Ok, I've been reviewing the code and think that there isn't any way to authenticate an user from a service published on Opensim.exe (grid mode); I suposse will be the same to other servers. User server does not provide methods for authetication.<br>
<br>I pretend something like that:<br>- I have an Opensim(mono) plugin, managed from Opensim.exe.<br>- In the initialization I publish a service in the xmlrpc server (is exactly the way RemoteController does)<br> m_httpd.AddXmlRPCHandler("execute_command", XmlRpcExecuteCommandMethod, false);<br>
- I receive username/lastname and password in the xmlrpc request; the command XmlRpcExecuteCommandMethod is executed.<br><br>And now, the problem: I have access to OpenSimBase, which allows me to access to communicationsManager, and from here to any server, but I can't find any method in user server to auth.<br>
LoginServer.cs has the public method AuthenticateUser(UserProfileData profile, string password) which only returns a boolean but it isn't published in the UserServer for remote authentication.<br><br>If you are asking why the hell I could need this thing... the answer is simple: I'm improving the RemoteAdmin service, which I need to my Henshin (autocad to sl/opensim importer) tool. I want to provide a secure plugin for opensim users who want to use this tool (me, for example). The improvement is simple: I have included a Facade and a Command Factory pattern which will allow anyone to create "admin" plugins accesible from xmlrpc and are isolated from the "opensim engine" (if one core method changes, only some commands will be affected and not the whole system)<br>
<br>I could have used libopenmv, but I prefer a "native" solution and not to use hacks.<br><br>I'm not a security expert so if anyone can tell me which security implications could have this way to "remote authenticate"...<br>
<br>Greetings<br><br><br><br><br><div class="gmail_quote">2008/11/21 Frisby, Adam <span dir="ltr"><<a href="mailto:adam@deepthink.com.au">adam@deepthink.com.au</a>></span><br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div link="blue" vlink="purple" lang="EN-AU">
<div>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);">Uhh it should be salted.</span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);"> </span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);">There's a passwordSalt field for a reason.</span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);"> </span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);">Adam</span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);"> </span></p>
<div style="border-style: none none none solid; border-color: -moz-use-text-color -moz-use-text-color -moz-use-text-color blue; border-width: medium medium medium 1.5pt; padding: 0cm 0cm 0cm 4pt;">
<div>
<div style="border-style: solid none none; border-color: rgb(181, 196, 223) -moz-use-text-color -moz-use-text-color; border-width: 1pt medium medium; padding: 3pt 0cm 0cm;">
<p><b><span style="font-size: 10pt;" lang="EN-US">From:</span></b><span style="font-size: 10pt;" lang="EN-US"> <a href="mailto:opensim-dev-bounces@lists.berlios.de" target="_blank">opensim-dev-bounces@lists.berlios.de</a>
[mailto:<a href="mailto:opensim-dev-bounces@lists.berlios.de" target="_blank">opensim-dev-bounces@lists.berlios.de</a>] <b>On Behalf Of </b>Alan M Webb<br>
<b>Sent:</b> Thursday, 20 November 2008 4:14 PM<div class="Ih2E3d"><br>
<b>To:</b> <a href="mailto:opensim-dev@lists.berlios.de" target="_blank">opensim-dev@lists.berlios.de</a><br>
</div><div><div></div><div class="Wj3C7c"><b>Subject:</b> Re: [Opensim-dev] Problem with User server in grid mode
retrieving User Profile</div></div></span></p>
</div>
</div><div><div></div><div class="Wj3C7c">
<p> </p>
<p style="margin-bottom: 12pt;"><br>
<span style="font-size: 10pt;">I believe it
