diff options
author | Diva Canto | 2011-04-27 07:02:37 -0700 |
---|---|---|
committer | Diva Canto | 2011-04-27 07:02:37 -0700 |
commit | e0576b56d376d6bc7b9c5c3818acbdbcdb0dc56f (patch) | |
tree | 3f9b2bc869684c243ecb66ac99e2ce48098ee708 | |
parent | Bump minimum required mono to 2.4.3 from 2.4.2. OpenSim fails at runtime bel... (diff) | |
download | opensim-SC-e0576b56d376d6bc7b9c5c3818acbdbcdb0dc56f.zip opensim-SC-e0576b56d376d6bc7b9c5c3818acbdbcdb0dc56f.tar.gz opensim-SC-e0576b56d376d6bc7b9c5c3818acbdbcdb0dc56f.tar.bz2 opensim-SC-e0576b56d376d6bc7b9c5c3818acbdbcdb0dc56f.tar.xz |
Thank you Snoopy for a patch that adds some filtering to client versions allowed at login and HG-login times. NOTE: additional (optional) configuration variables in [LoginService] and [GatekeeperService]. See .examples.
-rw-r--r-- | OpenSim/Services/HypergridService/GatekeeperService.cs | 39 | ||||
-rw-r--r-- | OpenSim/Services/LLLoginService/LLLoginService.cs | 40 | ||||
-rw-r--r-- | bin/Robust.HG.ini.example | 33 | ||||
-rw-r--r-- | bin/Robust.ini.example | 17 | ||||
-rw-r--r-- | bin/config-include/StandaloneCommon.ini.example | 34 |
5 files changed, 158 insertions, 5 deletions
diff --git a/OpenSim/Services/HypergridService/GatekeeperService.cs b/OpenSim/Services/HypergridService/GatekeeperService.cs index b66bfed..9385b8d 100644 --- a/OpenSim/Services/HypergridService/GatekeeperService.cs +++ b/OpenSim/Services/HypergridService/GatekeeperService.cs | |||
@@ -29,6 +29,7 @@ using System; | |||
29 | using System.Collections.Generic; | 29 | using System.Collections.Generic; |
30 | using System.Net; | 30 | using System.Net; |
31 | using System.Reflection; | 31 | using System.Reflection; |
32 | using System.Text.RegularExpressions; | ||
32 | 33 | ||
33 | using OpenSim.Framework; | 34 | using OpenSim.Framework; |
34 | using OpenSim.Services.Interfaces; | 35 | using OpenSim.Services.Interfaces; |
@@ -57,6 +58,9 @@ namespace OpenSim.Services.HypergridService | |||
57 | private static IUserAgentService m_UserAgentService; | 58 | private static IUserAgentService m_UserAgentService; |
58 | private static ISimulationService m_SimulationService; | 59 | private static ISimulationService m_SimulationService; |
59 | 60 | ||
61 | protected string m_AllowedClients = string.Empty; | ||
62 | protected string m_DeniedClients = string.Empty; | ||
63 | |||
60 | private static UUID m_ScopeID; | 64 | private static UUID m_ScopeID; |
61 | private static bool m_AllowTeleportsToAnyRegion; | 65 | private static bool m_AllowTeleportsToAnyRegion; |
62 | private static string m_ExternalName; | 66 | private static string m_ExternalName; |
@@ -104,6 +108,9 @@ namespace OpenSim.Services.HypergridService | |||
104 | else if (simulationService != string.Empty) | 108 | else if (simulationService != string.Empty) |
105 | m_SimulationService = ServerUtils.LoadPlugin<ISimulationService>(simulationService, args); | 109 | m_SimulationService = ServerUtils.LoadPlugin<ISimulationService>(simulationService, args); |
106 | 110 | ||
111 | m_AllowedClients = serverConfig.GetString("AllowedClients", string.Empty); | ||
112 | m_DeniedClients = serverConfig.GetString("DeniedClients", string.Empty); | ||
113 | |||
107 | if (m_GridService == null || m_PresenceService == null || m_SimulationService == null) | 114 | if (m_GridService == null || m_PresenceService == null || m_SimulationService == null) |
108 | throw new Exception("Unable to load a required plugin, Gatekeeper Service cannot function."); | 115 | throw new Exception("Unable to load a required plugin, Gatekeeper Service cannot function."); |
