From 8a2c3a026782425f73f687f82fe78ab10b5faa62 Mon Sep 17 00:00:00 2001 From: "Justin Clark-Casey (justincc)" Date: Wed, 19 Oct 2011 19:01:57 +0100 Subject: [PATCH] Add option to allow remote http calls to setpassword in the AuthenticationService. This is switched on by setting AllowSetPassword = true in the [AuthenticationService] section of Robust.ini or Robust.HG.ini Default is false as before. --- .../AuthenticationServerConnector.cs | 2 +- .../AuthenticationServerPostHandler.cs | 65 +++++++++++++------ bin/Robust.HG.ini.example | 8 ++- bin/Robust.ini.example | 8 ++- 4 files changed, 57 insertions(+), 26 deletions(-) diff --git a/OpenSim/Server/Handlers/Authentication/AuthenticationServerConnector.cs b/OpenSim/Server/Handlers/Authentication/AuthenticationServerConnector.cs index adb1e5b480..848a037aa6 100644 --- a/OpenSim/Server/Handlers/Authentication/AuthenticationServerConnector.cs +++ b/OpenSim/Server/Handlers/Authentication/AuthenticationServerConnector.cs @@ -58,7 +58,7 @@ namespace OpenSim.Server.Handlers.Authentication Object[] args = new Object[] { config }; m_AuthenticationService = ServerUtils.LoadPlugin(authenticationService, args); - server.AddStreamHandler(new AuthenticationServerPostHandler(m_AuthenticationService)); + server.AddStreamHandler(new AuthenticationServerPostHandler(m_AuthenticationService, serverConfig)); } } } diff --git a/OpenSim/Server/Handlers/Authentication/AuthenticationServerPostHandler.cs b/OpenSim/Server/Handlers/Authentication/AuthenticationServerPostHandler.cs index 47bc860207..ae719451b7 100644 --- a/OpenSim/Server/Handlers/Authentication/AuthenticationServerPostHandler.cs +++ b/OpenSim/Server/Handlers/Authentication/AuthenticationServerPostHandler.cs @@ -49,11 +49,20 @@ namespace OpenSim.Server.Handlers.Authentication // private static readonly ILog m_log = LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType); private IAuthenticationService m_AuthenticationService; + private bool m_AllowSetPassword = false; public AuthenticationServerPostHandler(IAuthenticationService service) : + this(service, null) {} + + public AuthenticationServerPostHandler(IAuthenticationService service, IConfig config) : base("POST", "/auth") { m_AuthenticationService = service; + + if (config != null) + { + m_AllowSetPassword = config.GetBoolean("AllowSetPassword", m_AllowSetPassword); + } } public override byte[] Handle(string path, Stream request, @@ -113,31 +122,45 @@ namespace OpenSim.Server.Handlers.Authentication switch (method) { - case "authenticate": - if (!request.ContainsKey("PASSWORD")) + case "authenticate": + if (!request.ContainsKey("PASSWORD")) + return FailureResult(); + + token = m_AuthenticationService.Authenticate(principalID, request["PASSWORD"].ToString(), lifetime); + + if (token != String.Empty) + return SuccessResult(token); return FailureResult(); - - token = m_AuthenticationService.Authenticate(principalID, request["PASSWORD"].ToString(), lifetime); + + case "setpassword": + if (!m_AllowSetPassword) + return FailureResult(); - if (token != String.Empty) - return SuccessResult(token); - return FailureResult(); - case "verify": - if (!request.ContainsKey("TOKEN")) + if (!request.ContainsKey("PASSWORD")) + return FailureResult(); + + if (m_AuthenticationService.SetPassword(principalID, request["PASSWORD"].ToString())) + return SuccessResult(); + else + return FailureResult(); + + case "verify": + if (!request.ContainsKey("TOKEN")) + return FailureResult(); + + if (m_AuthenticationService.Verify(principalID, request["TOKEN"].ToString(), lifetime)) + return SuccessResult(); + return FailureResult(); - - if (m_AuthenticationService.Verify(principalID, request["TOKEN"].ToString(), lifetime)) - return SuccessResult(); - - return FailureResult(); - case "release": - if (!request.ContainsKey("TOKEN")) + + case "release": + if (!request.ContainsKey("TOKEN")) + return FailureResult(); + + if (m_AuthenticationService.Release(principalID, request["TOKEN"].ToString())) + return SuccessResult(); + return FailureResult(); - - if (m_AuthenticationService.Release(principalID, request["TOKEN"].ToString())) - return SuccessResult(); - - return FailureResult(); } return FailureResult(); diff --git a/bin/Robust.HG.ini.example b/bin/Robust.HG.ini.example index 5958fc1aea..aed1d330ad 100644 --- a/bin/Robust.HG.ini.example +++ b/bin/Robust.HG.ini.example @@ -146,6 +146,10 @@ ServiceConnectors = "8003/OpenSim.Server.Handlers.dll:AssetServiceConnector,8003 LocalServiceModule = "OpenSim.Services.AuthenticationService.dll:PasswordAuthenticationService" ; Realm = "useraccounts" + ;; Allow the service to process HTTP setpassword calls. + ;; Default is false. + ; AllowSetPassword = false + [OpenIdService] ; for the server connector AuthenticationServiceModule = "OpenSim.Services.AuthenticationService.dll:PasswordAuthenticationService" @@ -173,11 +177,11 @@ ServiceConnectors = "8003/OpenSim.Server.Handlers.dll:AssetServiceConnector,8003 ;; Default is false ; CreateDefaultAvatarEntries = false - ;; Allow the service to process HTTP create user calls. + ;; Allow the service to process HTTP createuser calls. ;; Default is false. ; AllowCreateUser = false - ;; Allow the service to process HTTP set account calls. + ;; Allow the service to process HTTP setaccount calls. ;; Default is false. ; AllowSetAccount = false diff --git a/bin/Robust.ini.example b/bin/Robust.ini.example index 2c8770ab56..522cc5646b 100644 --- a/bin/Robust.ini.example +++ b/bin/Robust.ini.example @@ -129,6 +129,10 @@ ServiceConnectors = "8003/OpenSim.Server.Handlers.dll:AssetServiceConnector,8003 ; for the server connector LocalServiceModule = "OpenSim.Services.AuthenticationService.dll:PasswordAuthenticationService" + ;; Allow the service to process HTTP setpassword calls. + ;; Default is false. + ; AllowSetPassword = false + [OpenIdService] ; for the server connector AuthenticationServiceModule = "OpenSim.Services.AuthenticationService.dll:PasswordAuthenticationService" @@ -156,11 +160,11 @@ ServiceConnectors = "8003/OpenSim.Server.Handlers.dll:AssetServiceConnector,8003 ;; Default is false ; CreateDefaultAvatarEntries = false - ;; Allow the service to process HTTP create user calls. + ;; Allow the service to process HTTP createuser calls. ;; Default is false. ; AllowCreateUser = false - ;; Allow the service to process HTTP set account calls. + ;; Allow the service to process HTTP setaccount calls. ;; Default is false. ; AllowSetAccount = false