Implementation of a simple authentication service + in connector in route to making HGInventory (client access) work in standalone again. This is the refactoring of what was/is there, but done in the new model. Not complete yet, but key authentication works. It should be enough to make HGInventory work again soon.

author: diva 2009-06-17 03:52:39 +0000
committer: diva 2009-06-17 03:52:39 +0000
commit: ce7de3581cd678dd09227bdfde94fefb779f5a86 (patch)
tree: 2eab5b5424e8463d30cdc918604629fe3fe08cc5 /OpenSim/Services/AuthenticationService
parent: Moving these nice HG connectors to their homes. (diff)
download: opensim-SC_OLD-ce7de3581cd678dd09227bdfde94fefb779f5a86.zip
opensim-SC_OLD-ce7de3581cd678dd09227bdfde94fefb779f5a86.tar.gz
opensim-SC_OLD-ce7de3581cd678dd09227bdfde94fefb779f5a86.tar.bz2
opensim-SC_OLD-ce7de3581cd678dd09227bdfde94fefb779f5a86.tar.xz
1 files changed, 172 insertions, 9 deletions
diff --git a/OpenSim/Services/AuthenticationService/AuthenticationService.cs b/OpenSim/Services/AuthenticationService/AuthenticationService.cs
index 3eaa03d..6eaf0b0 100644
--- a/OpenSim/Services/AuthenticationService/AuthenticationService.cs
+++ b/OpenSim/Services/AuthenticationService/AuthenticationService.cs
@@ -26,6 +26,7 @@
 */
 using System;
+using System.Collections.Generic;
 using System.Reflection;
 using Nini.Config;
 using log4net;
@@ -37,34 +38,196 @@ using OpenMetaverse;
 namespace OpenSim.Services.AuthenticationService
 {
-    public class AuthenticationService : ServiceBase, IAuthenticationService
+    /// <summary>
+    /// Simple authentication service implementation dealing only with users.
+    /// It uses the user DB directly to access user information.
+    /// It takes two config vars:
+    /// - Authenticate = {true|false} : to do or not to do authentication
+    /// - Authority = string like "osgrid.org" : this identity authority
+    ///               that will be called back for identity verification
+    /// </summary>
+    public class HGAuthenticationService : ServiceBase, IAuthenticationService
    {
-        public AuthenticationService(IConfigSource config) : base(config)
+        private static readonly ILog m_log
+            = LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType);
+        protected IUserDataPlugin m_Database;
+        protected string m_AuthorityURL;
+        protected bool m_PerformAuthentication;
+        protected Dictionary<UUID, List<string>> m_UserKeys = new Dictionary<UUID, List<string>>();
+        public HGAuthenticationService(IConfigSource config) : base(config)
        {
+            string dllName = String.Empty;
+            string connString = String.Empty;
+            //
+            // Try reading the [DatabaseService] section first, if it exists
+            //
+            IConfig dbConfig = config.Configs["DatabaseService"];
+            if (dbConfig != null)
+            {
+                dllName = dbConfig.GetString("StorageProvider", String.Empty);
+                connString = dbConfig.GetString("ConnectionString", String.Empty);
+            }
+            //
+            // Try reading the more specific [InventoryService] section, if it exists
+            //
+            IConfig authConfig = config.Configs["AuthenticationService"];
+            if (authConfig != null)
+            {
+                dllName = authConfig.GetString("StorageProvider", dllName);
+                connString = authConfig.GetString("ConnectionString", connString);
+                m_PerformAuthentication = authConfig.GetBoolean("Authenticate", true);
+                m_AuthorityURL = "http://" + authConfig.GetString("Authority", "localhost");
+            }
+            //
+            // We tried, but this doesn't exist. We can't proceed.
+            //
+            if (dllName.Equals(String.Empty))
+                throw new Exception("No InventoryService configuration");
+            m_Database = LoadPlugin<IUserDataPlugin>(dllName);
+            if (m_Database == null)
+                throw new Exception("Could not find a storage interface in the given module");
+            m_Database.Initialise(connString);
+        } 
+        /// <summary>
+        /// This implementation only authenticates users.
+        /// </summary>
+        /// <param name="principalID"></param>
+        /// <param name="password"></param>
+        /// <returns></returns>
+        public bool Authenticate(UUID principalID, string password)
+        {
+            if (!m_PerformAuthentication)
+                return true;
+            UserProfileData profile = m_Database.GetUserByUUID(principalID);
+            bool passwordSuccess = false;
+            m_log.InfoFormat("[AUTH]: Authenticating {0} {1} ({2})", profile.FirstName, profile.SurName, profile.ID);
+            // we do this to get our hash in a form that the server password code can consume
+            // when the web-login-form submits the password in the clear (supposed to be over SSL!)
