diff options
| author | onefang | 2019-05-19 21:24:15 +1000 |
|---|---|---|
| committer | onefang | 2019-05-19 21:24:15 +1000 |
| commit | 5e4d6cab00cb29cd088ab7b62ab13aff103b64cb (patch) | |
| tree | a9fbc62df9eb2d1d9ba2698d8552eae71eca20d8 /OpenSim/Services/AuthenticationService/PasswordAuthenticationService.cs | |
| parent | Add a build script. (diff) | |
| download | opensim-SC_OLD-5e4d6cab00cb29cd088ab7b62ab13aff103b64cb.zip opensim-SC_OLD-5e4d6cab00cb29cd088ab7b62ab13aff103b64cb.tar.gz opensim-SC_OLD-5e4d6cab00cb29cd088ab7b62ab13aff103b64cb.tar.bz2 opensim-SC_OLD-5e4d6cab00cb29cd088ab7b62ab13aff103b64cb.tar.xz | |
Dump OpenSim 0.9.0.1 into it's own branch.
Diffstat (limited to '')
| -rw-r--r-- | OpenSim/Services/AuthenticationService/PasswordAuthenticationService.cs | 94 |
1 files changed, 74 insertions, 20 deletions
diff --git a/OpenSim/Services/AuthenticationService/PasswordAuthenticationService.cs b/OpenSim/Services/AuthenticationService/PasswordAuthenticationService.cs index 5f1bde1..0204699 100644 --- a/OpenSim/Services/AuthenticationService/PasswordAuthenticationService.cs +++ b/OpenSim/Services/AuthenticationService/PasswordAuthenticationService.cs | |||
| @@ -41,7 +41,7 @@ namespace OpenSim.Services.AuthenticationService | |||
| 41 | // Generic Authentication service used for identifying | 41 | // Generic Authentication service used for identifying |
| 42 | // and authenticating principals. | 42 | // and authenticating principals. |
| 43 | // Principals may be clients acting on users' behalf, | 43 | // Principals may be clients acting on users' behalf, |
| 44 | // or any other components that need | 44 | // or any other components that need |
| 45 | // verifiable identification. | 45 | // verifiable identification. |
| 46 | // | 46 | // |
| 47 | public class PasswordAuthenticationService : | 47 | public class PasswordAuthenticationService : |
| @@ -50,7 +50,13 @@ namespace OpenSim.Services.AuthenticationService | |||
| 50 | private static readonly ILog m_log = | 50 | private static readonly ILog m_log = |
| 51 | LogManager.GetLogger( | 51 | LogManager.GetLogger( |
| 52 | MethodBase.GetCurrentMethod().DeclaringType); | 52 | MethodBase.GetCurrentMethod().DeclaringType); |
| 53 | 53 | ||
| 54 | public PasswordAuthenticationService(IConfigSource config, IUserAccountService userService) : | ||
| 55 | base(config, userService) | ||
| 56 | { | ||
| 57 | m_log.Debug("[AUTH SERVICE]: Started with User Account access"); | ||
| 58 | } | ||
| 59 | |||
| 54 | public PasswordAuthenticationService(IConfigSource config) : | 60 | public PasswordAuthenticationService(IConfigSource config) : |
| 55 | base(config) | 61 | base(config) |
| 56 | { | 62 | { |
| @@ -58,42 +64,90 @@ namespace OpenSim.Services.AuthenticationService | |||
| 58 | 64 | ||
| 59 | public string Authenticate(UUID principalID, string password, int lifetime) | 65 | public string Authenticate(UUID principalID, string password, int lifetime) |
| 60 | { | 66 | { |
| 67 | UUID realID; | ||
| 68 | return Authenticate(principalID, password, lifetime, out realID); | ||
| 69 | } | ||
| 70 | |||
| 71 | public string Authenticate(UUID principalID, string password, int lifetime, out UUID realID) | ||
| 72 | { | ||
| 73 | realID = UUID.Zero; | ||
| 74 | |||
| 75 | m_log.DebugFormat("[AUTH SERVICE]: Authenticating for {0}, user account service present: {1}", principalID, m_UserAccountService != null); | ||
| 61 | AuthenticationData data = m_Database.Get(principalID); | 76 | AuthenticationData data = m_Database.Get(principalID); |
| 77 | UserAccount user = null; | ||
| 78 | if (m_UserAccountService != null) | ||
| 79 | user = m_UserAccountService.GetUserAccount(UUID.Zero, principalID); | ||
| 62 | 80 | ||
| 63 | if (data == null) | 81 | if (data == null || data.Data == null) |
| 64 | { | 82 | { |
| 65 | m_log.DebugFormat("[AUTH SERVICE]: PrincipalID {0} not found", principalID); | 83 | m_log.DebugFormat("[AUTH SERVICE]: PrincipalID {0} or its data not found", principalID); |
