LoginService.cs 38 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858
  1. /*
  2. * Copyright (c) Contributors, http://opensimulator.org/
  3. * See CONTRIBUTORS.TXT for a full list of copyright holders.
  4. *
  5. * Redistribution and use in source and binary forms, with or without
  6. * modification, are permitted provided that the following conditions are met:
  7. * * Redistributions of source code must retain the above copyright
  8. * notice, this list of conditions and the following disclaimer.
  9. * * Redistributions in binary form must reproduce the above copyright
  10. * notice, this list of conditions and the following disclaimer in the
  11. * documentation and/or other materials provided with the distribution.
  12. * * Neither the name of the OpenSim Project nor the
  13. * names of its contributors may be used to endorse or promote products
  14. * derived from this software without specific prior written permission.
  15. *
  16. * THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY
  17. * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
  18. * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
  19. * DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY
  20. * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
  21. * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
  22. * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
  23. * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  24. * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
  25. * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  26. */
  27. using System;
  28. using System.Collections;
  29. using System.Collections.Generic;
  30. using System.IO;
  31. using System.Reflection;
  32. using System.Text.RegularExpressions;
  33. using System.Threading;
  34. using System.Web;
  35. using OpenMetaverse;
  36. using OpenMetaverse.StructuredData;
  37. using log4net;
  38. using Nwc.XmlRpc;
  39. using OpenSim.Framework.Communications.Cache;
  40. using OpenSim.Framework.Statistics;
  41. namespace OpenSim.Framework.Communications
  42. {
  43. public abstract class LoginService
  44. {
  45. private static readonly ILog m_log = LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType);
  46. protected string m_welcomeMessage = "Welcome to OpenSim";
  47. protected int m_minLoginLevel = 0;
  48. protected UserManagerBase m_userManager = null;
  49. protected Mutex m_loginMutex = new Mutex(false);
  50. /// <summary>
  51. /// Used during login to send the skeleton of the OpenSim Library to the client.
  52. /// </summary>
  53. protected LibraryRootFolder m_libraryRootFolder;
  54. /// <summary>
  55. /// Constructor
  56. /// </summary>
  57. /// <param name="userManager"></param>
  58. /// <param name="libraryRootFolder"></param>
  59. /// <param name="welcomeMess"></param>
  60. public LoginService(UserManagerBase userManager, LibraryRootFolder libraryRootFolder,
  61. string welcomeMess)
  62. {
  63. m_userManager = userManager;
  64. m_libraryRootFolder = libraryRootFolder;
  65. if (welcomeMess != String.Empty)
  66. {
  67. m_welcomeMessage = welcomeMess;
  68. }
  69. }
  70. /// <summary>
  71. /// Customises the login response and fills in missing values. This method also tells the login region to
  72. /// expect a client connection.
  73. /// </summary>
  74. /// <param name="response">The existing response</param>
  75. /// <param name="theUser">The user profile</param>
  76. /// <returns>true on success, false if the region was not successfully told to expect a user connection</returns>
  77. public abstract bool CustomiseResponse(LoginResponse response, UserProfileData theUser, string startLocationRequest);
  78. /// <summary>
  79. /// If the user is already logged in, try to notify the region that the user they've got is dead.
  80. /// </summary>
  81. /// <param name="theUser"></param>
  82. public virtual void LogOffUser(UserProfileData theUser, string message)
  83. {
  84. }
  85. /// <summary>
  86. /// Get the initial login inventory skeleton (in other words, the folder structure) for the given user.
  87. /// </summary>
  88. /// <param name="userID"></param>
  89. /// <returns></returns>
  90. /// <exception cref='System.Exception'>This will be thrown if there is a problem with the inventory service</exception>
  91. protected abstract InventoryData GetInventorySkeleton(UUID userID);
  92. /// <summary>
  93. /// Called when we receive the client's initial XMLRPC login_to_simulator request message
  94. /// </summary>
  95. /// <param name="request">The XMLRPC request</param>
  96. /// <returns>The response to send</returns>
  97. public virtual XmlRpcResponse XmlRpcLoginMethod(XmlRpcRequest request)
  98. {
  99. // Temporary fix
  100. m_loginMutex.WaitOne();
  101. try
  102. {
  103. //CFK: CustomizeResponse contains sufficient strings to alleviate the need for this.
