1 files changed, 307 insertions, 0 deletions
diff --git a/OpenSim/Services/Connectors/SimianGrid/SimianAuthenticationServiceConnector.cs b/OpenSim/Services/Connectors/SimianGrid/SimianAuthenticationServiceConnector.cs
new file mode 100644
index 0000000..3bd11d9
--- /dev/null
+++ b/OpenSim/Services/Connectors/SimianGrid/SimianAuthenticationServiceConnector.cs
@@ -0,0 +1,307 @@
+/*
+ * Copyright (c) Contributors, http://opensimulator.org/
+ * See CONTRIBUTORS.TXT for a full list of copyright holders.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *     * Redistributions of source code must retain the above copyright
+ *       notice, this list of conditions and the following disclaimer.
+ *     * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *     * Neither the name of the OpenSimulator Project nor the
+ *       names of its contributors may be used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+using System;
+using System.Collections.Specialized;
+using System.Reflection;
+using log4net;
+using Mono.Addins;
+using Nini.Config;
+using OpenMetaverse;
+using OpenMetaverse.StructuredData;
+using OpenSim.Framework;
+using OpenSim.Region.Framework.Interfaces;
+using OpenSim.Region.Framework.Scenes;
+using OpenSim.Services.Interfaces;
+namespace OpenSim.Services.Connectors.SimianGrid
+{
+    /// <summary>
+    /// Connects authentication/authorization to the SimianGrid backend
+    /// </summary>
+    [Extension(Path = "/OpenSim/RegionModules", NodeName = "RegionModule", Id = "SimianAuthenticationServiceConnector")]
+    public class SimianAuthenticationServiceConnector : IAuthenticationService, ISharedRegionModule
+    {
+        private static readonly ILog m_log =
+                LogManager.GetLogger(
+                MethodBase.GetCurrentMethod().DeclaringType);
+        private string m_serverUrl = String.Empty;
+        private bool m_Enabled = false;
+        #region ISharedRegionModule
+        public Type ReplaceableInterface { get { return null; } }
+        public void RegionLoaded(Scene scene) { }
+        public void PostInitialise() { }
+        public void Close() { }
+        public SimianAuthenticationServiceConnector() { }
+        public string Name { get { return "SimianAuthenticationServiceConnector"; } }
+        public void AddRegion(Scene scene) { if (m_Enabled) { scene.RegisterModuleInterface<IAuthenticationService>(this); } }
+        public void RemoveRegion(Scene scene) { if (m_Enabled) { scene.UnregisterModuleInterface<IAuthenticationService>(this); } }
+        #endregion ISharedRegionModule
+        public SimianAuthenticationServiceConnector(IConfigSource source)
+        {
+            CommonInit(source);
+        }
+        public void Initialise(IConfigSource source)
+        {
+            IConfig moduleConfig = source.Configs["Modules"];
+            if (moduleConfig != null)
+            {
+                string name = moduleConfig.GetString("AuthenticationServices", "");
+                if (name == Name)
+                    CommonInit(source);
+            }
+        }
+        private void CommonInit(IConfigSource source)
+        {
+            IConfig gridConfig = source.Configs["AuthenticationService"];
+            if (gridConfig != null)
+            {
+                string serviceUrl = gridConfig.GetString("AuthenticationServerURI");
+                if (!String.IsNullOrEmpty(serviceUrl))
+                {
+                    if (!serviceUrl.EndsWith("/") && !serviceUrl.EndsWith("="))
+                        serviceUrl = serviceUrl + '/';
+                    m_serverUrl = serviceUrl;
+                    m_Enabled = true;
+                }
+            }
+            if (String.IsNullOrEmpty(m_serverUrl))
+                m_log.Info("[SIMIAN AUTH CONNECTOR]: No AuthenticationServerURI specified, disabling connector");
+        }
+        public string Authenticate(UUID principalID, string password, int lifetime)
+        {
+            NameValueCollection requestArgs = new NameValueCollection
+            {
+                { "RequestMethod", "GetIdentities" },
+                { "UserID", principalID.ToString() }
+            };
+            OSDMap response = SimianGrid.PostToService(m_serverUrl, requestArgs);
+            if (response["Success"].AsBoolean() && response["Identities"] is OSDArray)
+            {
+                bool md5hashFound = false;
