From 5e4d6cab00cb29cd088ab7b62ab13aff103b64cb Mon Sep 17 00:00:00 2001 From: onefang Date: Sun, 19 May 2019 21:24:15 +1000 Subject: Dump OpenSim 0.9.0.1 into it's own branch. --- .../AuthenticationServiceBase.cs | 15 +++- .../PasswordAuthenticationService.cs | 94 +++++++++++++++++----- .../Properties/AssemblyInfo.cs | 10 +-- .../WebkeyAuthenticationService.cs | 15 +++- .../WebkeyOrPasswordAuthenticationService.cs | 23 ++++-- 5 files changed, 121 insertions(+), 36 deletions(-) (limited to 'OpenSim/Services/AuthenticationService') diff --git a/OpenSim/Services/AuthenticationService/AuthenticationServiceBase.cs b/OpenSim/Services/AuthenticationService/AuthenticationServiceBase.cs index 229f557..f66b4e2 100644 --- a/OpenSim/Services/AuthenticationService/AuthenticationServiceBase.cs +++ b/OpenSim/Services/AuthenticationService/AuthenticationServiceBase.cs @@ -30,17 +30,18 @@ using OpenMetaverse; using log4net; using Nini.Config; using System.Reflection; +using OpenSim.Server.Base; +using OpenSim.Services.Interfaces; using OpenSim.Data; using OpenSim.Framework; using OpenSim.Services.Base; -using OpenSim.Services.Interfaces; namespace OpenSim.Services.AuthenticationService { // Generic Authentication service used for identifying // and authenticating principals. // Principals may be clients acting on users' behalf, - // or any other components that need + // or any other components that need // verifiable identification. // public class AuthenticationServiceBase : ServiceBase @@ -48,8 +49,14 @@ namespace OpenSim.Services.AuthenticationService private static readonly ILog m_log = LogManager.GetLogger( MethodBase.GetCurrentMethod().DeclaringType); - + protected IAuthenticationData m_Database; + protected IUserAccountService m_UserAccountService = null; + + public AuthenticationServiceBase(IConfigSource config, IUserAccountService acct) : this(config) + { + m_UserAccountService = acct; + } public AuthenticationServiceBase(IConfigSource config) : base(config) { @@ -171,7 +178,7 @@ namespace OpenSim.Services.AuthenticationService m_log.DebugFormat("[AUTHENTICATION DB]: Set authentication info for principalID {0}", info.PrincipalID); return true; } - + protected string GetToken(UUID principalID, int lifetime) { UUID token = UUID.Random(); diff --git a/OpenSim/Services/AuthenticationService/PasswordAuthenticationService.cs b/OpenSim/Services/AuthenticationService/PasswordAuthenticationService.cs index 5f1bde1..0204699 100644 --- a/OpenSim/Services/AuthenticationService/PasswordAuthenticationService.cs +++ b/OpenSim/Services/AuthenticationService/PasswordAuthenticationService.cs @@ -41,7 +41,7 @@ namespace OpenSim.Services.AuthenticationService // Generic Authentication service used for identifying // and authenticating principals. // Principals may be clients acting on users' behalf, - // or any other components that need + // or any other components that need // verifiable identification. // public class PasswordAuthenticationService : @@ -50,7 +50,13 @@ namespace OpenSim.Services.AuthenticationService private static readonly ILog m_log = LogManager.GetLogger( MethodBase.GetCurrentMethod().DeclaringType); - + + public PasswordAuthenticationService(IConfigSource config, IUserAccountService userService) : + base(config, userService) + { + m_log.Debug("[AUTH SERVICE]: Started with User Account access"); + } + public PasswordAuthenticationService(IConfigSource config) : base(config) { @@ -58,42 +64,90 @@ namespace OpenSim.Services.AuthenticationService public string Authenticate(UUID principalID, string password, int lifetime) { + UUID realID; + return Authenticate(principalID, password, lifetime, out realID); + } + + public string Authenticate(UUID principalID, string password, int lifetime, out UUID realID) + { + realID = UUID.Zero; + + m_log.DebugFormat("[AUTH SERVICE]: Authenticating for {0}, user account service present: {1}", principalID, m_UserAccountService != null); AuthenticationData data = m_Database.Get(principalID); + UserAccount user = null; + if (m_UserAccountService != null) + user = m_UserAccountService.GetUserAccount(UUID.Zero, principalID); - if (data == null) + if (data == null || data.Data == null) { - m_log.DebugFormat("[AUTH SERVICE]: PrincipalID {0} not found", principalID); + m_log.DebugFormat("[AUTH SERVICE]: PrincipalID {0} or