aboutsummaryrefslogtreecommitdiffstatshomepage
diff options
context:
space:
mode:
authorDiva Canto2011-04-27 07:02:37 -0700
committerDiva Canto2011-04-27 07:02:37 -0700
commite0576b56d376d6bc7b9c5c3818acbdbcdb0dc56f (patch)
tree3f9b2bc869684c243ecb66ac99e2ce48098ee708
parentBump minimum required mono to 2.4.3 from 2.4.2. OpenSim fails at runtime bel... (diff)
downloadopensim-SC-e0576b56d376d6bc7b9c5c3818acbdbcdb0dc56f.zip
opensim-SC-e0576b56d376d6bc7b9c5c3818acbdbcdb0dc56f.tar.gz
opensim-SC-e0576b56d376d6bc7b9c5c3818acbdbcdb0dc56f.tar.bz2
opensim-SC-e0576b56d376d6bc7b9c5c3818acbdbcdb0dc56f.tar.xz
Thank you Snoopy for a patch that adds some filtering to client versions allowed at login and HG-login times. NOTE: additional (optional) configuration variables in [LoginService] and [GatekeeperService]. See .examples.
-rw-r--r--OpenSim/Services/HypergridService/GatekeeperService.cs39
-rw-r--r--OpenSim/Services/LLLoginService/LLLoginService.cs40
-rw-r--r--bin/Robust.HG.ini.example33
-rw-r--r--bin/Robust.ini.example17
-rw-r--r--bin/config-include/StandaloneCommon.ini.example34
5 files changed, 158 insertions, 5 deletions
diff --git a/OpenSim/Services/HypergridService/GatekeeperService.cs b/OpenSim/Services/HypergridService/GatekeeperService.cs
index b66bfed..9385b8d 100644
--- a/OpenSim/Services/HypergridService/GatekeeperService.cs
+++ b/OpenSim/Services/HypergridService/GatekeeperService.cs
@@ -29,6 +29,7 @@ using System;
29using System.Collections.Generic; 29using System.Collections.Generic;
30using System.Net; 30using System.Net;
31using System.Reflection; 31using System.Reflection;
32using System.Text.RegularExpressions;
32 33
33using OpenSim.Framework; 34using OpenSim.Framework;
34using OpenSim.Services.Interfaces; 35using OpenSim.Services.Interfaces;
@@ -57,6 +58,9 @@ namespace OpenSim.Services.HypergridService
57 private static IUserAgentService m_UserAgentService; 58 private static IUserAgentService m_UserAgentService;
58 private static ISimulationService m_SimulationService; 59 private static ISimulationService m_SimulationService;
59 60
61 protected string m_AllowedClients = string.Empty;
62 protected string m_DeniedClients = string.Empty;
63
60 private static UUID m_ScopeID; 64 private static UUID m_ScopeID;
61 private static bool m_AllowTeleportsToAnyRegion; 65 private static bool m_AllowTeleportsToAnyRegion;
62 private static string m_ExternalName; 66 private static string m_ExternalName;
@@ -104,6 +108,9 @@ namespace OpenSim.Services.HypergridService
104 else if (simulationService != string.Empty) 108 else if (simulationService != string.Empty)
105 m_SimulationService = ServerUtils.LoadPlugin<ISimulationService>(simulationService, args); 109 m_SimulationService = ServerUtils.LoadPlugin<ISimulationService>(simulationService, args);
106 110
111 m_AllowedClients = serverConfig.GetString("AllowedClients", string.Empty);
112 m_DeniedClients = serverConfig.GetString("DeniedClients", string.Empty);
113
107 if (m_GridService == null || m_PresenceService == null || m_SimulationService == null) 114 if (m_GridService == null || m_PresenceService == null || m_SimulationService == null)
108 throw new Exception("Unable to load a required plugin, Gatekeeper Service cannot function."); 115 throw new Exception("Unable to load a required plugin, Gatekeeper Service cannot function.");
109 116
@@ -181,8 +188,36 @@ namespace OpenSim.Services.HypergridService
181 string authURL = string.Empty; 188 string authURL = string.Empty;
182 if (aCircuit.ServiceURLs.ContainsKey("HomeURI")) 189 if (aCircuit.ServiceURLs.ContainsKey("HomeURI"))
183 authURL = aCircuit.ServiceURLs["HomeURI"].ToString(); 190 authURL = aCircuit.ServiceURLs["HomeURI"].ToString();
184 m_log.DebugFormat("[GATEKEEPER SERVICE]: Request to login foreign agent {0} {1} @ {2} ({3}) at destination {4}", 191 m_log.InfoFormat("[GATEKEEPER SERVICE]: Login request for {0} {1} @ {2} ({3}) at {4} using viewer {5}, channel {6}, IP {7}, Mac {8}, Id0 {9}",
