Redesign the IAuthenticationService interface to use PKI. Sessioning is

now in the domain of the presence module where it belongs.
author: Melanie 2009-08-29 17:37:41 +0100
committer: Melanie 2009-08-29 17:37:41 +0100
commit: dce04df4f229cbf5636a096c834202dec7cd1765 (patch)
tree: c0c10b2472163df93dcb0e4d105a6e921cc84379 /OpenSim/Services/AuthenticationService
parent: Add a slow cache cleaner thread. By default, the thread starts a cleanup (diff)
download: opensim-SC_OLD-dce04df4f229cbf5636a096c834202dec7cd1765.zip
opensim-SC_OLD-dce04df4f229cbf5636a096c834202dec7cd1765.tar.gz
opensim-SC_OLD-dce04df4f229cbf5636a096c834202dec7cd1765.tar.bz2
opensim-SC_OLD-dce04df4f229cbf5636a096c834202dec7cd1765.tar.xz
1 files changed, 0 insertions, 312 deletions
diff --git a/OpenSim/Services/AuthenticationService/AuthenticationService.cs b/OpenSim/Services/AuthenticationService/AuthenticationService.cs
deleted file mode 100644
index b81a004..0000000
--- a/OpenSim/Services/AuthenticationService/AuthenticationService.cs
+++ /dev/null
@@ -1,312 +0,0 @@
-/*
- * Copyright (c) Contributors, http://opensimulator.org/
- * See CONTRIBUTORS.TXT for a full list of copyright holders.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- *     * Redistributions of source code must retain the above copyright
- *       notice, this list of conditions and the following disclaimer.
- *     * Redistributions in binary form must reproduce the above copyright
- *       notice, this list of conditions and the following disclaimer in the
- *       documentation and/or other materials provided with the distribution.
- *     * Neither the name of the OpenSimulator Project nor the
- *       names of its contributors may be used to endorse or promote products
- *       derived from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
- * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY
- * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-using System;
-using System.Collections.Generic;
-using System.Reflection;
-using Nini.Config;
-using log4net;
-using OpenSim.Framework;
-using OpenSim.Data;
-using OpenSim.Services.Base;
-using OpenSim.Services.Interfaces;
-using OpenMetaverse;
-namespace OpenSim.Services.AuthenticationService
-{
-    /// <summary>
-    /// Simple authentication service implementation dealing only with users.
-    /// It uses the user DB directly to access user information.
-    /// It takes two config vars:
-    /// - Authenticate = {true|false} : to do or not to do authentication
-    /// - Authority = string like "osgrid.org" : this identity authority
-    ///               that will be called back for identity verification
-    /// </summary>
-    public class HGAuthenticationService : ServiceBase, IAuthenticationService
-    {
-        private static readonly ILog m_log
-            = LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType);
-        protected IUserDataPlugin m_Database;
-        protected string m_AuthorityURL;
-        protected bool m_PerformAuthentication;
-        protected Dictionary<UUID, List<string>> m_UserKeys = new Dictionary<UUID, List<string>>();
-        public HGAuthenticationService(IConfigSource config) : base(config)
-        {
-            string dllName = String.Empty;
-            string connString = String.Empty;
-            //
-            // Try reading the [DatabaseService] section first, if it exists
-            //
-            IConfig dbConfig = config.Configs["DatabaseService"];
-            if (dbConfig != null)
-            {
-                dllName = dbConfig.GetString("StorageProvider", String.Empty);
-                connString = dbConfig.GetString("ConnectionString", String.Empty);
-            }
-            //
-            // Try reading the more specific [InventoryService] section, if it exists
-            //
-            IConfig authConfig = config.Configs["AuthenticationService"];
-            if (authConfig != null)
-            {
-                dllName = authConfig.GetString("StorageProvider", dllName);
-                connString = authConfig.GetString("ConnectionString", connString);
-                m_PerformAuthentication = authConfig.GetBoolean("Authenticate", true);
-                m_AuthorityURL = "http://" + authConfig.GetString("Authority", "localhost");
-                if (!m_AuthorityURL.EndsWith("/"))
-                    m_AuthorityURL += "/";
-            }
-            //
-            // We tried, but this doesn't exist. We can't proceed.
