Mantis Bug Tracker

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0008403opensim[GRID] Grid Servicepublic2018-11-06 03:392018-11-07 08:57
ReporterData Rossini 
Assigned To 
PrioritynormalSeveritymajorReproducibilityalways
StatusnewResolutionopen 
PlatformOSOS Version
Product Version0.9.0.1 
Target VersionFixed in Version 
Summary0008403: Unknown user "GRID SERVICES" was created
DescriptionAfter building of the OpenSim 0.9.0.1 g6b2da57 and start of the grid I found in the database table "UserAccounts" a new user "GRID SERVICES" with UserLevel 240.
However, there is no entry in the "Auth" table for the passwords.
I assume that the user is generated by the OpenSim software on first startup.
To eliminate security concerns, users should be aware that such a user is created and what the purpose of this user is.
Thanks
Additional InformationHave the following link from another opensim user to the topic found:
http://opensimulator.org/pipermail/opensim-users/2017-September/014869.html [^]
TagsNo tags attached.
Git Revision or version number
Run Mode Grid (Multiple Regions per Sim)
Physics EngineBulletSim
EnvironmentMono / Linux64
Mono VersionOther
Viewer
Attached Files

- Relationships

-  Notes
(0033413)
mewtwo0641 (reporter)
2018-11-06 04:56

This is indeed a default account created upon a new database of recent OpenSim versions. I'm not entirely sure what it's for, but if you're worried about the security concerns, set a password on the account via console command.
(0033415)
BillBlight (developer)
2018-11-06 07:20
edited on: 2018-11-06 07:22

Grid services is just that a service account that allows services to talk to each other, much like the service accounts on windows and other platforms.

One cannot login with Grid Services ..

You cannot login to opensimulator with a blank password, by setting a password you are actually potentially allowing someone to login with this account ..

(0033419)
Data Rossini (reporter)
2018-11-06 13:57
edited on: 2018-11-06 13:59

Thank you for the information.
Maybe you can make an entry for the user "GRID SERVICES" in the table "UserAccount" in the fields "Email" or "UserTitle" (varchar (64) to inform OpenSim users. For example "for intercommunication between services created on first startup " or something similar.
Otherwise, the Opensim 0.9.0.1 runs great.
Thank you very much

(0033420)
BillBlight (developer)
2018-11-06 13:59
edited on: 2018-11-06 17:44

No it does not need to be in the UserAccount table because it does not need to actually log in, and you don't want it to, it is only needed for internal service communication. And I'm not sure it is actually fully implemented yet.

This is why it is a bad idea to set a password for it, because THEN it CAN log in.

EDIT: I actually meant the auth table not the user table, my bad .

(0033421)
Data Rossini (reporter)
2018-11-06 14:20

You can not log in with this user with the OpenSim Viewer. Have already tried that. I'm clear so far.
Thank you
(0033422)
Luisillo_Contepomi (reporter)
2018-11-06 14:22
edited on: 2018-11-08 08:43

Ai Austin explain in mail user-list
I asked about this too when it first appeared. @Ubitmarov added this
in 0.9.0 dev master. I will leave it to him to explain what it is
for, and the security issues. It has an entry in the useraccounts
table, but as far as I can see it does not have a password in the
"auth" table or allow access via login or web interfaces such as WiFi.
 
It might be useful if a line was added to the 0.9.0.0 release notes
to explain why this was added and its function, and a note to assure
people it does not allow access.

It does show in Diva's WiFi as a user.. I just tested.. and it says
the password is <on file> and allows the password and other details
to be set by a grid admin. So something is not quite right if its a
technical "user" that should not be other wise available or accessible.

(0033425)
Mandarinka Tasty (reporter)
2018-11-06 17:20

Hello everyone ) That is default system grid god account. It has not been designed to use it as an ordinary account to log in-world.

That is used in following situations ( careful reader of the code should notice that at once):

1. In LoginService: if we do not allow for presences' duplication, then if an user is logged in and there appears trial to login the same account, this system grid god account tries to logoff the first presence of the account, to allow for next successful login.

