LoginService.cs 36 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795
  1. /*
  2. * Copyright (c) Contributors, http://opensimulator.org/
  3. * See CONTRIBUTORS.TXT for a full list of copyright holders.
  4. *
  5. * Redistribution and use in source and binary forms, with or without
  6. * modification, are permitted provided that the following conditions are met:
  7. * * Redistributions of source code must retain the above copyright
  8. * notice, this list of conditions and the following disclaimer.
  9. * * Redistributions in binary form must reproduce the above copyright
  10. * notice, this list of conditions and the following disclaimer in the
  11. * documentation and/or other materials provided with the distribution.
  12. * * Neither the name of the OpenSim Project nor the
  13. * names of its contributors may be used to endorse or promote products
  14. * derived from this software without specific prior written permission.
  15. *
  16. * THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY
  17. * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
  18. * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
  19. * DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY
  20. * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
  21. * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
  22. * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
  23. * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  24. * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
  25. * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  26. */
  27. using System;
  28. using System.Collections;
  29. using System.Collections.Generic;
  30. using System.IO;
  31. using System.Reflection;
  32. using System.Text.RegularExpressions;
  33. using System.Threading;
  34. using System.Web;
  35. using libsecondlife;
  36. using libsecondlife.StructuredData;
  37. using log4net;
  38. using Nwc.XmlRpc;
  39. using OpenSim.Framework.Communications.Cache;
  40. using OpenSim.Framework.Statistics;
  41. namespace OpenSim.Framework.Communications
  42. {
  43. public abstract class LoginService
  44. {
  45. private static readonly ILog m_log = LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType);
  46. protected string m_welcomeMessage = "Welcome to OpenSim";
  47. protected UserManagerBase m_userManager = null;
  48. protected Mutex m_loginMutex = new Mutex(false);
  49. /// <summary>
  50. /// Used during login to send the skeleton of the OpenSim Library to the client.
  51. /// </summary>
  52. protected LibraryRootFolder m_libraryRootFolder;
  53. /// <summary>
  54. /// Constructor
  55. /// </summary>
  56. /// <param name="userManager"></param>
  57. /// <param name="libraryRootFolder"></param>
  58. /// <param name="welcomeMess"></param>
  59. public LoginService(UserManagerBase userManager, LibraryRootFolder libraryRootFolder,
  60. string welcomeMess)
  61. {
  62. m_userManager = userManager;
  63. m_libraryRootFolder = libraryRootFolder;
  64. if (welcomeMess != String.Empty)
  65. {
  66. m_welcomeMessage = welcomeMess;
  67. }
  68. }
  69. /// <summary>
  70. /// Customises the login response and fills in missing values.
  71. /// </summary>
  72. /// <param name="response">The existing response</param>
  73. /// <param name="theUser">The user profile</param>
  74. public abstract void CustomiseResponse(LoginResponse response, UserProfileData theUser, string startLocationRequest);
  75. /// <summary>
  76. /// Get the initial login inventory skeleton (in other words, the folder structure) for the given user.
  77. /// </summary>
  78. /// <param name="userID"></param>
  79. /// <returns></returns>
  80. /// <exception cref='System.Exception'>This will be thrown if there is a problem with the inventory service</exception>
  81. protected abstract InventoryData GetInventorySkeleton(LLUUID userID);
  82. /// <summary>
  83. /// Called when we receive the client's initial XMLRPC login_to_simulator request message
  84. /// </summary>
  85. /// <param name="request">The XMLRPC request</param>
  86. /// <returns>The response to send</returns>
  87. public XmlRpcResponse XmlRpcLoginMethod(XmlRpcRequest request)
  88. {
  89. // Temporary fix
  90. m_loginMutex.WaitOne();
  91. try
  92. {
  93. //CFK: CustomizeResponse contains sufficient strings to alleviate the need for this.