185 aCircuit.firstname, aCircuit.lastname, authURL, aCircuit.AgentID, destination.RegionName); 192 aCircuit.firstname, aCircuit.lastname, authURL, aCircuit.AgentID, destination.RegionName,
193 aCircuit.Viewer, aCircuit.Channel, aCircuit.IPAddress, aCircuit.Mac, aCircuit.Id0);
194
195 //
196 // Check client
197 //
198 if (m_AllowedClients != string.Empty)
199 {
200 Regex arx = new Regex(m_AllowedClients);
201 Match am = arx.Match(aCircuit.Viewer);
202
203 if (!am.Success)
204 {
205 m_log.InfoFormat("[GATEKEEPER SERVICE]: Login failed, reason: client {0} is not allowed", aCircuit.Viewer);
206 return false;
207 }
208 }
209
210 if (m_DeniedClients != string.Empty)
211 {
212 Regex drx = new Regex(m_DeniedClients);
213 Match dm = drx.Match(aCircuit.Viewer);
214
215 if (dm.Success)
216 {
217 m_log.InfoFormat("[GATEKEEPER SERVICE]: Login failed, reason: client {0} is denied", aCircuit.Viewer);
218 return false;
219 }
220 }
186 221
187 // 222 //
188 // Authenticate the user 223 // Authenticate the user
diff --git a/OpenSim/Services/LLLoginService/LLLoginService.cs b/OpenSim/Services/LLLoginService/LLLoginService.cs
index d364aa4..9bcc3dd 100644
--- a/OpenSim/Services/LLLoginService/LLLoginService.cs
+++ b/OpenSim/Services/LLLoginService/LLLoginService.cs
@@ -77,7 +77,11 @@ namespace OpenSim.Services.LLLoginService
77 protected string m_MapTileURL; 77 protected string m_MapTileURL;
78 protected string m_SearchURL; 78 protected string m_SearchURL;
79 79
80 protected string m_AllowedClients;
81 protected string m_DeniedClients;
82
80 IConfig m_LoginServerConfig; 83 IConfig m_LoginServerConfig;
84 IConfig m_ClientsConfig;
81 85
82 public LLLoginService(IConfigSource config, ISimulationService simService, ILibraryService libraryService) 86 public LLLoginService(IConfigSource config, ISimulationService simService, ILibraryService libraryService)
83 { 87 {
@@ -105,7 +109,10 @@ namespace OpenSim.Services.LLLoginService
105 m_GatekeeperURL = m_LoginServerConfig.GetString("GatekeeperURI", string.Empty); 109 m_GatekeeperURL = m_LoginServerConfig.GetString("GatekeeperURI", string.Empty);
106 m_MapTileURL = m_LoginServerConfig.GetString("MapTileURL", string.Empty); 110 m_MapTileURL = m_LoginServerConfig.GetString("MapTileURL", string.Empty);
107 m_SearchURL = m_LoginServerConfig.GetString("SearchURL", string.Empty); 111 m_SearchURL = m_LoginServerConfig.GetString("SearchURL", string.Empty);
108 112
113 m_AllowedClients = m_LoginServerConfig.GetString("AllowedClients", string.Empty);
114 m_DeniedClients = m_LoginServerConfig.GetString("DeniedClients", string.Empty);
115
109 // These are required; the others aren't 116 // These are required; the others aren't
110 if (accountService == string.Empty || authService == string.Empty) 117 if (accountService == string.Empty || authService == string.Empty)
111 throw new Exception("LoginService is missing service specifications"); 118 throw new Exception("LoginService is missing service specifications");
@@ -215,11 +222,38 @@ namespace OpenSim.Services.LLLoginService
215 bool success = false; 222 bool success = false;
216 UUID session = UUID.Random(); 223 UUID session = UUID.Random();
217 224
218 m_log.InfoFormat("[LLOGIN SERVICE]: Login request for {0} {1} from {2} with user agent {3} starting in {4}", 225 m_log.InfoFormat("[LLOGIN SERVICE]: Login request for {0} {1} at {2} using viewer {3}, channel {4}, IP {5}, Mac {6}, Id0 {7}",
219 firstName, lastName, clientIP.Address.ToString(), clientVersion, startLocation); 226 firstName, lastName, startLocation, clientVersion, channel, clientIP.Address.ToString(), mac, id0);
220 try 227 try
221 { 228 {
222 // 229 //
230 // Check client
231 //
232 if (m_AllowedClients != string.Empty)
233 {
234 Regex arx = new Regex(m_AllowedClients);
235 Match am = arx.Match(clientVersion);
236
237 if (!am.Success)
238 {
239 m_log.InfoFormat("[LLOGIN SERVICE]: Login failed, reason: client {0} is not allowed", clientVersion);
240 return LLFailedLoginResponse.LoginBlockedProblem;
241 }
242 }
243
244 if (m_DeniedClients != string.Empty)
245 {
246 Regex drx = new Regex(m_DeniedClients);
