aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/OpenSim/Region/Framework
diff options
context:
space:
mode:
authordiva2009-04-14 19:35:35 +0000
committerdiva2009-04-14 19:35:35 +0000
commit0413d052a3ec541164049e7d39278c57fb92ed06 (patch)
tree9a58c9c51487278d67e1ad9b3a60668769434001 /OpenSim/Region/Framework
parent* Make archiver tests pump the asset server manually instead of starting the ... (diff)
downloadopensim-SC_OLD-0413d052a3ec541164049e7d39278c57fb92ed06.zip
opensim-SC_OLD-0413d052a3ec541164049e7d39278c57fb92ed06.tar.gz
opensim-SC_OLD-0413d052a3ec541164049e7d39278c57fb92ed06.tar.bz2
opensim-SC_OLD-0413d052a3ec541164049e7d39278c57fb92ed06.tar.xz
Adds session authentication upon NewUserConnections. Adds user key authentication (in safemode only) upon CreateChildAgents. All of this for Hypergrid users too. This addresses assorted spoofing vulnerabilities.
Diffstat (limited to 'OpenSim/Region/Framework')
-rw-r--r--OpenSim/Region/Framework/Scenes/Scene.cs93
1 files changed, 55 insertions, 38 deletions
diff --git a/OpenSim/Region/Framework/Scenes/Scene.cs b/OpenSim/Region/Framework/Scenes/Scene.cs
index c26adc0..5ffa64c 100644
--- a/OpenSim/Region/Framework/Scenes/Scene.cs
+++ b/OpenSim/Region/Framework/Scenes/Scene.cs
@@ -40,6 +40,7 @@ using OpenMetaverse.Imaging;
40using OpenSim.Framework; 40using OpenSim.Framework;
41using OpenSim.Framework.Communications; 41using OpenSim.Framework.Communications;
42using OpenSim.Framework.Communications.Cache; 42using OpenSim.Framework.Communications.Cache;
43using OpenSim.Framework.Communications.Clients;
43using OpenSim.Framework.Console; 44using OpenSim.Framework.Console;
44using OpenSim.Region.Framework.Interfaces; 45using OpenSim.Region.Framework.Interfaces;
45using OpenSim.Region.Framework.Scenes.Scripting; 46using OpenSim.Region.Framework.Scenes.Scripting;
@@ -2372,64 +2373,80 @@ namespace OpenSim.Region.Framework.Scenes
2372 /// <param name="agent"></param> 2373 /// <param name="agent"></param>
2373 public bool NewUserConnection(AgentCircuitData agent) 2374 public bool NewUserConnection(AgentCircuitData agent)
2374 { 2375 {
2375 CapsModule.NewUserConnection(agent); 2376 bool goodUserConnection = AuthenticateUser(agent);
2376 2377
2377 ScenePresence sp = m_sceneGraph.GetScenePresence(agent.AgentID); 2378 if (goodUserConnection)
2378 if (sp != null)
2379 { 2379 {
2380 m_log.DebugFormat( 2380 CapsModule.NewUserConnection(agent);
2381 "[SCENE]: Adjusting known seeds for existing agent {0} in {1}",
2382 agent.AgentID, RegionInfo.RegionName);
2383 2381
2384 sp.AdjustKnownSeeds(); 2382 ScenePresence sp = m_sceneGraph.GetScenePresence(agent.AgentID);
2383 if (sp != null)
2384 {
2385 m_log.DebugFormat(
2386 "[SCENE]: Adjusting known seeds for existing agent {0} in {1}",
2387 agent.AgentID, RegionInfo.RegionName);
2385 2388
2386 return true; 2389 sp.AdjustKnownSeeds();
2387 }
2388 2390
2389 // Don't disable this log message - it's too helpful 2391 return true;
2390 m_log.InfoFormat( 2392 }
2391 "[CONNECTION BEGIN]: Region {0} told of incoming client {1} {2} {3} (circuit code {4})",
2392 RegionInfo.RegionName, agent.firstname, agent.lastname, agent.AgentID, agent.circuitcode);
2393 2393
