1 files changed, 124 insertions, 0 deletions

diff --git a/OpenSim/Services/Interfaces/IAuthenticationService.cs b/OpenSim/Services/Interfaces/IAuthenticationService.cs
new file mode 100644
index 0000000..cee8bc0
--- /dev/null
+++ b/OpenSim/Services/Interfaces/IAuthenticationService.cs
@@ -0,0 +1,124 @@
+/*
+ * Copyright (c) Contributors, http://opensimulator.org/
+ * See CONTRIBUTORS.TXT for a full list of copyright holders.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *     * Redistributions of source code must retain the above copyright
+ *       notice, this list of conditions and the following disclaimer.
+ *     * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *     * Neither the name of the OpenSimulator Project nor the
+ *       names of its contributors may be used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+using System;
+using System.Collections.Generic;
+using OpenMetaverse;
+
+namespace OpenSim.Services.Interfaces
+{
+    public class AuthInfo
+    {
+        public UUID PrincipalID { get; set; }
+        public string AccountType { get; set; }
+        public string PasswordHash { get; set; }
+        public string PasswordSalt { get; set; }
+        public string WebLoginKey { get; set; }
+
+        public Dictionary<string, object> ToKeyValuePairs()
+        {
+            Dictionary<string, object> result = new Dictionary<string, object>();
+            result["PrincipalID"] = PrincipalID;
+            result["AccountType"] = AccountType;
+            result["PasswordHash"] = PasswordHash;
+            result["PasswordSalt"] = PasswordSalt;
+            result["WebLoginKey"] = WebLoginKey;
+
+            return result;
+        }
+    }
+
+    // Generic Authentication service used for identifying
+    // and authenticating principals.
+    // Principals may be clients acting on users' behalf,
+    // or any other components that need 
+    // verifiable identification.
+    //
+    public interface IAuthenticationService
+    {
+        //////////////////////////////////////////////////////
+        // Authentication
+        //
+        // These methods will return a token, which can be used to access
+        // various services.
+        //
+        string Authenticate(UUID principalID, string password, int lifetime);
+
+        //////////////////////////////////////////////////////
+        // Verification
+        //
+        // Allows to verify the authenticity of a token
+        //
+        // Tokens expire after 30 minutes and can be refreshed by
+        // re-verifying.
+        //
+        bool Verify(UUID principalID, string token, int lifetime);
+
+        //////////////////////////////////////////////////////
+        // Teardown
+        //
+        // A token can be returned before the timeout. This
+        // invalidates it and it can not subsequently be used
+        // or refreshed.
+        //
+        bool Release(UUID principalID, string token);
+
+        //////////////////////////////////////////////////////
+        // SetPassword for a principal
+        //
+        // This method exists for the service, but may or may not
+        // be served remotely. That is, the authentication
+        // handlers may not include one handler for this,
+        // because it's a bit risky. Such handlers require
+        // authentication/authorization.
+        //
+        bool SetPassword(UUID principalID, string passwd);
+
+        AuthInfo GetAuthInfo(UUID principalID);
+
+        bool SetAuthInfo(AuthInfo info);
+
+        //////////////////////////////////////////////////////
+        // Grid
+        //
+        // We no longer need a shared secret between grid
+        // servers. Anything a server requests from another
+        // server is either done on behalf of a user, in which
+        // case there is a token, or on behalf of a region,
+        // which has a session. So, no more keys.
+        // If sniffing on the local lan is an issue, admins
+        // need to take approriate action (IPSec is recommended)
+        // to secure inter-server traffic.
+
+        //////////////////////////////////////////////////////
+        // NOTE
+        //
+        // Session IDs are not handled here. After obtaining
+        // a token, the session ID regions use can be
+        // obtained from the presence service.
+    }
+}