+                OSDArray identities = (OSDArray)response["Identities"];
+                for (int i = 0; i < identities.Count; i++)
+                {
+                    OSDMap identity = identities[i] as OSDMap;
+                    if (identity != null)
+                    {
+                        if (identity["Type"].AsString() == "md5hash")
+                        {
+                            string authorizeResult;
+                            if (CheckPassword(principalID, password, identity["Credential"].AsString(), out authorizeResult))
+                                return authorizeResult;
+                            md5hashFound = true;
+                            break;
+                        }
+                    }
+                }
+                if (!md5hashFound)
+                    m_log.Warn("[SIMIAN AUTH CONNECTOR]: Authentication failed for " + principalID + ", no md5hash identity found");
+            }
+            else
+            {
+                m_log.Warn("[SIMIAN AUTH CONNECTOR]: Failed to retrieve identities for " + principalID + ": "  +
+                    response["Message"].AsString());
+            }
+            return String.Empty;
+        }
+        public bool Verify(UUID principalID, string token, int lifetime)
+        {
+            NameValueCollection requestArgs = new NameValueCollection
+            {
+                { "RequestMethod", "GetSession" },
+                { "SessionID", token }
+            };
+            OSDMap response = SimianGrid.PostToService(m_serverUrl, requestArgs);
+            if (response["Success"].AsBoolean())
+            {
+                return true;
+            }
+            else
+            {
+                m_log.Warn("[SIMIAN AUTH CONNECTOR]: Could not verify session for " + principalID + ": " +
+                    response["Message"].AsString());
+            }
+            return false;
+        }
+        public bool Release(UUID principalID, string token)
+        {
+            NameValueCollection requestArgs = new NameValueCollection
+            {
+                { "RequestMethod", "RemoveSession" },
+                { "UserID", principalID.ToString() }
+            };
+            OSDMap response = SimianGrid.PostToService(m_serverUrl, requestArgs);
+            if (response["Success"].AsBoolean())
+            {
+                return true;
+            }
+            else
+            {
+                m_log.Warn("[SIMIAN AUTH CONNECTOR]: Failed to remove session for " + principalID + ": " +
+                    response["Message"].AsString());
+            }
+            return false;
+        }
+        public bool SetPassword(UUID principalID, string passwd)
+        {
+            // Fetch the user name first
+            NameValueCollection requestArgs = new NameValueCollection
+            {
+                { "RequestMethod", "GetUser" },
+                { "UserID", principalID.ToString() }
+            };
+            OSDMap response = SimianGrid.PostToService(m_serverUrl, requestArgs);
+            if (response["Success"].AsBoolean() && response["User"] is OSDMap)
+            {
+                OSDMap userMap = (OSDMap)response["User"];
+                string identifier = userMap["Name"].AsString();
+                if (!String.IsNullOrEmpty(identifier))
+                {
+                    // Add/update the md5hash identity
+                    // TODO: Support salts when AddIdentity does
+                    // TODO: Create an a1hash too for WebDAV logins
+                    requestArgs = new NameValueCollection
+                    {
+                        { "RequestMethod", "AddIdentity" },
+                        { "Identifier", identifier },
+                        { "Credential", "$1$" + Utils.MD5String(passwd) },
+                        { "Type", "md5hash" },
+                        { "UserID", principalID.ToString() }
+                    };
+                    response = SimianGrid.PostToService(m_serverUrl, requestArgs);
+                    bool success = response["Success"].AsBoolean();
+                    if (!success)
+                        m_log.WarnFormat("[SIMIAN AUTH CONNECTOR]: Failed to set password for {0} ({1})", identifier, principalID);
+                    return success;
+                }
+            }
+            else
