diff options
author | diva | 2009-04-14 19:35:35 +0000 |
---|---|---|
committer | diva | 2009-04-14 19:35:35 +0000 |
commit | 0413d052a3ec541164049e7d39278c57fb92ed06 (patch) | |
tree | 9a58c9c51487278d67e1ad9b3a60668769434001 /OpenSim/Region/Framework | |
parent | * Make archiver tests pump the asset server manually instead of starting the ... (diff) | |
download | opensim-SC-0413d052a3ec541164049e7d39278c57fb92ed06.zip opensim-SC-0413d052a3ec541164049e7d39278c57fb92ed06.tar.gz opensim-SC-0413d052a3ec541164049e7d39278c57fb92ed06.tar.bz2 opensim-SC-0413d052a3ec541164049e7d39278c57fb92ed06.tar.xz |
Adds session authentication upon NewUserConnections. Adds user key authentication (in safemode only) upon CreateChildAgents. All of this for Hypergrid users too. This addresses assorted spoofing vulnerabilities.
Diffstat (limited to 'OpenSim/Region/Framework')
-rw-r--r-- | OpenSim/Region/Framework/Scenes/Scene.cs | 93 |
1 files changed, 55 insertions, 38 deletions
diff --git a/OpenSim/Region/Framework/Scenes/Scene.cs b/OpenSim/Region/Framework/Scenes/Scene.cs index c26adc0..5ffa64c 100644 --- a/OpenSim/Region/Framework/Scenes/Scene.cs +++ b/OpenSim/Region/Framework/Scenes/Scene.cs | |||
@@ -40,6 +40,7 @@ using OpenMetaverse.Imaging; | |||
40 | using OpenSim.Framework; | 40 | using OpenSim.Framework; |
41 | using OpenSim.Framework.Communications; | 41 | using OpenSim.Framework.Communications; |
42 | using OpenSim.Framework.Communications.Cache; | 42 | using OpenSim.Framework.Communications.Cache; |
43 | using OpenSim.Framework.Communications.Clients; | ||
43 | using OpenSim.Framework.Console; | 44 | using OpenSim.Framework.Console; |
44 | using OpenSim.Region.Framework.Interfaces; | 45 | using OpenSim.Region.Framework.Interfaces; |
45 | using OpenSim.Region.Framework.Scenes.Scripting; | 46 | using OpenSim.Region.Framework.Scenes.Scripting; |
@@ -2372,64 +2373,80 @@ namespace OpenSim.Region.Framework.Scenes | |||
2372 | /// <param name="agent"></param> | 2373 | /// <param name="agent"></param> |
2373 | public bool NewUserConnection(AgentCircuitData agent) | 2374 | public bool NewUserConnection(AgentCircuitData agent) |
2374 | { | 2375 | { |
2375 | CapsModule.NewUserConnection(agent); | 2376 | bool goodUserConnection = AuthenticateUser(agent); |
2376 | 2377 | ||
2377 | ScenePresence sp = m_sceneGraph.GetScenePresence(agent.AgentID); | 2378 | if (goodUserConnection) |
2378 | if (sp != null) | ||
2379 | { | 2379 | { |
2380 | m_log.DebugFormat( | 2380 | CapsModule.NewUserConnection(agent); |
2381 | "[SCENE]: Adjusting known seeds for existing agent {0} in {1}", | ||
2382 | agent.AgentID, RegionInfo.RegionName); | ||
2383 | 2381 | ||
2384 | sp.AdjustKnownSeeds(); | 2382 | ScenePresence sp = m_sceneGraph.GetScenePresence(agent.AgentID); |
2383 | if (sp != null) | ||
2384 | { | ||
2385 | m_log.DebugFormat( | ||
2386 | "[SCENE]: Adjusting known seeds for existing agent {0} in {1}", | ||
2387 | agent.AgentID, RegionInfo.RegionName); | ||
2385 | 2388 | ||
2386 | return true; | 2389 | sp.AdjustKnownSeeds(); |
2387 | } | ||
2388 | 2390 | ||
2389 | // Don't disable this log message - it's too helpful | 2391 | return true; |
2390 | m_log.InfoFormat( | 2392 | } |
2391 | "[CONNECTION BEGIN]: Region {0} told of incoming client {1} {2} {3} (circuit code {4})", | ||
2392 | RegionInfo.RegionName, agent.firstname, agent.lastname, agent.AgentID, agent.circuitcode); | ||
2393 | 2393 | ||
2394 | if (m_regInfo.EstateSettings.IsBanned(agent.AgentID)) | 2394 | // Don't disable this log message - it's too helpful |
2395 | { | 2395 | m_log.InfoFormat( |
