From ce7de3581cd678dd09227bdfde94fefb779f5a86 Mon Sep 17 00:00:00 2001
From: diva
Date: Wed, 17 Jun 2009 03:52:39 +0000
Subject: Implementation of a simple authentication service + in connector in
route to making HGInventory (client access) work in standalone again. This is
the refactoring of what was/is there, but done in the new model. Not complete
yet, but key authentication works. It should be enough to make HGInventory
work again soon.
---
.../Communications/Services/HGLoginAuthService.cs | 2 +
.../Hypergrid/HGStandaloneLoginModule.cs | 2 -
.../Resources/CoreModulePlugin.addin.xml | 3 +-
.../HGAuthServiceInConnectorModule.cs | 117 +++++++++++++
.../Authentication/HGAuthServerConnector.cs | 62 +++++++
.../Authentication/HGAuthenticationHandlers.cs | 117 +++++++++++++
.../Server/Handlers/Neighbour/NeighbourHandlers.cs | 2 +-
.../Server/Handlers/Simulation/AgentHandlers.cs | 2 +-
.../AuthenticationService/AuthenticationService.cs | 181 ++++++++++++++++++++-
.../Services/Interfaces/IAuthenticationService.cs | 30 ++--
bin/config-include/StandaloneHypergrid.ini | 5 +
11 files changed, 498 insertions(+), 25 deletions(-)
create mode 100644 OpenSim/Region/CoreModules/ServiceConnectorsIn/Authentication/HGAuthServiceInConnectorModule.cs
create mode 100644 OpenSim/Server/Handlers/Authentication/HGAuthServerConnector.cs
create mode 100644 OpenSim/Server/Handlers/Authentication/HGAuthenticationHandlers.cs
diff --git a/OpenSim/Framework/Communications/Services/HGLoginAuthService.cs b/OpenSim/Framework/Communications/Services/HGLoginAuthService.cs
index 8e0205c..f496082 100644
--- a/OpenSim/Framework/Communications/Services/HGLoginAuthService.cs
+++ b/OpenSim/Framework/Communications/Services/HGLoginAuthService.cs
@@ -128,6 +128,8 @@ namespace OpenSim.Framework.Communications.Services
userProfile.WebLoginKey = token;
m_userManager.CommitAgent(ref userProfile);
}
+ m_log.Warn("[HGLOGIN]: Auth token: " + token);
+
return response;
}
diff --git a/OpenSim/Region/CoreModules/Hypergrid/HGStandaloneLoginModule.cs b/OpenSim/Region/CoreModules/Hypergrid/HGStandaloneLoginModule.cs
index a5101d0..48895d4 100644
--- a/OpenSim/Region/CoreModules/Hypergrid/HGStandaloneLoginModule.cs
+++ b/OpenSim/Region/CoreModules/Hypergrid/HGStandaloneLoginModule.cs
@@ -114,8 +114,6 @@ namespace OpenSim.Region.CoreModules.Hypergrid
this);
httpServer.AddXmlRPCHandler("hg_login", m_loginService.XmlRpcLoginMethod);
- httpServer.AddXmlRPCHandler("hg_new_auth_key", m_loginService.XmlRpcGenerateKeyMethod);
- httpServer.AddXmlRPCHandler("hg_verify_auth_key", m_loginService.XmlRpcVerifyKeyMethod);
httpServer.AddXmlRPCHandler("check_auth_session", m_loginService.XmlRPCCheckAuthSession, false);
}
diff --git a/OpenSim/Region/CoreModules/Resources/CoreModulePlugin.addin.xml b/OpenSim/Region/CoreModules/Resources/CoreModulePlugin.addin.xml
index 7d0d327..f910550 100644
--- a/OpenSim/Region/CoreModules/Resources/CoreModulePlugin.addin.xml
+++ b/OpenSim/Region/CoreModules/Resources/CoreModulePlugin.addin.xml
@@ -34,7 +34,8 @@
- \
+ \
+ \
diff --git a/OpenSim/Region/CoreModules/ServiceConnectorsIn/Authentication/HGAuthServiceInConnectorModule.cs b/OpenSim/Region/CoreModules/ServiceConnectorsIn/Authentication/HGAuthServiceInConnectorModule.cs
new file mode 100644
index 0000000..e1517a0
--- /dev/null
+++ b/OpenSim/Region/CoreModules/ServiceConnectorsIn/Authentication/HGAuthServiceInConnectorModule.cs
@@ -0,0 +1,117 @@
+/*
+ * Copyright (c) Contributors, http://opensimulator.org/
+ * See CONTRIBUTORS.TXT for a full list of copyright holders.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * * Neither the name of the OpenSimulator Project nor the
