10 files changed, 493 insertions, 25 deletions
diff --git a/OpenSim/Framework/Communications/Services/HGLoginAuthService.cs b/OpenSim/Framework/Communications/Services/HGLoginAuthService.cs
index 8e0205c..f496082 100644
--- a/OpenSim/Framework/Communications/Services/HGLoginAuthService.cs
+++ b/OpenSim/Framework/Communications/Services/HGLoginAuthService.cs
@@ -128,6 +128,8 @@ namespace OpenSim.Framework.Communications.Services
                userProfile.WebLoginKey = token;
                m_userManager.CommitAgent(ref userProfile);
            }
+            m_log.Warn("[HGLOGIN]: Auth token: " + token);
            return response;
        }
diff --git a/OpenSim/Region/CoreModules/Hypergrid/HGStandaloneLoginModule.cs b/OpenSim/Region/CoreModules/Hypergrid/HGStandaloneLoginModule.cs
index a5101d0..48895d4 100644
--- a/OpenSim/Region/CoreModules/Hypergrid/HGStandaloneLoginModule.cs
+++ b/OpenSim/Region/CoreModules/Hypergrid/HGStandaloneLoginModule.cs
@@ -114,8 +114,6 @@ namespace OpenSim.Region.CoreModules.Hypergrid
                            this);
                    httpServer.AddXmlRPCHandler("hg_login", m_loginService.XmlRpcLoginMethod);
-                    httpServer.AddXmlRPCHandler("hg_new_auth_key", m_loginService.XmlRpcGenerateKeyMethod);
-                    httpServer.AddXmlRPCHandler("hg_verify_auth_key", m_loginService.XmlRpcVerifyKeyMethod);
                    httpServer.AddXmlRPCHandler("check_auth_session", m_loginService.XmlRPCCheckAuthSession, false);
                }
diff --git a/OpenSim/Region/CoreModules/Resources/CoreModulePlugin.addin.xml b/OpenSim/Region/CoreModules/Resources/CoreModulePlugin.addin.xml
index 7d0d327..f910550 100644
--- a/OpenSim/Region/CoreModules/Resources/CoreModulePlugin.addin.xml
+++ b/OpenSim/Region/CoreModules/Resources/CoreModulePlugin.addin.xml
@@ -34,7 +34,8 @@
        <RegionModule id="AssetServiceInConnectorModule" type="OpenSim.Region.CoreModules.ServiceConnectorsIn.Asset.AssetServiceInConnectorModule" />
        <RegionModule id="InventoryServiceInConnectorModule" type="OpenSim.Region.CoreModules.ServiceConnectorsIn.Inventory.InventoryServiceInConnectorModule" />
        <RegionModule id="LandServiceInConnectorModule" type="OpenSim.Region.CoreModules.ServiceConnectorsIn.Land.LandServiceInConnectorModule" />
-        <RegionModule id="NeighbourServiceInConnectorModule" type="OpenSim.Region.CoreModules.ServiceConnectorsIn.Neighbour.NeighbourServiceInConnectorModule" />    \  
+        <RegionModule id="NeighbourServiceInConnectorModule" type="OpenSim.Region.CoreModules.ServiceConnectorsIn.Neighbour.NeighbourServiceInConnectorModule" />    \
+        <RegionModule id="HGAuthServiceInConnectorModule" type="OpenSim.Region.CoreModules.ServiceConnectorsIn.Authentication.HGAuthServiceInConnectorModule" />    \
    </Extension>
diff --git a/OpenSim/Region/CoreModules/ServiceConnectorsIn/Authentication/HGAuthServiceInConnectorModule.cs b/OpenSim/Region/CoreModules/ServiceConnectorsIn/Authentication/HGAuthServiceInConnectorModule.cs
new file mode 100644
index 0000000..e1517a0
--- /dev/null
+++ b/OpenSim/Region/CoreModules/ServiceConnectorsIn/Authentication/HGAuthServiceInConnectorModule.cs
@@ -0,0 +1,117 @@
+/*
+ * Copyright (c) Contributors, http://opensimulator.org/
+ * See CONTRIBUTORS.TXT for a full list of copyright holders.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *     * Redistributions of source code must retain the above copyright
+ *       notice, this list of conditions and the following disclaimer.