its data not found", principalID); return String.Empty; } - else if (data.Data == null) + + if (!data.Data.ContainsKey("passwordHash") || + !data.Data.ContainsKey("passwordSalt")) { - m_log.DebugFormat("[AUTH SERVICE]: PrincipalID {0} data not found", principalID); return String.Empty; } - else if (!data.Data.ContainsKey("passwordHash") || !data.Data.ContainsKey("passwordSalt")) + + string hashed = Util.Md5Hash(password + ":" + + data.Data["passwordSalt"].ToString()); + +// m_log.DebugFormat("[PASS AUTH]: got {0}; hashed = {1}; stored = {2}", password, hashed, data.Data["passwordHash"].ToString()); + + if (data.Data["passwordHash"].ToString() == hashed) + { + return GetToken(principalID, lifetime); + } + + if (user == null) { - m_log.DebugFormat( - "[AUTH SERVICE]: PrincipalID {0} data didn't contain either passwordHash or passwordSalt", principalID); + m_log.DebugFormat("[PASS AUTH]: No user record for {0}", principalID); return String.Empty; } - else + + int impersonateFlag = 1 << 6; + + if ((user.UserFlags & impersonateFlag) == 0) + return String.Empty; + + m_log.DebugFormat("[PASS AUTH]: Attempting impersonation"); + + List accounts = m_UserAccountService.GetUserAccountsWhere(UUID.Zero, "UserLevel >= 200"); + if (accounts == null || accounts.Count == 0) + return String.Empty; + + foreach (UserAccount a in accounts) { - string hashed = Util.Md5Hash(password + ":" + data.Data["passwordSalt"].ToString()); + data = m_Database.Get(a.PrincipalID); + if (data == null || data.Data == null || + !data.Data.ContainsKey("passwordHash") || + !data.Data.ContainsKey("passwordSalt")) + { + continue; + } + +// m_log.DebugFormat("[PASS AUTH]: Trying {0}", data.PrincipalID); - m_log.DebugFormat("[PASS AUTH]: got {0}; hashed = {1}; stored = {2}", password, hashed, data.Data["passwordHash"].ToString()); + hashed = Util.Md5Hash(password + ":" + + data.Data["passwordSalt"].ToString()); if (data.Data["passwordHash"].ToString() == hashed) { + m_log.DebugFormat("[PASS AUTH]: {0} {1} impersonating {2}, proceeding with login", a.FirstName, a.LastName, principalID); + realID = a.PrincipalID; return GetToken(principalID, lifetime); } - else - { - m_log.DebugFormat( - "[AUTH SERVICE]: Salted hash {0} of given password did not match salted hash of {1} for PrincipalID {2}. Authentication failure.", - hashed, data.Data["passwordHash"], principalID); - return String.Empty; - } +// else +// { +// m_log.DebugFormat( +// "[AUTH SERVICE]: Salted hash {0} of given password did not match salted hash of {1} for PrincipalID {2}. Authentication failure.", +// hashed, data.Data["passwordHash"], data.PrincipalID); +// } } + + m_log.DebugFormat("[PASS AUTH]: Impersonation of {0} failed", principalID); + return String.Empty; } } -} \ No newline at end of file +} diff --git a/OpenSim/Services/AuthenticationService/Properties/AssemblyInfo.cs b/OpenSim/Services/AuthenticationService/Properties/AssemblyInfo.cs index f25accc..c946b04 100644 --- a/OpenSim/Services/AuthenticationService/Properties/AssemblyInfo.cs +++ b/OpenSim/Services/AuthenticationService/Properties/AssemblyInfo.cs @@ -2,7 +2,7 @@ using System.Runtime.CompilerServices; using System.Runtime.InteropServices; -// General Information about an assembly is controlled through the following +// General Information about an assembly is controlled through the following // set of attributes. Change these attribute values to modify the information // associated with an assembly. [assembly: AssemblyTitle("OpenSim.Services.AuthenticationService")] @@ -14,8 +14,8 @@ using System.Runtime.InteropServices; [assembly: AssemblyTrademark("")] [assembly: AssemblyCulture("")] -// Setting ComVisible to false makes the types in this assembly not visible -// to COM components. If you need to access a type in this assembly from +// Setting ComVisible to false makes the types in this assembly not visible +// to COM components. If you need to access a type in this assembly from // COM, set the ComVisible attribute to true on that type. [assembly: ComVisible(false)] @@ -25,9 +25,9 @@ using System.Runtime.InteropServices; // Version information for an assembly consists of the following four values: // // Major Version -// Minor Version +// Minor Version // Build Number // Revision // -[assembly: AssemblyVersion("0.8.3.