Login

From libsecondlife

Jump to: navigation, search

Contents

Login

The login uses XML-RPC communication encapsulated in a TLS 1.0 (https) stream. More information will follow soon. By running Second Life with the -loginuri parameter you can connect to your own website and dump the login request, as well as passing it on to the Linden Labs login servers and capturing the reply. You can also use stunnel to connect to the encrypted login servers to send data 'stunnel -c -r login.agni.lindenlab.com:443', you might want to omit the gzip in the Accept-Encoding header for pain text. The new login script is using HTTP POST. The login parameters needed for a successful login are as follows (brackets denote variables): 

<member><name>first</name><value>[First avatar name]</value></member>
<member><name>last</name><value>[Last avatar name]</value></member>
<member><name>passwd</name><value>[Unsalted MD5 of the password, in crypt() format]</value></member>
<member><name>start</name><value>[Can be last, home, or in the format of uri:Ahern&162&213&34]</value></member>
<member><name>major</name><value>[Version, current is 1]</value></member>
<member><name>minor</name><value>[Version, current is 13]</value></member>
<member><name>patch</name><value>[Version, current is 3]</value></member>
<member><name>build</name><value>[Version, current is 2]</value></member>
<member><name>platform</name><value>[Win, Mac or Lnx]</value></member>
<member><name>mac</name><value>[MAC address, apparently for identification purposes. Example: 00:0C:76:BD:41:E3]</value></member>
<member><name>options</name><value>[Array of extra options, can be left blank]</value></member>
<member><name>user-agent</name><value>[The name of your user agent, such as MySLClient 0.1]</value></member>
<member><name>id0</name><value>MD5? of MAC address -- may be used instead instead of MAC field, for privacy's sake</value></member>
<member><name>agree_to_tos</name><value>[true or false, if you agree to the TOS, not required unless the login fails with a 'reason' of 'tos']</value></member>
<member><name>viewer_digest</name><value>MD5sum of viewer executable -- could potentially be used to detect "hacked" clients (har, har)</value></member>

Another helpful name-value pair to pass would be agent-author, to let Linden Labs know how to contact you in case there is a problem with your agent. 

<member><name>agent-author</name><value>my_email@address.com</value></member>

For reference, the XmlRpc++ CVS version supports HTTPS communication. If you don't want to use a full XML-RPC library or are using one that doesn't inclue a transport layer, the libcurl library does an excellent job.

Client XML-RPC Request (Encapsulated in TLS 1.0)

The login method prototype would look something like this: 

login_to_simulator(first, last, passwd, start, major, minor, patch, build, platform, mac, 
viewer_digest, array options, *);

The official login server URL for the main grid in Second Life (as of May 2006) is https://login.agni.lindenlab.com/cgi-bin/login.cgi

An actual request from the Second Life client was dumped using -loginuri http://127.0.0.1/ and the netcat utility (orange part is unnecessary for a basic client):

POST / HTTP/1.1 Host: 127.0.0.1 Accept: */* Accept-Encoding: gzip Content-Type: text/xml Content-Length: 1702 Expect: 100-continue</p>

<?xml version="1.0"?> <methodCall> <methodName>login_to_simulator</methodName> <params> <param> <value> <struct> <member> <name>first</name> <value> <string>FirstName</string> </value> </member> <member> <name>last</name> <value> <string>LastName</string> </value> </member> <member> <name>passwd</name> <value> <string>$1$27b44da24dbd3133ca7o61b0fc21a808</string> ("$1$" + md5(password)) </value> </member> <member> <name>start</name> <value> <string>last</string> </value> </member> <member> <name>major</name> <value> <string>1</string> </value> </member> <member> <name>minor</name> <value> <string>9</string> </value> </member> <member> <name>patch</name> <value> <string>0</string> </value> </member> <member> <name>build</name> <value> <string>21</string> </value> </member> <member> <name>platform</name> <value> <string>Win</string> </value> </member> <member> <name>mac</name> <value> <string>00:D0:4D:28:1A:49</string> (Your MAC address, or your friend's, or whatever) </value> </member> <member> <name>viewer_digest</name> <value> <string>68920a26-9f41-b742-a5e6-db6a713dcd96</string> (MD5 of the executable trying to connect) </value> </member> <member> <name>options</name> <value> <array> <data> <value> <string>inventory-root</string> </value> <value> <string>inventory-skeleton</string> </value> <value> <string>inventory-lib-root</string> </value> <value> <string>inventory-lib-owner</string> </value> <value> <string>inventory-skel-lib</string> </value> <value> <string>gestures</string> </value> <value> <string>event_categories</string> </value> <value> <string>event_notifications</string> </value> <value> <string>classified_categories</string> </value> <value> <string>buddy-list</string> </value> <value> <string>ui-config</string> </value> <value> <string>login-flags</string> </value> <value> <string>global-textures</string> </value> </data> </array> </value> </member> </struct> </value> </param> </params> </methodCall>

Server XML-RPC Replies

As long as the viewer_digest parameter is sent you will get back readable XML:

Session Not Timed Out

This message is sent if your session hasn't timed out yet. 

