diff options
author | Diva Canto | 2010-01-18 16:34:23 -0800 |
---|---|---|
committer | Diva Canto | 2010-01-18 16:34:23 -0800 |
commit | 3d536944153d4931cf891d6a788a47484f3e6f4d (patch) | |
tree | 53802c5f051e8fbb089aeed02e0b9de760fabd8a /OpenSim/Services/HypergridService | |
parent | * Added missing GatekeeperServiceConnector (diff) | |
download | opensim-SC-3d536944153d4931cf891d6a788a47484f3e6f4d.zip opensim-SC-3d536944153d4931cf891d6a788a47484f3e6f4d.tar.gz opensim-SC-3d536944153d4931cf891d6a788a47484f3e6f4d.tar.bz2 opensim-SC-3d536944153d4931cf891d6a788a47484f3e6f4d.tar.xz |
Go Home works. With security!!
Diffstat (limited to '')
-rw-r--r-- | OpenSim/Services/HypergridService/GatekeeperService.cs | 53 | ||||
-rw-r--r-- | OpenSim/Services/HypergridService/HomeUsersSecurityService.cs | 67 |
2 files changed, 104 insertions, 16 deletions
diff --git a/OpenSim/Services/HypergridService/GatekeeperService.cs b/OpenSim/Services/HypergridService/GatekeeperService.cs index 55d9ce1..169cfa3 100644 --- a/OpenSim/Services/HypergridService/GatekeeperService.cs +++ b/OpenSim/Services/HypergridService/GatekeeperService.cs | |||
@@ -27,6 +27,7 @@ | |||
27 | 27 | ||
28 | using System; | 28 | using System; |
29 | using System.Collections.Generic; | 29 | using System.Collections.Generic; |
30 | using System.Net; | ||
30 | using System.Reflection; | 31 | using System.Reflection; |
31 | 32 | ||
32 | using OpenSim.Framework; | 33 | using OpenSim.Framework; |
@@ -51,6 +52,7 @@ namespace OpenSim.Services.HypergridService | |||
51 | IPresenceService m_PresenceService; | 52 | IPresenceService m_PresenceService; |
52 | IAuthenticationService m_AuthenticationService; | 53 | IAuthenticationService m_AuthenticationService; |
53 | IUserAccountService m_UserAccountService; | 54 | IUserAccountService m_UserAccountService; |
55 | IHomeUsersSecurityService m_HomeUsersSecurityService; | ||
54 | ISimulationService m_SimulationService; | 56 | ISimulationService m_SimulationService; |
55 | 57 | ||
56 | string m_AuthDll; | 58 | string m_AuthDll; |
@@ -66,14 +68,15 @@ namespace OpenSim.Services.HypergridService | |||
66 | throw new Exception(String.Format("No section GatekeeperService in config file")); | 68 | throw new Exception(String.Format("No section GatekeeperService in config file")); |
67 | 69 | ||
68 | string accountService = serverConfig.GetString("UserAccountService", String.Empty); | 70 | string accountService = serverConfig.GetString("UserAccountService", String.Empty); |
71 | string homeUsersSecurityService = serverConfig.GetString("HomeUsersSecurityService", string.Empty); | ||
69 | string gridService = serverConfig.GetString("GridService", String.Empty); | 72 | string gridService = serverConfig.GetString("GridService", String.Empty); |
70 | string presenceService = serverConfig.GetString("PresenceService", String.Empty); | 73 | string presenceService = serverConfig.GetString("PresenceService", String.Empty); |
71 | string simulationService = serverConfig.GetString("SimulationService", String.Empty); | 74 | string simulationService = serverConfig.GetString("SimulationService", String.Empty); |
72 | 75 | ||
73 | m_AuthDll = serverConfig.GetString("AuthenticationService", String.Empty); | 76 | m_AuthDll = serverConfig.GetString("AuthenticationService", String.Empty); |
74 | 77 | ||
75 | if (accountService == string.Empty || gridService == string.Empty || | 78 | // These 3 are mandatory, the others aren't |
76 | presenceService == string.Empty || m_AuthDll == string.Empty) | 79 | if (gridService == string.Empty || presenceService == string.Empty || m_AuthDll == string.Empty) |
77 | throw new Exception("Incomplete specifications, Gatekeeper Service cannot function."); | 80 | throw new Exception("Incomplete specifications, Gatekeeper Service cannot function."); |
