Adds session authentication upon NewUserConnections. Adds user key authentication (in safemode only) upon CreateChildAgents. All of this for Hypergrid users too. This addresses assorted spoofing vulnerabilities.

author: diva 2009-04-14 19:35:35 +0000
committer: diva 2009-04-14 19:35:35 +0000
commit: 0413d052a3ec541164049e7d39278c57fb92ed06 (patch)
tree: 9a58c9c51487278d67e1ad9b3a60668769434001 /OpenSim/Region/Framework
parent: * Make archiver tests pump the asset server manually instead of starting the ... (diff)
download: opensim-SC_OLD-0413d052a3ec541164049e7d39278c57fb92ed06.zip
opensim-SC_OLD-0413d052a3ec541164049e7d39278c57fb92ed06.tar.gz
opensim-SC_OLD-0413d052a3ec541164049e7d39278c57fb92ed06.tar.bz2
opensim-SC_OLD-0413d052a3ec541164049e7d39278c57fb92ed06.tar.xz
1 files changed, 55 insertions, 38 deletions
diff --git a/OpenSim/Region/Framework/Scenes/Scene.cs b/OpenSim/Region/Framework/Scenes/Scene.cs
index c26adc0..5ffa64c 100644
--- a/OpenSim/Region/Framework/Scenes/Scene.cs
+++ b/OpenSim/Region/Framework/Scenes/Scene.cs
@@ -40,6 +40,7 @@ using OpenMetaverse.Imaging;
 using OpenSim.Framework;
 using OpenSim.Framework.Communications;
 using OpenSim.Framework.Communications.Cache;
+using OpenSim.Framework.Communications.Clients;
 using OpenSim.Framework.Console;
 using OpenSim.Region.Framework.Interfaces;
 using OpenSim.Region.Framework.Scenes.Scripting;
@@ -2372,64 +2373,80 @@ namespace OpenSim.Region.Framework.Scenes
        /// <param name="agent"></param>
        public bool NewUserConnection(AgentCircuitData agent)
        {
-            CapsModule.NewUserConnection(agent);
+            bool goodUserConnection = AuthenticateUser(agent);
-            ScenePresence sp = m_sceneGraph.GetScenePresence(agent.AgentID);
+            if (goodUserConnection)
-            if (sp != null)
            {
-                m_log.DebugFormat(
+                CapsModule.NewUserConnection(agent);
-                    "[SCENE]: Adjusting known seeds for existing agent {0} in {1}",
-                    agent.AgentID, RegionInfo.RegionName);
-                sp.AdjustKnownSeeds();
+                ScenePresence sp = m_sceneGraph.GetScenePresence(agent.AgentID);
+                if (sp != null)
+                {
+                    m_log.DebugFormat(
+                        "[SCENE]: Adjusting known seeds for existing agent {0} in {1}",
+                        agent.AgentID, RegionInfo.RegionName);
-                return true;
+                    sp.AdjustKnownSeeds();
-            }
-            // Don't disable this log message - it's too helpful
+                    return true;
-            m_log.InfoFormat(
+                }
-                "[CONNECTION BEGIN]: Region {0} told of incoming client {1} {2} {3} (circuit code {4})",
-                RegionInfo.RegionName, agent.firstname, agent.lastname, agent.AgentID, agent.circuitcode);
-            if (m_regInfo.EstateSettings.IsBanned(agent.AgentID))
+                // Don't disable this log message - it's too helpful
-            {
+                m_log.InfoFormat(
-                m_log.WarnFormat(
+                    "[CONNECTION BEGIN]: Region {0} told of incoming client {1} {2} {3} (circuit code {4})",
-               "[CONNECTION BEGIN]: Incoming user {0} at {1} is on the region banlist",
+                    RegionInfo.RegionName, agent.firstname, agent.lastname, agent.AgentID, agent.circuitcode);
-               agent.AgentID, RegionInfo.RegionName);
-                //return false;
+                if (m_regInfo.EstateSettings.IsBanned(agent.AgentID))
-            }
+                {
+                    m_log.WarnFormat(
+                   "[CONNECTION BEGIN]: Incoming user {0} at {1} is on the region banlist",
+                   agent.AgentID, RegionInfo.RegionName);
+                    //return false;
+                }
-            CapsModule.AddCapsHandler(agent.AgentID);
+                CapsModule.AddCapsHandler(agent.AgentID);
-            if (!agent.child)
+                if (!agent.child)
-            {
-                // Honor parcel landing type and position.
-                ILandObject land = LandChannel.GetLandObject(agent.startpos.X, agent.startpos.Y);
-                if (land != null)
                {
-                    if (land.landData.LandingType == (byte)1 && land.landData.UserLocation != Vector3.Zero)
+                    // Honor parcel landing type and position.
