AuthenticationServiceBase.cs 7.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193
  1. /*
  2. * Copyright (c) Contributors, http://opensimulator.org/
  3. * See CONTRIBUTORS.TXT for a full list of copyright holders.
  4. *
  5. * Redistribution and use in source and binary forms, with or without
  6. * modification, are permitted provided that the following conditions are met:
  7. * * Redistributions of source code must retain the above copyright
  8. * notice, this list of conditions and the following disclaimer.
  9. * * Redistributions in binary form must reproduce the above copyright
  10. * notice, this list of conditions and the following disclaimer in the
  11. * documentation and/or other materials provided with the distribution.
  12. * * Neither the name of the OpenSimulator Project nor the
  13. * names of its contributors may be used to endorse or promote products
  14. * derived from this software without specific prior written permission.
  15. *
  16. * THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY
  17. * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
  18. * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
  19. * DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY
  20. * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
  21. * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
  22. * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
  23. * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  24. * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
  25. * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  26. */
  27. using System;
  28. using OpenMetaverse;
  29. using log4net;
  30. using Nini.Config;
  31. using System.Reflection;
  32. using OpenSim.Server.Base;
  33. using OpenSim.Services.Interfaces;
  34. using OpenSim.Data;
  35. using OpenSim.Framework;
  36. using OpenSim.Services.Base;
  37. namespace OpenSim.Services.AuthenticationService
  38. {
  39. // Generic Authentication service used for identifying
  40. // and authenticating principals.
  41. // Principals may be clients acting on users' behalf,
  42. // or any other components that need
  43. // verifiable identification.
  44. //
  45. public class AuthenticationServiceBase : ServiceBase
  46. {
  47. private static readonly ILog m_log =
  48. LogManager.GetLogger(
  49. MethodBase.GetCurrentMethod().DeclaringType);
  50. protected IAuthenticationData m_Database;
  51. protected IUserAccountService m_UserAccountService = null;
  52. public AuthenticationServiceBase(IConfigSource config, IUserAccountService acct) : this(config)
  53. {
  54. m_UserAccountService = acct;
  55. }
  56. public AuthenticationServiceBase(IConfigSource config) : base(config)
  57. {
  58. string dllName = String.Empty;
  59. string connString = String.Empty;
  60. string realm = "auth";
  61. //
  62. // Try reading the [AuthenticationService] section first, if it exists
  63. //
  64. IConfig authConfig = config.Configs["AuthenticationService"];
  65. if (authConfig != null)
  66. {
  67. dllName = authConfig.GetString("StorageProvider", dllName);
  68. connString = authConfig.GetString("ConnectionString", connString);
  69. realm = authConfig.GetString("Realm", realm);
  70. }
  71. //
  72. // Try reading the [DatabaseService] section, if it exists
  73. //
  74. IConfig dbConfig = config.Configs["DatabaseService"];
  75. if (dbConfig != null)
  76. {
  77. if (dllName.Length == 0)
  78. dllName = dbConfig.GetString("StorageProvider", String.Empty);
  79. if (connString.Length == 0)
  80. connString = dbConfig.GetString("ConnectionString", String.Empty);
  81. }
  82. //
  83. // We tried, but this doesn't exist. We can't proceed.
  84. //
  85. if (dllName.Length == 0 || realm.Length == 0)
  86. throw new Exception("No StorageProvider configured");
  87. m_Database = LoadPlugin<IAuthenticationData>(dllName,
  88. new Object[] {connString, realm});
  89. if (m_Database == null)
  90. throw new Exception(string.Format("Could not find a storage interface in module {0}", dllName));
  91. }
  92. public bool Verify(UUID principalID, string token, int lifetime)
  93. {
  94. return m_Database.CheckToken(principalID, token, lifetime);
  95. }
  96. public virtual bool Release(UUID principalID, string token)
  97. {
  98. return m_Database.CheckToken(principalID, token, 0);
  99. }
  100. public virtual bool SetPassword(UUID principalID, string password)
  101. {
  102. string passwordSalt = Util.Md5Hash(UUID.Random().ToString());
  103. string md5PasswdHash = Util.Md5Hash(Util.Md5Hash(password) + ":" + passwordSalt);
  104. AuthenticationData auth = m_Database.Get(principalID);
  105. if (auth == null)
  106. {
  107. auth = new AuthenticationData();
  108. auth.PrincipalID = principalID;
  109. auth.Data = new System.Collections.Generic.Dictionary<string, object>();
  110. auth.Data["accountType"] = "UserAccount";
  111. auth.Data["webLoginKey"] = UUID.Zero.ToString();
  112. }
  113. auth.Data["passwordHash"] = md5PasswdHash;
  114. auth.Data["passwordSalt"] = passwordSalt;
  115. if (!m_Database.Store(auth))
  116. {
  117. m_log.DebugFormat("[AUTHENTICATION DB]: Failed to store authentication data");
  118. return false;
  119. }
  120. m_log.InfoFormat("[AUTHENTICATION DB]: Set password for principalID {0}", principalID);
  121. return true;
  122. }
  123. public virtual AuthInfo GetAuthInfo(UUID principalID)
  124. {
  125. AuthenticationData data = m_Database.Get(principalID);
  126. if (data == null)
  127. {
  128. return null;
  129. }
  130. else
  131. {
  132. AuthInfo info
  133. = new AuthInfo()
  134. {
  135. PrincipalID = data.PrincipalID,
  136. AccountType = data.Data["accountType"] as string,
  137. PasswordHash = data.Data["passwordHash"] as string,
  138. PasswordSalt = data.Data["passwordSalt"] as string,
  139. WebLoginKey = data.Data["webLoginKey"] as string
  140. };
  141. return info;
  142. }
  143. }
  144. public virtual bool SetAuthInfo(AuthInfo info)
  145. {
  146. AuthenticationData auth = new AuthenticationData();
  147. auth.PrincipalID = info.PrincipalID;
  148. auth.Data = new System.Collections.Generic.Dictionary<string, object>();
  149. auth.Data["accountType"] = info.AccountType;
  150. auth.Data["webLoginKey"] = info.WebLoginKey;
  151. auth.Data["passwordHash"] = info.PasswordHash;
  152. auth.Data["passwordSalt"] = info.PasswordSalt;
  153. if (!m_Database.Store(auth))
  154. {
  155. m_log.ErrorFormat("[AUTHENTICATION DB]: Failed to store authentication info.");
  156. return false;
  157. }
  158. m_log.DebugFormat("[AUTHENTICATION DB]: Set authentication info for principalID {0}", info.PrincipalID);
  159. return true;
  160. }
  161. protected string GetToken(UUID principalID, int lifetime)
  162. {
  163. UUID token = UUID.Random();
  164. if (m_Database.SetToken(principalID, token.ToString(), lifetime))
  165. return token.ToString();
  166. return String.Empty;
  167. }
  168. }
  169. }