AuthenticationServerPostHandler.cs 11 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327
  1. /*
  2. * Copyright (c) Contributors, http://opensimulator.org/
  3. * See CONTRIBUTORS.TXT for a full list of copyright holders.
  4. *
  5. * Redistribution and use in source and binary forms, with or without
  6. * modification, are permitted provided that the following conditions are met:
  7. * * Redistributions of source code must retain the above copyright
  8. * notice, this list of conditions and the following disclaimer.
  9. * * Redistributions in binary form must reproduce the above copyright
  10. * notice, this list of conditions and the following disclaimer in the
  11. * documentation and/or other materials provided with the distribution.
  12. * * Neither the name of the OpenSimulator Project nor the
  13. * names of its contributors may be used to endorse or promote products
  14. * derived from this software without specific prior written permission.
  15. *
  16. * THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY
  17. * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
  18. * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
  19. * DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY
  20. * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
  21. * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
  22. * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
  23. * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  24. * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
  25. * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  26. */
  27. using Nini.Config;
  28. using log4net;
  29. using System;
  30. using System.Reflection;
  31. using System.IO;
  32. using System.Net;
  33. using System.Text;
  34. using System.Text.RegularExpressions;
  35. using System.Xml;
  36. using System.Xml.Serialization;
  37. using System.Collections.Generic;
  38. using OpenSim.Server.Base;
  39. using OpenSim.Services.Interfaces;
  40. using OpenSim.Framework;
  41. using OpenSim.Framework.Servers.HttpServer;
  42. using OpenMetaverse;
  43. namespace OpenSim.Server.Handlers.Authentication
  44. {
  45. public class AuthenticationServerPostHandler : BaseStreamHandler
  46. {
  47. private static readonly ILog m_log = LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType);
  48. private IAuthenticationService m_AuthenticationService;
  49. private bool m_AllowGetAuthInfo = false;
  50. private bool m_AllowSetAuthInfo = false;
  51. private bool m_AllowSetPassword = false;
  52. public AuthenticationServerPostHandler(IAuthenticationService service) :
  53. this(service, null) {}
  54. public AuthenticationServerPostHandler(IAuthenticationService service, IConfig config) :
  55. base("POST", "/auth")
  56. {
  57. m_AuthenticationService = service;
  58. if (config != null)
  59. {
  60. m_AllowGetAuthInfo = config.GetBoolean("AllowGetAuthInfo", m_AllowGetAuthInfo);
  61. m_AllowSetAuthInfo = config.GetBoolean("AllowSetAuthInfo", m_AllowSetAuthInfo);
  62. m_AllowSetPassword = config.GetBoolean("AllowSetPassword", m_AllowSetPassword);
  63. }
  64. }
  65. protected override byte[] ProcessRequest(string path, Stream request,
  66. IOSHttpRequest httpRequest, IOSHttpResponse httpResponse)
  67. {
  68. string[] p = SplitParams(path);
  69. if (p.Length > 0)
  70. {
  71. switch (p[0])
  72. {
  73. case "plain":
  74. StreamReader sr = new StreamReader(request);
  75. string body = sr.ReadToEnd();
  76. sr.Close();
  77. return DoPlainMethods(body);
  78. case "crypt":
  79. byte[] buffer = new byte[request.Length];
  80. long length = request.Length;
  81. if (length > 16384)
  82. length = 16384;
  83. request.Read(buffer, 0, (int)length);
  84. return DoEncryptedMethods(buffer);
  85. }
  86. }
  87. return new byte[0];
  88. }
  89. private byte[] DoPlainMethods(string body)
  90. {
  91. Dictionary<string, object> request =
  92. ServerUtils.ParseQueryString(body);
  93. int lifetime = 30;
  94. if (request.ContainsKey("LIFETIME"))
  95. {
  96. lifetime = Convert.ToInt32(request["LIFETIME"].ToString());
  97. if (lifetime > 30)
  98. lifetime = 30;
  99. }
  100. if (!request.ContainsKey("METHOD"))
  101. return FailureResult();
  102. if (!request.ContainsKey("PRINCIPAL"))
  103. return FailureResult();
  104. string method = request["METHOD"].ToString();
  105. UUID principalID;
  106. string token;
  107. if (!UUID.TryParse(request["PRINCIPAL"].ToString(), out principalID))
  108. return FailureResult();
  109. switch (method)
  110. {
  111. case "authenticate":
  112. if (!request.ContainsKey("PASSWORD"))
  113. return FailureResult();
  114. token = m_AuthenticationService.Authenticate(principalID, request["PASSWORD"].ToString(), lifetime);
  115. if (token != String.Empty)
  116. return SuccessResult(token);
  117. return FailureResult();