  94. //CKF: m_log.Info("[LOGIN]: Attempting login now...");
  95. XmlRpcResponse response = new XmlRpcResponse();
  96. Hashtable requestData = (Hashtable) request.Params[0];
  97. bool GoodXML = (requestData.Contains("first") && requestData.Contains("last") &&
  98. (requestData.Contains("passwd") || requestData.Contains("web_login_key")));
  99. bool GoodLogin = false;
  100. string startLocationRequest = "last";
  101. UserProfileData userProfile;
  102. LoginResponse logResponse = new LoginResponse();
  103. string firstname = String.Empty;
  104. string lastname = String.Empty;
  105. if (GoodXML)
  106. {
  107. firstname = (string) requestData["first"];
  108. lastname = (string) requestData["last"];
  109. m_log.InfoFormat(
  110. "[LOGIN BEGIN]: Received login request message from user {0} {1}",
  111. firstname, lastname);
  112. string clientVersion = "Unknown";
  113. if (requestData.Contains("version"))
  114. {
  115. clientVersion = (string)requestData["version"];
  116. }
  117. if (requestData.Contains("start"))
  118. {
  119. startLocationRequest = (string)requestData["start"];
  120. }
  121. m_log.DebugFormat(
  122. "[LOGIN]: Client is {0}, start location is {1}", clientVersion, startLocationRequest);
  123. userProfile = GetTheUser(firstname, lastname);
  124. if (userProfile == null)
  125. {
  126. m_log.Info("[LOGIN END]: Could not find a profile for " + firstname + " " + lastname);
  127. return logResponse.CreateLoginFailedResponse();
  128. }
  129. if (requestData.Contains("passwd"))
  130. {
  131. string passwd = (string)requestData["passwd"];
  132. GoodLogin = AuthenticateUser(userProfile, passwd);
  133. }
  134. else if (requestData.Contains("web_login_key"))
  135. {
  136. LLUUID webloginkey = null;
  137. try
  138. {
  139. webloginkey = new LLUUID((string)requestData["web_login_key"]);
  140. }
  141. catch (Exception e)
  142. {
  143. m_log.InfoFormat(
  144. "[LOGIN END]: Bad web_login_key: {0} for user {1} {2}, exception {3}",
  145. requestData["web_login_key"], firstname, lastname, e);
  146. return logResponse.CreateFailedResponse();
  147. }
  148. GoodLogin = AuthenticateUser(userProfile, webloginkey);
  149. }
  150. }
  151. else
  152. {
  153. m_log.Info(
  154. "[LOGIN END]: login_to_simulator login message did not contain all the required data");
  155. return logResponse.CreateGridErrorResponse();
  156. }
  157. if (!GoodLogin)
  158. {
  159. m_log.InfoFormat("[LOGIN END]: User {0} {1} failed authentication", firstname, lastname);
  160. return logResponse.CreateLoginFailedResponse();
  161. }
  162. else
  163. {
  164. // If we already have a session...
  165. if (userProfile.CurrentAgent != null && userProfile.CurrentAgent.AgentOnline)
  166. {
  167. //TODO: The following statements can cause trouble:
  168. // If agentOnline could not turn from true back to false normally
  169. // because of some problem, for instance, the crashment of server or client,
  170. // the user cannot log in any longer.
  171. userProfile.CurrentAgent.AgentOnline = false;
  172. m_userManager.CommitAgent(ref userProfile);
  173. // Reject the login
  174. m_log.InfoFormat(
  175. "[LOGIN END]: Notifying user {0} {1} that they are already logged in",
  176. firstname, lastname);
  177. return logResponse.CreateAlreadyLoggedInResponse();
  178. }
  179. // Otherwise...