+            {
+                m_log.Warn("[SIMIAN AUTH CONNECTOR]: Failed to retrieve identities for " + principalID + ": " +
+                    response["Message"].AsString());
+            }
+            return false;
+        }
+        public AuthInfo GetAuthInfo(UUID principalID)
+        {
+            throw new NotImplementedException();
+        }
+        public bool SetAuthInfo(AuthInfo info)
+        {
+            throw new NotImplementedException();
+        }
+        private bool CheckPassword(UUID userID, string password, string simianGridCredential, out string authorizeResult)
+        {
+            if (simianGridCredential.Contains(":"))
+            {
+                // Salted version
+                int idx = simianGridCredential.IndexOf(':');
+                string finalhash = simianGridCredential.Substring(0, idx);
+                string salt = simianGridCredential.Substring(idx + 1);
+                if (finalhash == Utils.MD5String(password + ":" + salt))
+                {
+                    authorizeResult = Authorize(userID);
+                    return true;
+                }
+                else
+                {
+                    m_log.Warn("[SIMIAN AUTH CONNECTOR]: Authentication failed for " + userID +
+                        " using md5hash " + Utils.MD5String(password) + ":" + salt);
+                }
+            }
+            else
+            {
+                // Unsalted version
+                if (password == simianGridCredential ||
+                    "$1$" + password == simianGridCredential ||
+                    "$1$" + Utils.MD5String(password) == simianGridCredential ||
+                    Utils.MD5String(password) == simianGridCredential ||
+                    "$1$" + Utils.MD5String(password + ":") == simianGridCredential)
+                {
+                    authorizeResult = Authorize(userID);
+                    return true;
+                }
+                else
+                {
+                    m_log.Warn("[SIMIAN AUTH CONNECTOR]: Authentication failed for " + userID +
+                        " using md5hash $1$" + Utils.MD5String(password));
+                }
+            }
+            authorizeResult = null;
+            return false;
+        }
+        private string Authorize(UUID userID)
+        {
+            NameValueCollection requestArgs = new NameValueCollection
+            {
+                { "RequestMethod", "AddSession" },
+                { "UserID", userID.ToString() }
+            };
+            OSDMap response = SimianGrid.PostToService(m_serverUrl, requestArgs);
+            if (response["Success"].AsBoolean())
+                return response["SessionID"].AsUUID().ToString();
+            else
+                return String.Empty;
+        }
+    }
+}

diff --git a/OpenSim/Services/Connectors/SimianGrid/SimianAuthenticationServiceConnector.cs b/OpenSim/Services/Connectors/SimianGrid/SimianAuthenticationServiceConnector.cs new file mode 100644 index 0000000..3bd11d9 --- /dev/null +++ b/OpenSim/Services/Connectors/SimianGrid/SimianAuthenticationServiceConnector.cs
@@ -0,0 +1,307 @@
	1	/*
	2	* Copyright (c) Contributors, http://opensimulator.org/
	3	* See CONTRIBUTORS.TXT for a full list of copyright holders.
	4	*
	5	* Redistribution and use in source and binary forms, with or without
	6	* modification, are permitted provided that the following conditions are met:
	7	* * Redistributions of source code must retain the above copyright
	8	* notice, this list of conditions and the following disclaimer.
	9	* * Redistributions in binary form must reproduce the above copyright
	10	* notice, this list of conditions and the following disclaimer in the
	11	* documentation and/or other materials provided with the distribution.
	12	* * Neither the name of the OpenSimulator Project nor the
	13	* names of its contributors may be used to endorse or promote products
	14	* derived from this software without specific prior written permission.
	15	*
	16	* THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY
	17	* EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
	18	* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
	19	* DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY
	20	* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
	21	* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
