From e3d4814971ecfb6242395942bdbf449ce55ab6b1 Mon Sep 17 00:00:00 2001 From: diva Date: Tue, 14 Apr 2009 22:24:26 +0000 Subject: One less vulnerability in the HG: detecting foreign users trying to come in with local user IDs. If that happened by accident, too bad, foreign user can't come in with that ID. This test is a consequence of not having truly global names yet. --- OpenSim/Region/Communications/Hypergrid/HGGridServices.cs | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) (limited to 'OpenSim/Region/Communications/Hypergrid') diff --git a/OpenSim/Region/Communications/Hypergrid/HGGridServices.cs b/OpenSim/Region/Communications/Hypergrid/HGGridServices.cs index 955dd05..632ea83 100644 --- a/OpenSim/Region/Communications/Hypergrid/HGGridServices.cs +++ b/OpenSim/Region/Communications/Hypergrid/HGGridServices.cs @@ -745,9 +745,21 @@ namespace OpenSim.Region.Communications.Hypergrid m_log.Debug("[HGrid]: home_address: " + userData.UserHomeAddress + "; home_port: " + userData.UserHomePort + "; remoting: " + userData.UserHomeRemotingPort); - XmlRpcResponse resp = new XmlRpcResponse(); + // Let's check if someone is trying to get in with a stolen local identity. + // The need for this test is a consequence of not having truly global names :-/ + CachedUserInfo uinfo = m_userProfileCache.GetUserDetails(userData.ID); + if ((uinfo != null) && !(uinfo.UserProfile is ForeignUserProfileData)) + { + m_log.WarnFormat("[HGrid]: Foreign user trying to get in with local identity. Access denied."); + Hashtable respdata = new Hashtable(); + respdata["success"] = "FALSE"; + respdata["reason"] = "Foreign user has the same ID as a local user."; + resp.Value = respdata; + return resp; + } + if (!RegionLoginsEnabled) { m_log.InfoFormat( -- cgit v1.1