109 | 116 | ||
@@ -181,8 +188,36 @@ namespace OpenSim.Services.HypergridService | |||
181 | string authURL = string.Empty; | 188 | string authURL = string.Empty; |
182 | if (aCircuit.ServiceURLs.ContainsKey("HomeURI")) | 189 | if (aCircuit.ServiceURLs.ContainsKey("HomeURI")) |
183 | authURL = aCircuit.ServiceURLs["HomeURI"].ToString(); | 190 | authURL = aCircuit.ServiceURLs["HomeURI"].ToString(); |
184 | m_log.DebugFormat("[GATEKEEPER SERVICE]: Request to login foreign agent {0} {1} @ {2} ({3}) at destination {4}", | 191 | m_log.InfoFormat("[GATEKEEPER SERVICE]: Login request for {0} {1} @ {2} ({3}) at {4} using viewer {5}, channel {6}, IP {7}, Mac {8}, Id0 {9}", |
185 | aCircuit.firstname, aCircuit.lastname, authURL, aCircuit.AgentID, destination.RegionName); | 192 | aCircuit.firstname, aCircuit.lastname, authURL, aCircuit.AgentID, destination.RegionName, |
193 | aCircuit.Viewer, aCircuit.Channel, aCircuit.IPAddress, aCircuit.Mac, aCircuit.Id0); | ||
194 | |||
195 | // | ||
196 | // Check client | ||
197 | // | ||
198 | if (m_AllowedClients != string.Empty) | ||
199 | { | ||
200 | Regex arx = new Regex(m_AllowedClients); | ||
201 | Match am = arx.Match(aCircuit.Viewer); | ||
202 | |||
203 | if (!am.Success) | ||
204 | { | ||
205 | m_log.InfoFormat("[GATEKEEPER SERVICE]: Login failed, reason: client {0} is not allowed", aCircuit.Viewer); | ||
206 | return false; | ||
207 | } | ||
208 | } | ||
209 | |||
210 | if (m_DeniedClients != string.Empty) | ||
211 | { | ||
212 | Regex drx = new Regex(m_DeniedClients); | ||
213 | Match dm = drx.Match(aCircuit.Viewer); | ||
214 | |||
215 | if (dm.Success) | ||
216 | { | ||
217 | m_log.InfoFormat("[GATEKEEPER SERVICE]: Login failed, reason: client {0} is denied", aCircuit.Viewer); | ||
218 | return false; | ||
219 | } | ||
220 | } | ||
186 | 221 | ||
187 | // | 222 | // |
188 | // Authenticate the user | 223 | // Authenticate the user |
diff --git a/OpenSim/Services/LLLoginService/LLLoginService.cs b/OpenSim/Services/LLLoginService/LLLoginService.cs index d364aa4..9bcc3dd 100644 --- a/OpenSim/Services/LLLoginService/LLLoginService.cs +++ b/OpenSim/Services/LLLoginService/LLLoginService.cs | |||
@@ -77,7 +77,11 @@ namespace OpenSim.Services.LLLoginService | |||
77 | protected string m_MapTileURL; | 77 | protected string m_MapTileURL; |
78 | protected string m_SearchURL; | 78 | protected string m_SearchURL; |
79 | 79 | ||
80 | protected string m_AllowedClients; | ||
81 | protected string m_DeniedClients; | ||
82 | |||
80 | IConfig m_LoginServerConfig; | 83 | IConfig m_LoginServerConfig; |
84 | IConfig m_ClientsConfig; | ||
81 | 85 | ||
82 | public LLLoginService(IConfigSource config, ISimulationService simService, ILibraryService libraryService) | 86 | public LLLoginService(IConfigSource config, ISimulationService simService, ILibraryService libraryService) |
83 | { | 87 | { |
@@ -105,7 +109,10 @@ namespace OpenSim.Services.LLLoginService | |||
105 | m_GatekeeperURL = m_LoginServerConfig.GetString("GatekeeperURI", string.Empty); | 109 | m_GatekeeperURL = m_LoginServerConfig.GetString("GatekeeperURI", string.Empty); |
106 | m_MapTileURL = m_LoginServerConfig.GetString("MapTileURL", string.Empty); | 110 | m_MapTileURL = m_LoginServerConfig.GetString("MapTileURL", string.Empty); |
107 | m_SearchURL = m_LoginServerConfig.GetString("SearchURL", string.Empty); | 111 | m_SearchURL = m_LoginServerConfig.GetString("SearchURL", string.Empty); |
108 | 112 | ||
113 | m_AllowedClients = m_LoginServerConfig.GetString("AllowedClients", string.Empty); | ||
