diff options
11 files changed, 498 insertions, 25 deletions
diff --git a/OpenSim/Framework/Communications/Services/HGLoginAuthService.cs b/OpenSim/Framework/Communications/Services/HGLoginAuthService.cs index 8e0205c..f496082 100644 --- a/OpenSim/Framework/Communications/Services/HGLoginAuthService.cs +++ b/OpenSim/Framework/Communications/Services/HGLoginAuthService.cs | |||
@@ -128,6 +128,8 @@ namespace OpenSim.Framework.Communications.Services | |||
128 | userProfile.WebLoginKey = token; | 128 | userProfile.WebLoginKey = token; |
129 | m_userManager.CommitAgent(ref userProfile); | 129 | m_userManager.CommitAgent(ref userProfile); |
130 | } | 130 | } |
131 | m_log.Warn("[HGLOGIN]: Auth token: " + token); | ||
132 | |||
131 | 133 | ||
132 | return response; | 134 | return response; |
133 | } | 135 | } |
diff --git a/OpenSim/Region/CoreModules/Hypergrid/HGStandaloneLoginModule.cs b/OpenSim/Region/CoreModules/Hypergrid/HGStandaloneLoginModule.cs index a5101d0..48895d4 100644 --- a/OpenSim/Region/CoreModules/Hypergrid/HGStandaloneLoginModule.cs +++ b/OpenSim/Region/CoreModules/Hypergrid/HGStandaloneLoginModule.cs | |||
@@ -114,8 +114,6 @@ namespace OpenSim.Region.CoreModules.Hypergrid | |||
114 | this); | 114 | this); |
115 | 115 | ||
116 | httpServer.AddXmlRPCHandler("hg_login", m_loginService.XmlRpcLoginMethod); | 116 | httpServer.AddXmlRPCHandler("hg_login", m_loginService.XmlRpcLoginMethod); |
117 | httpServer.AddXmlRPCHandler("hg_new_auth_key", m_loginService.XmlRpcGenerateKeyMethod); | ||
118 | httpServer.AddXmlRPCHandler("hg_verify_auth_key", m_loginService.XmlRpcVerifyKeyMethod); | ||
119 | httpServer.AddXmlRPCHandler("check_auth_session", m_loginService.XmlRPCCheckAuthSession, false); | 117 | httpServer.AddXmlRPCHandler("check_auth_session", m_loginService.XmlRPCCheckAuthSession, false); |
120 | 118 | ||
121 | } | 119 | } |
diff --git a/OpenSim/Region/CoreModules/Resources/CoreModulePlugin.addin.xml b/OpenSim/Region/CoreModules/Resources/CoreModulePlugin.addin.xml index 7d0d327..f910550 100644 --- a/OpenSim/Region/CoreModules/Resources/CoreModulePlugin.addin.xml +++ b/OpenSim/Region/CoreModules/Resources/CoreModulePlugin.addin.xml | |||
@@ -34,7 +34,8 @@ | |||
34 | <RegionModule id="AssetServiceInConnectorModule" type="OpenSim.Region.CoreModules.ServiceConnectorsIn.Asset.AssetServiceInConnectorModule" /> | 34 | <RegionModule id="AssetServiceInConnectorModule" type="OpenSim.Region.CoreModules.ServiceConnectorsIn.Asset.AssetServiceInConnectorModule" /> |
35 | <RegionModule id="InventoryServiceInConnectorModule" type="OpenSim.Region.CoreModules.ServiceConnectorsIn.Inventory.InventoryServiceInConnectorModule" /> | 35 | <RegionModule id="InventoryServiceInConnectorModule" type="OpenSim.Region.CoreModules.ServiceConnectorsIn.Inventory.InventoryServiceInConnectorModule" /> |
36 | <RegionModule id="LandServiceInConnectorModule" type="OpenSim.Region.CoreModules.ServiceConnectorsIn.Land.LandServiceInConnectorModule" /> | 36 | <RegionModule id="LandServiceInConnectorModule" type="OpenSim.Region.CoreModules.ServiceConnectorsIn.Land.LandServiceInConnectorModule" /> |
37 | <RegionModule id="NeighbourServiceInConnectorModule" type="OpenSim.Region.CoreModules.ServiceConnectorsIn.Neighbour.NeighbourServiceInConnectorModule" /> \ | 37 | <RegionModule id="NeighbourServiceInConnectorModule" type="OpenSim.Region.CoreModules.ServiceConnectorsIn.Neighbour.NeighbourServiceInConnectorModule" /> \ |
38 | <RegionModule id="HGAuthServiceInConnectorModule" type="OpenSim.Region.CoreModules.ServiceConnectorsIn.Authentication.HGAuthServiceInConnectorModule" /> \ | ||
38 | 39 | ||
39 | </Extension> | 40 | </Extension> |
40 | 41 | ||
diff --git a/OpenSim/Region/CoreModules/ServiceConnectorsIn/Authentication/HGAuthServiceInConnectorModule.cs b/OpenSim/Region/CoreModules/ServiceConnectorsIn/Authentication/HGAuthServiceInConnectorModule.cs new file mode 100644 index 0000000..e1517a0 --- /dev/null +++ b/OpenSim/Region/CoreModules/ServiceConnectorsIn/Authentication/HGAuthServiceInConnectorModule.cs | |||
