aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/OpenSim/Grid
diff options
context:
space:
mode:
authordiva2009-04-14 19:35:35 +0000
committerdiva2009-04-14 19:35:35 +0000
commit0413d052a3ec541164049e7d39278c57fb92ed06 (patch)
tree9a58c9c51487278d67e1ad9b3a60668769434001 /OpenSim/Grid
parent* Make archiver tests pump the asset server manually instead of starting the ... (diff)
downloadopensim-SC_OLD-0413d052a3ec541164049e7d39278c57fb92ed06.zip
opensim-SC_OLD-0413d052a3ec541164049e7d39278c57fb92ed06.tar.gz
opensim-SC_OLD-0413d052a3ec541164049e7d39278c57fb92ed06.tar.bz2
opensim-SC_OLD-0413d052a3ec541164049e7d39278c57fb92ed06.tar.xz
Adds session authentication upon NewUserConnections. Adds user key authentication (in safemode only) upon CreateChildAgents. All of this for Hypergrid users too. This addresses assorted spoofing vulnerabilities.
Diffstat (limited to '')
-rw-r--r--OpenSim/Grid/UserServer.Modules/UserLoginService.cs1
-rw-r--r--OpenSim/Grid/UserServer.Modules/UserManager.cs85
2 files changed, 15 insertions, 71 deletions
diff --git a/OpenSim/Grid/UserServer.Modules/UserLoginService.cs b/OpenSim/Grid/UserServer.Modules/UserLoginService.cs
index 3598ac6..795efaa 100644
--- a/OpenSim/Grid/UserServer.Modules/UserLoginService.cs
+++ b/OpenSim/Grid/UserServer.Modules/UserLoginService.cs
@@ -83,6 +83,7 @@ namespace OpenSim.Grid.UserServer.Modules
83 m_httpServer.AddXmlRPCHandler("login_to_simulator", XmlRpcLoginMethod); 83 m_httpServer.AddXmlRPCHandler("login_to_simulator", XmlRpcLoginMethod);
84 m_httpServer.AddHTTPHandler("login", ProcessHTMLLogin); 84 m_httpServer.AddHTTPHandler("login", ProcessHTMLLogin);
85 m_httpServer.AddXmlRPCHandler("set_login_params", XmlRPCSetLoginParams); 85 m_httpServer.AddXmlRPCHandler("set_login_params", XmlRPCSetLoginParams);
86 m_httpServer.AddXmlRPCHandler("check_auth_session", XmlRPCCheckAuthSession);
86 87
87 if (registerLLSDHandler) 88 if (registerLLSDHandler)
88 { 89 {
diff --git a/OpenSim/Grid/UserServer.Modules/UserManager.cs b/OpenSim/Grid/UserServer.Modules/UserManager.cs
index 515c2bf..33b43e4 100644
--- a/OpenSim/Grid/UserServer.Modules/UserManager.cs
+++ b/OpenSim/Grid/UserServer.Modules/UserManager.cs
@@ -109,7 +109,6 @@ namespace OpenSim.Grid.UserServer.Modules
109 m_httpServer.AddXmlRPCHandler("update_user_current_region", XmlRPCAtRegion); 109 m_httpServer.AddXmlRPCHandler("update_user_current_region", XmlRPCAtRegion);
110 m_httpServer.AddXmlRPCHandler("logout_of_simulator", XmlRPCLogOffUserMethodUUID); 110 m_httpServer.AddXmlRPCHandler("logout_of_simulator", XmlRPCLogOffUserMethodUUID);
111 m_httpServer.AddXmlRPCHandler("get_agent_by_uuid", XmlRPCGetAgentMethodUUID); 111 m_httpServer.AddXmlRPCHandler("get_agent_by_uuid", XmlRPCGetAgentMethodUUID);
112 m_httpServer.AddXmlRPCHandler("check_auth_session", XmlRPCCheckAuthSession);
113 112
114 m_httpServer.AddXmlRPCHandler("update_user_profile", XmlRpcResponseXmlRPCUpdateUserProfile); 113 m_httpServer.AddXmlRPCHandler("update_user_profile", XmlRpcResponseXmlRPCUpdateUserProfile);
115 114
@@ -133,21 +132,6 @@ namespace OpenSim.Grid.UserServer.Modules
133 return "OK"; 132 return "OK";
134 } 133 }
135 134
136 /// <summary>
137 /// Returns an error message that the user could not be found in the database
138 /// </summary>
139 /// <returns>XML string consisting of a error element containing individual error(s)</returns>