114 | m_DeniedClients = m_LoginServerConfig.GetString("DeniedClients", string.Empty); | ||
115 | |||
109 | // These are required; the others aren't | 116 | // These are required; the others aren't |
110 | if (accountService == string.Empty || authService == string.Empty) | 117 | if (accountService == string.Empty || authService == string.Empty) |
111 | throw new Exception("LoginService is missing service specifications"); | 118 | throw new Exception("LoginService is missing service specifications"); |
@@ -215,11 +222,38 @@ namespace OpenSim.Services.LLLoginService | |||
215 | bool success = false; | 222 | bool success = false; |
216 | UUID session = UUID.Random(); | 223 | UUID session = UUID.Random(); |
217 | 224 | ||
218 | m_log.InfoFormat("[LLOGIN SERVICE]: Login request for {0} {1} from {2} with user agent {3} starting in {4}", | 225 | m_log.InfoFormat("[LLOGIN SERVICE]: Login request for {0} {1} at {2} using viewer {3}, channel {4}, IP {5}, Mac {6}, Id0 {7}", |
219 | firstName, lastName, clientIP.Address.ToString(), clientVersion, startLocation); | 226 | firstName, lastName, startLocation, clientVersion, channel, clientIP.Address.ToString(), mac, id0); |
220 | try | 227 | try |
221 | { | 228 | { |
222 | // | 229 | // |
230 | // Check client | ||
231 | // | ||
232 | if (m_AllowedClients != string.Empty) | ||
233 | { | ||
234 | Regex arx = new Regex(m_AllowedClients); | ||
235 | Match am = arx.Match(clientVersion); | ||
236 | |||
237 | if (!am.Success) | ||
238 | { | ||
239 | m_log.InfoFormat("[LLOGIN SERVICE]: Login failed, reason: client {0} is not allowed", clientVersion); | ||
240 | return LLFailedLoginResponse.LoginBlockedProblem; | ||
241 | } | ||
242 | } | ||
243 | |||
244 | if (m_DeniedClients != string.Empty) | ||
245 | { | ||
246 | Regex drx = new Regex(m_DeniedClients); | ||
247 | Match dm = drx.Match(clientVersion); | ||
248 | |||
249 | if (dm.Success) | ||
250 | { | ||
251 | m_log.InfoFormat("[LLOGIN SERVICE]: Login failed, reason: client {0} is denied", clientVersion); | ||
252 | return LLFailedLoginResponse.LoginBlockedProblem; | ||
253 | } | ||
254 | } | ||
255 | |||
256 | // | ||
223 | // Get the account and check that it exists | 257 | // Get the account and check that it exists |
224 | // | 258 | // |
225 | UserAccount account = m_UserAccountService.GetUserAccount(scopeID, firstName, lastName); | 259 | UserAccount account = m_UserAccountService.GetUserAccount(scopeID, firstName, lastName); |
diff --git a/bin/Robust.HG.ini.example b/bin/Robust.HG.ini.example index f2f2a66..572497c 100644 --- a/bin/Robust.HG.ini.example +++ b/bin/Robust.HG.ini.example | |||
@@ -197,6 +197,23 @@ ServiceConnectors = "8003/OpenSim.Server.Handlers.dll:AssetServiceConnector,8003 | |||
197 | SRV_AssetServerURI = "http://127.0.0.1:8002" | 197 | SRV_AssetServerURI = "http://127.0.0.1:8002" |
198 | SRV_ProfileServerURI = "http://127.0.0.1:8002/user" | 198 | SRV_ProfileServerURI = "http://127.0.0.1:8002/user" |
199 | 199 | ||
200 | ;; Regular expressions for controlling which client versions are accepted/denied. | ||
201 | ;; An empty string means nothing is checked. | ||
202 | ;; | ||
203 | ;; Example 1: allow only these 3 types of clients (any version of them) | ||
204 | ;; AllowedClients = "Imprudence|Hippo|Second Life" | ||
205 | ;; | ||
206 | ;; Example 2: allow all clients except these | ||
207 | ;; DeniedClients = "Twisted|Crawler|Cryolife|FuckLife|StreetLife|GreenLife|AntiLife|KORE-Phaze|Synlyfe|Purple Second Life|SecondLi |Emerald" | ||
208 | ;; | ||
