From e3d4814971ecfb6242395942bdbf449ce55ab6b1 Mon Sep 17 00:00:00 2001
From: diva
Date: Tue, 14 Apr 2009 22:24:26 +0000
Subject: One less vulnerability in the HG: detecting foreign users trying to
 come in with local user IDs. If that happened by accident, too bad, foreign
 user can't come in with that ID. This test is a consequence of not having
 truly global names yet.

---
 OpenSim/Region/Communications/Hypergrid/HGGridServices.cs | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/OpenSim/Region/Communications/Hypergrid/HGGridServices.cs b/OpenSim/Region/Communications/Hypergrid/HGGridServices.cs
index 955dd05..632ea83 100644
--- a/OpenSim/Region/Communications/Hypergrid/HGGridServices.cs
+++ b/OpenSim/Region/Communications/Hypergrid/HGGridServices.cs
@@ -745,9 +745,21 @@ namespace OpenSim.Region.Communications.Hypergrid
             m_log.Debug("[HGrid]: home_address: " + userData.UserHomeAddress +
                        "; home_port: " + userData.UserHomePort + "; remoting: " + userData.UserHomeRemotingPort);
 
-
             XmlRpcResponse resp = new XmlRpcResponse();
 
+            // Let's check if someone is trying to get in with a stolen local identity.
+            // The need for this test is a consequence of not having truly global names :-/
+            CachedUserInfo uinfo = m_userProfileCache.GetUserDetails(userData.ID);
+            if ((uinfo != null) && !(uinfo.UserProfile is ForeignUserProfileData))
+            {
+                m_log.WarnFormat("[HGrid]: Foreign user trying to get in with local identity. Access denied.");
+                Hashtable respdata = new Hashtable();
+                respdata["success"] = "FALSE";
+                respdata["reason"] = "Foreign user has the same ID as a local user.";
+                resp.Value = respdata;
+                return resp;
+            }
+
             if (!RegionLoginsEnabled)
             {
                 m_log.InfoFormat(
-- 
cgit v1.1