opensim-development – Blame information for rev 1
?pathlinks?
| Rev | Author | Line No. | Line |
|---|---|---|---|
| 1 | eva | 1 | /* |
| 2 | * Copyright (c) Contributors, http://opensimulator.org/ |
||
| 3 | * See CONTRIBUTORS.TXT for a full list of copyright holders. |
||
| 4 | * |
||
| 5 | * Redistribution and use in source and binary forms, with or without |
||
| 6 | * modification, are permitted provided that the following conditions are met: |
||
| 7 | * * Redistributions of source code must retain the above copyright |
||
| 8 | * notice, this list of conditions and the following disclaimer. |
||
| 9 | * * Redistributions in binary form must reproduce the above copyright |
||
| 10 | * notice, this list of conditions and the following disclaimer in the |
||
| 11 | * documentation and/or other materials provided with the distribution. |
||
| 12 | * * Neither the name of the OpenSimulator Project nor the |
||
| 13 | * names of its contributors may be used to endorse or promote products |
||
| 14 | * derived from this software without specific prior written permission. |
||
| 15 | * |
||
| 16 | * THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY |
||
| 17 | * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED |
||
| 18 | * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE |
||
| 19 | * DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY |
||
| 20 | * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES |
||
| 21 | * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; |
||
| 22 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND |
||
| 23 | * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
||
| 24 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS |
||
| 25 | * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
||
| 26 | */ |
||
| 27 | |||
| 28 | using System; |
||
| 29 | using System.Collections.Generic; |
||
| 30 | using OpenMetaverse; |
||
| 31 | |||
| 32 | namespace OpenSim.Services.Interfaces |
||
| 33 | { |
||
| 34 | public class AuthInfo |
||
| 35 | { |
||
| 36 | public UUID PrincipalID { get; set; } |
||
| 37 | public string AccountType { get; set; } |
||
| 38 | public string PasswordHash { get; set; } |
||
| 39 | public string PasswordSalt { get; set; } |
||
| 40 | public string WebLoginKey { get; set; } |
||
| 41 | |||
| 42 | public Dictionary<string, object> ToKeyValuePairs() |
||
| 43 | { |
||
| 44 | Dictionary<string, object> result = new Dictionary<string, object>(); |
||
| 45 | result["PrincipalID"] = PrincipalID; |
||
| 46 | result["AccountType"] = AccountType; |
||
| 47 | result["PasswordHash"] = PasswordHash; |
||
| 48 | result["PasswordSalt"] = PasswordSalt; |
||
| 49 | result["WebLoginKey"] = WebLoginKey; |
||
| 50 | |||
| 51 | return result; |
||
| 52 | } |
||
| 53 | } |
||
| 54 | |||
| 55 | // Generic Authentication service used for identifying |
||
| 56 | // and authenticating principals. |
||
| 57 | // Principals may be clients acting on users' behalf, |
||
| 58 | // or any other components that need |
||
| 59 | // verifiable identification. |
||
| 60 | // |
||
| 61 | public interface IAuthenticationService |
||
| 62 | { |
||
| 63 | ////////////////////////////////////////////////////// |
||
| 64 | // Authentication |
||
| 65 | // |
||
| 66 | // These methods will return a token, which can be used to access |
||
| 67 | // various services. |
||
| 68 | // |
||
| 69 | string Authenticate(UUID principalID, string password, int lifetime); |
||
| 70 | |||
| 71 | ////////////////////////////////////////////////////// |
||
| 72 | // Verification |
||
| 73 | // |
||
| 74 | // Allows to verify the authenticity of a token |
||
| 75 | // |
||
| 76 | // Tokens expire after 30 minutes and can be refreshed by |
||
| 77 | // re-verifying. |
||
| 78 | // |
||
| 79 | bool Verify(UUID principalID, string token, int lifetime); |
||
| 80 | |||
| 81 | ////////////////////////////////////////////////////// |
||
| 82 | // Teardown |
||
| 83 | // |
||
| 84 | // A token can be returned before the timeout. This |
||
| 85 | // invalidates it and it can not subsequently be used |
||
| 86 | // or refreshed. |
||
| 87 | // |
||
| 88 | bool Release(UUID principalID, string token); |
||
| 89 | |||
| 90 | ////////////////////////////////////////////////////// |
||
| 91 | // SetPassword for a principal |
||
| 92 | // |
||
| 93 | // This method exists for the service, but may or may not |
||
| 94 | // be served remotely. That is, the authentication |
||
| 95 | // handlers may not include one handler for this, |
||
| 96 | // because it's a bit risky. Such handlers require |
||
| 97 | // authentication/authorization. |
||
| 98 | // |
||
| 99 | bool SetPassword(UUID principalID, string passwd); |
||
| 100 | |||
| 101 | AuthInfo GetAuthInfo(UUID principalID); |
||
| 102 | |||
| 103 | bool SetAuthInfo(AuthInfo info); |
||
| 104 | |||
| 105 | ////////////////////////////////////////////////////// |
||
| 106 | // Grid |
||
| 107 | // |
||
| 108 | // We no longer need a shared secret between grid |
||
| 109 | // servers. Anything a server requests from another |
||
| 110 | // server is either done on behalf of a user, in which |
||
| 111 | // case there is a token, or on behalf of a region, |
||
| 112 | // which has a session. So, no more keys. |
||
| 113 | // If sniffing on the local lan is an issue, admins |
||
| 114 | // need to take approriate action (IPSec is recommended) |
||
| 115 | // to secure inter-server traffic. |
||
| 116 | |||
| 117 | ////////////////////////////////////////////////////// |
||
| 118 | // NOTE |
||
| 119 | // |
||
| 120 | // Session IDs are not handled here. After obtaining |
||
| 121 | // a token, the session ID regions use can be |
||
| 122 | // obtained from the presence service. |
||
| 123 | } |
||
| 124 | } |