diff options
Diffstat (limited to 'OpenSim/Region/CoreModules')
3 files changed, 81 insertions, 3 deletions
diff --git a/OpenSim/Region/CoreModules/Communications/REST/RESTInterregionComms.cs b/OpenSim/Region/CoreModules/Communications/REST/RESTInterregionComms.cs index 87272a1..97ffeae 100644 --- a/OpenSim/Region/CoreModules/Communications/REST/RESTInterregionComms.cs +++ b/OpenSim/Region/CoreModules/Communications/REST/RESTInterregionComms.cs | |||
@@ -59,6 +59,9 @@ namespace OpenSim.Region.CoreModules.Communications.REST | |||
59 | 59 | ||
60 | protected RegionToRegionClient m_regionClient; | 60 | protected RegionToRegionClient m_regionClient; |
61 | 61 | ||
62 | protected bool m_safemode; | ||
63 | protected IPAddress m_thisIP; | ||
64 | |||
62 | #region IRegionModule | 65 | #region IRegionModule |
63 | 66 | ||
64 | public virtual void Initialise(Scene scene, IConfigSource config) | 67 | public virtual void Initialise(Scene scene, IConfigSource config) |
@@ -74,6 +77,9 @@ namespace OpenSim.Region.CoreModules.Communications.REST | |||
74 | { | 77 | { |
75 | m_log.Info("[REST COMMS]: Enabling InterregionComms RESTComms module"); | 78 | m_log.Info("[REST COMMS]: Enabling InterregionComms RESTComms module"); |
76 | m_enabled = true; | 79 | m_enabled = true; |
80 | if (config.Configs["Hypergrid"] != null) | ||
81 | m_safemode = config.Configs["Hypergrid"].GetBoolean("safemode", false); | ||
82 | |||
77 | InitOnce(scene); | 83 | InitOnce(scene); |
78 | } | 84 | } |
79 | } | 85 | } |
@@ -117,6 +123,7 @@ namespace OpenSim.Region.CoreModules.Communications.REST | |||
117 | m_commsManager = scene.CommsManager; | 123 | m_commsManager = scene.CommsManager; |
118 | m_aScene = scene; | 124 | m_aScene = scene; |
119 | m_regionClient = new RegionToRegionClient(m_aScene); | 125 | m_regionClient = new RegionToRegionClient(m_aScene); |
126 | m_thisIP = Util.GetHostFromDNS(scene.RegionInfo.ExternalHostName); | ||
120 | } | 127 | } |
121 | 128 | ||
122 | protected virtual void AddHTTPHandlers() | 129 | protected virtual void AddHTTPHandlers() |
@@ -148,7 +155,7 @@ namespace OpenSim.Region.CoreModules.Communications.REST | |||
148 | { | 155 | { |
149 | m_regionClient.SendUserInformation(regInfo, aCircuit); | 156 | m_regionClient.SendUserInformation(regInfo, aCircuit); |
150 | 157 | ||
151 | return m_regionClient.DoCreateChildAgentCall(regInfo, aCircuit); | 158 | return m_regionClient.DoCreateChildAgentCall(regInfo, aCircuit, "None"); |
152 | } | 159 | } |
153 | //else | 160 | //else |
154 | // m_log.Warn("[REST COMMS]: Region not found " + regionHandle); | 161 | // m_log.Warn("[REST COMMS]: Region not found " + regionHandle); |
@@ -331,6 +338,7 @@ namespace OpenSim.Region.CoreModules.Communications.REST | |||
331 | responsedata["content_type"] = "text/html"; | 338 | responsedata["content_type"] = "text/html"; |
332 | responsedata["keepalive"] = false; | 339 | responsedata["keepalive"] = false; |
333 | 340 | ||
341 | |||
334 | UUID agentID; | 342 | UUID agentID; |
335 | string action; | 343 | string action; |
336 | ulong regionHandle; | 344 | ulong regionHandle; |
@@ -378,6 +386,28 @@ namespace OpenSim.Region.CoreModules.Communications.REST | |||
378 | 386 | ||
379 | protected virtual void DoAgentPost(Hashtable request, Hashtable responsedata, UUID id) | 387 | protected virtual void DoAgentPost(Hashtable request, Hashtable responsedata, UUID id) |