78 | 81 | ||
79 | string scope = serverConfig.GetString("ScopeID", UUID.Zero.ToString()); | 82 | string scope = serverConfig.GetString("ScopeID", UUID.Zero.ToString()); |
@@ -82,16 +85,20 @@ namespace OpenSim.Services.HypergridService | |||
82 | m_AllowTeleportsToAnyRegion = serverConfig.GetBoolean("AllowTeleportsToAnyRegion", true); | 85 | m_AllowTeleportsToAnyRegion = serverConfig.GetBoolean("AllowTeleportsToAnyRegion", true); |
83 | 86 | ||
84 | Object[] args = new Object[] { config }; | 87 | Object[] args = new Object[] { config }; |
85 | m_UserAccountService = ServerUtils.LoadPlugin<IUserAccountService>(accountService, args); | ||
86 | m_GridService = ServerUtils.LoadPlugin<IGridService>(gridService, args); | 88 | m_GridService = ServerUtils.LoadPlugin<IGridService>(gridService, args); |
87 | m_PresenceService = ServerUtils.LoadPlugin<IPresenceService>(presenceService, args); | 89 | m_PresenceService = ServerUtils.LoadPlugin<IPresenceService>(presenceService, args); |
90 | |||
91 | if (accountService != string.Empty) | ||
92 | m_UserAccountService = ServerUtils.LoadPlugin<IUserAccountService>(accountService, args); | ||
93 | if (homeUsersSecurityService != string.Empty) | ||
94 | m_HomeUsersSecurityService = ServerUtils.LoadPlugin<IHomeUsersSecurityService>(homeUsersSecurityService, args); | ||
95 | |||
88 | if (simService != null) | 96 | if (simService != null) |
89 | m_SimulationService = simService; | 97 | m_SimulationService = simService; |
90 | else if (simulationService != string.Empty) | 98 | else if (simulationService != string.Empty) |
91 | m_SimulationService = ServerUtils.LoadPlugin<ISimulationService>(simulationService, args); | 99 | m_SimulationService = ServerUtils.LoadPlugin<ISimulationService>(simulationService, args); |
92 | 100 | ||
93 | if (m_UserAccountService == null || m_GridService == null || | 101 | if (m_GridService == null || m_PresenceService == null || m_SimulationService == null) |
94 | m_PresenceService == null || m_SimulationService == null) | ||
95 | throw new Exception("Unable to load a required plugin, Gatekeeper Service cannot function."); | 102 | throw new Exception("Unable to load a required plugin, Gatekeeper Service cannot function."); |
96 | 103 | ||
97 | m_log.Debug("[GATEKEEPER SERVICE]: Starting..."); | 104 | m_log.Debug("[GATEKEEPER SERVICE]: Starting..."); |
@@ -183,17 +190,31 @@ namespace OpenSim.Services.HypergridService | |||
183 | } | 190 | } |
184 | m_log.DebugFormat("[GATEKEEPER SERVICE]: Identity verified for {0} {1} @ {2}", aCircuit.firstname, aCircuit.lastname, authURL); | 191 | m_log.DebugFormat("[GATEKEEPER SERVICE]: Identity verified for {0} {1} @ {2}", aCircuit.firstname, aCircuit.lastname, authURL); |
185 | 192 | ||
186 | // Check to see if we have a local user with that UUID | 193 | //if (m_UserAccountService != null && m_HomeUsersSecurityService != null) |
187 | UserAccount account = m_UserAccountService.GetUserAccount(m_ScopeID, aCircuit.AgentID); | 194 | //{ |
188 | if (account != null) | 195 | // // Check to see if we have a local user with that UUID |
189 | { | 196 | // UserAccount account = m_UserAccountService.GetUserAccount(m_ScopeID, aCircuit.AgentID); |
190 | // No, sorry; go away | 197 | |
191 | reason = "User identifier not allowed on this grid"; | 198 | // // See if that user went out of this home grid |
192 | m_log.InfoFormat("[GATEKEEPER SERVICE]: Foreign agent {0} {1} has UUID of local user {3}. Refusing service.", | 199 | // IPEndPoint ep = m_HomeUsersSecurityService.GetEndPoint(aCircuit.AgentID); |
193 | aCircuit.firstname, aCircuit.lastname, aCircuit.AgentID); | 200 | |
194 | return false; | 201 | // if (account != null) |
