From 11700ba4a4e35cf7512f7f6e8b9b8e54e812f574 Mon Sep 17 00:00:00 2001 From: Melanie Date: Fri, 4 Sep 2009 07:03:43 +0100 Subject: Implement plain password authentication partway. Tested, but no user functionality yet. --- OpenSim/Server/Base/ServerUtils.cs | 29 ++- .../AuthenticationServerConnector.cs | 2 +- .../AuthenticationServerPostHandler.cs | 233 +++++++++++++++++++++ .../AuthenticationServiceBase.cs | 15 ++ .../PasswordAuthenticationService.cs | 28 ++- .../WebkeyAuthenticationService.cs | 12 +- .../Services/Interfaces/IAuthenticationService.cs | 4 +- 7 files changed, 297 insertions(+), 26 deletions(-) create mode 100644 OpenSim/Server/Handlers/Authentication/AuthenticationServerPostHandler.cs (limited to 'OpenSim') diff --git a/OpenSim/Server/Base/ServerUtils.cs b/OpenSim/Server/Base/ServerUtils.cs index 8d76ffe..0a36bbe 100644 --- a/OpenSim/Server/Base/ServerUtils.cs +++ b/OpenSim/Server/Base/ServerUtils.cs @@ -31,6 +31,7 @@ using System.Reflection; using System.Xml; using System.Xml.Serialization; using System.Text; +using System.Collections.Generic; using log4net; using OpenSim.Framework; @@ -156,5 +157,31 @@ namespace OpenSim.Server.Base return null; } } + + public static Dictionary ParseQueryString(string query) + { + Dictionary result = new Dictionary(); + string[] terms = query.Split(new char[] {'&'}); + + if (terms.Length == 0) + return result; + + foreach (string t in terms) + { + string[] elems = t.Split(new char[] {'='}); + if (elems.Length == 0) + continue; + + string name = System.Web.HttpUtility.UrlDecode(elems[0]); + string value = String.Empty; + + if (elems.Length > 1) + value = System.Web.HttpUtility.UrlDecode(elems[1]); + + result[name] = value; + } + + return result; + } } -} \ No newline at end of file +} diff --git a/OpenSim/Server/Handlers/Authentication/AuthenticationServerConnector.cs b/OpenSim/Server/Handlers/Authentication/AuthenticationServerConnector.cs index 03a7980..589dc3b 100644 --- a/OpenSim/Server/Handlers/Authentication/AuthenticationServerConnector.cs +++ b/OpenSim/Server/Handlers/Authentication/AuthenticationServerConnector.cs @@ -54,7 +54,7 @@ namespace OpenSim.Server.Handlers.Authentication Object[] args = new Object[] { config }; m_AuthenticationService = ServerUtils.LoadPlugin(authenticationService, args); - //server.AddStreamHandler(new AuthenticationServerGetHandler(m_AuthenticationService)); + server.AddStreamHandler(new AuthenticationServerPostHandler(m_AuthenticationService)); } } } diff --git a/OpenSim/Server/Handlers/Authentication/AuthenticationServerPostHandler.cs b/OpenSim/Server/Handlers/Authentication/AuthenticationServerPostHandler.cs new file mode 100644 index 0000000..6cf7d56 --- /dev/null +++ b/OpenSim/Server/Handlers/Authentication/AuthenticationServerPostHandler.cs @@ -0,0 +1,233 @@ +/* + * Copyright (c) Contributors, http://opensimulator.org/ + * See CONTRIBUTORS.TXT for a full list of copyright holders. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * * Neither the name of the OpenSimulator Project nor the + * names of its contributors may be used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY + * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY + * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND + * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +using Nini.Config; +using log4net; +using System; +using System.Reflection; +using System.IO; +using System.Net; +using System.Text; +using System.Text.RegularExpressions; +using System.Xml; +using System.Xml.Serialization; +using System.Collections.Generic; +using OpenSim.Server.Base; +using OpenSim.Services.Interfaces; +using OpenSim.Framework; +using OpenSim.Framework.Servers.HttpServer; +using OpenMetaverse; + +namespace OpenSim.Server.Handlers.Authentication +{ + public class AuthenticationServerPostHandler : BaseStreamHandler + { + // private static readonly ILog m_log = LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType); + + private IAuthenticationService