base; | 37 | using OpenSim.Services.Base; |
36 | using OpenSim.Services.Interfaces; | ||
37 | 38 | ||
38 | namespace OpenSim.Services.AuthenticationService | 39 | namespace OpenSim.Services.AuthenticationService |
39 | { | 40 | { |
40 | // Generic Authentication service used for identifying | 41 | // Generic Authentication service used for identifying |
41 | // and authenticating principals. | 42 | // and authenticating principals. |
42 | // Principals may be clients acting on users' behalf, | 43 | // Principals may be clients acting on users' behalf, |
43 | // or any other components that need | 44 | // or any other components that need |
44 | // verifiable identification. | 45 | // verifiable identification. |
45 | // | 46 | // |
46 | public class AuthenticationServiceBase : ServiceBase | 47 | public class AuthenticationServiceBase : ServiceBase |
@@ -48,8 +49,14 @@ namespace OpenSim.Services.AuthenticationService | |||
48 | private static readonly ILog m_log = | 49 | private static readonly ILog m_log = |
49 | LogManager.GetLogger( | 50 | LogManager.GetLogger( |
50 | MethodBase.GetCurrentMethod().DeclaringType); | 51 | MethodBase.GetCurrentMethod().DeclaringType); |
51 | 52 | ||
52 | protected IAuthenticationData m_Database; | 53 | protected IAuthenticationData m_Database; |
54 | protected IUserAccountService m_UserAccountService = null; | ||
55 | |||
56 | public AuthenticationServiceBase(IConfigSource config, IUserAccountService acct) : this(config) | ||
57 | { | ||
58 | m_UserAccountService = acct; | ||
59 | } | ||
53 | 60 | ||
54 | public AuthenticationServiceBase(IConfigSource config) : base(config) | 61 | public AuthenticationServiceBase(IConfigSource config) : base(config) |
55 | { | 62 | { |
@@ -171,7 +178,7 @@ namespace OpenSim.Services.AuthenticationService | |||
171 | m_log.DebugFormat("[AUTHENTICATION DB]: Set authentication info for principalID {0}", info.PrincipalID); | 178 | m_log.DebugFormat("[AUTHENTICATION DB]: Set authentication info for principalID {0}", info.PrincipalID); |
172 | return true; | 179 | return true; |
173 | } | 180 | } |
174 | 181 | ||
175 | protected string GetToken(UUID principalID, int lifetime) | 182 | protected string GetToken(UUID principalID, int lifetime) |
176 | { | 183 | { |
177 | UUID token = UUID.Random(); | 184 | UUID token = UUID.Random(); |
diff --git a/OpenSim/Services/AuthenticationService/PasswordAuthenticationService.cs b/OpenSim/Services/AuthenticationService/PasswordAuthenticationService.cs index 5f1bde1..aef3e9f 100644 --- a/OpenSim/Services/AuthenticationService/PasswordAuthenticationService.cs +++ b/OpenSim/Services/AuthenticationService/PasswordAuthenticationService.cs | |||
@@ -41,7 +41,7 @@ namespace OpenSim.Services.AuthenticationService | |||
41 | // Generic Authentication service used for identifying | 41 | // Generic Authentication service used for identifying |
42 | // and authenticating principals. | 42 | // and authenticating principals. |
43 | // Principals may be clients acting on users' behalf, | 43 | // Principals may be clients acting on users' behalf, |
44 | // or any other components that need | 44 | // or any other components that need |
45 | // verifiable identification. | 45 | // verifiable identification. |
46 | // | 46 | // |
47 | public class PasswordAuthenticationService : | 47 | public class PasswordAuthenticationService : |
@@ -50,7 +50,13 @@ namespace OpenSim.Services.AuthenticationService | |||
50 | private static readonly ILog m_log = | 50 | private static readonly ILog m_log = |
51 | LogManager.GetLogger( | 51 | LogManager.GetLogger( |
52 | MethodBase.GetCurrentMethod().DeclaringType); | 52 | MethodBase.GetCurrentMethod().DeclaringType); |
53 | 53 | ||
54 | public PasswordAuthenticationService(IConfigSource config, IUserAccountService userService) : | ||
55 | base(config, userService) | ||