+            if (!password.StartsWith("$1$"))
+                password = "$1$" + Util.Md5Hash(password);
+            password = password.Remove(0, 3); //remove $1$
+            string s = Util.Md5Hash(password + ":" + profile.PasswordSalt);
+            // Testing...
+            //m_log.Info("[LOGIN]: SubHash:" + s + " userprofile:" + profile.passwordHash);
+            //m_log.Info("[LOGIN]: userprofile:" + profile.passwordHash + " SubCT:" + password);
+            passwordSuccess = (profile.PasswordHash.Equals(s.ToString(), StringComparison.InvariantCultureIgnoreCase)
+                               || profile.PasswordHash.Equals(password, StringComparison.InvariantCultureIgnoreCase));
+            return passwordSuccess;
        }
-        public UUID AllocateUserSession(UUID userID)
+        /// <summary>
+        /// This generates authorization keys in the form
+        /// http://authority/uuid
+        /// after verifying that the caller is, indeed, authorized to request a key
+        /// </summary>
+        /// <param name="userID">The principal ID requesting the new key</param>
+        /// <param name="authToken">The original authorization token for that principal, obtained during login</param>
+        /// <returns></returns>
+        public string GetKey(UUID principalID, string authToken)
        {
-            return UUID.Zero;
+            UserProfileData profile = m_Database.GetUserByUUID(principalID);
+            string newKey = string.Empty;
+            if (profile != null)
+            {
+                m_log.DebugFormat("[AUTH]: stored auth token is {0}. Given token is {1}", profile.WebLoginKey.ToString(), authToken);
+                // I'm overloading webloginkey for this, so that no changes are needed in the DB
+                // The uses of webloginkey are fairly mutually exclusive
+                if (profile.WebLoginKey.ToString().Equals(authToken))
+                {
+                    newKey = UUID.Random().ToString();
+                    List<string> keys;
+                    lock (m_UserKeys)
+                    {
+                        if (m_UserKeys.ContainsKey(principalID))
+                        {
+                            keys = m_UserKeys[principalID];
+                        }
+                        else
+                        {
+                            keys = new List<string>();
+                            m_UserKeys.Add(principalID, keys);
+                        }
+                        keys.Add(newKey);
+                    }
+                    m_log.InfoFormat("[AUTH]: Successfully generated new auth key for {0}", principalID);
+                }
+                else
+                    m_log.Warn("[AUTH]: Unauthorized key generation request. Denying new key.");
+            }
+            else
+                m_log.Warn("[AUTH]: Principal not found.");
+            return m_AuthorityURL + newKey;
        }
-        public string GetUserKey(UUID userID, string authToken)
+        /// <summary>
+        /// This verifies the uuid portion of the key given out by GenerateKey
+        /// </summary>
+        /// <param name="userID"></param>
+        /// <param name="key"></param>
+        /// <returns></returns>
+        public bool VerifyKey(UUID userID, string key)
        {
-            return String.Empty;
+            lock (m_UserKeys)
+            {
+                if (m_UserKeys.ContainsKey(userID))
+                {
+                    List<string> keys = m_UserKeys[userID];
+                    if (keys.Contains(key))
+                    {
+                        // Keys are one-time only, so remove it
+                        keys.Remove(key);
+                        return true;
+                    }
+                    return false;
+                }
+                else
+                    return false;
+            }
        }
-        public bool VerifyUserKey(UUID userID, string key)
+        public UUID AllocateUserSession(UUID userID)
        {
-            return false;
+            // Not implemented yet
+            return UUID.Zero;
        }
-        public bool VerifyUserSession(UUID userID, UUID session)
+        public bool VerifyUserSession(UUID userID, UUID sessionID)
        {
+            UserProfileData userProfile = m_Database.GetUserByUUID(userID);
+            if (userProfile != null && userProfile.CurrentAgent != null)
+            {
+                m_log.DebugFormat("[AUTH]: Verifying session {0} for {1}; current  session {2}", sessionID, userID, userProfile.CurrentAgent.SessionID);
+                if (userProfile.CurrentAgent.SessionID == sessionID)
