One less vulnerability in the HG: detecting foreign users trying to come in with local user IDs. If that happened by accident, too bad, foreign user can't come in with that ID. This test is a consequence of not having truly global names yet.

2009-04-14 22:24:26 +00:00 · 2009-04-14 22:24:26 +00:00 · e3d4814971
parent 2a321746fd
commit e3d4814971
1 changed files with 13 additions and 1 deletions
--- a/OpenSim/Region/Communications/Hypergrid/HGGridServices.cs
+++ b/OpenSim/Region/Communications/Hypergrid/HGGridServices.cs
@ -745,9 +745,21 @@ namespace OpenSim.Region.Communications.Hypergrid
            m_log.Debug("[HGrid]: home_address: " + userData.UserHomeAddress +
                       "; home_port: " + userData.UserHomePort + "; remoting: " + userData.UserHomeRemotingPort);

-
            XmlRpcResponse resp = new XmlRpcResponse();

+            // Let's check if someone is trying to get in with a stolen local identity.
+            // The need for this test is a consequence of not having truly global names :-/
+            CachedUserInfo uinfo = m_userProfileCache.GetUserDetails(userData.ID);
+            if ((uinfo != null) && !(uinfo.UserProfile is ForeignUserProfileData))
+            {
+                m_log.WarnFormat("[HGrid]: Foreign user trying to get in with local identity. Access denied.");
+                Hashtable respdata = new Hashtable();
+                respdata["success"] = "FALSE";
+                respdata["reason"] = "Foreign user has the same ID as a local user.";
+                resp.Value = respdata;
+                return resp;
+            }
+
            if (!RegionLoginsEnabled)
            {
                m_log.InfoFormat(