+ * names of its contributors may be used to endorse or promote products
+ * derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+using System;
+using System.Reflection;
+using System.Collections.Generic;
+using log4net;
+using Nini.Config;
+using OpenSim.Framework;
+using OpenSim.Framework.Servers.HttpServer;
+using OpenSim.Region.Framework.Scenes;
+using OpenSim.Region.Framework.Interfaces;
+using OpenSim.Server.Base;
+using OpenSim.Services.Interfaces;
+using OpenSim.Server.Handlers.Authentication;
+
+
+namespace OpenSim.Region.CoreModules.ServiceConnectorsIn.Authentication
+{
+ public class HGAuthServiceInConnectorModule : ISharedRegionModule
+ {
+ private static readonly ILog m_log = LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType);
+ private static bool m_Enabled = false;
+ private static bool m_Registered = false;
+
+ private IConfigSource m_Config;
+
+ #region IRegionModule interface
+
+ public void Initialise(IConfigSource config)
+ {
+ m_Config = config;
+
+ IConfig moduleConfig = config.Configs["Modules"];
+ if (moduleConfig != null)
+ {
+ // Boolean because there may be many of these in peaceful coexistence
+ m_Enabled = moduleConfig.GetBoolean("HGAuthServiceInConnector", false);
+ if (m_Enabled)
+ {
+ m_log.Info("[HGAUTH IN CONNECTOR]: HGAuthServiceInConnector enabled");
+ }
+
+ }
+
+ }
+
+ public void PostInitialise()
+ {
+ if (!m_Enabled)
+ return;
+
+ m_log.Info("[HGAUTH IN CONNECTOR]: Starting...");
+ }
+
+ public void Close()
+ {
+ }
+
+ public string Name
+ {
+ get { return "HGAuthServiceInConnectorModule"; }
+ }
+
+ public void AddRegion(Scene scene)
+ {
+ if (!m_Enabled)
+ return;
+
+ if (!m_Registered)
+ {
+ m_Registered = true;
+ new HGAuthServiceInConnector(m_Config, scene.CommsManager.HttpServer);
+
+ //Object[] args = new Object[] { m_Config, scene.CommsManager.HttpServer };
+ //ServerUtils.LoadPlugin("OpenSim.Server.Handlers.dll:HGAuthServiceInConnector", args);
+ }
+
+
+ }
+
+ public void RemoveRegion(Scene scene)
+ {
+ }
+
+ public void RegionLoaded(Scene scene)
+ {
+ }
+
+ #endregion
+
+ }
+}
diff --git a/OpenSim/Server/Handlers/Authentication/HGAuthServerConnector.cs b/OpenSim/Server/Handlers/Authentication/HGAuthServerConnector.cs
new file mode 100644
index 0000000..2b4c380
--- /dev/null
+++ b/OpenSim/Server/Handlers/Authentication/HGAuthServerConnector.cs
@@ -0,0 +1,62 @@
+/*
+ * Copyright (c) Contributors, http://opensimulator.org/
+ * See CONTRIBUTORS.TXT for a full list of copyright holders.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * * Neither the name of the OpenSimulator Project nor the
+ * names of its contributors may be used to endorse or promote products
+ * derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+using System;
+using Nini.Config;
+using OpenSim.Server.Base;
+using OpenSim.Services.Interfaces;
+using OpenSim.Framework.Servers.HttpServer;
+using OpenSim.Server.Handlers.Base;
+
+namespace OpenSim.Server.Handlers.Authentication
+{
+ public class HGAuthServiceInConnector : ServiceConnector
+ {
+ private IAuthenticationService m_AuthenticationService;
+
+ public HGAuthServiceInConnector(IConfigSource config, IHttpServer server) :
+ base(config, server)
+ {
+ IConfig serverConfig = config.Configs["AuthenticationService"];
+ if (serverConfig == null)
+ throw new Exception("No section 'AuthenticationService' in config file");
+
+ string authenticationService = serverConfig.GetString("LocalServiceModule",
+ String.Empty);
+
+ if (authenticationService == String.Empty)
