aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/OpenSim/Framework/Communications/Services
diff options
context:
space:
mode:
authordiva2009-04-14 19:35:35 +0000
committerdiva2009-04-14 19:35:35 +0000
commit0413d052a3ec541164049e7d39278c57fb92ed06 (patch)
tree9a58c9c51487278d67e1ad9b3a60668769434001 /OpenSim/Framework/Communications/Services
parent* Make archiver tests pump the asset server manually instead of starting the ... (diff)
downloadopensim-SC-0413d052a3ec541164049e7d39278c57fb92ed06.zip
opensim-SC-0413d052a3ec541164049e7d39278c57fb92ed06.tar.gz
opensim-SC-0413d052a3ec541164049e7d39278c57fb92ed06.tar.bz2
opensim-SC-0413d052a3ec541164049e7d39278c57fb92ed06.tar.xz
Adds session authentication upon NewUserConnections. Adds user key authentication (in safemode only) upon CreateChildAgents. All of this for Hypergrid users too. This addresses assorted spoofing vulnerabilities.
Diffstat (limited to 'OpenSim/Framework/Communications/Services')
-rw-r--r--OpenSim/Framework/Communications/Services/LoginService.cs46
1 files changed, 46 insertions, 0 deletions
diff --git a/OpenSim/Framework/Communications/Services/LoginService.cs b/OpenSim/Framework/Communications/Services/LoginService.cs
index d9556e4..d491309 100644
--- a/OpenSim/Framework/Communications/Services/LoginService.cs
+++ b/OpenSim/Framework/Communications/Services/LoginService.cs
@@ -37,6 +37,7 @@ using log4net;
37using Nwc.XmlRpc; 37using Nwc.XmlRpc;
38using OpenMetaverse; 38using OpenMetaverse;
39using OpenMetaverse.StructuredData; 39using OpenMetaverse.StructuredData;
40using OpenSim.Framework;
40using OpenSim.Framework.Communications.Cache; 41using OpenSim.Framework.Communications.Cache;
41using OpenSim.Framework.Statistics; 42using OpenSim.Framework.Statistics;
42 43
@@ -194,6 +195,12 @@ namespace OpenSim.Framework.Communications.Services
194 195
195 CreateAgent(userProfile, request); 196 CreateAgent(userProfile, request);
196 197
198 // We need to commit the agent right here, even though the userProfile info is not complete
199 // at this point. There is another commit further down.
200 // This is for the new sessionID to be stored so that the region can check it for session authentication.
201 // CustomiseResponse->PrepareLoginToRegion
202 CommitAgent(ref userProfile);
203
197 try 204 try
198 { 205 {
199 UUID agentID = userProfile.ID; 206 UUID agentID = userProfile.ID;
@@ -1108,5 +1115,44 @@ namespace OpenSim.Framework.Communications.Services
1108 { 1115 {
1109 return false; 1116 return false;
1110 } 1117 }
1118
1119 public XmlRpcResponse XmlRPCCheckAuthSession(XmlRpcRequest request)
1120 {
1121 XmlRpcResponse response = new XmlRpcResponse();
1122 Hashtable requestData = (Hashtable)request.Params[0];
1123
1124 string authed = "FALSE";
1125 if (requestData.Contains("avatar_uuid") && requestData.Contains("session_id"))
1126 {
1127 UUID guess_aid;
1128 UUID guess_sid;
1129
1130 UUID.TryParse((string)requestData["avatar_uuid"], out guess_aid);
1131 if (guess_aid == UUID.Zero)
1132 {
1133 return Util.CreateUnknownUserErrorResponse();
1134 }
1135 UUID.TryParse((string)requestData["session_id"], out guess_sid);
1136 if (guess_sid == UUID.Zero)
1137 {
1138 return Util.CreateUnknownUserErrorResponse();
1139 }
1140 if (m_userManager.VerifySession(guess_aid, guess_sid))
1141 {
1142 authed = "TRUE";
1143 }
1144 m_log.InfoFormat("[UserManager]: CheckAuthSession TRUE for user {0}", guess_aid);
1145 }
1146 else
1147 {
1148 m_log.InfoFormat("[UserManager]: CheckAuthSession FALSE");
1149 return Util.CreateUnknownUserErrorResponse();
1150 }
1151 Hashtable responseData = new Hashtable();
1152 responseData["auth_session"] = authed;
1153 response.Value = responseData;
1154 return response;
1155 }
1156
1111 } 1157 }
1112} 1158}