Implementation of a simple authentication service + in connector in route to making HGInventory (client access) work in standalone again. This is the refactoring of what was/is there, but done in the new model. Not complete yet, but key authentication works. It should be enough to make HGInventory work again soon.

11 files changed, 498 insertions, 25 deletions

diff --git a/OpenSim/Framework/Communications/Services/HGLoginAuthService.cs b/OpenSim/Framework/Communications/Services/HGLoginAuthService.cs
index 8e0205c..f496082 100644
--- a/OpenSim/Framework/Communications/Services/HGLoginAuthService.cs
+++ b/OpenSim/Framework/Communications/Services/HGLoginAuthService.cs
@@ -128,6 +128,8 @@ namespace OpenSim.Framework.Communications.Services
                 userProfile.WebLoginKey = token;
                 m_userManager.CommitAgent(ref userProfile);
             }
+            m_log.Warn("[HGLOGIN]: Auth token: " + token);
+
 
             return response;
         }
diff --git a/OpenSim/Region/CoreModules/Hypergrid/HGStandaloneLoginModule.cs b/OpenSim/Region/CoreModules/Hypergrid/HGStandaloneLoginModule.cs
index a5101d0..48895d4 100644
--- a/OpenSim/Region/CoreModules/Hypergrid/HGStandaloneLoginModule.cs
+++ b/OpenSim/Region/CoreModules/Hypergrid/HGStandaloneLoginModule.cs
@@ -114,8 +114,6 @@ namespace OpenSim.Region.CoreModules.Hypergrid
                             this);
 
                     httpServer.AddXmlRPCHandler("hg_login", m_loginService.XmlRpcLoginMethod);
-                    httpServer.AddXmlRPCHandler("hg_new_auth_key", m_loginService.XmlRpcGenerateKeyMethod);
-                    httpServer.AddXmlRPCHandler("hg_verify_auth_key", m_loginService.XmlRpcVerifyKeyMethod);
                     httpServer.AddXmlRPCHandler("check_auth_session", m_loginService.XmlRPCCheckAuthSession, false);
 
                 }
diff --git a/OpenSim/Region/CoreModules/Resources/CoreModulePlugin.addin.xml b/OpenSim/Region/CoreModules/Resources/CoreModulePlugin.addin.xml
index 7d0d327..f910550 100644
--- a/OpenSim/Region/CoreModules/Resources/CoreModulePlugin.addin.xml
+++ b/OpenSim/Region/CoreModules/Resources/CoreModulePlugin.addin.xml
@@ -34,7 +34,8 @@
         <RegionModule id="AssetServiceInConnectorModule" type="OpenSim.Region.CoreModules.ServiceConnectorsIn.Asset.AssetServiceInConnectorModule" />
         <RegionModule id="InventoryServiceInConnectorModule" type="OpenSim.Region.CoreModules.ServiceConnectorsIn.Inventory.InventoryServiceInConnectorModule" />
         <RegionModule id="LandServiceInConnectorModule" type="OpenSim.Region.CoreModules.ServiceConnectorsIn.Land.LandServiceInConnectorModule" />
-        <RegionModule id="NeighbourServiceInConnectorModule" type="OpenSim.Region.CoreModules.ServiceConnectorsIn.Neighbour.NeighbourServiceInConnectorModule" />    \  
+        <RegionModule id="NeighbourServiceInConnectorModule" type="OpenSim.Region.CoreModules.ServiceConnectorsIn.Neighbour.NeighbourServiceInConnectorModule" />    \
+        <RegionModule id="HGAuthServiceInConnectorModule" type="OpenSim.Region.CoreModules.ServiceConnectorsIn.Authentication.HGAuthServiceInConnectorModule" />    \
 
     </Extension>
 
diff --git a/OpenSim/Region/CoreModules/ServiceConnectorsIn/Authentication/HGAuthServiceInConnectorModule.cs b/OpenSim/Region/CoreModules/ServiceConnectorsIn/Authentication/HGAuthServiceInConnectorModule.cs
new file mode 100644
index 0000000..e1517a0
--- /dev/null
+++ b/OpenSim/Region/CoreModules/ServiceConnectorsIn/Authentication/HGAuthServiceInConnectorModule.cs
@@ -0,0 +1,117 @@
+/*

+ * Copyright (c) Contributors, http://opensimulator.org/

+ * See CONTRIBUTORS.TXT for a full list of copyright holders.