  104. //CKF: m_log.Info("[LOGIN]: Attempting login now...");
  105. XmlRpcResponse response = new XmlRpcResponse();
  106. Hashtable requestData = (Hashtable) request.Params[0];
  107. bool GoodXML = (requestData.Contains("first") && requestData.Contains("last") &&
  108. (requestData.Contains("passwd") || requestData.Contains("web_login_key")));
  109. string startLocationRequest = "last";
  110. UserProfileData userProfile;
  111. LoginResponse logResponse = new LoginResponse();
  112. string firstname;
  113. string lastname;
  114. if (GoodXML)
  115. {
  116. if (requestData.Contains("start"))
  117. {
  118. startLocationRequest = (string)requestData["start"];
  119. }
  120. firstname = (string)requestData["first"];
  121. lastname = (string) requestData["last"];
  122. m_log.InfoFormat(
  123. "[LOGIN BEGIN]: XMLRPC Received login request message from user '{0}' '{1}'",
  124. firstname, lastname);
  125. string clientVersion = "Unknown";
  126. if (requestData.Contains("version"))
  127. {
  128. clientVersion = (string)requestData["version"];
  129. }
  130. m_log.DebugFormat(
  131. "[LOGIN]: XMLRPC Client is {0}, start location is {1}", clientVersion, startLocationRequest);
  132. if (!TryAuthenticateXmlRpcLogin(request, firstname, lastname, out userProfile))
  133. {
  134. return logResponse.CreateLoginFailedResponse();
  135. }
  136. }
  137. else
  138. {
  139. m_log.Info(
  140. "[LOGIN END]: XMLRPC login_to_simulator login message did not contain all the required data");
  141. return logResponse.CreateGridErrorResponse();
  142. }
  143. if (userProfile.GodLevel < m_minLoginLevel)
  144. {
  145. return logResponse.CreateLoginBlockedResponse();
  146. }
  147. else
  148. {
  149. // If we already have a session...
  150. if (userProfile.CurrentAgent != null && userProfile.CurrentAgent.AgentOnline)
  151. {
  152. //TODO: The following statements can cause trouble:
  153. // If agentOnline could not turn from true back to false normally
  154. // because of some problem, for instance, the crashment of server or client,
  155. // the user cannot log in any longer.
  156. userProfile.CurrentAgent.AgentOnline = false;
  157. m_userManager.CommitAgent(ref userProfile);
  158. // try to tell the region that their user is dead.
  159. LogOffUser(userProfile, " XMLRPC You were logged off because you logged in from another location");
  160. // Reject the login
  161. m_log.InfoFormat(
  162. "[LOGIN END]: XMLRPC Notifying user {0} {1} that they are already logged in",
  163. firstname, lastname);
  164. return logResponse.CreateAlreadyLoggedInResponse();
  165. }
  166. // Otherwise...
  167. // Create a new agent session
  168. m_userManager.ResetAttachments(userProfile.ID);
  169. CreateAgent(userProfile, request);
  170. try
  171. {
  172. UUID agentID = userProfile.ID;
  173. InventoryData inventData;
  174. try
  175. {
  176. inventData = GetInventorySkeleton(agentID);
  177. }
  178. catch (Exception e)
  179. {
  180. m_log.ErrorFormat(
  181. "[LOGIN END]: Error retrieving inventory skeleton of agent {0} - {1}",
  182. agentID, e);
  183. return logResponse.CreateLoginInventoryFailedResponse();
  184. }
  185. ArrayList AgentInventoryArray = inventData.InventoryArray;
  186. Hashtable InventoryRootHash = new Hashtable();
  187. InventoryRootHash["folder_id"] = inventData.RootFolderID.ToString();
  188. ArrayList InventoryRoot = new ArrayList();
  189. InventoryRoot.Add(InventoryRootHash);
  190. userProfile.RootInventoryFolderID = inventData.RootFolderID;
  191. // Inventory Library Section
  192. Hashtable InventoryLibRootHash = new Hashtable();
  193. InventoryLibRootHash["folder_id"] = "00000112-000f-0000-0000-000100bba000";
  194. ArrayList InventoryLibRoot = new ArrayList();
  195. InventoryLibRoot.Add(InventoryLibRootHash);