+ *     * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *     * Neither the name of the OpenSimulator Project nor the
+ *       names of its contributors may be used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+using System;
+using System.Reflection;
+using System.Collections.Generic;
+using log4net;
+using Nini.Config;
+using OpenSim.Framework;
+using OpenSim.Framework.Servers.HttpServer;
+using OpenSim.Region.Framework.Scenes;
+using OpenSim.Region.Framework.Interfaces;
+using OpenSim.Server.Base;
+using OpenSim.Services.Interfaces;
+using OpenSim.Server.Handlers.Authentication;
+namespace OpenSim.Region.CoreModules.ServiceConnectorsIn.Authentication
+{
+    public class HGAuthServiceInConnectorModule : ISharedRegionModule
+    {
+        private static readonly ILog m_log = LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType);
+        private static bool m_Enabled = false;
+        private static bool m_Registered = false;
+        private IConfigSource m_Config;
+        #region IRegionModule interface
+        public void Initialise(IConfigSource config)
+        {
+            m_Config = config;
+            IConfig moduleConfig = config.Configs["Modules"];
+            if (moduleConfig != null)
+            {
+                // Boolean because there may be many of these in peaceful coexistence
+                m_Enabled = moduleConfig.GetBoolean("HGAuthServiceInConnector", false);
+                if (m_Enabled)
+                {
+                    m_log.Info("[HGAUTH IN CONNECTOR]: HGAuthServiceInConnector enabled");
+                }
+            }
+        }
+        public void PostInitialise()
+        {
+            if (!m_Enabled)
+                return;
+            m_log.Info("[HGAUTH IN CONNECTOR]: Starting...");
+        }
+        public void Close()
+        {
+        }
+        public string Name
+        {
+            get { return "HGAuthServiceInConnectorModule"; }
+        }
+        public void AddRegion(Scene scene)
+        {
+            if (!m_Enabled)
+                return;
+            if (!m_Registered)
+            {
+                m_Registered = true;
+                new HGAuthServiceInConnector(m_Config, scene.CommsManager.HttpServer);
+                //Object[] args = new Object[] { m_Config, scene.CommsManager.HttpServer };
+                //ServerUtils.LoadPlugin<IAuthenticationService>("OpenSim.Server.Handlers.dll:HGAuthServiceInConnector", args);
+            }
+        }
+        public void RemoveRegion(Scene scene)
+        {
+        }
+        public void RegionLoaded(Scene scene)
+        {
+        }
+        #endregion
+    }
+}
diff --git a/OpenSim/Server/Handlers/Authentication/HGAuthServerConnector.cs b/OpenSim/Server/Handlers/Authentication/HGAuthServerConnector.cs
new file mode 100644
index 0000000..2b4c380
--- /dev/null
+++ b/OpenSim/Server/Handlers/Authentication/HGAuthServerConnector.cs
@@ -0,0 +1,62 @@
+/*
+ * Copyright (c) Contributors, http://opensimulator.org/
+ * See CONTRIBUTORS.TXT for a full list of copyright holders.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *     * Redistributions of source code must retain the above copyright
+ *       notice, this list of conditions and the following disclaimer.