380 | { | 388 | { |
389 | if (m_safemode) | ||
390 | { | ||
391 | // Authentication | ||
392 | string authority = string.Empty; | ||
393 | string authToken = string.Empty; | ||
394 | if (!GetAuthentication(request, out authority, out authToken)) | ||
395 | { | ||
396 | m_log.InfoFormat("[REST COMMS]: Authentication failed for agent message {0}", request["uri"]); | ||
397 | responsedata["int_response_code"] = 403; | ||
398 | responsedata["str_response_string"] = "Forbidden"; | ||
399 | return ; | ||
400 | } | ||
401 | if (!VerifyKey(id, authority, authToken)) | ||
402 | { | ||
403 | m_log.InfoFormat("[REST COMMS]: Authentication failed for agent message {0}", request["uri"]); | ||
404 | responsedata["int_response_code"] = 403; | ||
405 | responsedata["str_response_string"] = "Forbidden"; | ||
406 | return ; | ||
407 | } | ||
408 | m_log.DebugFormat("[REST COMMS]: Authentication succeeded for {0}", id); | ||
409 | } | ||
410 | |||
381 | OSDMap args = RegionClient.GetOSDMap((string)request["body"]); | 411 | OSDMap args = RegionClient.GetOSDMap((string)request["body"]); |
382 | if (args == null) | 412 | if (args == null) |
383 | { | 413 | { |
@@ -793,6 +823,53 @@ namespace OpenSim.Region.CoreModules.Communications.REST | |||
793 | } | 823 | } |
794 | } | 824 | } |
795 | 825 | ||
826 | public static bool GetAuthentication(Hashtable request, out string authority, out string authKey) | ||
827 | { | ||
828 | authority = string.Empty; | ||
829 | authKey = string.Empty; | ||
830 | |||
831 | Uri authUri; | ||
832 | Hashtable headers = (Hashtable)request["headers"]; | ||
833 | |||
834 | // Authorization keys look like this: | ||
835 | // http://orgrid.org:8002/<uuid> | ||
836 | if (headers.ContainsKey("authorization") && (string)headers["authorization"] != "None") | ||
837 | { | ||
838 | if (Uri.TryCreate((string)headers["authorization"], UriKind.Absolute, out authUri)) | ||
839 | { | ||
840 | authority = authUri.Authority; | ||
841 | authKey = authUri.PathAndQuery.Trim('/'); | ||
842 | m_log.DebugFormat("[REST COMMS]: Got authority {0} and key {1}", authority, authKey); | ||
843 | return true; | ||
844 | } | ||
845 | else | ||
846 | m_log.Debug("[REST COMMS]: Wrong format for Authorization header: " + (string)headers["authorization"]); | ||
847 | } | ||
848 | else | ||
849 | m_log.Debug("[REST COMMS]: Authorization header not found"); | ||
850 | |||
851 | return false; | ||
852 | } | ||
853 | |||
854 | bool VerifyKey(UUID userID, string authority, string key) | ||
855 | { | ||
856 | string[] parts = authority.Split(':'); | ||
857 | IPAddress ipaddr = IPAddress.None; | ||
858 | uint port = 0; | ||
859 | if (parts.Length <= 2) | ||
860 | ipaddr = Util.GetHostFromDNS(parts[0]); | ||
861 | if (parts.Length == 2) | ||
862 | UInt32.TryParse(parts[1], out port); | ||
863 | |||
864 | // local authority (standalone), local call | ||
865 | if (m_thisIP.Equals(ipaddr) && (m_aScene.RegionInfo.HttpPort == port)) | ||
866 | return ((IAuthentication)m_aScene.CommsManager.UserAdminService).VerifyKey(userID, key); | ||
867 | // remote call | ||
868 | else | ||
869 | return AuthClient.VerifyKey("http://" + authority, userID, key); | ||
870 | } | ||
871 | |||
872 | |||
796 | #endregion Misc | 873 | #endregion Misc |
797 | 874 | ||