  196. logResponse.InventoryLibRoot = InventoryLibRoot;
  197. logResponse.InventoryLibraryOwner = GetLibraryOwner();
  198. logResponse.InventoryRoot = InventoryRoot;
  199. logResponse.InventorySkeleton = AgentInventoryArray;
  200. logResponse.InventoryLibrary = GetInventoryLibrary();
  201. logResponse.CircuitCode = Util.RandomClass.Next();
  202. logResponse.Lastname = userProfile.SurName;
  203. logResponse.Firstname = userProfile.FirstName;
  204. logResponse.AgentID = agentID;
  205. logResponse.SessionID = userProfile.CurrentAgent.SessionID;
  206. logResponse.SecureSessionID = userProfile.CurrentAgent.SecureSessionID;
  207. logResponse.Message = GetMessage();
  208. logResponse.BuddList = ConvertFriendListItem(m_userManager.GetUserFriendList(agentID));
  209. logResponse.StartLocation = startLocationRequest;
  210. if (CustomiseResponse(logResponse, userProfile, startLocationRequest))
  211. {
  212. userProfile.LastLogin = userProfile.CurrentAgent.LoginTime;
  213. CommitAgent(ref userProfile);
  214. // If we reach this point, then the login has successfully logged onto the grid
  215. if (StatsManager.UserStats != null)
  216. StatsManager.UserStats.AddSuccessfulLogin();
  217. m_log.DebugFormat(
  218. "[LOGIN END]: XMLRPC Authentication of user {0} {1} successful. Sending response to client.",
  219. firstname, lastname);
  220. return logResponse.ToXmlRpcResponse();
  221. }
  222. else
  223. {
  224. m_log.ErrorFormat("[LOGIN END]: XMLRPC informing user {0} {1} that login failed due to an unavailable region", firstname, lastname);
  225. return logResponse.CreateDeadRegionResponse();
  226. }
  227. }
  228. catch (Exception e)
  229. {
  230. m_log.Error("[LOGIN END]: XMLRPC Login failed, " + e);
  231. m_log.Error(e.StackTrace);
  232. }
  233. }
  234. m_log.Info("[LOGIN END]: XMLRPC Login failed. Sending back blank XMLRPC response");
  235. return response;
  236. }
  237. finally
  238. {
  239. m_loginMutex.ReleaseMutex();
  240. }
  241. }
  242. protected virtual bool TryAuthenticateXmlRpcLogin(XmlRpcRequest request, string firstname, string lastname, out UserProfileData userProfile)
  243. {
  244. Hashtable requestData = (Hashtable)request.Params[0];
  245. bool GoodLogin = false;
  246. userProfile = GetTheUser(firstname, lastname);
  247. if (userProfile == null)
  248. {
  249. m_log.Info("[LOGIN END]: XMLRPC Could not find a profile for " + firstname + " " + lastname);
  250. }
  251. else
  252. {
  253. if (requestData.Contains("passwd"))
  254. {
  255. string passwd = (string) requestData["passwd"];
  256. GoodLogin = AuthenticateUser(userProfile, passwd);
  257. }
  258. else if (requestData.Contains("web_login_key"))
  259. {
  260. try
  261. {
  262. UUID webloginkey = new UUID((string) requestData["web_login_key"]);
  263. GoodLogin = AuthenticateUser(userProfile, webloginkey);
  264. }
  265. catch (Exception e)
  266. {
  267. m_log.InfoFormat(
  268. "[LOGIN END]: XMLRPC Bad web_login_key: {0} for user {1} {2}, exception {3}",
  269. requestData["web_login_key"], firstname, lastname, e);
  270. }
  271. }
  272. }
  273. return GoodLogin;
  274. }
  275. protected virtual bool TryAuthenticateLLSDLogin( string firstname, string lastname, string passwd, out UserProfileData userProfile)
  276. {
  277. bool GoodLogin = false;
  278. userProfile = GetTheUser(firstname, lastname);
  279. if (userProfile == null)
  280. {
  281. m_log.Info("[LOGIN]: LLSD Could not find a profile for " + firstname + " " + lastname);
  282. return false;
  283. }
  284. GoodLogin = AuthenticateUser(userProfile, passwd);
  285. return GoodLogin;
  286. }
  287. /// <summary>
  288. /// Called when we receive the client's initial LLSD login_to_simulator request message
  289. /// </summary>
  290. /// <param name="request">The LLSD request</param>