<?xml version="1.0"?>
<methodResponse>
<params>
<param><value><struct>
<member><name>reason</name><value><string>presence</string></value></member>
<member><name>message</name><value><string>The system is logging you in from another
location right now. Your Account will not be
 available until
2006-05-09 06:23:23 Pacific Time.</string></value></member>
<member><name>login</name><value><string>false</string></value></member>
</struct></value>
</param>
</params>
</methodResponse>

Required Version

The server requires the version specified. In Second Life, the user will need to download the update. 

<?xml version="1.0"?>
<methodResponse>
<params>
<param><value><struct>
<member><name>reason</name><value><string>update</string></value></member>
<member><name>message</name><value><string>Required version: 1.10.3.3</string></value></member>
<member><name>login</name><value><string>false</string></value></member>
</struct></value>
</param>
</params>
</methodResponse>

Optional Version

The version is acceptable, but the server suggests a client of this version. In Second Life, the user will be presented with a question asking if they want to intall the optional update. 

<?xml version="1.0"?>
<methodResponse>
<params>
<param><value><struct>
<member><name>reason</name><value><string>optional</string></value></member>
<member><name>message</name><value><string>Optional version: 1.10.3.4</string></value></member>
<member><name>login</name><value><string>false</string></value></member>
</struct></value>
</param>
</params>
</methodResponse>

Login Failure

This message can be sent as a result of sending nothing to the server, or sending valid XML, but with an incorrect username and password. It's a generic login failure message. 

<?xml version="1.0"?>
<methodResponse>
<params>
<param><value><struct>
<member><name>reason</name><value><string>key</string></value></member>
<member><name>message</name><value><string>Please make sure your Caps Lock key is off, and
that you have the correct account name and password.</string></value></member>
<member><name>login</name><value><string>false</string></value></member>
</struct></value>
</param>
</params>
</methodResponse>

Login Success

<?xml version="1.0"?>
<methodResponse>
<params>
<param><value><struct>
<member><name>session_id</name><value><string>67971fe1-19fa-4fc0-9f09-dc27686e08e9</string></value></member>
<member><name>secure_session_id</name><value><string>793b46f0-ff01-4a6d-98db-e787dbe83cf9</string></value></member>
<member><name>start_location</name><value><string>last</string></value></member>
<member><name>last_name</name><value><string>Stein</string></value></member>
<member><name>region_x</name><value><i4>260096</i4></value></member>
<member><name>home</name><value><string>{'region_handle':[r255232, r256512], 'position':[r33.6, r33.71, r43.13], 'look_at':[r34.6, r33.71, r43.13]}</string></value></member>
<member><name>region_y</name><value><i4>257024</i4></value></member>
<member><name>agent_access</name><value><string>M</string></value></member>
<member><name>message</name><value><string>Holding down Alt and Control while clicking and dragging lets you orbit the camera above and below things.</string></value></member>
<member><name>login</name><value><string>true</string></value></member>
<member><name>circuit_code</name><value><i4>3711122</i4></value></member>
<member><name>sim_port</name><value><i4>13003</i4></value></member>
<member><name>sim_ip</name><value><string>72.5.13.32</string></value></member>
<member><name>look_at</name><value><string>[r0.99967899999999998428,r-0.025334599999999998787,r0]</string></value></member>
<member><name>agent_id</name><value><string>99cc2607-76da-4fc4-a226-7198a8357f4d</string></value></member>
<member><name>seconds_since_epoch</name><value><i4>1147181241</i4></value></member>
<member><name>first_name</name><value><string>Reuben</string></value></member>
</struct></value>
</param>
</params>
</methodResponse>

Error 400

The Error 400: Bad Request message is sent by the server if you do not include the following header with your XML-RPC request: 

Content-Type: text/xml

Example Code

Login Proxy - A PHP proxy for logins that will log both directions of the XML-RPC exchange to a file
Java XML-RPC Login - Using Java to communicate with the login server
Login Code - Using C and CURL
Login Python - Login with Python

Retrieved from "http://lib.openmetaverse.org/wiki/Login"