+ *

+ * Redistribution and use in source and binary forms, with or without

+ * modification, are permitted provided that the following conditions are met:

+ *     * Redistributions of source code must retain the above copyright

+ *       notice, this list of conditions and the following disclaimer.

+ *     * Redistributions in binary form must reproduce the above copyright

+ *       notice, this list of conditions and the following disclaimer in the

+ *       documentation and/or other materials provided with the distribution.

+ *     * Neither the name of the OpenSimulator Project nor the

+ *       names of its contributors may be used to endorse or promote products

+ *       derived from this software without specific prior written permission.

+ *

+ * THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY

+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED

+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE

+ * DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY

+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES

+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND

+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT

+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS

+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

+ */

+

+using System;

+using System.Reflection;

+using System.Collections.Generic;

+using log4net;

+using Nini.Config;

+using OpenSim.Framework;

+using OpenSim.Framework.Servers.HttpServer;

+using OpenSim.Region.Framework.Scenes;

+using OpenSim.Region.Framework.Interfaces;

+using OpenSim.Server.Base;

+using OpenSim.Services.Interfaces;

+using OpenSim.Server.Handlers.Authentication;

+

+

+namespace OpenSim.Region.CoreModules.ServiceConnectorsIn.Authentication

+{

+    public class HGAuthServiceInConnectorModule : ISharedRegionModule

+    {

+        private static readonly ILog m_log = LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType);

+        private static bool m_Enabled = false;

+        private static bool m_Registered = false;

+

+        private IConfigSource m_Config;

+

+        #region IRegionModule interface

+

+        public void Initialise(IConfigSource config)

+        {

+            m_Config = config;

+

+            IConfig moduleConfig = config.Configs["Modules"];

+            if (moduleConfig != null)

+            {

+                // Boolean because there may be many of these in peaceful coexistence

+                m_Enabled = moduleConfig.GetBoolean("HGAuthServiceInConnector", false);

+                if (m_Enabled)

+                {

+                    m_log.Info("[HGAUTH IN CONNECTOR]: HGAuthServiceInConnector enabled");

+                }

+

+            }

+

+        }

+

+        public void PostInitialise()

+        {

+            if (!m_Enabled)

+                return;

+

+            m_log.Info("[HGAUTH IN CONNECTOR]: Starting...");

+        }

+

+        public void Close()

+        {

+        }

+

+        public string Name

+        {

+            get { return "HGAuthServiceInConnectorModule"; }

+        }

+

+        public void AddRegion(Scene scene)

+        {

+            if (!m_Enabled)

+                return;

+

+            if (!m_Registered)

+            {

+                m_Registered = true;

+                new HGAuthServiceInConnector(m_Config, scene.CommsManager.HttpServer);

+

+                //Object[] args = new Object[] { m_Config, scene.CommsManager.HttpServer };

+                //ServerUtils.LoadPlugin<IAuthenticationService>("OpenSim.Server.Handlers.dll:HGAuthServiceInConnector", args);

+            }

+

+

+        }

+

+        public void RemoveRegion(Scene scene)

+        {

+        }

+

+        public void RegionLoaded(Scene scene)

+        {

+        }

+

+        #endregion

+

+    }

+}

diff --git a/OpenSim/Server/Handlers/Authentication/HGAuthServerConnector.cs b/OpenSim/Server/Handlers/Authentication/HGAuthServerConnector.cs
new file mode 100644
index 0000000..2b4c380
--- /dev/null
+++ b/OpenSim/Server/Handlers/Authentication/HGAuthServerConnector.cs
@@ -0,0 +1,62 @@
+/*

+ * Copyright (c) Contributors, http://opensimulator.org/

+ * See CONTRIBUTORS.TXT for a full list of copyright holders.