  180. // Create a new agent session
  181. CreateAgent(userProfile, request);
  182. try
  183. {
  184. LLUUID agentID = userProfile.ID;
  185. InventoryData inventData = null;
  186. try
  187. {
  188. inventData = GetInventorySkeleton(agentID);
  189. }
  190. catch (Exception e)
  191. {
  192. m_log.ErrorFormat(
  193. "[LOGIN END]: Error retrieving inventory skeleton of agent {0}, {1} - {2}",
  194. agentID, e.GetType(), e.Message);
  195. return logResponse.CreateLoginInventoryFailedResponse();
  196. }
  197. ArrayList AgentInventoryArray = inventData.InventoryArray;
  198. Hashtable InventoryRootHash = new Hashtable();
  199. InventoryRootHash["folder_id"] = inventData.RootFolderID.ToString();
  200. ArrayList InventoryRoot = new ArrayList();
  201. InventoryRoot.Add(InventoryRootHash);
  202. userProfile.RootInventoryFolderID = inventData.RootFolderID;
  203. // Inventory Library Section
  204. Hashtable InventoryLibRootHash = new Hashtable();
  205. InventoryLibRootHash["folder_id"] = "00000112-000f-0000-0000-000100bba000";
  206. ArrayList InventoryLibRoot = new ArrayList();
  207. InventoryLibRoot.Add(InventoryLibRootHash);
  208. logResponse.InventoryLibRoot = InventoryLibRoot;
  209. logResponse.InventoryLibraryOwner = GetLibraryOwner();
  210. logResponse.InventoryRoot = InventoryRoot;
  211. logResponse.InventorySkeleton = AgentInventoryArray;
  212. logResponse.InventoryLibrary = GetInventoryLibrary();
  213. // Circuit Code
  214. uint circode = (uint) (Util.RandomClass.Next());
  215. logResponse.Lastname = userProfile.SurName;
  216. logResponse.Firstname = userProfile.FirstName;
  217. logResponse.AgentID = agentID.ToString();
  218. logResponse.SessionID = userProfile.CurrentAgent.SessionID.ToString();
  219. logResponse.SecureSessionID = userProfile.CurrentAgent.SecureSessionID.ToString();
  220. logResponse.CircuitCode = (Int32) circode;
  221. //logResponse.RegionX = 0; //overwritten
  222. //logResponse.RegionY = 0; //overwritten
  223. logResponse.Home = "!!null temporary value {home}!!"; // Overwritten
  224. //logResponse.LookAt = "\n[r" + TheUser.homeLookAt.X.ToString() + ",r" + TheUser.homeLookAt.Y.ToString() + ",r" + TheUser.homeLookAt.Z.ToString() + "]\n";
  225. //logResponse.SimAddress = "127.0.0.1"; //overwritten
  226. //logResponse.SimPort = 0; //overwritten
  227. logResponse.Message = GetMessage();
  228. logResponse.BuddList = ConvertFriendListItem(m_userManager.GetUserFriendList(agentID));
  229. logResponse.StartLocation = startLocationRequest;
  230. try
  231. {
  232. CustomiseResponse(logResponse, userProfile, startLocationRequest);
  233. }
  234. catch (Exception e)
  235. {
  236. m_log.Info("[LOGIN END]: " + e.ToString());
  237. return logResponse.CreateDeadRegionResponse();
  238. //return logResponse.ToXmlRpcResponse();
  239. }
  240. CommitAgent(ref userProfile);
  241. // If we reach this point, then the login has successfully logged onto the grid
  242. if (StatsManager.UserStats != null)
  243. StatsManager.UserStats.AddSuccessfulLogin();
  244. m_log.DebugFormat(
  245. "[LOGIN END]: Authentication of user {0} {1} successful. Sending response to client.",
  246. firstname, lastname);
  247. return logResponse.ToXmlRpcResponse();
  248. }
  249. catch (Exception e)
  250. {
  251. m_log.Info("[LOGIN END]: Login failed, " + e.ToString());
  252. }
  253. }
  254. m_log.Info("[LOGIN END]: Login failed. Sending back blank XMLRPC response");
  255. return response;
  256. }
  257. finally
  258. {
  259. m_loginMutex.ReleaseMutex();
  260. }
  261. }
  262. public LLSD LLSDLoginMethod(LLSD request)
  263. {
  264. // Temporary fix
  265. m_loginMutex.WaitOne();
  266. try
  267. {
  268. bool GoodLogin = false;
  269. string startLocationRequest = "last";
  270. UserProfileData userProfile = null;
  271. LoginResponse logResponse = new LoginResponse();
  272. if (request.Type == LLSDType.Map)
  273. {
  274. LLSDMap map = (LLSDMap)request;
  275. if (map.ContainsKey("first") && map.ContainsKey("last") && map.ContainsKey("passwd"))
  276. {
  277. string firstname = map["first"].AsString();
  278. string lastname = map["last"].AsString();
  279. string passwd = map["passwd"].AsString();
  280. if (map.ContainsKey("start"))
  281. {
  282. m_log.Info("[LOGIN]: StartLocation Requested: " + map["start"].AsString());
  283. startLocationRequest = map["start"].AsString();
  284. }
  285. userProfile = GetTheUser(firstname, lastname);
  286. if (userProfile == null)
  287. {
  288. m_log.Info("[LOGIN]: Could not find a profile for " + firstname + " " + lastname);
  289. return logResponse.CreateLoginFailedResponseLLSD();
  290. }
  291. GoodLogin = AuthenticateUser(userProfile, passwd);
  292. }
  293. }
  294. if (!GoodLogin)
  295. {
  296. return logResponse.CreateLoginFailedResponseLLSD();
  297. }
  298. else
  299. {
  300. // If we already have a session...