-            //
-            if (dllName.Equals(String.Empty))
-                throw new Exception("No InventoryService configuration");
-            m_Database = LoadPlugin<IUserDataPlugin>(dllName);
-            if (m_Database == null)
-                throw new Exception("Could not find a storage interface in the given module");
-            m_Database.Initialise(connString);
-        } 
-        public UUID AuthenticateKey(UUID principalID, string key)
-        {
-            bool writeAgentData = false;
-            UserAgentData agent = m_Database.GetAgentByUUID(principalID);
-            if (agent == null)
-            {
-                agent = new UserAgentData();
-                agent.ProfileID = principalID;
-                agent.SessionID = UUID.Random();
-                agent.SecureSessionID = UUID.Random();
-                agent.AgentIP = "127.0.0.1";
-                agent.AgentPort = 0;
-                agent.AgentOnline = false;
-                writeAgentData = true;
-            }
-            if (!m_PerformAuthentication)
-            {
-                if (writeAgentData)
-                    m_Database.AddNewUserAgent(agent);
-                return agent.SessionID;
-            }
-            if (!VerifyKey(principalID, key))
-                return UUID.Zero;
-            if (writeAgentData)
-                m_Database.AddNewUserAgent(agent);
-            return agent.SessionID;
-        }
-        /// <summary>
-        /// This implementation only authenticates users.
-        /// </summary>
-        /// <param name="principalID"></param>
-        /// <param name="password"></param>
-        /// <returns></returns>
-        public UUID AuthenticatePassword(UUID principalID, string password)
-        {
-            bool writeAgentData = false;
-            UserAgentData agent = m_Database.GetAgentByUUID(principalID);
-            if (agent == null)
-            {
-                agent = new UserAgentData();
-                agent.ProfileID = principalID;
-                agent.SessionID = UUID.Random();
-                agent.SecureSessionID = UUID.Random();
-                agent.AgentIP = "127.0.0.1";
-                agent.AgentPort = 0;
-                agent.AgentOnline = false;
-                writeAgentData = true;
-            }
-            if (!m_PerformAuthentication)
-            {
-                if (writeAgentData)
-                    m_Database.AddNewUserAgent(agent);
-                return agent.SessionID;
-            }
-            UserProfileData profile = m_Database.GetUserByUUID(principalID);
-            bool passwordSuccess = false;
-            m_log.InfoFormat("[AUTH]: Authenticating {0} {1} ({2})", profile.FirstName, profile.SurName, profile.ID);
-            // we do this to get our hash in a form that the server password code can consume
-            // when the web-login-form submits the password in the clear (supposed to be over SSL!)
-            if (!password.StartsWith("$1$"))
-                password = "$1$" + Util.Md5Hash(password);
-            password = password.Remove(0, 3); //remove $1$
-            string s = Util.Md5Hash(password + ":" + profile.PasswordSalt);
-            // Testing...