@@ -0,0 +1,117 @@ | |||
1 | /* | ||
2 | * Copyright (c) Contributors, http://opensimulator.org/ | ||
3 | * See CONTRIBUTORS.TXT for a full list of copyright holders. | ||
4 | * | ||
5 | * Redistribution and use in source and binary forms, with or without | ||
6 | * modification, are permitted provided that the following conditions are met: | ||
7 | * * Redistributions of source code must retain the above copyright | ||
8 | * notice, this list of conditions and the following disclaimer. | ||
9 | * * Redistributions in binary form must reproduce the above copyright | ||
10 | * notice, this list of conditions and the following disclaimer in the | ||
11 | * documentation and/or other materials provided with the distribution. | ||
12 | * * Neither the name of the OpenSimulator Project nor the | ||
13 | * names of its contributors may be used to endorse or promote products | ||
14 | * derived from this software without specific prior written permission. | ||
15 | * | ||
16 | * THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY | ||
17 | * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED | ||
18 | * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE | ||
19 | * DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY | ||
20 | * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES | ||
21 | * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
22 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND | ||
23 | * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | ||
24 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS | ||
25 | * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | ||
26 | */ | ||
27 | |||
28 | using System; | ||
29 | using System.Reflection; | ||
30 | using System.Collections.Generic; | ||
31 | using log4net; | ||
32 | using Nini.Config; | ||
33 | using OpenSim.Framework; | ||
34 | using OpenSim.Framework.Servers.HttpServer; | ||
35 | using OpenSim.Region.Framework.Scenes; | ||
36 | using OpenSim.Region.Framework.Interfaces; | ||
37 | using OpenSim.Server.Base; | ||
38 | using OpenSim.Services.Interfaces; | ||
39 | using OpenSim.Server.Handlers.Authentication; | ||
40 | |||
41 | |||
42 | namespace OpenSim.Region.CoreModules.ServiceConnectorsIn.Authentication | ||
43 | { | ||
44 | public class HGAuthServiceInConnectorModule : ISharedRegionModule | ||
45 | { | ||
46 | private static readonly ILog m_log = LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType); | ||
47 | private static bool m_Enabled = false; | ||
48 | private static bool m_Registered = false; | ||
49 | |||
50 | private IConfigSource m_Config; | ||
51 | |||
52 | #region IRegionModule interface | ||
53 | |||
54 | public void Initialise(IConfigSource config) | ||
55 | { | ||
56 | m_Config = config; | ||
57 | |||
58 | IConfig moduleConfig = config.Configs["Modules"]; | ||
59 | if (moduleConfig != null) | ||
60 | { | ||
61 | // Boolean because there may be many of these in peaceful coexistence | ||
62 | m_Enabled = moduleConfig.GetBoolean("HGAuthServiceInConnector", false); | ||
63 | if (m_Enabled) | ||
64 | { | ||
65 | m_log.Info("[HGAUTH IN CONNECTOR]: HGAuthServiceInConnector enabled"); | ||
66 | } | ||
67 | |||
68 | } | ||
69 | |||
70 | } | ||
71 | |||
72 | public void PostInitialise() | ||
73 | { | ||
74 | if (!m_Enabled) | ||
75 | return; | ||
76 | |||
77 | m_log.Info("[HGAUTH IN CONNECTOR]: Starting..."); | ||
78 | } | ||
79 | |||
80 | public void Close() | ||
81 | { | ||
82 | } | ||
83 | |||
84 | public string Name | ||
85 | { | ||
86 | get { return "HGAuthServiceInConnectorModule"; } | ||
87 | } | ||
88 | |||
89 | public void AddRegion(Scene scene) | ||
90 | { | ||
91 | if (!m_Enabled) | ||
92 | return; | ||
93 | |||
94 | if (!m_Registered) | ||
95 | { | ||
96 | m_Registered = true; | ||
97 | new HGAuthServiceInConnector(m_Config, scene.CommsManager.HttpServer); | ||
98 | |||
99 | //Object[] args = new Object[] { m_Config, scene.CommsManager.HttpServer }; | ||