+ *

+ * Redistribution and use in source and binary forms, with or without

+ * modification, are permitted provided that the following conditions are met:

+ *     * Redistributions of source code must retain the above copyright

+ *       notice, this list of conditions and the following disclaimer.

+ *     * Redistributions in binary form must reproduce the above copyright

+ *       notice, this list of conditions and the following disclaimer in the

+ *       documentation and/or other materials provided with the distribution.

+ *     * Neither the name of the OpenSimulator Project nor the

+ *       names of its contributors may be used to endorse or promote products

+ *       derived from this software without specific prior written permission.

+ *

+ * THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY

+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED

+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE

+ * DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY

+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES

+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND

+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT

+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS

+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

+ */

+

+using System;

+using Nini.Config;

+using OpenSim.Server.Base;

+using OpenSim.Services.Interfaces;

+using OpenSim.Framework.Servers.HttpServer;

+using OpenSim.Server.Handlers.Base;

+

+namespace OpenSim.Server.Handlers.Authentication

+{

+    public class HGAuthServiceInConnector : ServiceConnector

+    {

+        private IAuthenticationService m_AuthenticationService;

+

+        public HGAuthServiceInConnector(IConfigSource config, IHttpServer server) :

+                base(config, server)

+        {

+            IConfig serverConfig = config.Configs["AuthenticationService"];

+            if (serverConfig == null)

+                throw new Exception("No section 'AuthenticationService' in config file");

+

+            string authenticationService = serverConfig.GetString("LocalServiceModule",

+                    String.Empty);

+

+            if (authenticationService == String.Empty)

+                throw new Exception("No AuthenticationService in config file");

+

+            Object[] args = new Object[] { config };

+            m_AuthenticationService = ServerUtils.LoadPlugin<IAuthenticationService>(authenticationService, args);

+

+            HGAuthenticationHandlers m_handlers = new HGAuthenticationHandlers(m_AuthenticationService);

+            server.AddXmlRPCHandler("hg_new_auth_key", m_handlers.GenerateKeyMethod);

+            server.AddXmlRPCHandler("hg_verify_auth_key", m_handlers.VerifyKeyMethod);

+        }

+    }

+}

diff --git a/OpenSim/Server/Handlers/Authentication/HGAuthenticationHandlers.cs b/OpenSim/Server/Handlers/Authentication/HGAuthenticationHandlers.cs
new file mode 100644
index 0000000..1bcbaf5
--- /dev/null
+++ b/OpenSim/Server/Handlers/Authentication/HGAuthenticationHandlers.cs
@@ -0,0 +1,117 @@
+/*

+ * Copyright (c) Contributors, http://opensimulator.org/

+ * See CONTRIBUTORS.TXT for a full list of copyright holders.

+ *

+ * Redistribution and use in source and binary forms, with or without

+ * modification, are permitted provided that the following conditions are met:

+ *     * Redistributions of source code must retain the above copyright

+ *       notice, this list of conditions and the following disclaimer.

+ *     * Redistributions in binary form must reproduce the above copyright

+ *       notice, this list of conditions and the following disclaimer in the

+ *       documentation and/or other materials provided with the distribution.

+ *     * Neither the name of the OpenSimulator Project nor the

+ *       names of its contributors may be used to endorse or promote products

+ *       derived from this software without specific prior written permission.

