Adds session authentication upon NewUserConnections. Adds user key authentication (in safemode only) upon CreateChildAgents. All of this for Hypergrid users too. This addresses assorted spoofing vulnerabilities.

author: diva 2009-04-14 19:35:35 +0000
committer: diva 2009-04-14 19:35:35 +0000
commit: 0413d052a3ec541164049e7d39278c57fb92ed06 (patch)
tree: 9a58c9c51487278d67e1ad9b3a60668769434001 /OpenSim/Framework/Communications/UserManagerBase.cs
parent: * Make archiver tests pump the asset server manually instead of starting the ... (diff)
download: opensim-SC_OLD-0413d052a3ec541164049e7d39278c57fb92ed06.zip
opensim-SC_OLD-0413d052a3ec541164049e7d39278c57fb92ed06.tar.gz
opensim-SC_OLD-0413d052a3ec541164049e7d39278c57fb92ed06.tar.bz2
opensim-SC_OLD-0413d052a3ec541164049e7d39278c57fb92ed06.tar.xz
1 files changed, 15 insertions, 0 deletions
diff --git a/OpenSim/Framework/Communications/UserManagerBase.cs b/OpenSim/Framework/Communications/UserManagerBase.cs
index 155f5cd..1115041 100644
--- a/OpenSim/Framework/Communications/UserManagerBase.cs
+++ b/OpenSim/Framework/Communications/UserManagerBase.cs
@@ -839,6 +839,21 @@ namespace OpenSim.Framework.Communications
            }
        }
+        public bool VerifySession(UUID userID, UUID sessionID)
+        {
+            UserProfileData userProfile = GetUserProfile(userID);
+            if (userProfile != null && userProfile.CurrentAgent != null)
+            {
+                m_log.DebugFormat("[USERAUTH]: Verifying session {0} for {1}; current  session {2}", sessionID, userID, userProfile.CurrentAgent.SessionID);
+                if (userProfile.CurrentAgent.SessionID == sessionID)
+                {
+                    return true;
+                }
+            }
+            return false;
+        }
        #endregion
    }
 }
author	diva	2009-04-14 19:35:35 +0000
committer	diva	2009-04-14 19:35:35 +0000
commit	0413d052a3ec541164049e7d39278c57fb92ed06 (patch)
tree	9a58c9c51487278d67e1ad9b3a60668769434001 /OpenSim/Framework/Communications/UserManagerBase.cs
parent	* Make archiver tests pump the asset server manually instead of starting the ... (diff)
download	opensim-SC_OLD-0413d052a3ec541164049e7d39278c57fb92ed06.zip opensim-SC_OLD-0413d052a3ec541164049e7d39278c57fb92ed06.tar.gz opensim-SC_OLD-0413d052a3ec541164049e7d39278c57fb92ed06.tar.bz2 opensim-SC_OLD-0413d052a3ec541164049e7d39278c57fb92ed06.tar.xz

diff --git a/OpenSim/Framework/Communications/UserManagerBase.cs b/OpenSim/Framework/Communications/UserManagerBase.cs index 155f5cd..1115041 100644 --- a/OpenSim/Framework/Communications/UserManagerBase.cs +++ b/OpenSim/Framework/Communications/UserManagerBase.cs
@@ -839,6 +839,21 @@ namespace OpenSim.Framework.Communications
839	}	839	}
840	}	840	}
841		841
		842	public bool VerifySession(UUID userID, UUID sessionID)
		843	{
		844	UserProfileData userProfile = GetUserProfile(userID);
		845
		846	if (userProfile != null && userProfile.CurrentAgent != null)
		847	{
		848	m_log.DebugFormat("[USERAUTH]: Verifying session {0} for {1}; current session {2}", sessionID, userID, userProfile.CurrentAgent.SessionID);
		849	if (userProfile.CurrentAgent.SessionID == sessionID)
		850	{
		851	return true;
		852	}
		853	}
		854	return false;
		855	}
		856
842	#endregion	857	#endregion
843	}	858	}
844	}	859	}