From 5e4d6cab00cb29cd088ab7b62ab13aff103b64cb Mon Sep 17 00:00:00 2001 From: onefang Date: Sun, 19 May 2019 21:24:15 +1000 Subject: Dump OpenSim 0.9.0.1 into it's own branch. --- .../PasswordAuthenticationService.cs | 94 +++++++++++++++++----- 1 file changed, 74 insertions(+), 20 deletions(-) (limited to 'OpenSim/Services/AuthenticationService/PasswordAuthenticationService.cs') diff --git a/OpenSim/Services/AuthenticationService/PasswordAuthenticationService.cs b/OpenSim/Services/AuthenticationService/PasswordAuthenticationService.cs index 5f1bde1..0204699 100644 --- a/OpenSim/Services/AuthenticationService/PasswordAuthenticationService.cs +++ b/OpenSim/Services/AuthenticationService/PasswordAuthenticationService.cs @@ -41,7 +41,7 @@ namespace OpenSim.Services.AuthenticationService // Generic Authentication service used for identifying // and authenticating principals. // Principals may be clients acting on users' behalf, - // or any other components that need + // or any other components that need // verifiable identification. // public class PasswordAuthenticationService : @@ -50,7 +50,13 @@ namespace OpenSim.Services.AuthenticationService private static readonly ILog m_log = LogManager.GetLogger( MethodBase.GetCurrentMethod().DeclaringType); - + + public PasswordAuthenticationService(IConfigSource config, IUserAccountService userService) : + base(config, userService) + { + m_log.Debug("[AUTH SERVICE]: Started with User Account access"); + } + public PasswordAuthenticationService(IConfigSource config) : base(config) { @@ -58,42 +64,90 @@ namespace OpenSim.Services.AuthenticationService public string Authenticate(UUID principalID, string password, int lifetime) { + UUID realID; + return Authenticate(principalID, password, lifetime, out realID); + } + + public string Authenticate(UUID principalID, string password, int lifetime, out UUID realID) + { + realID = UUID.Zero; + + m_log.DebugFormat("[AUTH SERVICE]: Authenticating for {0}, user account service present: {1}", principalID, m_UserAccountService != null); AuthenticationData data = m_Database.Get(principalID); + UserAccount user = null; + if (m_UserAccountService != null) + user = m_UserAccountService.GetUserAccount(UUID.Zero, principalID); - if (data == null) + if (data == null || data.Data == null) { - m_log.DebugFormat("[AUTH SERVICE]: PrincipalID {0} not found", principalID); + m_log.DebugFormat("[AUTH SERVICE]: PrincipalID {0} or its data not found", principalID); return String.Empty; } - else if (data.Data == null) + + if (!data.Data.ContainsKey("passwordHash") || + !data.Data.ContainsKey("passwordSalt")) { - m_log.DebugFormat("[AUTH SERVICE]: PrincipalID {0} data not found", principalID); return String.Empty; } - else if (!data.Data.ContainsKey("passwordHash") || !data.Data.ContainsKey("passwordSalt")) + + string hashed = Util.Md5Hash(password + ":" + + data.Data["passwordSalt"].ToString()); + +// m_log.DebugFormat("[PASS AUTH]: got {0}; hashed = {1}; stored = {2}", password, hashed, data.Data["passwordHash"].ToString()); + + if (data.Data["passwordHash"].ToString() == hashed) + { + return GetToken(principalID, lifetime); + } + + if (user == null) { - m_log.DebugFormat( - "[AUTH SERVICE]: PrincipalID {0} data didn't contain either passwordHash or passwordSalt", principalID); + m_log.DebugFormat("[PASS AUTH]: No user record for {0}", principalID); return String.Empty; } - else + + int impersonateFlag = 1 << 6; + + if ((user.UserFlags & impersonateFlag) == 0) + return String.Empty; + + m_log.DebugFormat("[PASS AUTH]: Attempting impersonation"); + + List accounts = m_UserAccountService.GetUserAccountsWhere(UUID.Zero, "UserLevel >= 200"); + if (accounts == null || accounts.Count == 0) + return String.Empty; + + foreach (UserAccount a in accounts) { - string hashed = Util.Md5Hash(password + ":" + data.Data["passwordSalt"].ToString()); + data = m_Database.Get(a.PrincipalID); + if (data == null || data.Data == null || + !data.Data.ContainsKey("passwordHash") || + !data.Data.ContainsKey("passwordSalt")) + { + continue; + } + +// m_log.DebugFormat("[PASS AUTH]: Trying {0}", data.PrincipalID); - m_log.DebugFormat("[PASS AUTH]: got {0}; hashed = {1}; stored = {2}", password, hashed, data.Data["passwordHash"].ToString()); + hashed = Util.Md5Hash(password + ":" + + data.Data["passwordSalt"].ToString()); if (data.Data["passwordHash"].ToString() == hashed) { + m_log.DebugFormat("[PASS AUTH]: {0} {1} impersonating {2}, proceeding with login", a.FirstName, a.LastName, principalID); + realID = a.PrincipalID; return GetToken(principalID, lifetime); } - else - { - m_log.DebugFormat( - "[AUTH SERVICE]: Salted hash {0} of given password did not match salted hash of {1} for PrincipalID {2}. Authentication failure.", - hashed, data.Data["passwordHash"], principalID); - return String.Empty; - } +// else +// { +// m_log.DebugFormat( +// "[AUTH SERVICE]: Salted hash {0} of given password did not match salted hash of {1} for PrincipalID {2}. Authentication failure.", +// hashed, data.Data["passwordHash"], data.PrincipalID); +// } } + + m_log.DebugFormat("[PASS AUTH]: Impersonation of {0} failed", principalID); + return String.Empty; } } -} \ No newline at end of file +} -- cgit v1.1