aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/OpenSim/Framework
diff options
context:
space:
mode:
authordiva2009-04-14 19:35:35 +0000
committerdiva2009-04-14 19:35:35 +0000
commit0413d052a3ec541164049e7d39278c57fb92ed06 (patch)
tree9a58c9c51487278d67e1ad9b3a60668769434001 /OpenSim/Framework
parent* Make archiver tests pump the asset server manually instead of starting the ... (diff)
downloadopensim-SC-0413d052a3ec541164049e7d39278c57fb92ed06.zip
opensim-SC-0413d052a3ec541164049e7d39278c57fb92ed06.tar.gz
opensim-SC-0413d052a3ec541164049e7d39278c57fb92ed06.tar.bz2
opensim-SC-0413d052a3ec541164049e7d39278c57fb92ed06.tar.xz
Adds session authentication upon NewUserConnections. Adds user key authentication (in safemode only) upon CreateChildAgents. All of this for Hypergrid users too. This addresses assorted spoofing vulnerabilities.
Diffstat (limited to 'OpenSim/Framework')
-rw-r--r--OpenSim/Framework/Communications/Clients/RegionClient.cs7
-rw-r--r--OpenSim/Framework/Communications/IAuthentication.cs1
-rw-r--r--OpenSim/Framework/Communications/IUserService.cs4
-rw-r--r--OpenSim/Framework/Communications/Services/LoginService.cs46
-rw-r--r--OpenSim/Framework/Communications/Tests/Cache/AssetCacheTests.cs5
-rw-r--r--OpenSim/Framework/Communications/UserManagerBase.cs15
-rw-r--r--OpenSim/Framework/Util.cs16
7 files changed, 91 insertions, 3 deletions
diff --git a/OpenSim/Framework/Communications/Clients/RegionClient.cs b/OpenSim/Framework/Communications/Clients/RegionClient.cs
index 27353b0..da3f620 100644
--- a/OpenSim/Framework/Communications/Clients/RegionClient.cs
+++ b/OpenSim/Framework/Communications/Clients/RegionClient.cs
@@ -43,7 +43,7 @@ namespace OpenSim.Framework.Communications.Clients
43 { 43 {
44 private static readonly ILog m_log = LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType); 44 private static readonly ILog m_log = LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType);
45 45
46 public bool DoCreateChildAgentCall(RegionInfo region, AgentCircuitData aCircuit) 46 public bool DoCreateChildAgentCall(RegionInfo region, AgentCircuitData aCircuit, string authKey)
47 { 47 {
48 // Eventually, we want to use a caps url instead of the agentID 48 // Eventually, we want to use a caps url instead of the agentID
49 string uri = "http://" + region.ExternalEndPoint.Address + ":" + region.HttpPort + "/agent/" + aCircuit.AgentID + "/"; 49 string uri = "http://" + region.ExternalEndPoint.Address + ":" + region.HttpPort + "/agent/" + aCircuit.AgentID + "/";
@@ -54,6 +54,7 @@ namespace OpenSim.Framework.Communications.Clients
54 AgentCreateRequest.ContentType = "application/json"; 54 AgentCreateRequest.ContentType = "application/json";
55 AgentCreateRequest.Timeout = 10000; 55 AgentCreateRequest.Timeout = 10000;
56 //AgentCreateRequest.KeepAlive = false; 56 //AgentCreateRequest.KeepAlive = false;
57 AgentCreateRequest.Headers.Add("Authorization", authKey);
57 58
58 // Fill it in 59 // Fill it in
59 OSDMap args = null; 60 OSDMap args = null;
@@ -80,7 +81,7 @@ namespace OpenSim.Framework.Communications.Clients
80 } 81 }
81 catch (Exception e) 82 catch (Exception e)
82 { 83 {
83 m_log.WarnFormat("[OSG2]: Exception thrown on serialization of ChildCreate: {0}", e.Message); 84 m_log.WarnFormat("[REST COMMS]: Exception thrown on serialization of ChildCreate: {0}", e.Message);
84 // ignore. buffer will be empty, caller should check. 85 // ignore. buffer will be empty, caller should check.