+ throw new Exception("No AuthenticationService in config file");
+
+ Object[] args = new Object[] { config };
+ m_AuthenticationService = ServerUtils.LoadPlugin(authenticationService, args);
+
+ HGAuthenticationHandlers m_handlers = new HGAuthenticationHandlers(m_AuthenticationService);
+ server.AddXmlRPCHandler("hg_new_auth_key", m_handlers.GenerateKeyMethod);
+ server.AddXmlRPCHandler("hg_verify_auth_key", m_handlers.VerifyKeyMethod);
+ }
+ }
+}
diff --git a/OpenSim/Server/Handlers/Authentication/HGAuthenticationHandlers.cs b/OpenSim/Server/Handlers/Authentication/HGAuthenticationHandlers.cs
new file mode 100644
index 0000000..1bcbaf5
--- /dev/null
+++ b/OpenSim/Server/Handlers/Authentication/HGAuthenticationHandlers.cs
@@ -0,0 +1,117 @@
+/*
+ * Copyright (c) Contributors, http://opensimulator.org/
+ * See CONTRIBUTORS.TXT for a full list of copyright holders.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * * Neither the name of the OpenSimulator Project nor the
+ * names of its contributors may be used to endorse or promote products
+ * derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+using System;
+using System.Collections;
+using System.IO;
+using System.Reflection;
+using System.Net;
+using System.Text;
+
+using OpenSim.Server.Base;
+using OpenSim.Server.Handlers.Base;
+using OpenSim.Services.Interfaces;
+using OpenSim.Framework;
+using OpenSim.Framework.Servers.HttpServer;
+
+using OpenMetaverse;
+using OpenMetaverse.StructuredData;
+using Nwc.XmlRpc;
+using Nini.Config;
+using log4net;
+
+namespace OpenSim.Server.Handlers.Authentication
+{
+ public class HGAuthenticationHandlers
+ {
+ private static readonly ILog m_log = LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType);
+
+ private IAuthenticationService m_LocalService;
+
+ public HGAuthenticationHandlers(IAuthenticationService service)
+ {
+ m_LocalService = service;
+ }
+
+
+ public XmlRpcResponse GenerateKeyMethod(XmlRpcRequest request, IPEndPoint remoteClient)
+ {
+ XmlRpcResponse response = new XmlRpcResponse();
+
+ if (request.Params.Count < 2)
+ {
+ response.IsFault = true;
+ response.SetFault(-1, "Invalid parameters");
+ return response;
+ }
+
+ // Verify the key of who's calling
+ UUID userID = UUID.Zero;
+ string authKey = string.Empty;
+ UUID.TryParse((string)request.Params[0], out userID);
+ authKey = (string)request.Params[1];
+
+ m_log.InfoFormat("[AUTH HANDLER] GenerateKey called with authToken {0}", authKey);
+ string newKey = string.Empty;
+
+ newKey = m_LocalService.GetKey(userID, authKey.ToString());
+
+ response.Value = (string)newKey;
+ return response;
+ }
+
+ public XmlRpcResponse VerifyKeyMethod(XmlRpcRequest request, IPEndPoint remoteClient)
+ {
+ bool success = false;
+ XmlRpcResponse response = new XmlRpcResponse();
+
+ if (request.Params.Count != 2)
+ {
+ response.IsFault = true;
+ response.SetFault(-1, "Invalid parameters");
+ return response;
+ }
+
+ // Verify the key of who's calling
+ UUID userID = UUID.Zero;
+ string authKey = string.Empty;
+ if (UUID.TryParse((string)request.Params[0], out userID))
+ {
+ authKey = (string)request.Params[1];
+
+ m_log.InfoFormat("[AUTH HANDLER] VerifyKey called with key {0}", authKey);
+
+ success = m_LocalService.VerifyKey(userID, authKey);
+ }
+
+ m_log.DebugFormat("[AUTH HANDLER]: Response to VerifyKey is {0}", success);
+ response.Value = success;
+ return response;
+ }
+
+ }
+}
diff --git a/OpenSim/Server/Handlers/Neighbour/NeighbourHandlers.cs b/OpenSim/Server/Handlers/Neighbour/NeighbourHandlers.cs
index 83fa995..3de2245 100644
--- a/OpenSim/Server/Handlers/Neighbour/NeighbourHandlers.cs