  301. if (userProfile.CurrentAgent != null && userProfile.CurrentAgent.AgentOnline)
  302. {
  303. userProfile.CurrentAgent = null;
  304. m_userManager.CommitAgent(ref userProfile);
  305. // Reject the login
  306. return logResponse.CreateAlreadyLoggedInResponseLLSD();
  307. }
  308. // Otherwise...
  309. // Create a new agent session
  310. CreateAgent(userProfile, request);
  311. try
  312. {
  313. LLUUID agentID = userProfile.ID;
  314. // Inventory Library Section
  315. InventoryData inventData = GetInventorySkeleton(agentID);
  316. ArrayList AgentInventoryArray = inventData.InventoryArray;
  317. Hashtable InventoryRootHash = new Hashtable();
  318. InventoryRootHash["folder_id"] = inventData.RootFolderID.ToString();
  319. ArrayList InventoryRoot = new ArrayList();
  320. InventoryRoot.Add(InventoryRootHash);
  321. userProfile.RootInventoryFolderID = inventData.RootFolderID;
  322. // Circuit Code
  323. uint circode = (uint)(Util.RandomClass.Next());
  324. logResponse.Lastname = userProfile.SurName;
  325. logResponse.Firstname = userProfile.FirstName;
  326. logResponse.AgentID = agentID.ToString();
  327. logResponse.SessionID = userProfile.CurrentAgent.SessionID.ToString();
  328. logResponse.SecureSessionID = userProfile.CurrentAgent.SecureSessionID.ToString();
  329. logResponse.InventoryRoot = InventoryRoot;
  330. logResponse.InventorySkeleton = AgentInventoryArray;
  331. logResponse.InventoryLibrary = GetInventoryLibrary();
  332. Hashtable InventoryLibRootHash = new Hashtable();
  333. InventoryLibRootHash["folder_id"] = "00000112-000f-0000-0000-000100bba000";
  334. ArrayList InventoryLibRoot = new ArrayList();
  335. InventoryLibRoot.Add(InventoryLibRootHash);
  336. logResponse.InventoryLibRoot = InventoryLibRoot;
  337. logResponse.InventoryLibraryOwner = GetLibraryOwner();
  338. logResponse.CircuitCode = (Int32)circode;
  339. //logResponse.RegionX = 0; //overwritten
  340. //logResponse.RegionY = 0; //overwritten
  341. logResponse.Home = "!!null temporary value {home}!!"; // Overwritten
  342. //logResponse.LookAt = "\n[r" + TheUser.homeLookAt.X.ToString() + ",r" + TheUser.homeLookAt.Y.ToString() + ",r" + TheUser.homeLookAt.Z.ToString() + "]\n";
  343. //logResponse.SimAddress = "127.0.0.1"; //overwritten
  344. //logResponse.SimPort = 0; //overwritten
  345. logResponse.Message = GetMessage();
  346. logResponse.BuddList = ConvertFriendListItem(m_userManager.GetUserFriendList(agentID));
  347. try
  348. {
  349. CustomiseResponse(logResponse, userProfile, startLocationRequest);
  350. }
  351. catch (Exception ex)
  352. {
  353. m_log.Info("[LOGIN]: " + ex.ToString());
  354. return logResponse.CreateDeadRegionResponseLLSD();
  355. }
  356. CommitAgent(ref userProfile);
  357. // If we reach this point, then the login has successfully logged onto the grid
  358. if (StatsManager.UserStats != null)
  359. StatsManager.UserStats.AddSuccessfulLogin();
  360. return logResponse.ToLLSDResponse();
  361. }
  362. catch (Exception ex)
  363. {
  364. m_log.Info("[LOGIN]: " + ex.ToString());
  365. return logResponse.CreateFailedResponseLLSD();
  366. }
  367. }
  368. }
  369. finally
  370. {
  371. m_loginMutex.ReleaseMutex();
  372. }
  373. }
  374. public Hashtable ProcessHTMLLogin(Hashtable keysvals)
  375. {
  376. // Matches all unspecified characters
  377. // Currently specified,; lowercase letters, upper case letters, numbers, underline
  378. // period, space, parens, and dash.