140 public XmlRpcResponse CreateUnknownUserErrorResponse()
141 {
142 XmlRpcResponse response = new XmlRpcResponse();
143 Hashtable responseData = new Hashtable();
144 responseData["error_type"] = "unknown_user";
145 responseData["error_desc"] = "The user requested is not in the database";
146
147 response.Value = responseData;
148 return response;
149 }
150
151 public XmlRpcResponse AvatarPickerListtoXmlRPCResponse(UUID queryID, List<AvatarPickerAvatar> returnUsers) 135 public XmlRpcResponse AvatarPickerListtoXmlRPCResponse(UUID queryID, List<AvatarPickerAvatar> returnUsers)
152 { 136 {
153 XmlRpcResponse response = new XmlRpcResponse(); 137 XmlRpcResponse response = new XmlRpcResponse();
@@ -278,7 +262,7 @@ namespace OpenSim.Grid.UserServer.Modules
278 string query = (string)requestData["avatar_name"]; 262 string query = (string)requestData["avatar_name"];
279 263
280 if (null == query) 264 if (null == query)
281 return CreateUnknownUserErrorResponse(); 265 return Util.CreateUnknownUserErrorResponse();
282 266
283 // Regex objAlphaNumericPattern = new Regex("[^a-zA-Z0-9]"); 267 // Regex objAlphaNumericPattern = new Regex("[^a-zA-Z0-9]");
284 268
@@ -289,17 +273,17 @@ namespace OpenSim.Grid.UserServer.Modules
289 userProfile = m_userDataBaseService.GetUserProfile(querysplit[0], querysplit[1]); 273 userProfile = m_userDataBaseService.GetUserProfile(querysplit[0], querysplit[1]);
290 if (userProfile == null) 274 if (userProfile == null)
291 { 275 {
292 return CreateUnknownUserErrorResponse(); 276 return Util.CreateUnknownUserErrorResponse();
293 } 277 }
294 } 278 }
295 else 279 else
296 { 280 {
297 return CreateUnknownUserErrorResponse(); 281 return Util.CreateUnknownUserErrorResponse();
298 } 282 }
299 } 283 }
300 else 284 else
301 { 285 {
302 return CreateUnknownUserErrorResponse(); 286 return Util.CreateUnknownUserErrorResponse();
303 } 287 }
304 288
305 return ProfileToXmlRPCResponse(userProfile); 289 return ProfileToXmlRPCResponse(userProfile);
@@ -322,17 +306,17 @@ namespace OpenSim.Grid.UserServer.Modules
322 } 306 }
323 catch (FormatException) 307 catch (FormatException)
324 { 308 {
325 return CreateUnknownUserErrorResponse(); 309 return Util.CreateUnknownUserErrorResponse();
326 } 310 }
327 311
328 if (userProfile == null) 312 if (userProfile == null)
329 { 313 {
330 return CreateUnknownUserErrorResponse(); 314 return Util.CreateUnknownUserErrorResponse();
331 } 315 }
332 } 316 }
333 else 317 else
334 { 318 {
335 return CreateUnknownUserErrorResponse(); 319 return Util.CreateUnknownUserErrorResponse();
336 } 320 }
337 321
338 return ProfileToXmlRPCResponse(userProfile); 322 return ProfileToXmlRPCResponse(userProfile);
@@ -353,20 +337,20 @@ namespace OpenSim.Grid.UserServer.Modules
353 337
354 if (guess == UUID.Zero) 338 if (guess == UUID.Zero)
355 { 339 {
356 return CreateUnknownUserErrorResponse(); 340 return Util.CreateUnknownUserErrorResponse();
357 } 341 }
358 342
359 userProfile = m_userDataBaseService.GetUserProfile(guess); 343 userProfile = m_userDataBaseService.GetUserProfile(guess);
360 344
361 if (userProfile == null) 345 if (userProfile == null)
362 { 346 {
363 return CreateUnknownUserErrorResponse(); 347 return Util.CreateUnknownUserErrorResponse();
364 } 348 }
365 349
366 // no agent??? 350 // no agent???
