diff options
author | diva | 2009-04-14 19:35:35 +0000 |
---|---|---|
committer | diva | 2009-04-14 19:35:35 +0000 |
commit | 0413d052a3ec541164049e7d39278c57fb92ed06 (patch) | |
tree | 9a58c9c51487278d67e1ad9b3a60668769434001 /OpenSim/Framework | |
parent | * Make archiver tests pump the asset server manually instead of starting the ... (diff) | |
download | opensim-SC-0413d052a3ec541164049e7d39278c57fb92ed06.zip opensim-SC-0413d052a3ec541164049e7d39278c57fb92ed06.tar.gz opensim-SC-0413d052a3ec541164049e7d39278c57fb92ed06.tar.bz2 opensim-SC-0413d052a3ec541164049e7d39278c57fb92ed06.tar.xz |
Adds session authentication upon NewUserConnections. Adds user key authentication (in safemode only) upon CreateChildAgents. All of this for Hypergrid users too. This addresses assorted spoofing vulnerabilities.
Diffstat (limited to 'OpenSim/Framework')
7 files changed, 91 insertions, 3 deletions
diff --git a/OpenSim/Framework/Communications/Clients/RegionClient.cs b/OpenSim/Framework/Communications/Clients/RegionClient.cs index 27353b0..da3f620 100644 --- a/OpenSim/Framework/Communications/Clients/RegionClient.cs +++ b/OpenSim/Framework/Communications/Clients/RegionClient.cs | |||
@@ -43,7 +43,7 @@ namespace OpenSim.Framework.Communications.Clients | |||
43 | { | 43 | { |
44 | private static readonly ILog m_log = LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType); | 44 | private static readonly ILog m_log = LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType); |
45 | 45 | ||
46 | public bool DoCreateChildAgentCall(RegionInfo region, AgentCircuitData aCircuit) | 46 | public bool DoCreateChildAgentCall(RegionInfo region, AgentCircuitData aCircuit, string authKey) |
47 | { | 47 | { |
48 | // Eventually, we want to use a caps url instead of the agentID | 48 | // Eventually, we want to use a caps url instead of the agentID |
49 | string uri = "http://" + region.ExternalEndPoint.Address + ":" + region.HttpPort + "/agent/" + aCircuit.AgentID + "/"; | 49 | string uri = "http://" + region.ExternalEndPoint.Address + ":" + region.HttpPort + "/agent/" + aCircuit.AgentID + "/"; |
@@ -54,6 +54,7 @@ namespace OpenSim.Framework.Communications.Clients | |||
54 | AgentCreateRequest.ContentType = "application/json"; | 54 | AgentCreateRequest.ContentType = "application/json"; |
55 | AgentCreateRequest.Timeout = 10000; | 55 | AgentCreateRequest.Timeout = 10000; |
56 | //AgentCreateRequest.KeepAlive = false; | 56 | //AgentCreateRequest.KeepAlive = false; |
57 | AgentCreateRequest.Headers.Add("Authorization", authKey); | ||
57 | 58 | ||
58 | // Fill it in | 59 | // Fill it in |
59 | OSDMap args = null; | 60 | OSDMap args = null; |
@@ -80,7 +81,7 @@ namespace OpenSim.Framework.Communications.Clients | |||
80 | } | 81 | } |
81 | catch (Exception e) | 82 | catch (Exception e) |
82 | { | 83 | { |
83 | m_log.WarnFormat("[OSG2]: Exception thrown on serialization of ChildCreate: {0}", e.Message); | 84 | m_log.WarnFormat("[REST COMMS]: Exception thrown on serialization of ChildCreate: {0}", e.Message); |
84 | // ignore. buffer will be empty, caller should check. | 85 | // ignore. buffer will be empty, caller should check. |
85 | } | 86 | } |
86 | 87 | ||
@@ -91,7 +92,7 @@ namespace OpenSim.Framework.Communications.Clients | |||
91 | os = AgentCreateRequest.GetRequestStream(); | 92 | os = AgentCreateRequest.GetRequestStream(); |
92 | os.Write(buffer, 0, strBuffer.Length); //Send it | 93 | os.Write(buffer, 0, strBuffer.Length); //Send it |
93 | os.Close(); | 94 | os.Close(); |
94 | //m_log.InfoFormat("[REST COMMS]: Posted ChildAgentUpdate request to remote sim {0}", uri); | 95 | //m_log.InfoFormat("[REST COMMS]: Posted CreateChildAgent request to remote sim {0}", uri); |
95 | } | 96 | } |
96 | //catch (WebException ex) | 97 | //catch (WebException ex) |
97 | catch | 98 | catch |
diff --git a/OpenSim/Framework/Communications/IAuthentication.cs b/OpenSim/Framework/Communications/IAuthentication.cs index 0f62569..bd568e4 100644 --- a/OpenSim/Framework/Communications/IAuthentication.cs +++ b/OpenSim/Framework/Communications/IAuthentication.cs | |||
