From 20f20895cf1444071d5edc42e11a1fb94b1b1079 Mon Sep 17 00:00:00 2001 From: Diva Canto Date: Fri, 23 May 2014 16:19:43 -0700 Subject: Adds optional HTTP Basic Authentication to Robust service connectors. --- OpenSim/Framework/Communications/RestClient.cs | 29 ++++++-- .../Servers/HttpServer/BaseStreamHandler.cs | 19 +++++- .../ServiceAuth/BasicHttpAuthentication.cs | 79 ++++++++++++++++++++++ OpenSim/Framework/ServiceAuth/IServiceAuth.cs | 15 ++++ OpenSim/Framework/ServiceAuth/ServiceAuth.cs | 23 +++++++ OpenSim/Framework/WebUtil.cs | 75 ++++++++++++++++++-- 6 files changed, 231 insertions(+), 9 deletions(-) create mode 100644 OpenSim/Framework/ServiceAuth/BasicHttpAuthentication.cs create mode 100644 OpenSim/Framework/ServiceAuth/IServiceAuth.cs create mode 100644 OpenSim/Framework/ServiceAuth/ServiceAuth.cs (limited to 'OpenSim/Framework') diff --git a/OpenSim/Framework/Communications/RestClient.cs b/OpenSim/Framework/Communications/RestClient.cs index e7f0ca8..89e6aa1 100644 --- a/OpenSim/Framework/Communications/RestClient.cs +++ b/OpenSim/Framework/Communications/RestClient.cs @@ -35,6 +35,8 @@ using System.Threading; using System.Web; using log4net; +using OpenSim.Framework.ServiceAuth; + namespace OpenSim.Framework.Communications { /// @@ -297,7 +299,7 @@ namespace OpenSim.Framework.Communications /// /// Perform a synchronous request /// - public Stream Request() + public Stream Request(IServiceAuth auth) { lock (_lock) { @@ -307,6 +309,8 @@ namespace OpenSim.Framework.Communications _request.Timeout = 200000; _request.Method = RequestMethod; _asyncException = null; + if (auth != null) + auth.AddAuthorization(_request.Headers); // IAsyncResult responseAsyncResult = _request.BeginGetResponse(new AsyncCallback(ResponseIsReadyDelegate), _request); try @@ -358,7 +362,7 @@ namespace OpenSim.Framework.Communications } } - public Stream Request(Stream src) + public Stream Request(Stream src, IServiceAuth auth) { _request = (HttpWebRequest) WebRequest.Create(buildUri()); _request.KeepAlive = false; @@ -367,6 +371,8 @@ namespace OpenSim.Framework.Communications _request.Method = RequestMethod; _asyncException = null; _request.ContentLength = src.Length; + if (auth != null) + auth.AddAuthorization(_request.Headers); m_log.InfoFormat("[REST]: Request Length {0}", _request.ContentLength); m_log.InfoFormat("[REST]: Sending Web Request {0}", buildUri()); @@ -384,7 +390,22 @@ namespace OpenSim.Framework.Communications length = src.Read(buf, 0, 1024); } - _response = (HttpWebResponse) _request.GetResponse(); + try + { + _response = (HttpWebResponse)_request.GetResponse(); + } + catch (WebException e) + { + m_log.WarnFormat("[REST]: Request {0} {1} failed with status {2} and message {3}", + RequestMethod, _request.RequestUri, e.Status, e.Message); + } + catch (Exception e) + { + m_log.WarnFormat( + "[REST]: Request {0} {1} failed with exception {2} {3}", + RequestMethod, _request.RequestUri, e.Message, e.StackTrace); + } + // IAsyncResult responseAsyncResult = _request.BeginGetResponse(new AsyncCallback(ResponseIsReadyDelegate), _request); @@ -423,7 +444,7 @@ namespace OpenSim.Framework.Communications try { // Perform the operation; if sucessful set the result - Stream s = Request(); + Stream s = Request(null); ar.SetAsCompleted(s, false); } catch (Exception e) diff --git a/OpenSim/Framework/Servers/HttpServer/BaseStreamHandler.cs