+                    ILandObject land = LandChannel.GetLandObject(agent.startpos.X, agent.startpos.Y);
+                    if (land != null)
                    {
-                        agent.startpos = land.landData.UserLocation;
+                        if (land.landData.LandingType == (byte)1 && land.landData.UserLocation != Vector3.Zero)
+                        {
+                            agent.startpos = land.landData.UserLocation;
+                        }
                    }
                }
-            }
-            m_authenticateHandler.AddNewCircuit(agent.circuitcode, agent);
+                m_authenticateHandler.AddNewCircuit(agent.circuitcode, agent);
-            // rewrite session_id
+                // rewrite session_id
-            CachedUserInfo userinfo = CommsManager.UserProfileCacheService.GetUserDetails(agent.AgentID);
+                CachedUserInfo userinfo = CommsManager.UserProfileCacheService.GetUserDetails(agent.AgentID);
+                if (userinfo != null)
+                {
+                    userinfo.SessionID = agent.SessionID;
+                }
+                else
+                {
+                    m_log.WarnFormat(
+                        "[CONNECTION BEGIN]: We couldn't find a User Info record for {0}.  This is usually an indication that the UUID we're looking up is invalid", agent.AgentID);
+                }
-            if (userinfo != null)
+                return true;
-            {
-                userinfo.SessionID = agent.SessionID;
            }
            else
            {
-                m_log.WarnFormat(
+                m_log.WarnFormat("[CONNECTION BEGIN]: failed to authenticate user {0} {1}. Denying connection.", agent.firstname, agent.lastname);
-                    "[CONNECTION BEGIN]: We couldn't find a User Info record for {0}.  This is usually an indication that the UUID we're looking up is invalid", agent.AgentID);
+                return false;
            }
+        }
-            return true;
+        public virtual bool AuthenticateUser(AgentCircuitData agent)
+        {
+            bool result = CommsManager.UserService.VerifySession(agent.AgentID, agent.SessionID);
+            m_log.Debug("[CONNECTION BEGIN]: User authentication returned " + result);
+            return result;
        }
        public void UpdateCircuitData(AgentCircuitData data)
author	diva	2009-04-14 19:35:35 +0000
committer	diva	2009-04-14 19:35:35 +0000
commit	0413d052a3ec541164049e7d39278c57fb92ed06 (patch)
tree	9a58c9c51487278d67e1ad9b3a60668769434001 /OpenSim/Region/Framework
parent	* Make archiver tests pump the asset server manually instead of starting the ... (diff)
download	opensim-SC_OLD-0413d052a3ec541164049e7d39278c57fb92ed06.zip opensim-SC_OLD-0413d052a3ec541164049e7d39278c57fb92ed06.tar.gz opensim-SC_OLD-0413d052a3ec541164049e7d39278c57fb92ed06.tar.bz2 opensim-SC_OLD-0413d052a3ec541164049e7d39278c57fb92ed06.tar.xz

diff --git a/OpenSim/Region/Framework/Scenes/Scene.cs b/OpenSim/Region/Framework/Scenes/Scene.cs index c26adc0..5ffa64c 100644 --- a/OpenSim/Region/Framework/Scenes/Scene.cs +++ b/OpenSim/Region/Framework/Scenes/Scene.cs
@@ -40,6 +40,7 @@ using OpenMetaverse.Imaging;
40	using OpenSim.Framework;	40	using OpenSim.Framework;
41	using OpenSim.Framework.Communications;	41	using OpenSim.Framework.Communications;
42	using OpenSim.Framework.Communications.Cache;	42	using OpenSim.Framework.Communications.Cache;
		43	using OpenSim.Framework.Communications.Clients;
43	using OpenSim.Framework.Console;	44	using OpenSim.Framework.Console;
44	using OpenSim.Region.Framework.Interfaces;	45	using OpenSim.Region.Framework.Interfaces;
45	using OpenSim.Region.Framework.Scenes.Scripting;	46	using OpenSim.Region.Framework.Scenes.Scripting;
@@ -2372,64 +2373,80 @@ namespace OpenSim.Region.Framework.Scenes
2372	/// <param name="agent"></param>	2373	/// <param name="agent"></param>
2373	public bool NewUserConnection(AgentCircuitData agent)	2374	public bool NewUserConnection(AgentCircuitData agent)
2374	{	2375	{
2375	CapsModule.NewUserConnection(agent);	2376	bool goodUserConnection = AuthenticateUser(agent);
2376		2377
2377	ScenePresence sp = m_sceneGraph.GetScenePresence(agent.AgentID);	2378	if (goodUserConnection)
