diff options
author | diva | 2009-04-14 19:35:35 +0000 |
---|---|---|
committer | diva | 2009-04-14 19:35:35 +0000 |
commit | 0413d052a3ec541164049e7d39278c57fb92ed06 (patch) | |
tree | 9a58c9c51487278d67e1ad9b3a60668769434001 /OpenSim/Grid | |
parent | * Make archiver tests pump the asset server manually instead of starting the ... (diff) | |
download | opensim-SC_OLD-0413d052a3ec541164049e7d39278c57fb92ed06.zip opensim-SC_OLD-0413d052a3ec541164049e7d39278c57fb92ed06.tar.gz opensim-SC_OLD-0413d052a3ec541164049e7d39278c57fb92ed06.tar.bz2 opensim-SC_OLD-0413d052a3ec541164049e7d39278c57fb92ed06.tar.xz |
Adds session authentication upon NewUserConnections. Adds user key authentication (in safemode only) upon CreateChildAgents. All of this for Hypergrid users too. This addresses assorted spoofing vulnerabilities.
Diffstat (limited to '')
-rw-r--r-- | OpenSim/Grid/UserServer.Modules/UserLoginService.cs | 1 | ||||
-rw-r--r-- | OpenSim/Grid/UserServer.Modules/UserManager.cs | 85 |
2 files changed, 15 insertions, 71 deletions
diff --git a/OpenSim/Grid/UserServer.Modules/UserLoginService.cs b/OpenSim/Grid/UserServer.Modules/UserLoginService.cs index 3598ac6..795efaa 100644 --- a/OpenSim/Grid/UserServer.Modules/UserLoginService.cs +++ b/OpenSim/Grid/UserServer.Modules/UserLoginService.cs | |||
@@ -83,6 +83,7 @@ namespace OpenSim.Grid.UserServer.Modules | |||
83 | m_httpServer.AddXmlRPCHandler("login_to_simulator", XmlRpcLoginMethod); | 83 | m_httpServer.AddXmlRPCHandler("login_to_simulator", XmlRpcLoginMethod); |
84 | m_httpServer.AddHTTPHandler("login", ProcessHTMLLogin); | 84 | m_httpServer.AddHTTPHandler("login", ProcessHTMLLogin); |
85 | m_httpServer.AddXmlRPCHandler("set_login_params", XmlRPCSetLoginParams); | 85 | m_httpServer.AddXmlRPCHandler("set_login_params", XmlRPCSetLoginParams); |
86 | m_httpServer.AddXmlRPCHandler("check_auth_session", XmlRPCCheckAuthSession); | ||
86 | 87 | ||
87 | if (registerLLSDHandler) | 88 | if (registerLLSDHandler) |
88 | { | 89 | { |
diff --git a/OpenSim/Grid/UserServer.Modules/UserManager.cs b/OpenSim/Grid/UserServer.Modules/UserManager.cs index 515c2bf..33b43e4 100644 --- a/OpenSim/Grid/UserServer.Modules/UserManager.cs +++ b/OpenSim/Grid/UserServer.Modules/UserManager.cs | |||
@@ -109,7 +109,6 @@ namespace OpenSim.Grid.UserServer.Modules | |||
109 | m_httpServer.AddXmlRPCHandler("update_user_current_region", XmlRPCAtRegion); | 109 | m_httpServer.AddXmlRPCHandler("update_user_current_region", XmlRPCAtRegion); |
110 | m_httpServer.AddXmlRPCHandler("logout_of_simulator", XmlRPCLogOffUserMethodUUID); | 110 | m_httpServer.AddXmlRPCHandler("logout_of_simulator", XmlRPCLogOffUserMethodUUID); |
111 | m_httpServer.AddXmlRPCHandler("get_agent_by_uuid", XmlRPCGetAgentMethodUUID); | 111 | m_httpServer.AddXmlRPCHandler("get_agent_by_uuid", XmlRPCGetAgentMethodUUID); |
112 | m_httpServer.AddXmlRPCHandler("check_auth_session", XmlRPCCheckAuthSession); | ||
113 | 112 | ||
114 | m_httpServer.AddXmlRPCHandler("update_user_profile", XmlRpcResponseXmlRPCUpdateUserProfile); | 113 | m_httpServer.AddXmlRPCHandler("update_user_profile", XmlRpcResponseXmlRPCUpdateUserProfile); |
115 | 114 | ||
@@ -133,21 +132,6 @@ namespace OpenSim.Grid.UserServer.Modules | |||
133 | return "OK"; | 132 | return "OK"; |
134 | } | 133 | } |
135 | 134 | ||
136 | /// <summary> | ||
137 | /// Returns an error message that the user could not be found in the database | ||
138 | /// </summary> | ||
139 | /// <returns>XML string consisting of a error element containing individual error(s)</returns> | ||
140 | public XmlRpcResponse CreateUnknownUserErrorResponse() | ||
141 | { | ||
142 | XmlRpcResponse response = new XmlRpcResponse(); | ||
143 | Hashtable responseData = new Hashtable(); | ||
144 | responseData["error_type"] = "unknown_user"; | ||