b/OpenSim/Framework/Servers/HttpServer/BaseStreamHandler.cs index 252cc2a..f160734 100644 --- a/OpenSim/Framework/Servers/HttpServer/BaseStreamHandler.cs +++ b/OpenSim/Framework/Servers/HttpServer/BaseStreamHandler.cs @@ -26,6 +26,8 @@ */ using System.IO; +using System.Net; +using OpenSim.Framework.ServiceAuth; namespace OpenSim.Framework.Servers.HttpServer { @@ -37,15 +39,30 @@ namespace OpenSim.Framework.Servers.HttpServer /// public abstract class BaseStreamHandler : BaseRequestHandler, IStreamedRequestHandler { - protected BaseStreamHandler(string httpMethod, string path) : this(httpMethod, path, null, null) {} + protected IServiceAuth m_Auth; + + protected BaseStreamHandler(string httpMethod, string path) : this(httpMethod, path, null, null) { } protected BaseStreamHandler(string httpMethod, string path, string name, string description) : base(httpMethod, path, name, description) {} + protected BaseStreamHandler(string httpMethod, string path, IServiceAuth auth) + : base(httpMethod, path, null, null) + { + m_Auth = auth; + } + public virtual byte[] Handle( string path, Stream request, IOSHttpRequest httpRequest, IOSHttpResponse httpResponse) { RequestsReceived++; + if (m_Auth != null && !m_Auth.Authenticate(httpRequest.Headers, httpResponse.AddHeader)) + { + + httpResponse.StatusCode = (int)HttpStatusCode.Unauthorized; + httpResponse.ContentType = "text/plain"; + return new byte[0]; + } byte[] result = ProcessRequest(path, request, httpRequest, httpResponse); diff --git a/OpenSim/Framework/ServiceAuth/BasicHttpAuthentication.cs b/OpenSim/Framework/ServiceAuth/BasicHttpAuthentication.cs new file mode 100644 index 0000000..f33a045 --- /dev/null +++ b/OpenSim/Framework/ServiceAuth/BasicHttpAuthentication.cs @@ -0,0 +1,79 @@ +using System; +using System.Collections.Generic; +using System.Collections.Specialized; +using System.Reflection; + +using Nini.Config; +using log4net; + +namespace OpenSim.Framework.ServiceAuth +{ + public class BasicHttpAuthentication : IServiceAuth + { + private static readonly ILog m_log = LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType); + + private string m_Username, m_Password; + private string m_CredentialsB64; + + private string remove_me; + + public string Credentials + { + get { return m_CredentialsB64; } + } + + public BasicHttpAuthentication(IConfigSource config, string section) + { + remove_me = section; + m_Username = Util.GetConfigVarFromSections(config, "HttpAuthUsername", new string[] { "Network", section }, string.Empty); + m_Password = Util.GetConfigVarFromSections(config, "HttpAuthPassword", new string[] { "Network", section }, string.Empty); + string str = m_Username + ":" + m_Password; + byte[] encData_byte = Util.UTF8.GetBytes(str); + + m_CredentialsB64 = Convert.ToBase64String(encData_byte); + m_log.DebugFormat("[HTTP BASIC AUTH]: {0} {1} [{2}]", m_Username, m_Password, section); + } + + public void AddAuthorization(NameValueCollection headers) + { + //m_log.DebugFormat("[HTTP BASIC AUTH]: Adding authorization for {0}", remove_me); + headers["Authorization"] = "Basic " + m_CredentialsB64; + } + + public bool Authenticate(string data) + { + string recovered = Util.Base64ToString(data); + if (!String.IsNullOrEmpty(recovered)) + { + string[] parts = recovered.Split(new char[] { ':' }); + if (parts.Length >= 2) + { + return m_Username.Equals(parts[0]) && m_Password.Equals(parts[1]); + } + } + + return