5 files changed, 317 insertions, 38 deletions

diff --git a/OpenSim/Framework/ServiceAuth/BasicHttpAuthentication.cs b/OpenSim/Framework/ServiceAuth/BasicHttpAuthentication.cs
new file mode 100644
index 0000000..512ac4f
--- /dev/null
+++ b/OpenSim/Framework/ServiceAuth/BasicHttpAuthentication.cs
@@ -0,0 +1,113 @@
+/*
+ * Copyright (c) Contributors, http://opensimulator.org/
+ * See CONTRIBUTORS.TXT for a full list of copyright holders.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *     * Redistributions of source code must retain the above copyright
+ *       notice, this list of conditions and the following disclaimer.
+ *     * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *     * Neither the name of the OpenSimulator Project nor the
+ *       names of its contributors may be used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+using System;
+using System.Collections.Generic;
+using System.Collections.Specialized;
+using System.Net;
+using System.Reflection;
+
+using Nini.Config;
+using log4net;
+
+namespace OpenSim.Framework.ServiceAuth
+{
+    public class BasicHttpAuthentication : IServiceAuth
+    {
+//        private static readonly ILog m_log = LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType);
+
+        public string Name { get { return "BasicHttp"; } }
+
+        private string m_Username, m_Password;
+        private string m_CredentialsB64;
+
+//        private string remove_me;
+
+        public string Credentials
+        {
+            get { return m_CredentialsB64; }
+        }
+
+        public BasicHttpAuthentication(IConfigSource config, string section)
+        {
+//            remove_me = section;
+            m_Username = Util.GetConfigVarFromSections<string>(config, "HttpAuthUsername", new string[] { "Network", section }, string.Empty);
+            m_Password = Util.GetConfigVarFromSections<string>(config, "HttpAuthPassword", new string[] { "Network", section }, string.Empty); 
+            string str = m_Username + ":" + m_Password;
+            byte[] encData_byte = Util.UTF8.GetBytes(str);
+
+            m_CredentialsB64 = Convert.ToBase64String(encData_byte);
+//            m_log.DebugFormat("[HTTP BASIC AUTH]: {0} {1} [{2}]", m_Username, m_Password, section);
+        }
+
+        public void AddAuthorization(NameValueCollection headers)
+        {
+            //m_log.DebugFormat("[HTTP BASIC AUTH]: Adding authorization for {0}", remove_me);
+            headers["Authorization"] = "Basic " + m_CredentialsB64;
+        }
+
+        public bool Authenticate(string data)
+        {
+            string recovered = Util.Base64ToString(data);
+            if (!String.IsNullOrEmpty(recovered))
+            {
+                string[] parts = recovered.Split(new char[] { ':' });
+                if (parts.Length >= 2)
+                {
+                    return m_Username.Equals(parts[0]) && m_Password.Equals(parts[1]);
+                }
+            }
+
+            return false;
+        }
+
+        public bool Authenticate(NameValueCollection requestHeaders, AddHeaderDelegate d, out HttpStatusCode statusCode)
+        {
+//            m_log.DebugFormat("[HTTP BASIC AUTH]: Authenticate in {0}", "BasicHttpAuthentication");
+
+            string value = requestHeaders.Get("Authorization");
+            if (value != null)
+            {
+                value = value.Trim();
+                if (value.StartsWith("Basic "))
+                {
+                    value = value.Replace("Basic ", string.Empty);
+                    if (Authenticate(value))
+                    {
+                        statusCode = HttpStatusCode.OK;
+                        return true;
+                    }
+                }
+            }
+
+            d("WWW-Authenticate", "Basic realm = \"Asset Server\"");
+
+            statusCode = HttpStatusCode.Unauthorized;
+            return false;
+        }
+    }
+}
diff --git a/OpenSim/Region/Framework/Scenes/Scripting/NullScriptHost.cs b/OpenSim/Framework/ServiceAuth/CompoundAuthentication.cs
index d7198f0..a49952c 100644
--- a/OpenSim/Region/Framework/Scenes/Scripting/NullScriptHost.cs
+++ b/OpenSim/Framework/ServiceAuth/CompoundAuthentication.cs
@@ -26,66 +26,57 @@
  */
 
 using System;
-using OpenMetaverse;
-using log4net;
-using System.Reflection;
-using OpenSim.Framework;
+using System.Collections.Generic;
+using System.Collections.Specialized;
+using System.Linq;
+using System.Net;
 