2396 | m_log.WarnFormat( | 2396 | "[CONNECTION BEGIN]: Region {0} told of incoming client {1} {2} {3} (circuit code {4})", |
2397 | "[CONNECTION BEGIN]: Incoming user {0} at {1} is on the region banlist", | 2397 | RegionInfo.RegionName, agent.firstname, agent.lastname, agent.AgentID, agent.circuitcode); |
2398 | agent.AgentID, RegionInfo.RegionName); | 2398 | |
2399 | //return false; | 2399 | if (m_regInfo.EstateSettings.IsBanned(agent.AgentID)) |
2400 | } | 2400 | { |
2401 | m_log.WarnFormat( | ||
2402 | "[CONNECTION BEGIN]: Incoming user {0} at {1} is on the region banlist", | ||
2403 | agent.AgentID, RegionInfo.RegionName); | ||
2404 | //return false; | ||
2405 | } | ||
2401 | 2406 | ||
2402 | CapsModule.AddCapsHandler(agent.AgentID); | 2407 | CapsModule.AddCapsHandler(agent.AgentID); |
2403 | 2408 | ||
2404 | if (!agent.child) | 2409 | if (!agent.child) |
2405 | { | ||
2406 | // Honor parcel landing type and position. | ||
2407 | ILandObject land = LandChannel.GetLandObject(agent.startpos.X, agent.startpos.Y); | ||
2408 | if (land != null) | ||
2409 | { | 2410 | { |
2410 | if (land.landData.LandingType == (byte)1 && land.landData.UserLocation != Vector3.Zero) | 2411 | // Honor parcel landing type and position. |
2412 | ILandObject land = LandChannel.GetLandObject(agent.startpos.X, agent.startpos.Y); | ||
2413 | if (land != null) | ||
2411 | { | 2414 | { |
2412 | agent.startpos = land.landData.UserLocation; | 2415 | if (land.landData.LandingType == (byte)1 && land.landData.UserLocation != Vector3.Zero) |
2416 | { | ||
2417 | agent.startpos = land.landData.UserLocation; | ||
2418 | } | ||
2413 | } | 2419 | } |
2414 | } | 2420 | } |
2415 | } | ||
2416 | 2421 | ||
2417 | m_authenticateHandler.AddNewCircuit(agent.circuitcode, agent); | 2422 | m_authenticateHandler.AddNewCircuit(agent.circuitcode, agent); |
2418 | 2423 | ||
2419 | // rewrite session_id | 2424 | // rewrite session_id |
2420 | CachedUserInfo userinfo = CommsManager.UserProfileCacheService.GetUserDetails(agent.AgentID); | 2425 | CachedUserInfo userinfo = CommsManager.UserProfileCacheService.GetUserDetails(agent.AgentID); |
2426 | if (userinfo != null) | ||
2427 | { | ||
2428 | userinfo.SessionID = agent.SessionID; | ||
2429 | } | ||
2430 | else | ||
2431 | { | ||
2432 | m_log.WarnFormat( | ||
2433 | "[CONNECTION BEGIN]: We couldn't find a User Info record for {0}. This is usually an indication that the UUID we're looking up is invalid", agent.AgentID); | ||
2434 | } | ||
2421 | 2435 | ||
2422 | if (userinfo != null) | 2436 | return true; |
2423 | { | ||
2424 | userinfo.SessionID = agent.SessionID; | ||
2425 | } | 2437 | } |
2426 | else | 2438 | else |
2427 | { | 2439 | { |
2428 | m_log.WarnFormat( | 2440 | m_log.WarnFormat("[CONNECTION BEGIN]: failed to authenticate user {0} {1}. Denying connection.", agent.firstname, agent.lastname); |
2429 | "[CONNECTION BEGIN]: We couldn't find a User Info record for {0}. This is usually an indication that the UUID we're looking up is invalid", agent.AgentID); | 2441 | return false; |
2430 | } | 2442 | } |
2443 | } | ||
2431 | 2444 | ||
2432 | return true; | 2445 | public virtual bool AuthenticateUser(AgentCircuitData agent) |
2446 | { | ||
2447 | bool result = CommsManager.UserService.VerifySession(agent.AgentID, agent.SessionID); | ||
2448 | m_log.Debug("[CONNECTION BEGIN]: User authentication returned " + result); | ||
2449 | return result; | ||
2433 | } | 2450 | } |
2434 | 2451 | ||
2435 | public void UpdateCircuitData(AgentCircuitData data) | 2452 | public void UpdateCircuitData(AgentCircuitData data) |