-            //m_log.Info("[LOGIN]: SubHash:" + s + " userprofile:" + profile.passwordHash);
-            //m_log.Info("[LOGIN]: userprofile:" + profile.passwordHash + " SubCT:" + password);
-            passwordSuccess = (profile.PasswordHash.Equals(s.ToString(), StringComparison.InvariantCultureIgnoreCase)
-                               || profile.PasswordHash.Equals(password, StringComparison.InvariantCulture));
-            if (!passwordSuccess)
-                return UUID.Zero;
-            if (writeAgentData)
-                m_Database.AddNewUserAgent(agent);
-            return agent.SessionID;
-        }
-        /// <summary>
-        /// This generates authorization keys in the form
-        /// http://authority/uuid
-        /// after verifying that the caller is, indeed, authorized to request a key
-        /// </summary>
-        /// <param name="userID">The principal ID requesting the new key</param>
-        /// <param name="authToken">The original authorization token for that principal, obtained during login</param>
-        /// <returns></returns>
-        public string GetKey(UUID principalID, string authToken)
-        {
-            UserProfileData profile = m_Database.GetUserByUUID(principalID);
-            string newKey = string.Empty;
-            if (profile != null)
-            {
-                m_log.DebugFormat("[AUTH]: stored auth token is {0}. Given token is {1}", profile.WebLoginKey.ToString(), authToken);
-                // I'm overloading webloginkey for this, so that no changes are needed in the DB
-                // The uses of webloginkey are fairly mutually exclusive
-                if (profile.WebLoginKey.ToString().Equals(authToken))
-                {
-                    newKey = UUID.Random().ToString();
-                    List<string> keys;
-                    lock (m_UserKeys)
-                    {
-                        if (m_UserKeys.ContainsKey(principalID))
-                        {
-                            keys = m_UserKeys[principalID];
-                        }
-                        else
-                        {
-                            keys = new List<string>();
-                            m_UserKeys.Add(principalID, keys);
-                        }
-                        keys.Add(newKey);
-                    }
-                    m_log.InfoFormat("[AUTH]: Successfully generated new auth key for {0}", principalID);
-                }
-                else
-                    m_log.Warn("[AUTH]: Unauthorized key generation request. Denying new key.");
-            }
-            else
-                m_log.Warn("[AUTH]: Principal not found.");
-            return m_AuthorityURL + newKey;
-        }
-        /// <summary>
-        /// This verifies the uuid portion of the key given out by GenerateKey
-        /// </summary>
-        /// <param name="userID"></param>
-        /// <param name="key"></param>
-        /// <returns></returns>
-        public bool VerifyKey(UUID userID, string key)
-        {
-            lock (m_UserKeys)
-            {
-                if (m_UserKeys.ContainsKey(userID))
-                {
-                    List<string> keys = m_UserKeys[userID];
-                    if (keys.Contains(key))
-                    {
-                        // Keys are one-time only, so remove it
-                        keys.Remove(key);
-                        return true;
-                    }
-                    return false;
-                }
-                else
-                    return false;
-            }
-        }
-        public UUID CreateUserSession(UUID userID, UUID oldSessionID)
-        {
-            UserAgentData agent = m_Database.GetAgentByUUID(userID);
-            if (agent == null)
-                return UUID.Zero;
-            agent.SessionID = UUID.Random();
-            m_Database.AddNewUserAgent(agent);
-            return agent.SessionID;
-        }
-        public bool VerifyUserSession(UUID userID, UUID sessionID)
-        {
-            UserProfileData userProfile = m_Database.GetUserByUUID(userID);
-            if (userProfile != null && userProfile.CurrentAgent != null)
-            {
-                m_log.DebugFormat("[AUTH]: Verifying session {0} for {1}; current  session {2}", sessionID, userID, userProfile.CurrentAgent.SessionID);
-                if (userProfile.CurrentAgent.SessionID == sessionID)
-                {
-                    return true;
-                }
-            }
-            return false;
-        }
-        public bool DestroyUserSession(UUID userID, UUID sessionID)
-        {
-            if (!VerifyUserSession(userID, sessionID))
-                return false;
-            UserAgentData agent = m_Database.GetAgentByUUID(userID);