  379. Regex wfcut = new Regex("[^a-zA-Z0-9_\\.\\$ \\(\\)\\-]");
  380. Hashtable returnactions = new Hashtable();
  381. int statuscode = 200;
  382. string firstname = String.Empty;
  383. string lastname = String.Empty;
  384. string location = String.Empty;
  385. string region =String.Empty;
  386. string grid = String.Empty;
  387. string channel = String.Empty;
  388. string version = String.Empty;
  389. string lang = String.Empty;
  390. string password = String.Empty;
  391. string errormessages = String.Empty;
  392. // the client requires the HTML form field be named 'username'
  393. // however, the data it sends when it loads the first time is 'firstname'
  394. // another one of those little nuances.
  395. if (keysvals.Contains("firstname"))
  396. firstname = wfcut.Replace((string)keysvals["firstname"], String.Empty, 99999);
  397. if (keysvals.Contains("username"))
  398. firstname = wfcut.Replace((string)keysvals["username"], String.Empty, 99999);
  399. if (keysvals.Contains("lastname"))
  400. lastname = wfcut.Replace((string)keysvals["lastname"], String.Empty, 99999);
  401. if (keysvals.Contains("location"))
  402. location = wfcut.Replace((string)keysvals["location"], String.Empty, 99999);
  403. if (keysvals.Contains("region"))
  404. region = wfcut.Replace((string)keysvals["region"], String.Empty, 99999);
  405. if (keysvals.Contains("grid"))
  406. grid = wfcut.Replace((string)keysvals["grid"], String.Empty, 99999);
  407. if (keysvals.Contains("channel"))
  408. channel = wfcut.Replace((string)keysvals["channel"], String.Empty, 99999);
  409. if (keysvals.Contains("version"))
  410. version = wfcut.Replace((string)keysvals["version"], String.Empty, 99999);
  411. if (keysvals.Contains("lang"))
  412. lang = wfcut.Replace((string)keysvals["lang"], String.Empty, 99999);
  413. if (keysvals.Contains("password"))
  414. password = wfcut.Replace((string)keysvals["password"], String.Empty, 99999);
  415. // load our login form.
