SimianAuthenticationServiceConnector.cs 12 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313
  1. /*
  2. * Copyright (c) Contributors, http://opensimulator.org/
  3. * See CONTRIBUTORS.TXT for a full list of copyright holders.
  4. *
  5. * Redistribution and use in source and binary forms, with or without
  6. * modification, are permitted provided that the following conditions are met:
  7. * * Redistributions of source code must retain the above copyright
  8. * notice, this list of conditions and the following disclaimer.
  9. * * Redistributions in binary form must reproduce the above copyright
  10. * notice, this list of conditions and the following disclaimer in the
  11. * documentation and/or other materials provided with the distribution.
  12. * * Neither the name of the OpenSimulator Project nor the
  13. * names of its contributors may be used to endorse or promote products
  14. * derived from this software without specific prior written permission.
  15. *
  16. * THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY
  17. * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
  18. * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
  19. * DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY
  20. * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
  21. * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
  22. * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
  23. * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  24. * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
  25. * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  26. */
  27. using System;
  28. using System.Collections.Specialized;
  29. using System.Reflection;
  30. using log4net;
  31. using Mono.Addins;
  32. using Nini.Config;
  33. using OpenMetaverse;
  34. using OpenMetaverse.StructuredData;
  35. using OpenSim.Framework;
  36. using OpenSim.Region.Framework.Interfaces;
  37. using OpenSim.Region.Framework.Scenes;
  38. using OpenSim.Services.Interfaces;
  39. namespace OpenSim.Services.Connectors.SimianGrid
  40. {
  41. /// <summary>
  42. /// Connects authentication/authorization to the SimianGrid backend
  43. /// </summary>
  44. [Extension(Path = "/OpenSim/RegionModules", NodeName = "RegionModule", Id = "SimianAuthenticationServiceConnector")]
  45. public class SimianAuthenticationServiceConnector : IAuthenticationService, ISharedRegionModule
  46. {
  47. private static readonly ILog m_log =
  48. LogManager.GetLogger(
  49. MethodBase.GetCurrentMethod().DeclaringType);
  50. private string m_serverUrl = String.Empty;
  51. private bool m_Enabled = false;
  52. #region ISharedRegionModule
  53. public Type ReplaceableInterface { get { return null; } }
  54. public void RegionLoaded(Scene scene) { }
  55. public void PostInitialise() { }
  56. public void Close() { }
  57. public SimianAuthenticationServiceConnector() { }
  58. public string Name { get { return "SimianAuthenticationServiceConnector"; } }
  59. public void AddRegion(Scene scene) { if (m_Enabled) { scene.RegisterModuleInterface<IAuthenticationService>(this); } }
  60. public void RemoveRegion(Scene scene) { if (m_Enabled) { scene.UnregisterModuleInterface<IAuthenticationService>(this); } }
  61. #endregion ISharedRegionModule
  62. public SimianAuthenticationServiceConnector(IConfigSource source)
  63. {
  64. CommonInit(source);
  65. }
  66. public void Initialise(IConfigSource source)
  67. {
  68. IConfig moduleConfig = source.Configs["Modules"];
  69. if (moduleConfig != null)
  70. {
  71. string name = moduleConfig.GetString("AuthenticationServices", "");
  72. if (name == Name)
  73. CommonInit(source);
  74. }
  75. }
  76. private void CommonInit(IConfigSource source)
  77. {
  78. IConfig gridConfig = source.Configs["AuthenticationService"];
  79. if (gridConfig != null)
  80. {
  81. string serviceUrl = gridConfig.GetString("AuthenticationServerURI");
  82. if (!String.IsNullOrEmpty(serviceUrl))
  83. {
  84. if (!serviceUrl.EndsWith("/") && !serviceUrl.EndsWith("="))
  85. serviceUrl = serviceUrl + '/';
  86. m_serverUrl = serviceUrl;
  87. m_Enabled = true;
  88. }
  89. }
  90. if (String.IsNullOrEmpty(m_serverUrl))
  91. m_log.Info("[SIMIAN AUTH CONNECTOR]: No AuthenticationServerURI specified, disabling connector");
  92. }
  93. public string Authenticate(UUID principalID, string password, int lifetime, out UUID realID)
  94. {
  95. realID = UUID.Zero;
  96. return Authenticate(principalID, password, lifetime);
  97. }
  98. public string Authenticate(UUID principalID, string password, int lifetime)
  99. {
  100. NameValueCollection requestArgs = new NameValueCollection
  101. {
  102. { "RequestMethod", "GetIdentities" },
  103. { "UserID", principalID.ToString() }
  104. };
  105. OSDMap response = SimianGrid.PostToService(m_serverUrl, requestArgs);
  106. if (response["Success"].AsBoolean() && response["Identities"] is OSDArray)
  107. {
  108. bool md5hashFound = false;
  109. OSDArray identities = (OSDArray)response["Identities"];
  110. for (int i = 0; i < identities.Count; i++)
  111. {
  112. OSDMap identity = identities[i] as OSDMap;
  113. if (identity != null)
  114. {
  115. if (identity["Type"].AsString() == "md5hash")
  116. {
  117. string authorizeResult;
