aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/OpenSim
diff options
context:
space:
mode:
authordiva2009-06-17 03:52:39 +0000
committerdiva2009-06-17 03:52:39 +0000
commitce7de3581cd678dd09227bdfde94fefb779f5a86 (patch)
tree2eab5b5424e8463d30cdc918604629fe3fe08cc5 /OpenSim
parentMoving these nice HG connectors to their homes. (diff)
downloadopensim-SC_OLD-ce7de3581cd678dd09227bdfde94fefb779f5a86.zip
opensim-SC_OLD-ce7de3581cd678dd09227bdfde94fefb779f5a86.tar.gz
opensim-SC_OLD-ce7de3581cd678dd09227bdfde94fefb779f5a86.tar.bz2
opensim-SC_OLD-ce7de3581cd678dd09227bdfde94fefb779f5a86.tar.xz
Implementation of a simple authentication service + in connector in route to making HGInventory (client access) work in standalone again. This is the refactoring of what was/is there, but done in the new model. Not complete yet, but key authentication works. It should be enough to make HGInventory work again soon.
Diffstat (limited to 'OpenSim')
-rw-r--r--OpenSim/Framework/Communications/Services/HGLoginAuthService.cs2
-rw-r--r--OpenSim/Region/CoreModules/Hypergrid/HGStandaloneLoginModule.cs2
-rw-r--r--OpenSim/Region/CoreModules/Resources/CoreModulePlugin.addin.xml3
-rw-r--r--OpenSim/Region/CoreModules/ServiceConnectorsIn/Authentication/HGAuthServiceInConnectorModule.cs117
-rw-r--r--OpenSim/Server/Handlers/Authentication/HGAuthServerConnector.cs62
-rw-r--r--OpenSim/Server/Handlers/Authentication/HGAuthenticationHandlers.cs117
-rw-r--r--OpenSim/Server/Handlers/Neighbour/NeighbourHandlers.cs2
-rw-r--r--OpenSim/Server/Handlers/Simulation/AgentHandlers.cs2
-rw-r--r--OpenSim/Services/AuthenticationService/AuthenticationService.cs181
-rw-r--r--OpenSim/Services/Interfaces/IAuthenticationService.cs30
10 files changed, 493 insertions, 25 deletions
diff --git a/OpenSim/Framework/Communications/Services/HGLoginAuthService.cs b/OpenSim/Framework/Communications/Services/HGLoginAuthService.cs
index 8e0205c..f496082 100644
--- a/OpenSim/Framework/Communications/Services/HGLoginAuthService.cs
+++ b/OpenSim/Framework/Communications/Services/HGLoginAuthService.cs
@@ -128,6 +128,8 @@ namespace OpenSim.Framework.Communications.Services
128 userProfile.WebLoginKey = token; 128 userProfile.WebLoginKey = token;
129 m_userManager.CommitAgent(ref userProfile); 129 m_userManager.CommitAgent(ref userProfile);
130 } 130 }
131 m_log.Warn("[HGLOGIN]: Auth token: " + token);
132
131 133
132 return response; 134 return response;
133 } 135 }
diff --git a/OpenSim/Region/CoreModules/Hypergrid/HGStandaloneLoginModule.cs b/OpenSim/Region/CoreModules/Hypergrid/HGStandaloneLoginModule.cs
index a5101d0..48895d4 100644
--- a/OpenSim/Region/CoreModules/Hypergrid/HGStandaloneLoginModule.cs
+++ b/OpenSim/Region/CoreModules/Hypergrid/HGStandaloneLoginModule.cs
@@ -114,8 +114,6 @@ namespace OpenSim.Region.CoreModules.Hypergrid
114 this); 114 this);
115 115
116 httpServer.AddXmlRPCHandler("hg_login", m_loginService.XmlRpcLoginMethod); 116 httpServer.AddXmlRPCHandler("hg_login", m_loginService.XmlRpcLoginMethod);
117 httpServer.AddXmlRPCHandler("hg_new_auth_key", m_loginService.XmlRpcGenerateKeyMethod);