100 | //ServerUtils.LoadPlugin<IAuthenticationService>("OpenSim.Server.Handlers.dll:HGAuthServiceInConnector", args); | ||
101 | } | ||
102 | |||
103 | |||
104 | } | ||
105 | |||
106 | public void RemoveRegion(Scene scene) | ||
107 | { | ||
108 | } | ||
109 | |||
110 | public void RegionLoaded(Scene scene) | ||
111 | { | ||
112 | } | ||
113 | |||
114 | #endregion | ||
115 | |||
116 | } | ||
117 | } | ||
diff --git a/OpenSim/Server/Handlers/Authentication/HGAuthServerConnector.cs b/OpenSim/Server/Handlers/Authentication/HGAuthServerConnector.cs new file mode 100644 index 0000000..2b4c380 --- /dev/null +++ b/OpenSim/Server/Handlers/Authentication/HGAuthServerConnector.cs | |||
@@ -0,0 +1,62 @@ | |||
1 | /* | ||
2 | * Copyright (c) Contributors, http://opensimulator.org/ | ||
3 | * See CONTRIBUTORS.TXT for a full list of copyright holders. | ||
4 | * | ||
5 | * Redistribution and use in source and binary forms, with or without | ||
6 | * modification, are permitted provided that the following conditions are met: | ||
7 | * * Redistributions of source code must retain the above copyright | ||
8 | * notice, this list of conditions and the following disclaimer. | ||
9 | * * Redistributions in binary form must reproduce the above copyright | ||
10 | * notice, this list of conditions and the following disclaimer in the | ||
11 | * documentation and/or other materials provided with the distribution. | ||
12 | * * Neither the name of the OpenSimulator Project nor the | ||
13 | * names of its contributors may be used to endorse or promote products | ||
14 | * derived from this software without specific prior written permission. | ||
15 | * | ||
16 | * THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY | ||
17 | * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED | ||
18 | * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE | ||
19 | * DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY | ||
20 | * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES | ||
21 | * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
22 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND | ||
23 | * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | ||
24 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS | ||
25 | * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | ||
26 | */ | ||
27 | |||
28 | using System; | ||
29 | using Nini.Config; | ||
30 | using OpenSim.Server.Base; | ||
31 | using OpenSim.Services.Interfaces; | ||
32 | using OpenSim.Framework.Servers.HttpServer; | ||
33 | using OpenSim.Server.Handlers.Base; | ||
34 | |||
35 | namespace OpenSim.Server.Handlers.Authentication | ||
36 | { | ||
37 | public class HGAuthServiceInConnector : ServiceConnector | ||
38 | { | ||
39 | private IAuthenticationService m_AuthenticationService; | ||
40 | |||
41 | public HGAuthServiceInConnector(IConfigSource config, IHttpServer server) : | ||
42 | base(config, server) | ||
43 | { | ||
44 | IConfig serverConfig = config.Configs["AuthenticationService"]; | ||
45 | if (serverConfig == null) | ||
46 | throw new Exception("No section 'AuthenticationService' in config file"); | ||
47 | |||
48 | string authenticationService = serverConfig.GetString("LocalServiceModule", | ||
49 | String.Empty); | ||
50 | |||
51 | if (authenticationService == String.Empty) | ||
52 | throw new Exception("No AuthenticationService in config file"); | ||
53 | |||
54 | Object[] args = new Object[] { config }; | ||
55 | m_AuthenticationService = ServerUtils.LoadPlugin<IAuthenticationService>(authenticationService, args); | ||
56 | |||
57 | HGAuthenticationHandlers m_handlers = new HGAuthenticationHandlers(m_AuthenticationService); | ||
58 | server.AddXmlRPCHandler("hg_new_auth_key", m_handlers.GenerateKeyMethod); | ||
59 | server.AddXmlRPCHandler("hg_verify_auth_key", m_handlers.VerifyKeyMethod); | ||
60 | } | ||
61 | } | ||
62 | } | ||
diff --git a/OpenSim/Server/Handlers/Authentication/HGAuthenticationHandlers.cs b/OpenSim/Server/Handlers/Authentication/HGAuthenticationHandlers.cs new file mode 100644 index 0000000..1bcbaf5 --- /dev/null +++ b/OpenSim/Server/Handlers/Authentication/HGAuthenticationHandlers.cs | |||