  291. /// <returns>The response to send</returns>
  292. public OSD LLSDLoginMethod(OSD request)
  293. {
  294. // Temporary fix
  295. m_loginMutex.WaitOne();
  296. try
  297. {
  298. // bool GoodLogin = false;
  299. string startLocationRequest = "last";
  300. UserProfileData userProfile = null;
  301. LoginResponse logResponse = new LoginResponse();
  302. if (request.Type == OSDType.Map)
  303. {
  304. OSDMap map = (OSDMap)request;
  305. if (map.ContainsKey("first") && map.ContainsKey("last") && map.ContainsKey("passwd"))
  306. {
  307. string firstname = map["first"].AsString();
  308. string lastname = map["last"].AsString();
  309. string passwd = map["passwd"].AsString();
  310. if (map.ContainsKey("start"))
  311. {
  312. m_log.Info("[LOGIN]: LLSD StartLocation Requested: " + map["start"].AsString());
  313. startLocationRequest = map["start"].AsString();
  314. }
  315. m_log.Info("[LOGIN]: LLSD Login Requested for: '" + firstname+"' '"+lastname+"' / "+passwd);
  316. if (!TryAuthenticateLLSDLogin( firstname, lastname, passwd, out userProfile))
  317. {
  318. return logResponse.CreateLoginFailedResponseLLSD();
  319. }
  320. }
  321. else
  322. return logResponse.CreateLoginFailedResponseLLSD();
  323. }
  324. else
  325. return logResponse.CreateLoginFailedResponseLLSD();
  326. if (userProfile.GodLevel < m_minLoginLevel)
  327. {
  328. return logResponse.CreateLoginBlockedResponseLLSD();
  329. }
  330. else
  331. {
  332. // If we already have a session...
  333. if (userProfile.CurrentAgent != null && userProfile.CurrentAgent.AgentOnline)
  334. {
  335. userProfile.CurrentAgent.AgentOnline = false;
  336. m_userManager.CommitAgent(ref userProfile);
  337. // try to tell the region that their user is dead.
  338. LogOffUser(userProfile, " LLSD You were logged off because you logged in from another location");
  339. // Reject the login
  340. m_log.InfoFormat(
  341. "[LOGIN END]: LLSD Notifying user {0} {1} that they are already logged in",
  342. userProfile.FirstName, userProfile.SurName);
  343. userProfile.CurrentAgent = null;
  344. return logResponse.CreateAlreadyLoggedInResponseLLSD();
  345. }
  346. // Otherwise...
  347. // Create a new agent session
  348. m_userManager.ResetAttachments(userProfile.ID);
  349. CreateAgent(userProfile, request);
  350. try
  351. {
  352. UUID agentID = userProfile.ID;
  353. //InventoryData inventData = GetInventorySkeleton(agentID);
  354. InventoryData inventData = null;
  355. try
  356. {
  357. inventData = GetInventorySkeleton(agentID);
  358. }
  359. catch (Exception e)
  360. {
  361. m_log.ErrorFormat(
  362. "[LOGIN END]: LLSD Error retrieving inventory skeleton of agent {0}, {1} - {2}",
  363. agentID, e.GetType(), e.Message);
  364. return logResponse.CreateLoginFailedResponseLLSD();// .CreateLoginInventoryFailedResponseLLSD ();
  365. }
  366. ArrayList AgentInventoryArray = inventData.InventoryArray;
  367. Hashtable InventoryRootHash = new Hashtable();
  368. InventoryRootHash["folder_id"] = inventData.RootFolderID.ToString();
  369. ArrayList InventoryRoot = new ArrayList();
  370. InventoryRoot.Add(InventoryRootHash);
  371. userProfile.RootInventoryFolderID = inventData.RootFolderID;
  372. // Inventory Library Section
  373. Hashtable InventoryLibRootHash = new Hashtable();
  374. InventoryLibRootHash["folder_id"] = "00000112-000f-0000-0000-000100bba000";
  375. ArrayList InventoryLibRoot = new ArrayList();
  376. InventoryLibRoot.Add(InventoryLibRootHash);
  377. logResponse.InventoryLibRoot = InventoryLibRoot;
  378. logResponse.InventoryLibraryOwner = GetLibraryOwner();
  379. logResponse.InventoryRoot = InventoryRoot;
  380. logResponse.InventorySkeleton = AgentInventoryArray;
  381. logResponse.InventoryLibrary = GetInventoryLibrary();