+ *

+ * THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY

+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED

+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE

+ * DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY

+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES

+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND

+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT

+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS

+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

+ */

+

+using System;

+using System.Collections;

+using System.IO;

+using System.Reflection;

+using System.Net;

+using System.Text;

+

+using OpenSim.Server.Base;

+using OpenSim.Server.Handlers.Base;

+using OpenSim.Services.Interfaces;

+using OpenSim.Framework;

+using OpenSim.Framework.Servers.HttpServer;

+

+using OpenMetaverse;

+using OpenMetaverse.StructuredData;

+using Nwc.XmlRpc;

+using Nini.Config;

+using log4net;

+

+namespace OpenSim.Server.Handlers.Authentication

+{

+    public class HGAuthenticationHandlers

+    {

+        private static readonly ILog m_log = LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType);

+

+        private IAuthenticationService m_LocalService;

+

+        public HGAuthenticationHandlers(IAuthenticationService service)

+        {

+            m_LocalService = service;

+        }

+

+

+        public XmlRpcResponse GenerateKeyMethod(XmlRpcRequest request, IPEndPoint remoteClient)

+        {

+            XmlRpcResponse response = new XmlRpcResponse();

+

+            if (request.Params.Count < 2)

+            {

+                response.IsFault = true;

+                response.SetFault(-1, "Invalid parameters");

+                return response;

+            }

+

+            // Verify the key of who's calling

+            UUID userID = UUID.Zero;

+            string authKey = string.Empty;

+            UUID.TryParse((string)request.Params[0], out userID);

+            authKey = (string)request.Params[1];

+

+            m_log.InfoFormat("[AUTH HANDLER] GenerateKey called with authToken {0}", authKey);

+            string newKey = string.Empty;

+

+            newKey = m_LocalService.GetKey(userID, authKey.ToString());

+ 

+            response.Value = (string)newKey;

+            return response;

+        }

+

+        public XmlRpcResponse VerifyKeyMethod(XmlRpcRequest request, IPEndPoint remoteClient)

+        {

+            bool success = false;

+            XmlRpcResponse response = new XmlRpcResponse();

+

+            if (request.Params.Count != 2)

+            {

+                response.IsFault = true;

+                response.SetFault(-1, "Invalid parameters");

+                return response;

+            }

+

+            // Verify the key of who's calling

+            UUID userID = UUID.Zero;

+            string authKey = string.Empty;

+            if (UUID.TryParse((string)request.Params[0], out userID))

+            {

+                authKey = (string)request.Params[1];

+

+                m_log.InfoFormat("[AUTH HANDLER] VerifyKey called with key {0}", authKey);

+

+                success = m_LocalService.VerifyKey(userID, authKey);

+            }

+

+            m_log.DebugFormat("[AUTH HANDLER]: Response to VerifyKey is {0}", success);

+            response.Value = success;

+            return response;

+        }

+

+    }

+}

diff --git a/OpenSim/Server/Handlers/Neighbour/NeighbourHandlers.cs b/OpenSim/Server/Handlers/Neighbour/NeighbourHandlers.cs
index 83fa995..3de2245 100644
--- a/OpenSim/Server/Handlers/Neighbour/NeighbourHandlers.cs
+++ b/OpenSim/Server/Handlers/Neighbour/NeighbourHandlers.cs
@@ -110,7 +110,7 @@ namespace OpenSim.Server.Handlers.Neighbour
                     httpResponse.StatusCode = (int)HttpStatusCode.Unauthorized;
                     return result;
                 }
-                if (!m_AuthenticationService.VerifyUserKey(regionID, authToken))
+                if (!m_AuthenticationService.VerifyKey(regionID, authToken))
                 {
                     m_log.InfoFormat("[RegionPostHandler]: Authentication failed for neighbour message {0}", path);
                     httpResponse.StatusCode = (int)HttpStatusCode.Forbidden;
diff --git a/OpenSim/Server/Handlers/Simulation/AgentHandlers.cs b/OpenSim/Server/Handlers/Simulation/AgentHandlers.cs
index 8e4d7d0..6c0b705 100644
--- a/OpenSim/Server/Handlers/Simulation/AgentHandlers.cs
+++ b/OpenSim/Server/Handlers/Simulation/AgentHandlers.cs
@@ -109,7 +109,7 @@ namespace OpenSim.Server.Handlers.Simulation
                     httpResponse.StatusCode = (int)HttpStatusCode.Unauthorized;
                     return result;
                 }
-                if (!m_AuthenticationService.VerifyUserKey(agentID, authToken))
+                if (!m_AuthenticationService.VerifyKey(agentID, authToken))
                 {
                     m_log.InfoFormat("[AgentPostHandler]: Authentication failed for agent message {0}", path);
                     httpResponse.StatusCode = (int)HttpStatusCode.Forbidden;
diff --git a/OpenSim/Services/AuthenticationService/AuthenticationService.cs b/OpenSim/Services/AuthenticationService/AuthenticationService.cs
index 3eaa03d..6eaf0b0 100644
--- a/OpenSim/Services/AuthenticationService/AuthenticationService.cs
+++ b/OpenSim/Services/AuthenticationService/AuthenticationService.cs
@@ -26,6 +26,7 @@
  */
 
