From 50eebb5cba3bc4143115fca0e163ebdf3fc4dc60 Mon Sep 17 00:00:00 2001 From: "Justin Clark-Casey (justincc)" Date: Thu, 8 Dec 2011 22:00:59 +0000 Subject: [PATCH] Don't reply with an ack packet if the client is not authorized. --- .../ClientStack/Linden/UDP/LLUDPServer.cs | 71 ++++++++----------- .../Linden/UDP/Tests/BasicCircuitTests.cs | 5 +- 2 files changed, 31 insertions(+), 45 deletions(-) diff --git a/OpenSim/Region/ClientStack/Linden/UDP/LLUDPServer.cs b/OpenSim/Region/ClientStack/Linden/UDP/LLUDPServer.cs index cef5f74257..5610c099eb 100644 --- a/OpenSim/Region/ClientStack/Linden/UDP/LLUDPServer.cs +++ b/OpenSim/Region/ClientStack/Linden/UDP/LLUDPServer.cs @@ -905,23 +905,40 @@ namespace OpenSim.Region.ClientStack.LindenUDP // DateTime startTime = DateTime.Now; object[] array = (object[])o; UDPPacketBuffer buffer = (UDPPacketBuffer)array[0]; - UseCircuitCodePacket packet = (UseCircuitCodePacket)array[1]; + UseCircuitCodePacket uccp = (UseCircuitCodePacket)array[1]; m_log.DebugFormat("[LLUDPSERVER]: Handling UseCircuitCode request from {0}", buffer.RemoteEndPoint); IPEndPoint remoteEndPoint = (IPEndPoint)buffer.RemoteEndPoint; - // Begin the process of adding the client to the simulator - IClientAPI client = AddNewClient((UseCircuitCodePacket)packet, remoteEndPoint); - - // Send ack straight away to let the viewer know that the connection is active. - // The client will be null if it already exists (e.g. if on a region crossing the client sends a use - // circuit code to the existing child agent. This is not particularly obvious. - SendAckImmediate(remoteEndPoint, packet.Header.Sequence); - - // We only want to send initial data to new clients, not ones which are being converted from child to root. - if (client != null) - client.SceneAgent.SendInitialDataToMe(); + AuthenticateResponse sessionInfo; + if (IsClientAuthorized(uccp, out sessionInfo)) + { + // Begin the process of adding the client to the simulator + IClientAPI client + = AddClient( + uccp.CircuitCode.Code, + uccp.CircuitCode.ID, + uccp.CircuitCode.SessionID, + remoteEndPoint, + sessionInfo); + + // Send ack straight away to let the viewer know that the connection is active. + // The client will be null if it already exists (e.g. if on a region crossing the client sends a use + // circuit code to the existing child agent. This is not particularly obvious. + SendAckImmediate(remoteEndPoint, uccp.Header.Sequence); + + // We only want to send initial data to new clients, not ones which are being converted from child to root. + if (client != null) + client.SceneAgent.SendInitialDataToMe(); + } + else + { + // Don't create clients for unauthorized requesters. + m_log.WarnFormat( + "[LLUDPSERVER]: Connection request for client {0} connecting with unnotified circuit code {1} from {2}", + uccp.CircuitCode.ID, uccp.CircuitCode.Code, remoteEndPoint); + } // m_log.DebugFormat( // "[LLUDPSERVER]: Handling UseCircuitCode request from {0} took {1}ms", @@ -971,36 +988,6 @@ namespace OpenSim.Region.ClientStack.LindenUDP return sessionInfo.Authorised; } - /// - /// Add a new client. - /// - /// - /// - /// - /// The client that was added or null if the client failed authorization or already existed. - /// - private IClientAPI AddNewClient(UseCircuitCodePacket useCircuitCode, IPEndPoint remoteEndPoint) - { - UUID agentID = useCircuitCode.CircuitCode.ID; - UUID sessionID = useCircuitCode.CircuitCode.SessionID; - uint circuitCode = useCircuitCode.CircuitCode.Code; - - AuthenticateResponse sessionInfo; - if (IsClientAuthorized(useCircuitCode, out sessionInfo)) - { - return AddClient(circuitCode, agentID, sessionID, remoteEndPoint, sessionInfo); - } - else - { - // Don't create circuits for unauthorized clients - m_log.WarnFormat( - "[LLUDPSERVER]: Connection request for client {0} connecting with unnotified circuit code {1} from {2}", - useCircuitCode.CircuitCode.ID, useCircuitCode.CircuitCode.Code, remoteEndPoint); - - return null; - } - } - /// /// Add a client. /// diff --git a/OpenSim/Region/ClientStack/Linden/UDP/Tests/BasicCircuitTests.cs b/OpenSim/Region/ClientStack/Linden/UDP/Tests/BasicCircuitTests.cs index 1457194eed..a575e3616d 100644 --- a/OpenSim/Region/ClientStack/Linden/UDP/Tests/BasicCircuitTests.cs +++ b/OpenSim/Region/ClientStack/Linden/UDP/Tests/BasicCircuitTests.cs @@ -202,10 +202,9 @@ namespace OpenSim.Region.ClientStack.LindenUDP.Tests ScenePresence sp = scene.GetScenePresence(myAgentUuid); Assert.That(sp.UUID, Is.EqualTo(myAgentUuid)); - // FIXME: We're still replying to an ack when the client is not authorized, which is not correct behaviour. - Assert.That(llUdpServer.PacketsSent.Count, Is.EqualTo(2)); + Assert.That(llUdpServer.PacketsSent.Count, Is.EqualTo(1)); - Packet packet = llUdpServer.PacketsSent[1]; + Packet packet = llUdpServer.PacketsSent[0]; Assert.That(packet, Is.InstanceOf(typeof(PacketAckPacket))); PacketAckPacket ackPacket = packet as PacketAckPacket;