118 httpServer.AddXmlRPCHandler("hg_verify_auth_key", m_loginService.XmlRpcVerifyKeyMethod);
119 httpServer.AddXmlRPCHandler("check_auth_session", m_loginService.XmlRPCCheckAuthSession, false); 117 httpServer.AddXmlRPCHandler("check_auth_session", m_loginService.XmlRPCCheckAuthSession, false);
120 118
121 } 119 }
diff --git a/OpenSim/Region/CoreModules/Resources/CoreModulePlugin.addin.xml b/OpenSim/Region/CoreModules/Resources/CoreModulePlugin.addin.xml
index 7d0d327..f910550 100644
--- a/OpenSim/Region/CoreModules/Resources/CoreModulePlugin.addin.xml
+++ b/OpenSim/Region/CoreModules/Resources/CoreModulePlugin.addin.xml
@@ -34,7 +34,8 @@
34 <RegionModule id="AssetServiceInConnectorModule" type="OpenSim.Region.CoreModules.ServiceConnectorsIn.Asset.AssetServiceInConnectorModule" /> 34 <RegionModule id="AssetServiceInConnectorModule" type="OpenSim.Region.CoreModules.ServiceConnectorsIn.Asset.AssetServiceInConnectorModule" />
35 <RegionModule id="InventoryServiceInConnectorModule" type="OpenSim.Region.CoreModules.ServiceConnectorsIn.Inventory.InventoryServiceInConnectorModule" /> 35 <RegionModule id="InventoryServiceInConnectorModule" type="OpenSim.Region.CoreModules.ServiceConnectorsIn.Inventory.InventoryServiceInConnectorModule" />
36 <RegionModule id="LandServiceInConnectorModule" type="OpenSim.Region.CoreModules.ServiceConnectorsIn.Land.LandServiceInConnectorModule" /> 36 <RegionModule id="LandServiceInConnectorModule" type="OpenSim.Region.CoreModules.ServiceConnectorsIn.Land.LandServiceInConnectorModule" />
37 <RegionModule id="NeighbourServiceInConnectorModule" type="OpenSim.Region.CoreModules.ServiceConnectorsIn.Neighbour.NeighbourServiceInConnectorModule" /> \ 37 <RegionModule id="NeighbourServiceInConnectorModule" type="OpenSim.Region.CoreModules.ServiceConnectorsIn.Neighbour.NeighbourServiceInConnectorModule" /> \
38 <RegionModule id="HGAuthServiceInConnectorModule" type="OpenSim.Region.CoreModules.ServiceConnectorsIn.Authentication.HGAuthServiceInConnectorModule" /> \
38 39
39 </Extension> 40 </Extension>
40 41
diff --git a/OpenSim/Region/CoreModules/ServiceConnectorsIn/Authentication/HGAuthServiceInConnectorModule.cs b/OpenSim/Region/CoreModules/ServiceConnectorsIn/Authentication/HGAuthServiceInConnectorModule.cs
new file mode 100644
index 0000000..e1517a0
--- /dev/null
+++ b/OpenSim/Region/CoreModules/ServiceConnectorsIn/Authentication/HGAuthServiceInConnectorModule.cs
@@ -0,0 +1,117 @@
1/*
2 * Copyright (c) Contributors, http://opensimulator.org/
3 * See CONTRIBUTORS.TXT for a full list of copyright holders.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions are met:
7 * * Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer.
9 * * Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the
11 * documentation and/or other materials provided with the distribution.
12 * * Neither the name of the OpenSimulator Project nor the
13 * names of its contributors may be used to endorse or promote products
14 * derived from this software without specific prior written permission.