2394 if (m_regInfo.EstateSettings.IsBanned(agent.AgentID)) 2394 // Don't disable this log message - it's too helpful
2395 { 2395 m_log.InfoFormat(
2396 m_log.WarnFormat( 2396 "[CONNECTION BEGIN]: Region {0} told of incoming client {1} {2} {3} (circuit code {4})",
2397 "[CONNECTION BEGIN]: Incoming user {0} at {1} is on the region banlist", 2397 RegionInfo.RegionName, agent.firstname, agent.lastname, agent.AgentID, agent.circuitcode);
2398 agent.AgentID, RegionInfo.RegionName); 2398
2399 //return false; 2399 if (m_regInfo.EstateSettings.IsBanned(agent.AgentID))
2400 } 2400 {
2401 m_log.WarnFormat(
2402 "[CONNECTION BEGIN]: Incoming user {0} at {1} is on the region banlist",
2403 agent.AgentID, RegionInfo.RegionName);
2404 //return false;
2405 }
2401 2406
2402 CapsModule.AddCapsHandler(agent.AgentID); 2407 CapsModule.AddCapsHandler(agent.AgentID);
2403 2408
2404 if (!agent.child) 2409 if (!agent.child)
2405 {
2406 // Honor parcel landing type and position.
2407 ILandObject land = LandChannel.GetLandObject(agent.startpos.X, agent.startpos.Y);
2408 if (land != null)
2409 { 2410 {
2410 if (land.landData.LandingType == (byte)1 && land.landData.UserLocation != Vector3.Zero) 2411 // Honor parcel landing type and position.
2412 ILandObject land = LandChannel.GetLandObject(agent.startpos.X, agent.startpos.Y);
2413 if (land != null)
2411 { 2414 {
2412 agent.startpos = land.landData.UserLocation; 2415 if (land.landData.LandingType == (byte)1 && land.landData.UserLocation != Vector3.Zero)
2416 {
2417 agent.startpos = land.landData.UserLocation;
2418 }
2413 } 2419 }
2414 } 2420 }
2415 }
2416 2421
2417 m_authenticateHandler.AddNewCircuit(agent.circuitcode, agent); 2422 m_authenticateHandler.AddNewCircuit(agent.circuitcode, agent);
2418 2423
2419 // rewrite session_id 2424 // rewrite session_id
2420 CachedUserInfo userinfo = CommsManager.UserProfileCacheService.GetUserDetails(agent.AgentID); 2425 CachedUserInfo userinfo = CommsManager.UserProfileCacheService.GetUserDetails(agent.AgentID);
2426 if (userinfo != null)
2427 {
2428 userinfo.SessionID = agent.SessionID;
2429 }
2430 else
2431 {
2432 m_log.WarnFormat(
2433 "[CONNECTION BEGIN]: We couldn't find a User Info record for {0}. This is usually an indication that the UUID we're looking up is invalid", agent.AgentID);
2434 }
2421 2435
2422 if (userinfo != null) 2436 return true;
2423 {
2424 userinfo.SessionID = agent.SessionID;
2425 } 2437 }
2426 else 2438 else
2427 { 2439 {
2428 m_log.WarnFormat( 2440 m_log.WarnFormat("[CONNECTION BEGIN]: failed to authenticate user {0} {1}. Denying connection.", agent.firstname, agent.lastname);
2429 "[CONNECTION BEGIN]: We couldn't find a User Info record for {0}. This is usually an indication that the UUID we're looking up is invalid", agent.AgentID); 2441 return false;
2430 } 2442 }
2443 }
2431 2444
2432 return true; 2445 public virtual bool AuthenticateUser(AgentCircuitData agent)
2446 {
2447 bool result = CommsManager.UserService.VerifySession(agent.AgentID, agent.SessionID);
2448 m_log.Debug("[CONNECTION BEGIN]: User authentication returned " + result);
2449 return result;
2433 } 2450 }
2434 2451
2435 public void UpdateCircuitData(AgentCircuitData data) 2452 public void UpdateCircuitData(AgentCircuitData data)