From 0413d052a3ec541164049e7d39278c57fb92ed06 Mon Sep 17 00:00:00 2001
From: diva
Date: Tue, 14 Apr 2009 19:35:35 +0000
Subject: Adds session authentication upon NewUserConnections. Adds user key
 authentication (in safemode only) upon CreateChildAgents. All of this for
 Hypergrid users too. This addresses assorted spoofing vulnerabilities.

---
 OpenSim/Framework/Communications/Clients/RegionClient.cs | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

(limited to 'OpenSim/Framework/Communications/Clients')

diff --git a/OpenSim/Framework/Communications/Clients/RegionClient.cs b/OpenSim/Framework/Communications/Clients/RegionClient.cs
index 27353b0..da3f620 100644
--- a/OpenSim/Framework/Communications/Clients/RegionClient.cs
+++ b/OpenSim/Framework/Communications/Clients/RegionClient.cs
@@ -43,7 +43,7 @@ namespace OpenSim.Framework.Communications.Clients
     {
         private static readonly ILog m_log = LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType);
 
-        public bool DoCreateChildAgentCall(RegionInfo region, AgentCircuitData aCircuit)
+        public bool DoCreateChildAgentCall(RegionInfo region, AgentCircuitData aCircuit, string authKey)
         {
             // Eventually, we want to use a caps url instead of the agentID
             string uri = "http://" + region.ExternalEndPoint.Address + ":" + region.HttpPort + "/agent/" + aCircuit.AgentID + "/";
@@ -54,6 +54,7 @@ namespace OpenSim.Framework.Communications.Clients
             AgentCreateRequest.ContentType = "application/json";
             AgentCreateRequest.Timeout = 10000;
             //AgentCreateRequest.KeepAlive = false;
+            AgentCreateRequest.Headers.Add("Authorization", authKey);
 
             // Fill it in
             OSDMap args = null;
@@ -80,7 +81,7 @@ namespace OpenSim.Framework.Communications.Clients
             }
             catch (Exception e)
             {
-                m_log.WarnFormat("[OSG2]: Exception thrown on serialization of ChildCreate: {0}", e.Message);
+                m_log.WarnFormat("[REST COMMS]: Exception thrown on serialization of ChildCreate: {0}", e.Message);
                 // ignore. buffer will be empty, caller should check.
             }
 
@@ -91,7 +92,7 @@ namespace OpenSim.Framework.Communications.Clients
                 os = AgentCreateRequest.GetRequestStream();
                 os.Write(buffer, 0, strBuffer.Length);         //Send it
                 os.Close();
-                //m_log.InfoFormat("[REST COMMS]: Posted ChildAgentUpdate request to remote sim {0}", uri);
+                //m_log.InfoFormat("[REST COMMS]: Posted CreateChildAgent request to remote sim {0}", uri);
             }
             //catch (WebException ex)
             catch
-- 
cgit v1.1