-namespace OpenSim.Region.Framework.Scenes.Scripting
+namespace OpenSim.Framework.ServiceAuth
 {
-    public class NullScriptHost : IScriptHost
+    public class CompoundAuthentication : IServiceAuth
     {
-        private static readonly ILog m_log = LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType);
+        public string Name { get { return "Compound"; } }
 
-        private Vector3 m_pos = new Vector3(((int)Constants.RegionSize * 0.5f), ((int)Constants.RegionSize * 0.5f), 30);
+        private List<IServiceAuth> m_authentications = new List<IServiceAuth>();
 
-        public string Name
-        {
-            get { return "Object"; }
-            set { }
-        }
+        public int Count { get { return m_authentications.Count; } }
 
-        public string SitName
+        public List<IServiceAuth> GetAuthentors()
         {
-            get { return String.Empty; }
-            set { }
+            return new List<IServiceAuth>(m_authentications);
         }
 
-        public string TouchName
+        public void AddAuthenticator(IServiceAuth auth)
         {
-            get { return String.Empty; }
-            set { }
+            m_authentications.Add(auth);
         }
 
-        public string Description
+        public void RemoveAuthenticator(IServiceAuth auth)
         {
-            get { return String.Empty; }
-            set { }
+            m_authentications.Remove(auth);
         }
 
-        public UUID UUID
+        public void AddAuthorization(NameValueCollection headers) 
         {
-            get { return UUID.Zero; }
+            foreach (IServiceAuth auth in m_authentications)
+                auth.AddAuthorization(headers);
         }
 
-        public UUID OwnerID
+        public bool Authenticate(string data)
         {
-            get { return UUID.Zero; }
+            return m_authentications.TrueForAll(a => a.Authenticate(data));
         }
 
-        public UUID CreatorID
+        public bool Authenticate(NameValueCollection requestHeaders, AddHeaderDelegate d, out HttpStatusCode statusCode)
         {
-            get { return UUID.Zero; }
-        }
+            foreach (IServiceAuth auth in m_authentications)
+            {
+                if (!auth.Authenticate(requestHeaders, d, out statusCode))
+                    return false;
+            }
 