@@ -0,0 +1,117 @@ | |||
1 | /* | ||
2 | * Copyright (c) Contributors, http://opensimulator.org/ | ||
3 | * See CONTRIBUTORS.TXT for a full list of copyright holders. | ||
4 | * | ||
5 | * Redistribution and use in source and binary forms, with or without | ||
6 | * modification, are permitted provided that the following conditions are met: | ||
7 | * * Redistributions of source code must retain the above copyright | ||
8 | * notice, this list of conditions and the following disclaimer. | ||
9 | * * Redistributions in binary form must reproduce the above copyright | ||
10 | * notice, this list of conditions and the following disclaimer in the | ||
11 | * documentation and/or other materials provided with the distribution. | ||
12 | * * Neither the name of the OpenSimulator Project nor the | ||
13 | * names of its contributors may be used to endorse or promote products | ||
14 | * derived from this software without specific prior written permission. | ||
15 | * | ||
16 | * THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY | ||
17 | * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED | ||
18 | * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE | ||
19 | * DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY | ||
20 | * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES | ||
21 | * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
22 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND | ||
23 | * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | ||
24 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS | ||
25 | * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | ||
26 | */ | ||
27 | |||
28 | using System; | ||
29 | using System.Collections; | ||
30 | using System.IO; | ||
31 | using System.Reflection; | ||
32 | using System.Net; | ||
33 | using System.Text; | ||
34 | |||
35 | using OpenSim.Server.Base; | ||
36 | using OpenSim.Server.Handlers.Base; | ||
37 | using OpenSim.Services.Interfaces; | ||
38 | using OpenSim.Framework; | ||
39 | using OpenSim.Framework.Servers.HttpServer; | ||
40 | |||
41 | using OpenMetaverse; | ||
42 | using OpenMetaverse.StructuredData; | ||
43 | using Nwc.XmlRpc; | ||
44 | using Nini.Config; | ||
45 | using log4net; | ||
46 | |||
47 | namespace OpenSim.Server.Handlers.Authentication | ||
48 | { | ||
49 | public class HGAuthenticationHandlers | ||
50 | { | ||
51 | private static readonly ILog m_log = LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType); | ||
52 | |||
53 | private IAuthenticationService m_LocalService; | ||
54 | |||
55 | public HGAuthenticationHandlers(IAuthenticationService service) | ||
56 | { | ||
57 | m_LocalService = service; | ||
58 | } | ||
59 | |||
60 | |||
61 | public XmlRpcResponse GenerateKeyMethod(XmlRpcRequest request, IPEndPoint remoteClient) | ||
62 | { | ||
63 | XmlRpcResponse response = new XmlRpcResponse(); | ||
64 | |||
65 | if (request.Params.Count < 2) | ||
66 | { | ||
67 | response.IsFault = true; | ||
68 | response.SetFault(-1, "Invalid parameters"); | ||
69 | return response; | ||
70 | } | ||
71 | |||
72 | // Verify the key of who's calling | ||
73 | UUID userID = UUID.Zero; | ||
74 | string authKey = string.Empty; | ||
75 | UUID.TryParse((string)request.Params[0], out userID); | ||
76 | authKey = (string)request.Params[1]; | ||
77 | |||
78 | m_log.InfoFormat("[AUTH HANDLER] GenerateKey called with authToken {0}", authKey); | ||
79 | string newKey = string.Empty; | ||
80 | |||
81 | newKey = m_LocalService.GetKey(userID, authKey.ToString()); | ||
82 | |||
83 | response.Value = (string)newKey; | ||
84 | return response; | ||
85 | } | ||
86 | |||
87 | public XmlRpcResponse VerifyKeyMethod(XmlRpcRequest request, IPEndPoint remoteClient) | ||
88 | { | ||
89 | bool success = false; | ||
90 | XmlRpcResponse response = new XmlRpcResponse(); | ||
91 | |||
92 | if (request.Params.Count != 2) | ||
93 | { | ||
94 | response.IsFault = true; | ||
95 | response.SetFault(-1, "Invalid parameters"); | ||
