/* * Copyright (c) Contributors, http://opensimulator.org/ * See CONTRIBUTORS.TXT for a full list of copyright holders. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * Neither the name of the OpenSimulator Project nor the * names of its contributors may be used to endorse or promote products * derived from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ using Nini.Config; using log4net; using System; using System.Reflection; using System.IO; using System.Net; using System.Text; using System.Text.RegularExpressions; using System.Xml; using System.Xml.Serialization; using System.Collections.Generic; using OpenSim.Server.Base; using OpenSim.Services.Interfaces; using OpenSim.Framework; using OpenSim.Framework.ServiceAuth; using OpenSim.Framework.Servers.HttpServer; using OpenMetaverse; namespace OpenSim.Server.Handlers.Authentication { public class AuthenticationServerPostHandler : BaseStreamHandler { private static readonly ILog m_log = LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType); private IAuthenticationService m_AuthenticationService; private bool m_AllowGetAuthInfo = false; private bool m_AllowSetAuthInfo = false; private bool m_AllowSetPassword = false; public AuthenticationServerPostHandler(IAuthenticationService service) : this(service, null, null) {} public AuthenticationServerPostHandler(IAuthenticationService service, IConfig config, IServiceAuth auth) : base("POST", "/auth", auth) { m_AuthenticationService = service; if (config != null) { m_AllowGetAuthInfo = config.GetBoolean("AllowGetAuthInfo", m_AllowGetAuthInfo); m_AllowSetAuthInfo = config.GetBoolean("AllowSetAuthInfo", m_AllowSetAuthInfo); m_AllowSetPassword = config.GetBoolean("AllowSetPassword", m_AllowSetPassword); } } protected override byte[] ProcessRequest(string path, Stream request, IOSHttpRequest httpRequest, IOSHttpResponse httpResponse) { // m_log.Error("[XXX]: Authenticating..."); string[] p = SplitParams(path); if (p.Length > 0) { switch (p[0]) { case "plain": string body; using(StreamReader sr = new StreamReader(request)) body = sr.ReadToEnd(); return DoPlainMethods(body); case "crypt": byte[] buffer = new byte[request.Length]; long length = request.Length; if (length > 16384) length = 16384; request.Read(buffer, 0, (int)length); return DoEncryptedMethods(buffer); } } return Array.Empty(); } private byte[] DoPlainMethods(string body) { Dictionary request = ServerUtils.ParseQueryString(body); int lifetime = 30; if (request.ContainsKey("LIFETIME")) { lifetime = Convert.ToInt32(request["LIFETIME"].ToString()); if (lifetime > 30) lifetime = 30; } if (!request.ContainsKey("METHOD")) return FailureResult(); if (!request.ContainsKey("PRINCIPAL")) return FailureResult(); string method = request["METHOD"].ToString(); UUID principalID; string token; if (!UUID.TryParse(request["PRINCIPAL"].ToString(), out principalID)) return FailureResult(); switch (method) { case "authenticate": if (!request.ContainsKey("PASSWORD")) return FailureResult(); token = m_AuthenticationService.Authenticate(principalID, request["PASSWORD"].ToString(), lifetime); if (token != String.Empty) return SuccessResult(token); return FailureResult(); case "setpassword": if (!m_AllowSetPassword) return FailureResult(); if (!request.ContainsKey("PASSWORD")) return FailureResult(); if (m_AuthenticationService.SetPassword(principalID, request["PASSWORD"].ToString())) return SuccessResult(); else return FailureResult(); case "verify": if (!request.ContainsKey("TOKEN")) return FailureResult(); if (m_AuthenticationService.Verify(principalID, request["TOKEN"].ToString(), lifetime)) return SuccessResult(); return FailureResult(); case "release": if (!request.ContainsKey("TOKEN")) return FailureResult(); if (m_AuthenticationService.Release(principalID, request["TOKEN"].ToString())) return SuccessResult(); return FailureResult(); case "getauthinfo": if (m_AllowGetAuthInfo) return GetAuthInfo(principalID); break; case "setauthinfo": if (m_AllowSetAuthInfo) return SetAuthInfo(principalID, request); break; } return FailureResult(); } private byte[] DoEncryptedMethods(byte[] ciphertext) { return Array.Empty(); } private byte[] SuccessResult() { XmlDocument doc = new XmlDocument(); XmlNode xmlnode = doc.CreateNode(XmlNodeType.XmlDeclaration, "", ""); doc.AppendChild(xmlnode); XmlElement rootElement = doc.CreateElement("", "ServerResponse", ""); doc.AppendChild(rootElement); XmlElement result = doc.CreateElement("", "Result", ""); result.AppendChild(doc.CreateTextNode("Success")); rootElement.AppendChild(result); return Util.DocToBytes(doc); } byte[] GetAuthInfo(UUID principalID) { AuthInfo info = m_AuthenticationService.GetAuthInfo(principalID); if (info != null) { Dictionary result = new Dictionary(); result["result"] = info.ToKeyValuePairs(); return ResultToBytes(result); } else { return FailureResult(); } } byte[] SetAuthInfo(UUID principalID, Dictionary request) { AuthInfo existingInfo = m_AuthenticationService.GetAuthInfo(principalID); if (existingInfo == null) return FailureResult(); if (request.ContainsKey("AccountType")) existingInfo.AccountType = request["AccountType"].ToString(); if (request.ContainsKey("PasswordHash")) existingInfo.PasswordHash = request["PasswordHash"].ToString(); if (request.ContainsKey("PasswordSalt")) existingInfo.PasswordSalt = request["PasswordSalt"].ToString(); if (request.ContainsKey("WebLoginKey")) existingInfo.WebLoginKey = request["WebLoginKey"].ToString(); if (!m_AuthenticationService.SetAuthInfo(existingInfo)) { m_log.ErrorFormat( "[AUTHENTICATION SERVER POST HANDLER]: Authentication info store failed for account {0} {1} {2}", existingInfo.PrincipalID); return FailureResult(); } return SuccessResult(); } private byte[] FailureResult() { XmlDocument doc = new XmlDocument(); XmlNode xmlnode = doc.CreateNode(XmlNodeType.XmlDeclaration, "", ""); doc.AppendChild(xmlnode); XmlElement rootElement = doc.CreateElement("", "ServerResponse", ""); doc.AppendChild(rootElement); XmlElement result = doc.CreateElement("", "Result", ""); result.AppendChild(doc.CreateTextNode("Failure")); rootElement.AppendChild(result); return Util.DocToBytes(doc); } private byte[] SuccessResult(string token) { XmlDocument doc = new XmlDocument(); XmlNode xmlnode = doc.CreateNode(XmlNodeType.XmlDeclaration, "", ""); doc.AppendChild(xmlnode); XmlElement rootElement = doc.CreateElement("", "ServerResponse", ""); doc.AppendChild(rootElement); XmlElement result = doc.CreateElement("", "Result", ""); result.AppendChild(doc.CreateTextNode("Success")); rootElement.AppendChild(result); XmlElement t = doc.CreateElement("", "Token", ""); t.AppendChild(doc.CreateTextNode(token)); rootElement.AppendChild(t); return Util.DocToBytes(doc); } private byte[] ResultToBytes(Dictionary result) { string xmlString = ServerUtils.BuildXmlResponse(result); return Util.UTF8NoBomEncoding.GetBytes(xmlString); } } }