85 } 86 }
86 87
@@ -91,7 +92,7 @@ namespace OpenSim.Framework.Communications.Clients
91 os = AgentCreateRequest.GetRequestStream(); 92 os = AgentCreateRequest.GetRequestStream();
92 os.Write(buffer, 0, strBuffer.Length); //Send it 93 os.Write(buffer, 0, strBuffer.Length); //Send it
93 os.Close(); 94 os.Close();
94 //m_log.InfoFormat("[REST COMMS]: Posted ChildAgentUpdate request to remote sim {0}", uri); 95 //m_log.InfoFormat("[REST COMMS]: Posted CreateChildAgent request to remote sim {0}", uri);
95 } 96 }
96 //catch (WebException ex) 97 //catch (WebException ex)
97 catch 98 catch
diff --git a/OpenSim/Framework/Communications/IAuthentication.cs b/OpenSim/Framework/Communications/IAuthentication.cs
index 0f62569..bd568e4 100644
--- a/OpenSim/Framework/Communications/IAuthentication.cs
+++ b/OpenSim/Framework/Communications/IAuthentication.cs
@@ -34,5 +34,6 @@ namespace OpenSim.Framework.Communications
34 { 34 {
35 string GetNewKey(string url, UUID userID, UUID authToken); 35 string GetNewKey(string url, UUID userID, UUID authToken);
36 bool VerifyKey(UUID userID, string key); 36 bool VerifyKey(UUID userID, string key);
37 bool VerifySession(UUID iserID, UUID sessionID);
37 } 38 }
38} 39}
diff --git a/OpenSim/Framework/Communications/IUserService.cs b/OpenSim/Framework/Communications/IUserService.cs
index 3c09b40..3a56d35 100644
--- a/OpenSim/Framework/Communications/IUserService.cs
+++ b/OpenSim/Framework/Communications/IUserService.cs
@@ -119,5 +119,9 @@ namespace OpenSim.Framework.Communications
119 /// </summary> 119 /// </summary>
120 /// <param name="friendlistowner">The agent that we're retreiving the friends Data.</param> 120 /// <param name="friendlistowner">The agent that we're retreiving the friends Data.</param>
121 List<FriendListItem> GetUserFriendList(UUID friendlistowner); 121 List<FriendListItem> GetUserFriendList(UUID friendlistowner);
122
123 // This probably shouldn't be here, it belongs to IAuthentication
124 // But since Scenes only have IUserService references, I'm placing it here for now.
125 bool VerifySession(UUID userID, UUID sessionID);
122 } 126 }
123} 127}
diff --git a/OpenSim/Framework/Communications/Services/LoginService.cs b/OpenSim/Framework/Communications/Services/LoginService.cs
index d9556e4..d491309 100644
--- a/OpenSim/Framework/Communications/Services/LoginService.cs
+++ b/OpenSim/Framework/Communications/Services/LoginService.cs
@@ -37,6 +37,7 @@ using log4net;
37using Nwc.XmlRpc; 37using Nwc.XmlRpc;
38using OpenMetaverse; 38using OpenMetaverse;
39using OpenMetaverse.StructuredData; 39using OpenMetaverse.StructuredData;
40using OpenSim.Framework;
40using OpenSim.Framework.Communications.Cache; 41using OpenSim.Framework.Communications.Cache;
41using OpenSim.Framework.Statistics; 42using OpenSim.Framework.Statistics;
42 43
@@ -194,6 +195,12 @@ namespace OpenSim.Framework.Communications.Services
194 195
195 CreateAgent(userProfile, request); 196 CreateAgent(userProfile, request);
196 197
198 // We need to commit the agent right here, even though the userProfile info is not complete
199 // at this point. There is another commit further down.
200 // This is for the new sessionID to be stored so that the region can check it for session authentication.