  382. logResponse.CircuitCode = (Int32)Util.RandomClass.Next();
  383. logResponse.Lastname = userProfile.SurName;
  384. logResponse.Firstname = userProfile.FirstName;
  385. logResponse.AgentID = agentID;
  386. logResponse.SessionID = userProfile.CurrentAgent.SessionID;
  387. logResponse.SecureSessionID = userProfile.CurrentAgent.SecureSessionID;
  388. logResponse.Message = GetMessage();
  389. logResponse.BuddList = ConvertFriendListItem(m_userManager.GetUserFriendList(agentID));
  390. logResponse.StartLocation = startLocationRequest;
  391. try
  392. {
  393. CustomiseResponse(logResponse, userProfile, startLocationRequest);
  394. }
  395. catch (Exception ex)
  396. {
  397. m_log.Info("[LOGIN]: LLSD " + ex.ToString());
  398. return logResponse.CreateDeadRegionResponseLLSD();
  399. }
  400. userProfile.LastLogin = userProfile.CurrentAgent.LoginTime;
  401. CommitAgent(ref userProfile);
  402. // If we reach this point, then the login has successfully logged onto the grid
  403. if (StatsManager.UserStats != null)
  404. StatsManager.UserStats.AddSuccessfulLogin();
  405. m_log.DebugFormat(
  406. "[LOGIN END]: LLSD Authentication of user {0} {1} successful. Sending response to client.",
  407. userProfile.FirstName, userProfile.SurName);
  408. return logResponse.ToLLSDResponse();
  409. }
  410. catch (Exception ex)
  411. {
  412. m_log.Info("[LOGIN]: LLSD " + ex.ToString());
  413. return logResponse.CreateFailedResponseLLSD();
  414. }
  415. }
  416. }
  417. finally
  418. {
  419. m_loginMutex.ReleaseMutex();
  420. }
  421. }
  422. public Hashtable ProcessHTMLLogin(Hashtable keysvals)
  423. {
  424. // Matches all unspecified characters
  425. // Currently specified,; lowercase letters, upper case letters, numbers, underline
  426. // period, space, parens, and dash.
  427. Regex wfcut = new Regex("[^a-zA-Z0-9_\\.\\$ \\(\\)\\-]");
  428. Hashtable returnactions = new Hashtable();
  429. int statuscode = 200;
  430. string firstname = String.Empty;
  431. string lastname = String.Empty;
  432. string location = String.Empty;
  433. string region =String.Empty;
  434. string grid = String.Empty;
  435. string channel = String.Empty;
  436. string version = String.Empty;
  437. string lang = String.Empty;
  438. string password = String.Empty;
  439. string errormessages = String.Empty;
  440. // the client requires the HTML form field be named 'username'
  441. // however, the data it sends when it loads the first time is 'firstname'
  442. // another one of those little nuances.
  443. if (keysvals.Contains("firstname"))
  444. firstname = wfcut.Replace((string)keysvals["firstname"], String.Empty, 99999);
  445. if (keysvals.Contains("username"))
  446. firstname = wfcut.Replace((string)keysvals["username"], String.Empty, 99999);
  447. if (keysvals.Contains("lastname"))
  448. lastname = wfcut.Replace((string)keysvals["lastname"], String.Empty, 99999);
  449. if (keysvals.Contains("location"))
  450. location = wfcut.Replace((string)keysvals["location"], String.Empty, 99999);
  451. if (keysvals.Contains("region"))
  452. region = wfcut.Replace((string)keysvals["region"], String.Empty, 99999);
  453. if (keysvals.Contains("grid"))
  454. grid = wfcut.Replace((string)keysvals["grid"], String.Empty, 99999);
  455. if (keysvals.Contains("channel"))
  456. channel = wfcut.Replace((string)keysvals["channel"], String.Empty, 99999);
  457. if (keysvals.Contains("version"))
  458. version = wfcut.Replace((string)keysvals["version"], String.Empty, 99999);
  459. if (keysvals.Contains("lang"))
  460. lang = wfcut.Replace((string)keysvals["lang"], String.Empty, 99999);
  461. if (keysvals.Contains("password"))
  462. password = wfcut.Replace((string)keysvals["password"], String.Empty, 99999);
  463. // load our login form.