15 *
16 * THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY
17 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
18 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
19 * DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY
20 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
21 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
22 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
23 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
24 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
25 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26 */
27
28using System;
29using System.Reflection;
30using System.Collections.Generic;
31using log4net;
32using Nini.Config;
33using OpenSim.Framework;
34using OpenSim.Framework.Servers.HttpServer;
35using OpenSim.Region.Framework.Scenes;
36using OpenSim.Region.Framework.Interfaces;
37using OpenSim.Server.Base;
38using OpenSim.Services.Interfaces;
39using OpenSim.Server.Handlers.Authentication;
40
41
42namespace OpenSim.Region.CoreModules.ServiceConnectorsIn.Authentication
43{
44 public class HGAuthServiceInConnectorModule : ISharedRegionModule
45 {
46 private static readonly ILog m_log = LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType);
47 private static bool m_Enabled = false;
48 private static bool m_Registered = false;
49
50 private IConfigSource m_Config;
51
52 #region IRegionModule interface
53
54 public void Initialise(IConfigSource config)
55 {
56 m_Config = config;
57
58 IConfig moduleConfig = config.Configs["Modules"];
59 if (moduleConfig != null)
60 {
61 // Boolean because there may be many of these in peaceful coexistence
62 m_Enabled = moduleConfig.GetBoolean("HGAuthServiceInConnector", false);
63 if (m_Enabled)
64 {
65 m_log.Info("[HGAUTH IN CONNECTOR]: HGAuthServiceInConnector enabled");
66 }
67
68 }
69
70 }
71
72 public void PostInitialise()
73 {
74 if (!m_Enabled)
75 return;
76
77 m_log.Info("[HGAUTH IN CONNECTOR]: Starting...");
78 }
79
80 public void Close()
81 {
82 }
83
84 public string Name
85 {
86 get { return "HGAuthServiceInConnectorModule"; }
87 }
88
89 public void AddRegion(Scene scene)
90 {
91 if (!m_Enabled)
92 return;
93
94 if (!m_Registered)
95 {
96 m_Registered = true;
97 new HGAuthServiceInConnector(m_Config, scene.CommsManager.HttpServer);
98
99 //Object[] args = new Object[] { m_Config, scene.CommsManager.HttpServer };
100 //ServerUtils.LoadPlugin<IAuthenticationService>("OpenSim.Server.Handlers.dll:HGAuthServiceInConnector", args);
101 }
102
103
104 }
105
106 public void RemoveRegion(Scene scene)
107 {
108 }
109
110 public void RegionLoaded(Scene scene)
111 {
112 }
113
114 #endregion
115
116 }
117}
diff --git a/OpenSim/Server/Handlers/Authentication/HGAuthServerConnector.cs b/OpenSim/Server/Handlers/Authentication/HGAuthServerConnector.cs
new file mode 100644
index 0000000..2b4c380
--- /dev/null
+++ b/OpenSim/Server/Handlers/Authentication/HGAuthServerConnector.cs
@@ -0,0 +1,62 @@
1/*
2 * Copyright (c) Contributors, http://opensimulator.org/
3 * See CONTRIBUTORS.TXT for a full list of copyright holders.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions are met:
7 * * Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer.
9 * * Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the
11 * documentation and/or other materials provided with the distribution.
12 * * Neither the name of the OpenSimulator Project nor the
13 * names of its contributors may be used to endorse or promote products
14 * derived from this software without specific prior written permission.
15 *
16 * THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY
17 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
18 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
19 * DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY
20 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
21 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
22 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
23 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
24 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
25 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26 */
27
28using System;
29using Nini.Config;
30using OpenSim.Server.Base;
31using OpenSim.Services.Interfaces;
32using OpenSim.Framework.Servers.HttpServer;
33using OpenSim.Server.Handlers.Base;
34
35namespace OpenSim.Server.Handlers.Authentication
36{
37 public class HGAuthServiceInConnector : ServiceConnector
38 {
39 private IAuthenticationService m_AuthenticationService;
40
41 public HGAuthServiceInConnector(IConfigSource config, IHttpServer server) :
42 base(config, server)
43 {
44 IConfig serverConfig = config.Configs["AuthenticationService"];
45 if (serverConfig == null)
46 throw new Exception("No section 'AuthenticationService' in config file");
47
48 string authenticationService = serverConfig.GetString("LocalServiceModule",
49 String.Empty);
50
51 if (authenticationService == String.Empty)
52 throw new Exception("No AuthenticationService in config file");
53
54 Object[] args = new Object[] { config };
55 m_AuthenticationService = ServerUtils.LoadPlugin<IAuthenticationService>(authenticationService, args);
56
57 HGAuthenticationHandlers m_handlers = new HGAuthenticationHandlers(m_AuthenticationService);
58 server.AddXmlRPCHandler("hg_new_auth_key", m_handlers.GenerateKeyMethod);
59 server.AddXmlRPCHandler("hg_verify_auth_key", m_handlers.VerifyKeyMethod);
60 }
61 }
62}
diff --git a/OpenSim/Server/Handlers/Authentication/HGAuthenticationHandlers.cs b/OpenSim/Server/Handlers/Authentication/HGAuthenticationHandlers.cs
new file mode 100644
index 0000000..1bcbaf5
--- /dev/null
+++ b/OpenSim/Server/Handlers/Authentication/HGAuthenticationHandlers.cs
@@ -0,0 +1,117 @@
1/*
2 * Copyright (c) Contributors, http://opensimulator.org/
3 * See CONTRIBUTORS.TXT for a full list of copyright holders.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions are met:
7 * * Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer.