201 // CustomiseResponse->PrepareLoginToRegion
202 CommitAgent(ref userProfile);
203
197 try 204 try
198 { 205 {
199 UUID agentID = userProfile.ID; 206 UUID agentID = userProfile.ID;
@@ -1108,5 +1115,44 @@ namespace OpenSim.Framework.Communications.Services
1108 { 1115 {
1109 return false; 1116 return false;
1110 } 1117 }
1118
1119 public XmlRpcResponse XmlRPCCheckAuthSession(XmlRpcRequest request)
1120 {
1121 XmlRpcResponse response = new XmlRpcResponse();
1122 Hashtable requestData = (Hashtable)request.Params[0];
1123
1124 string authed = "FALSE";
1125 if (requestData.Contains("avatar_uuid") && requestData.Contains("session_id"))
1126 {
1127 UUID guess_aid;
1128 UUID guess_sid;
1129
1130 UUID.TryParse((string)requestData["avatar_uuid"], out guess_aid);
1131 if (guess_aid == UUID.Zero)
1132 {
1133 return Util.CreateUnknownUserErrorResponse();
1134 }
1135 UUID.TryParse((string)requestData["session_id"], out guess_sid);
1136 if (guess_sid == UUID.Zero)
1137 {
1138 return Util.CreateUnknownUserErrorResponse();
1139 }
1140 if (m_userManager.VerifySession(guess_aid, guess_sid))
1141 {
1142 authed = "TRUE";
1143 }
1144 m_log.InfoFormat("[UserManager]: CheckAuthSession TRUE for user {0}", guess_aid);
1145 }
1146 else
1147 {
1148 m_log.InfoFormat("[UserManager]: CheckAuthSession FALSE");
1149 return Util.CreateUnknownUserErrorResponse();
1150 }
1151 Hashtable responseData = new Hashtable();
1152 responseData["auth_session"] = authed;
1153 response.Value = responseData;
1154 return response;
1155 }
1156
1111 } 1157 }
1112} 1158}
diff --git a/OpenSim/Framework/Communications/Tests/Cache/AssetCacheTests.cs b/OpenSim/Framework/Communications/Tests/Cache/AssetCacheTests.cs
index 5d6bc8d..178c356 100644
--- a/OpenSim/Framework/Communications/Tests/Cache/AssetCacheTests.cs
+++ b/OpenSim/Framework/Communications/Tests/Cache/AssetCacheTests.cs
@@ -178,6 +178,11 @@ namespace OpenSim.Framework.Communications.Tests
178 { 178 {
179 throw new NotImplementedException(); 179 throw new NotImplementedException();
180 } 180 }
181
182 public bool VerifySession(UUID userID, UUID sessionID)
183 {
184 return true;
185 }
181 } 186 }
182 187
183 [Test] 188 [Test]
diff --git a/OpenSim/Framework/Communications/UserManagerBase.cs b/OpenSim/Framework/Communications/UserManagerBase.cs
index 155f5cd..1115041 100644
--- a/OpenSim/Framework/Communications/UserManagerBase.cs
+++ b/OpenSim/Framework/Communications/UserManagerBase.cs
@@ -839,6 +839,21 @@ namespace OpenSim.Framework.Communications
839 } 839 }
840 } 840 }
841 841
842 public bool VerifySession(UUID userID, UUID sessionID)
843 {
844 UserProfileData userProfile = GetUserProfile(userID);
845
846 if (userProfile != null && userProfile.CurrentAgent != null)
847 {
848 m_log.DebugFormat("[USERAUTH]: Verifying session {0} for {1}; current session {2}", sessionID, userID, userProfile.CurrentAgent.SessionID);
849 if (userProfile.CurrentAgent.SessionID == sessionID)
850 {
851 return true;
852 }
853 }
854 return false;
855 }
856
842 #endregion 857 #endregion
843 } 858 }
844} 859}
diff --git a/OpenSim/Framework/Util.cs b/OpenSim/Framework/Util.cs
index 7019096..f1993b2 100644
--- a/OpenSim/Framework/Util.cs
+++ b/OpenSim/Framework/Util.cs
@@ -26,6 +26,7 @@
26 */ 26 */
27 27
28using System; 28using System;
29using System.Collections;
29using System.Collections.Generic; 30using System.Collections.Generic;
30using System.Data; 31using System.Data;
31using System.Globalization; 32using System.Globalization;
@@ -820,6 +821,21 @@ namespace OpenSim.Framework
820 } 821 }
821 822
822 /// <summary> 823 /// <summary>
824 /// Returns an error message that the user could not be found in the database
825 /// </summary>
826 /// <returns>XML string consisting of a error element containing individual error(s)</returns>
827 public static XmlRpcResponse CreateUnknownUserErrorResponse()
828 {
829 XmlRpcResponse response = new XmlRpcResponse();
830 Hashtable responseData = new Hashtable();
831 responseData["error_type"] = "unknown_user";
832 responseData["error_desc"] = "The user requested is not in the database";
833
834 response.Value = responseData;
835 return response;
836 }
837
838 /// <summary>
823 /// Converts a byte array in big endian order into an ulong. 839 /// Converts a byte array in big endian order into an ulong.
824 /// </summary> 840 /// </summary>
825 /// <param name="bytes"> 841 /// <param name="bytes">