-            if (agent == null)
-                return false;
-            agent.SessionID = UUID.Zero;
-            m_Database.AddNewUserAgent(agent);
-            return true;
-        }
-    }
-}
author	Melanie	2009-08-29 17:37:41 +0100
committer	Melanie	2009-08-29 17:37:41 +0100
commit	dce04df4f229cbf5636a096c834202dec7cd1765 (patch)
tree	c0c10b2472163df93dcb0e4d105a6e921cc84379 /OpenSim/Services/AuthenticationService
parent	Add a slow cache cleaner thread. By default, the thread starts a cleanup (diff)
download	opensim-SC_OLD-dce04df4f229cbf5636a096c834202dec7cd1765.zip opensim-SC_OLD-dce04df4f229cbf5636a096c834202dec7cd1765.tar.gz opensim-SC_OLD-dce04df4f229cbf5636a096c834202dec7cd1765.tar.bz2 opensim-SC_OLD-dce04df4f229cbf5636a096c834202dec7cd1765.tar.xz

diff --git a/OpenSim/Services/AuthenticationService/AuthenticationService.cs b/OpenSim/Services/AuthenticationService/AuthenticationService.cs deleted file mode 100644 index b81a004..0000000 --- a/OpenSim/Services/AuthenticationService/AuthenticationService.cs +++ /dev/null
@@ -1,312 +0,0 @@
1	/*
2	* Copyright (c) Contributors, http://opensimulator.org/
3	* See CONTRIBUTORS.TXT for a full list of copyright holders.
4	*
5	* Redistribution and use in source and binary forms, with or without
6	* modification, are permitted provided that the following conditions are met:
7	* * Redistributions of source code must retain the above copyright
8	* notice, this list of conditions and the following disclaimer.
9	* * Redistributions in binary form must reproduce the above copyright
10	* notice, this list of conditions and the following disclaimer in the
11	* documentation and/or other materials provided with the distribution.
12	* * Neither the name of the OpenSimulator Project nor the
13	* names of its contributors may be used to endorse or promote products
14	* derived from this software without specific prior written permission.
15	*
16	* THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY
17	* EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
18	* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
19	* DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY
20	* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
21	* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
22	* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
23	* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
24	* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
25	* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26	*/
27
28	using System;
29	using System.Collections.Generic;
30	using System.Reflection;
31	using Nini.Config;
32	using log4net;
33	using OpenSim.Framework;
34	using OpenSim.Data;
35	using OpenSim.Services.Base;
36	using OpenSim.Services.Interfaces;
37	using OpenMetaverse;
38
39	namespace OpenSim.Services.AuthenticationService
40	{
41	/// <summary>
42	/// Simple authentication service implementation dealing only with users.
43	/// It uses the user DB directly to access user information.
44	/// It takes two config vars:
45	/// - Authenticate = {true\|false} : to do or not to do authentication
46	/// - Authority = string like "osgrid.org" : this identity authority
47	/// that will be called back for identity verification
48	/// </summary>
49	public class HGAuthenticationService : ServiceBase, IAuthenticationService
50	{
51	private static readonly ILog m_log
52	= LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType);
53
54	protected IUserDataPlugin m_Database;
55	protected string m_AuthorityURL;
56	protected bool m_PerformAuthentication;
57	protected Dictionary<UUID, List<string>> m_UserKeys = new Dictionary<UUID, List<string>>();
58
59
60	public HGAuthenticationService(IConfigSource config) : base(config)
61	{
62	string dllName = String.Empty;
63	string connString = String.Empty;
64
65	//
66	// Try reading the [DatabaseService] section first, if it exists
67	//
68	IConfig dbConfig = config.Configs["DatabaseService"];
69	if (dbConfig != null)
70	{
71	dllName = dbConfig.GetString("StorageProvider", String.Empty);
72	connString = dbConfig.GetString("ConnectionString", String.Empty);
73	}
74
75	//
76	// Try reading the more specific [InventoryService] section, if it exists
77	//
78	IConfig authConfig = config.Configs["AuthenticationService"];
79	if (authConfig != null)
80	{
81	dllName = authConfig.GetString("StorageProvider", dllName);
82	connString = authConfig.GetString("ConnectionString", connString);
83
84	m_PerformAuthentication = authConfig.GetBoolean("Authenticate", true);
85	m_AuthorityURL = "http://" + authConfig.GetString("Authority", "localhost");
86	if (!m_AuthorityURL.EndsWith("/"))
87	m_AuthorityURL += "/";
88	}
89
90	//
91	// We tried, but this doesn't exist. We can't proceed.