+ *     * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *     * Neither the name of the OpenSimulator Project nor the
+ *       names of its contributors may be used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+using System;
+using Nini.Config;
+using OpenSim.Server.Base;
+using OpenSim.Services.Interfaces;
+using OpenSim.Framework.Servers.HttpServer;
+using OpenSim.Server.Handlers.Base;
+namespace OpenSim.Server.Handlers.Authentication
+{
+    public class HGAuthServiceInConnector : ServiceConnector
+    {
+        private IAuthenticationService m_AuthenticationService;
+        public HGAuthServiceInConnector(IConfigSource config, IHttpServer server) :
+                base(config, server)
+        {
+            IConfig serverConfig = config.Configs["AuthenticationService"];
+            if (serverConfig == null)
+                throw new Exception("No section 'AuthenticationService' in config file");
+            string authenticationService = serverConfig.GetString("LocalServiceModule",
+                    String.Empty);
+            if (authenticationService == String.Empty)
+                throw new Exception("No AuthenticationService in config file");
+            Object[] args = new Object[] { config };
+            m_AuthenticationService = ServerUtils.LoadPlugin<IAuthenticationService>(authenticationService, args);
+            HGAuthenticationHandlers m_handlers = new HGAuthenticationHandlers(m_AuthenticationService);
+            server.AddXmlRPCHandler("hg_new_auth_key", m_handlers.GenerateKeyMethod);
+            server.AddXmlRPCHandler("hg_verify_auth_key", m_handlers.VerifyKeyMethod);
+        }
+    }
+}
diff --git a/OpenSim/Server/Handlers/Authentication/HGAuthenticationHandlers.cs b/OpenSim/Server/Handlers/Authentication/HGAuthenticationHandlers.cs
new file mode 100644
index 0000000..1bcbaf5
--- /dev/null
+++ b/OpenSim/Server/Handlers/Authentication/HGAuthenticationHandlers.cs
@@ -0,0 +1,117 @@
+/*
+ * Copyright (c) Contributors, http://opensimulator.org/
+ * See CONTRIBUTORS.TXT for a full list of copyright holders.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *     * Redistributions of source code must retain the above copyright
+ *       notice, this list of conditions and the following disclaimer.
+ *     * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *     * Neither the name of the OpenSimulator Project nor the
+ *       names of its contributors may be used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+using System;
+using System.Collections;
+using System.IO;
+using System.Reflection;
+using System.Net;
+using System.Text;
+using OpenSim.Server.Base;
+using OpenSim.Server.Handlers.Base;
+using OpenSim.Services.Interfaces;
+using OpenSim.Framework;
+using OpenSim.Framework.Servers.HttpServer;
+using OpenMetaverse;
+using OpenMetaverse.StructuredData;
+using Nwc.XmlRpc;
+using Nini.Config;
+using log4net;
+namespace OpenSim.Server.Handlers.Authentication
+{
+    public class HGAuthenticationHandlers
+    {
+        private static readonly ILog m_log = LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType);
+        private IAuthenticationService m_LocalService;
+        public HGAuthenticationHandlers(IAuthenticationService service)
+        {
+            m_LocalService = service;
+        }
+        public XmlRpcResponse GenerateKeyMethod(XmlRpcRequest request, IPEndPoint remoteClient)
+        {
+            XmlRpcResponse response = new XmlRpcResponse();
+            if (request.Params.Count < 2)
+            {
+                response.IsFault = true;
+                response.SetFault(-1, "Invalid parameters");
+                return response;
+            }
+            // Verify the key of who's calling
+            UUID userID = UUID.Zero;
+            string authKey = string.Empty;
+            UUID.TryParse((string)request.Params[0], out userID);
+            authKey = (string)request.Params[1];
+            m_log.InfoFormat("[AUTH HANDLER] GenerateKey called with authToken {0}", authKey);
+            string newKey = string.Empty;
+            newKey = m_LocalService.GetKey(userID, authKey.ToString());
+ 
+            response.Value = (string)newKey;
+            return response;
+        }
+        public XmlRpcResponse VerifyKeyMethod(XmlRpcRequest request, IPEndPoint remoteClient)
+        {
+            bool success = false;
+            XmlRpcResponse response = new XmlRpcResponse();
+            if (request.Params.Count != 2)
+            {
+                response.IsFault = true;
+                response.SetFault(-1, "Invalid parameters");
+                return response;
+            }
+            // Verify the key of who's calling
+            UUID userID = UUID.Zero;
+            string authKey = string.Empty;
+            if (UUID.TryParse((string)request.Params[0], out userID))
+            {
+                authKey = (string)request.Params[1];