@@ -34,5 +34,6 @@ namespace OpenSim.Framework.Communications | |||
34 | { | 34 | { |
35 | string GetNewKey(string url, UUID userID, UUID authToken); | 35 | string GetNewKey(string url, UUID userID, UUID authToken); |
36 | bool VerifyKey(UUID userID, string key); | 36 | bool VerifyKey(UUID userID, string key); |
37 | bool VerifySession(UUID iserID, UUID sessionID); | ||
37 | } | 38 | } |
38 | } | 39 | } |
diff --git a/OpenSim/Framework/Communications/IUserService.cs b/OpenSim/Framework/Communications/IUserService.cs index 3c09b40..3a56d35 100644 --- a/OpenSim/Framework/Communications/IUserService.cs +++ b/OpenSim/Framework/Communications/IUserService.cs | |||
@@ -119,5 +119,9 @@ namespace OpenSim.Framework.Communications | |||
119 | /// </summary> | 119 | /// </summary> |
120 | /// <param name="friendlistowner">The agent that we're retreiving the friends Data.</param> | 120 | /// <param name="friendlistowner">The agent that we're retreiving the friends Data.</param> |
121 | List<FriendListItem> GetUserFriendList(UUID friendlistowner); | 121 | List<FriendListItem> GetUserFriendList(UUID friendlistowner); |
122 | |||
123 | // This probably shouldn't be here, it belongs to IAuthentication | ||
124 | // But since Scenes only have IUserService references, I'm placing it here for now. | ||
125 | bool VerifySession(UUID userID, UUID sessionID); | ||
122 | } | 126 | } |
123 | } | 127 | } |
diff --git a/OpenSim/Framework/Communications/Services/LoginService.cs b/OpenSim/Framework/Communications/Services/LoginService.cs index d9556e4..d491309 100644 --- a/OpenSim/Framework/Communications/Services/LoginService.cs +++ b/OpenSim/Framework/Communications/Services/LoginService.cs | |||
@@ -37,6 +37,7 @@ using log4net; | |||
37 | using Nwc.XmlRpc; | 37 | using Nwc.XmlRpc; |
38 | using OpenMetaverse; | 38 | using OpenMetaverse; |
39 | using OpenMetaverse.StructuredData; | 39 | using OpenMetaverse.StructuredData; |
40 | using OpenSim.Framework; | ||
40 | using OpenSim.Framework.Communications.Cache; | 41 | using OpenSim.Framework.Communications.Cache; |
41 | using OpenSim.Framework.Statistics; | 42 | using OpenSim.Framework.Statistics; |
42 | 43 | ||
@@ -194,6 +195,12 @@ namespace OpenSim.Framework.Communications.Services | |||
194 | 195 | ||
195 | CreateAgent(userProfile, request); | 196 | CreateAgent(userProfile, request); |
196 | 197 | ||
198 | // We need to commit the agent right here, even though the userProfile info is not complete | ||
199 | // at this point. There is another commit further down. | ||
200 | // This is for the new sessionID to be stored so that the region can check it for session authentication. | ||
201 | // CustomiseResponse->PrepareLoginToRegion | ||
202 | CommitAgent(ref userProfile); | ||
203 | |||
197 | try | 204 | try |
198 | { | 205 | { |
199 | UUID agentID = userProfile.ID; | 206 | UUID agentID = userProfile.ID; |
@@ -1108,5 +1115,44 @@ namespace OpenSim.Framework.Communications.Services | |||
1108 | { | 1115 | { |
1109 | return false; | 1116 | return false; |
1110 | } | 1117 | } |
1118 | |||
1119 | public XmlRpcResponse XmlRPCCheckAuthSession(XmlRpcRequest request) | ||
1120 | { | ||
1121 | XmlRpcResponse response = new XmlRpcResponse(); | ||
1122 | Hashtable requestData = (Hashtable)request.Params[0]; | ||
1123 | |||
1124 | string authed = "FALSE"; | ||
1125 | if (requestData.Contains("avatar_uuid") && requestData.Contains("session_id")) | ||
1126 | { | ||
1127 | UUID guess_aid; | ||
1128 | UUID guess_sid; | ||
1129 | |||
1130 | UUID.TryParse((string)requestData["avatar_uuid"], out guess_aid); | ||
1131 | if (guess_aid == UUID.Zero) | ||
1132 | { | ||
1133 | return Util.CreateUnknownUserErrorResponse(); | ||
1134 | } | ||
1135 | UUID.TryParse((string)requestData["session_id"], out guess_sid); | ||
1136 | if (guess_sid == UUID.Zero) | ||
1137 | { | ||
1138 | return Util.CreateUnknownUserErrorResponse(); | ||