209 | ;; Note that these are regular expressions, so every character counts. | ||
210 | ;; Also note that this is very weak security and should not be trusted as a reliable means | ||
211 | ;; for keeping bad clients out; modified clients can fake their identifiers. | ||
212 | ;; | ||
213 | ;; | ||
214 | ;AllowedClients = "" | ||
215 | ;DeniedClients = "" | ||
216 | |||
200 | [GridInfoService] | 217 | [GridInfoService] |
201 | ; These settings are used to return information on a get_grid_info call. | 218 | ; These settings are used to return information on a get_grid_info call. |
202 | ; Client launcher scripts and third-party clients make use of this to | 219 | ; Client launcher scripts and third-party clients make use of this to |
@@ -256,6 +273,22 @@ ServiceConnectors = "8003/OpenSim.Server.Handlers.dll:AssetServiceConnector,8003 | |||
256 | ; If you run this gatekeeper server behind a proxy, set this to true | 273 | ; If you run this gatekeeper server behind a proxy, set this to true |
257 | ; HasProxy = false | 274 | ; HasProxy = false |
258 | 275 | ||
276 | ;; Regular expressions for controlling which client versions are accepted/denied. | ||
277 | ;; An empty string means nothing is checked. | ||
278 | ;; | ||
279 | ;; Example 1: allow only these 3 types of clients (any version of them) | ||
280 | ;; AllowedClients = "Imprudence|Hippo|Second Life" | ||
281 | ;; | ||
282 | ;; Example 2: allow all clients except these | ||
283 | ;; DeniedClients = "Twisted|Crawler|Cryolife|FuckLife|StreetLife|GreenLife|AntiLife|KORE-Phaze|Synlyfe|Purple Second Life|SecondLi |Emerald" | ||
284 | ;; | ||
285 | ;; Note that these are regular expressions, so every character counts. | ||
286 | ;; Also note that this is very weak security and should not be trusted as a reliable means | ||
287 | ;; for keeping bad clients out; modified clients can fake their identifiers. | ||
288 | ;; | ||
289 | ;; | ||
290 | ;AllowedClients = "" | ||
291 | ;DeniedClients = "" | ||
259 | 292 | ||
260 | [UserAgentService] | 293 | [UserAgentService] |
261 | LocalServiceModule = "OpenSim.Services.HypergridService.dll:UserAgentService" | 294 | LocalServiceModule = "OpenSim.Services.HypergridService.dll:UserAgentService" |
diff --git a/bin/Robust.ini.example b/bin/Robust.ini.example index aef0596..047e9ee 100644 --- a/bin/Robust.ini.example +++ b/bin/Robust.ini.example | |||
@@ -176,6 +176,23 @@ ServiceConnectors = "8003/OpenSim.Server.Handlers.dll:AssetServiceConnector,8003 | |||
176 | ; If you run this login server behind a proxy, set this to true | 176 | ; If you run this login server behind a proxy, set this to true |
177 | ; HasProxy = false | 177 | ; HasProxy = false |
178 | 178 | ||
179 | ;; Regular expressions for controlling which client versions are accepted/denied. | ||
180 | ;; An empty string means nothing is checked. | ||
181 | ;; | ||
182 | ;; Example 1: allow only these 3 types of clients (any version of them) | ||
183 | ;; AllowedClients = "Imprudence|Hippo|Second Life" | ||
184 | ;; | ||
185 | ;; Example 2: allow all clients except these | ||
186 | ;; DeniedClients = "Twisted|Crawler|Cryolife|FuckLife|StreetLife|GreenLife|AntiLife|KORE-Phaze|Synlyfe|Purple Second Life|SecondLi |Emerald" | ||
187 | ;; | ||
188 | ;; Note that these are regular expressions, so every character counts. | ||
189 | ;; Also note that this is very weak security and should not be trusted as a reliable means | ||
190 | ;; for keeping bad clients out; modified clients can fake their identifiers. | ||
191 | ;; | ||
192 | ;; | ||
193 | ;AllowedClients = "" | ||
194 | ;DeniedClients = "" | ||