9 * * Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the
11 * documentation and/or other materials provided with the distribution.
12 * * Neither the name of the OpenSimulator Project nor the
13 * names of its contributors may be used to endorse or promote products
14 * derived from this software without specific prior written permission.
15 *
16 * THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY
17 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
18 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
19 * DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY
20 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
21 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
22 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
23 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
24 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
25 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26 */
27
28using System;
29using System.Collections;
30using System.IO;
31using System.Reflection;
32using System.Net;
33using System.Text;
34
35using OpenSim.Server.Base;
36using OpenSim.Server.Handlers.Base;
37using OpenSim.Services.Interfaces;
38using OpenSim.Framework;
39using OpenSim.Framework.Servers.HttpServer;
40
41using OpenMetaverse;
42using OpenMetaverse.StructuredData;
43using Nwc.XmlRpc;
44using Nini.Config;
45using log4net;
46
47namespace OpenSim.Server.Handlers.Authentication
48{
49 public class HGAuthenticationHandlers
50 {
51 private static readonly ILog m_log = LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType);
52
53 private IAuthenticationService m_LocalService;
54
55 public HGAuthenticationHandlers(IAuthenticationService service)
56 {
57 m_LocalService = service;
58 }
59
60
61 public XmlRpcResponse GenerateKeyMethod(XmlRpcRequest request, IPEndPoint remoteClient)
62 {
63 XmlRpcResponse response = new XmlRpcResponse();
64
65 if (request.Params.Count < 2)
66 {
67 response.IsFault = true;
68 response.SetFault(-1, "Invalid parameters");
69 return response;
70 }
71
72 // Verify the key of who's calling
73 UUID userID = UUID.Zero;
74 string authKey = string.Empty;
75 UUID.TryParse((string)request.Params[0], out userID);
76 authKey = (string)request.Params[1];
77
78 m_log.InfoFormat("[AUTH HANDLER] GenerateKey called with authToken {0}", authKey);
79 string newKey = string.Empty;
80
81 newKey = m_LocalService.GetKey(userID, authKey.ToString());
82
83 response.Value = (string)newKey;
84 return response;
85 }
86
87 public XmlRpcResponse VerifyKeyMethod(XmlRpcRequest request, IPEndPoint remoteClient)
88 {
89 bool success = false;
90 XmlRpcResponse response = new XmlRpcResponse();
91
92 if (request.Params.Count != 2)
93 {
94 response.IsFault = true;
95 response.SetFault(-1, "Invalid parameters");
96 return response;
97 }
98
99 // Verify the key of who's calling
100 UUID userID = UUID.Zero;
101 string authKey = string.Empty;
102 if (UUID.TryParse((string)request.Params[0], out userID))
103 {
104 authKey = (string)request.Params[1];
105
106 m_log.InfoFormat("[AUTH HANDLER] VerifyKey called with key {0}", authKey);
107
108 success = m_LocalService.VerifyKey(userID, authKey);
109 }
110
111 m_log.DebugFormat("[AUTH HANDLER]: Response to VerifyKey is {0}", success);
112 response.Value = success;
113 return response;
114 }
115
116 }
117}
diff --git a/OpenSim/Server/Handlers/Neighbour/NeighbourHandlers.cs b/OpenSim/Server/Handlers/Neighbour/NeighbourHandlers.cs
index 83fa995..3de2245 100644
--- a/OpenSim/Server/Handlers/Neighbour/NeighbourHandlers.cs
+++ b/OpenSim/Server/Handlers/Neighbour/NeighbourHandlers.cs
@@ -110,7 +110,7 @@ namespace OpenSim.Server.Handlers.Neighbour
110 httpResponse.StatusCode = (int)HttpStatusCode.Unauthorized; 110 httpResponse.StatusCode = (int)HttpStatusCode.Unauthorized;
111 return result; 111 return result;
112 } 112 }
113 if (!m_AuthenticationService.VerifyUserKey(regionID, authToken)) 113 if (!m_AuthenticationService.VerifyKey(regionID, authToken))
114 { 114 {
