SimianAuthenticationServiceConnector.cs 12 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307
  1. /*
  2. * Copyright (c) Contributors, http://opensimulator.org/
  3. * See CONTRIBUTORS.TXT for a full list of copyright holders.
  4. *
  5. * Redistribution and use in source and binary forms, with or without
  6. * modification, are permitted provided that the following conditions are met:
  7. * * Redistributions of source code must retain the above copyright
  8. * notice, this list of conditions and the following disclaimer.
  9. * * Redistributions in binary form must reproduce the above copyright
  10. * notice, this list of conditions and the following disclaimer in the
  11. * documentation and/or other materials provided with the distribution.
  12. * * Neither the name of the OpenSimulator Project nor the
  13. * names of its contributors may be used to endorse or promote products
  14. * derived from this software without specific prior written permission.
  15. *
  16. * THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY
  17. * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
  18. * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
  19. * DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY
  20. * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
  21. * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
  22. * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
  23. * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  24. * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
  25. * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  26. */
  27. using System;
  28. using System.Collections.Specialized;
  29. using System.Reflection;
  30. using log4net;
  31. using Mono.Addins;
  32. using Nini.Config;
  33. using OpenMetaverse;
  34. using OpenMetaverse.StructuredData;
  35. using OpenSim.Framework;
  36. using OpenSim.Region.Framework.Interfaces;
  37. using OpenSim.Region.Framework.Scenes;
  38. using OpenSim.Services.Interfaces;
  39. namespace OpenSim.Services.Connectors.SimianGrid
  40. {
  41. /// <summary>
  42. /// Connects authentication/authorization to the SimianGrid backend
  43. /// </summary>
  44. [Extension(Path = "/OpenSim/RegionModules", NodeName = "RegionModule")]
  45. public class SimianAuthenticationServiceConnector : IAuthenticationService, ISharedRegionModule
  46. {
  47. private static readonly ILog m_log =
  48. LogManager.GetLogger(
  49. MethodBase.GetCurrentMethod().DeclaringType);
  50. private string m_serverUrl = String.Empty;
  51. private bool m_Enabled = false;
  52. #region ISharedRegionModule
  53. public Type ReplaceableInterface { get { return null; } }
  54. public void RegionLoaded(Scene scene) { }
  55. public void PostInitialise() { }
  56. public void Close() { }
  57. public SimianAuthenticationServiceConnector() { }
  58. public string Name { get { return "SimianAuthenticationServiceConnector"; } }
  59. public void AddRegion(Scene scene) { if (m_Enabled) { scene.RegisterModuleInterface<IAuthenticationService>(this); } }
  60. public void RemoveRegion(Scene scene) { if (m_Enabled) { scene.UnregisterModuleInterface<IAuthenticationService>(this); } }
  61. #endregion ISharedRegionModule
  62. public SimianAuthenticationServiceConnector(IConfigSource source)
  63. {
  64. CommonInit(source);
  65. }
  66. public void Initialise(IConfigSource source)
  67. {
  68. IConfig moduleConfig = source.Configs["Modules"];
  69. if (moduleConfig != null)
  70. {
  71. string name = moduleConfig.GetString("AuthenticationServices", "");
  72. if (name == Name)
  73. CommonInit(source);
  74. }
  75. }
  76. private void CommonInit(IConfigSource source)
  77. {
  78. IConfig gridConfig = source.Configs["AuthenticationService"];
  79. if (gridConfig != null)
  80. {
  81. string serviceUrl = gridConfig.GetString("AuthenticationServerURI");
  82. if (!String.IsNullOrEmpty(serviceUrl))
  83. {
  84. if (!serviceUrl.EndsWith("/") && !serviceUrl.EndsWith("="))
  85. serviceUrl = serviceUrl + '/';
  86. m_serverUrl = serviceUrl;
  87. m_Enabled = true;
  88. }
  89. }
  90. if (String.IsNullOrEmpty(m_serverUrl))
  91. m_log.Info("[SIMIAN AUTH CONNECTOR]: No AuthenticationServerURI specified, disabling connector");
  92. }
  93. public string Authenticate(UUID principalID, string password, int lifetime)
  94. {
  95. NameValueCollection requestArgs = new NameValueCollection
  96. {
  97. { "RequestMethod", "GetIdentities" },
  98. { "UserID", principalID.ToString() }
  99. };
  100. OSDMap response = WebUtil.PostToService(m_serverUrl, requestArgs);
  101. if (response["Success"].AsBoolean() && response["Identities"] is OSDArray)
  102. {
  103. bool md5hashFound = false;
  104. OSDArray identities = (OSDArray)response["Identities"];
  105. for (int i = 0; i < identities.Count; i++)
  106. {
  107. OSDMap identity = identities[i] as OSDMap;
  108. if (identity != null)
  109. {
  110. if (identity["Type"].AsString() == "md5hash")
  111. {
  112. string authorizeResult;
  113. if (CheckPassword(principalID, password, identity["Credential"].AsString(), out authorizeResult))
  114. return authorizeResult;
  115. md5hashFound = true;
