diff options
Adds session authentication upon NewUserConnections. Adds user key authentication (in safemode only) upon CreateChildAgents. All of this for Hypergrid users too. This addresses assorted spoofing vulnerabilities.
Diffstat (limited to '')
| -rw-r--r-- | OpenSim/Region/CoreModules/Hypergrid/HGStandaloneInventoryModule.cs | 2 | ||||
| -rw-r--r-- | OpenSim/Region/CoreModules/Hypergrid/HGStandaloneLoginModule.cs | 3 |
2 files changed, 3 insertions, 2 deletions
diff --git a/OpenSim/Region/CoreModules/Hypergrid/HGStandaloneInventoryModule.cs b/OpenSim/Region/CoreModules/Hypergrid/HGStandaloneInventoryModule.cs index 3675583..f0d70a7 100644 --- a/OpenSim/Region/CoreModules/Hypergrid/HGStandaloneInventoryModule.cs +++ b/OpenSim/Region/CoreModules/Hypergrid/HGStandaloneInventoryModule.cs | |||
| @@ -93,7 +93,7 @@ namespace OpenSim.Region.CoreModules.Hypergrid | |||
| 93 | 93 | ||
| 94 | m_inventoryService = new HGInventoryService(m_inventoryBase, | 94 | m_inventoryService = new HGInventoryService(m_inventoryBase, |
| 95 | ((AssetServerBase)m_scene.CommsManager.AssetCache.AssetServer).AssetProviderPlugin, | 95 | ((AssetServerBase)m_scene.CommsManager.AssetCache.AssetServer).AssetProviderPlugin, |
| 96 | (UserManagerBase)m_scene.CommsManager.UserService, m_scene.CommsManager.HttpServer, | 96 | (UserManagerBase)m_scene.CommsManager.UserAdminService, m_scene.CommsManager.HttpServer, |
| 97 | m_scene.CommsManager.NetworkServersInfo.InventoryURL); | 97 | m_scene.CommsManager.NetworkServersInfo.InventoryURL); |
| 98 | 98 | ||
| 99 | AddHttpHandlers(m_scene.CommsManager.HttpServer); | 99 | AddHttpHandlers(m_scene.CommsManager.HttpServer); |
diff --git a/OpenSim/Region/CoreModules/Hypergrid/HGStandaloneLoginModule.cs b/OpenSim/Region/CoreModules/Hypergrid/HGStandaloneLoginModule.cs index f0e957b..c458b89 100644 --- a/OpenSim/Region/CoreModules/Hypergrid/HGStandaloneLoginModule.cs +++ b/OpenSim/Region/CoreModules/Hypergrid/HGStandaloneLoginModule.cs | |||
| @@ -104,11 +104,12 @@ namespace OpenSim.Region.CoreModules.Hypergrid | |||
| 104 | IHttpServer httpServer = m_firstScene.CommsManager.HttpServer; | 104 | IHttpServer httpServer = m_firstScene.CommsManager.HttpServer; |
| 105 | 105 | ||
| 106 | //TODO: fix the casting of the user service, maybe by registering the userManagerBase with scenes, or refactoring so we just need a IUserService reference | 106 | //TODO: fix the casting of the user service, maybe by registering the userManagerBase with scenes, or refactoring so we just need a IUserService reference |
| 107 | m_loginService = new HGLoginAuthService((UserManagerBase)m_firstScene.CommsManager.UserService, welcomeMessage, m_firstScene.CommsManager.InterServiceInventoryService, m_firstScene.CommsManager.NetworkServersInfo, authenticate, rootFolder, this); | 107 | m_loginService = new HGLoginAuthService((UserManagerBase)m_firstScene.CommsManager.UserAdminService, welcomeMessage, m_firstScene.CommsManager.InterServiceInventoryService, m_firstScene.CommsManager.NetworkServersInfo, authenticate, rootFolder, this); |
| 108 | 108 | ||
| 109 | httpServer.AddXmlRPCHandler("hg_login", m_loginService.XmlRpcLoginMethod); | 109 | httpServer.AddXmlRPCHandler("hg_login", m_loginService.XmlRpcLoginMethod); |
| 110 | httpServer.AddXmlRPCHandler("hg_new_auth_key", m_loginService.XmlRpcGenerateKeyMethod); | 110 | httpServer.AddXmlRPCHandler("hg_new_auth_key", m_loginService.XmlRpcGenerateKeyMethod); |
| 111 | httpServer.AddXmlRPCHandler("hg_verify_auth_key", m_loginService.XmlRpcVerifyKeyMethod); | 111 | httpServer.AddXmlRPCHandler("hg_verify_auth_key", m_loginService.XmlRpcVerifyKeyMethod); |
| 112 | httpServer.AddXmlRPCHandler("check_auth_session", m_loginService.XmlRPCCheckAuthSession); | ||
| 112 | 113 | ||
| 113 | } | 114 | } |
| 114 | } | 115 | } |