m_AuthenticationService; + + public AuthenticationServerPostHandler(IAuthenticationService service) : + base("POST", "/auth") + { + m_AuthenticationService = service; + } + + public override byte[] Handle(string path, Stream request, + OSHttpRequest httpRequest, OSHttpResponse httpResponse) + { + string[] p = SplitParams(path); + + if (p.Length > 0) + { + switch (p[0]) + { + case "plain": + StreamReader sr = new StreamReader(request); + string body = sr.ReadToEnd(); + sr.Close(); + + return DoPlainMethods(body); + case "crypt": + byte[] buffer = new byte[request.Length]; + long length = request.Length; + if (length > 16384) + length = 16384; + request.Read(buffer, 0, (int)length); + + return DoEncryptedMethods(buffer); + } + } + return new byte[0]; + } + + private byte[] DoPlainMethods(string body) + { + Dictionary request = + ServerUtils.ParseQueryString(body); + + int lifetime = 30; + + if (request.ContainsKey("LIFETIME")) + { + lifetime = Convert.ToInt32(request["LIFETIME"]); + if (lifetime > 30) + lifetime = 30; + } + + if (!request.ContainsKey("METHOD")) + return FailureResult(); + if (!request.ContainsKey("PRINCIPAL")) + return FailureResult(); + + string method = request["METHOD"]; + + UUID principalID; + string token; + + if (!UUID.TryParse(request["PRINCIPAL"], out principalID)) + return FailureResult(); + + switch (method) + { + case "authenticate": + if (!request.ContainsKey("PASSWORD")) + return FailureResult(); + + token = m_AuthenticationService.Authenticate(principalID, request["PASSWORD"], lifetime); + + if (token != String.Empty) + return SuccessResult(token); + return FailureResult(); + case "verify": + if (!request.ContainsKey("TOKEN")) + return FailureResult(); + + if (m_AuthenticationService.Verify(principalID, request["TOKEN"], lifetime)) + return SuccessResult(); + + return FailureResult(); + case "release": + if (!request.ContainsKey("TOKEN")) + return FailureResult(); + + if (m_AuthenticationService.Release(principalID, request["TOKEN"])) + return SuccessResult(); + + return FailureResult(); + } + + return FailureResult(); + } + + private byte[] DoEncryptedMethods(byte[] ciphertext) + { + return new byte[0]; + } + + private byte[] SuccessResult() + { + XmlDocument doc = new XmlDocument(); + + XmlNode xmlnode = doc.CreateNode(XmlNodeType.XmlDeclaration, + "", ""); + + doc.AppendChild(xmlnode); + + XmlElement rootElement = doc.CreateElement("", "Authentication", + ""); + + doc.AppendChild(rootElement); + + XmlElement result = doc.CreateElement("", "Result", ""); + result.AppendChild(doc.CreateTextNode("Success")); + + rootElement.AppendChild(result); + + return DocToBytes(doc); + } + + private byte[] FailureResult() + { + XmlDocument doc = new XmlDocument(); + + XmlNode xmlnode = doc.CreateNode(XmlNodeType.XmlDeclaration, + "", ""); + + doc.AppendChild(xmlnode); + + XmlElement rootElement = doc.CreateElement("", "Authentication", + ""); + + doc.AppendChild(rootElement); + + XmlElement result = doc.CreateElement("", "Result", ""); + result.AppendChild(doc.CreateTextNode("Failure")); + + rootElement.AppendChild(result); + + return DocToBytes(doc); + } + + private byte[] SuccessResult(string token) + { + XmlDocument doc = new XmlDocument(); + + XmlNode xmlnode = doc.CreateNode(XmlNodeType.XmlDeclaration, + "", ""); + + doc.AppendChild(xmlnode); + + XmlElement rootElement = doc.CreateElement("", "Authentication", + ""); + + doc.AppendChild(rootElement); + + XmlElement result = doc.CreateElement("", "Result", ""); + result.AppendChild(doc.CreateTextNode("Success")); + + rootElement.AppendChild(result); + + XmlElement t = doc.CreateElement("", "Token", ""); + t.AppendChild(doc.CreateTextNode(token)); + + rootElement.AppendChild(t); + + return DocToBytes(doc); + } + + private byte[] DocToBytes(XmlDocument doc) + { + MemoryStream ms = new MemoryStream(); + XmlTextWriter xw = new XmlTextWriter(ms, null); + xw.Formatting = Formatting.Indented; + doc.WriteTo(xw); + xw.Flush(); + + return ms.GetBuffer(); + } + } +} diff --git