+                m_log.InfoFormat("[AUTH HANDLER] VerifyKey called with key {0}", authKey);
+                success = m_LocalService.VerifyKey(userID, authKey);
+            }
+            m_log.DebugFormat("[AUTH HANDLER]: Response to VerifyKey is {0}", success);
+            response.Value = success;
+            return response;
+        }
+    }
+}
diff --git a/OpenSim/Server/Handlers/Neighbour/NeighbourHandlers.cs b/OpenSim/Server/Handlers/Neighbour/NeighbourHandlers.cs
index 83fa995..3de2245 100644
--- a/OpenSim/Server/Handlers/Neighbour/NeighbourHandlers.cs
+++ b/OpenSim/Server/Handlers/Neighbour/NeighbourHandlers.cs
@@ -110,7 +110,7 @@ namespace OpenSim.Server.Handlers.Neighbour
                    httpResponse.StatusCode = (int)HttpStatusCode.Unauthorized;
                    return result;
                }
-                if (!m_AuthenticationService.VerifyUserKey(regionID, authToken))
+                if (!m_AuthenticationService.VerifyKey(regionID, authToken))
                {
                    m_log.InfoFormat("[RegionPostHandler]: Authentication failed for neighbour message {0}", path);
                    httpResponse.StatusCode = (int)HttpStatusCode.Forbidden;
diff --git a/OpenSim/Server/Handlers/Simulation/AgentHandlers.cs b/OpenSim/Server/Handlers/Simulation/AgentHandlers.cs
index 8e4d7d0..6c0b705 100644
--- a/OpenSim/Server/Handlers/Simulation/AgentHandlers.cs
+++ b/OpenSim/Server/Handlers/Simulation/AgentHandlers.cs
@@ -109,7 +109,7 @@ namespace OpenSim.Server.Handlers.Simulation
                    httpResponse.StatusCode = (int)HttpStatusCode.Unauthorized;
                    return result;
                }
-                if (!m_AuthenticationService.VerifyUserKey(agentID, authToken))
+                if (!m_AuthenticationService.VerifyKey(agentID, authToken))
                {
                    m_log.InfoFormat("[AgentPostHandler]: Authentication failed for agent message {0}", path);
                    httpResponse.StatusCode = (int)HttpStatusCode.Forbidden;
diff --git a/OpenSim/Services/AuthenticationService/AuthenticationService.cs b/OpenSim/Services/AuthenticationService/AuthenticationService.cs
index 3eaa03d..6eaf0b0 100644
--- a/OpenSim/Services/AuthenticationService/AuthenticationService.cs
+++ b/OpenSim/Services/AuthenticationService/AuthenticationService.cs
@@ -26,6 +26,7 @@
 */
 using System;
+using System.Collections.Generic;
 using System.Reflection;
 using Nini.Config;
 using log4net;
@@ -37,34 +38,196 @@ using OpenMetaverse;
 namespace OpenSim.Services.AuthenticationService
 {
-    public class AuthenticationService : ServiceBase, IAuthenticationService
+    /// <summary>
+    /// Simple authentication service implementation dealing only with users.
+    /// It uses the user DB directly to access user information.
+    /// It takes two config vars:
+    /// - Authenticate = {true|false} : to do or not to do authentication
+    /// - Authority = string like "osgrid.org" : this identity authority
+    ///               that will be called back for identity verification
+    /// </summary>
+    public class HGAuthenticationService : ServiceBase, IAuthenticationService
    {
-        public AuthenticationService(IConfigSource config) : base(config)
+        private static readonly ILog m_log
+            = LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType);
+        protected IUserDataPlugin m_Database;
+        protected string m_AuthorityURL;
+        protected bool m_PerformAuthentication;
+        protected Dictionary<UUID, List<string>> m_UserKeys = new Dictionary<UUID, List<string>>();
+        public HGAuthenticationService(IConfigSource config) : base(config)
        {
+            string dllName = String.Empty;
+            string connString = String.Empty;
+            //
+            // Try reading the [DatabaseService] section first, if it exists
+            //
+            IConfig dbConfig = config.Configs["DatabaseService"];
+            if (dbConfig != null)
+            {
+                dllName = dbConfig.GetString("StorageProvider", String.Empty);
+                connString = dbConfig.GetString("ConnectionString", String.Empty);
+            }
+            //
+            // Try reading the more specific [InventoryService] section, if it exists
+            //
+            IConfig authConfig = config.Configs["AuthenticationService"];
+            if (authConfig != null)
+            {
+                dllName = authConfig.GetString("StorageProvider", dllName);
+                connString = authConfig.GetString("ConnectionString", connString);
+                m_PerformAuthentication = authConfig.GetBoolean("Authenticate", true);
+                m_AuthorityURL = "http://" + authConfig.GetString("Authority", "localhost");
+            }
+            //
+            // We tried, but this doesn't exist. We can't proceed.