115 m_log.InfoFormat("[RegionPostHandler]: Authentication failed for neighbour message {0}", path); 115 m_log.InfoFormat("[RegionPostHandler]: Authentication failed for neighbour message {0}", path);
116 httpResponse.StatusCode = (int)HttpStatusCode.Forbidden; 116 httpResponse.StatusCode = (int)HttpStatusCode.Forbidden;
diff --git a/OpenSim/Server/Handlers/Simulation/AgentHandlers.cs b/OpenSim/Server/Handlers/Simulation/AgentHandlers.cs
index 8e4d7d0..6c0b705 100644
--- a/OpenSim/Server/Handlers/Simulation/AgentHandlers.cs
+++ b/OpenSim/Server/Handlers/Simulation/AgentHandlers.cs
@@ -109,7 +109,7 @@ namespace OpenSim.Server.Handlers.Simulation
109 httpResponse.StatusCode = (int)HttpStatusCode.Unauthorized; 109 httpResponse.StatusCode = (int)HttpStatusCode.Unauthorized;
110 return result; 110 return result;
111 } 111 }
112 if (!m_AuthenticationService.VerifyUserKey(agentID, authToken)) 112 if (!m_AuthenticationService.VerifyKey(agentID, authToken))
113 { 113 {
114 m_log.InfoFormat("[AgentPostHandler]: Authentication failed for agent message {0}", path); 114 m_log.InfoFormat("[AgentPostHandler]: Authentication failed for agent message {0}", path);
115 httpResponse.StatusCode = (int)HttpStatusCode.Forbidden; 115 httpResponse.StatusCode = (int)HttpStatusCode.Forbidden;
diff --git a/OpenSim/Services/AuthenticationService/AuthenticationService.cs b/OpenSim/Services/AuthenticationService/AuthenticationService.cs
index 3eaa03d..6eaf0b0 100644
--- a/OpenSim/Services/AuthenticationService/AuthenticationService.cs
+++ b/OpenSim/Services/AuthenticationService/AuthenticationService.cs
@@ -26,6 +26,7 @@
26 */ 26 */
27 27
28using System; 28using System;
29using System.Collections.Generic;
29using System.Reflection; 30using System.Reflection;
30using Nini.Config; 31using Nini.Config;
31using log4net; 32using log4net;
@@ -37,34 +38,196 @@ using OpenMetaverse;
37 38
38namespace OpenSim.Services.AuthenticationService 39namespace OpenSim.Services.AuthenticationService
39{ 40{
40 public class AuthenticationService : ServiceBase, IAuthenticationService 41 /// <summary>
42 /// Simple authentication service implementation dealing only with users.
43 /// It uses the user DB directly to access user information.
44 /// It takes two config vars:
45 /// - Authenticate = {true|false} : to do or not to do authentication
46 /// - Authority = string like "osgrid.org" : this identity authority
47 /// that will be called back for identity verification
48 /// </summary>
49 public class HGAuthenticationService : ServiceBase, IAuthenticationService
41 { 50 {
42 public AuthenticationService(IConfigSource config) : base(config) 51 private static readonly ILog m_log
52 = LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType);
53
54 protected IUserDataPlugin m_Database;
55 protected string m_AuthorityURL;
56 protected bool m_PerformAuthentication;
57 protected Dictionary<UUID, List<string>> m_UserKeys = new Dictionary<UUID, List<string>>();
58
59
60 public HGAuthenticationService(IConfigSource config) : base(config)
43 { 61 {
62 string dllName = String.Empty;
63 string connString = String.Empty;
64
65 //
66 // Try reading the [DatabaseService] section first, if it exists
67 //
68 IConfig dbConfig = config.Configs["DatabaseService"];
69 if (dbConfig != null)
70 {
71 dllName = dbConfig.GetString("StorageProvider", String.Empty);
72 connString = dbConfig.GetString("ConnectionString", String.Empty);
73 }
74
75 //
76 // Try reading the more specific [InventoryService] section, if it exists
77 //
78 IConfig authConfig = config.Configs["AuthenticationService"];
79 if (authConfig != null)
80 {
81 dllName = authConfig.GetString("StorageProvider", dllName);
82 connString = authConfig.GetString("ConnectionString", connString);
83
84 m_PerformAuthentication = authConfig.GetBoolean("Authenticate", true);
85 m_AuthorityURL = "http://" + authConfig.GetString("Authority", "localhost");
86 }
87
88 //
89 // We tried, but this doesn't exist. We can't proceed.