56 | { | ||
57 | m_log.Debug("[AUTH SERVICE]: Started with User Account access"); | ||
58 | } | ||
59 | |||
54 | public PasswordAuthenticationService(IConfigSource config) : | 60 | public PasswordAuthenticationService(IConfigSource config) : |
55 | base(config) | 61 | base(config) |
56 | { | 62 | { |
@@ -58,42 +64,94 @@ namespace OpenSim.Services.AuthenticationService | |||
58 | 64 | ||
59 | public string Authenticate(UUID principalID, string password, int lifetime) | 65 | public string Authenticate(UUID principalID, string password, int lifetime) |
60 | { | 66 | { |
67 | UUID realID; | ||
68 | return Authenticate(principalID, password, lifetime, out realID); | ||
69 | } | ||
70 | |||
71 | public string Authenticate(UUID principalID, string password, int lifetime, out UUID realID) | ||
72 | { | ||
73 | realID = UUID.Zero; | ||
74 | |||
75 | m_log.DebugFormat("[AUTH SERVICE]: Authenticating for {0}, user account service present: {1}", principalID, m_UserAccountService != null); | ||
61 | AuthenticationData data = m_Database.Get(principalID); | 76 | AuthenticationData data = m_Database.Get(principalID); |
77 | UserAccount user = null; | ||
78 | if (m_UserAccountService != null) | ||
79 | user = m_UserAccountService.GetUserAccount(UUID.Zero, principalID); | ||
62 | 80 | ||
63 | if (data == null) | 81 | if (data == null || data.Data == null) |
64 | { | 82 | { |
65 | m_log.DebugFormat("[AUTH SERVICE]: PrincipalID {0} not found", principalID); | 83 | m_log.DebugFormat("[AUTH SERVICE]: PrincipalID {0} or its data not found", principalID); |
66 | return String.Empty; | 84 | return String.Empty; |
67 | } | 85 | } |
68 | else if (data.Data == null) | 86 | |
87 | if (!data.Data.ContainsKey("passwordHash") || | ||
88 | !data.Data.ContainsKey("passwordSalt")) | ||
89 | { | ||
90 | m_log.DebugFormat("[AUTH SERVICE]: No credentials."); | ||
91 | return String.Empty; | ||
92 | } | ||
93 | |||
94 | string hashed = Util.Md5Hash(password + ":" + | ||
95 | data.Data["passwordSalt"].ToString()); | ||
96 | |||
97 | // m_log.DebugFormat("[PASS AUTH]: got {0}; hashed = {1}; stored = {2}", password, hashed, data.Data["passwordHash"].ToString()); | ||
98 | |||
99 | if (data.Data["passwordHash"].ToString() == hashed) | ||
100 | { | ||
101 | return GetToken(principalID, lifetime); | ||
102 | } | ||
103 | |||
104 | if (user == null) | ||
69 | { | 105 | { |
70 | m_log.DebugFormat("[AUTH SERVICE]: PrincipalID {0} data not found", principalID); | 106 | m_log.DebugFormat("[PASS AUTH]: No user record for {0}", principalID); |
71 | return String.Empty; | 107 | return String.Empty; |
72 | } | 108 | } |
73 | else if (!data.Data.ContainsKey("passwordHash") || !data.Data.ContainsKey("passwordSalt")) | 109 | |
110 | int impersonateFlag = 1 << 6; | ||
111 | |||
112 | if ((user.UserFlags & impersonateFlag) == 0) | ||
74 | { | 113 | { |
75 | m_log.DebugFormat( | 114 | m_log.DebugFormat("[AUTH SERVICE]: Not trying impersonation {0} {1}.", user.UserFlags, impersonateFlag); |
76 | "[AUTH SERVICE]: PrincipalID {0} data didn't contain either passwordHash or passwordSalt", principalID); | ||
77 | return String.Empty; | 115 | return String.Empty; |
78 | } | 116 | } |
79 | else | 117 | |
118 | m_log.DebugFormat("[PASS AUTH]: Attempting impersonation."); | ||
119 | |||
120 | List<UserAccount> accounts = m_UserAccountService.GetUserAccountsWhere(UUID.Zero, "UserLevel >= 200"); | ||
121 | if (accounts == null || accounts.Count == 0) | ||
122 | return String.Empty; | ||
123 | |||
124 | foreach (UserAccount a in accounts) | ||
80 | { | 125 | { |
81 | string hashed = Util.Md5Hash(password + ":" + data.Data["passwordSalt"].ToString()); | 126 | data = m_Database.Get(a.PrincipalID); |
127 | if (data == null || data.Data == null || | ||
128 | !data.Data.ContainsKey("passwordHash") || | ||
129 | !data.Data.ContainsKey("passwordSalt")) | ||