false; + } + + public bool Authenticate(NameValueCollection requestHeaders, AddHeaderDelegate d) + { + //m_log.DebugFormat("[HTTP BASIC AUTH]: Authenticate in {0}", remove_me); + if (requestHeaders != null) + { + string value = requestHeaders.Get("Authorization"); + if (value != null) + { + value = value.Trim(); + if (value.StartsWith("Basic ")) + { + value = value.Replace("Basic ", string.Empty); + if (Authenticate(value)) + return true; + } + } + } + d("WWW-Authenticate", "Basic realm = \"Asset Server\""); + return false; + } + } +} diff --git a/OpenSim/Framework/ServiceAuth/IServiceAuth.cs b/OpenSim/Framework/ServiceAuth/IServiceAuth.cs new file mode 100644 index 0000000..415dc12 --- /dev/null +++ b/OpenSim/Framework/ServiceAuth/IServiceAuth.cs @@ -0,0 +1,15 @@ +using System; +using System.Collections.Generic; +using System.Collections.Specialized; + +namespace OpenSim.Framework.ServiceAuth +{ + public delegate void AddHeaderDelegate(string key, string value); + + public interface IServiceAuth + { + bool Authenticate(string data); + bool Authenticate(NameValueCollection headers, AddHeaderDelegate d); + void AddAuthorization(NameValueCollection headers); + } +} diff --git a/OpenSim/Framework/ServiceAuth/ServiceAuth.cs b/OpenSim/Framework/ServiceAuth/ServiceAuth.cs new file mode 100644 index 0000000..bc32d90 --- /dev/null +++ b/OpenSim/Framework/ServiceAuth/ServiceAuth.cs @@ -0,0 +1,23 @@ +using System; +using System.Collections.Generic; + +using Nini.Config; + +namespace OpenSim.Framework.ServiceAuth +{ + public class ServiceAuth + { + public static IServiceAuth Create(IConfigSource config, string section) + { + string authType = Util.GetConfigVarFromSections(config, "AuthType", new string[] { "Network", section }, "None"); + + switch (authType) + { + case "BasicHttpAuthentication": + return new BasicHttpAuthentication(config, section); + } + + return null; + } + } +} diff --git a/OpenSim/Framework/WebUtil.cs b/OpenSim/Framework/WebUtil.cs index 0970fd1..e614fd5 100644 --- a/OpenSim/Framework/WebUtil.cs +++ b/OpenSim/Framework/WebUtil.cs @@ -45,6 +45,8 @@ using Nwc.XmlRpc; using OpenMetaverse.StructuredData; using XMLResponseHelper = OpenSim.Framework.SynchronousRestObjectRequester.XMLResponseHelper; +using OpenSim.Framework.ServiceAuth; + namespace OpenSim.Framework { /// @@ -773,6 +775,13 @@ namespace OpenSim.Framework string requestUrl, TRequest obj, Action action, int maxConnections) { + MakeRequest(verb, requestUrl, obj, action, maxConnections, null); + } + + public static void MakeRequest(string verb, + string requestUrl, TRequest obj, Action action, + int maxConnections, IServiceAuth auth) + { int reqnum = WebUtil.RequestNumber++; if (WebUtil.DebugLevel >= 3) @@ -786,6 +795,10 @@ namespace OpenSim.Framework WebRequest request = WebRequest.Create(requestUrl); HttpWebRequest ht = (HttpWebRequest)request; + + if (auth != null) + auth.AddAuthorization(ht.Headers); + if (maxConnections > 0 && ht.ServicePoint.ConnectionLimit < maxConnections) ht.ServicePoint.ConnectionLimit = maxConnections; @@ -969,7 +982,7 @@ namespace OpenSim.Framework /// /// Thrown if we encounter a network issue while posting /// the request. You'll want to make sure you deal with this as they're not uncommon - public static string MakeRequest(string verb, string requestUrl, string obj, int timeoutsecs) + public