/Aurora/Framework/Services/IAuthenticationService.cs
C# | 107 lines | 14 code | 8 blank | 85 comment | 0 complexity | bf91893390ba696b7b0a3e92a541e9dd MD5 | raw file
1/* 2 * Copyright (c) Contributors, http://aurora-sim.org/, http://opensimulator.org/ 3 * See CONTRIBUTORS.TXT for a full list of copyright holders. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions are met: 7 * * Redistributions of source code must retain the above copyright 8 * notice, this list of conditions and the following disclaimer. 9 * * Redistributions in binary form must reproduce the above copyright 10 * notice, this list of conditions and the following disclaimer in the 11 * documentation and/or other materials provided with the distribution. 12 * * Neither the name of the Aurora-Sim Project nor the 13 * names of its contributors may be used to endorse or promote products 14 * derived from this software without specific prior written permission. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY 17 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 18 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 19 * DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY 20 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 21 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 22 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 23 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 24 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 25 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 26 */ 27 28using OpenMetaverse; 29 30namespace Aurora.Framework.Services 31{ 32 // Generic Authentication service used for identifying 33 // and authenticating principals. 34 // Principals may be clients acting on users' behalf, 35 // or any other components that need 36 // verifiable identification. 37 // 38 public interface IAuthenticationService 39 { 40 ////////////////////////////////////////////////////// 41 // Authentication 42 // 43 // These methods will return a token, which can be used to access 44 // various services. 45 // 46 string Authenticate(UUID principalID, string authType, string password, int lifetime); 47 48 ////////////////////////////////////////////////////// 49 // Verification 50 // 51 // Allows to verify the authenticity of a token 52 // 53 // Tokens expire after 30 minutes and can be refreshed by 54 // re-verifying. 55 // 56 bool Verify(UUID principalID, string authType, string token, int lifetime); 57 58 ////////////////////////////////////////////////////// 59 // Teardown 60 // 61 // A token can be returned before the timeout. This 62 // invalidates it and it can not subsequently be used 63 // or refreshed. 64 // 65 bool Release(UUID principalID, string authType, string token); 66 67 ////////////////////////////////////////////////////// 68 // SetPassword for a principal 69 // 70 // This method exists for the service, but may or may not 71 // be served remotely. That is, the authentication 72 // handlers may not include one handler for this, 73 // because it's a bit risky. Such handlers require 74 // authentication/authorization. 75 // 76 bool SetPassword(UUID principalID, string authType, string passwd); 77 bool SetPasswordHashed(UUID UUID, string authType, string passwd); 78 bool SetPlainPassword(UUID principalID, string authType, string passwd); 79 80 /// <summary> 81 /// Check whether the given principalID has a password set 82 /// </summary> 83 /// <param name="principalID"></param> 84 /// <param name="authType"></param> 85 /// <returns></returns> 86 bool CheckExists(UUID principalID, string authType); 87 88 ////////////////////////////////////////////////////// 89 // Grid 90 // 91 // We no longer need a shared secret between grid 92 // servers. Anything a server requests from another 93 // server is either done on behalf of a user, in which 94 // case there is a token, or on behalf of a region, 95 // which has a session. So, no more keys. 96 // If sniffing on the local lan is an issue, admins 97 // need to take approriate action (IPSec is recommended) 98 // to secure inter-server traffic. 99 100 ////////////////////////////////////////////////////// 101 // NOTE 102 // 103 // Session IDs are not handled here. After obtaining 104 // a token, the session ID regions use can be 105 // obtained from the presence service. 106 } 107}