Add option to allow remote http calls to setpassword in the AuthenticationService.

This is switched on by setting AllowSetPassword = true in the [AuthenticationService] section of Robust.ini or Robust.HG.ini
Default is false as before.

OpenSim/Server/Handlers/Authentication/AuthenticationServerConnector.cs

@@ -58,7 +58,7 @@ namespace OpenSim.Server.Handlers.Authentication
             Object[] args = new Object[] { config };
             m_AuthenticationService = ServerUtils.LoadPlugin<IAuthenticationService>(authenticationService, args);
 
-            server.AddStreamHandler(new AuthenticationServerPostHandler(m_AuthenticationService));
+            server.AddStreamHandler(new AuthenticationServerPostHandler(m_AuthenticationService, serverConfig));
         }
     }
 }

OpenSim/Server/Handlers/Authentication/AuthenticationServerPostHandler.cs

@@ -49,11 +49,20 @@ namespace OpenSim.Server.Handlers.Authentication
         // private static readonly ILog m_log = LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType);
 
         private IAuthenticationService m_AuthenticationService;
+        private bool m_AllowSetPassword = false;
 
         public AuthenticationServerPostHandler(IAuthenticationService service) :
+                this(service, null) {}
+
+        public AuthenticationServerPostHandler(IAuthenticationService service, IConfig config) :
                 base("POST", "/auth")
         {
             m_AuthenticationService = service;
+
+            if (config != null)
+            {
+                m_AllowSetPassword = config.GetBoolean("AllowSetPassword", m_AllowSetPassword);
+            }
         }
 
         public override byte[] Handle(string path, Stream request,
@@ -122,6 +131,19 @@ namespace OpenSim.Server.Handlers.Authentication
                     if (token != String.Empty)
                         return SuccessResult(token);
                     return FailureResult();
+    
+                case "setpassword":
+                    if (!m_AllowSetPassword)
+                        return FailureResult();
+
+                    if (!request.ContainsKey("PASSWORD"))
+                        return FailureResult();
+    
+                    if (m_AuthenticationService.SetPassword(principalID, request["PASSWORD"].ToString()))
+                        return SuccessResult();
+                    else
+                        return FailureResult();
+    
                 case "verify":
                     if (!request.ContainsKey("TOKEN"))
                         return FailureResult();
@@ -130,6 +152,7 @@ namespace OpenSim.Server.Handlers.Authentication
                         return SuccessResult();
     
                     return FailureResult();
+    
                 case "release":
                     if (!request.ContainsKey("TOKEN"))
                         return FailureResult();

bin/Robust.HG.ini.example

@@ -146,6 +146,10 @@ ServiceConnectors = "8003/OpenSim.Server.Handlers.dll:AssetServiceConnector,8003
     LocalServiceModule = "OpenSim.Services.AuthenticationService.dll:PasswordAuthenticationService"
     ; Realm = "useraccounts"
 
+    ;; Allow the service to process HTTP setpassword calls.
+    ;; Default is false.
+    ; AllowSetPassword = false
+
 [OpenIdService]
     ; for the server connector
     AuthenticationServiceModule = "OpenSim.Services.AuthenticationService.dll:PasswordAuthenticationService"

bin/Robust.ini.example

@@ -129,6 +129,10 @@ ServiceConnectors = "8003/OpenSim.Server.Handlers.dll:AssetServiceConnector,8003
     ; for the server connector
     LocalServiceModule = "OpenSim.Services.AuthenticationService.dll:PasswordAuthenticationService"
 
+    ;; Allow the service to process HTTP setpassword calls.
+    ;; Default is false.
+    ; AllowSetPassword = false
+
 [OpenIdService]
     ; for the server connector
     AuthenticationServiceModule = "OpenSim.Services.AuthenticationService.dll:PasswordAuthenticationService"