  416. string loginform = GetLoginForm(firstname, lastname, location, region, grid, channel, version, lang, password, errormessages);
  417. if (keysvals.ContainsKey("show_login_form"))
  418. {
  419. UserProfileData user = GetTheUser(firstname, lastname);
  420. bool goodweblogin = false;
  421. if (user != null)
  422. goodweblogin = AuthenticateUser(user, password);
  423. if (goodweblogin)
  424. {
  425. LLUUID webloginkey = LLUUID.Random();
  426. m_userManager.StoreWebLoginKey(user.ID, webloginkey);
  427. statuscode = 301;
  428. string redirectURL = "about:blank?redirect-http-hack=" +
  429. HttpUtility.UrlEncode("secondlife:///app/login?first_name=" + firstname + "&last_name=" +
  430. lastname +
  431. "&location=" + location + "&grid=Other&web_login_key=" + webloginkey.ToString());
  432. //m_log.Info("[WEB]: R:" + redirectURL);
  433. returnactions["int_response_code"] = statuscode;
  434. returnactions["str_redirect_location"] = redirectURL;
  435. returnactions["str_response_string"] = "<HTML><BODY>GoodLogin</BODY></HTML>";
  436. }
  437. else
  438. {
  439. errormessages = "The Username and password supplied did not match our records. Check your caps lock and try again";
  440. loginform = GetLoginForm(firstname, lastname, location, region, grid, channel, version, lang, password, errormessages);
  441. returnactions["int_response_code"] = statuscode;
  442. returnactions["str_response_string"] = loginform;
  443. }
  444. }
  445. else
  446. {
  447. returnactions["int_response_code"] = statuscode;
  448. returnactions["str_response_string"] = loginform;
  449. }
  450. return returnactions;
  451. }
  452. public string GetLoginForm(string firstname, string lastname, string location, string region,
  453. string grid, string channel, string version, string lang,
  454. string password, string errormessages)
  455. {
  456. // inject our values in the form at the markers
  457. string loginform=String.Empty;
  458. string file = Path.Combine(Util.configDir(), "http_loginform.html");
  459. if (!File.Exists(file))
  460. {
  461. loginform = GetDefaultLoginForm();
  462. }
  463. else
  464. {
  465. StreamReader sr = File.OpenText(file);
  466. loginform = sr.ReadToEnd();
  467. sr.Close();
  468. }
  469. loginform = loginform.Replace("[$firstname]", firstname);
  470. loginform = loginform.Replace("[$lastname]", lastname);
  471. loginform = loginform.Replace("[$location]", location);
  472. loginform = loginform.Replace("[$region]", region);
  473. loginform = loginform.Replace("[$grid]", grid);
  474. loginform = loginform.Replace("[$channel]", channel);
  475. loginform = loginform.Replace("[$version]", version);
  476. loginform = loginform.Replace("[$lang]", lang);
  477. loginform = loginform.Replace("[$password]", password);
  478. loginform = loginform.Replace("[$errors]", errormessages);
  479. return loginform;
  480. }
  481. public string GetDefaultLoginForm()
  482. {
  483. string responseString =
  484. "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">";
  485. responseString += "<html xmlns=\"http://www.w3.org/1999/xhtml\">";
  486. responseString += "<head>";
  487. responseString += "<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\" />";
  488. responseString += "<meta http-equiv=\"cache-control\" content=\"no-cache\">";
  489. responseString += "<meta http-equiv=\"Pragma\" content=\"no-cache\">";
  490. responseString += "<title>OpenSim Login</title>";
  491. responseString += "<body><br />";
  492. responseString += "<div id=\"login_box\">";
  493. responseString += "<form action=\"/go.cgi\" method=\"GET\" id=\"login-form\">";
  494. responseString += "<div id=\"message\">[$errors]</div>";
  495. responseString += "<fieldset id=\"firstname\">";
  496. responseString += "<legend>First Name:</legend>";
  497. responseString += "<input type=\"text\" id=\"firstname_input\" size=\"15\" maxlength=\"100\" name=\"username\" value=\"[$firstname]\" />";
  498. responseString += "</fieldset>";
  499. responseString += "<fieldset id=\"lastname\">";
  500. responseString += "<legend>Last Name:</legend>";
