diff options
author | diva | 2009-03-21 20:16:35 +0000 |
---|---|---|
committer | diva | 2009-03-21 20:16:35 +0000 |
commit | 09732b4d5dfdb3a9e326e99c2e86d7492bc06e55 (patch) | |
tree | 2fcb55c9e341c7abf7225c5880a6984ab8544ff2 /OpenSim/Framework | |
parent | Minor changes in names inside. (diff) | |
download | opensim-SC_OLD-09732b4d5dfdb3a9e326e99c2e86d7492bc06e55.zip opensim-SC_OLD-09732b4d5dfdb3a9e326e99c2e86d7492bc06e55.tar.gz opensim-SC_OLD-09732b4d5dfdb3a9e326e99c2e86d7492bc06e55.tar.bz2 opensim-SC_OLD-09732b4d5dfdb3a9e326e99c2e86d7492bc06e55.tar.xz |
Initial support for authentication/authorization keys in UserManagerBase, and use of it in HGStandaloneLoginService (producer of initial key for user, and of subsequent keys) and HGStandaloneInventoryService (consumer of a key).
Keys are of the form http://<authority>/<random uuid>
and they are sent over http header "authorization".
Diffstat (limited to 'OpenSim/Framework')
-rw-r--r-- | OpenSim/Framework/Communications/IAuthentication.cs | 13 | ||||
-rw-r--r-- | OpenSim/Framework/Communications/UserManagerBase.cs | 83 |
2 files changed, 95 insertions, 1 deletions
diff --git a/OpenSim/Framework/Communications/IAuthentication.cs b/OpenSim/Framework/Communications/IAuthentication.cs new file mode 100644 index 0000000..5d6d5f2 --- /dev/null +++ b/OpenSim/Framework/Communications/IAuthentication.cs | |||
@@ -0,0 +1,13 @@ | |||
1 | using System; | ||
2 | |||
3 | using OpenMetaverse; | ||
4 | |||
5 | |||
6 | namespace OpenSim.Framework.Communications | ||
7 | { | ||
8 | public interface IAuthentication | ||
9 | { | ||
10 | string GetNewKey(string url, UUID userID, UUID authToken); | ||
11 | bool VerifyKey(UUID userID, string key); | ||
12 | } | ||
13 | } | ||
diff --git a/OpenSim/Framework/Communications/UserManagerBase.cs b/OpenSim/Framework/Communications/UserManagerBase.cs index 62c3f89..c177d4f 100644 --- a/OpenSim/Framework/Communications/UserManagerBase.cs +++ b/OpenSim/Framework/Communications/UserManagerBase.cs | |||
@@ -42,7 +42,7 @@ namespace OpenSim.Framework.Communications | |||
42 | /// <summary> | 42 | /// <summary> |
43 | /// Base class for user management (create, read, etc) | 43 | /// Base class for user management (create, read, etc) |
44 | /// </summary> | 44 | /// </summary> |
45 | public abstract class UserManagerBase : IUserService, IUserAdminService, IAvatarService, IMessagingService | 45 | public abstract class UserManagerBase : IUserService, IUserAdminService, IAvatarService, IMessagingService, IAuthentication |
46 | { | 46 | { |
47 | private static readonly ILog m_log | 47 | private static readonly ILog m_log |
48 | = LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType); | 48 | = LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType); |
@@ -750,5 +750,86 @@ namespace OpenSim.Framework.Communications | |||
750 | } | 750 | } |
751 | } | 751 | } |
752 | } | 752 | } |
753 | |||
754 | #region IAuthentication | ||
755 | |||
756 | protected Dictionary<UUID, List<string>> m_userKeys = new Dictionary<UUID, List<string>>(); | ||
757 | |||
758 | /// <summary> | ||
759 | /// This generates authorization keys in the form | ||
760 | /// http://userserver/uuid | ||
761 | /// after verifying that the caller is, indeed, authorized to request a key | ||
762 | /// </summary> | ||
763 | /// <param name="url">URL of the user server</param> | ||
764 | /// <param name="userID">The user ID requesting the new key</param> | ||
765 | /// <param name="authToken">The original authorization token for that user, obtained during login</param> | ||
766 | /// <returns></returns> | ||
767 | public string GetNewKey(string url, UUID userID, UUID authToken) | ||
768 | { | ||
769 | UserProfileData profile = GetUserProfile(userID); | ||
770 | string newKey = string.Empty; | ||
771 | if (!url.EndsWith("/")) | ||
772 | url = url + "/"; | ||
773 | |||
774 | if (profile != null) | ||
775 | { | ||
776 | // I'm overloading webloginkey for this, so that no changes are needed in the DB | ||
777 | // The uses of webloginkey are fairly mutually exclusive | ||
778 | if (profile.WebLoginKey.Equals(authToken)) | ||
779 | { | ||
780 | newKey = UUID.Random().ToString(); | ||
781 | List<string> keys; | ||
782 | lock (m_userKeys) | ||
783 | { | ||
784 | if (m_userKeys.ContainsKey(userID)) | ||
785 | { | ||
786 | keys = m_userKeys[userID]; | ||
787 | } | ||
788 | else | ||
789 | { | ||
790 | keys = new List<string>(); | ||
791 | m_userKeys.Add(userID, keys); | ||
792 | } | ||
793 | keys.Add(newKey); | ||
794 | } | ||
795 | m_log.InfoFormat("[USERAUTH]: Successfully generated new auth key for user {0}", userID); | ||
796 | } | ||
797 | else | ||
798 | m_log.Info("[USERAUTH]: Unauthorized key generation request. Denying new key."); | ||
799 | } | ||
800 | else | ||
801 | m_log.Info("[USERAUTH]: User not found."); | ||
802 | |||
803 | return url + newKey; | ||
804 | } | ||
805 | |||
806 | /// <summary> | ||
807 | /// This verifies the uuid portion of the key given out by GenerateKey | ||
808 | /// </summary> | ||
809 | /// <param name="userID"></param> | ||
810 | /// <param name="key"></param> | ||
811 | /// <returns></returns> | ||
812 | public bool VerifyKey(UUID userID, string key) | ||
813 | { | ||
814 | lock (m_userKeys) | ||
815 | { | ||
816 | if (m_userKeys.ContainsKey(userID)) | ||
817 | { | ||
818 | List<string> keys = m_userKeys[userID]; | ||
819 | if (keys.Contains(key)) | ||
820 | { | ||
821 | // Keys are one-time only, so remove it | ||
822 | keys.Remove(key); | ||
823 | return true; | ||
824 | } | ||
825 | return false; | ||
826 | } | ||
827 | else | ||
828 | return false; | ||
829 | } | ||
830 | } | ||
831 | |||
832 | #endregion | ||
833 | |||
753 | } | 834 | } |
754 | } | 835 | } |