aboutsummaryrefslogtreecommitdiffstatshomepage
diff options
context:
space:
mode:
authorDiva Canto2010-01-18 17:00:06 -0800
committerDiva Canto2010-01-18 17:00:06 -0800
commit5feeea00aeef6ff635442aedd44fa176541d6278 (patch)
tree9d4499ef5faa86544fa49b31c13ccfc2446bfa72
parentGo Home works. With security!! (diff)
downloadopensim-SC-5feeea00aeef6ff635442aedd44fa176541d6278.zip
opensim-SC-5feeea00aeef6ff635442aedd44fa176541d6278.tar.gz
opensim-SC-5feeea00aeef6ff635442aedd44fa176541d6278.tar.bz2
opensim-SC-5feeea00aeef6ff635442aedd44fa176541d6278.tar.xz
Check for impersonations at the Gatekeeper.
Diffstat (limited to '')
-rw-r--r--OpenSim/Services/HypergridService/GatekeeperService.cs81
1 files changed, 52 insertions, 29 deletions
diff --git a/OpenSim/Services/HypergridService/GatekeeperService.cs b/OpenSim/Services/HypergridService/GatekeeperService.cs
index 169cfa3..283ab3e 100644
--- a/OpenSim/Services/HypergridService/GatekeeperService.cs
+++ b/OpenSim/Services/HypergridService/GatekeeperService.cs
@@ -182,6 +182,9 @@ namespace OpenSim.Services.HypergridService
182 m_log.DebugFormat("[GATEKEEPER SERVICE]: Request to login foreign agent {0} {1} @ {2} ({3}) at destination {4}", 182 m_log.DebugFormat("[GATEKEEPER SERVICE]: Request to login foreign agent {0} {1} @ {2} ({3}) at destination {4}",
183 aCircuit.firstname, aCircuit.lastname, authURL, aCircuit.AgentID, destination.RegionName); 183 aCircuit.firstname, aCircuit.lastname, authURL, aCircuit.AgentID, destination.RegionName);
184 184
185 //
186 // Authenticate the user
187 //
185 if (!Authenticate(aCircuit)) 188 if (!Authenticate(aCircuit))
186 { 189 {
187 reason = "Unable to verify identity"; 190 reason = "Unable to verify identity";
@@ -189,36 +192,40 @@ namespace OpenSim.Services.HypergridService
189 return false; 192 return false;
190 } 193 }
191 m_log.DebugFormat("[GATEKEEPER SERVICE]: Identity verified for {0} {1} @ {2}", aCircuit.firstname, aCircuit.lastname, authURL); 194 m_log.DebugFormat("[GATEKEEPER SERVICE]: Identity verified for {0} {1} @ {2}", aCircuit.firstname, aCircuit.lastname, authURL);
192 195
193 //if (m_UserAccountService != null && m_HomeUsersSecurityService != null) 196 //
194 //{ 197 // Check for impersonations
195 // // Check to see if we have a local user with that UUID 198 //
196 // UserAccount account = m_UserAccountService.GetUserAccount(m_ScopeID, aCircuit.AgentID); 199 UserAccount account = null;
197 200 if (m_UserAccountService != null)
198 // // See if that user went out of this home grid 201 {
199 // IPEndPoint ep = m_HomeUsersSecurityService.GetEndPoint(aCircuit.AgentID); 202 // Check to see if we have a local user with that UUID
200 203 account = m_UserAccountService.GetUserAccount(m_ScopeID, aCircuit.AgentID);
201 // if (account != null) 204 if (account != null)
202 // { 205 {
203 // if ((ep == null) || // there's no memory of this agent going out 206 // Make sure this is the user coming home, and not a fake
204 // (ep != null && (ep.Address != aCircuit.ClientEndPoint.Address || ep.Port != aCircuit.ClientEndPoint.Port))) // fake agent 207 if (m_HomeUsersSecurityService != null)
205 // { 208 {
206 // // No, sorry; go away 209 Object ep = m_HomeUsersSecurityService.GetEndPoint(aCircuit.SessionID);
207 // reason = "User identifier not allowed on this grid"; 210 if (ep == null)
208 // m_log.InfoFormat("[GATEKEEPER SERVICE]: Foreign agent {0} {1} has UUID of local user {2}. Refusing service.", 211 {
209 // aCircuit.firstname, aCircuit.lastname, aCircuit.AgentID); 212 // This is a fake, this session never left this grid
210 // return false; 213 reason = "Unauthorized";
211 // } 214 m_log.InfoFormat("[GATEKEEPER SERVICE]: Foreign agent {0} {1} has same ID as local user. Refusing service.",
212 // else 215 aCircuit.firstname, aCircuit.lastname);
213 // { 216 return false;
214 // } 217
215 // } 218 }
216 // m_log.DebugFormat("[GATEKEEPER SERVICE]: User ID ok"); 219 }
217 //} 220 }
221 }
222 m_log.DebugFormat("[GATEKEEPER SERVICE]: User is ok");
218 223
219 // May want to authorize 224 // May want to authorize
220 225
226 //
221 // Login the presence 227 // Login the presence
228 //
222 if (!m_PresenceService.LoginAgent(aCircuit.AgentID.ToString(), aCircuit.SessionID, aCircuit.SecureSessionID)) 229 if (!m_PresenceService.LoginAgent(aCircuit.AgentID.ToString(), aCircuit.SessionID, aCircuit.SecureSessionID))
223 { 230 {
224 reason = "Unable to login presence"; 231 reason = "Unable to login presence";
@@ -228,18 +235,34 @@ namespace OpenSim.Services.HypergridService
228 } 235 }
229 m_log.DebugFormat("[GATEKEEPER SERVICE]: Login presence ok"); 236 m_log.DebugFormat("[GATEKEEPER SERVICE]: Login presence ok");
230 237
238 //
231 // Get the region 239 // Get the region
240 //
232 destination = m_GridService.GetRegionByUUID(m_ScopeID, destination.RegionID); 241 destination = m_GridService.GetRegionByUUID(m_ScopeID, destination.RegionID);
233 if (destination == null) 242 if (destination == null)
234 { 243 {
235 reason = "Destination region not found"; 244 reason = "Destination region not found";
236 return false; 245 return false;
237 } 246 }
238 m_log.DebugFormat("[GATEKEEPER SERVICE]: destination ok : {0}", destination.RegionName); 247 m_log.DebugFormat("[GATEKEEPER SERVICE]: destination ok: {0}", destination.RegionName);
248
249 //
250 // Adjust the visible name
251 //
252 if (account != null)
253 {
254 aCircuit.firstname = account.FirstName;
255 aCircuit.lastname = account.LastName;
256 }
257 if (account == null && !aCircuit.lastname.StartsWith("@"))
258 {
259 aCircuit.firstname = aCircuit.firstname + "." + aCircuit.lastname;
260 aCircuit.lastname = "@" + aCircuit.ServiceURLs["HomeURI"].ToString();
261 }
239 262
263 //
240 // Finally launch the agent at the destination 264 // Finally launch the agent at the destination
241 aCircuit.firstname = aCircuit.firstname + "." + aCircuit.lastname; 265 //
242 aCircuit.lastname = "@" + aCircuit.ServiceURLs["HomeURI"].ToString();
243 return m_SimulationService.CreateAgent(destination, aCircuit, 0, out reason); 266 return m_SimulationService.CreateAgent(destination, aCircuit, 0, out reason);
244 } 267 }
245 268