+++ b/OpenSim/Server/Handlers/Neighbour/NeighbourHandlers.cs
@@ -110,7 +110,7 @@ namespace OpenSim.Server.Handlers.Neighbour
httpResponse.StatusCode = (int)HttpStatusCode.Unauthorized;
return result;
}
- if (!m_AuthenticationService.VerifyUserKey(regionID, authToken))
+ if (!m_AuthenticationService.VerifyKey(regionID, authToken))
{
m_log.InfoFormat("[RegionPostHandler]: Authentication failed for neighbour message {0}", path);
httpResponse.StatusCode = (int)HttpStatusCode.Forbidden;
diff --git a/OpenSim/Server/Handlers/Simulation/AgentHandlers.cs b/OpenSim/Server/Handlers/Simulation/AgentHandlers.cs
index 8e4d7d0..6c0b705 100644
--- a/OpenSim/Server/Handlers/Simulation/AgentHandlers.cs
+++ b/OpenSim/Server/Handlers/Simulation/AgentHandlers.cs
@@ -109,7 +109,7 @@ namespace OpenSim.Server.Handlers.Simulation
httpResponse.StatusCode = (int)HttpStatusCode.Unauthorized;
return result;
}
- if (!m_AuthenticationService.VerifyUserKey(agentID, authToken))
+ if (!m_AuthenticationService.VerifyKey(agentID, authToken))
{
m_log.InfoFormat("[AgentPostHandler]: Authentication failed for agent message {0}", path);
httpResponse.StatusCode = (int)HttpStatusCode.Forbidden;
diff --git a/OpenSim/Services/AuthenticationService/AuthenticationService.cs b/OpenSim/Services/AuthenticationService/AuthenticationService.cs
index 3eaa03d..6eaf0b0 100644
--- a/OpenSim/Services/AuthenticationService/AuthenticationService.cs
+++ b/OpenSim/Services/AuthenticationService/AuthenticationService.cs
@@ -26,6 +26,7 @@
*/
using System;
+using System.Collections.Generic;
using System.Reflection;
using Nini.Config;
using log4net;
@@ -37,34 +38,196 @@ using OpenMetaverse;
namespace OpenSim.Services.AuthenticationService
{
- public class AuthenticationService : ServiceBase, IAuthenticationService
+ ///
+ /// Simple authentication service implementation dealing only with users.
+ /// It uses the user DB directly to access user information.
+ /// It takes two config vars:
+ /// - Authenticate = {true|false} : to do or not to do authentication
+ /// - Authority = string like "osgrid.org" : this identity authority
+ /// that will be called back for identity verification
+ ///
+ public class HGAuthenticationService : ServiceBase, IAuthenticationService
{
- public AuthenticationService(IConfigSource config) : base(config)
+ private static readonly ILog m_log
+ = LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType);
+
+ protected IUserDataPlugin m_Database;
+ protected string m_AuthorityURL;
+ protected bool m_PerformAuthentication;
+ protected Dictionary> m_UserKeys = new Dictionary>();
+
+
+ public HGAuthenticationService(IConfigSource config) : base(config)
{
+ string dllName = String.Empty;
+ string connString = String.Empty;
+
+ //
+ // Try reading the [DatabaseService] section first, if it exists
+ //
+ IConfig dbConfig = config.Configs["DatabaseService"];
+ if (dbConfig != null)
+ {
+ dllName = dbConfig.GetString("StorageProvider", String.Empty);
+ connString = dbConfig.GetString("ConnectionString", String.Empty);
+ }
+
+ //
+ // Try reading the more specific [InventoryService] section, if it exists
+ //
+ IConfig authConfig = config.Configs["AuthenticationService"];
+ if (authConfig != null)
+ {
+ dllName = authConfig.GetString("StorageProvider", dllName);
+ connString = authConfig.GetString("ConnectionString", connString);
+
+ m_PerformAuthentication = authConfig.GetBoolean("Authenticate", true);
+ m_AuthorityURL = "http://" + authConfig.GetString("Authority", "localhost");
+ }
+
+ //
+ // We tried, but this doesn't exist. We can't proceed.