145 | responseData["error_desc"] = "The user requested is not in the database"; | ||
146 | |||
147 | response.Value = responseData; | ||
148 | return response; | ||
149 | } | ||
150 | |||
151 | public XmlRpcResponse AvatarPickerListtoXmlRPCResponse(UUID queryID, List<AvatarPickerAvatar> returnUsers) | 135 | public XmlRpcResponse AvatarPickerListtoXmlRPCResponse(UUID queryID, List<AvatarPickerAvatar> returnUsers) |
152 | { | 136 | { |
153 | XmlRpcResponse response = new XmlRpcResponse(); | 137 | XmlRpcResponse response = new XmlRpcResponse(); |
@@ -278,7 +262,7 @@ namespace OpenSim.Grid.UserServer.Modules | |||
278 | string query = (string)requestData["avatar_name"]; | 262 | string query = (string)requestData["avatar_name"]; |
279 | 263 | ||
280 | if (null == query) | 264 | if (null == query) |
281 | return CreateUnknownUserErrorResponse(); | 265 | return Util.CreateUnknownUserErrorResponse(); |
282 | 266 | ||
283 | // Regex objAlphaNumericPattern = new Regex("[^a-zA-Z0-9]"); | 267 | // Regex objAlphaNumericPattern = new Regex("[^a-zA-Z0-9]"); |
284 | 268 | ||
@@ -289,17 +273,17 @@ namespace OpenSim.Grid.UserServer.Modules | |||
289 | userProfile = m_userDataBaseService.GetUserProfile(querysplit[0], querysplit[1]); | 273 | userProfile = m_userDataBaseService.GetUserProfile(querysplit[0], querysplit[1]); |
290 | if (userProfile == null) | 274 | if (userProfile == null) |
291 | { | 275 | { |
292 | return CreateUnknownUserErrorResponse(); | 276 | return Util.CreateUnknownUserErrorResponse(); |
293 | } | 277 | } |
294 | } | 278 | } |
295 | else | 279 | else |
296 | { | 280 | { |
297 | return CreateUnknownUserErrorResponse(); | 281 | return Util.CreateUnknownUserErrorResponse(); |
298 | } | 282 | } |
299 | } | 283 | } |
300 | else | 284 | else |
301 | { | 285 | { |
302 | return CreateUnknownUserErrorResponse(); | 286 | return Util.CreateUnknownUserErrorResponse(); |
303 | } | 287 | } |
304 | 288 | ||
305 | return ProfileToXmlRPCResponse(userProfile); | 289 | return ProfileToXmlRPCResponse(userProfile); |
@@ -322,17 +306,17 @@ namespace OpenSim.Grid.UserServer.Modules | |||
322 | } | 306 | } |
323 | catch (FormatException) | 307 | catch (FormatException) |
324 | { | 308 | { |
325 | return CreateUnknownUserErrorResponse(); | 309 | return Util.CreateUnknownUserErrorResponse(); |
326 | } | 310 | } |
327 | 311 | ||
328 | if (userProfile == null) | 312 | if (userProfile == null) |
329 | { | 313 | { |
330 | return CreateUnknownUserErrorResponse(); | 314 | return Util.CreateUnknownUserErrorResponse(); |
331 | } | 315 | } |
332 | } | 316 | } |
333 | else | 317 | else |
334 | { | 318 | { |
335 | return CreateUnknownUserErrorResponse(); | 319 | return Util.CreateUnknownUserErrorResponse(); |
336 | } | 320 | } |
337 | 321 | ||
338 | return ProfileToXmlRPCResponse(userProfile); | 322 | return ProfileToXmlRPCResponse(userProfile); |
@@ -353,20 +337,20 @@ namespace OpenSim.Grid.UserServer.Modules | |||
353 | 337 | ||
354 | if (guess == UUID.Zero) | 338 | if (guess == UUID.Zero) |
355 | { | 339 | { |
356 | return CreateUnknownUserErrorResponse(); | 340 | return Util.CreateUnknownUserErrorResponse(); |
357 | } | 341 | } |
358 | 342 | ||
359 | userProfile = m_userDataBaseService.GetUserProfile(guess); | 343 | userProfile = m_userDataBaseService.GetUserProfile(guess); |
360 | 344 | ||
361 | if (userProfile == null) | 345 | if (userProfile == null) |
362 | { | 346 | { |
363 | return CreateUnknownUserErrorResponse(); | 347 | return Util.CreateUnknownUserErrorResponse(); |
364 | } | 348 | } |
365 | 349 | ||
366 | // no agent??? | 350 | // no agent??? |
367 | if (userProfile.CurrentAgent == null) | 351 | if (userProfile.CurrentAgent == null) |
368 | { | 352 | { |
369 | return CreateUnknownUserErrorResponse(); | 353 | return Util.CreateUnknownUserErrorResponse(); |