	22	* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
	23	* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
	24	* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
	25	* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
	26	*/
	27
	28	using System;
	29	using System.Collections.Specialized;
	30	using System.Reflection;
	31	using log4net;
	32	using Mono.Addins;
	33	using Nini.Config;
	34	using OpenMetaverse;
	35	using OpenMetaverse.StructuredData;
	36	using OpenSim.Framework;
	37	using OpenSim.Region.Framework.Interfaces;
	38	using OpenSim.Region.Framework.Scenes;
	39	using OpenSim.Services.Interfaces;
	40
	41	namespace OpenSim.Services.Connectors.SimianGrid
	42	{
	43	/// <summary>
	44	/// Connects authentication/authorization to the SimianGrid backend
	45	/// </summary>
	46	[Extension(Path = "/OpenSim/RegionModules", NodeName = "RegionModule", Id = "SimianAuthenticationServiceConnector")]
	47	public class SimianAuthenticationServiceConnector : IAuthenticationService, ISharedRegionModule
	48	{
	49	private static readonly ILog m_log =
	50	LogManager.GetLogger(
	51	MethodBase.GetCurrentMethod().DeclaringType);
	52
	53	private string m_serverUrl = String.Empty;
	54	private bool m_Enabled = false;
	55
	56	#region ISharedRegionModule
	57
	58	public Type ReplaceableInterface { get { return null; } }
	59	public void RegionLoaded(Scene scene) { }
	60	public void PostInitialise() { }
	61	public void Close() { }
	62
	63	public SimianAuthenticationServiceConnector() { }
	64	public string Name { get { return "SimianAuthenticationServiceConnector"; } }
	65	public void AddRegion(Scene scene) { if (m_Enabled) { scene.RegisterModuleInterface<IAuthenticationService>(this); } }
	66	public void RemoveRegion(Scene scene) { if (m_Enabled) { scene.UnregisterModuleInterface<IAuthenticationService>(this); } }
	67
	68	#endregion ISharedRegionModule
	69
	70	public SimianAuthenticationServiceConnector(IConfigSource source)
	71	{
	72	CommonInit(source);
	73	}
	74
	75	public void Initialise(IConfigSource source)
	76	{
	77	IConfig moduleConfig = source.Configs["Modules"];
	78	if (moduleConfig != null)
	79	{
	80	string name = moduleConfig.GetString("AuthenticationServices", "");
	81	if (name == Name)
	82	CommonInit(source);
	83	}
	84	}
	85
	86	private void CommonInit(IConfigSource source)
	87	{
	88	IConfig gridConfig = source.Configs["AuthenticationService"];
	89	if (gridConfig != null)
	90	{
	91	string serviceUrl = gridConfig.GetString("AuthenticationServerURI");
	92	if (!String.IsNullOrEmpty(serviceUrl))
	93	{
	94	if (!serviceUrl.EndsWith("/") && !serviceUrl.EndsWith("="))
	95	serviceUrl = serviceUrl + '/';
	96	m_serverUrl = serviceUrl;
	97	m_Enabled = true;
	98	}
	99	}
	100
	101	if (String.IsNullOrEmpty(m_serverUrl))
	102	m_log.Info("[SIMIAN AUTH CONNECTOR]: No AuthenticationServerURI specified, disabling connector");
	103	}
	104
	105	public string Authenticate(UUID principalID, string password, int lifetime)
	106	{
	107	NameValueCollection requestArgs = new NameValueCollection
	108	{
	109	{ "RequestMethod", "GetIdentities" },
	110	{ "UserID", principalID.ToString() }
	111	};
	112
	113	OSDMap response = SimianGrid.PostToService(m_serverUrl, requestArgs);
	114	if (response["Success"].AsBoolean() && response["Identities"] is OSDArray)
	115	{
	116	bool md5hashFound = false;
	117
	118	OSDArray identities = (OSDArray)response["Identities"];
	119	for (int i = 0; i < identities.Count; i++)
	120	{
	121	OSDMap identity = identities[i] as OSDMap;
	122	if (identity != null)
	123	{
	124	if (identity["Type"].AsString() == "md5hash")
	125	{
	126	string authorizeResult;
	127	if (CheckPassword(principalID, password, identity["Credential"].AsString(), out authorizeResult))
	128	return authorizeResult;
	129
	130	md5hashFound = true;
	131	break;
	132	}
	133	}
	134	}
	135
	136	if (!md5hashFound)
	137	m_log.Warn("[SIMIAN AUTH CONNECTOR]: Authentication failed for " + principalID + ", no md5hash identity found");
	138	}
	139	else
	140	{
	141	m_log.Warn("[SIMIAN AUTH CONNECTOR]: Failed to retrieve identities for " + principalID + ": " +
	142	response["Message"].AsString());
	143	}
	144
	145	return String.Empty;
	146	}
	147
	148	public bool Verify(UUID principalID, string token, int lifetime)
	149	{
	150	NameValueCollection requestArgs = new NameValueCollection
	151	{
	152	{ "RequestMethod", "GetSession" },
	153	{ "SessionID", token }
	154	};
	155