  464. string loginform = GetLoginForm(firstname, lastname, location, region, grid, channel, version, lang, password, errormessages);
  465. if (keysvals.ContainsKey("show_login_form"))
  466. {
  467. UserProfileData user = GetTheUser(firstname, lastname);
  468. bool goodweblogin = false;
  469. if (user != null)
  470. goodweblogin = AuthenticateUser(user, password);
  471. if (goodweblogin)
  472. {
  473. UUID webloginkey = UUID.Random();
  474. m_userManager.StoreWebLoginKey(user.ID, webloginkey);
  475. statuscode = 301;
  476. string redirectURL = "about:blank?redirect-http-hack=" +
  477. HttpUtility.UrlEncode("secondlife:///app/login?first_name=" + firstname + "&last_name=" +
  478. lastname +
  479. "&location=" + location + "&grid=Other&web_login_key=" + webloginkey.ToString());
  480. //m_log.Info("[WEB]: R:" + redirectURL);
  481. returnactions["int_response_code"] = statuscode;
  482. returnactions["str_redirect_location"] = redirectURL;
  483. returnactions["str_response_string"] = "<HTML><BODY>GoodLogin</BODY></HTML>";
  484. }
  485. else
  486. {
  487. errormessages = "The Username and password supplied did not match our records. Check your caps lock and try again";
  488. loginform = GetLoginForm(firstname, lastname, location, region, grid, channel, version, lang, password, errormessages);
  489. returnactions["int_response_code"] = statuscode;
  490. returnactions["str_response_string"] = loginform;
  491. }
  492. }
  493. else
  494. {
  495. returnactions["int_response_code"] = statuscode;
  496. returnactions["str_response_string"] = loginform;
  497. }
  498. return returnactions;
  499. }
  500. public string GetLoginForm(string firstname, string lastname, string location, string region,
  501. string grid, string channel, string version, string lang,
  502. string password, string errormessages)
  503. {
  504. // inject our values in the form at the markers
  505. string loginform=String.Empty;
  506. string file = Path.Combine(Util.configDir(), "http_loginform.html");
  507. if (!File.Exists(file))
  508. {
  509. loginform = GetDefaultLoginForm();
  510. }
  511. else
  512. {
  513. StreamReader sr = File.OpenText(file);
  514. loginform = sr.ReadToEnd();
  515. sr.Close();
  516. }
  517. loginform = loginform.Replace("[$firstname]", firstname);
  518. loginform = loginform.Replace("[$lastname]", lastname);
  519. loginform = loginform.Replace("[$location]", location);
  520. loginform = loginform.Replace("[$region]", region);
  521. loginform = loginform.Replace("[$grid]", grid);
  522. loginform = loginform.Replace("[$channel]", channel);
  523. loginform = loginform.Replace("[$version]", version);
  524. loginform = loginform.Replace("[$lang]", lang);
  525. loginform = loginform.Replace("[$password]", password);
  526. loginform = loginform.Replace("[$errors]", errormessages);
  527. return loginform;
  528. }
  529. public string GetDefaultLoginForm()
  530. {
  531. string responseString =
  532. "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">";
  533. responseString += "<html xmlns=\"http://www.w3.org/1999/xhtml\">";
  534. responseString += "<head>";
  535. responseString += "<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\" />";
  536. responseString += "<meta http-equiv=\"cache-control\" content=\"no-cache\">";
  537. responseString += "<meta http-equiv=\"Pragma\" content=\"no-cache\">";
  538. responseString += "<title>OpenSim Login</title>";
  539. responseString += "<body><br />";
  540. responseString += "<div id=\"login_box\">";
  541. responseString += "<form action=\"/go.cgi\" method=\"GET\" id=\"login-form\">";
  542. responseString += "<div id=\"message\">[$errors]</div>";
  543. responseString += "<fieldset id=\"firstname\">";
  544. responseString += "<legend>First Name:</legend>";
  545. responseString += "<input type=\"text\" id=\"firstname_input\" size=\"15\" maxlength=\"100\" name=\"username\" value=\"[$firstname]\" />";
  546. responseString += "</fieldset>";
  547. responseString += "<fieldset id=\"lastname\">";
  548. responseString += "<legend>Last Name:</legend>";