2378	if (sp != null)
2379	{	2379	{
2380	m_log.DebugFormat(	2380	CapsModule.NewUserConnection(agent);
2381	"[SCENE]: Adjusting known seeds for existing agent {0} in {1}",
2382	agent.AgentID, RegionInfo.RegionName);
2383		2381
2384	sp.AdjustKnownSeeds();	2382	ScenePresence sp = m_sceneGraph.GetScenePresence(agent.AgentID);
		2383	if (sp != null)
		2384	{
		2385	m_log.DebugFormat(
		2386	"[SCENE]: Adjusting known seeds for existing agent {0} in {1}",
		2387	agent.AgentID, RegionInfo.RegionName);
2385		2388
2386	return true;	2389	sp.AdjustKnownSeeds();
2387	}
2388		2390
2389	// Don't disable this log message - it's too helpful	2391	return true;
2390	m_log.InfoFormat(	2392	}
2391	"[CONNECTION BEGIN]: Region {0} told of incoming client {1} {2} {3} (circuit code {4})",
2392	RegionInfo.RegionName, agent.firstname, agent.lastname, agent.AgentID, agent.circuitcode);
2393		2393
2394	if (m_regInfo.EstateSettings.IsBanned(agent.AgentID))	2394	// Don't disable this log message - it's too helpful
2395	{	2395	m_log.InfoFormat(
2396	m_log.WarnFormat(	2396	"[CONNECTION BEGIN]: Region {0} told of incoming client {1} {2} {3} (circuit code {4})",
2397	"[CONNECTION BEGIN]: Incoming user {0} at {1} is on the region banlist",	2397	RegionInfo.RegionName, agent.firstname, agent.lastname, agent.AgentID, agent.circuitcode);
2398	agent.AgentID, RegionInfo.RegionName);	2398
2399	//return false;	2399	if (m_regInfo.EstateSettings.IsBanned(agent.AgentID))
2400	}	2400	{
		2401	m_log.WarnFormat(
		2402	"[CONNECTION BEGIN]: Incoming user {0} at {1} is on the region banlist",
		2403	agent.AgentID, RegionInfo.RegionName);
		2404	//return false;
		2405	}
2401		2406
2402	CapsModule.AddCapsHandler(agent.AgentID);	2407	CapsModule.AddCapsHandler(agent.AgentID);
2403		2408
2404	if (!agent.child)	2409	if (!agent.child)
2405	{
2406	// Honor parcel landing type and position.
2407	ILandObject land = LandChannel.GetLandObject(agent.startpos.X, agent.startpos.Y);
2408	if (land != null)
2409	{	2410	{
2410	if (land.landData.LandingType == (byte)1 && land.landData.UserLocation != Vector3.Zero)	2411	// Honor parcel landing type and position.
		2412	ILandObject land = LandChannel.GetLandObject(agent.startpos.X, agent.startpos.Y);
		2413	if (land != null)
2411	{	2414	{
2412	agent.startpos = land.landData.UserLocation;	2415	if (land.landData.LandingType == (byte)1 && land.landData.UserLocation != Vector3.Zero)
		2416	{
		2417	agent.startpos = land.landData.UserLocation;
		2418	}
2413	}	2419	}
2414	}	2420	}
2415	}
2416		2421
2417	m_authenticateHandler.AddNewCircuit(agent.circuitcode, agent);	2422	m_authenticateHandler.AddNewCircuit(agent.circuitcode, agent);
2418		2423
2419	// rewrite session_id	2424	// rewrite session_id
2420	CachedUserInfo userinfo = CommsManager.UserProfileCacheService.GetUserDetails(agent.AgentID);	2425	CachedUserInfo userinfo = CommsManager.UserProfileCacheService.GetUserDetails(agent.AgentID);
		2426	if (userinfo != null)
		2427	{
		2428	userinfo.SessionID = agent.SessionID;
		2429	}
		2430	else
		2431	{
		2432	m_log.WarnFormat(
		2433	"[CONNECTION BEGIN]: We couldn't find a User Info record for {0}. This is usually an indication that the UUID we're looking up is invalid", agent.AgentID);
		2434	}
2421		2435
2422	if (userinfo != null)	2436	return true;
2423	{
2424	userinfo.SessionID = agent.SessionID;
2425	}	2437	}
2426	else	2438	else
2427	{	2439	{
2428	m_log.WarnFormat(	2440	m_log.WarnFormat("[CONNECTION BEGIN]: failed to authenticate user {0} {1}. Denying connection.", agent.firstname, agent.lastname);
2429	"[CONNECTION BEGIN]: We couldn't find a User Info record for {0}. This is usually an indication that the UUID we're looking up is invalid", agent.AgentID);	2441	return false;
2430	}	2442	}
		2443	}
2431		2444
2432	return true;	2445	public virtual bool AuthenticateUser(AgentCircuitData agent)
		2446	{
		2447	bool result = CommsManager.UserService.VerifySession(agent.AgentID, agent.SessionID);
		2448	m_log.Debug("[CONNECTION BEGIN]: User authentication returned " + result);
		2449	return result;
2433	}	2450	}
2434		2451
2435	public void UpdateCircuitData(AgentCircuitData data)	2452	public void UpdateCircuitData(AgentCircuitData data)