OpenSim/Services/AuthenticationService/WebkeyOrPasswordAuthenticationService.cs


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65

using System;
using System.Collections.Generic;
using OpenMetaverse;
using OpenSim.Services.Interfaces;
using log4net;
using Nini.Config;
using System.Reflection;
using OpenSim.Data;
using OpenSim.Framework;
using OpenSim.Framework.Console;

namespace OpenSim.Services.AuthenticationService
{
    public class WebkeyOrPasswordAuthenticationService : AuthenticationServiceBase, IAuthenticationService
    {
        private static readonly ILog m_log = LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType);
        public WebkeyOrPasswordAuthenticationService(IConfigSource config)
            : base(config)
        {
        }

        public string Authenticate(UUID principalID, string password, int lifetime)
        {
            AuthenticationData data = m_Database.Get(principalID);
            if (data != null && data.Data != null)
            {
                if (data.Data.ContainsKey("webLoginKey"))
                {
                    m_log.InfoFormat("[Authenticate]: Trying a web key authentication");
                    if (new UUID(password) == UUID.Zero)
                    {
                        m_log.InfoFormat("[Authenticate]: NULL_KEY is not a valid web_login_key");
                    }
                    else
                    {
                        string key = data.Data["webLoginKey"].ToString();
                        m_log.DebugFormat("[WEB LOGIN AUTH]: got {0} for key in db vs {1}", key, password);
                        if (key == password)
                        {
                            data.Data["webLoginKey"] = UUID.Zero.ToString();
                            m_Database.Store(data);
                            return GetToken(principalID, lifetime);
                        }
                    }
                }
                if (data.Data.ContainsKey("passwordHash") && data.Data.ContainsKey("passwordSalt"))
                {
                    m_log.InfoFormat("[Authenticate]: Trying a password authentication");
                    string hashed = Util.Md5Hash(password + ":" + data.Data["passwordSalt"].ToString());
                    m_log.DebugFormat("[PASS AUTH]: got {0}; hashed = {1}; stored = {2}", password, hashed, data.Data["passwordHash"].ToString());
                    if (data.Data["passwordHash"].ToString() == hashed)
                    {
                        return GetToken(principalID, lifetime);
                    }
                }
                m_log.DebugFormat("[AUTH SERVICE]: Both password and webLoginKey-based login failed for PrincipalID {0}", principalID);
            }
            else
            {
                m_log.DebugFormat("[AUTH SERVICE]: PrincipalID {0} or its data not found", principalID);
            }
            return string.Empty;
        }
    }
}