+            //
+            if (dllName.Equals(String.Empty))
+                throw new Exception("No InventoryService configuration");
+            m_Database = LoadPlugin<IUserDataPlugin>(dllName);
+            if (m_Database == null)
+                throw new Exception("Could not find a storage interface in the given module");
+            m_Database.Initialise(connString);
+        } 
+        /// <summary>
+        /// This implementation only authenticates users.
+        /// </summary>
+        /// <param name="principalID"></param>
+        /// <param name="password"></param>
+        /// <returns></returns>
+        public bool Authenticate(UUID principalID, string password)
+        {
+            if (!m_PerformAuthentication)
+                return true;
+            UserProfileData profile = m_Database.GetUserByUUID(principalID);
+            bool passwordSuccess = false;
+            m_log.InfoFormat("[AUTH]: Authenticating {0} {1} ({2})", profile.FirstName, profile.SurName, profile.ID);
+            // we do this to get our hash in a form that the server password code can consume
+            // when the web-login-form submits the password in the clear (supposed to be over SSL!)
+            if (!password.StartsWith("$1$"))
+                password = "$1$" + Util.Md5Hash(password);
+            password = password.Remove(0, 3); //remove $1$
+            string s = Util.Md5Hash(password + ":" + profile.PasswordSalt);
+            // Testing...
+            //m_log.Info("[LOGIN]: SubHash:" + s + " userprofile:" + profile.passwordHash);
+            //m_log.Info("[LOGIN]: userprofile:" + profile.passwordHash + " SubCT:" + password);
+            passwordSuccess = (profile.PasswordHash.Equals(s.ToString(), StringComparison.InvariantCultureIgnoreCase)
+                               || profile.PasswordHash.Equals(password, StringComparison.InvariantCultureIgnoreCase));
+            return passwordSuccess;
        }
-        public UUID AllocateUserSession(UUID userID)
+        /// <summary>
+        /// This generates authorization keys in the form
+        /// http://authority/uuid
+        /// after verifying that the caller is, indeed, authorized to request a key
+        /// </summary>
+        /// <param name="userID">The principal ID requesting the new key</param>
+        /// <param name="authToken">The original authorization token for that principal, obtained during login</param>
+        /// <returns></returns>
+        public string GetKey(UUID principalID, string authToken)
        {
-            return UUID.Zero;
+            UserProfileData profile = m_Database.GetUserByUUID(principalID);
+            string newKey = string.Empty;
+            if (profile != null)
+            {
+                m_log.DebugFormat("[AUTH]: stored auth token is {0}. Given token is {1}", profile.WebLoginKey.ToString(), authToken);
+                // I'm overloading webloginkey for this, so that no changes are needed in the DB
+                // The uses of webloginkey are fairly mutually exclusive
+                if (profile.WebLoginKey.ToString().Equals(authToken))
+                {
+                    newKey = UUID.Random().ToString();
+                    List<string> keys;
+                    lock (m_UserKeys)
+                    {
+                        if (m_UserKeys.ContainsKey(principalID))
+                        {
+                            keys = m_UserKeys[principalID];
+                        }
+                        else
+                        {
+                            keys = new List<string>();
+                            m_UserKeys.Add(principalID, keys);
+                        }
+                        keys.Add(newKey);
+                    }
+                    m_log.InfoFormat("[AUTH]: Successfully generated new auth key for {0}", principalID);
+                }
+                else
+                    m_log.Warn("[AUTH]: Unauthorized key generation request. Denying new key.");
+            }
+            else
+                m_log.Warn("[AUTH]: Principal not found.");
+            return m_AuthorityURL + newKey;
        }