-        public Vector3 AbsolutePosition
-        {
-            get { return m_pos; }
-        }
-
-        public void SetText(string text, Vector3 color, double alpha)
-        {
-            m_log.Warn("Tried to SetText "+text+" on NullScriptHost");
+            statusCode = HttpStatusCode.OK;
+            return true;
         }
     }
-}
+}
\ No newline at end of file
diff --git a/OpenSim/Framework/ServiceAuth/DisallowLlHttpRequest.cs b/OpenSim/Framework/ServiceAuth/DisallowLlHttpRequest.cs
new file mode 100644
index 0000000..e0c413b
--- /dev/null
+++ b/OpenSim/Framework/ServiceAuth/DisallowLlHttpRequest.cs
@@ -0,0 +1,59 @@
+/*
+ * Copyright (c) Contributors, http://opensimulator.org/
+ * See CONTRIBUTORS.TXT for a full list of copyright holders.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *     * Redistributions of source code must retain the above copyright
+ *       notice, this list of conditions and the following disclaimer.
+ *     * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *     * Neither the name of the OpenSimulator Project nor the
+ *       names of its contributors may be used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+using System;
+using System.Collections.Specialized;
+using System.Net;
+
+namespace OpenSim.Framework.ServiceAuth
+{
+    public class DisallowLlHttpRequest : IServiceAuth
+    {
+        public string Name { get { return "DisallowllHTTPRequest"; } }
+
+        public void AddAuthorization(NameValueCollection headers) {}
+
+        public bool Authenticate(string data)
+        {
+            return false;
+        }
+
+        public bool Authenticate(NameValueCollection requestHeaders, AddHeaderDelegate d, out HttpStatusCode statusCode)
+        {
+//            Console.WriteLine("DisallowLlHttpRequest");
+
+            if (requestHeaders["X-SecondLife-Shard"] != null)
+            {
+                statusCode = HttpStatusCode.Forbidden;
+                return false;
+            }
+
+            statusCode = HttpStatusCode.OK;
+            return true;
+        }
+    }
+}
\ No newline at end of file
diff --git a/OpenSim/Framework/ServiceAuth/IServiceAuth.cs b/OpenSim/Framework/ServiceAuth/IServiceAuth.cs
new file mode 100644
index 0000000..5f744cb
--- /dev/null
+++ b/OpenSim/Framework/ServiceAuth/IServiceAuth.cs
@@ -0,0 +1,48 @@
+/*
+ * Copyright (c) Contributors, http://opensimulator.org/
+ * See CONTRIBUTORS.TXT for a full list of copyright holders.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *     * Redistributions of source code must retain the above copyright
+ *       notice, this list of conditions and the following disclaimer.
+ *     * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *     * Neither the name of the OpenSimulator Project nor the
+ *       names of its contributors may be used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+using System;
+using System.Net;
+using System.Collections.Generic;
+using System.Collections.Specialized;
+
+namespace OpenSim.Framework.ServiceAuth
+{
+    public delegate void AddHeaderDelegate(string key, string value);
+
+    public interface IServiceAuth
+    {
+        /// <summary>
+        /// Name of this authenticator.
+        /// </summary>
+        string Name { get; }
+
+        bool Authenticate(string data);
+        bool Authenticate(NameValueCollection headers, AddHeaderDelegate d, out HttpStatusCode statusCode);
+        void AddAuthorization(NameValueCollection headers);
+    }
+}
diff --git a/OpenSim/Framework/ServiceAuth/ServiceAuth.cs b/OpenSim/Framework/ServiceAuth/ServiceAuth.cs
new file mode 100644
index 0000000..51012e3
--- /dev/null
+++ b/OpenSim/Framework/ServiceAuth/ServiceAuth.cs
@@ -0,0 +1,68 @@
+/*
+ * Copyright (c) Contributors, http://opensimulator.org/
+ * See CONTRIBUTORS.TXT for a full list of copyright holders.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *     * Redistributions of source code must retain the above copyright
+ *       notice, this list of conditions and the following disclaimer.
+ *     * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *     * Neither the name of the OpenSimulator Project nor the
+ *       names of its contributors may be used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+using System;
+using System.Collections.Generic;
+using System.Reflection;
+using log4net;
+using Nini.Config;
+
+namespace OpenSim.Framework.ServiceAuth
+{
+    public class ServiceAuth
+    {
+//        private static readonly ILog m_log = LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType);
+
+        public static IServiceAuth Create(IConfigSource config, string section)
+        {
+            CompoundAuthentication compoundAuth = new CompoundAuthentication();
+
+            bool allowLlHttpRequestIn
+                = Util.GetConfigVarFromSections<bool>(config, "AllowllHTTPRequestIn", new string[] { "Network", section }, false);
+
+            if (!allowLlHttpRequestIn)
+                compoundAuth.AddAuthenticator(new DisallowLlHttpRequest());
+
+            string authType = Util.GetConfigVarFromSections<string>(config, "AuthType", new string[] { "Network", section }, "None");
+
+            switch (authType)
+            {
+                case "BasicHttpAuthentication":
+                    compoundAuth.AddAuthenticator(new BasicHttpAuthentication(config, section));
+                    break;
+            }
+
+//            foreach (IServiceAuth auth in compoundAuth.GetAuthentors())
+//                m_log.DebugFormat("[SERVICE AUTH]: Configured authenticator {0}", auth.Name);
+
+            if (compoundAuth.Count > 0)
+                return compoundAuth;
+            else
+                return null;
+        }
+    }
+}
\ No newline at end of file