Don't reply with an ack packet if the client is not authorized.

0.7.2-post-fixes
Justin Clark-Casey (justincc) 2011-12-08 22:00:59 +00:00
parent 7ca688f5c5
commit 5b0d0ef1e9
2 changed files with 31 additions and 45 deletions

View File

@ -905,23 +905,40 @@ namespace OpenSim.Region.ClientStack.LindenUDP
// DateTime startTime = DateTime.Now; // DateTime startTime = DateTime.Now;
object[] array = (object[])o; object[] array = (object[])o;
UDPPacketBuffer buffer = (UDPPacketBuffer)array[0]; UDPPacketBuffer buffer = (UDPPacketBuffer)array[0];
UseCircuitCodePacket packet = (UseCircuitCodePacket)array[1]; UseCircuitCodePacket uccp = (UseCircuitCodePacket)array[1];
m_log.DebugFormat("[LLUDPSERVER]: Handling UseCircuitCode request from {0}", buffer.RemoteEndPoint); m_log.DebugFormat("[LLUDPSERVER]: Handling UseCircuitCode request from {0}", buffer.RemoteEndPoint);
IPEndPoint remoteEndPoint = (IPEndPoint)buffer.RemoteEndPoint; IPEndPoint remoteEndPoint = (IPEndPoint)buffer.RemoteEndPoint;
// Begin the process of adding the client to the simulator AuthenticateResponse sessionInfo;
IClientAPI client = AddNewClient((UseCircuitCodePacket)packet, remoteEndPoint); if (IsClientAuthorized(uccp, out sessionInfo))
{
// Begin the process of adding the client to the simulator
IClientAPI client
= AddClient(
uccp.CircuitCode.Code,
uccp.CircuitCode.ID,
uccp.CircuitCode.SessionID,
remoteEndPoint,
sessionInfo);
// Send ack straight away to let the viewer know that the connection is active. // Send ack straight away to let the viewer know that the connection is active.
// The client will be null if it already exists (e.g. if on a region crossing the client sends a use // The client will be null if it already exists (e.g. if on a region crossing the client sends a use
// circuit code to the existing child agent. This is not particularly obvious. // circuit code to the existing child agent. This is not particularly obvious.
SendAckImmediate(remoteEndPoint, packet.Header.Sequence); SendAckImmediate(remoteEndPoint, uccp.Header.Sequence);
// We only want to send initial data to new clients, not ones which are being converted from child to root. // We only want to send initial data to new clients, not ones which are being converted from child to root.
if (client != null) if (client != null)
client.SceneAgent.SendInitialDataToMe(); client.SceneAgent.SendInitialDataToMe();
}
else
{
// Don't create clients for unauthorized requesters.
m_log.WarnFormat(
"[LLUDPSERVER]: Connection request for client {0} connecting with unnotified circuit code {1} from {2}",
uccp.CircuitCode.ID, uccp.CircuitCode.Code, remoteEndPoint);
}
// m_log.DebugFormat( // m_log.DebugFormat(
// "[LLUDPSERVER]: Handling UseCircuitCode request from {0} took {1}ms", // "[LLUDPSERVER]: Handling UseCircuitCode request from {0} took {1}ms",
@ -971,36 +988,6 @@ namespace OpenSim.Region.ClientStack.LindenUDP
return sessionInfo.Authorised; return sessionInfo.Authorised;
} }
/// <summary>
/// Add a new client.
/// </summary>
/// <param name="useCircuitCode"></param>
/// <param name="remoteEndPoint"></param>
/// <returns>
/// The client that was added or null if the client failed authorization or already existed.
/// </returns>
private IClientAPI AddNewClient(UseCircuitCodePacket useCircuitCode, IPEndPoint remoteEndPoint)
{
UUID agentID = useCircuitCode.CircuitCode.ID;
UUID sessionID = useCircuitCode.CircuitCode.SessionID;
uint circuitCode = useCircuitCode.CircuitCode.Code;
AuthenticateResponse sessionInfo;
if (IsClientAuthorized(useCircuitCode, out sessionInfo))
{
return AddClient(circuitCode, agentID, sessionID, remoteEndPoint, sessionInfo);
}
else
{
// Don't create circuits for unauthorized clients
m_log.WarnFormat(
"[LLUDPSERVER]: Connection request for client {0} connecting with unnotified circuit code {1} from {2}",
useCircuitCode.CircuitCode.ID, useCircuitCode.CircuitCode.Code, remoteEndPoint);
return null;
}
}
/// <summary> /// <summary>
/// Add a client. /// Add a client.
/// </summary> /// </summary>

View File

@ -202,10 +202,9 @@ namespace OpenSim.Region.ClientStack.LindenUDP.Tests
ScenePresence sp = scene.GetScenePresence(myAgentUuid); ScenePresence sp = scene.GetScenePresence(myAgentUuid);
Assert.That(sp.UUID, Is.EqualTo(myAgentUuid)); Assert.That(sp.UUID, Is.EqualTo(myAgentUuid));
// FIXME: We're still replying to an ack when the client is not authorized, which is not correct behaviour. Assert.That(llUdpServer.PacketsSent.Count, Is.EqualTo(1));
Assert.That(llUdpServer.PacketsSent.Count, Is.EqualTo(2));
Packet packet = llUdpServer.PacketsSent[1]; Packet packet = llUdpServer.PacketsSent[0];
Assert.That(packet, Is.InstanceOf(typeof(PacketAckPacket))); Assert.That(packet, Is.InstanceOf(typeof(PacketAckPacket)));
PacketAckPacket ackPacket = packet as PacketAckPacket; PacketAckPacket ackPacket = packet as PacketAckPacket;