Adds session authentication upon NewUserConnections. Adds user key authentication (in safemode only) upon CreateChildAgents. All of this for Hypergrid users too. This addresses assorted spoofing vulnerabilities.

author: diva 2009-04-14 19:35:35 +0000
committer: diva 2009-04-14 19:35:35 +0000
commit: 0413d052a3ec541164049e7d39278c57fb92ed06 (patch)
tree: 9a58c9c51487278d67e1ad9b3a60668769434001 /OpenSim/Region/CoreModules/Hypergrid
parent: * Make archiver tests pump the asset server manually instead of starting the ... (diff)
download: opensim-SC-0413d052a3ec541164049e7d39278c57fb92ed06.zip
opensim-SC-0413d052a3ec541164049e7d39278c57fb92ed06.tar.gz
opensim-SC-0413d052a3ec541164049e7d39278c57fb92ed06.tar.bz2
opensim-SC-0413d052a3ec541164049e7d39278c57fb92ed06.tar.xz
2 files changed, 3 insertions, 2 deletions
diff --git a/OpenSim/Region/CoreModules/Hypergrid/HGStandaloneInventoryModule.cs b/OpenSim/Region/CoreModules/Hypergrid/HGStandaloneInventoryModule.cs
index 3675583..f0d70a7 100644
--- a/OpenSim/Region/CoreModules/Hypergrid/HGStandaloneInventoryModule.cs
+++ b/OpenSim/Region/CoreModules/Hypergrid/HGStandaloneInventoryModule.cs
@@ -93,7 +93,7 @@ namespace OpenSim.Region.CoreModules.Hypergrid
                m_inventoryService = new HGInventoryService(m_inventoryBase,
                    ((AssetServerBase)m_scene.CommsManager.AssetCache.AssetServer).AssetProviderPlugin,
-                    (UserManagerBase)m_scene.CommsManager.UserService, m_scene.CommsManager.HttpServer, 
+                    (UserManagerBase)m_scene.CommsManager.UserAdminService, m_scene.CommsManager.HttpServer, 
                    m_scene.CommsManager.NetworkServersInfo.InventoryURL);
                AddHttpHandlers(m_scene.CommsManager.HttpServer);
diff --git a/OpenSim/Region/CoreModules/Hypergrid/HGStandaloneLoginModule.cs b/OpenSim/Region/CoreModules/Hypergrid/HGStandaloneLoginModule.cs
index f0e957b..c458b89 100644
--- a/OpenSim/Region/CoreModules/Hypergrid/HGStandaloneLoginModule.cs
+++ b/OpenSim/Region/CoreModules/Hypergrid/HGStandaloneLoginModule.cs
@@ -104,11 +104,12 @@ namespace OpenSim.Region.CoreModules.Hypergrid
                    IHttpServer httpServer = m_firstScene.CommsManager.HttpServer;
                    //TODO: fix the casting of the user service, maybe by registering the userManagerBase with scenes, or refactoring so we just need a IUserService reference
-                    m_loginService = new HGLoginAuthService((UserManagerBase)m_firstScene.CommsManager.UserService, welcomeMessage, m_firstScene.CommsManager.InterServiceInventoryService, m_firstScene.CommsManager.NetworkServersInfo, authenticate, rootFolder, this);
+                    m_loginService = new HGLoginAuthService((UserManagerBase)m_firstScene.CommsManager.UserAdminService, welcomeMessage, m_firstScene.CommsManager.InterServiceInventoryService, m_firstScene.CommsManager.NetworkServersInfo, authenticate, rootFolder, this);
                    httpServer.AddXmlRPCHandler("hg_login", m_loginService.XmlRpcLoginMethod);
                    httpServer.AddXmlRPCHandler("hg_new_auth_key", m_loginService.XmlRpcGenerateKeyMethod);
                    httpServer.AddXmlRPCHandler("hg_verify_auth_key", m_loginService.XmlRpcVerifyKeyMethod);
+                    httpServer.AddXmlRPCHandler("check_auth_session", m_loginService.XmlRPCCheckAuthSession);
                }
            }
author	diva	2009-04-14 19:35:35 +0000
committer	diva	2009-04-14 19:35:35 +0000
commit	0413d052a3ec541164049e7d39278c57fb92ed06 (patch)
tree	9a58c9c51487278d67e1ad9b3a60668769434001 /OpenSim/Region/CoreModules/Hypergrid
parent	* Make archiver tests pump the asset server manually instead of starting the ... (diff)
download	opensim-SC-0413d052a3ec541164049e7d39278c57fb92ed06.zip opensim-SC-0413d052a3ec541164049e7d39278c57fb92ed06.tar.gz opensim-SC-0413d052a3ec541164049e7d39278c57fb92ed06.tar.bz2 opensim-SC-0413d052a3ec541164049e7d39278c57fb92ed06.tar.xz