  501. responseString += "<input type=\"text\" size=\"15\" maxlength=\"100\" name=\"lastname\" value=\"[$lastname]\" />";
  502. responseString += "</fieldset>";
  503. responseString += "<fieldset id=\"password\">";
  504. responseString += "<legend>Password:</legend>";
  505. responseString += "<table cellspacing=\"0\" cellpadding=\"0\" border=\"0\">";
  506. responseString += "<tr>";
  507. responseString += "<td colspan=\"2\"><input type=\"password\" size=\"15\" maxlength=\"100\" name=\"password\" value=\"[$password]\" /></td>";
  508. responseString += "</tr>";
  509. responseString += "<tr>";
  510. responseString += "<td valign=\"middle\"><input type=\"checkbox\" name=\"remember_password\" id=\"remember_password\" [$remember_password] style=\"margin-left:0px;\"/></td>";
  511. responseString += "<td><label for=\"remember_password\">Remember password</label></td>";
  512. responseString += "</tr>";
  513. responseString += "</table>";
  514. responseString += "</fieldset>";
  515. responseString += "<input type=\"hidden\" name=\"show_login_form\" value=\"FALSE\" />";
  516. responseString += "<input type=\"hidden\" name=\"method\" value=\"login\" />";
  517. responseString += "<input type=\"hidden\" id=\"grid\" name=\"grid\" value=\"[$grid]\" />";
  518. responseString += "<input type=\"hidden\" id=\"region\" name=\"region\" value=\"[$region]\" />";
  519. responseString += "<input type=\"hidden\" id=\"location\" name=\"location\" value=\"[$location]\" />";
  520. responseString += "<input type=\"hidden\" id=\"channel\" name=\"channel\" value=\"[$channel]\" />";
  521. responseString += "<input type=\"hidden\" id=\"version\" name=\"version\" value=\"[$version]\" />";
  522. responseString += "<input type=\"hidden\" id=\"lang\" name=\"lang\" value=\"[$lang]\" />";
  523. responseString += "<div id=\"submitbtn\">";
  524. responseString += "<input class=\"input_over\" type=\"submit\" value=\"Connect\" />";
  525. responseString += "</div>";
  526. responseString += "<div id=\"connecting\" style=\"visibility:hidden\"> Connecting...</div>";
  527. responseString += "<div id=\"helplinks\">";
  528. responseString += "<a href=\"#join now link\" target=\"_blank\"></a> | ";
  529. responseString += "<a href=\"#forgot password link\" target=\"_blank\"></a>";
  530. responseString += "</div>";
  531. responseString += "<div id=\"channelinfo\"> [$channel] | [$version]=[$lang]</div>";
  532. responseString += "</form>";
  533. responseString += "<script language=\"JavaScript\">";
  534. responseString += "document.getElementById('firstname_input').focus();";
  535. responseString += "</script>";
  536. responseString += "</div>";
  537. responseString += "</div>";
  538. responseString += "</body>";
  539. responseString += "</html>";
  540. return responseString;
  541. }
  542. /// <summary>
  543. /// Saves a target agent to the database
  544. /// </summary>
  545. /// <param name="profile">The users profile</param>
  546. /// <returns>Successful?</returns>
  547. public bool CommitAgent(ref UserProfileData profile)
  548. {
  549. return m_userManager.CommitAgent(ref profile);
  550. }
  551. /// <summary>
  552. /// Checks a user against it's password hash
  553. /// </summary>
  554. /// <param name="profile">The users profile</param>
  555. /// <param name="password">The supplied password</param>
  556. /// <returns>Authenticated?</returns>
  557. public virtual bool AuthenticateUser(UserProfileData profile, string password)
  558. {
  559. bool passwordSuccess = false;
  560. //m_log.InfoFormat("[LOGIN]: Authenticating {0} {1} ({2})", profile.FirstName, profile.SurName, profile.ID);
  561. // Web Login method seems to also occasionally send the hashed password itself
  562. // we do this to get our hash in a form that the server password code can consume
  563. // when the web-login-form submits the password in the clear (supposed to be over SSL!)
  564. if (!password.StartsWith("$1$"))
  565. password = "$1$" + Util.Md5Hash(password);
  566. password = password.Remove(0, 3); //remove $1$
  567. string s = Util.Md5Hash(password + ":" + profile.PasswordSalt);
  568. // Testing...