*")] +[assembly: AssemblyVersion(OpenSim.VersionInfo.AssemblyVersionNumber)] diff --git a/OpenSim/Services/AuthenticationService/WebkeyAuthenticationService.cs b/OpenSim/Services/AuthenticationService/WebkeyAuthenticationService.cs index 2344c0e..0bd5b1f 100644 --- a/OpenSim/Services/AuthenticationService/WebkeyAuthenticationService.cs +++ b/OpenSim/Services/AuthenticationService/WebkeyAuthenticationService.cs @@ -40,7 +40,7 @@ namespace OpenSim.Services.AuthenticationService // Generic Authentication service used for identifying // and authenticating principals. // Principals may be clients acting on users' behalf, - // or any other components that need + // or any other components that need // verifiable identification. // public class WebkeyAuthenticationService : @@ -50,11 +50,22 @@ namespace OpenSim.Services.AuthenticationService LogManager.GetLogger( MethodBase.GetCurrentMethod().DeclaringType); + public WebkeyAuthenticationService(IConfigSource config, IUserAccountService userService) : + base(config, userService) + { + } + public WebkeyAuthenticationService(IConfigSource config) : base(config) { } + public string Authenticate(UUID principalID, string password, int lifetime, out UUID realID) + { + realID = UUID.Zero; + return Authenticate(principalID, password, lifetime); + } + public string Authenticate(UUID principalID, string password, int lifetime) { if (new UUID(password) == UUID.Zero) @@ -68,7 +79,7 @@ namespace OpenSim.Services.AuthenticationService { if (data.Data.ContainsKey("webLoginKey")) { - string key = data.Data["webLoginKey"].ToString(); + string key = data.Data["webLoginKey"].ToString(); if (key == password) { data.Data["webLoginKey"] = UUID.Zero.ToString(); diff --git a/OpenSim/Services/AuthenticationService/WebkeyOrPasswordAuthenticationService.cs b/OpenSim/Services/AuthenticationService/WebkeyOrPasswordAuthenticationService.cs index 2c6cebd..4203c7b 100644 --- a/OpenSim/Services/AuthenticationService/WebkeyOrPasswordAuthenticationService.cs +++ b/OpenSim/Services/AuthenticationService/WebkeyOrPasswordAuthenticationService.cs @@ -43,9 +43,9 @@ namespace OpenSim.Services.AuthenticationService { private static readonly ILog m_log = LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType); - private Dictionary m_svcChecks + private Dictionary m_svcChecks = new Dictionary(); - + public WebkeyOrPasswordAuthenticationService(IConfigSource config) : base(config) { @@ -55,14 +55,22 @@ namespace OpenSim.Services.AuthenticationService public string Authenticate(UUID principalID, string password, int lifetime) { + UUID realID; + + return Authenticate(principalID, password, lifetime, out realID); + } + + public string Authenticate(UUID principalID, string password, int lifetime, out UUID realID) + { AuthenticationData data = m_Database.Get(principalID); string result = String.Empty; + realID = UUID.Zero; if (data != null && data.Data != null) { if (data.Data.ContainsKey("webLoginKey")) { m_log.DebugFormat("[AUTH SERVICE]: Attempting web key authentication for PrincipalID {0}", principalID); - result = m_svcChecks["web_login_key"].Authenticate(principalID, password, lifetime); + result = m_svcChecks["web_login_key"].Authenticate(principalID, password, lifetime, out realID); if (result == String.Empty) { m_log.DebugFormat("[AUTH SERVICE]: Web Login failed for PrincipalID {0}", principalID); @@ -71,12 +79,15 @@ namespace OpenSim.Services.AuthenticationService if (result == string.Empty && data.Data.ContainsKey("passwordHash") && data.Data.ContainsKey("passwordSalt")) { m_log.DebugFormat("[AUTH SERVICE]: Attempting password authentication for PrincipalID {0}", principalID); - result = m_svcChecks["password"].Authenticate(principalID, password, lifetime); + result = m_svcChecks["password"].Authenticate(principalID, password, lifetime, out realID); if (result == String.Empty) { m_log.DebugFormat("[AUTH SERVICE]: Password login failed for PrincipalID {0}", principalID); } } + + + if (result == string.Empty) { m_log.DebugFormat("[AUTH SERVICE]: Both password and webLoginKey-based authentication failed for PrincipalID {0}", principalID); @@ -86,7 +97,9 @@ namespace OpenSim.Services.AuthenticationService { m_log.DebugFormat("[AUTH SERVICE]: PrincipalID {0} or its data not found", principalID); } + + return result; } } -} \ No newline at end of file +} -- cgit v1.1