aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/OpenSim/Services/AuthenticationService/PasswordAuthenticationService.cs
diff options
context:
space:
mode:
Diffstat (limited to 'OpenSim/Services/AuthenticationService/PasswordAuthenticationService.cs')
-rw-r--r--OpenSim/Services/AuthenticationService/PasswordAuthenticationService.cs94
1 files changed, 74 insertions, 20 deletions
diff --git a/OpenSim/Services/AuthenticationService/PasswordAuthenticationService.cs b/OpenSim/Services/AuthenticationService/PasswordAuthenticationService.cs
index 5f1bde1..0204699 100644
--- a/OpenSim/Services/AuthenticationService/PasswordAuthenticationService.cs
+++ b/OpenSim/Services/AuthenticationService/PasswordAuthenticationService.cs
@@ -41,7 +41,7 @@ namespace OpenSim.Services.AuthenticationService
41 // Generic Authentication service used for identifying 41 // Generic Authentication service used for identifying
42 // and authenticating principals. 42 // and authenticating principals.
43 // Principals may be clients acting on users' behalf, 43 // Principals may be clients acting on users' behalf,
44 // or any other components that need 44 // or any other components that need
45 // verifiable identification. 45 // verifiable identification.
46 // 46 //
47 public class PasswordAuthenticationService : 47 public class PasswordAuthenticationService :
@@ -50,7 +50,13 @@ namespace OpenSim.Services.AuthenticationService
50 private static readonly ILog m_log = 50 private static readonly ILog m_log =
51 LogManager.GetLogger( 51 LogManager.GetLogger(
52 MethodBase.GetCurrentMethod().DeclaringType); 52 MethodBase.GetCurrentMethod().DeclaringType);
53 53
54 public PasswordAuthenticationService(IConfigSource config, IUserAccountService userService) :
55 base(config, userService)
56 {
57 m_log.Debug("[AUTH SERVICE]: Started with User Account access");
58 }
59
54 public PasswordAuthenticationService(IConfigSource config) : 60 public PasswordAuthenticationService(IConfigSource config) :
55 base(config) 61 base(config)
56 { 62 {
@@ -58,42 +64,90 @@ namespace OpenSim.Services.AuthenticationService
58 64
59 public string Authenticate(UUID principalID, string password, int lifetime) 65 public string Authenticate(UUID principalID, string password, int lifetime)
60 { 66 {
67 UUID realID;
68 return Authenticate(principalID, password, lifetime, out realID);
69 }
70
71 public string Authenticate(UUID principalID, string password, int lifetime, out UUID realID)
72 {
73 realID = UUID.Zero;
74
75 m_log.DebugFormat("[AUTH SERVICE]: Authenticating for {0}, user account service present: {1}", principalID, m_UserAccountService != null);
61 AuthenticationData data = m_Database.Get(principalID); 76 AuthenticationData data = m_Database.Get(principalID);
77 UserAccount user = null;
78 if (m_UserAccountService != null)
79 user = m_UserAccountService.GetUserAccount(UUID.Zero, principalID);
62 80
63 if (data == null) 81 if (data == null || data.Data == null)
64 { 82 {
65 m_log.DebugFormat("[AUTH SERVICE]: PrincipalID {0} not found", principalID); 83 m_log.DebugFormat("[AUTH SERVICE]: PrincipalID {0} or its data not found", principalID);
66 return String.Empty; 84 return String.Empty;
67 } 85 }
68 else if (data.Data == null) 86
87 if (!data.Data.ContainsKey("passwordHash") ||
88 !data.Data.ContainsKey("passwordSalt"))
69 { 89 {
70 m_log.DebugFormat("[AUTH SERVICE]: PrincipalID {0} data not found", principalID);
71 return String.Empty; 90 return String.Empty;
72 } 91 }
73 else if (!data.Data.ContainsKey("passwordHash") || !data.Data.ContainsKey("passwordSalt")) 92
93 string hashed = Util.Md5Hash(password + ":" +
94 data.Data["passwordSalt"].ToString());
95
96// m_log.DebugFormat("[PASS AUTH]: got {0}; hashed = {1}; stored = {2}", password, hashed, data.Data["passwordHash"].ToString());
97
98 if (data.Data["passwordHash"].ToString() == hashed)
99 {
100 return GetToken(principalID, lifetime);
101 }
102
103 if (user == null)
74 { 104 {
75 m_log.DebugFormat( 105 m_log.DebugFormat("[PASS AUTH]: No user record for {0}", principalID);
76 "[AUTH SERVICE]: PrincipalID {0} data didn't contain either passwordHash or passwordSalt", principalID);
77 return String.Empty; 106 return String.Empty;
78 } 107 }
79 else 108
109 int impersonateFlag = 1 << 6;
110
111 if ((user.UserFlags & impersonateFlag) == 0)
112 return String.Empty;
113
114 m_log.DebugFormat("[PASS AUTH]: Attempting impersonation");
115
116 List<UserAccount> accounts = m_UserAccountService.GetUserAccountsWhere(UUID.Zero, "UserLevel >= 200");
117 if (accounts == null || accounts.Count == 0)
118 return String.Empty;
119
120 foreach (UserAccount a in accounts)
80 { 121 {
81 string hashed = Util.Md5Hash(password + ":" + data.Data["passwordSalt"].ToString()); 122 data = m_Database.Get(a.PrincipalID);
123 if (data == null || data.Data == null ||
124 !data.Data.ContainsKey("passwordHash") ||
125 !data.Data.ContainsKey("passwordSalt"))
126 {
127 continue;
128 }
129
130// m_log.DebugFormat("[PASS AUTH]: Trying {0}", data.PrincipalID);
82 131
83 m_log.DebugFormat("[PASS AUTH]: got {0}; hashed = {1}; stored = {2}", password, hashed, data.Data["passwordHash"].ToString()); 132 hashed = Util.Md5Hash(password + ":" +
133 data.Data["passwordSalt"].ToString());
84 134
85 if (data.Data["passwordHash"].ToString() == hashed) 135 if (data.Data["passwordHash"].ToString() == hashed)
86 { 136 {
137 m_log.DebugFormat("[PASS AUTH]: {0} {1} impersonating {2}, proceeding with login", a.FirstName, a.LastName, principalID);
138 realID = a.PrincipalID;
87 return GetToken(principalID, lifetime); 139 return GetToken(principalID, lifetime);
88 } 140 }
89 else 141// else
90 { 142// {
91 m_log.DebugFormat( 143// m_log.DebugFormat(
92 "[AUTH SERVICE]: Salted hash {0} of given password did not match salted hash of {1} for PrincipalID {2}. Authentication failure.", 144// "[AUTH SERVICE]: Salted hash {0} of given password did not match salted hash of {1} for PrincipalID {2}. Authentication failure.",
93 hashed, data.Data["passwordHash"], principalID); 145// hashed, data.Data["passwordHash"], data.PrincipalID);
94 return String.Empty; 146// }
95 }
96 } 147 }
148
149 m_log.DebugFormat("[PASS AUTH]: Impersonation of {0} failed", principalID);
150 return String.Empty;
97 } 151 }
98 } 152 }
99} \ No newline at end of file 153}