370 | } | 354 | } |
371 | Hashtable responseData = new Hashtable(); | 355 | Hashtable responseData = new Hashtable(); |
372 | 356 | ||
@@ -381,53 +365,12 @@ namespace OpenSim.Grid.UserServer.Modules | |||
381 | } | 365 | } |
382 | else | 366 | else |
383 | { | 367 | { |
384 | return CreateUnknownUserErrorResponse(); | 368 | return Util.CreateUnknownUserErrorResponse(); |
385 | } | 369 | } |
386 | 370 | ||
387 | return response; | 371 | return response; |
388 | } | 372 | } |
389 | 373 | ||
390 | public XmlRpcResponse XmlRPCCheckAuthSession(XmlRpcRequest request) | ||
391 | { | ||
392 | XmlRpcResponse response = new XmlRpcResponse(); | ||
393 | Hashtable requestData = (Hashtable)request.Params[0]; | ||
394 | UserProfileData userProfile; | ||
395 | |||
396 | string authed = "FALSE"; | ||
397 | if (requestData.Contains("avatar_uuid") && requestData.Contains("session_id")) | ||
398 | { | ||
399 | UUID guess_aid; | ||
400 | UUID guess_sid; | ||
401 | |||
402 | UUID.TryParse((string)requestData["avatar_uuid"], out guess_aid); | ||
403 | if (guess_aid == UUID.Zero) | ||
404 | { | ||
405 | return CreateUnknownUserErrorResponse(); | ||
406 | } | ||
407 | UUID.TryParse((string)requestData["session_id"], out guess_sid); | ||
408 | if (guess_sid == UUID.Zero) | ||
409 | { | ||
410 | return CreateUnknownUserErrorResponse(); | ||
411 | } | ||
412 | userProfile = m_userDataBaseService.GetUserProfile(guess_aid); | ||
413 | if (userProfile != null && userProfile.CurrentAgent != null && | ||
414 | userProfile.CurrentAgent.SessionID == guess_sid) | ||
415 | { | ||
416 | authed = "TRUE"; | ||
417 | } | ||
418 | m_log.InfoFormat("[UserManager]: CheckAuthSession TRUE for user {0}", guess_aid); | ||
419 | } | ||
420 | else | ||
421 | { | ||
422 | m_log.InfoFormat("[UserManager]: CheckAuthSession FALSE"); | ||
423 | return CreateUnknownUserErrorResponse(); | ||
424 | } | ||
425 | Hashtable responseData = new Hashtable(); | ||
426 | responseData["auth_session"] = authed; | ||
427 | response.Value = responseData; | ||
428 | return response; | ||
429 | } | ||
430 | |||
431 | public XmlRpcResponse XmlRpcResponseXmlRPCUpdateUserProfile(XmlRpcRequest request) | 374 | public XmlRpcResponse XmlRpcResponseXmlRPCUpdateUserProfile(XmlRpcRequest request) |
432 | { | 375 | { |
433 | m_log.Debug("[UserManager]: Got request to update user profile"); | 376 | m_log.Debug("[UserManager]: Got request to update user profile"); |
@@ -437,14 +380,14 @@ namespace OpenSim.Grid.UserServer.Modules | |||
437 | 380 | ||
438 | if (!requestData.Contains("avatar_uuid")) | 381 | if (!requestData.Contains("avatar_uuid")) |
439 | { | 382 | { |
440 | return CreateUnknownUserErrorResponse(); | 383 | return Util.CreateUnknownUserErrorResponse(); |
441 | } | 384 | } |
442 | 385 | ||
443 | UUID UserUUID = new UUID((string)requestData["avatar_uuid"]); | 386 | UUID UserUUID = new UUID((string)requestData["avatar_uuid"]); |
444 | UserProfileData userProfile = m_userDataBaseService.GetUserProfile(UserUUID); | 387 | UserProfileData userProfile = m_userDataBaseService.GetUserProfile(UserUUID); |
445 | if (null == userProfile) | 388 | if (null == userProfile) |
446 | { | 389 | { |
447 | return CreateUnknownUserErrorResponse(); | 390 | return Util.CreateUnknownUserErrorResponse(); |
448 | } | 391 | } |
449 | // don't know how yet. | 392 | // don't know how yet. |
450 | if (requestData.Contains("AllowPublish")) | 393 | if (requestData.Contains("AllowPublish")) |
@@ -656,7 +599,7 @@ namespace OpenSim.Grid.UserServer.Modules | |||
656 | } | 599 | } |
657 | else | 600 | else |
658 | { | 601 | { |
659 | return CreateUnknownUserErrorResponse(); | 602 | return Util.CreateUnknownUserErrorResponse(); |
660 | } | 603 | } |
661 | 604 | ||
662 | return response; | 605 | return response; |