92	//
93	if (dllName.Equals(String.Empty))
94	throw new Exception("No InventoryService configuration");
95
96	m_Database = LoadPlugin<IUserDataPlugin>(dllName);
97	if (m_Database == null)
98	throw new Exception("Could not find a storage interface in the given module");
99
100	m_Database.Initialise(connString);
101	}
102
103	public UUID AuthenticateKey(UUID principalID, string key)
104	{
105	bool writeAgentData = false;
106
107	UserAgentData agent = m_Database.GetAgentByUUID(principalID);
108	if (agent == null)
109	{
110	agent = new UserAgentData();
111	agent.ProfileID = principalID;
112	agent.SessionID = UUID.Random();
113	agent.SecureSessionID = UUID.Random();
114	agent.AgentIP = "127.0.0.1";
115	agent.AgentPort = 0;
116	agent.AgentOnline = false;
117
118	writeAgentData = true;
119	}
120
121	if (!m_PerformAuthentication)
122	{
123	if (writeAgentData)
124	m_Database.AddNewUserAgent(agent);
125	return agent.SessionID;
126	}
127
128	if (!VerifyKey(principalID, key))
129	return UUID.Zero;
130
131	if (writeAgentData)
132	m_Database.AddNewUserAgent(agent);
133
134	return agent.SessionID;
135	}
136
137	/// <summary>
138	/// This implementation only authenticates users.
139	/// </summary>
140	/// <param name="principalID"></param>
141	/// <param name="password"></param>
142	/// <returns></returns>
143	public UUID AuthenticatePassword(UUID principalID, string password)
144	{
145	bool writeAgentData = false;
146
147	UserAgentData agent = m_Database.GetAgentByUUID(principalID);
148	if (agent == null)
149	{
150	agent = new UserAgentData();
151	agent.ProfileID = principalID;
152	agent.SessionID = UUID.Random();
153	agent.SecureSessionID = UUID.Random();
154	agent.AgentIP = "127.0.0.1";
155	agent.AgentPort = 0;
156	agent.AgentOnline = false;
157
158	writeAgentData = true;
159	}
160
161	if (!m_PerformAuthentication)
162	{
163	if (writeAgentData)
164	m_Database.AddNewUserAgent(agent);
165	return agent.SessionID;
166	}
167
168	UserProfileData profile = m_Database.GetUserByUUID(principalID);
169	bool passwordSuccess = false;
170	m_log.InfoFormat("[AUTH]: Authenticating {0} {1} ({2})", profile.FirstName, profile.SurName, profile.ID);
171
172	// we do this to get our hash in a form that the server password code can consume
173	// when the web-login-form submits the password in the clear (supposed to be over SSL!)
174	if (!password.StartsWith("$1$"))
175	password = "$1$" + Util.Md5Hash(password);
176
177	password = password.Remove(0, 3); //remove $1$
178
179	string s = Util.Md5Hash(password + ":" + profile.PasswordSalt);
180	// Testing...