  118. if (CheckPassword(principalID, password, identity["Credential"].AsString(), out authorizeResult))
  119. return authorizeResult;
  120. md5hashFound = true;
  121. break;
  122. }
  123. }
  124. }
  125. if (!md5hashFound)
  126. m_log.Warn("[SIMIAN AUTH CONNECTOR]: Authentication failed for " + principalID + ", no md5hash identity found");
  127. }
  128. else
  129. {
  130. m_log.Warn("[SIMIAN AUTH CONNECTOR]: Failed to retrieve identities for " + principalID + ": " +
  131. response["Message"].AsString());
  132. }
  133. return String.Empty;
  134. }
  135. public bool Verify(UUID principalID, string token, int lifetime)
  136. {
  137. NameValueCollection requestArgs = new NameValueCollection
  138. {
  139. { "RequestMethod", "GetSession" },
  140. { "SessionID", token }
  141. };
  142. OSDMap response = SimianGrid.PostToService(m_serverUrl, requestArgs);
  143. if (response["Success"].AsBoolean())
  144. {
  145. return true;
  146. }
  147. else
  148. {
  149. m_log.Warn("[SIMIAN AUTH CONNECTOR]: Could not verify session for " + principalID + ": " +
  150. response["Message"].AsString());
  151. }
  152. return false;
  153. }
  154. public bool Release(UUID principalID, string token)
  155. {
  156. NameValueCollection requestArgs = new NameValueCollection
  157. {
  158. { "RequestMethod", "RemoveSession" },
  159. { "UserID", principalID.ToString() }
  160. };
  161. OSDMap response = SimianGrid.PostToService(m_serverUrl, requestArgs);
  162. if (response["Success"].AsBoolean())
  163. {
  164. return true;
  165. }
  166. else
  167. {
  168. m_log.Warn("[SIMIAN AUTH CONNECTOR]: Failed to remove session for " + principalID + ": " +
  169. response["Message"].AsString());
  170. }
  171. return false;
  172. }
  173. public bool SetPassword(UUID principalID, string passwd)
  174. {
  175. // Fetch the user name first
  176. NameValueCollection requestArgs = new NameValueCollection
  177. {
  178. { "RequestMethod", "GetUser" },
  179. { "UserID", principalID.ToString() }
  180. };
  181. OSDMap response = SimianGrid.PostToService(m_serverUrl, requestArgs);
  182. if (response["Success"].AsBoolean() && response["User"] is OSDMap)
  183. {
  184. OSDMap userMap = (OSDMap)response["User"];
  185. string identifier = userMap["Name"].AsString();
  186. if (!String.IsNullOrEmpty(identifier))
  187. {
  188. // Add/update the md5hash identity
  189. // TODO: Support salts when AddIdentity does
  190. // TODO: Create an a1hash too for WebDAV logins
  191. requestArgs = new NameValueCollection
  192. {
  193. { "RequestMethod", "AddIdentity" },
  194. { "Identifier", identifier },
  195. { "Credential", "$1$" + Utils.MD5String(passwd) },
  196. { "Type", "md5hash" },
  197. { "UserID", principalID.ToString() }
  198. };
  199. response = SimianGrid.PostToService(m_serverUrl, requestArgs);
  200. bool success = response["Success"].AsBoolean();
  201. if (!success)
  202. m_log.WarnFormat("[SIMIAN AUTH CONNECTOR]: Failed to set password for {0} ({1})", identifier, principalID);
  203. return success;
  204. }
  205. }
  206. else
  207. {
  208. m_log.Warn("[SIMIAN AUTH CONNECTOR]: Failed to retrieve identities for " + principalID + ": " +
  209. response["Message"].AsString());
  210. }
  211. return false;
  212. }
  213. public AuthInfo GetAuthInfo(UUID principalID)
  214. {
  215. throw new NotImplementedException();
  216. }
  217. public bool SetAuthInfo(AuthInfo info)
  218. {
  219. throw new NotImplementedException();
  220. }
  221. private bool CheckPassword(UUID userID, string password, string simianGridCredential, out string authorizeResult)
  222. {
  223. if (simianGridCredential.Contains(":"))
  224. {
  225. // Salted version
  226. int idx = simianGridCredential.IndexOf(':');
  227. string finalhash = simianGridCredential.Substring(0, idx);
  228. string salt = simianGridCredential.Substring(idx + 1);
  229. if (finalhash == Utils.MD5String(password + ":" + salt))
  230. {
  231. authorizeResult = Authorize(userID);
  232. return true;
  233. }
  234. else
  235. {
  236. m_log.Warn("[SIMIAN AUTH CONNECTOR]: Authentication failed for " + userID +
  237. " using md5hash " + Utils.MD5String(password) + ":" + salt);
  238. }
  239. }
  240. else
  241. {
  242. // Unsalted version
  243. if (password == simianGridCredential ||
  244. "$1$" + password == simianGridCredential ||
  245. "$1$" + Utils.MD5String(password) == simianGridCredential ||
  246. Utils.MD5String(password) == simianGridCredential ||
  247. "$1$" + Utils.MD5String(password + ":") == simianGridCredential)
  248. {
  249. authorizeResult = Authorize(userID);
  250. return true;
  251. }
  252. else
  253. {
  254. m_log.Warn("[SIMIAN AUTH CONNECTOR]: Authentication failed for " + userID +
  255. " using md5hash $1$" + Utils.MD5String(password));
  256. }
  257. }
  258. authorizeResult = null;
  259. return false;
  260. }
  261. private string Authorize(UUID userID)
  262. {
  263. NameValueCollection requestArgs = new NameValueCollection
  264. {
  265. { "RequestMethod", "AddSession" },
  266. { "UserID", userID.ToString() }
  267. };
  268. OSDMap response = SimianGrid.PostToService(m_serverUrl, requestArgs);
  269. if (response["Success"].AsBoolean())
  270. return response["SessionID"].AsUUID().ToString();
  271. else
  272. return String.Empty;
  273. }
  274. }
  275. }