130 | { | ||
131 | continue; | ||
132 | } | ||
133 | |||
134 | // m_log.DebugFormat("[PASS AUTH]: Trying {0}", data.PrincipalID); | ||
82 | 135 | ||
83 | m_log.DebugFormat("[PASS AUTH]: got {0}; hashed = {1}; stored = {2}", password, hashed, data.Data["passwordHash"].ToString()); | 136 | hashed = Util.Md5Hash(password + ":" + |
137 | data.Data["passwordSalt"].ToString()); | ||
84 | 138 | ||
85 | if (data.Data["passwordHash"].ToString() == hashed) | 139 | if (data.Data["passwordHash"].ToString() == hashed) |
86 | { | 140 | { |
141 | m_log.InfoFormat("[PASS AUTH]: {0} {1} impersonating {2}, proceeding with login", a.FirstName, a.LastName, principalID); | ||
142 | realID = a.PrincipalID; | ||
87 | return GetToken(principalID, lifetime); | 143 | return GetToken(principalID, lifetime); |
88 | } | 144 | } |
89 | else | 145 | // else |
90 | { | 146 | // { |
91 | m_log.DebugFormat( | 147 | // m_log.DebugFormat( |
92 | "[AUTH SERVICE]: Salted hash {0} of given password did not match salted hash of {1} for PrincipalID {2}. Authentication failure.", | 148 | // "[AUTH SERVICE]: Salted hash {0} of given password did not match salted hash of {1} for PrincipalID {2}. Authentication failure.", |
93 | hashed, data.Data["passwordHash"], principalID); | 149 | // hashed, data.Data["passwordHash"], data.PrincipalID); |
94 | return String.Empty; | 150 | // } |
95 | } | ||
96 | } | 151 | } |
152 | |||
153 | m_log.InfoFormat("[PASS AUTH]: Impersonation of {0} failed", principalID); | ||
154 | return String.Empty; | ||
97 | } | 155 | } |
98 | } | 156 | } |
99 | } \ No newline at end of file | 157 | } |
diff --git a/OpenSim/Services/AuthenticationService/Properties/AssemblyInfo.cs b/OpenSim/Services/AuthenticationService/Properties/AssemblyInfo.cs index f25accc..c946b04 100644 --- a/OpenSim/Services/AuthenticationService/Properties/AssemblyInfo.cs +++ b/OpenSim/Services/AuthenticationService/Properties/AssemblyInfo.cs | |||
@@ -2,7 +2,7 @@ | |||
2 | using System.Runtime.CompilerServices; | 2 | using System.Runtime.CompilerServices; |
3 | using System.Runtime.InteropServices; | 3 | using System.Runtime.InteropServices; |
4 | 4 | ||
5 | // General Information about an assembly is controlled through the following | 5 | // General Information about an assembly is controlled through the following |
6 | // set of attributes. Change these attribute values to modify the information | 6 | // set of attributes. Change these attribute values to modify the information |
7 | // associated with an assembly. | 7 | // associated with an assembly. |
8 | [assembly: AssemblyTitle("OpenSim.Services.AuthenticationService")] | 8 | [assembly: AssemblyTitle("OpenSim.Services.AuthenticationService")] |
@@ -14,8 +14,8 @@ using System.Runtime.InteropServices; | |||
14 | [assembly: AssemblyTrademark("")] | 14 | [assembly: AssemblyTrademark("")] |
15 | [assembly: AssemblyCulture("")] | 15 | [assembly: AssemblyCulture("")] |
16 | 16 | ||
17 | // Setting ComVisible to false makes the types in this assembly not visible | 17 | // Setting ComVisible to false makes the types in this assembly not visible |
18 | // to COM components. If you need to access a type in this assembly from | 18 | // to COM components. If you need to access a type in this assembly from |
19 | // COM, set the ComVisible attribute to true on that type. | 19 | // COM, set the ComVisible attribute to true on that type. |
20 | [assembly: ComVisible(false)] | 20 | [assembly: ComVisible(false)] |
21 | 21 | ||
@@ -25,9 +25,9 @@ using System.Runtime.InteropServices; | |||
25 | // Version information for an assembly consists of the following four values: | 25 | // Version information for an assembly consists of the following four values: |
26 | // | 26 | // |
27 | // Major Version | 27 | // Major Version |
28 | // Minor Version | 28 | // Minor Version |