90 //
91 if (dllName.Equals(String.Empty))
92 throw new Exception("No InventoryService configuration");
93
94 m_Database = LoadPlugin<IUserDataPlugin>(dllName);
95 if (m_Database == null)
96 throw new Exception("Could not find a storage interface in the given module");
97
98 m_Database.Initialise(connString);
99 }
100
101 /// <summary>
102 /// This implementation only authenticates users.
103 /// </summary>
104 /// <param name="principalID"></param>
105 /// <param name="password"></param>
106 /// <returns></returns>
107 public bool Authenticate(UUID principalID, string password)
108 {
109 if (!m_PerformAuthentication)
110 return true;
111
112 UserProfileData profile = m_Database.GetUserByUUID(principalID);
113 bool passwordSuccess = false;
114 m_log.InfoFormat("[AUTH]: Authenticating {0} {1} ({2})", profile.FirstName, profile.SurName, profile.ID);
115
116 // we do this to get our hash in a form that the server password code can consume
117 // when the web-login-form submits the password in the clear (supposed to be over SSL!)
118 if (!password.StartsWith("$1$"))
119 password = "$1$" + Util.Md5Hash(password);
120
121 password = password.Remove(0, 3); //remove $1$
122
123 string s = Util.Md5Hash(password + ":" + profile.PasswordSalt);
124 // Testing...
125 //m_log.Info("[LOGIN]: SubHash:" + s + " userprofile:" + profile.passwordHash);
126 //m_log.Info("[LOGIN]: userprofile:" + profile.passwordHash + " SubCT:" + password);
127
128 passwordSuccess = (profile.PasswordHash.Equals(s.ToString(), StringComparison.InvariantCultureIgnoreCase)
129 || profile.PasswordHash.Equals(password, StringComparison.InvariantCultureIgnoreCase));
130
131 return passwordSuccess;
44 } 132 }
45 133
46 public UUID AllocateUserSession(UUID userID) 134 /// <summary>
135 /// This generates authorization keys in the form
136 /// http://authority/uuid
137 /// after verifying that the caller is, indeed, authorized to request a key
138 /// </summary>
139 /// <param name="userID">The principal ID requesting the new key</param>
140 /// <param name="authToken">The original authorization token for that principal, obtained during login</param>
141 /// <returns></returns>
142 public string GetKey(UUID principalID, string authToken)
47 { 143 {
48 return UUID.Zero; 144 UserProfileData profile = m_Database.GetUserByUUID(principalID);
145 string newKey = string.Empty;
146
147 if (profile != null)
148 {
149 m_log.DebugFormat("[AUTH]: stored auth token is {0}. Given token is {1}", profile.WebLoginKey.ToString(), authToken);
150 // I'm overloading webloginkey for this, so that no changes are needed in the DB
151 // The uses of webloginkey are fairly mutually exclusive
152 if (profile.WebLoginKey.ToString().Equals(authToken))
153 {
154 newKey = UUID.Random().ToString();
155 List<string> keys;
156 lock (m_UserKeys)
157 {
158 if (m_UserKeys.ContainsKey(principalID))
159 {
160 keys = m_UserKeys[principalID];
161 }
162 else
163 {
164 keys = new List<string>();
165 m_UserKeys.Add(principalID, keys);
166 }
167 keys.Add(newKey);
168 }
169 m_log.InfoFormat("[AUTH]: Successfully generated new auth key for {0}", principalID);
170 }
171 else
172 m_log.Warn("[AUTH]: Unauthorized key generation request. Denying new key.");
173 }
174 else
175 m_log.Warn("[AUTH]: Principal not found.");
176
177 return m_AuthorityURL + newKey;
49 } 178 }
50 179
51 public string GetUserKey(UUID userID, string authToken) 180 /// <summary>
181 /// This verifies the uuid portion of the key given out by GenerateKey
182 /// </summary>
183 /// <param name="userID"></param>
184 /// <param name="key"></param>
185 /// <returns></returns>
186 public bool VerifyKey(UUID userID, string key)
52 { 187 {
53 return String.Empty; 188 lock (m_UserKeys)