	156	OSDMap response = SimianGrid.PostToService(m_serverUrl, requestArgs);
	157	if (response["Success"].AsBoolean())
	158	{
	159	return true;
	160	}
	161	else
	162	{
	163	m_log.Warn("[SIMIAN AUTH CONNECTOR]: Could not verify session for " + principalID + ": " +
	164	response["Message"].AsString());
	165	}
	166
	167	return false;
	168	}
	169
	170	public bool Release(UUID principalID, string token)
	171	{
	172	NameValueCollection requestArgs = new NameValueCollection
	173	{
	174	{ "RequestMethod", "RemoveSession" },
	175	{ "UserID", principalID.ToString() }
	176	};
	177
	178	OSDMap response = SimianGrid.PostToService(m_serverUrl, requestArgs);
	179	if (response["Success"].AsBoolean())
	180	{
	181	return true;
	182	}
	183	else
	184	{
	185	m_log.Warn("[SIMIAN AUTH CONNECTOR]: Failed to remove session for " + principalID + ": " +
	186	response["Message"].AsString());
	187	}
	188
	189	return false;
	190	}
	191
	192	public bool SetPassword(UUID principalID, string passwd)
	193	{
	194	// Fetch the user name first
	195	NameValueCollection requestArgs = new NameValueCollection
	196	{
	197	{ "RequestMethod", "GetUser" },
	198	{ "UserID", principalID.ToString() }
	199	};
	200
	201	OSDMap response = SimianGrid.PostToService(m_serverUrl, requestArgs);
	202	if (response["Success"].AsBoolean() && response["User"] is OSDMap)
	203	{
	204	OSDMap userMap = (OSDMap)response["User"];
	205	string identifier = userMap["Name"].AsString();
	206
	207	if (!String.IsNullOrEmpty(identifier))
	208	{
	209	// Add/update the md5hash identity
	210	// TODO: Support salts when AddIdentity does
	211	// TODO: Create an a1hash too for WebDAV logins
	212	requestArgs = new NameValueCollection
	213	{
	214	{ "RequestMethod", "AddIdentity" },
	215	{ "Identifier", identifier },
	216	{ "Credential", "$1$" + Utils.MD5String(passwd) },
	217	{ "Type", "md5hash" },
	218	{ "UserID", principalID.ToString() }
	219	};
	220
	221	response = SimianGrid.PostToService(m_serverUrl, requestArgs);
	222	bool success = response["Success"].AsBoolean();
	223
	224	if (!success)
	225	m_log.WarnFormat("[SIMIAN AUTH CONNECTOR]: Failed to set password for {0} ({1})", identifier, principalID);
	226
	227	return success;
	228	}
	229	}
	230	else
	231	{
	232	m_log.Warn("[SIMIAN AUTH CONNECTOR]: Failed to retrieve identities for " + principalID + ": " +
	233	response["Message"].AsString());
	234	}
	235
	236	return false;
	237	}
	238
	239	public AuthInfo GetAuthInfo(UUID principalID)
	240	{
	241	throw new NotImplementedException();
	242	}
	243
	244	public bool SetAuthInfo(AuthInfo info)
	245	{
	246	throw new NotImplementedException();
	247	}
	248
	249	private bool CheckPassword(UUID userID, string password, string simianGridCredential, out string authorizeResult)
	250	{
	251	if (simianGridCredential.Contains(":"))
	252	{
	253	// Salted version
	254	int idx = simianGridCredential.IndexOf(':');
	255	string finalhash = simianGridCredential.Substring(0, idx);
	256	string salt = simianGridCredential.Substring(idx + 1);
	257
	258	if (finalhash == Utils.MD5String(password + ":" + salt))
	259	{
	260	authorizeResult = Authorize(userID);
	261	return true;
	262	}
	263	else
	264	{
	265	m_log.Warn("[SIMIAN AUTH CONNECTOR]: Authentication failed for " + userID +
	266	" using md5hash " + Utils.MD5String(password) + ":" + salt);
	267	}
	268	}
	269	else
	270	{
	271	// Unsalted version
	272	if (password == simianGridCredential \|\|
	273	"$1$" + password == simianGridCredential \|\|
	274	"$1$" + Utils.MD5String(password) == simianGridCredential \|\|
	275	Utils.MD5String(password) == simianGridCredential \|\|
	276	"$1$" + Utils.MD5String(password + ":") == simianGridCredential)
	277	{
	278	authorizeResult = Authorize(userID);
	279	return true;
	280	}
	281	else
	282	{
	283	m_log.Warn("[SIMIAN AUTH CONNECTOR]: Authentication failed for " + userID +
	284	" using md5hash $1$" + Utils.MD5String(password));
	285	}
	286	}
	287
	288	authorizeResult = null;
	289	return false;
	290	}
	291
	292	private string Authorize(UUID userID)
	293	{
	294	NameValueCollection requestArgs = new NameValueCollection
	295	{
	296	{ "RequestMethod", "AddSession" },
	297	{ "UserID", userID.ToString() }
	298	};
	299
	300	OSDMap response = SimianGrid.PostToService(m_serverUrl, requestArgs);
	301	if (response["Success"].AsBoolean())
	302	return response["SessionID"].AsUUID().ToString();
	303	else
	304	return String.Empty;
	305	}
	306	}
	307	}