DEV-45809 - Merge Second Life Enterprise changes into viewer 2.x trunk

Includes: DEV-45800, DEV-45803 - Grid Manager
DEV-45804 - SLURL refactor
DEV-45801 - Single username field (for Identity Evolution and SLE Ldap)
Also,
Includes Certificate Management code allowing the viewer to connect to
grids not signed by a well know key (just like any web browser).  Also
contains secure storage for things like passwords.
The security/certificate code is modular with the intention of adding modules
to directly use the operating system facilities for crypto if available.
(that's much more secure than we'll ever be)

Also, refactor of voice to modularize it, and add a diamondware voice module.
CR:  Aimee, James, Lynx, Mani, Karina and a list of thousands

1 files changed, 161 insertions, 0 deletions

diff --git a/indra/newview/llsecapi.cpp b/indra/newview/llsecapi.cpp
new file mode 100644
index 0000000000..ba343f5387
--- /dev/null
+++ b/indra/newview/llsecapi.cpp
@@ -0,0 +1,161 @@
+/** 
+ * @file llsecapi.cpp
+ * @brief Security API for services such as certificate handling
+ * secure local storage, etc.
+ *
+ * $LicenseInfo:firstyear=2009&license=viewergpl$
+ * 
+ * Copyright (c) 2009, Linden Research, Inc.
+ * 
+ * Second Life Viewer Source Code
+ * The source code in this file ("Source Code") is provided by Linden Lab
+ * to you under the terms of the GNU General Public License, version 2.0
+ * ("GPL"), unless you have obtained a separate licensing agreement
+ * ("Other License"), formally executed by you and Linden Lab.  Terms of
+ * the GPL can be found in doc/GPL-license.txt in this distribution, or
+ * online at http://secondlife.com/developers/opensource/gplv2
+ * 
+ * There are special exceptions to the terms and conditions of the GPL as
+ * it is applied to this Source Code. View the full text of the exception
+ * in the file doc/FLOSS-exception.txt in this software distribution, or
+ * online at http://secondlife.com/developers/opensource/flossexception
+ * 
+ * By copying, modifying or distributing this software, you acknowledge
+ * that you have read and understood your obligations described above,
+ * and agree to abide by those obligations.
+ * 
+ * ALL LINDEN LAB SOURCE CODE IS PROVIDED "AS IS." LINDEN LAB MAKES NO
+ * WARRANTIES, EXPRESS, IMPLIED OR OTHERWISE, REGARDING ITS ACCURACY,
+ * COMPLETENESS OR PERFORMANCE.
+ * $/LicenseInfo$
+ */
+
+
+#include "llviewerprecompiledheaders.h"
+#include "llsecapi.h"
+#include "llsechandler_basic.h"
+#include <openssl/evp.h>
+#include <map>
+#include "llhttpclient.h"
+
+
+
+std::map<std::string, LLPointer<LLSecAPIHandler> > gHandlerMap;
+LLPointer<LLSecAPIHandler> gSecAPIHandler;
+
+void initializeSecHandler()
+{
+	OpenSSL_add_all_algorithms();
+	OpenSSL_add_all_ciphers();
+	OpenSSL_add_all_digests();	
+	gHandlerMap[BASIC_SECHANDLER] = new LLSecAPIBasicHandler();
+	
+	
+	// Currently, we only have the Basic handler, so we can point the main sechandler
+	// pointer to the basic handler.  Later, we'll create a wrapper handler that
+	// selects the appropriate sechandler as needed, for instance choosing the
+	// mac keyring handler, with fallback to the basic sechandler
+	gSecAPIHandler = gHandlerMap[BASIC_SECHANDLER];
+
+	// initialize all SecAPIHandlers
+	LLProtectedDataException ex = LLProtectedDataException("");
+	std::map<std::string, LLPointer<LLSecAPIHandler> >::const_iterator itr;
+	for(itr = gHandlerMap.begin(); itr != gHandlerMap.end(); ++itr)
+	{
+		LLPointer<LLSecAPIHandler> handler = (*itr).second;
+		try 
+		{
+			handler->init();
+		}
+		catch (LLProtectedDataException e)
+		{
+			ex = e;
+		}
+	}
+	if (ex.getMessage().length() > 0 )  // an exception was thrown.
+	{
+		throw ex;
+	}
+
+}
+// start using a given security api handler.  If the string is empty
+// the default is used
+LLPointer<LLSecAPIHandler> getSecHandler(const std::string& handler_type)
+{
+	if (gHandlerMap.find(handler_type) != gHandlerMap.end())
+	{
+		return gHandlerMap[handler_type];
+	}
+	else
+	{
+		return LLPointer<LLSecAPIHandler>(NULL);
+	}
+}
+// register a handler
+void registerSecHandler(const std::string& handler_type, 
+						LLPointer<LLSecAPIHandler>& handler)
+{
+	gHandlerMap[handler_type] = handler;
+}
+
+std::ostream& operator <<(std::ostream& s, const LLCredential& cred)
+{
+	return s << (std::string)cred;
+}
+
+	
+// secapiSSLCertVerifyCallback
+// basic callback called when a cert verification is requested.
+// calls SECAPI to validate the context
+// not initialized in the above initialization function, due to unit tests
+// see llappviewer
+
+int secapiSSLCertVerifyCallback(X509_STORE_CTX *ctx, void *param)
+{
+	LLURLRequest *req = (LLURLRequest *)param;
+	LLPointer<LLCertificateStore> store = gSecAPIHandler->getCertificateStore("");
+	LLPointer<LLCertificateChain> chain = gSecAPIHandler->getCertificateChain(ctx);
+	LLSD validation_params = LLSD::emptyMap();
+	LLURI uri(req->getURL());
+	validation_params[CERT_HOSTNAME] = uri.hostName();
+	try
+	{
+		chain->validate(VALIDATION_POLICY_SSL, store, validation_params);
+	}
+	catch (LLCertValidationTrustException& cert_exception)
+	{
+		LL_WARNS("AppInit") << "Cert not trusted: " << cert_exception.getMessage() << LL_ENDL;
+		return 0;		
+	}
+	catch (LLCertException& cert_exception)
+	{
+		LL_WARNS("AppInit") << "cert error " << cert_exception.getMessage() << LL_ENDL;
+		return 0;
+	}
+	catch (...)
+	{
+		LL_WARNS("AppInit") << "cert error " << LL_ENDL;
+		return 0;
+	}
+	return 1;
+}
+
+LLSD LLCredential::getLoginParams()
+{
+	LLSD result = LLSD::emptyMap();
+	if (mIdentifier["type"].asString() == "agent")
+	{
+		// legacy credential
+		result["passwd"] = "$1$" + mAuthenticator["secret"].asString();
+		result["first"] = mIdentifier["first_name"];
+		result["last"] = mIdentifier["last_name"];
+	
+	}
+	else if (mIdentifier["type"].asString() == "account")
+	{
+		result["username"] = mIdentifier["account_name"];
+		result["passwd"] = mAuthenticator["secret"];
+                                    
+	}
+	return result;
+}