  549. responseString += "<input type=\"text\" size=\"15\" maxlength=\"100\" name=\"lastname\" value=\"[$lastname]\" />";
  550. responseString += "</fieldset>";
  551. responseString += "<fieldset id=\"password\">";
  552. responseString += "<legend>Password:</legend>";
  553. responseString += "<table cellspacing=\"0\" cellpadding=\"0\" border=\"0\">";
  554. responseString += "<tr>";
  555. responseString += "<td colspan=\"2\"><input type=\"password\" size=\"15\" maxlength=\"100\" name=\"password\" value=\"[$password]\" /></td>";
  556. responseString += "</tr>";
  557. responseString += "<tr>";
  558. responseString += "<td valign=\"middle\"><input type=\"checkbox\" name=\"remember_password\" id=\"remember_password\" [$remember_password] style=\"margin-left:0px;\"/></td>";
  559. responseString += "<td><label for=\"remember_password\">Remember password</label></td>";
  560. responseString += "</tr>";
  561. responseString += "</table>";
  562. responseString += "</fieldset>";
  563. responseString += "<input type=\"hidden\" name=\"show_login_form\" value=\"FALSE\" />";
  564. responseString += "<input type=\"hidden\" name=\"method\" value=\"login\" />";
  565. responseString += "<input type=\"hidden\" id=\"grid\" name=\"grid\" value=\"[$grid]\" />";
  566. responseString += "<input type=\"hidden\" id=\"region\" name=\"region\" value=\"[$region]\" />";
  567. responseString += "<input type=\"hidden\" id=\"location\" name=\"location\" value=\"[$location]\" />";
  568. responseString += "<input type=\"hidden\" id=\"channel\" name=\"channel\" value=\"[$channel]\" />";
  569. responseString += "<input type=\"hidden\" id=\"version\" name=\"version\" value=\"[$version]\" />";
  570. responseString += "<input type=\"hidden\" id=\"lang\" name=\"lang\" value=\"[$lang]\" />";
  571. responseString += "<div id=\"submitbtn\">";
  572. responseString += "<input class=\"input_over\" type=\"submit\" value=\"Connect\" />";
  573. responseString += "</div>";
  574. responseString += "<div id=\"connecting\" style=\"visibility:hidden\"> Connecting...</div>";
  575. responseString += "<div id=\"helplinks\"><!---";
  576. responseString += "<a href=\"#join now link\" target=\"_blank\"></a> | ";
  577. responseString += "<a href=\"#forgot password link\" target=\"_blank\"></a>";
  578. responseString += "---></div>";
  579. responseString += "<div id=\"channelinfo\"> [$channel] | [$version]=[$lang]</div>";
  580. responseString += "</form>";
  581. responseString += "<script language=\"JavaScript\">";
  582. responseString += "document.getElementById('firstname_input').focus();";
  583. responseString += "</script>";
  584. responseString += "</div>";
  585. responseString += "</div>";
  586. responseString += "</body>";
  587. responseString += "</html>";
  588. return responseString;
  589. }
  590. /// <summary>
  591. /// Saves a target agent to the database
  592. /// </summary>
  593. /// <param name="profile">The users profile</param>
  594. /// <returns>Successful?</returns>
  595. public bool CommitAgent(ref UserProfileData profile)
  596. {
  597. return m_userManager.CommitAgent(ref profile);
  598. }
  599. /// <summary>
  600. /// Checks a user against it's password hash
  601. /// </summary>
  602. /// <param name="profile">The users profile</param>
  603. /// <param name="password">The supplied password</param>
  604. /// <returns>Authenticated?</returns>
  605. public virtual bool AuthenticateUser(UserProfileData profile, string password)
  606. {
  607. bool passwordSuccess = false;
  608. //m_log.InfoFormat("[LOGIN]: Authenticating {0} {1} ({2})", profile.FirstName, profile.SurName, profile.ID);
  609. // Web Login method seems to also occasionally send the hashed password itself
  610. // we do this to get our hash in a form that the server password code can consume
  611. // when the web-login-form submits the password in the clear (supposed to be over SSL!)
  612. if (!password.StartsWith("$1$"))
  613. password = "$1$" + Util.Md5Hash(password);
  614. password = password.Remove(0, 3); //remove $1$
  615. string s = Util.Md5Hash(password + ":" + profile.PasswordSalt);
  616. // Testing...