798 | protected class RegionToRegionClient : RegionClient | 875 | protected class RegionToRegionClient : RegionClient |
diff --git a/OpenSim/Region/CoreModules/Hypergrid/HGStandaloneInventoryModule.cs b/OpenSim/Region/CoreModules/Hypergrid/HGStandaloneInventoryModule.cs index 3675583..f0d70a7 100644 --- a/OpenSim/Region/CoreModules/Hypergrid/HGStandaloneInventoryModule.cs +++ b/OpenSim/Region/CoreModules/Hypergrid/HGStandaloneInventoryModule.cs | |||
@@ -93,7 +93,7 @@ namespace OpenSim.Region.CoreModules.Hypergrid | |||
93 | 93 | ||
94 | m_inventoryService = new HGInventoryService(m_inventoryBase, | 94 | m_inventoryService = new HGInventoryService(m_inventoryBase, |
95 | ((AssetServerBase)m_scene.CommsManager.AssetCache.AssetServer).AssetProviderPlugin, | 95 | ((AssetServerBase)m_scene.CommsManager.AssetCache.AssetServer).AssetProviderPlugin, |
96 | (UserManagerBase)m_scene.CommsManager.UserService, m_scene.CommsManager.HttpServer, | 96 | (UserManagerBase)m_scene.CommsManager.UserAdminService, m_scene.CommsManager.HttpServer, |
97 | m_scene.CommsManager.NetworkServersInfo.InventoryURL); | 97 | m_scene.CommsManager.NetworkServersInfo.InventoryURL); |
98 | 98 | ||
99 | AddHttpHandlers(m_scene.CommsManager.HttpServer); | 99 | AddHttpHandlers(m_scene.CommsManager.HttpServer); |
diff --git a/OpenSim/Region/CoreModules/Hypergrid/HGStandaloneLoginModule.cs b/OpenSim/Region/CoreModules/Hypergrid/HGStandaloneLoginModule.cs index f0e957b..c458b89 100644 --- a/OpenSim/Region/CoreModules/Hypergrid/HGStandaloneLoginModule.cs +++ b/OpenSim/Region/CoreModules/Hypergrid/HGStandaloneLoginModule.cs | |||
@@ -104,11 +104,12 @@ namespace OpenSim.Region.CoreModules.Hypergrid | |||
104 | IHttpServer httpServer = m_firstScene.CommsManager.HttpServer; | 104 | IHttpServer httpServer = m_firstScene.CommsManager.HttpServer; |
105 | 105 | ||
106 | //TODO: fix the casting of the user service, maybe by registering the userManagerBase with scenes, or refactoring so we just need a IUserService reference | 106 | //TODO: fix the casting of the user service, maybe by registering the userManagerBase with scenes, or refactoring so we just need a IUserService reference |
107 | m_loginService = new HGLoginAuthService((UserManagerBase)m_firstScene.CommsManager.UserService, welcomeMessage, m_firstScene.CommsManager.InterServiceInventoryService, m_firstScene.CommsManager.NetworkServersInfo, authenticate, rootFolder, this); | 107 | m_loginService = new HGLoginAuthService((UserManagerBase)m_firstScene.CommsManager.UserAdminService, welcomeMessage, m_firstScene.CommsManager.InterServiceInventoryService, m_firstScene.CommsManager.NetworkServersInfo, authenticate, rootFolder, this); |
108 | 108 | ||
109 | httpServer.AddXmlRPCHandler("hg_login", m_loginService.XmlRpcLoginMethod); | 109 | httpServer.AddXmlRPCHandler("hg_login", m_loginService.XmlRpcLoginMethod); |
110 | httpServer.AddXmlRPCHandler("hg_new_auth_key", m_loginService.XmlRpcGenerateKeyMethod); | 110 | httpServer.AddXmlRPCHandler("hg_new_auth_key", m_loginService.XmlRpcGenerateKeyMethod); |
111 | httpServer.AddXmlRPCHandler("hg_verify_auth_key", m_loginService.XmlRpcVerifyKeyMethod); | 111 | httpServer.AddXmlRPCHandler("hg_verify_auth_key", m_loginService.XmlRpcVerifyKeyMethod); |
112 | httpServer.AddXmlRPCHandler("check_auth_session", m_loginService.XmlRPCCheckAuthSession); | ||
112 | 113 | ||
113 | } | 114 | } |
114 | } | 115 | } |