 using System;
+using System.Collections.Generic;
 using System.Reflection;
 using Nini.Config;
 using log4net;
@@ -37,34 +38,196 @@ using OpenMetaverse;
 
 namespace OpenSim.Services.AuthenticationService
 {
-    public class AuthenticationService : ServiceBase, IAuthenticationService
+    /// <summary>
+    /// Simple authentication service implementation dealing only with users.
+    /// It uses the user DB directly to access user information.
+    /// It takes two config vars:
+    /// - Authenticate = {true|false} : to do or not to do authentication
+    /// - Authority = string like "osgrid.org" : this identity authority
+    ///               that will be called back for identity verification
+    /// </summary>
+    public class HGAuthenticationService : ServiceBase, IAuthenticationService
     {
-        public AuthenticationService(IConfigSource config) : base(config)
+        private static readonly ILog m_log
+            = LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType);
+
+        protected IUserDataPlugin m_Database;
+        protected string m_AuthorityURL;
+        protected bool m_PerformAuthentication;
+        protected Dictionary<UUID, List<string>> m_UserKeys = new Dictionary<UUID, List<string>>();
+
+
+        public HGAuthenticationService(IConfigSource config) : base(config)
         {
+            string dllName = String.Empty;
+            string connString = String.Empty;
+
+            //
+            // Try reading the [DatabaseService] section first, if it exists
+            //
+            IConfig dbConfig = config.Configs["DatabaseService"];
+            if (dbConfig != null)
+            {
+                dllName = dbConfig.GetString("StorageProvider", String.Empty);
+                connString = dbConfig.GetString("ConnectionString", String.Empty);
+            }
+
+            //
+            // Try reading the more specific [InventoryService] section, if it exists
+            //
+            IConfig authConfig = config.Configs["AuthenticationService"];
+            if (authConfig != null)
+            {
+                dllName = authConfig.GetString("StorageProvider", dllName);
+                connString = authConfig.GetString("ConnectionString", connString);
+
+                m_PerformAuthentication = authConfig.GetBoolean("Authenticate", true);
+                m_AuthorityURL = "http://" + authConfig.GetString("Authority", "localhost");
+            }
+
+            //
+            // We tried, but this doesn't exist. We can't proceed.
+            //
+            if (dllName.Equals(String.Empty))
+                throw new Exception("No InventoryService configuration");
+
+            m_Database = LoadPlugin<IUserDataPlugin>(dllName);
+            if (m_Database == null)
+                throw new Exception("Could not find a storage interface in the given module");
+
+            m_Database.Initialise(connString);
+        } 
+
+        /// <summary>
+        /// This implementation only authenticates users.
+        /// </summary>
+        /// <param name="principalID"></param>
+        /// <param name="password"></param>
+        /// <returns></returns>
+        public bool Authenticate(UUID principalID, string password)
+        {
+            if (!m_PerformAuthentication)
+                return true;
+
+            UserProfileData profile = m_Database.GetUserByUUID(principalID);
+            bool passwordSuccess = false;
+            m_log.InfoFormat("[AUTH]: Authenticating {0} {1} ({2})", profile.FirstName, profile.SurName, profile.ID);
+
+            // we do this to get our hash in a form that the server password code can consume
+            // when the web-login-form submits the password in the clear (supposed to be over SSL!)
+            if (!password.StartsWith("$1$"))
+                password = "$1$" + Util.Md5Hash(password);
+
+            password = password.Remove(0, 3); //remove $1$
+
+            string s = Util.Md5Hash(password + ":" + profile.PasswordSalt);
+            // Testing...
+            //m_log.Info("[LOGIN]: SubHash:" + s + " userprofile:" + profile.passwordHash);
+            //m_log.Info("[LOGIN]: userprofile:" + profile.passwordHash + " SubCT:" + password);
+
+            passwordSuccess = (profile.PasswordHash.Equals(s.ToString(), StringComparison.InvariantCultureIgnoreCase)
+                               || profile.PasswordHash.Equals(password, StringComparison.InvariantCultureIgnoreCase));
+
+            return passwordSuccess;
         }
 
