One less vulnerability in the HG: detecting foreign users trying to come in with local user IDs. If that happened by accident, too bad, foreign user can't come in with that ID. This test is a consequence of not having truly global names yet.
parent
2a321746fd
commit
e3d4814971
|
@ -745,9 +745,21 @@ namespace OpenSim.Region.Communications.Hypergrid
|
||||||
m_log.Debug("[HGrid]: home_address: " + userData.UserHomeAddress +
|
m_log.Debug("[HGrid]: home_address: " + userData.UserHomeAddress +
|
||||||
"; home_port: " + userData.UserHomePort + "; remoting: " + userData.UserHomeRemotingPort);
|
"; home_port: " + userData.UserHomePort + "; remoting: " + userData.UserHomeRemotingPort);
|
||||||
|
|
||||||
|
|
||||||
XmlRpcResponse resp = new XmlRpcResponse();
|
XmlRpcResponse resp = new XmlRpcResponse();
|
||||||
|
|
||||||
|
// Let's check if someone is trying to get in with a stolen local identity.
|
||||||
|
// The need for this test is a consequence of not having truly global names :-/
|
||||||
|
CachedUserInfo uinfo = m_userProfileCache.GetUserDetails(userData.ID);
|
||||||
|
if ((uinfo != null) && !(uinfo.UserProfile is ForeignUserProfileData))
|
||||||
|
{
|
||||||
|
m_log.WarnFormat("[HGrid]: Foreign user trying to get in with local identity. Access denied.");
|
||||||
|
Hashtable respdata = new Hashtable();
|
||||||
|
respdata["success"] = "FALSE";
|
||||||
|
respdata["reason"] = "Foreign user has the same ID as a local user.";
|
||||||
|
resp.Value = respdata;
|
||||||
|
return resp;
|
||||||
|
}
|
||||||
|
|
||||||
if (!RegionLoginsEnabled)
|
if (!RegionLoginsEnabled)
|
||||||
{
|
{
|
||||||
m_log.InfoFormat(
|
m_log.InfoFormat(
|
||||||
|
|
Loading…
Reference in New Issue