static string MakeRequest(string verb, string requestUrl, string obj, int timeoutsecs, IServiceAuth auth) { int reqnum = WebUtil.RequestNumber++; @@ -984,6 +997,10 @@ namespace OpenSim.Framework request.Method = verb; if (timeoutsecs > 0) request.Timeout = timeoutsecs * 1000; + + if (auth != null) + auth.AddAuthorization(request.Headers); + string respstring = String.Empty; using (MemoryStream buffer = new MemoryStream()) @@ -1068,10 +1085,20 @@ namespace OpenSim.Framework return respstring; } + public static string MakeRequest(string verb, string requestUrl, string obj, int timeoutsecs) + { + return MakeRequest(verb, requestUrl, obj, timeoutsecs, null); + } + public static string MakeRequest(string verb, string requestUrl, string obj) { return MakeRequest(verb, requestUrl, obj, -1); } + + public static string MakeRequest(string verb, string requestUrl, string obj, IServiceAuth auth) + { + return MakeRequest(verb, requestUrl, obj, -1, auth); + } } public class SynchronousRestObjectRequester @@ -1094,6 +1121,10 @@ namespace OpenSim.Framework return MakeRequest(verb, requestUrl, obj, 0); } + public static TResponse MakeRequest(string verb, string requestUrl, TRequest obj, IServiceAuth auth) + { + return MakeRequest(verb, requestUrl, obj, 0, auth); + } /// /// Perform a synchronous REST request. /// @@ -1112,7 +1143,11 @@ namespace OpenSim.Framework return MakeRequest(verb, requestUrl, obj, pTimeout, 0); } - /// + public static TResponse MakeRequest(string verb, string requestUrl, TRequest obj, int pTimeout, IServiceAuth auth) + { + return MakeRequest(verb, requestUrl, obj, pTimeout, 0, auth); + } + /// Perform a synchronous REST request. /// /// @@ -1128,6 +1163,25 @@ namespace OpenSim.Framework /// public static TResponse MakeRequest(string verb, string requestUrl, TRequest obj, int pTimeout, int maxConnections) { + return MakeRequest(verb, requestUrl, obj, pTimeout, maxConnections, null); + } + + /// + /// Perform a synchronous REST request. + /// + /// + /// + /// + /// + /// Request timeout in milliseconds. Timeout.Infinite indicates no timeout. If 0 is passed then the default HttpWebRequest timeout is used (100 seconds) + /// + /// + /// + /// The response. If there was an internal exception or the request timed out, + /// then the default(TResponse) is returned. + /// + public static TResponse MakeRequest(string verb, string requestUrl, TRequest obj, int pTimeout, int maxConnections, IServiceAuth auth) + { int reqnum = WebUtil.RequestNumber++; if (WebUtil.DebugLevel >= 3) @@ -1143,6 +1197,9 @@ namespace OpenSim.Framework WebRequest request = WebRequest.Create(requestUrl); HttpWebRequest ht = (HttpWebRequest)request; + if (auth != null) + auth.AddAuthorization(ht.Headers); + if (pTimeout != 0) ht.Timeout = pTimeout; @@ -1221,8 +1278,18 @@ namespace OpenSim.Framework { using (HttpWebResponse hwr = (HttpWebResponse)e.Response) { - if (hwr != null && hwr.StatusCode == HttpStatusCode.NotFound) - return deserial; + if (hwr != null) + { + if (hwr.StatusCode == HttpStatusCode.NotFound) + return deserial; + if (hwr.StatusCode == HttpStatusCode.Unauthorized) + { + m_log.Error(string.Format( + "[SynchronousRestObjectRequester]: Web request {0} requires authentication ", + requestUrl)); + return deserial; + } + } else m_log.Error(string.Format( "[SynchronousRestObjectRequester]: WebException for {0} {1} {2} ", -- cgit v1.1