exports a service which you can pass the login data you received and get an
authentication response (true or false). I don't have my system up at the
moment, so I can't check the details. OpenSim doesn't actually use any salt
when it stores the password, so that makes it easier to handle.</span> <br>
<br>
<span style="font-size: 10pt;">You need one of
the grid owners to respond, I use stand-alone pretty much exclusively.</span> <br>
<span style="font-size: 10pt;"><br>
Best regards<br>
Alan<br>
-------------------<br>
T.J. Watson Research Center, Hawthorne, NY<br>
1-914-784-7286<br>
<a href="mailto:alan_webb@us.ibm.com" target="_blank">alan_webb@us.ibm.com</a></span> <br>
<br>
</p>
<table style="width: 100%;" width="100%" border="0" cellpadding="0">
<tbody><tr>
<td style="padding: 0.75pt;" valign="top">
<p><span style="font-size: 7.5pt; color: rgb(95, 95, 95);">From:</span> </p>
</td>
<td style="padding: 0.75pt;" valign="top">
<p><span style="font-size: 7.5pt;">Impalah
<<a href="mailto:impalah@gmail.com" target="_blank">impalah@gmail.com</a>></span> </p>
</td>
</tr>
<tr>
<td style="padding: 0.75pt;" valign="top">
<p><span style="font-size: 7.5pt; color: rgb(95, 95, 95);">To:</span> </p>
</td>
<td style="padding: 0.75pt;" valign="top">
<p><span style="font-size: 7.5pt;"><a href="mailto:opensim-dev@lists.berlios.de" target="_blank">opensim-dev@lists.berlios.de</a></span>
</p>
</td>
</tr>
<tr>
<td style="padding: 0.75pt;" valign="top">
<p><span style="font-size: 7.5pt; color: rgb(95, 95, 95);">Date:</span> </p>
</td>
<td style="padding: 0.75pt;" valign="top">
<p><span style="font-size: 7.5pt;">11/20/2008
06:32 PM</span> </p>
</td>
</tr>
<tr>
<td style="padding: 0.75pt;" valign="top">
<p><span style="font-size: 7.5pt; color: rgb(95, 95, 95);">Subject:</span> </p>
</td>
<td style="padding: 0.75pt;" valign="top">
<p><span style="font-size: 7.5pt;">Re:
[Opensim-dev] Problem with User server in grid mode retrieving
User Profile</span></p>
</td>
</tr>
</tbody></table>
<p> </p>
<div style="text-align: center;" align="center">
<hr style="color: rgb(160, 160, 160);" size="2" width="100%" align="center" noshade>
</div>
<p style="margin-bottom: 12pt;"><br>
<br>
<br>
Damn!!!<br>
<br>
Then, is there another "clean" way to authenticate an user when using
xmlrpc calls? (like RemoteAdmin does).<br>
<br>
The dirty trick of setting a "master" password in opensim.ini is
quite... well if I had a "commercial" grid the idea of delivering an
unique password to everyone who wants to use some services will make me
sweat... :-(<br>
<br>
Thanks for the quick response, Alan<br>
<br>
<br>
<br>
2008/11/21 Alan M Webb <<a href="mailto:alan_webb@us.ibm.com" target="_blank">alan_webb@us.ibm.com</a>>
<br>
<span style="font-size: 10pt;"><br>
Yes, I stumbled over the same thing too. What I discovered (well actually Mic
Bowman or John Hurliman): For security reasons, the user server suppresses
password information in remote requests for user profile information. This is
deliberate and necessary to preserve the fragile shreds of security we
currently have.</span> <span style="font-size: 10pt;"><br>
<br>
Best regards<br>
Alan<br>
-------------------<br>
T.J. Watson Research Center, Hawthorne, NY<br>
1-914-784-7286<u><span style="color: blue;"><br>
</span></u></span><a href="mailto:alan_webb@us.ibm.com" target="_blank"><span style="font-size: 10pt;">alan_webb@us.ibm.com</span></a>
</p>
<table style="width: 100%;" width="100%" border="0" cellpadding="0">
<tbody><tr>
<td style="padding: 0.75pt; width: 10%;" valign="top" width="10%">
<p><span style="font-size: 7.5pt; color: rgb(95, 95, 95);">From:</span> </p>
</td>
<td style="padding: 0.75pt; width: 89%;" valign="top" width="89%">
<p><span style="font-size: 7.5pt;">Impalah
<</span><a href="mailto:impalah@gmail.com" target="_blank"><span style="font-size: 7.5pt;">impalah@gmail.com</span></a><span style="font-size: 7.5pt;">></span> </p>