29 | // Build Number | 29 | // Build Number |
30 | // Revision | 30 | // Revision |
31 | // | 31 | // |
32 | [assembly: AssemblyVersion("0.8.3.*")] | 32 | [assembly: AssemblyVersion(OpenSim.VersionInfo.AssemblyVersionNumber)] |
33 | 33 | ||
diff --git a/OpenSim/Services/AuthenticationService/WebkeyAuthenticationService.cs b/OpenSim/Services/AuthenticationService/WebkeyAuthenticationService.cs index 2344c0e..0bd5b1f 100644 --- a/OpenSim/Services/AuthenticationService/WebkeyAuthenticationService.cs +++ b/OpenSim/Services/AuthenticationService/WebkeyAuthenticationService.cs | |||
@@ -40,7 +40,7 @@ namespace OpenSim.Services.AuthenticationService | |||
40 | // Generic Authentication service used for identifying | 40 | // Generic Authentication service used for identifying |
41 | // and authenticating principals. | 41 | // and authenticating principals. |
42 | // Principals may be clients acting on users' behalf, | 42 | // Principals may be clients acting on users' behalf, |
43 | // or any other components that need | 43 | // or any other components that need |
44 | // verifiable identification. | 44 | // verifiable identification. |
45 | // | 45 | // |
46 | public class WebkeyAuthenticationService : | 46 | public class WebkeyAuthenticationService : |
@@ -50,11 +50,22 @@ namespace OpenSim.Services.AuthenticationService | |||
50 | LogManager.GetLogger( | 50 | LogManager.GetLogger( |
51 | MethodBase.GetCurrentMethod().DeclaringType); | 51 | MethodBase.GetCurrentMethod().DeclaringType); |
52 | 52 | ||
53 | public WebkeyAuthenticationService(IConfigSource config, IUserAccountService userService) : | ||
54 | base(config, userService) | ||
55 | { | ||
56 | } | ||
57 | |||
53 | public WebkeyAuthenticationService(IConfigSource config) : | 58 | public WebkeyAuthenticationService(IConfigSource config) : |
54 | base(config) | 59 | base(config) |
55 | { | 60 | { |
56 | } | 61 | } |
57 | 62 | ||
63 | public string Authenticate(UUID principalID, string password, int lifetime, out UUID realID) | ||
64 | { | ||
65 | realID = UUID.Zero; | ||
66 | return Authenticate(principalID, password, lifetime); | ||
67 | } | ||
68 | |||
58 | public string Authenticate(UUID principalID, string password, int lifetime) | 69 | public string Authenticate(UUID principalID, string password, int lifetime) |
59 | { | 70 | { |
60 | if (new UUID(password) == UUID.Zero) | 71 | if (new UUID(password) == UUID.Zero) |
@@ -68,7 +79,7 @@ namespace OpenSim.Services.AuthenticationService | |||
68 | { | 79 | { |
69 | if (data.Data.ContainsKey("webLoginKey")) | 80 | if (data.Data.ContainsKey("webLoginKey")) |
70 | { | 81 | { |
71 | string key = data.Data["webLoginKey"].ToString(); | 82 | string key = data.Data["webLoginKey"].ToString(); |
72 | if (key == password) | 83 | if (key == password) |
73 | { | 84 | { |
74 | data.Data["webLoginKey"] = UUID.Zero.ToString(); | 85 | data.Data["webLoginKey"] = UUID.Zero.ToString(); |
diff --git a/OpenSim/Services/AuthenticationService/WebkeyOrPasswordAuthenticationService.cs b/OpenSim/Services/AuthenticationService/WebkeyOrPasswordAuthenticationService.cs index 2c6cebd..4203c7b 100644 --- a/OpenSim/Services/AuthenticationService/WebkeyOrPasswordAuthenticationService.cs +++ b/OpenSim/Services/AuthenticationService/WebkeyOrPasswordAuthenticationService.cs | |||
@@ -43,9 +43,9 @@ namespace OpenSim.Services.AuthenticationService | |||
43 | { | 43 | { |
44 | private static readonly ILog m_log = LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType); | 44 | private static readonly ILog m_log = LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType); |
45 | 45 | ||
46 | private Dictionary<string, IAuthenticationService> m_svcChecks | 46 | private Dictionary<string, IAuthenticationService> m_svcChecks |
47 | = new Dictionary<string, IAuthenticationService>(); | 47 | = new Dictionary<string, IAuthenticationService>(); |