  569. //m_log.Info("[LOGIN]: SubHash:" + s + " userprofile:" + profile.passwordHash);
  570. //m_log.Info("[LOGIN]: userprofile:" + profile.passwordHash + " SubCT:" + password);
  571. passwordSuccess = (profile.PasswordHash.Equals(s.ToString(), StringComparison.InvariantCultureIgnoreCase)
  572. || profile.PasswordHash.Equals(password, StringComparison.InvariantCultureIgnoreCase));
  573. return passwordSuccess;
  574. }
  575. public virtual bool AuthenticateUser(UserProfileData profile, LLUUID webloginkey)
  576. {
  577. bool passwordSuccess = false;
  578. m_log.InfoFormat("[LOGIN]: Authenticating {0} {1} ({2})", profile.FirstName, profile.SurName, profile.ID);
  579. // Match web login key unless it's the default weblogin key LLUUID.Zero
  580. passwordSuccess = ((profile.WebLoginKey==webloginkey) && profile.WebLoginKey != LLUUID.Zero);
  581. return passwordSuccess;
  582. }
  583. /// <summary>
  584. ///
  585. /// </summary>
  586. /// <param name="profile"></param>
  587. /// <param name="request"></param>
  588. public void CreateAgent(UserProfileData profile, XmlRpcRequest request)
  589. {
  590. m_userManager.CreateAgent(profile, request);
  591. }
  592. public void CreateAgent(UserProfileData profile, LLSD request)
  593. {
  594. m_userManager.CreateAgent(profile, request);
  595. }
  596. /// <summary>
  597. ///
  598. /// </summary>
  599. /// <param name="firstname"></param>
  600. /// <param name="lastname"></param>
  601. /// <returns></returns>
  602. public virtual UserProfileData GetTheUser(string firstname, string lastname)
  603. {
  604. return m_userManager.GetUserProfile(firstname, lastname);
  605. }
  606. /// <summary>
  607. ///
  608. /// </summary>
  609. /// <returns></returns>
  610. public virtual string GetMessage()
  611. {
  612. return m_welcomeMessage;
  613. }
  614. private static LoginResponse.BuddyList ConvertFriendListItem(List<FriendListItem> LFL)
  615. {
  616. LoginResponse.BuddyList buddylistreturn = new LoginResponse.BuddyList();
  617. foreach (FriendListItem fl in LFL)
  618. {
  619. LoginResponse.BuddyList.BuddyInfo buddyitem = new LoginResponse.BuddyList.BuddyInfo(fl.Friend);
  620. buddyitem.BuddyID = fl.Friend;
  621. buddyitem.BuddyRightsHave = (int)fl.FriendListOwnerPerms;
  622. buddyitem.BuddyRightsGiven = (int) fl.FriendPerms;
  623. buddylistreturn.AddNewBuddy(buddyitem);
  624. }
  625. return buddylistreturn;
  626. }
  627. /// <summary>
  628. /// Converts the inventory library skeleton into the form required by the rpc request.
  629. /// </summary>
  630. /// <returns></returns>
  631. protected virtual ArrayList GetInventoryLibrary()
  632. {
  633. Dictionary<LLUUID, InventoryFolderImpl> rootFolders
  634. = m_libraryRootFolder.RequestSelfAndDescendentFolders();
  635. ArrayList folderHashes = new ArrayList();
  636. foreach (InventoryFolderBase folder in rootFolders.Values)
  637. {
  638. Hashtable TempHash = new Hashtable();
  639. TempHash["name"] = folder.Name;
  640. TempHash["parent_id"] = folder.ParentID.ToString();
  641. TempHash["version"] = (Int32)folder.Version;
  642. TempHash["type_default"] = (Int32)folder.Type;
  643. TempHash["folder_id"] = folder.ID.ToString();
  644. folderHashes.Add(TempHash);
  645. }
  646. return folderHashes;
  647. }
  648. /// <summary>
  649. ///
  650. /// </summary>
  651. /// <returns></returns>
  652. protected virtual ArrayList GetLibraryOwner()
  653. {
  654. //for now create random inventory library owner
  655. Hashtable TempHash = new Hashtable();
  656. TempHash["agent_id"] = "11111111-1111-0000-0000-000100bba000";
  657. ArrayList inventoryLibOwner = new ArrayList();
  658. inventoryLibOwner.Add(TempHash);
  659. return inventoryLibOwner;
  660. }
  661. public class InventoryData
  662. {
  663. public ArrayList InventoryArray = null;
  664. public LLUUID RootFolderID = LLUUID.Zero;
  665. public InventoryData(ArrayList invList, LLUUID rootID)
  666. {
  667. InventoryArray = invList;
  668. RootFolderID = rootID;
  669. }
  670. }
  671. }
  672. }