AuthenticationServerPostHandler.cs 7.7 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233
  1. /*
  2. * Copyright (c) Contributors, http://opensimulator.org/
  3. * See CONTRIBUTORS.TXT for a full list of copyright holders.
  4. *
  5. * Redistribution and use in source and binary forms, with or without
  6. * modification, are permitted provided that the following conditions are met:
  7. * * Redistributions of source code must retain the above copyright
  8. * notice, this list of conditions and the following disclaimer.
  9. * * Redistributions in binary form must reproduce the above copyright
  10. * notice, this list of conditions and the following disclaimer in the
  11. * documentation and/or other materials provided with the distribution.
  12. * * Neither the name of the OpenSimulator Project nor the
  13. * names of its contributors may be used to endorse or promote products
  14. * derived from this software without specific prior written permission.
  15. *
  16. * THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY
  17. * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
  18. * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
  19. * DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY
  20. * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
  21. * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
  22. * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
  23. * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  24. * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
  25. * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  26. */
  27. using Nini.Config;
  28. using log4net;
  29. using System;
  30. using System.Reflection;
  31. using System.IO;
  32. using System.Net;
  33. using System.Text;
  34. using System.Text.RegularExpressions;
  35. using System.Xml;
  36. using System.Xml.Serialization;
  37. using System.Collections.Generic;
  38. using OpenSim.Server.Base;
  39. using OpenSim.Services.Interfaces;
  40. using OpenSim.Framework;
  41. using OpenSim.Framework.Servers.HttpServer;
  42. using OpenMetaverse;
  43. namespace OpenSim.Server.Handlers.Authentication
  44. {
  45. public class AuthenticationServerPostHandler : BaseStreamHandler
  46. {
  47. // private static readonly ILog m_log = LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType);
  48. private IAuthenticationService m_AuthenticationService;
  49. public AuthenticationServerPostHandler(IAuthenticationService service) :
  50. base("POST", "/auth")
  51. {
  52. m_AuthenticationService = service;
  53. }
  54. public override byte[] Handle(string path, Stream request,
  55. OSHttpRequest httpRequest, OSHttpResponse httpResponse)
  56. {
  57. string[] p = SplitParams(path);
  58. if (p.Length > 0)
  59. {
  60. switch (p[0])
  61. {
  62. case "plain":
  63. StreamReader sr = new StreamReader(request);
  64. string body = sr.ReadToEnd();
  65. sr.Close();
  66. return DoPlainMethods(body);
  67. case "crypt":
  68. byte[] buffer = new byte[request.Length];
  69. long length = request.Length;
  70. if (length > 16384)
  71. length = 16384;
  72. request.Read(buffer, 0, (int)length);
  73. return DoEncryptedMethods(buffer);
  74. }
  75. }
  76. return new byte[0];
  77. }
  78. private byte[] DoPlainMethods(string body)
  79. {
  80. Dictionary<string, object> request =
  81. ServerUtils.ParseQueryString(body);
  82. int lifetime = 30;
  83. if (request.ContainsKey("LIFETIME"))
  84. {
  85. lifetime = Convert.ToInt32(request["LIFETIME"].ToString());
  86. if (lifetime > 30)
  87. lifetime = 30;
  88. }
  89. if (!request.ContainsKey("METHOD"))
  90. return FailureResult();
  91. if (!request.ContainsKey("PRINCIPAL"))
  92. return FailureResult();
  93. string method = request["METHOD"].ToString();
  94. UUID principalID;
  95. string token;
  96. if (!UUID.TryParse(request["PRINCIPAL"].ToString(), out principalID))
  97. return FailureResult();
  98. switch (method)
  99. {
  100. case "authenticate":
  101. if (!request.ContainsKey("PASSWORD"))
  102. return FailureResult();
  103. token = m_AuthenticationService.Authenticate(principalID, request["PASSWORD"].ToString(), lifetime);
  104. if (token != String.Empty)
  105. return SuccessResult(token);
  106. return FailureResult();
  107. case "verify":
  108. if (!request.ContainsKey("TOKEN"))
  109. return FailureResult();
  110. if (m_AuthenticationService.Verify(principalID, request["TOKEN"].ToString(), lifetime))
  111. return SuccessResult();
  112. return FailureResult();
  113. case "release":
  114. if (!request.ContainsKey("TOKEN"))
  115. return FailureResult();
  116. if (m_AuthenticationService.Release(principalID, request["TOKEN"].ToString()))
  117. return SuccessResult();
  118. return FailureResult();
  119. }
  120. return FailureResult();
  121. }
  122. private byte[] DoEncryptedMethods(byte[] ciphertext)
  123. {
  124. return new byte[0];
  125. }
  126. private byte[] SuccessResult()
  127. {
  128. XmlDocument doc = new XmlDocument();
  129. XmlNode xmlnode = doc.CreateNode(XmlNodeType.XmlDeclaration,
  130. "", "");
  131. doc.AppendChild(xmlnode);
  132. XmlElement rootElement = doc.CreateElement("", "ServerResponse",
  133. "");
  134. doc.AppendChild(rootElement);
  135. XmlElement result = doc.CreateElement("", "Result", "");
  136. result.AppendChild(doc.CreateTextNode("Success"));
  137. rootElement.AppendChild(result);
  138. return DocToBytes(doc);
  139. }
  140. private byte[] FailureResult()
  141. {
  142. XmlDocument doc = new XmlDocument();
  143. XmlNode xmlnode = doc.CreateNode(XmlNodeType.XmlDeclaration,
  144. "", "");
  145. doc.AppendChild(xmlnode);
  146. XmlElement rootElement = doc.CreateElement("", "ServerResponse",
  147. "");
  148. doc.AppendChild(rootElement);
  149. XmlElement result = doc.CreateElement("", "Result", "");
  150. result.AppendChild(doc.CreateTextNode("Failure"));
  151. rootElement.AppendChild(result);
  152. return DocToBytes(doc);
  153. }
  154. private byte[] SuccessResult(string token)
  155. {
  156. XmlDocument doc = new XmlDocument();
  157. XmlNode xmlnode = doc.CreateNode(XmlNodeType.XmlDeclaration,
  158. "", "");
  159. doc.AppendChild(xmlnode);
  160. XmlElement rootElement = doc.CreateElement("", "ServerResponse",
  161. "");
  162. doc.AppendChild(rootElement);
  163. XmlElement result = doc.CreateElement("", "Result", "");
  164. result.AppendChild(doc.CreateTextNode("Success"));
  165. rootElement.AppendChild(result);
  166. XmlElement t = doc.CreateElement("", "Token", "");
  167. t.AppendChild(doc.CreateTextNode(token));
  168. rootElement.AppendChild(t);
  169. return DocToBytes(doc);
  170. }
  171. private byte[] DocToBytes(XmlDocument doc)
  172. {
  173. MemoryStream ms = new MemoryStream();
  174. XmlTextWriter xw = new XmlTextWriter(ms, null);
  175. xw.Formatting = Formatting.Indented;
  176. doc.WriteTo(xw);
  177. xw.Flush();
  178. return ms.GetBuffer();
  179. }
  180. }
  181. }