96 | return response; | ||
97 | } | ||
98 | |||
99 | // Verify the key of who's calling | ||
100 | UUID userID = UUID.Zero; | ||
101 | string authKey = string.Empty; | ||
102 | if (UUID.TryParse((string)request.Params[0], out userID)) | ||
103 | { | ||
104 | authKey = (string)request.Params[1]; | ||
105 | |||
106 | m_log.InfoFormat("[AUTH HANDLER] VerifyKey called with key {0}", authKey); | ||
107 | |||
108 | success = m_LocalService.VerifyKey(userID, authKey); | ||
109 | } | ||
110 | |||
111 | m_log.DebugFormat("[AUTH HANDLER]: Response to VerifyKey is {0}", success); | ||
112 | response.Value = success; | ||
113 | return response; | ||
114 | } | ||
115 | |||
116 | } | ||
117 | } | ||
diff --git a/OpenSim/Server/Handlers/Neighbour/NeighbourHandlers.cs b/OpenSim/Server/Handlers/Neighbour/NeighbourHandlers.cs index 83fa995..3de2245 100644 --- a/OpenSim/Server/Handlers/Neighbour/NeighbourHandlers.cs +++ b/OpenSim/Server/Handlers/Neighbour/NeighbourHandlers.cs | |||
@@ -110,7 +110,7 @@ namespace OpenSim.Server.Handlers.Neighbour | |||
110 | httpResponse.StatusCode = (int)HttpStatusCode.Unauthorized; | 110 | httpResponse.StatusCode = (int)HttpStatusCode.Unauthorized; |
111 | return result; | 111 | return result; |
112 | } | 112 | } |
113 | if (!m_AuthenticationService.VerifyUserKey(regionID, authToken)) | 113 | if (!m_AuthenticationService.VerifyKey(regionID, authToken)) |
114 | { | 114 | { |
115 | m_log.InfoFormat("[RegionPostHandler]: Authentication failed for neighbour message {0}", path); | 115 | m_log.InfoFormat("[RegionPostHandler]: Authentication failed for neighbour message {0}", path); |
116 | httpResponse.StatusCode = (int)HttpStatusCode.Forbidden; | 116 | httpResponse.StatusCode = (int)HttpStatusCode.Forbidden; |
diff --git a/OpenSim/Server/Handlers/Simulation/AgentHandlers.cs b/OpenSim/Server/Handlers/Simulation/AgentHandlers.cs index 8e4d7d0..6c0b705 100644 --- a/OpenSim/Server/Handlers/Simulation/AgentHandlers.cs +++ b/OpenSim/Server/Handlers/Simulation/AgentHandlers.cs | |||
@@ -109,7 +109,7 @@ namespace OpenSim.Server.Handlers.Simulation | |||
109 | httpResponse.StatusCode = (int)HttpStatusCode.Unauthorized; | 109 | httpResponse.StatusCode = (int)HttpStatusCode.Unauthorized; |
110 | return result; | 110 | return result; |
111 | } | 111 | } |
112 | if (!m_AuthenticationService.VerifyUserKey(agentID, authToken)) | 112 | if (!m_AuthenticationService.VerifyKey(agentID, authToken)) |
113 | { | 113 | { |
114 | m_log.InfoFormat("[AgentPostHandler]: Authentication failed for agent message {0}", path); | 114 | m_log.InfoFormat("[AgentPostHandler]: Authentication failed for agent message {0}", path); |
115 | httpResponse.StatusCode = (int)HttpStatusCode.Forbidden; | 115 | httpResponse.StatusCode = (int)HttpStatusCode.Forbidden; |
diff --git a/OpenSim/Services/AuthenticationService/AuthenticationService.cs b/OpenSim/Services/AuthenticationService/AuthenticationService.cs index 3eaa03d..6eaf0b0 100644 --- a/OpenSim/Services/AuthenticationService/AuthenticationService.cs +++ b/OpenSim/Services/AuthenticationService/AuthenticationService.cs | |||
@@ -26,6 +26,7 @@ | |||
26 | */ | 26 | */ |
27 | 27 | ||
28 | using System; | 28 | using System; |
29 | using System.Collections.Generic; | ||
29 | using System.Reflection; | 30 | using System.Reflection; |
30 | using Nini.Config; | 31 | using Nini.Config; |
31 | using log4net; | 32 | using log4net; |
@@ -37,34 +38,196 @@ using OpenMetaverse; | |||
37 | 38 | ||
38 | namespace OpenSim.Services.AuthenticationService | 39 | namespace OpenSim.Services.AuthenticationService |
39 | { | 40 | { |
40 | public class AuthenticationService : ServiceBase, IAuthenticationService | 41 | /// <summary> |
42 | /// Simple authentication service implementation dealing only with users. | ||
43 | /// It uses the user DB directly to access user information. | ||
44 | /// It takes two config vars: | ||
45 | /// - Authenticate = {true|false} : to do or not to do authentication | ||