-        public UUID AllocateUserSession(UUID userID)
+        /// <summary>
+        /// This generates authorization keys in the form
+        /// http://authority/uuid
+        /// after verifying that the caller is, indeed, authorized to request a key
+        /// </summary>
+        /// <param name="userID">The principal ID requesting the new key</param>
+        /// <param name="authToken">The original authorization token for that principal, obtained during login</param>
+        /// <returns></returns>
+        public string GetKey(UUID principalID, string authToken)
         {
-            return UUID.Zero;
+            UserProfileData profile = m_Database.GetUserByUUID(principalID);
+            string newKey = string.Empty;
+
+            if (profile != null)
+            {
+                m_log.DebugFormat("[AUTH]: stored auth token is {0}. Given token is {1}", profile.WebLoginKey.ToString(), authToken);
+                // I'm overloading webloginkey for this, so that no changes are needed in the DB
+                // The uses of webloginkey are fairly mutually exclusive
+                if (profile.WebLoginKey.ToString().Equals(authToken))
+                {
+                    newKey = UUID.Random().ToString();
+                    List<string> keys;
+                    lock (m_UserKeys)
+                    {
+                        if (m_UserKeys.ContainsKey(principalID))
+                        {
+                            keys = m_UserKeys[principalID];
+                        }
+                        else
+                        {
+                            keys = new List<string>();
+                            m_UserKeys.Add(principalID, keys);
+                        }
+                        keys.Add(newKey);
+                    }
+                    m_log.InfoFormat("[AUTH]: Successfully generated new auth key for {0}", principalID);
+                }
+                else
+                    m_log.Warn("[AUTH]: Unauthorized key generation request. Denying new key.");
+            }
+            else
+                m_log.Warn("[AUTH]: Principal not found.");
+
+            return m_AuthorityURL + newKey;
         }
 
-        public string GetUserKey(UUID userID, string authToken)
+        /// <summary>
+        /// This verifies the uuid portion of the key given out by GenerateKey
+        /// </summary>
+        /// <param name="userID"></param>
+        /// <param name="key"></param>
+        /// <returns></returns>
+        public bool VerifyKey(UUID userID, string key)
         {
-            return String.Empty;
+            lock (m_UserKeys)
+            {
+                if (m_UserKeys.ContainsKey(userID))
+                {
+                    List<string> keys = m_UserKeys[userID];
+                    if (keys.Contains(key))
+                    {
+                        // Keys are one-time only, so remove it
+                        keys.Remove(key);
+                        return true;
+                    }
+                    return false;
+                }
+                else
+                    return false;
+            }
         }
 
-        public bool VerifyUserKey(UUID userID, string key)
+        public UUID AllocateUserSession(UUID userID)
         {
-            return false;
+            // Not implemented yet
+            return UUID.Zero;
         }
 