  617. //m_log.Info("[LOGIN]: SubHash:" + s + " userprofile:" + profile.passwordHash);
  618. //m_log.Info("[LOGIN]: userprofile:" + profile.passwordHash + " SubCT:" + password);
  619. passwordSuccess = (profile.PasswordHash.Equals(s.ToString(), StringComparison.InvariantCultureIgnoreCase)
  620. || profile.PasswordHash.Equals(password, StringComparison.InvariantCultureIgnoreCase));
  621. return passwordSuccess;
  622. }
  623. public virtual bool AuthenticateUser(UserProfileData profile, UUID webloginkey)
  624. {
  625. bool passwordSuccess = false;
  626. m_log.InfoFormat("[LOGIN]: Authenticating {0} {1} ({2})", profile.FirstName, profile.SurName, profile.ID);
  627. // Match web login key unless it's the default weblogin key UUID.Zero
  628. passwordSuccess = ((profile.WebLoginKey==webloginkey) && profile.WebLoginKey != UUID.Zero);
  629. return passwordSuccess;
  630. }
  631. /// <summary>
  632. ///
  633. /// </summary>
  634. /// <param name="profile"></param>
  635. /// <param name="request"></param>
  636. public void CreateAgent(UserProfileData profile, XmlRpcRequest request)
  637. {
  638. m_userManager.CreateAgent(profile, request);
  639. }
  640. public void CreateAgent(UserProfileData profile, OSD request)
  641. {
  642. m_userManager.CreateAgent(profile, request);
  643. }
  644. /// <summary>
  645. ///
  646. /// </summary>
  647. /// <param name="firstname"></param>
  648. /// <param name="lastname"></param>
  649. /// <returns></returns>
  650. public virtual UserProfileData GetTheUser(string firstname, string lastname)
  651. {
  652. return m_userManager.GetUserProfile(firstname, lastname);
  653. }
  654. /// <summary>
  655. ///
  656. /// </summary>
  657. /// <returns></returns>
  658. public virtual string GetMessage()
  659. {
  660. return m_welcomeMessage;
  661. }
  662. private static LoginResponse.BuddyList ConvertFriendListItem(List<FriendListItem> LFL)
  663. {
  664. LoginResponse.BuddyList buddylistreturn = new LoginResponse.BuddyList();
  665. foreach (FriendListItem fl in LFL)
  666. {
  667. LoginResponse.BuddyList.BuddyInfo buddyitem = new LoginResponse.BuddyList.BuddyInfo(fl.Friend);
  668. buddyitem.BuddyID = fl.Friend;
  669. buddyitem.BuddyRightsHave = (int)fl.FriendListOwnerPerms;
  670. buddyitem.BuddyRightsGiven = (int) fl.FriendPerms;
  671. buddylistreturn.AddNewBuddy(buddyitem);
  672. }
  673. return buddylistreturn;
  674. }
  675. /// <summary>
  676. /// Converts the inventory library skeleton into the form required by the rpc request.
  677. /// </summary>
  678. /// <returns></returns>
  679. protected virtual ArrayList GetInventoryLibrary()
  680. {
  681. Dictionary<UUID, InventoryFolderImpl> rootFolders
  682. = m_libraryRootFolder.RequestSelfAndDescendentFolders();
  683. ArrayList folderHashes = new ArrayList();
  684. foreach (InventoryFolderBase folder in rootFolders.Values)
  685. {
  686. Hashtable TempHash = new Hashtable();
  687. TempHash["name"] = folder.Name;
  688. TempHash["parent_id"] = folder.ParentID.ToString();
  689. TempHash["version"] = (Int32)folder.Version;
  690. TempHash["type_default"] = (Int32)folder.Type;
  691. TempHash["folder_id"] = folder.ID.ToString();
  692. folderHashes.Add(TempHash);
  693. }
  694. return folderHashes;
  695. }
  696. /// <summary>
  697. ///
  698. /// </summary>
  699. /// <returns></returns>
  700. protected virtual ArrayList GetLibraryOwner()
  701. {
  702. //for now create random inventory library owner
  703. Hashtable TempHash = new Hashtable();
  704. TempHash["agent_id"] = "11111111-1111-0000-0000-000100bba000";
  705. ArrayList inventoryLibOwner = new ArrayList();
  706. inventoryLibOwner.Add(TempHash);
  707. return inventoryLibOwner;
  708. }
  709. public class InventoryData
  710. {
  711. public ArrayList InventoryArray = null;
  712. public UUID RootFolderID = UUID.Zero;
  713. public InventoryData(ArrayList invList, UUID rootID)
  714. {
  715. InventoryArray = invList;
  716. RootFolderID = rootID;
  717. }
  718. }
  719. }
  720. }