+ //
+ if (dllName.Equals(String.Empty))
+ throw new Exception("No InventoryService configuration");
+
+ m_Database = LoadPlugin(dllName);
+ if (m_Database == null)
+ throw new Exception("Could not find a storage interface in the given module");
+
+ m_Database.Initialise(connString);
+ }
+
+ ///
+ /// This implementation only authenticates users.
+ ///
+ ///
+ ///
+ ///
+ public bool Authenticate(UUID principalID, string password)
+ {
+ if (!m_PerformAuthentication)
+ return true;
+
+ UserProfileData profile = m_Database.GetUserByUUID(principalID);
+ bool passwordSuccess = false;
+ m_log.InfoFormat("[AUTH]: Authenticating {0} {1} ({2})", profile.FirstName, profile.SurName, profile.ID);
+
+ // we do this to get our hash in a form that the server password code can consume
+ // when the web-login-form submits the password in the clear (supposed to be over SSL!)
+ if (!password.StartsWith("$1$"))
+ password = "$1$" + Util.Md5Hash(password);
+
+ password = password.Remove(0, 3); //remove $1$
+
+ string s = Util.Md5Hash(password + ":" + profile.PasswordSalt);
+ // Testing...
+ //m_log.Info("[LOGIN]: SubHash:" + s + " userprofile:" + profile.passwordHash);
+ //m_log.Info("[LOGIN]: userprofile:" + profile.passwordHash + " SubCT:" + password);
+
+ passwordSuccess = (profile.PasswordHash.Equals(s.ToString(), StringComparison.InvariantCultureIgnoreCase)
+ || profile.PasswordHash.Equals(password, StringComparison.InvariantCultureIgnoreCase));
+
+ return passwordSuccess;
}
- public UUID AllocateUserSession(UUID userID)
+ ///
+ /// This generates authorization keys in the form
+ /// http://authority/uuid
+ /// after verifying that the caller is, indeed, authorized to request a key
+ ///
+ /// The principal ID requesting the new key
+ /// The original authorization token for that principal, obtained during login
+ ///
+ public string GetKey(UUID principalID, string authToken)
{
- return UUID.Zero;
+ UserProfileData profile = m_Database.GetUserByUUID(principalID);
+ string newKey = string.Empty;
+
+ if (profile != null)
+ {
+ m_log.DebugFormat("[AUTH]: stored auth token is {0}. Given token is {1}", profile.WebLoginKey.ToString(), authToken);
+ // I'm overloading webloginkey for this, so that no changes are needed in the DB
+ // The uses of webloginkey are fairly mutually exclusive
+ if (profile.WebLoginKey.ToString().Equals(authToken))
+ {
+ newKey = UUID.Random().ToString();
+ List keys;
+ lock (m_UserKeys)
+ {
+ if (m_UserKeys.ContainsKey(principalID))
+ {
+ keys = m_UserKeys[principalID];
+ }
+ else
+ {
+ keys = new List();
+ m_UserKeys.Add(principalID, keys);
+ }
+ keys.Add(newKey);
+ }
+ m_log.InfoFormat("[AUTH]: Successfully generated new auth key for {0}", principalID);
+ }
+ else
+ m_log.Warn("[AUTH]: Unauthorized key generation request. Denying new key.");
+ }
+ else
+ m_log.Warn("[AUTH]: Principal not found.");
+
+ return m_AuthorityURL + newKey;
}
- public string GetUserKey(UUID userID, string authToken)
+ ///
+ /// This verifies the uuid portion of the key given out by GenerateKey
+ ///
+ ///
+ ///
+ ///
+ public bool VerifyKey(UUID userID, string key)
{
- return String.Empty;
+ lock (m_UserKeys)
+ {
+ if (m_UserKeys.ContainsKey(userID))
+ {
+ List keys = m_UserKeys[userID];
+ if (keys.Contains(key))
+ {
+ // Keys are one-time only, so remove it
+ keys.Remove(key);
+ return true;
+ }
+ return false;
+ }
+ else
+ return false;
+ }
}
- public bool VerifyUserKey(UUID userID, string key)
+ public UUID AllocateUserSession(UUID userID)