+                {
+                    return true;
+                }
+            }
            return false;
        }
        public void DestroyUserSession(UUID userID)
        {
+            // Not implemented yet
        }
    }
 }
author	diva	2009-06-17 03:52:39 +0000
committer	diva	2009-06-17 03:52:39 +0000
commit	ce7de3581cd678dd09227bdfde94fefb779f5a86 (patch)
tree	2eab5b5424e8463d30cdc918604629fe3fe08cc5 /OpenSim/Services/AuthenticationService
parent	Moving these nice HG connectors to their homes. (diff)
download	opensim-SC_OLD-ce7de3581cd678dd09227bdfde94fefb779f5a86.zip opensim-SC_OLD-ce7de3581cd678dd09227bdfde94fefb779f5a86.tar.gz opensim-SC_OLD-ce7de3581cd678dd09227bdfde94fefb779f5a86.tar.bz2 opensim-SC_OLD-ce7de3581cd678dd09227bdfde94fefb779f5a86.tar.xz

diff --git a/OpenSim/Services/AuthenticationService/AuthenticationService.cs b/OpenSim/Services/AuthenticationService/AuthenticationService.cs index 3eaa03d..6eaf0b0 100644 --- a/OpenSim/Services/AuthenticationService/AuthenticationService.cs +++ b/OpenSim/Services/AuthenticationService/AuthenticationService.cs
@@ -26,6 +26,7 @@
26	*/	26	*/
27		27
28	using System;	28	using System;
		29	using System.Collections.Generic;
29	using System.Reflection;	30	using System.Reflection;
30	using Nini.Config;	31	using Nini.Config;
31	using log4net;	32	using log4net;
@@ -37,34 +38,196 @@ using OpenMetaverse;
37		38
38	namespace OpenSim.Services.AuthenticationService	39	namespace OpenSim.Services.AuthenticationService
39	{	40	{
40	public class AuthenticationService : ServiceBase, IAuthenticationService	41	/// <summary>
		42	/// Simple authentication service implementation dealing only with users.
		43	/// It uses the user DB directly to access user information.
		44	/// It takes two config vars:
		45	/// - Authenticate = {true\|false} : to do or not to do authentication
		46	/// - Authority = string like "osgrid.org" : this identity authority
		47	/// that will be called back for identity verification
		48	/// </summary>
		49	public class HGAuthenticationService : ServiceBase, IAuthenticationService
41	{	50	{
42	public AuthenticationService(IConfigSource config) : base(config)	51	private static readonly ILog m_log
		52	= LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType);
		53
		54	protected IUserDataPlugin m_Database;
		55	protected string m_AuthorityURL;
		56	protected bool m_PerformAuthentication;
		57	protected Dictionary<UUID, List<string>> m_UserKeys = new Dictionary<UUID, List<string>>();
		58
		59
		60	public HGAuthenticationService(IConfigSource config) : base(config)
43	{	61	{
		62	string dllName = String.Empty;
		63	string connString = String.Empty;
		64
		65	//
		66	// Try reading the [DatabaseService] section first, if it exists
		67	//
		68	IConfig dbConfig = config.Configs["DatabaseService"];
		69	if (dbConfig != null)
		70	{
		71	dllName = dbConfig.GetString("StorageProvider", String.Empty);
		72	connString = dbConfig.GetString("ConnectionString", String.Empty);
		73	}
		74
		75	//
		76	// Try reading the more specific [InventoryService] section, if it exists
		77	//
		78	IConfig authConfig = config.Configs["AuthenticationService"];
		79	if (authConfig != null)
		80	{
		81	dllName = authConfig.GetString("StorageProvider", dllName);
		82	connString = authConfig.GetString("ConnectionString", connString);
		83
		84	m_PerformAuthentication = authConfig.GetBoolean("Authenticate", true);
		85	m_AuthorityURL = "http://" + authConfig.GetString("Authority", "localhost");
		86	}
		87
		88	//
		89	// We tried, but this doesn't exist. We can't proceed.
		90	//
		91	if (dllName.Equals(String.Empty))
		92	throw new Exception("No InventoryService configuration");
		93
		94	m_Database = LoadPlugin<IUserDataPlugin>(dllName);
		95	if (m_Database == null)
		96	throw new Exception("Could not find a storage interface in the given module");
		97
		98	m_Database.Initialise(connString);
		99	}
		100
		101	/// <summary>
		102	/// This implementation only authenticates users.
		103	/// </summary>
		104	/// <param name="principalID"></param>
		105	/// <param name="password"></param>
		106	/// <returns></returns>
		107	public bool Authenticate(UUID principalID, string password)
		108	{
		109	if (!m_PerformAuthentication)
		110	return true;
		111
		112	UserProfileData profile = m_Database.GetUserByUUID(principalID);
		113	bool passwordSuccess = false;
		114	m_log.InfoFormat("[AUTH]: Authenticating {0} {1} ({2})", profile.FirstName, profile.SurName, profile.ID);
		115
		116	// we do this to get our hash in a form that the server password code can consume
		117	// when the web-login-form submits the password in the clear (supposed to be over SSL!)
