diff options
author | Diva Canto | 2010-01-18 17:00:06 -0800 |
---|---|---|
committer | Diva Canto | 2010-01-18 17:00:06 -0800 |
commit | 5feeea00aeef6ff635442aedd44fa176541d6278 (patch) | |
tree | 9d4499ef5faa86544fa49b31c13ccfc2446bfa72 | |
parent | Go Home works. With security!! (diff) | |
download | opensim-SC-5feeea00aeef6ff635442aedd44fa176541d6278.zip opensim-SC-5feeea00aeef6ff635442aedd44fa176541d6278.tar.gz opensim-SC-5feeea00aeef6ff635442aedd44fa176541d6278.tar.bz2 opensim-SC-5feeea00aeef6ff635442aedd44fa176541d6278.tar.xz |
Check for impersonations at the Gatekeeper.
-rw-r--r-- | OpenSim/Services/HypergridService/GatekeeperService.cs | 81 |
1 files changed, 52 insertions, 29 deletions
diff --git a/OpenSim/Services/HypergridService/GatekeeperService.cs b/OpenSim/Services/HypergridService/GatekeeperService.cs index 169cfa3..283ab3e 100644 --- a/OpenSim/Services/HypergridService/GatekeeperService.cs +++ b/OpenSim/Services/HypergridService/GatekeeperService.cs | |||
@@ -182,6 +182,9 @@ namespace OpenSim.Services.HypergridService | |||
182 | m_log.DebugFormat("[GATEKEEPER SERVICE]: Request to login foreign agent {0} {1} @ {2} ({3}) at destination {4}", | 182 | m_log.DebugFormat("[GATEKEEPER SERVICE]: Request to login foreign agent {0} {1} @ {2} ({3}) at destination {4}", |
183 | aCircuit.firstname, aCircuit.lastname, authURL, aCircuit.AgentID, destination.RegionName); | 183 | aCircuit.firstname, aCircuit.lastname, authURL, aCircuit.AgentID, destination.RegionName); |
184 | 184 | ||
185 | // | ||
186 | // Authenticate the user | ||
187 | // | ||
185 | if (!Authenticate(aCircuit)) | 188 | if (!Authenticate(aCircuit)) |
186 | { | 189 | { |
187 | reason = "Unable to verify identity"; | 190 | reason = "Unable to verify identity"; |
@@ -189,36 +192,40 @@ namespace OpenSim.Services.HypergridService | |||
189 | return false; | 192 | return false; |
190 | } | 193 | } |
191 | m_log.DebugFormat("[GATEKEEPER SERVICE]: Identity verified for {0} {1} @ {2}", aCircuit.firstname, aCircuit.lastname, authURL); | 194 | m_log.DebugFormat("[GATEKEEPER SERVICE]: Identity verified for {0} {1} @ {2}", aCircuit.firstname, aCircuit.lastname, authURL); |
192 | 195 | ||
193 | //if (m_UserAccountService != null && m_HomeUsersSecurityService != null) | 196 | // |
194 | //{ | 197 | // Check for impersonations |
195 | // // Check to see if we have a local user with that UUID | 198 | // |
196 | // UserAccount account = m_UserAccountService.GetUserAccount(m_ScopeID, aCircuit.AgentID); | 199 | UserAccount account = null; |
197 | 200 | if (m_UserAccountService != null) | |
198 | // // See if that user went out of this home grid | 201 | { |
199 | // IPEndPoint ep = m_HomeUsersSecurityService.GetEndPoint(aCircuit.AgentID); | 202 | // Check to see if we have a local user with that UUID |
200 | 203 | account = m_UserAccountService.GetUserAccount(m_ScopeID, aCircuit.AgentID); | |
201 | // if (account != null) | 204 | if (account != null) |
202 | // { | 205 | { |
203 | // if ((ep == null) || // there's no memory of this agent going out | 206 | // Make sure this is the user coming home, and not a fake |
204 | // (ep != null && (ep.Address != aCircuit.ClientEndPoint.Address || ep.Port != aCircuit.ClientEndPoint.Port))) // fake agent | 207 | if (m_HomeUsersSecurityService != null) |
205 | // { | 208 | { |
206 | // // No, sorry; go away | 209 | Object ep = m_HomeUsersSecurityService.GetEndPoint(aCircuit.SessionID); |