{
- return false;
+ // Not implemented yet
+ return UUID.Zero;
}
- public bool VerifyUserSession(UUID userID, UUID session)
+ public bool VerifyUserSession(UUID userID, UUID sessionID)
{
+ UserProfileData userProfile = m_Database.GetUserByUUID(userID);
+
+ if (userProfile != null && userProfile.CurrentAgent != null)
+ {
+ m_log.DebugFormat("[AUTH]: Verifying session {0} for {1}; current session {2}", sessionID, userID, userProfile.CurrentAgent.SessionID);
+ if (userProfile.CurrentAgent.SessionID == sessionID)
+ {
+ return true;
+ }
+ }
+
return false;
}
public void DestroyUserSession(UUID userID)
{
+ // Not implemented yet
}
}
}
diff --git a/OpenSim/Services/Interfaces/IAuthenticationService.cs b/OpenSim/Services/Interfaces/IAuthenticationService.cs
index 35831c1..fa45cbc 100644
--- a/OpenSim/Services/Interfaces/IAuthenticationService.cs
+++ b/OpenSim/Services/Interfaces/IAuthenticationService.cs
@@ -30,31 +30,39 @@ using OpenMetaverse;
namespace OpenSim.Services.Interfaces
{
+ // Generic Authentication service used for identifying
+ // and authenticating principals.
+ // Principals may be clients acting on users' behalf,
+ // or any other components that need
+ // verifiable identification.
+ //
public interface IAuthenticationService
{
- // Create a new user session. If one exists, it is cleared
+ // Check the pricipal's password
//
- UUID AllocateUserSession(UUID userID);
+ bool Authenticate(UUID principalID, string password);
- // Get a user key from an authentication token. This must be
- // done before the session allocated above is considered valid.
- // Repeated calls to this method with the same auth token will
- // create different keys and invalidate the previous ne.
+ // Get a service key given that principal's
+ // authentication token (master key).
//
- string GetUserKey(UUID userID, string authToken);
+ string GetKey(UUID principalID, string authToken);
- // Verify that a user key is valid
+ // Verify that a principal key is valid
//
- bool VerifyUserKey(UUID userID, string key);
+ bool VerifyKey(UUID principalID, string key);
+
+ // Create a new user session. If one exists, it is cleared
+ //
+ UUID AllocateUserSession(UUID userID);
// Verify that a user session ID is valid. A session ID is
// considered valid when a user has successfully authenticated
// at least one time inside that session.
//
- bool VerifyUserSession(UUID userID, UUID session);
+ bool VerifyUserSession(UUID principalID, UUID session);
// Remove a user session identifier and deauthenticate the user
//
- void DestroyUserSession(UUID userID);
+ void DestroyUserSession(UUID principalID);
}
}
diff --git a/bin/config-include/StandaloneHypergrid.ini b/bin/config-include/StandaloneHypergrid.ini
index 8607e00..6359ac0 100644
--- a/bin/config-include/StandaloneHypergrid.ini
+++ b/bin/config-include/StandaloneHypergrid.ini
@@ -13,6 +13,7 @@
NeighbourServices = "LocalNeighbourServicesConnector"
InventoryServiceInConnector = true
AssetServiceInConnector = true
+ HGAuthServiceInConnector = true
[AssetService]
; For the AssetServiceInConnector
@@ -29,3 +30,7 @@
; For HGInventoryBroker
LocalGridInventoryService = "OpenSim.Services.InventoryService.dll:InventoryService"
HypergridInventoryService = "OpenSim.Services.Connectors.dll:HGInventoryServiceConnector"
+
+[AuthenticationService]
+ ; For the HGAuthServiceInConnector
+ LocalServiceModule = "OpenSim.Services.AuthenticationService.dll:HGAuthenticationService"
\ No newline at end of file
--
cgit v1.1