46 | /// - Authority = string like "osgrid.org" : this identity authority | ||
47 | /// that will be called back for identity verification | ||
48 | /// </summary> | ||
49 | public class HGAuthenticationService : ServiceBase, IAuthenticationService | ||
41 | { | 50 | { |
42 | public AuthenticationService(IConfigSource config) : base(config) | 51 | private static readonly ILog m_log |
52 | = LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType); | ||
53 | |||
54 | protected IUserDataPlugin m_Database; | ||
55 | protected string m_AuthorityURL; | ||
56 | protected bool m_PerformAuthentication; | ||
57 | protected Dictionary<UUID, List<string>> m_UserKeys = new Dictionary<UUID, List<string>>(); | ||
58 | |||
59 | |||
60 | public HGAuthenticationService(IConfigSource config) : base(config) | ||
43 | { | 61 | { |
62 | string dllName = String.Empty; | ||
63 | string connString = String.Empty; | ||
64 | |||
65 | // | ||
66 | // Try reading the [DatabaseService] section first, if it exists | ||
67 | // | ||
68 | IConfig dbConfig = config.Configs["DatabaseService"]; | ||
69 | if (dbConfig != null) | ||
70 | { | ||
71 | dllName = dbConfig.GetString("StorageProvider", String.Empty); | ||
72 | connString = dbConfig.GetString("ConnectionString", String.Empty); | ||
73 | } | ||
74 | |||
75 | // | ||
76 | // Try reading the more specific [InventoryService] section, if it exists | ||
77 | // | ||
78 | IConfig authConfig = config.Configs["AuthenticationService"]; | ||
79 | if (authConfig != null) | ||
80 | { | ||
81 | dllName = authConfig.GetString("StorageProvider", dllName); | ||
82 | connString = authConfig.GetString("ConnectionString", connString); | ||
83 | |||
84 | m_PerformAuthentication = authConfig.GetBoolean("Authenticate", true); | ||
85 | m_AuthorityURL = "http://" + authConfig.GetString("Authority", "localhost"); | ||
86 | } | ||
87 | |||
88 | // | ||
89 | // We tried, but this doesn't exist. We can't proceed. | ||
90 | // | ||
91 | if (dllName.Equals(String.Empty)) | ||
92 | throw new Exception("No InventoryService configuration"); | ||
93 | |||
94 | m_Database = LoadPlugin<IUserDataPlugin>(dllName); | ||
95 | if (m_Database == null) | ||
96 | throw new Exception("Could not find a storage interface in the given module"); | ||
97 | |||
98 | m_Database.Initialise(connString); | ||
99 | } | ||
100 | |||
101 | /// <summary> | ||
102 | /// This implementation only authenticates users. | ||
103 | /// </summary> | ||
104 | /// <param name="principalID"></param> | ||
105 | /// <param name="password"></param> | ||
106 | /// <returns></returns> | ||
107 | public bool Authenticate(UUID principalID, string password) | ||
108 | { | ||
109 | if (!m_PerformAuthentication) | ||
110 | return true; | ||
111 | |||
112 | UserProfileData profile = m_Database.GetUserByUUID(principalID); | ||
113 | bool passwordSuccess = false; | ||
114 | m_log.InfoFormat("[AUTH]: Authenticating {0} {1} ({2})", profile.FirstName, profile.SurName, profile.ID); | ||
115 | |||
116 | // we do this to get our hash in a form that the server password code can consume | ||
117 | // when the web-login-form submits the password in the clear (supposed to be over SSL!) | ||
118 | if (!password.StartsWith("$1$")) | ||
119 | password = "$1$" + Util.Md5Hash(password); | ||
120 | |||
121 | password = password.Remove(0, 3); //remove $1$ | ||
122 | |||
123 | string s = Util.Md5Hash(password + ":" + profile.PasswordSalt); | ||
124 | // Testing... | ||
125 | //m_log.Info("[LOGIN]: SubHash:" + s + " userprofile:" + profile.passwordHash); | ||
126 | //m_log.Info("[LOGIN]: userprofile:" + profile.passwordHash + " SubCT:" + password); | ||
127 | |||
128 | passwordSuccess = (profile.PasswordHash.Equals(s.ToString(), StringComparison.InvariantCultureIgnoreCase) | ||
129 | || profile.PasswordHash.Equals(password, StringComparison.InvariantCultureIgnoreCase)); | ||
130 | |||
131 | return passwordSuccess; | ||
44 | } | 132 | } |
45 | 133 | ||
46 | public UUID AllocateUserSession(UUID userID) | 134 | /// <summary> |