-        public bool VerifyUserSession(UUID userID, UUID session)
+        public bool VerifyUserSession(UUID userID, UUID sessionID)
         {
+            UserProfileData userProfile = m_Database.GetUserByUUID(userID);
+
+            if (userProfile != null && userProfile.CurrentAgent != null)
+            {
+                m_log.DebugFormat("[AUTH]: Verifying session {0} for {1}; current  session {2}", sessionID, userID, userProfile.CurrentAgent.SessionID);
+                if (userProfile.CurrentAgent.SessionID == sessionID)
+                {
+                    return true;
+                }
+            }
+
             return false;
         }
 
         public void DestroyUserSession(UUID userID)
         {
+            // Not implemented yet
         }
     }
 }
diff --git a/OpenSim/Services/Interfaces/IAuthenticationService.cs b/OpenSim/Services/Interfaces/IAuthenticationService.cs
index 35831c1..fa45cbc 100644
--- a/OpenSim/Services/Interfaces/IAuthenticationService.cs
+++ b/OpenSim/Services/Interfaces/IAuthenticationService.cs
@@ -30,31 +30,39 @@ using OpenMetaverse;
 
 namespace OpenSim.Services.Interfaces
 {
+    // Generic Authentication service used for identifying
+    // and authenticating principals.
+    // Principals may be clients acting on users' behalf,
+    // or any other components that need 
+    // verifiable identification.
+    //
     public interface IAuthenticationService
     {
-        // Create a new user session. If one exists, it is cleared
+        // Check the pricipal's password
         //
-        UUID AllocateUserSession(UUID userID);
+        bool Authenticate(UUID principalID, string password);
 
-        // Get a user key from an authentication token. This must be
-        // done before the session allocated above is considered valid.
-        // Repeated calls to this method with the same auth token will
-        // create different keys and invalidate the previous ne.
+        // Get a service key given that principal's 
+        // authentication token (master key). 
         //
-        string GetUserKey(UUID userID, string authToken);
+        string GetKey(UUID principalID, string authToken);
 
-        // Verify that a user key is valid
+        // Verify that a principal key is valid
         //
-        bool VerifyUserKey(UUID userID, string key);
+        bool VerifyKey(UUID principalID, string key);
+
+        // Create a new user session. If one exists, it is cleared
+        // 
+        UUID AllocateUserSession(UUID userID);
 
         // Verify that a user session ID is valid. A session ID is
         // considered valid when a user has successfully authenticated
         // at least one time inside that session.
         //
-        bool VerifyUserSession(UUID userID, UUID session);
+        bool VerifyUserSession(UUID principalID, UUID session);
 
         // Remove a user session identifier and deauthenticate the user
         //
-        void DestroyUserSession(UUID userID);
+        void DestroyUserSession(UUID principalID);
     }
 }
diff --git a/bin/config-include/StandaloneHypergrid.ini b/bin/config-include/StandaloneHypergrid.ini
index 8607e00..6359ac0 100644
--- a/bin/config-include/StandaloneHypergrid.ini
+++ b/bin/config-include/StandaloneHypergrid.ini
@@ -13,6 +13,7 @@
     NeighbourServices = "LocalNeighbourServicesConnector"
     InventoryServiceInConnector = true
     AssetServiceInConnector = true
+    HGAuthServiceInConnector = true
 
 [AssetService]
     ; For the AssetServiceInConnector
@@ -29,3 +30,7 @@
     ; For HGInventoryBroker
     LocalGridInventoryService = "OpenSim.Services.InventoryService.dll:InventoryService"
     HypergridInventoryService = "OpenSim.Services.Connectors.dll:HGInventoryServiceConnector"
+
+[AuthenticationService]
+    ; For the HGAuthServiceInConnector
+    LocalServiceModule = "OpenSim.Services.AuthenticationService.dll:HGAuthenticationService"
\ No newline at end of file