One less vulnerability in the HG: detecting foreign users trying to come in with local user IDs. If that happened by accident, too bad, foreign user can't come in with that ID. This test is a consequence of not having truly global names yet.

1 files changed, 13 insertions, 1 deletions

diff --git a/OpenSim/Region/Communications/Hypergrid/HGGridServices.cs b/OpenSim/Region/Communications/Hypergrid/HGGridServices.cs
index 955dd05..632ea83 100644
--- a/OpenSim/Region/Communications/Hypergrid/HGGridServices.cs
+++ b/OpenSim/Region/Communications/Hypergrid/HGGridServices.cs
@@ -745,9 +745,21 @@ namespace OpenSim.Region.Communications.Hypergrid
             m_log.Debug("[HGrid]: home_address: " + userData.UserHomeAddress +
                        "; home_port: " + userData.UserHomePort + "; remoting: " + userData.UserHomeRemotingPort);
 
-
             XmlRpcResponse resp = new XmlRpcResponse();
 
+            // Let's check if someone is trying to get in with a stolen local identity.
+            // The need for this test is a consequence of not having truly global names :-/
+            CachedUserInfo uinfo = m_userProfileCache.GetUserDetails(userData.ID);
+            if ((uinfo != null) && !(uinfo.UserProfile is ForeignUserProfileData))
+            {
+                m_log.WarnFormat("[HGrid]: Foreign user trying to get in with local identity. Access denied.");
+                Hashtable respdata = new Hashtable();
+                respdata["success"] = "FALSE";
+                respdata["reason"] = "Foreign user has the same ID as a local user.";
+                resp.Value = respdata;
+                return resp;
+            }
+
             if (!RegionLoginsEnabled)
             {
                 m_log.InfoFormat(