189 {
190 if (m_UserKeys.ContainsKey(userID))
191 {
192 List<string> keys = m_UserKeys[userID];
193 if (keys.Contains(key))
194 {
195 // Keys are one-time only, so remove it
196 keys.Remove(key);
197 return true;
198 }
199 return false;
200 }
201 else
202 return false;
203 }
54 } 204 }
55 205
56 public bool VerifyUserKey(UUID userID, string key) 206 public UUID AllocateUserSession(UUID userID)
57 { 207 {
58 return false; 208 // Not implemented yet
209 return UUID.Zero;
59 } 210 }
60 211
61 public bool VerifyUserSession(UUID userID, UUID session) 212 public bool VerifyUserSession(UUID userID, UUID sessionID)
62 { 213 {
214 UserProfileData userProfile = m_Database.GetUserByUUID(userID);
215
216 if (userProfile != null && userProfile.CurrentAgent != null)
217 {
218 m_log.DebugFormat("[AUTH]: Verifying session {0} for {1}; current session {2}", sessionID, userID, userProfile.CurrentAgent.SessionID);
219 if (userProfile.CurrentAgent.SessionID == sessionID)
220 {
221 return true;
222 }
223 }
224
63 return false; 225 return false;
64 } 226 }
65 227
66 public void DestroyUserSession(UUID userID) 228 public void DestroyUserSession(UUID userID)
67 { 229 {
230 // Not implemented yet
68 } 231 }
69 } 232 }
70} 233}
diff --git a/OpenSim/Services/Interfaces/IAuthenticationService.cs b/OpenSim/Services/Interfaces/IAuthenticationService.cs
index 35831c1..fa45cbc 100644
--- a/OpenSim/Services/Interfaces/IAuthenticationService.cs
+++ b/OpenSim/Services/Interfaces/IAuthenticationService.cs
@@ -30,31 +30,39 @@ using OpenMetaverse;
30 30
31namespace OpenSim.Services.Interfaces 31namespace OpenSim.Services.Interfaces
32{ 32{
33 // Generic Authentication service used for identifying
34 // and authenticating principals.
35 // Principals may be clients acting on users' behalf,
36 // or any other components that need
37 // verifiable identification.
38 //
33 public interface IAuthenticationService 39 public interface IAuthenticationService
34 { 40 {
35 // Create a new user session. If one exists, it is cleared 41 // Check the pricipal's password
36 // 42 //
37 UUID AllocateUserSession(UUID userID); 43 bool Authenticate(UUID principalID, string password);
38 44
39 // Get a user key from an authentication token. This must be 45 // Get a service key given that principal's
40 // done before the session allocated above is considered valid. 46 // authentication token (master key).
41 // Repeated calls to this method with the same auth token will
42 // create different keys and invalidate the previous ne.
43 // 47 //
44 string GetUserKey(UUID userID, string authToken); 48 string GetKey(UUID principalID, string authToken);
45 49
46 // Verify that a user key is valid 50 // Verify that a principal key is valid
47 // 51 //
48 bool VerifyUserKey(UUID userID, string key); 52 bool VerifyKey(UUID principalID, string key);
53
54 // Create a new user session. If one exists, it is cleared
55 //
56 UUID AllocateUserSession(UUID userID);
49 57
50 // Verify that a user session ID is valid. A session ID is 58 // Verify that a user session ID is valid. A session ID is
51 // considered valid when a user has successfully authenticated 59 // considered valid when a user has successfully authenticated
52 // at least one time inside that session. 60 // at least one time inside that session.
53 // 61 //
54 bool VerifyUserSession(UUID userID, UUID session); 62 bool VerifyUserSession(UUID principalID, UUID session);
55 63
56 // Remove a user session identifier and deauthenticate the user 64 // Remove a user session identifier and deauthenticate the user
57 // 65 //
58 void DestroyUserSession(UUID userID); 66 void DestroyUserSession(UUID principalID);
59 } 67 }
60} 68}