135 | /// This generates authorization keys in the form | ||
136 | /// http://authority/uuid | ||
137 | /// after verifying that the caller is, indeed, authorized to request a key | ||
138 | /// </summary> | ||
139 | /// <param name="userID">The principal ID requesting the new key</param> | ||
140 | /// <param name="authToken">The original authorization token for that principal, obtained during login</param> | ||
141 | /// <returns></returns> | ||
142 | public string GetKey(UUID principalID, string authToken) | ||
47 | { | 143 | { |
48 | return UUID.Zero; | 144 | UserProfileData profile = m_Database.GetUserByUUID(principalID); |
145 | string newKey = string.Empty; | ||
146 | |||
147 | if (profile != null) | ||
148 | { | ||
149 | m_log.DebugFormat("[AUTH]: stored auth token is {0}. Given token is {1}", profile.WebLoginKey.ToString(), authToken); | ||
150 | // I'm overloading webloginkey for this, so that no changes are needed in the DB | ||
151 | // The uses of webloginkey are fairly mutually exclusive | ||
152 | if (profile.WebLoginKey.ToString().Equals(authToken)) | ||
153 | { | ||
154 | newKey = UUID.Random().ToString(); | ||
155 | List<string> keys; | ||
156 | lock (m_UserKeys) | ||
157 | { | ||
158 | if (m_UserKeys.ContainsKey(principalID)) | ||
159 | { | ||
160 | keys = m_UserKeys[principalID]; | ||
161 | } | ||
162 | else | ||
163 | { | ||
164 | keys = new List<string>(); | ||
165 | m_UserKeys.Add(principalID, keys); | ||
166 | } | ||
167 | keys.Add(newKey); | ||
168 | } | ||
169 | m_log.InfoFormat("[AUTH]: Successfully generated new auth key for {0}", principalID); | ||
170 | } | ||
171 | else | ||
172 | m_log.Warn("[AUTH]: Unauthorized key generation request. Denying new key."); | ||
173 | } | ||
174 | else | ||
175 | m_log.Warn("[AUTH]: Principal not found."); | ||
176 | |||
177 | return m_AuthorityURL + newKey; | ||
49 | } | 178 | } |
50 | 179 | ||
51 | public string GetUserKey(UUID userID, string authToken) | 180 | /// <summary> |
181 | /// This verifies the uuid portion of the key given out by GenerateKey | ||
182 | /// </summary> | ||
183 | /// <param name="userID"></param> | ||
184 | /// <param name="key"></param> | ||
185 | /// <returns></returns> | ||
186 | public bool VerifyKey(UUID userID, string key) | ||
52 | { | 187 | { |
53 | return String.Empty; | 188 | lock (m_UserKeys) |
189 | { | ||
190 | if (m_UserKeys.ContainsKey(userID)) | ||
191 | { | ||
192 | List<string> keys = m_UserKeys[userID]; | ||
193 | if (keys.Contains(key)) | ||
194 | { | ||
195 | // Keys are one-time only, so remove it | ||
196 | keys.Remove(key); | ||
197 | return true; | ||
198 | } | ||
199 | return false; | ||
200 | } | ||
201 | else | ||
202 | return false; | ||
203 | } | ||
54 | } | 204 | } |
55 | 205 | ||
56 | public bool VerifyUserKey(UUID userID, string key) | 206 | public UUID AllocateUserSession(UUID userID) |
57 | { | 207 | { |
58 | return false; | 208 | // Not implemented yet |
209 | return UUID.Zero; | ||
59 | } | 210 | } |
60 | 211 | ||
61 | public bool VerifyUserSession(UUID userID, UUID session) | 212 | public bool VerifyUserSession(UUID userID, UUID sessionID) |
62 | { | 213 | { |
214 | UserProfileData userProfile = m_Database.GetUserByUUID(userID); | ||
215 | |||
216 | if (userProfile != null && userProfile.CurrentAgent != null) | ||
217 | { | ||
218 | m_log.DebugFormat("[AUTH]: Verifying session {0} for {1}; current session {2}", sessionID, userID, userProfile.CurrentAgent.SessionID); | ||
219 | if (userProfile.CurrentAgent.SessionID == sessionID) | ||
220 | { | ||
221 | return true; | ||
222 | } | ||
223 | } | ||
224 | |||
63 | return false; | 225 | return false; |
64 | } | 226 | } |
65 | 227 | ||
66 | public void DestroyUserSession(UUID userID) | 228 | public void DestroyUserSession(UUID userID) |
67 | { | 229 | { |
230 | // Not implemented yet | ||
68 | } | 231 | } |
69 | } | 232 | } |
70 | } | 233 | } |
diff --git a/OpenSim/Services/Interfaces/IAuthenticationService.cs b/OpenSim/Services/Interfaces/IAuthenticationService.cs index 35831c1..fa45cbc 100644 --- a/OpenSim/Services/Interfaces/IAuthenticationService.cs +++ b/OpenSim/Services/Interfaces/IAuthenticationService.cs | |||