For example, we have crashed, we have shutdown the viewer and we try to login, but still our previous presence is online, then system grid god account automatically logs off last presence ,to make our next login be successful. My description is precisely seen here:

if(!m_allowDuplicatePresences)
                {
                    if(guinfo != null && guinfo.Online && guinfo.LastRegionID != UUID.Zero)
                    {
                        if(SendAgentGodKillToRegion(scopeID, account.PrincipalID, guinfo))
                        {
                            m_log.InfoFormat(
                                "[LLOGIN SERVICE]: Login failed for {0} {1}, reason: already logged in",
                                firstName, lastName);
                            return LLFailedLoginResponse.AlreadyLoggedInProblem;
                        }
                    }
                }

2. In GatekeeperService: The usage of system grid god account is analogous as it has been described by me above.

Part of the code, you would like to see from didactical point of view:

if(!m_allowDuplicatePresences)
                {
                    if(guinfo != null && guinfo.Online && guinfo.LastRegionID != UUID.Zero)
                    {
                        if(SendAgentGodKillToRegion(UUID.Zero, agentID, guinfo))
                        {
                            if(account != null)
                                m_log.InfoFormat(
                                    "[GATEKEEPER SERVICE]: Login failed for {0} {1}, reason: already logged in",
                                    account.FirstName, account.LastName);
                            reason = "You appear to be already logged in on the destination grid " +
                                    "Please wait a a minute or two and retry. " +
                                    "If this takes longer than a few minutes please contact the grid owner.";
                            return false;
                        }
                    }
                }

It can be also used by an administrator to logoff = kick user using viewer interface, that has not been implemented in this version of master though.

The definion of that system grid account can be easily found in UserAccountService.
(0033426)
mewtwo0641 (reporter)
2018-11-06 17:41

@BillBlight - Ah! I genuinely did not know this about the password system. That is great info to have :)
(0033439)
Data Rossini (reporter)
2018-11-07 08:57

Hello @Everyone,

many thanks for the informations.
I see that the user "GRID SERVICES" is needed in OpenSim.
I'd originally suspected that he was, in my case, somehow generated by "jOpenSim".
And here is the Grid God created in OpenSim 0.9.0.1.

UserAccountService.cs:

...
private static read only UUID UUID_GRID_GOD = new UUID ("6571e388-6218-4574-87db-f9379718315e");
...

                 // create a system grid god account
             UserAccount ggod = GetUserAccount (UUID.Zero, UUID_GRID_GOD);
             if (ggod == null)
             {
                 UserAccountData d = new UserAccountData ();

                 d.FirstName = "GRID";
                 d.LastName = "SERVICES";
                 d.PrincipalID = UUID_GRID_GOD;
                 d.ScopeID = UUID.Zero;
                 d.Data = new Dictionary <string, string> ();
                 d.Data ["Email"] = string.Empty;
                 d.Data ["Created"] = Util.UnixTimeSinceEpoch (). ToString ();
                 d.Data ["UserLevel"] = "240";
                 d.Data ["UserFlags"] = "0";
                 d.Data ["ServiceURLs"] = string.Empty;

                 m_Database.Store (d);
             }

- Issue History
Date Modified Username Field Change
2018-11-06 03:39 Data Rossini New Issue
2018-11-06 04:56 mewtwo0641 Note Added: 0033413
2018-11-06 07:20 BillBlight Note Added: 0033415
2018-11-06 07:22 BillBlight Note Edited: 0033415 View Revisions
2018-11-06 13:57 Data Rossini Note Added: 0033419
2018-11-06 13:59 Data Rossini Note Edited: 0033419 View Revisions
2018-11-06 13:59 BillBlight Note Added: 0033420
2018-11-06 14:00 BillBlight Note Edited: 0033420 View Revisions
2018-11-06 14:20 Data Rossini Note Added: 0033421
2018-11-06 14:22 Luisillo_Contepomi Note Added: 0033422
2018-11-06 17:20 Mandarinka Tasty Note Added: 0033425
2018-11-06 17:41 mewtwo0641 Note Added: 0033426
2018-11-06 17:44 BillBlight Note Edited: 0033420 View Revisions
2018-11-07 08:57 Data Rossini Note Added: 0033439
2018-11-08 08:43 aiaustin Note Edited: 0033422 View Revisions


Copyright © 2000 - 2012 MantisBT Group
Powered by Mantis Bugtracker