a/OpenSim/Services/AuthenticationService/AuthenticationServiceBase.cs b/OpenSim/Services/AuthenticationService/AuthenticationServiceBase.cs index 200268b..dab0598 100644 --- a/OpenSim/Services/AuthenticationService/AuthenticationServiceBase.cs +++ b/OpenSim/Services/AuthenticationService/AuthenticationServiceBase.cs @@ -95,6 +95,16 @@ namespace OpenSim.Services.AuthenticationService return new byte[0]; } + public bool Verify(UUID principalID, string token, int lifetime) + { + return false; + } + + public bool VerifyEncrypted(byte[] cyphertext, byte[] key) + { + return false; + } + public virtual bool Release(UUID principalID, string token) { return false; @@ -104,5 +114,10 @@ namespace OpenSim.Services.AuthenticationService { return false; } + + protected string GetToken(UUID principalID, int lifetime) + { + return "OK"; + } } } diff --git a/OpenSim/Services/AuthenticationService/PasswordAuthenticationService.cs b/OpenSim/Services/AuthenticationService/PasswordAuthenticationService.cs index 83ce0d0..7fdbbf6 100644 --- a/OpenSim/Services/AuthenticationService/PasswordAuthenticationService.cs +++ b/OpenSim/Services/AuthenticationService/PasswordAuthenticationService.cs @@ -56,8 +56,24 @@ namespace OpenSim.Services.AuthenticationService { } - public string Authenticate(UUID principalID, string password) + public string Authenticate(UUID principalID, string password, int lifetime) { + AuthenticationData data = m_Database.Get(principalID); + + if (!data.Data.ContainsKey("passwordHash") || + !data.Data.ContainsKey("passwordSalt")) + { + return String.Empty; + } + + string hashed = Util.Md5Hash(Util.Md5Hash(password) + ":" + + data.Data["passwordSalt"].ToString()); + + if (data.Data["passwordHash"].ToString() == hashed) + { + return GetToken(principalID, lifetime); + } + return String.Empty; } @@ -65,15 +81,5 @@ namespace OpenSim.Services.AuthenticationService { return new byte[0]; } - - public bool Verify(UUID principalID, string token) - { - return false; - } - - public bool VerifyEncrypted(byte[] cyphertext, byte[] key) - { - return false; - } } } diff --git a/OpenSim/Services/AuthenticationService/WebkeyAuthenticationService.cs b/OpenSim/Services/AuthenticationService/WebkeyAuthenticationService.cs index af55df0..0118c91 100644 --- a/OpenSim/Services/AuthenticationService/WebkeyAuthenticationService.cs +++ b/OpenSim/Services/AuthenticationService/WebkeyAuthenticationService.cs @@ -52,7 +52,7 @@ namespace OpenSim.Services.AuthenticationService { } - public string Authenticate(UUID principalID, string password) + public string Authenticate(UUID principalID, string password, int lifetime) { return String.Empty; } @@ -61,15 +61,5 @@ namespace OpenSim.Services.AuthenticationService { return new byte[0]; } - - public bool Verify(UUID principalID, string token) - { - return false; - } - - public bool VerifyEncrypted(byte[] cyphertext, byte[] key) - { - return false; - } } } diff --git a/OpenSim/Services/Interfaces/IAuthenticationService.cs b/OpenSim/Services/Interfaces/IAuthenticationService.cs index f042c93..b448a14 100644 --- a/OpenSim/Services/Interfaces/IAuthenticationService.cs +++ b/OpenSim/Services/Interfaces/IAuthenticationService.cs @@ -70,7 +70,7 @@ namespace OpenSim.Services.Interfaces // the public key of the peer, which the connector must have // obtained using a remote GetPublicKey call. // - string Authenticate(UUID principalID, string password); + string Authenticate(UUID principalID, string password, int lifetime); byte[] AuthenticateEncrypted(byte[] cyphertext, byte[] key); ////////////////////////////////////////////////////// @@ -85,7 +85,7 @@ namespace OpenSim.Services.Interfaces // must be used to refresh. Unencrypted verification is still // performed, but doesn't refresh token lifetime. // - bool Verify(UUID principalID, string token); + bool Verify(UUID principalID, string token, int lifetime); bool VerifyEncrypted(byte[] cyphertext, byte[] key); ////////////////////////////////////////////////////// -- cgit v1.1