diff options
| author | diva | 2009-03-21 20:16:35 +0000 |
|---|---|---|
| committer | diva | 2009-03-21 20:16:35 +0000 |
| commit | 09732b4d5dfdb3a9e326e99c2e86d7492bc06e55 (patch) | |
| tree | 2fcb55c9e341c7abf7225c5880a6984ab8544ff2 /OpenSim/Framework/Communications/UserManagerBase.cs | |
| parent | Minor changes in names inside. (diff) | |
| download | opensim-SC_OLD-09732b4d5dfdb3a9e326e99c2e86d7492bc06e55.zip opensim-SC_OLD-09732b4d5dfdb3a9e326e99c2e86d7492bc06e55.tar.gz opensim-SC_OLD-09732b4d5dfdb3a9e326e99c2e86d7492bc06e55.tar.bz2 opensim-SC_OLD-09732b4d5dfdb3a9e326e99c2e86d7492bc06e55.tar.xz | |
Initial support for authentication/authorization keys in UserManagerBase, and use of it in HGStandaloneLoginService (producer of initial key for user, and of subsequent keys) and HGStandaloneInventoryService (consumer of a key).
Keys are of the form http://<authority>/<random uuid>
and they are sent over http header "authorization".
Diffstat (limited to 'OpenSim/Framework/Communications/UserManagerBase.cs')
| -rw-r--r-- | OpenSim/Framework/Communications/UserManagerBase.cs | 83 |
1 files changed, 82 insertions, 1 deletions
diff --git a/OpenSim/Framework/Communications/UserManagerBase.cs b/OpenSim/Framework/Communications/UserManagerBase.cs index 62c3f89..c177d4f 100644 --- a/OpenSim/Framework/Communications/UserManagerBase.cs +++ b/OpenSim/Framework/Communications/UserManagerBase.cs | |||
| @@ -42,7 +42,7 @@ namespace OpenSim.Framework.Communications | |||
| 42 | /// <summary> | 42 | /// <summary> |
| 43 | /// Base class for user management (create, read, etc) | 43 | /// Base class for user management (create, read, etc) |
| 44 | /// </summary> | 44 | /// </summary> |
| 45 | public abstract class UserManagerBase : IUserService, IUserAdminService, IAvatarService, IMessagingService | 45 | public abstract class UserManagerBase : IUserService, IUserAdminService, IAvatarService, IMessagingService, IAuthentication |
| 46 | { | 46 | { |
| 47 | private static readonly ILog m_log | 47 | private static readonly ILog m_log |
| 48 | = LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType); | 48 | = LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType); |
| @@ -750,5 +750,86 @@ namespace OpenSim.Framework.Communications | |||
| 750 | } | 750 | } |
| 751 | } | 751 | } |
| 752 | } | 752 | } |
| 753 | |||
| 754 | #region IAuthentication | ||
| 755 | |||
| 756 | protected Dictionary<UUID, List<string>> m_userKeys = new Dictionary<UUID, List<string>>(); | ||
| 757 | |||
| 758 | /// <summary> | ||
| 759 | /// This generates authorization keys in the form | ||
| 760 | /// http://userserver/uuid | ||
| 761 | /// after verifying that the caller is, indeed, authorized to request a key | ||
| 762 | /// </summary> | ||
| 763 | /// <param name="url">URL of the user server</param> | ||
| 764 | /// <param name="userID">The user ID requesting the new key</param> | ||
| 765 | /// <param name="authToken">The original authorization token for that user, obtained during login</param> | ||
| 766 | /// <returns></returns> | ||
| 767 | public string GetNewKey(string url, UUID userID, UUID authToken) | ||
| 768 | { | ||
| 769 | UserProfileData profile = GetUserProfile(userID); | ||
| 770 | string newKey = string.Empty; | ||
| 771 | if (!url.EndsWith("/")) | ||
| 772 | url = url + "/"; | ||
| 773 | |||
| 774 | if (profile != null) | ||
| 775 | { | ||
| 776 | // I'm overloading webloginkey for this, so that no changes are needed in the DB | ||
| 777 | // The uses of webloginkey are fairly mutually exclusive | ||
| 778 | if (profile.WebLoginKey.Equals(authToken)) | ||
| 779 | { | ||
| 780 | newKey = UUID.Random().ToString(); | ||
| 781 | List<string> keys; | ||
| 782 | lock (m_userKeys) | ||
| 783 | { | ||
| 784 | if (m_userKeys.ContainsKey(userID)) | ||
| 785 | { | ||
| 786 | keys = m_userKeys[userID]; | ||
| 787 | } | ||
| 788 | else | ||
| 789 | { | ||
| 790 | keys = new List<string>(); | ||
| 791 | m_userKeys.Add(userID, keys); | ||
| 792 | } | ||
| 793 | keys.Add(newKey); | ||
| 794 | } | ||
| 795 | m_log.InfoFormat("[USERAUTH]: Successfully generated new auth key for user {0}", userID); | ||
| 796 | } | ||
| 797 | else | ||
| 798 | m_log.Info("[USERAUTH]: Unauthorized key generation request. Denying new key."); | ||
| 799 | } | ||
| 800 | else | ||
| 801 | m_log.Info("[USERAUTH]: User not found."); | ||
| 802 | |||
| 803 | return url + newKey; | ||
| 804 | } | ||
| 805 | |||
| 806 | /// <summary> | ||
| 807 | /// This verifies the uuid portion of the key given out by GenerateKey | ||
| 808 | /// </summary> | ||
| 809 | /// <param name="userID"></param> | ||
| 810 | /// <param name="key"></param> | ||
| 811 | /// <returns></returns> | ||
| 812 | public bool VerifyKey(UUID userID, string key) | ||
| 813 | { | ||
| 814 | lock (m_userKeys) | ||
| 815 | { | ||
| 816 | if (m_userKeys.ContainsKey(userID)) | ||
| 817 | { | ||
| 818 | List<string> keys = m_userKeys[userID]; | ||
| 819 | if (keys.Contains(key)) | ||
| 820 | { | ||
| 821 | // Keys are one-time only, so remove it | ||
| 822 | keys.Remove(key); | ||
| 823 | return true; | ||
| 824 | } | ||
| 825 | return false; | ||
| 826 | } | ||
| 827 | else | ||
| 828 | return false; | ||
| 829 | } | ||
| 830 | } | ||
| 831 | |||
| 832 | #endregion | ||
| 833 | |||
| 753 | } | 834 | } |
| 754 | } | 835 | } |