@@ -30,31 +30,39 @@ using OpenMetaverse; | |||
30 | 30 | ||
31 | namespace OpenSim.Services.Interfaces | 31 | namespace OpenSim.Services.Interfaces |
32 | { | 32 | { |
33 | // Generic Authentication service used for identifying | ||
34 | // and authenticating principals. | ||
35 | // Principals may be clients acting on users' behalf, | ||
36 | // or any other components that need | ||
37 | // verifiable identification. | ||
38 | // | ||
33 | public interface IAuthenticationService | 39 | public interface IAuthenticationService |
34 | { | 40 | { |
35 | // Create a new user session. If one exists, it is cleared | 41 | // Check the pricipal's password |
36 | // | 42 | // |
37 | UUID AllocateUserSession(UUID userID); | 43 | bool Authenticate(UUID principalID, string password); |
38 | 44 | ||
39 | // Get a user key from an authentication token. This must be | 45 | // Get a service key given that principal's |
40 | // done before the session allocated above is considered valid. | 46 | // authentication token (master key). |
41 | // Repeated calls to this method with the same auth token will | ||
42 | // create different keys and invalidate the previous ne. | ||
43 | // | 47 | // |
44 | string GetUserKey(UUID userID, string authToken); | 48 | string GetKey(UUID principalID, string authToken); |
45 | 49 | ||
46 | // Verify that a user key is valid | 50 | // Verify that a principal key is valid |
47 | // | 51 | // |
48 | bool VerifyUserKey(UUID userID, string key); | 52 | bool VerifyKey(UUID principalID, string key); |
53 | |||
54 | // Create a new user session. If one exists, it is cleared | ||
55 | // | ||
56 | UUID AllocateUserSession(UUID userID); | ||
49 | 57 | ||
50 | // Verify that a user session ID is valid. A session ID is | 58 | // Verify that a user session ID is valid. A session ID is |
51 | // considered valid when a user has successfully authenticated | 59 | // considered valid when a user has successfully authenticated |
52 | // at least one time inside that session. | 60 | // at least one time inside that session. |
53 | // | 61 | // |
54 | bool VerifyUserSession(UUID userID, UUID session); | 62 | bool VerifyUserSession(UUID principalID, UUID session); |
55 | 63 | ||
56 | // Remove a user session identifier and deauthenticate the user | 64 | // Remove a user session identifier and deauthenticate the user |
57 | // | 65 | // |
58 | void DestroyUserSession(UUID userID); | 66 | void DestroyUserSession(UUID principalID); |
59 | } | 67 | } |
60 | } | 68 | } |
diff --git a/bin/config-include/StandaloneHypergrid.ini b/bin/config-include/StandaloneHypergrid.ini index 8607e00..6359ac0 100644 --- a/bin/config-include/StandaloneHypergrid.ini +++ b/bin/config-include/StandaloneHypergrid.ini | |||
@@ -13,6 +13,7 @@ | |||
13 | NeighbourServices = "LocalNeighbourServicesConnector" | 13 | NeighbourServices = "LocalNeighbourServicesConnector" |
14 | InventoryServiceInConnector = true | 14 | InventoryServiceInConnector = true |
15 | AssetServiceInConnector = true | 15 | AssetServiceInConnector = true |
16 | HGAuthServiceInConnector = true | ||
16 | 17 | ||
17 | [AssetService] | 18 | [AssetService] |
18 | ; For the AssetServiceInConnector | 19 | ; For the AssetServiceInConnector |
@@ -29,3 +30,7 @@ | |||
29 | ; For HGInventoryBroker | 30 | ; For HGInventoryBroker |
30 | LocalGridInventoryService = "OpenSim.Services.InventoryService.dll:InventoryService" | 31 | LocalGridInventoryService = "OpenSim.Services.InventoryService.dll:InventoryService" |
31 | HypergridInventoryService = "OpenSim.Services.Connectors.dll:HGInventoryServiceConnector" | 32 | HypergridInventoryService = "OpenSim.Services.Connectors.dll:HGInventoryServiceConnector" |
33 | |||
34 | [AuthenticationService] | ||
35 | ; For the HGAuthServiceInConnector | ||
36 | LocalServiceModule = "OpenSim.Services.AuthenticationService.dll:HGAuthenticationService" \ No newline at end of file | ||