48 | 48 | ||
49 | public WebkeyOrPasswordAuthenticationService(IConfigSource config) | 49 | public WebkeyOrPasswordAuthenticationService(IConfigSource config) |
50 | : base(config) | 50 | : base(config) |
51 | { | 51 | { |
@@ -55,14 +55,22 @@ namespace OpenSim.Services.AuthenticationService | |||
55 | 55 | ||
56 | public string Authenticate(UUID principalID, string password, int lifetime) | 56 | public string Authenticate(UUID principalID, string password, int lifetime) |
57 | { | 57 | { |
58 | UUID realID; | ||
59 | |||
60 | return Authenticate(principalID, password, lifetime, out realID); | ||
61 | } | ||
62 | |||
63 | public string Authenticate(UUID principalID, string password, int lifetime, out UUID realID) | ||
64 | { | ||
58 | AuthenticationData data = m_Database.Get(principalID); | 65 | AuthenticationData data = m_Database.Get(principalID); |
59 | string result = String.Empty; | 66 | string result = String.Empty; |
67 | realID = UUID.Zero; | ||
60 | if (data != null && data.Data != null) | 68 | if (data != null && data.Data != null) |
61 | { | 69 | { |
62 | if (data.Data.ContainsKey("webLoginKey")) | 70 | if (data.Data.ContainsKey("webLoginKey")) |
63 | { | 71 | { |
64 | m_log.DebugFormat("[AUTH SERVICE]: Attempting web key authentication for PrincipalID {0}", principalID); | 72 | m_log.DebugFormat("[AUTH SERVICE]: Attempting web key authentication for PrincipalID {0}", principalID); |
65 | result = m_svcChecks["web_login_key"].Authenticate(principalID, password, lifetime); | 73 | result = m_svcChecks["web_login_key"].Authenticate(principalID, password, lifetime, out realID); |
66 | if (result == String.Empty) | 74 | if (result == String.Empty) |
67 | { | 75 | { |
68 | m_log.DebugFormat("[AUTH SERVICE]: Web Login failed for PrincipalID {0}", principalID); | 76 | m_log.DebugFormat("[AUTH SERVICE]: Web Login failed for PrincipalID {0}", principalID); |
@@ -71,12 +79,15 @@ namespace OpenSim.Services.AuthenticationService | |||
71 | if (result == string.Empty && data.Data.ContainsKey("passwordHash") && data.Data.ContainsKey("passwordSalt")) | 79 | if (result == string.Empty && data.Data.ContainsKey("passwordHash") && data.Data.ContainsKey("passwordSalt")) |
72 | { | 80 | { |
73 | m_log.DebugFormat("[AUTH SERVICE]: Attempting password authentication for PrincipalID {0}", principalID); | 81 | m_log.DebugFormat("[AUTH SERVICE]: Attempting password authentication for PrincipalID {0}", principalID); |
74 | result = m_svcChecks["password"].Authenticate(principalID, password, lifetime); | 82 | result = m_svcChecks["password"].Authenticate(principalID, password, lifetime, out realID); |
75 | if (result == String.Empty) | 83 | if (result == String.Empty) |
76 | { | 84 | { |
77 | m_log.DebugFormat("[AUTH SERVICE]: Password login failed for PrincipalID {0}", principalID); | 85 | m_log.DebugFormat("[AUTH SERVICE]: Password login failed for PrincipalID {0}", principalID); |
78 | } | 86 | } |
79 | } | 87 | } |
88 | |||
89 | |||
90 | |||
80 | if (result == string.Empty) | 91 | if (result == string.Empty) |
81 | { | 92 | { |
82 | m_log.DebugFormat("[AUTH SERVICE]: Both password and webLoginKey-based authentication failed for PrincipalID {0}", principalID); | 93 | m_log.DebugFormat("[AUTH SERVICE]: Both password and webLoginKey-based authentication failed for PrincipalID {0}", principalID); |
@@ -86,7 +97,9 @@ namespace OpenSim.Services.AuthenticationService | |||
86 | { | 97 | { |
87 | m_log.DebugFormat("[AUTH SERVICE]: PrincipalID {0} or its data not found", principalID); | 98 | m_log.DebugFormat("[AUTH SERVICE]: PrincipalID {0} or its data not found", principalID); |
88 | } | 99 | } |
100 | |||
101 | |||
89 | return result; | 102 | return result; |
90 | } | 103 | } |
91 | } | 104 | } |
92 | } \ No newline at end of file | 105 | } |