247 Match dm = drx.Match(clientVersion);
248
249 if (dm.Success)
250 {
251 m_log.InfoFormat("[LLOGIN SERVICE]: Login failed, reason: client {0} is denied", clientVersion);
252 return LLFailedLoginResponse.LoginBlockedProblem;
253 }
254 }
255
256 //
223 // Get the account and check that it exists 257 // Get the account and check that it exists
224 // 258 //
225 UserAccount account = m_UserAccountService.GetUserAccount(scopeID, firstName, lastName); 259 UserAccount account = m_UserAccountService.GetUserAccount(scopeID, firstName, lastName);
diff --git a/bin/Robust.HG.ini.example b/bin/Robust.HG.ini.example
index f2f2a66..572497c 100644
--- a/bin/Robust.HG.ini.example
+++ b/bin/Robust.HG.ini.example
@@ -197,6 +197,23 @@ ServiceConnectors = "8003/OpenSim.Server.Handlers.dll:AssetServiceConnector,8003
197 SRV_AssetServerURI = "http://127.0.0.1:8002" 197 SRV_AssetServerURI = "http://127.0.0.1:8002"
198 SRV_ProfileServerURI = "http://127.0.0.1:8002/user" 198 SRV_ProfileServerURI = "http://127.0.0.1:8002/user"
199 199
200 ;; Regular expressions for controlling which client versions are accepted/denied.
201 ;; An empty string means nothing is checked.
202 ;;
203 ;; Example 1: allow only these 3 types of clients (any version of them)
204 ;; AllowedClients = "Imprudence|Hippo|Second Life"
205 ;;
206 ;; Example 2: allow all clients except these
207 ;; DeniedClients = "Twisted|Crawler|Cryolife|FuckLife|StreetLife|GreenLife|AntiLife|KORE-Phaze|Synlyfe|Purple Second Life|SecondLi |Emerald"
208 ;;
209 ;; Note that these are regular expressions, so every character counts.
210 ;; Also note that this is very weak security and should not be trusted as a reliable means
211 ;; for keeping bad clients out; modified clients can fake their identifiers.
212 ;;
213 ;;
214 ;AllowedClients = ""
215 ;DeniedClients = ""
216
200[GridInfoService] 217[GridInfoService]
201 ; These settings are used to return information on a get_grid_info call. 218 ; These settings are used to return information on a get_grid_info call.
202 ; Client launcher scripts and third-party clients make use of this to 219 ; Client launcher scripts and third-party clients make use of this to
@@ -256,6 +273,22 @@ ServiceConnectors = "8003/OpenSim.Server.Handlers.dll:AssetServiceConnector,8003
256 ; If you run this gatekeeper server behind a proxy, set this to true 273 ; If you run this gatekeeper server behind a proxy, set this to true
257 ; HasProxy = false 274 ; HasProxy = false
258 275
276 ;; Regular expressions for controlling which client versions are accepted/denied.
277 ;; An empty string means nothing is checked.
278 ;;
279 ;; Example 1: allow only these 3 types of clients (any version of them)
280 ;; AllowedClients = "Imprudence|Hippo|Second Life"
281 ;;
282 ;; Example 2: allow all clients except these
283 ;; DeniedClients = "Twisted|Crawler|Cryolife|FuckLife|StreetLife|GreenLife|AntiLife|KORE-Phaze|Synlyfe|Purple Second Life|SecondLi |Emerald"
284 ;;
285 ;; Note that these are regular expressions, so every character counts.
286 ;; Also note that this is very weak security and should not be trusted as a reliable means
287 ;; for keeping bad clients out; modified clients can fake their identifiers.
288 ;;
289 ;;
290 ;AllowedClients = ""
291 ;DeniedClients = ""
259 292
260[UserAgentService] 293[UserAgentService]
261 LocalServiceModule = "OpenSim.Services.HypergridService.dll:UserAgentService" 294 LocalServiceModule = "OpenSim.Services.HypergridService.dll:UserAgentService"
diff --git a/bin/Robust.ini.example b/bin/Robust.ini.example
index aef0596..047e9ee 100644
--- a/bin/Robust.ini.example
+++ b/bin/Robust.ini.example
@@ -176,6 +176,23 @@ ServiceConnectors = "8003/OpenSim.Server.Handlers.dll:AssetServiceConnector,8003
176 ; If you run this login server behind a proxy, set this to true 176 ; If you run this login server behind a proxy, set this to true
177 ; HasProxy = false 177 ; HasProxy = false
178 178
179 ;; Regular expressions for controlling which client versions are accepted/denied.