367 if (userProfile.CurrentAgent == null) 351 if (userProfile.CurrentAgent == null)
368 { 352 {
369 return CreateUnknownUserErrorResponse(); 353 return Util.CreateUnknownUserErrorResponse();
370 } 354 }
371 Hashtable responseData = new Hashtable(); 355 Hashtable responseData = new Hashtable();
372 356
@@ -381,53 +365,12 @@ namespace OpenSim.Grid.UserServer.Modules
381 } 365 }
382 else 366 else
383 { 367 {
384 return CreateUnknownUserErrorResponse(); 368 return Util.CreateUnknownUserErrorResponse();
385 } 369 }
386 370
387 return response; 371 return response;
388 } 372 }
389 373
390 public XmlRpcResponse XmlRPCCheckAuthSession(XmlRpcRequest request)
391 {
392 XmlRpcResponse response = new XmlRpcResponse();
393 Hashtable requestData = (Hashtable)request.Params[0];
394 UserProfileData userProfile;
395
396 string authed = "FALSE";
397 if (requestData.Contains("avatar_uuid") && requestData.Contains("session_id"))
398 {
399 UUID guess_aid;
400 UUID guess_sid;
401
402 UUID.TryParse((string)requestData["avatar_uuid"], out guess_aid);
403 if (guess_aid == UUID.Zero)
404 {
405 return CreateUnknownUserErrorResponse();
406 }
407 UUID.TryParse((string)requestData["session_id"], out guess_sid);
408 if (guess_sid == UUID.Zero)
409 {
410 return CreateUnknownUserErrorResponse();
411 }
412 userProfile = m_userDataBaseService.GetUserProfile(guess_aid);
413 if (userProfile != null && userProfile.CurrentAgent != null &&
414 userProfile.CurrentAgent.SessionID == guess_sid)
415 {
416 authed = "TRUE";
417 }
418 m_log.InfoFormat("[UserManager]: CheckAuthSession TRUE for user {0}", guess_aid);
419 }
420 else
421 {
422 m_log.InfoFormat("[UserManager]: CheckAuthSession FALSE");
423 return CreateUnknownUserErrorResponse();
424 }
425 Hashtable responseData = new Hashtable();
426 responseData["auth_session"] = authed;
427 response.Value = responseData;
428 return response;
429 }
430
431 public XmlRpcResponse XmlRpcResponseXmlRPCUpdateUserProfile(XmlRpcRequest request) 374 public XmlRpcResponse XmlRpcResponseXmlRPCUpdateUserProfile(XmlRpcRequest request)
432 { 375 {
433 m_log.Debug("[UserManager]: Got request to update user profile"); 376 m_log.Debug("[UserManager]: Got request to update user profile");
@@ -437,14 +380,14 @@ namespace OpenSim.Grid.UserServer.Modules
437 380
438 if (!requestData.Contains("avatar_uuid")) 381 if (!requestData.Contains("avatar_uuid"))
439 { 382 {
440 return CreateUnknownUserErrorResponse(); 383 return Util.CreateUnknownUserErrorResponse();
441 } 384 }
442 385
443 UUID UserUUID = new UUID((string)requestData["avatar_uuid"]); 386 UUID UserUUID = new UUID((string)requestData["avatar_uuid"]);
444 UserProfileData userProfile = m_userDataBaseService.GetUserProfile(UserUUID); 387 UserProfileData userProfile = m_userDataBaseService.GetUserProfile(UserUUID);
445 if (null == userProfile) 388 if (null == userProfile)
446 { 389 {
447 return CreateUnknownUserErrorResponse(); 390 return Util.CreateUnknownUserErrorResponse();
448 } 391 }
449 // don't know how yet. 392 // don't know how yet.
450 if (requestData.Contains("AllowPublish")) 393 if (requestData.Contains("AllowPublish"))
@@ -656,7 +599,7 @@ namespace OpenSim.Grid.UserServer.Modules
656 } 599 }
657 else 600 else
658 { 601 {
659 return CreateUnknownUserErrorResponse(); 602 return Util.CreateUnknownUserErrorResponse();
660 } 603 }
661 604
662 return response; 605 return response;