181	//m_log.Info("[LOGIN]: SubHash:" + s + " userprofile:" + profile.passwordHash);
182	//m_log.Info("[LOGIN]: userprofile:" + profile.passwordHash + " SubCT:" + password);
183
184	passwordSuccess = (profile.PasswordHash.Equals(s.ToString(), StringComparison.InvariantCultureIgnoreCase)
185	\|\| profile.PasswordHash.Equals(password, StringComparison.InvariantCulture));
186
187	if (!passwordSuccess)
188	return UUID.Zero;
189
190	if (writeAgentData)
191	m_Database.AddNewUserAgent(agent);
192
193	return agent.SessionID;
194	}
195
196	/// <summary>
197	/// This generates authorization keys in the form
198	/// http://authority/uuid
199	/// after verifying that the caller is, indeed, authorized to request a key
200	/// </summary>
201	/// <param name="userID">The principal ID requesting the new key</param>
202	/// <param name="authToken">The original authorization token for that principal, obtained during login</param>
203	/// <returns></returns>
204	public string GetKey(UUID principalID, string authToken)
205	{
206	UserProfileData profile = m_Database.GetUserByUUID(principalID);
207	string newKey = string.Empty;
208
209	if (profile != null)
210	{
211	m_log.DebugFormat("[AUTH]: stored auth token is {0}. Given token is {1}", profile.WebLoginKey.ToString(), authToken);
212	// I'm overloading webloginkey for this, so that no changes are needed in the DB
213	// The uses of webloginkey are fairly mutually exclusive
214	if (profile.WebLoginKey.ToString().Equals(authToken))
215	{
216	newKey = UUID.Random().ToString();
217	List<string> keys;
218	lock (m_UserKeys)
219	{
220	if (m_UserKeys.ContainsKey(principalID))
221	{
222	keys = m_UserKeys[principalID];
223	}
224	else
225	{
226	keys = new List<string>();
227	m_UserKeys.Add(principalID, keys);
228	}
229	keys.Add(newKey);
230	}
231	m_log.InfoFormat("[AUTH]: Successfully generated new auth key for {0}", principalID);
232	}
233	else
234	m_log.Warn("[AUTH]: Unauthorized key generation request. Denying new key.");
235	}
236	else
237	m_log.Warn("[AUTH]: Principal not found.");
238
239	return m_AuthorityURL + newKey;
240	}
241
242	/// <summary>
243	/// This verifies the uuid portion of the key given out by GenerateKey
244	/// </summary>
245	/// <param name="userID"></param>
246	/// <param name="key"></param>
247	/// <returns></returns>
248	public bool VerifyKey(UUID userID, string key)
249	{
250	lock (m_UserKeys)
251	{
252	if (m_UserKeys.ContainsKey(userID))
253	{
254	List<string> keys = m_UserKeys[userID];
255	if (keys.Contains(key))
256	{
257	// Keys are one-time only, so remove it
258	keys.Remove(key);
259	return true;
260	}
261	return false;
262	}
263	else
264	return false;
265	}
266	}
267
268	public UUID CreateUserSession(UUID userID, UUID oldSessionID)
269	{
270	UserAgentData agent = m_Database.GetAgentByUUID(userID);
271
272	if (agent == null)
273	return UUID.Zero;
274
275	agent.SessionID = UUID.Random();
276
277	m_Database.AddNewUserAgent(agent);
278	return agent.SessionID;
279	}
280
281	public bool VerifyUserSession(UUID userID, UUID sessionID)
282	{
283	UserProfileData userProfile = m_Database.GetUserByUUID(userID);
284
285	if (userProfile != null && userProfile.CurrentAgent != null)
286	{
287	m_log.DebugFormat("[AUTH]: Verifying session {0} for {1}; current session {2}", sessionID, userID, userProfile.CurrentAgent.SessionID);
288	if (userProfile.CurrentAgent.SessionID == sessionID)
289	{
290	return true;
291	}
292	}
293
294	return false;
295	}
296
297	public bool DestroyUserSession(UUID userID, UUID sessionID)
298	{
299	if (!VerifyUserSession(userID, sessionID))
300	return false;
301
302	UserAgentData agent = m_Database.GetAgentByUUID(userID);
303	if (agent == null)
304	return false;
305
306	agent.SessionID = UUID.Zero;
307	m_Database.AddNewUserAgent(agent);
308
309	return true;
310	}
311	}
312	}