-        public string GetUserKey(UUID userID, string authToken)
+        /// <summary>
+        /// This verifies the uuid portion of the key given out by GenerateKey
+        /// </summary>
+        /// <param name="userID"></param>
+        /// <param name="key"></param>
+        /// <returns></returns>
+        public bool VerifyKey(UUID userID, string key)
        {
-            return String.Empty;
+            lock (m_UserKeys)
+            {
+                if (m_UserKeys.ContainsKey(userID))
+                {
+                    List<string> keys = m_UserKeys[userID];
+                    if (keys.Contains(key))
+                    {
+                        // Keys are one-time only, so remove it
+                        keys.Remove(key);
+                        return true;
+                    }
+                    return false;
+                }
+                else
+                    return false;
+            }
        }
-        public bool VerifyUserKey(UUID userID, string key)
+        public UUID AllocateUserSession(UUID userID)
        {
-            return false;
+            // Not implemented yet
+            return UUID.Zero;
        }
-        public bool VerifyUserSession(UUID userID, UUID session)
+        public bool VerifyUserSession(UUID userID, UUID sessionID)
        {
+            UserProfileData userProfile = m_Database.GetUserByUUID(userID);
+            if (userProfile != null && userProfile.CurrentAgent != null)
+            {
+                m_log.DebugFormat("[AUTH]: Verifying session {0} for {1}; current  session {2}", sessionID, userID, userProfile.CurrentAgent.SessionID);
+                if (userProfile.CurrentAgent.SessionID == sessionID)
+                {
+                    return true;
+                }
+            }
            return false;
        }
        public void DestroyUserSession(UUID userID)
        {
+            // Not implemented yet
        }
    }
 }
diff --git a/OpenSim/Services/Interfaces/IAuthenticationService.cs b/OpenSim/Services/Interfaces/IAuthenticationService.cs
index 35831c1..fa45cbc 100644
--- a/OpenSim/Services/Interfaces/IAuthenticationService.cs
+++ b/OpenSim/Services/Interfaces/IAuthenticationService.cs
@@ -30,31 +30,39 @@ using OpenMetaverse;
 namespace OpenSim.Services.Interfaces
 {
+    // Generic Authentication service used for identifying
+    // and authenticating principals.
+    // Principals may be clients acting on users' behalf,
+    // or any other components that need 
+    // verifiable identification.
+    //
    public interface IAuthenticationService
    {
-        // Create a new user session. If one exists, it is cleared
+        // Check the pricipal's password
        //
-        UUID AllocateUserSession(UUID userID);
+        bool Authenticate(UUID principalID, string password);
-        // Get a user key from an authentication token. This must be
+        // Get a service key given that principal's 
-        // done before the session allocated above is considered valid.
+        // authentication token (master key). 
-        // Repeated calls to this method with the same auth token will
-        // create different keys and invalidate the previous ne.
        //
-        string GetUserKey(UUID userID, string authToken);
+        string GetKey(UUID principalID, string authToken);
-        // Verify that a user key is valid
+        // Verify that a principal key is valid
        //
-        bool VerifyUserKey(UUID userID, string key);
+        bool VerifyKey(UUID principalID, string key);
+        // Create a new user session. If one exists, it is cleared
+        // 
+        UUID AllocateUserSession(UUID userID);
        // Verify that a user session ID is valid. A session ID is
        // considered valid when a user has successfully authenticated
        // at least one time inside that session.
        //
-        bool VerifyUserSession(UUID userID, UUID session);
+        bool VerifyUserSession(UUID principalID, UUID session);
        // Remove a user session identifier and deauthenticate the user
        //
-        void DestroyUserSession(UUID userID);
+        void DestroyUserSession(UUID principalID);
    }
 }