</td>
</tr>
<tr>
<td style="padding: 0.75pt;" valign="top">
<p><span style="font-size: 7.5pt; color: rgb(95, 95, 95);">To:</span> </p>
</td>
<td style="padding: 0.75pt;" valign="top">
<p><a href="mailto:opensim-dev@lists.berlios.de" target="_blank"><span style="font-size: 7.5pt;">opensim-dev@lists.berlios.de</span></a>
</p>
</td>
</tr>
<tr>
<td style="padding: 0.75pt;" valign="top">
<p><span style="font-size: 7.5pt; color: rgb(95, 95, 95);">Date:</span> </p>
</td>
<td style="padding: 0.75pt;" valign="top">
<p><span style="font-size: 7.5pt;">11/20/2008
06:13 PM</span> </p>
</td>
</tr>
<tr>
<td style="padding: 0.75pt;" valign="top">
<p><span style="font-size: 7.5pt; color: rgb(95, 95, 95);">Subject:</span> </p>
</td>
<td style="padding: 0.75pt;" valign="top">
<p><span style="font-size: 7.5pt;">[Opensim-dev]
Problem with User server in grid mode retrieving User
Profile</span></p>
</td>
</tr>
</tbody></table>
<p style="margin-bottom: 12pt;"> </p>
<div style="text-align: center;" align="center">
<hr style="color: rgb(160, 160, 160);" size="2" width="100%" align="center" noshade>
</div>
<p style="margin-bottom: 12pt;"><br>
<br>
<br>
<br>
Hi:<br>
<br>
I'm having a strange problem retrieving user profiles only in GRID mode (standalone
works ok): the field PasswordHash (I need this field to do a xmlrpc
authentication) is empty.<br>
<br>
I'm using version 0.6, I can't remember the svn release, it's from 1 week ago,
Windows XP SP3, Net 2.0 and Mysql.<br>
<br>
I couldn't find any issue in Mantis so my question is: is this a feature for
grid mode or something similar?<br>
<br>
The code in MySQLUserData.cs is the same for both modes and couldn't find any
"strange" line in User Server code:<br>
<br>
IDbCommand result = dbm.Manager.Query("SELECT * FROM " + m_agentsTableName
+ " WHERE UUID = ?uuid",<br>
param);<br>
<br>
<br>
Any idea?<br>
<br>
Greetings <br>
<tt><span style="font-size: 10pt;">_______________________________________________</span></tt><span style="font-size: 10pt; font-family: "Courier New";"><br>
<tt>Opensim-dev mailing list</tt><u><span style="color: blue;"><br>
</span></u></span><a href="mailto:Opensim-dev@lists.berlios.de" target="_blank"><tt><span style="font-size: 10pt;">Opensim-dev@lists.berlios.de</span></tt></a><u><span style="color: blue;"><br>
</span></u><a href="https://lists.berlios.de/mailman/listinfo/opensim-dev" target="_blank"><tt><span style="font-size: 10pt;">https://lists.berlios.de/mailman/listinfo/opensim-dev</span></tt></a><br>
<br>
<br>
<br>
_______________________________________________<br>
Opensim-dev mailing list<u><span style="color: blue;"><br>
</span></u><a href="mailto:Opensim-dev@lists.berlios.de" target="_blank">Opensim-dev@lists.berlios.de</a><u><span style="color: blue;"><br>
</span></u><a href="https://lists.berlios.de/mailman/listinfo/opensim-dev" target="_blank">https://lists.berlios.de/mailman/listinfo/opensim-dev</a><br>
<br>
<tt><span style="font-size: 10pt;">_______________________________________________</span></tt><span style="font-size: 10pt; font-family: "Courier New";"><br>
<tt>Opensim-dev mailing list</tt><br>
<tt><a href="mailto:Opensim-dev@lists.berlios.de" target="_blank">Opensim-dev@lists.berlios.de</a></tt><br>
</span><a href="https://lists.berlios.de/mailman/listinfo/opensim-dev" target="_blank"><tt><span style="font-size: 10pt;">https://lists.berlios.de/mailman/listinfo/opensim-dev</span></tt></a><span style="font-size: 10pt; font-family: "Courier New";"><br>
<br>
</span></p>
</div></div></div>
</div>
</div>
<br>_______________________________________________<br>
Opensim-dev mailing list<br>
<a href="mailto:Opensim-dev@lists.berlios.de">Opensim-dev@lists.berlios.de</a><br>
<a href="https://lists.berlios.de/mailman/listinfo/opensim-dev" target="_blank">https://lists.berlios.de/mailman/listinfo/opensim-dev</a><br>
<br></blockquote></div><br>