Ok, thank you. On Thu, 28 Jun 2018 16:26:32 +0100 "AJLDuarte" <[email protected]> wrote:
> Hi > Yes that may work for you now. > But core solution will need to be "a bit" more complex to support > more flexible configuration and per service. > > Ubit > > > > -----Original Message----- > From: Sebastián Castillo Carrión [mailto:[email protected]] > Sent: Thursday, June 28, 2018 15:53 > To: [email protected] > Cc: AJLDuarte; Juan Jesus Farfan Leiva > Subject: Re: [Opensim-dev] Question about https login authentication > > Thank you for your response, > > Currently, I am interested only in secure connection in the login > authentication, so https is needed in robust, in my case, and not in > regions, nor other services. > > I have to do more tests, but it seems that only minor changes are needed > in function "public static IHttpServer GetHttpServer(uint port, IPAddress > ipaddr)" of file "MainServer.cs" (modifications respect original source are > inside block "scc"): > _________________________________________ > /// <summary> > /// Get the default http server, an http server for a specific > port > /// and/or an http server bound to a specific address > /// </summary> > /// <remarks> > /// If the requested HTTP server doesn't already exist then a new > one is instantiated and started. > /// </remarks> > /// <returns></returns> > /// <param name='port'>If 0 then the default HTTP server is > returned.</param> > /// <param name='ipaddr'>A specific IP address to bind to. If > null then the default IP address is used.</param> > public static IHttpServer GetHttpServer(uint port, IPAddress > ipaddr) > { > if (port == 0) > return Instance; > > if (instance != null && port == Instance.Port) > return Instance; > > lock (m_Servers) > { > if (m_Servers.ContainsKey(port)) > return m_Servers[port]; > > ////////////////// scc > //IConfigSource defaultConfig = new IniConfigSource(); > //IConfig networkConfig = > defaultConfig.Configs["Network"]; > > bool ssl_main = networkConfig.GetString("ssl_main", > String.Empty); > string cert_path = networkConfig.GetString("cert_path", > String.Empty); > string cert_pass = networkConfig.GetString("cert_pass", > String.Empty); > > if (!ssl_main) > m_Servers[port] = new BaseHttpServer(port); > else > { > if (cert_path == String.Empty) > { > System.Console.WriteLine("ERROR: Path to X509 > certificate is missing, server can't start."); > Environment.Exit(1); > } > > if (cert_pass == String.Empty) > { > System.Console.WriteLine("ERROR: Password for X509 > certificate is missing, server can't start."); > Environment.Exit(1); > } > > m_Servers[port] = new BaseHttpServer(port, ssl_main, > cert_path, cert_pass); > } > ////////////////// scc > > if (ipaddr != null) > m_Servers[port].ListenIPAddress = ipaddr; > > m_Servers[port].Start(); > > return m_Servers[port]; > } > } > __________________ > > Regards, > Sebastian. > > > On Fri, 22 Jun 2018 14:02:37 +0100 > "AJLDuarte" <[email protected]> wrote: > > > Hi, > > Opensim git branch httptests does have a somewhat improved https > support. > > Its possible to run a region with SSL, but at the moment that most > likely will collide with money modules or lsl secureURL > > A few services will only have unsecure connection also. > > Robust still does not have https support. > > "work in progress" and with very low priority at the moment :( > > > > httptests can be retrieved for our git repo. > > git clone git://opensimulator.org/git/Opensim > > cd Opensim > > git checkout httptests > > ... > > > > You can also see it at > http://opensimulator.org/viewgit/?a=shortlog&p=opensim&h=refs/heads/httptest > s > > Note that it requires .net4.6 and on linux latest stable mono. > > > > Most new dev work is currently done on this branch, because > "reasons" > > > > Collaboration with viewer dev teams is always welcome, in fact much > needed. > > Not happening that much, well "reasons"... > > > > Ubit > > > > > > > > > > -----Original Message----- > > From: [email protected] > [mailto:[email protected]] On Behalf Of Cinder Roxley > > Sent: Friday, June 22, 2018 13:26 > > To: [email protected] > > Subject: Re: [Opensim-dev] Question about https login authentication > > > > Have you tried logging in with a client besides Firestorm? Singularity or > > Alchemy, for example. The hop:// URI scheme Firestorm relies on does not > > support TLS connections. > > > > As far as sending the password as plaintext, you would need to modify the > > viewer as it sends the password as an MD5 hash. > > > > Negotiating the password hashing mechanism between viewer and login > service > > would be an interesting project to work on if anyone is interested in > > working on it with me. Storing passwords as MD5 is woefully insecure in > > this day and age. (Is using MD5 for sensitive data even PCI compliant?) > > > > On June 22, 2018 at 6:48:47 AM, Sebastián Castillo Carrión ( > > [email protected]) wrote: > > > > Hello everyone ! > > > > I'm Sebastian, and I work at the University of Malaga (Spain), and among > > other things I develop code for opensim. > > > > At the University we use a single user account to give access to all the > > University services via ldap, so we need to integrate ldap in the > > authentication process of opensim. > > > > The ldap authentication more or less we know how to do it, but we need to > > establish a secure https connection between the client and the server for > > the login process, instead of http, since ldap calls require passing the > > password without applying md5. > > > > I have seen that there is a multitude of options ssl and https in the > > configuration of opensim, but I get the impression that they are not > > designed for the login process, only for "out of band" applications: I > have > > tried these options without success in the login; I think the reason is > not > > an incorrect configuration, because when I load in a web browser https: // > > ip: 8003 (https_main = true) or https: // ip: 9080 (https_listener = > true), > > the browser asks me to accept the certificate . However, I can not log in > > from the firestorm client, it is as if the server did not exist, seems the > > client request get lost. > > > > I have run the server in debug mode from visual studio to see what code is > > running in those cases. Executing the server in debug mode from Visual > > Studio, I see that the listener server on port 8003 is created correctly, > > and pass the certificate, password and ssl mode as parameter, and in case > > of defining another listening port using the https_listener options = > true, > > http_port = ..., the service is also created correctly; however, the > logins > > from firestorm seem to not reach opensim, since I have defined breakpoints > > of the code that would be activated when the server receives a call, and > > doing tests I see that they are only activated when the calls are made > from > > a web browser, but not from the firestorm client. > > > > Another attempt I have made is to modify the code so that the listening > > service is created on port 8002 with https (in the original code no matter > > what settings are assigned to https variables in configuration files, > seems > > listener service in port 8002 is always http); as in the previous case, > the > > https request to port 8002 does arrive when it is done from a web browser, > > but not from the firestorm client. > > > > My impressions are that https is supported only for communications of > > internal services of the server, and additional listener ports for "out of > > the bands" applications, but not for the login authentication, where only > > http is supported. > > > > Do you know if it is necessary to modify the Opensim code to add login > > support by https? > > > > Do you know if it is necessary to modify the firestorm code to add login > > support by https? > > > > > > _______________________________________________ > > Opensim-dev mailing list > > [email protected] > > http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-dev > > _______________________________________________ > > Opensim-dev mailing list > > [email protected] > > http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-dev > > > > _______________________________________________ > > Opensim-dev mailing list > > [email protected] > > http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-dev > > > > _______________________________________________ > Opensim-dev mailing list > [email protected] > http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-dev _______________________________________________ Opensim-dev mailing list [email protected] http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-dev