207 | // reason = "User identifier not allowed on this grid"; | 210 | if (ep == null) |
208 | // m_log.InfoFormat("[GATEKEEPER SERVICE]: Foreign agent {0} {1} has UUID of local user {2}. Refusing service.", | 211 | { |
209 | // aCircuit.firstname, aCircuit.lastname, aCircuit.AgentID); | 212 | // This is a fake, this session never left this grid |
210 | // return false; | 213 | reason = "Unauthorized"; |
211 | // } | 214 | m_log.InfoFormat("[GATEKEEPER SERVICE]: Foreign agent {0} {1} has same ID as local user. Refusing service.", |
212 | // else | 215 | aCircuit.firstname, aCircuit.lastname); |
213 | // { | 216 | return false; |
214 | // } | 217 | |
215 | // } | 218 | } |
216 | // m_log.DebugFormat("[GATEKEEPER SERVICE]: User ID ok"); | 219 | } |
217 | //} | 220 | } |
221 | } | ||
222 | m_log.DebugFormat("[GATEKEEPER SERVICE]: User is ok"); | ||
218 | 223 | ||
219 | // May want to authorize | 224 | // May want to authorize |
220 | 225 | ||
226 | // | ||
221 | // Login the presence | 227 | // Login the presence |
228 | // | ||
222 | if (!m_PresenceService.LoginAgent(aCircuit.AgentID.ToString(), aCircuit.SessionID, aCircuit.SecureSessionID)) | 229 | if (!m_PresenceService.LoginAgent(aCircuit.AgentID.ToString(), aCircuit.SessionID, aCircuit.SecureSessionID)) |
223 | { | 230 | { |
224 | reason = "Unable to login presence"; | 231 | reason = "Unable to login presence"; |
@@ -228,18 +235,34 @@ namespace OpenSim.Services.HypergridService | |||
228 | } | 235 | } |
229 | m_log.DebugFormat("[GATEKEEPER SERVICE]: Login presence ok"); | 236 | m_log.DebugFormat("[GATEKEEPER SERVICE]: Login presence ok"); |
230 | 237 | ||
238 | // | ||
231 | // Get the region | 239 | // Get the region |
240 | // | ||
232 | destination = m_GridService.GetRegionByUUID(m_ScopeID, destination.RegionID); | 241 | destination = m_GridService.GetRegionByUUID(m_ScopeID, destination.RegionID); |
233 | if (destination == null) | 242 | if (destination == null) |
234 | { | 243 | { |
235 | reason = "Destination region not found"; | 244 | reason = "Destination region not found"; |
236 | return false; | 245 | return false; |
237 | } | 246 | } |
238 | m_log.DebugFormat("[GATEKEEPER SERVICE]: destination ok : {0}", destination.RegionName); | 247 | m_log.DebugFormat("[GATEKEEPER SERVICE]: destination ok: {0}", destination.RegionName); |
248 | |||
249 | // | ||
250 | // Adjust the visible name | ||
251 | // | ||
252 | if (account != null) | ||
253 | { | ||
254 | aCircuit.firstname = account.FirstName; | ||
255 | aCircuit.lastname = account.LastName; | ||
256 | } | ||
257 | if (account == null && !aCircuit.lastname.StartsWith("@")) | ||
258 | { | ||
259 | aCircuit.firstname = aCircuit.firstname + "." + aCircuit.lastname; | ||
260 | aCircuit.lastname = "@" + aCircuit.ServiceURLs["HomeURI"].ToString(); | ||
261 | } | ||
239 | 262 | ||
263 | // | ||
240 | // Finally launch the agent at the destination | 264 | // Finally launch the agent at the destination |
241 | aCircuit.firstname = aCircuit.firstname + "." + aCircuit.lastname; | 265 | // |
242 | aCircuit.lastname = "@" + aCircuit.ServiceURLs["HomeURI"].ToString(); | ||
243 | return m_SimulationService.CreateAgent(destination, aCircuit, 0, out reason); | 266 | return m_SimulationService.CreateAgent(destination, aCircuit, 0, out reason); |
244 | } | 267 | } |
245 | 268 | ||