180 ;; An empty string means nothing is checked.
181 ;;
182 ;; Example 1: allow only these 3 types of clients (any version of them)
183 ;; AllowedClients = "Imprudence|Hippo|Second Life"
184 ;;
185 ;; Example 2: allow all clients except these
186 ;; DeniedClients = "Twisted|Crawler|Cryolife|FuckLife|StreetLife|GreenLife|AntiLife|KORE-Phaze|Synlyfe|Purple Second Life|SecondLi |Emerald"
187 ;;
188 ;; Note that these are regular expressions, so every character counts.
189 ;; Also note that this is very weak security and should not be trusted as a reliable means
190 ;; for keeping bad clients out; modified clients can fake their identifiers.
191 ;;
192 ;;
193 ;AllowedClients = ""
194 ;DeniedClients = ""
195
179[GridInfoService] 196[GridInfoService]
180 ; These settings are used to return information on a get_grid_info call. 197 ; These settings are used to return information on a get_grid_info call.
181 ; Client launcher scripts and third-party clients make use of this to 198 ; Client launcher scripts and third-party clients make use of this to
diff --git a/bin/config-include/StandaloneCommon.ini.example b/bin/config-include/StandaloneCommon.ini.example
index dcebd63..67efa11 100644
--- a/bin/config-include/StandaloneCommon.ini.example
+++ b/bin/config-include/StandaloneCommon.ini.example
@@ -83,6 +83,23 @@
83 SRV_AssetServerURI = "http://127.0.0.1:9000" 83 SRV_AssetServerURI = "http://127.0.0.1:9000"
84 SRV_ProfileServerURI = "http://127.0.0.1:9000" 84 SRV_ProfileServerURI = "http://127.0.0.1:9000"
85 85
86 ;; Regular expressions for controlling which client versions are accepted/denied.
87 ;; An empty string means nothing is checked.
88 ;;
89 ;; Example 1: allow only these 3 types of clients (any version of them)
90 ;; AllowedClients = "Imprudence|Hippo|Second Life"
91 ;;
92 ;; Example 2: allow all clients except these
93 ;; DeniedClients = "Twisted|Crawler|Cryolife|FuckLife|StreetLife|GreenLife|AntiLife|KORE-Phaze|Synlyfe|Purple Second Life|SecondLi |Emerald"
94 ;;
95 ;; Note that these are regular expressions, so every character counts.
96 ;; Also note that this is very weak security and should not be trusted as a reliable means
97 ;; for keeping bad clients out; modified clients can fake their identifiers.
98 ;;
99 ;;
100 ;AllowedClients = ""
101 ;DeniedClients = ""
102
86[GatekeeperService] 103[GatekeeperService]
87 ExternalName = "http://127.0.0.1:9000" 104 ExternalName = "http://127.0.0.1:9000"
88 105
@@ -90,6 +107,23 @@
90 ; If false, HG TPs happen only to the Default regions specified in [GridService] section 107 ; If false, HG TPs happen only to the Default regions specified in [GridService] section
91 AllowTeleportsToAnyRegion = true 108 AllowTeleportsToAnyRegion = true
92 109
110 ;; Regular expressions for controlling which client versions are accepted/denied.
111 ;; An empty string means nothing is checked.
112 ;;
113 ;; Example 1: allow only these 3 types of clients (any version of them)
114 ;; AllowedClients = "Imprudence|Hippo|Second Life"
115 ;;
116 ;; Example 2: allow all clients except these
117 ;; DeniedClients = "Twisted|Crawler|Cryolife|FuckLife|StreetLife|GreenLife|AntiLife|KORE-Phaze|Synlyfe|Purple Second Life|SecondLi |Emerald"
118 ;;
119 ;; Note that these are regular expressions, so every character counts.
120 ;; Also note that this is very weak security and should not be trusted as a reliable means
121 ;; for keeping bad clients out; modified clients can fake their identifiers.
122 ;;
123 ;;
124 ;AllowedClients = ""
125 ;DeniedClients = ""
126
93[GridInfoService] 127[GridInfoService]
94 ; These settings are used to return information on a get_grid_info call. 128 ; These settings are used to return information on a get_grid_info call.
95 ; Client launcher scripts and third-party clients make use of this to 129 ; Client launcher scripts and third-party clients make use of this to