195 | |||
179 | [GridInfoService] | 196 | [GridInfoService] |
180 | ; These settings are used to return information on a get_grid_info call. | 197 | ; These settings are used to return information on a get_grid_info call. |
181 | ; Client launcher scripts and third-party clients make use of this to | 198 | ; Client launcher scripts and third-party clients make use of this to |
diff --git a/bin/config-include/StandaloneCommon.ini.example b/bin/config-include/StandaloneCommon.ini.example index dcebd63..67efa11 100644 --- a/bin/config-include/StandaloneCommon.ini.example +++ b/bin/config-include/StandaloneCommon.ini.example | |||
@@ -83,6 +83,23 @@ | |||
83 | SRV_AssetServerURI = "http://127.0.0.1:9000" | 83 | SRV_AssetServerURI = "http://127.0.0.1:9000" |
84 | SRV_ProfileServerURI = "http://127.0.0.1:9000" | 84 | SRV_ProfileServerURI = "http://127.0.0.1:9000" |
85 | 85 | ||
86 | ;; Regular expressions for controlling which client versions are accepted/denied. | ||
87 | ;; An empty string means nothing is checked. | ||
88 | ;; | ||
89 | ;; Example 1: allow only these 3 types of clients (any version of them) | ||
90 | ;; AllowedClients = "Imprudence|Hippo|Second Life" | ||
91 | ;; | ||
92 | ;; Example 2: allow all clients except these | ||
93 | ;; DeniedClients = "Twisted|Crawler|Cryolife|FuckLife|StreetLife|GreenLife|AntiLife|KORE-Phaze|Synlyfe|Purple Second Life|SecondLi |Emerald" | ||
94 | ;; | ||
95 | ;; Note that these are regular expressions, so every character counts. | ||
96 | ;; Also note that this is very weak security and should not be trusted as a reliable means | ||
97 | ;; for keeping bad clients out; modified clients can fake their identifiers. | ||
98 | ;; | ||
99 | ;; | ||
100 | ;AllowedClients = "" | ||
101 | ;DeniedClients = "" | ||
102 | |||
86 | [GatekeeperService] | 103 | [GatekeeperService] |
87 | ExternalName = "http://127.0.0.1:9000" | 104 | ExternalName = "http://127.0.0.1:9000" |
88 | 105 | ||
@@ -90,6 +107,23 @@ | |||
90 | ; If false, HG TPs happen only to the Default regions specified in [GridService] section | 107 | ; If false, HG TPs happen only to the Default regions specified in [GridService] section |
91 | AllowTeleportsToAnyRegion = true | 108 | AllowTeleportsToAnyRegion = true |
92 | 109 | ||
110 | ;; Regular expressions for controlling which client versions are accepted/denied. | ||
111 | ;; An empty string means nothing is checked. | ||
112 | ;; | ||
113 | ;; Example 1: allow only these 3 types of clients (any version of them) | ||
114 | ;; AllowedClients = "Imprudence|Hippo|Second Life" | ||
115 | ;; | ||
116 | ;; Example 2: allow all clients except these | ||
117 | ;; DeniedClients = "Twisted|Crawler|Cryolife|FuckLife|StreetLife|GreenLife|AntiLife|KORE-Phaze|Synlyfe|Purple Second Life|SecondLi |Emerald" | ||
118 | ;; | ||
119 | ;; Note that these are regular expressions, so every character counts. | ||
120 | ;; Also note that this is very weak security and should not be trusted as a reliable means | ||
121 | ;; for keeping bad clients out; modified clients can fake their identifiers. | ||
122 | ;; | ||
123 | ;; | ||
124 | ;AllowedClients = "" | ||
125 | ;DeniedClients = "" | ||
126 | |||
93 | [GridInfoService] | 127 | [GridInfoService] |
94 | ; These settings are used to return information on a get_grid_info call. | 128 | ; These settings are used to return information on a get_grid_info call. |
95 | ; Client launcher scripts and third-party clients make use of this to | 129 | ; Client launcher scripts and third-party clients make use of this to |