| 66 | return String.Empty; | 84 | return String.Empty; |
| 67 | } | 85 | } |
| 68 | else if (data.Data == null) | 86 | |
| 87 | if (!data.Data.ContainsKey("passwordHash") || | ||
| 88 | !data.Data.ContainsKey("passwordSalt")) | ||
| 69 | { | 89 | { |
| 70 | m_log.DebugFormat("[AUTH SERVICE]: PrincipalID {0} data not found", principalID); | ||
| 71 | return String.Empty; | 90 | return String.Empty; |
| 72 | } | 91 | } |
| 73 | else if (!data.Data.ContainsKey("passwordHash") || !data.Data.ContainsKey("passwordSalt")) | 92 | |
| 93 | string hashed = Util.Md5Hash(password + ":" + | ||
| 94 | data.Data["passwordSalt"].ToString()); | ||
| 95 | |||
| 96 | // m_log.DebugFormat("[PASS AUTH]: got {0}; hashed = {1}; stored = {2}", password, hashed, data.Data["passwordHash"].ToString()); | ||
| 97 | |||
| 98 | if (data.Data["passwordHash"].ToString() == hashed) | ||
| 99 | { | ||
| 100 | return GetToken(principalID, lifetime); | ||
| 101 | } | ||
| 102 | |||
| 103 | if (user == null) | ||
| 74 | { | 104 | { |
| 75 | m_log.DebugFormat( | 105 | m_log.DebugFormat("[PASS AUTH]: No user record for {0}", principalID); |
| 76 | "[AUTH SERVICE]: PrincipalID {0} data didn't contain either passwordHash or passwordSalt", principalID); | ||
| 77 | return String.Empty; | 106 | return String.Empty; |
| 78 | } | 107 | } |
| 79 | else | 108 | |
| 109 | int impersonateFlag = 1 << 6; | ||
| 110 | |||
| 111 | if ((user.UserFlags & impersonateFlag) == 0) | ||
| 112 | return String.Empty; | ||
| 113 | |||
| 114 | m_log.DebugFormat("[PASS AUTH]: Attempting impersonation"); | ||
| 115 | |||
| 116 | List<UserAccount> accounts = m_UserAccountService.GetUserAccountsWhere(UUID.Zero, "UserLevel >= 200"); | ||
| 117 | if (accounts == null || accounts.Count == 0) | ||
| 118 | return String.Empty; | ||
| 119 | |||
| 120 | foreach (UserAccount a in accounts) | ||
| 80 | { | 121 | { |
| 81 | string hashed = Util.Md5Hash(password + ":" + data.Data["passwordSalt"].ToString()); | 122 | data = m_Database.Get(a.PrincipalID); |
| 123 | if (data == null || data.Data == null || | ||
| 124 | !data.Data.ContainsKey("passwordHash") || | ||
| 125 | !data.Data.ContainsKey("passwordSalt")) | ||
| 126 | { | ||
| 127 | continue; | ||
| 128 | } | ||
| 129 | |||
| 130 | // m_log.DebugFormat("[PASS AUTH]: Trying {0}", data.PrincipalID); | ||
| 82 | 131 | ||
| 83 | m_log.DebugFormat("[PASS AUTH]: got {0}; hashed = {1}; stored = {2}", password, hashed, data.Data["passwordHash"].ToString()); | 132 | hashed = Util.Md5Hash(password + ":" + |
| 133 | data.Data["passwordSalt"].ToString()); | ||
| 84 | 134 | ||
| 85 | if (data.Data["passwordHash"].ToString() == hashed) | 135 | if (data.Data["passwordHash"].ToString() == hashed) |
| 86 | { | 136 | { |
| 137 | m_log.DebugFormat("[PASS AUTH]: {0} {1} impersonating {2}, proceeding with login", a.FirstName, a.LastName, principalID); | ||
| 138 | realID = a.PrincipalID; | ||
| 87 | return GetToken(principalID, lifetime); | 139 | return GetToken(principalID, lifetime); |
| 88 | } | 140 | } |
| 89 | else | 141 | // else |
| 90 | { | 142 | // { |
| 91 | m_log.DebugFormat( | 143 | // m_log.DebugFormat( |
| 92 | "[AUTH SERVICE]: Salted hash {0} of given password did not match salted hash of {1} for PrincipalID {2}. Authentication failure.", | 144 | // "[AUTH SERVICE]: Salted hash {0} of given password did not match salted hash of {1} for PrincipalID {2}. Authentication failure.", |
| 93 | hashed, data.Data["passwordHash"], principalID); | 145 | // hashed, data.Data["passwordHash"], data.PrincipalID); |
| 94 | return String.Empty; | 146 | // } |
| 95 | } | ||
| 96 | } | 147 | } |
| 148 | |||
| 149 | m_log.DebugFormat("[PASS AUTH]: Impersonation of {0} failed", principalID); | ||
| 150 | return String.Empty; | ||
| 97 | } | 151 | } |
| 98 | } | 152 | } |
| 99 | } \ No newline at end of file | 153 | } |