		118	if (!password.StartsWith("$1$"))
		119	password = "$1$" + Util.Md5Hash(password);
		120
		121	password = password.Remove(0, 3); //remove $1$
		122
		123	string s = Util.Md5Hash(password + ":" + profile.PasswordSalt);
		124	// Testing...
		125	//m_log.Info("[LOGIN]: SubHash:" + s + " userprofile:" + profile.passwordHash);
		126	//m_log.Info("[LOGIN]: userprofile:" + profile.passwordHash + " SubCT:" + password);
		127
		128	passwordSuccess = (profile.PasswordHash.Equals(s.ToString(), StringComparison.InvariantCultureIgnoreCase)
		129	\|\| profile.PasswordHash.Equals(password, StringComparison.InvariantCultureIgnoreCase));
		130
		131	return passwordSuccess;
44	}	132	}
45		133
46	public UUID AllocateUserSession(UUID userID)	134	/// <summary>
		135	/// This generates authorization keys in the form
		136	/// http://authority/uuid
		137	/// after verifying that the caller is, indeed, authorized to request a key
		138	/// </summary>
		139	/// <param name="userID">The principal ID requesting the new key</param>
		140	/// <param name="authToken">The original authorization token for that principal, obtained during login</param>
		141	/// <returns></returns>
		142	public string GetKey(UUID principalID, string authToken)
47	{	143	{
48	return UUID.Zero;	144	UserProfileData profile = m_Database.GetUserByUUID(principalID);
		145	string newKey = string.Empty;
		146
		147	if (profile != null)
		148	{
		149	m_log.DebugFormat("[AUTH]: stored auth token is {0}. Given token is {1}", profile.WebLoginKey.ToString(), authToken);
		150	// I'm overloading webloginkey for this, so that no changes are needed in the DB
		151	// The uses of webloginkey are fairly mutually exclusive
		152	if (profile.WebLoginKey.ToString().Equals(authToken))
		153	{
		154	newKey = UUID.Random().ToString();
		155	List<string> keys;
		156	lock (m_UserKeys)
		157	{
		158	if (m_UserKeys.ContainsKey(principalID))
		159	{
		160	keys = m_UserKeys[principalID];
		161	}
		162	else
		163	{
		164	keys = new List<string>();
		165	m_UserKeys.Add(principalID, keys);
		166	}
		167	keys.Add(newKey);
		168	}
		169	m_log.InfoFormat("[AUTH]: Successfully generated new auth key for {0}", principalID);
		170	}
		171	else
		172	m_log.Warn("[AUTH]: Unauthorized key generation request. Denying new key.");
		173	}
		174	else
		175	m_log.Warn("[AUTH]: Principal not found.");
		176
		177	return m_AuthorityURL + newKey;
49	}	178	}
50		179
51	public string GetUserKey(UUID userID, string authToken)	180	/// <summary>
		181	/// This verifies the uuid portion of the key given out by GenerateKey
		182	/// </summary>
		183	/// <param name="userID"></param>
		184	/// <param name="key"></param>
		185	/// <returns></returns>
		186	public bool VerifyKey(UUID userID, string key)
52	{	187	{
53	return String.Empty;	188	lock (m_UserKeys)
		189	{
		190	if (m_UserKeys.ContainsKey(userID))
		191	{
		192	List<string> keys = m_UserKeys[userID];
		193	if (keys.Contains(key))
		194	{
		195	// Keys are one-time only, so remove it
		196	keys.Remove(key);
		197	return true;
		198	}
		199	return false;
		200	}
		201	else
		202	return false;
		203	}
54	}	204	}
55		205
56	public bool VerifyUserKey(UUID userID, string key)	206	public UUID AllocateUserSession(UUID userID)
57	{	207	{
58	return false;	208	// Not implemented yet
		209	return UUID.Zero;
59	}	210	}
60		211
61	public bool VerifyUserSession(UUID userID, UUID session)	212	public bool VerifyUserSession(UUID userID, UUID sessionID)
62	{	213	{
		214	UserProfileData userProfile = m_Database.GetUserByUUID(userID);
		215
		216	if (userProfile != null && userProfile.CurrentAgent != null)
		217	{
		218	m_log.DebugFormat("[AUTH]: Verifying session {0} for {1}; current session {2}", sessionID, userID, userProfile.CurrentAgent.SessionID);
		219	if (userProfile.CurrentAgent.SessionID == sessionID)
		220	{
		221	return true;
		222	}
		223	}
		224
63	return false;	225	return false;
64	}	226	}
65		227
66	public void DestroyUserSession(UUID userID)	228	public void DestroyUserSession(UUID userID)
67	{	229	{
		230	// Not implemented yet
68	}	231	}
69	}	232	}
70	}	233	}