  118. case "setpassword":
  119. if (!m_AllowSetPassword)
  120. return FailureResult();
  121. if (!request.ContainsKey("PASSWORD"))
  122. return FailureResult();
  123. if (m_AuthenticationService.SetPassword(principalID, request["PASSWORD"].ToString()))
  124. return SuccessResult();
  125. else
  126. return FailureResult();
  127. case "verify":
  128. if (!request.ContainsKey("TOKEN"))
  129. return FailureResult();
  130. if (m_AuthenticationService.Verify(principalID, request["TOKEN"].ToString(), lifetime))
  131. return SuccessResult();
  132. return FailureResult();
  133. case "release":
  134. if (!request.ContainsKey("TOKEN"))
  135. return FailureResult();
  136. if (m_AuthenticationService.Release(principalID, request["TOKEN"].ToString()))
  137. return SuccessResult();
  138. return FailureResult();
  139. case "getauthinfo":
  140. if (m_AllowGetAuthInfo)
  141. return GetAuthInfo(principalID);
  142. break;
  143. case "setauthinfo":
  144. if (m_AllowSetAuthInfo)
  145. return SetAuthInfo(principalID, request);
  146. break;
  147. }
  148. return FailureResult();
  149. }
  150. private byte[] DoEncryptedMethods(byte[] ciphertext)
  151. {
  152. return new byte[0];
  153. }
  154. private byte[] SuccessResult()
  155. {
  156. XmlDocument doc = new XmlDocument();
  157. XmlNode xmlnode = doc.CreateNode(XmlNodeType.XmlDeclaration,
  158. "", "");
  159. doc.AppendChild(xmlnode);
  160. XmlElement rootElement = doc.CreateElement("", "ServerResponse",
  161. "");
  162. doc.AppendChild(rootElement);
  163. XmlElement result = doc.CreateElement("", "Result", "");
  164. result.AppendChild(doc.CreateTextNode("Success"));
  165. rootElement.AppendChild(result);
  166. return DocToBytes(doc);
  167. }
  168. byte[] GetAuthInfo(UUID principalID)
  169. {
  170. AuthInfo info = m_AuthenticationService.GetAuthInfo(principalID);
  171. if (info != null)
  172. {
  173. Dictionary<string, object> result = new Dictionary<string, object>();
  174. result["result"] = info.ToKeyValuePairs();
  175. return ResultToBytes(result);
  176. }
  177. else
  178. {
  179. return FailureResult();
  180. }
  181. }
  182. byte[] SetAuthInfo(UUID principalID, Dictionary<string, object> request)
  183. {
  184. AuthInfo existingInfo = m_AuthenticationService.GetAuthInfo(principalID);
  185. if (existingInfo == null)
  186. return FailureResult();
  187. if (request.ContainsKey("AccountType"))
  188. existingInfo.AccountType = request["AccountType"].ToString();
  189. if (request.ContainsKey("PasswordHash"))
  190. existingInfo.PasswordHash = request["PasswordHash"].ToString();
  191. if (request.ContainsKey("PasswordSalt"))
  192. existingInfo.PasswordSalt = request["PasswordSalt"].ToString();
  193. if (request.ContainsKey("WebLoginKey"))
  194. existingInfo.WebLoginKey = request["WebLoginKey"].ToString();
  195. if (!m_AuthenticationService.SetAuthInfo(existingInfo))
  196. {
  197. m_log.ErrorFormat(
  198. "[AUTHENTICATION SERVER POST HANDLER]: Authentication info store failed for account {0} {1} {2}",
  199. existingInfo.PrincipalID);
  200. return FailureResult();
  201. }
  202. return SuccessResult();
  203. }
  204. private byte[] FailureResult()
  205. {
  206. XmlDocument doc = new XmlDocument();
  207. XmlNode xmlnode = doc.CreateNode(XmlNodeType.XmlDeclaration,
  208. "", "");
  209. doc.AppendChild(xmlnode);
  210. XmlElement rootElement = doc.CreateElement("", "ServerResponse",
  211. "");
  212. doc.AppendChild(rootElement);
  213. XmlElement result = doc.CreateElement("", "Result", "");
  214. result.AppendChild(doc.CreateTextNode("Failure"));
  215. rootElement.AppendChild(result);
  216. return DocToBytes(doc);
  217. }
  218. private byte[] SuccessResult(string token)
  219. {
  220. XmlDocument doc = new XmlDocument();
  221. XmlNode xmlnode = doc.CreateNode(XmlNodeType.XmlDeclaration,
  222. "", "");
  223. doc.AppendChild(xmlnode);
  224. XmlElement rootElement = doc.CreateElement("", "ServerResponse",
  225. "");
  226. doc.AppendChild(rootElement);
  227. XmlElement result = doc.CreateElement("", "Result", "");
  228. result.AppendChild(doc.CreateTextNode("Success"));
  229. rootElement.AppendChild(result);
  230. XmlElement t = doc.CreateElement("", "Token", "");
  231. t.AppendChild(doc.CreateTextNode(token));
  232. rootElement.AppendChild(t);
  233. return DocToBytes(doc);
  234. }
  235. private byte[] DocToBytes(XmlDocument doc)
  236. {
  237. MemoryStream ms = new MemoryStream();
  238. XmlTextWriter xw = new XmlTextWriter(ms, null);
  239. xw.Formatting = Formatting.Indented;
  240. doc.WriteTo(xw);
  241. xw.Flush();
  242. return ms.GetBuffer();
  243. }
  244. private byte[] ResultToBytes(Dictionary<string, object> result)
  245. {
  246. string xmlString = ServerUtils.BuildXmlResponse(result);
  247. return Util.UTF8NoBomEncoding.GetBytes(xmlString);
  248. }
  249. }
  250. }