mirror of
https://github.com/opensim/opensim.git
synced 2026-05-23 09:16:49 +08:00
4c9400e646
These are disabled by default, as before. Please only turn these on in secure grids, since they allow the same facilities as the existing SetPassword call (also disabled by default) These facilities can be helpful when integrating external systems, in addition to the existing option of adapting an IAuthenticationService or using WebLoginKey
125 lines
4.9 KiB
C#
125 lines
4.9 KiB
C#
/*
|
|
* Copyright (c) Contributors, http://opensimulator.org/
|
|
* See CONTRIBUTORS.TXT for a full list of copyright holders.
|
|
*
|
|
* Redistribution and use in source and binary forms, with or without
|
|
* modification, are permitted provided that the following conditions are met:
|
|
* * Redistributions of source code must retain the above copyright
|
|
* notice, this list of conditions and the following disclaimer.
|
|
* * Redistributions in binary form must reproduce the above copyright
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
* documentation and/or other materials provided with the distribution.
|
|
* * Neither the name of the OpenSimulator Project nor the
|
|
* names of its contributors may be used to endorse or promote products
|
|
* derived from this software without specific prior written permission.
|
|
*
|
|
* THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY
|
|
* EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
|
|
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
|
|
* DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY
|
|
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
|
|
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
|
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
|
|
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
|
|
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
*/
|
|
|
|
using System;
|
|
using System.Collections.Generic;
|
|
using OpenMetaverse;
|
|
|
|
namespace OpenSim.Services.Interfaces
|
|
{
|
|
public class AuthInfo
|
|
{
|
|
public UUID PrincipalID { get; set; }
|
|
public string AccountType { get; set; }
|
|
public string PasswordHash { get; set; }
|
|
public string PasswordSalt { get; set; }
|
|
public string WebLoginKey { get; set; }
|
|
|
|
public Dictionary<string, object> ToKeyValuePairs()
|
|
{
|
|
Dictionary<string, object> result = new Dictionary<string, object>();
|
|
result["PrincipalID"] = PrincipalID;
|
|
result["AccountType"] = AccountType;
|
|
result["PasswordHash"] = PasswordHash;
|
|
result["PasswordSalt"] = PasswordSalt;
|
|
result["WebLoginKey"] = WebLoginKey;
|
|
|
|
return result;
|
|
}
|
|
}
|
|
|
|
// Generic Authentication service used for identifying
|
|
// and authenticating principals.
|
|
// Principals may be clients acting on users' behalf,
|
|
// or any other components that need
|
|
// verifiable identification.
|
|
//
|
|
public interface IAuthenticationService
|
|
{
|
|
//////////////////////////////////////////////////////
|
|
// Authentication
|
|
//
|
|
// These methods will return a token, which can be used to access
|
|
// various services.
|
|
//
|
|
string Authenticate(UUID principalID, string password, int lifetime);
|
|
|
|
//////////////////////////////////////////////////////
|
|
// Verification
|
|
//
|
|
// Allows to verify the authenticity of a token
|
|
//
|
|
// Tokens expire after 30 minutes and can be refreshed by
|
|
// re-verifying.
|
|
//
|
|
bool Verify(UUID principalID, string token, int lifetime);
|
|
|
|
//////////////////////////////////////////////////////
|
|
// Teardown
|
|
//
|
|
// A token can be returned before the timeout. This
|
|
// invalidates it and it can not subsequently be used
|
|
// or refreshed.
|
|
//
|
|
bool Release(UUID principalID, string token);
|
|
|
|
//////////////////////////////////////////////////////
|
|
// SetPassword for a principal
|
|
//
|
|
// This method exists for the service, but may or may not
|
|
// be served remotely. That is, the authentication
|
|
// handlers may not include one handler for this,
|
|
// because it's a bit risky. Such handlers require
|
|
// authentication/authorization.
|
|
//
|
|
bool SetPassword(UUID principalID, string passwd);
|
|
|
|
AuthInfo GetAuthInfo(UUID principalID);
|
|
|
|
bool SetAuthInfo(AuthInfo info);
|
|
|
|
//////////////////////////////////////////////////////
|
|
// Grid
|
|
//
|
|
// We no longer need a shared secret between grid
|
|
// servers. Anything a server requests from another
|
|
// server is either done on behalf of a user, in which
|
|
// case there is a token, or on behalf of a region,
|
|
// which has a session. So, no more keys.
|
|
// If sniffing on the local lan is an issue, admins
|
|
// need to take approriate action (IPSec is recommended)
|
|
// to secure inter-server traffic.
|
|
|
|
//////////////////////////////////////////////////////
|
|
// NOTE
|
|
//
|
|
// Session IDs are not handled here. After obtaining
|
|
// a token, the session ID regions use can be
|
|
// obtained from the presence service.
|
|
}
|
|
}
|