  116. break;
  117. }
  118. }
  119. }
  120. if (!md5hashFound)
  121. m_log.Warn("[SIMIAN AUTH CONNECTOR]: Authentication failed for " + principalID + ", no md5hash identity found");
  122. }
  123. else
  124. {
  125. m_log.Warn("[SIMIAN AUTH CONNECTOR]: Failed to retrieve identities for " + principalID + ": " +
  126. response["Message"].AsString());
  127. }
  128. return String.Empty;
  129. }
  130. public bool Verify(UUID principalID, string token, int lifetime)
  131. {
  132. NameValueCollection requestArgs = new NameValueCollection
  133. {
  134. { "RequestMethod", "GetSession" },
  135. { "SessionID", token }
  136. };
  137. OSDMap response = WebUtil.PostToService(m_serverUrl, requestArgs);
  138. if (response["Success"].AsBoolean())
  139. {
  140. return true;
  141. }
  142. else
  143. {
  144. m_log.Warn("[SIMIAN AUTH CONNECTOR]: Could not verify session for " + principalID + ": " +
  145. response["Message"].AsString());
  146. }
  147. return false;
  148. }
  149. public bool Release(UUID principalID, string token)
  150. {
  151. NameValueCollection requestArgs = new NameValueCollection
  152. {
  153. { "RequestMethod", "RemoveSession" },
  154. { "UserID", principalID.ToString() }
  155. };
  156. OSDMap response = WebUtil.PostToService(m_serverUrl, requestArgs);
  157. if (response["Success"].AsBoolean())
  158. {
  159. return true;
  160. }
  161. else
  162. {
  163. m_log.Warn("[SIMIAN AUTH CONNECTOR]: Failed to remove session for " + principalID + ": " +
  164. response["Message"].AsString());
  165. }
  166. return false;
  167. }
  168. public bool SetPassword(UUID principalID, string passwd)
  169. {
  170. // Fetch the user name first
  171. NameValueCollection requestArgs = new NameValueCollection
  172. {
  173. { "RequestMethod", "GetUser" },
  174. { "UserID", principalID.ToString() }
  175. };
  176. OSDMap response = WebUtil.PostToService(m_serverUrl, requestArgs);
  177. if (response["Success"].AsBoolean() && response["User"] is OSDMap)
  178. {
  179. OSDMap userMap = (OSDMap)response["User"];
  180. string identifier = userMap["Name"].AsString();
  181. if (!String.IsNullOrEmpty(identifier))
  182. {
  183. // Add/update the md5hash identity
  184. // TODO: Support salts when AddIdentity does
  185. // TODO: Create an a1hash too for WebDAV logins
  186. requestArgs = new NameValueCollection
  187. {
  188. { "RequestMethod", "AddIdentity" },
  189. { "Identifier", identifier },
  190. { "Credential", "$1$" + Utils.MD5String(passwd) },
  191. { "Type", "md5hash" },
  192. { "UserID", principalID.ToString() }
  193. };
  194. response = WebUtil.PostToService(m_serverUrl, requestArgs);
  195. bool success = response["Success"].AsBoolean();
  196. if (!success)
  197. m_log.WarnFormat("[SIMIAN AUTH CONNECTOR]: Failed to set password for {0} ({1})", identifier, principalID);
  198. return success;
  199. }
  200. }
  201. else
  202. {
  203. m_log.Warn("[SIMIAN AUTH CONNECTOR]: Failed to retrieve identities for " + principalID + ": " +
  204. response["Message"].AsString());
  205. }
  206. return false;
  207. }
  208. public AuthInfo GetAuthInfo(UUID principalID)
  209. {
  210. throw new NotImplementedException();
  211. }
  212. public bool SetAuthInfo(AuthInfo info)
  213. {
  214. throw new NotImplementedException();
  215. }
  216. private bool CheckPassword(UUID userID, string password, string simianGridCredential, out string authorizeResult)
  217. {
  218. if (simianGridCredential.Contains(":"))
  219. {
  220. // Salted version
  221. int idx = simianGridCredential.IndexOf(':');
  222. string finalhash = simianGridCredential.Substring(0, idx);
  223. string salt = simianGridCredential.Substring(idx + 1);
  224. if (finalhash == Utils.MD5String(password + ":" + salt))
  225. {
  226. authorizeResult = Authorize(userID);
  227. return true;
  228. }
  229. else
  230. {
  231. m_log.Warn("[SIMIAN AUTH CONNECTOR]: Authentication failed for " + userID +
  232. " using md5hash " + Utils.MD5String(password) + ":" + salt);
  233. }
  234. }
  235. else
  236. {
  237. // Unsalted version
  238. if (password == simianGridCredential ||
  239. "$1$" + password == simianGridCredential ||
  240. "$1$" + Utils.MD5String(password) == simianGridCredential ||
  241. Utils.MD5String(password) == simianGridCredential ||
  242. "$1$" + Utils.MD5String(password + ":") == simianGridCredential)
  243. {
  244. authorizeResult = Authorize(userID);
  245. return true;
  246. }
  247. else
  248. {
  249. m_log.Warn("[SIMIAN AUTH CONNECTOR]: Authentication failed for " + userID +
  250. " using md5hash $1$" + Utils.MD5String(password));
  251. }
  252. }
  253. authorizeResult = null;
  254. return false;
  255. }
  256. private string Authorize(UUID userID)
  257. {
  258. NameValueCollection requestArgs = new NameValueCollection
  259. {
  260. { "RequestMethod", "AddSession" },
  261. { "UserID", userID.ToString() }
  262. };
  263. OSDMap response = WebUtil.PostToService(m_serverUrl, requestArgs);
  264. if (response["Success"].AsBoolean())
  265. return response["SessionID"].AsUUID().ToString();
  266. else
  267. return String.Empty;
  268. }
  269. }
  270. }