195 | } | 202 | // { |
196 | m_log.DebugFormat("[GATEKEEPER SERVICE]: User ID ok"); | 203 | // if ((ep == null) || // there's no memory of this agent going out |
204 | // (ep != null && (ep.Address != aCircuit.ClientEndPoint.Address || ep.Port != aCircuit.ClientEndPoint.Port))) // fake agent | ||
205 | // { | ||
206 | // // No, sorry; go away | ||
207 | // reason = "User identifier not allowed on this grid"; | ||
208 | // m_log.InfoFormat("[GATEKEEPER SERVICE]: Foreign agent {0} {1} has UUID of local user {2}. Refusing service.", | ||
209 | // aCircuit.firstname, aCircuit.lastname, aCircuit.AgentID); | ||
210 | // return false; | ||
211 | // } | ||
212 | // else | ||
213 | // { | ||
214 | // } | ||
215 | // } | ||
216 | // m_log.DebugFormat("[GATEKEEPER SERVICE]: User ID ok"); | ||
217 | //} | ||
197 | 218 | ||
198 | // May want to authorize | 219 | // May want to authorize |
199 | 220 | ||
diff --git a/OpenSim/Services/HypergridService/HomeUsersSecurityService.cs b/OpenSim/Services/HypergridService/HomeUsersSecurityService.cs new file mode 100644 index 0000000..a7adfc1 --- /dev/null +++ b/OpenSim/Services/HypergridService/HomeUsersSecurityService.cs | |||
@@ -0,0 +1,67 @@ | |||
1 | using System; | ||
2 | using System.Collections.Generic; | ||
3 | using System.Net; | ||
4 | using System.Reflection; | ||
5 | |||
6 | using OpenSim.Services.Interfaces; | ||
7 | |||
8 | using OpenMetaverse; | ||
9 | using log4net; | ||
10 | using Nini.Config; | ||
11 | |||
12 | namespace OpenSim.Services.HypergridService | ||
13 | { | ||
14 | /// <summary> | ||
15 | /// This service is for HG1.5 only, to make up for the fact that clients don't | ||
16 | /// keep any private information in themselves, and that their 'home service' | ||
17 | /// needs to do it for them. | ||
18 | /// Once we have better clients, this shouldn't be needed. | ||
19 | /// </summary> | ||
20 | public class HomeUsersSecurityService : IHomeUsersSecurityService | ||
21 | { | ||
22 | private static readonly ILog m_log = | ||
23 | LogManager.GetLogger( | ||
24 | MethodBase.GetCurrentMethod().DeclaringType); | ||
25 | |||
26 | // | ||
27 | // This is a persistent storage wannabe for dealing with the | ||
28 | // quirks of HG1.5. We don't really want to store this in a table. | ||
29 | // But this is the necessary information for securing clients | ||
30 | // coming home. | ||
31 | // | ||
32 | protected static Dictionary<UUID, IPEndPoint> m_ClientEndPoints = new Dictionary<UUID, IPEndPoint>(); | ||
33 | |||
34 | public HomeUsersSecurityService(IConfigSource config) | ||
35 | { | ||
36 | m_log.DebugFormat("[HOME USERS SECURITY]: Starting..."); | ||
37 | } | ||
38 | |||
39 | public void SetEndPoint(UUID sessionID, IPEndPoint ep) | ||
40 | { | ||
41 | m_log.DebugFormat("[HOME USERS SECURITY]: Set EndPoint {0} for session {1}", ep.ToString(), sessionID); | ||
42 | |||
43 | lock (m_ClientEndPoints) | ||
44 | m_ClientEndPoints[sessionID] = ep; | ||
45 | } | ||
46 | |||
47 | public IPEndPoint GetEndPoint(UUID sessionID) | ||
48 | { | ||
49 | lock (m_ClientEndPoints) | ||
50 | if (m_ClientEndPoints.ContainsKey(sessionID)) | ||
51 | { | ||
52 | m_log.DebugFormat("[HOME USERS SECURITY]: Get EndPoint {0} for session {1}", m_ClientEndPoints[sessionID].ToString(), sessionID); | ||
53 | return m_ClientEndPoints[sessionID]; | ||
54 | } | ||
55 | |||
56 | return null; | ||
57 | } | ||
58 | |||
59 | public void RemoveEndPoint(UUID sessionID) | ||
60 | { | ||
61 | m_log.DebugFormat("[HOME USERS SECURITY]: Remove EndPoint for session {0}", sessionID); | ||
62 | lock (m_ClientEndPoints) | ||
63 | if (m_ClientEndPoints.ContainsKey(sessionID)) | ||
64 | m_ClientEndPoints.Remove(sessionID); | ||
65 | } | ||
66 | } | ||
67 | } | ||