1139 | } | ||
1140 | if (m_userManager.VerifySession(guess_aid, guess_sid)) | ||
1141 | { | ||
1142 | authed = "TRUE"; | ||
1143 | } | ||
1144 | m_log.InfoFormat("[UserManager]: CheckAuthSession TRUE for user {0}", guess_aid); | ||
1145 | } | ||
1146 | else | ||
1147 | { | ||
1148 | m_log.InfoFormat("[UserManager]: CheckAuthSession FALSE"); | ||
1149 | return Util.CreateUnknownUserErrorResponse(); | ||
1150 | } | ||
1151 | Hashtable responseData = new Hashtable(); | ||
1152 | responseData["auth_session"] = authed; | ||
1153 | response.Value = responseData; | ||
1154 | return response; | ||
1155 | } | ||
1156 | |||
1111 | } | 1157 | } |
1112 | } | 1158 | } |
diff --git a/OpenSim/Framework/Communications/Tests/Cache/AssetCacheTests.cs b/OpenSim/Framework/Communications/Tests/Cache/AssetCacheTests.cs index 5d6bc8d..178c356 100644 --- a/OpenSim/Framework/Communications/Tests/Cache/AssetCacheTests.cs +++ b/OpenSim/Framework/Communications/Tests/Cache/AssetCacheTests.cs | |||
@@ -178,6 +178,11 @@ namespace OpenSim.Framework.Communications.Tests | |||
178 | { | 178 | { |
179 | throw new NotImplementedException(); | 179 | throw new NotImplementedException(); |
180 | } | 180 | } |
181 | |||
182 | public bool VerifySession(UUID userID, UUID sessionID) | ||
183 | { | ||
184 | return true; | ||
185 | } | ||
181 | } | 186 | } |
182 | 187 | ||
183 | [Test] | 188 | [Test] |
diff --git a/OpenSim/Framework/Communications/UserManagerBase.cs b/OpenSim/Framework/Communications/UserManagerBase.cs index 155f5cd..1115041 100644 --- a/OpenSim/Framework/Communications/UserManagerBase.cs +++ b/OpenSim/Framework/Communications/UserManagerBase.cs | |||
@@ -839,6 +839,21 @@ namespace OpenSim.Framework.Communications | |||
839 | } | 839 | } |
840 | } | 840 | } |
841 | 841 | ||
842 | public bool VerifySession(UUID userID, UUID sessionID) | ||
843 | { | ||
844 | UserProfileData userProfile = GetUserProfile(userID); | ||
845 | |||
846 | if (userProfile != null && userProfile.CurrentAgent != null) | ||
847 | { | ||
848 | m_log.DebugFormat("[USERAUTH]: Verifying session {0} for {1}; current session {2}", sessionID, userID, userProfile.CurrentAgent.SessionID); | ||
849 | if (userProfile.CurrentAgent.SessionID == sessionID) | ||
850 | { | ||
851 | return true; | ||
852 | } | ||
853 | } | ||
854 | return false; | ||
855 | } | ||
856 | |||
842 | #endregion | 857 | #endregion |
843 | } | 858 | } |
844 | } | 859 | } |
diff --git a/OpenSim/Framework/Util.cs b/OpenSim/Framework/Util.cs index 7019096..f1993b2 100644 --- a/OpenSim/Framework/Util.cs +++ b/OpenSim/Framework/Util.cs | |||
@@ -26,6 +26,7 @@ | |||
26 | */ | 26 | */ |
27 | 27 | ||
28 | using System; | 28 | using System; |
29 | using System.Collections; | ||
29 | using System.Collections.Generic; | 30 | using System.Collections.Generic; |
30 | using System.Data; | 31 | using System.Data; |
31 | using System.Globalization; | 32 | using System.Globalization; |
@@ -820,6 +821,21 @@ namespace OpenSim.Framework | |||
820 | } | 821 | } |
821 | 822 | ||
822 | /// <summary> | 823 | /// <summary> |
824 | /// Returns an error message that the user could not be found in the database | ||
825 | /// </summary> | ||
826 | /// <returns>XML string consisting of a error element containing individual error(s)</returns> | ||
827 | public static XmlRpcResponse CreateUnknownUserErrorResponse() | ||
828 | { | ||
829 | XmlRpcResponse response = new XmlRpcResponse(); | ||
830 | Hashtable responseData = new Hashtable(); | ||
831 | responseData["error_type"] = "unknown_user"; | ||
832 | responseData["error_desc"] = "The user requested is not in the database"; | ||
833 | |||
834 | response.Value = responseData; | ||
835 | return response; | ||
836 | } | ||
837 | |||
838 | /// <summary> | ||
823 | /// Converts a byte array in big endian order into an ulong. | 839 | /// Converts a byte array in big endian order into an ulong. |
824 | /// </summary> | 840 | /// </summary> |
825 | /// <param name="bytes"> | 841 | /// <param name="bytes"> |