aboutsummaryrefslogtreecommitdiffstatshomepage
diff options
context:
space:
mode:
authorDiva Canto2010-08-19 19:54:40 -0700
committerDiva Canto2010-08-19 19:54:40 -0700
commita39ea07158756a76757d4b616c60cbcedf06f268 (patch)
tree59438c64692b850dc09f96e2658e9f4d77b36a9d
parentPartial rewrite of client IP verification. Not completely finished yet, and u... (diff)
downloadopensim-SC_OLD-a39ea07158756a76757d4b616c60cbcedf06f268.zip
opensim-SC_OLD-a39ea07158756a76757d4b616c60cbcedf06f268.tar.gz
opensim-SC_OLD-a39ea07158756a76757d4b616c60cbcedf06f268.tar.bz2
opensim-SC_OLD-a39ea07158756a76757d4b616c60cbcedf06f268.tar.xz
Finished implementing ViaLogin vs ViaHGLogin. Removed lookup on myipaddress.com. Also removed client IP verification upon UDP connection that had been left there -- we can't do that in general.
-rw-r--r--OpenSim/Framework/NetworkUtil.cs82
-rw-r--r--OpenSim/Region/Framework/Scenes/Scene.cs52
-rw-r--r--OpenSim/Services/HypergridService/GatekeeperService.cs28
-rw-r--r--OpenSim/Services/HypergridService/UserAgentService.cs5
4 files changed, 48 insertions, 119 deletions
diff --git a/OpenSim/Framework/NetworkUtil.cs b/OpenSim/Framework/NetworkUtil.cs
index 831ff70..2e94b0d 100644
--- a/OpenSim/Framework/NetworkUtil.cs
+++ b/OpenSim/Framework/NetworkUtil.cs
@@ -181,18 +181,10 @@ namespace OpenSim.Framework
181 throw new ArgumentException("[NetworkUtil] Unable to resolve defaultHostname to an IPv4 address for an IPv4 client"); 181 throw new ArgumentException("[NetworkUtil] Unable to resolve defaultHostname to an IPv4 address for an IPv4 client");
182 } 182 }
183 183
184 static IPAddress externalIPAddress;
185
186 static NetworkUtil() 184 static NetworkUtil()
187 { 185 {
188 try 186 try
189 { 187 {
190 externalIPAddress = GetExternalIP();
191 }
192 catch { /* ignore */ }
193
194 try
195 {
196 foreach (NetworkInterface ni in NetworkInterface.GetAllNetworkInterfaces()) 188 foreach (NetworkInterface ni in NetworkInterface.GetAllNetworkInterfaces())
197 { 189 {
198 foreach (UnicastIPAddressInformation address in ni.GetIPProperties().UnicastAddresses) 190 foreach (UnicastIPAddressInformation address in ni.GetIPProperties().UnicastAddresses)
@@ -254,79 +246,5 @@ namespace OpenSim.Framework
254 return defaultHostname; 246 return defaultHostname;
255 } 247 }
256 248
257 public static IPAddress GetExternalIPOf(IPAddress user)
258 {
259 if (externalIPAddress == null)
260 return user;
261
262 if (user.ToString() == "127.0.0.1")
263 {
264 m_log.Info("[NetworkUtil] 127.0.0.1 user detected, sending '" + externalIPAddress + "' instead of '" + user + "'");
265 return externalIPAddress;
266 }
267 // Check if we're accessing localhost.
268 foreach (IPAddress host in Dns.GetHostAddresses(Dns.GetHostName()))
269 {
270 if (host.Equals(user) && host.AddressFamily == AddressFamily.InterNetwork)
271 {
272 m_log.Info("[NetworkUtil] Localhost user detected, sending '" + externalIPAddress + "' instead of '" + user + "'");
273 return externalIPAddress;
274 }
275 }
276
277 // Check for same LAN segment
278 foreach (KeyValuePair<IPAddress, IPAddress> subnet in m_subnets)
279 {
280 byte[] subnetBytes = subnet.Value.GetAddressBytes();
281 byte[] localBytes = subnet.Key.GetAddressBytes();
282 byte[] destBytes = user.GetAddressBytes();
283
284 if (subnetBytes.Length != destBytes.Length || subnetBytes.Length != localBytes.Length)
285 return user;
286
287 bool valid = true;
288
289 for (int i = 0; i < subnetBytes.Length; i++)
290 {
291 if ((localBytes[i] & subnetBytes[i]) != (destBytes[i] & subnetBytes[i]))
292 {
293 valid = false;
294 break;
295 }
296 }
297
298 if (subnet.Key.AddressFamily != AddressFamily.InterNetwork)
299 valid = false;
300
301 if (valid)
302 {
303 m_log.Info("[NetworkUtil] Local LAN user detected, sending '" + externalIPAddress + "' instead of '" + user + "'");
304 return externalIPAddress;
305 }
306 }
307
308 // Otherwise, return user address
309 return user;
310 }
311
312 private static IPAddress GetExternalIP()
313 {
314 string whatIsMyIp = "http://www.whatismyip.com/automation/n09230945.asp";
315 WebClient wc = new WebClient();
316 UTF8Encoding utf8 = new UTF8Encoding();
317 string requestHtml = "";
318 try
319 {
320 requestHtml = utf8.GetString(wc.DownloadData(whatIsMyIp));
321 }
322 catch (WebException we)
323 {
324 m_log.Info("[NetworkUtil]: Exception in GetExternalIP: " + we.ToString());
325 return null;
326 }
327
328 IPAddress externalIp = IPAddress.Parse(requestHtml);
329 return externalIp;
330 }
331 } 249 }
332} 250}
diff --git a/OpenSim/Region/Framework/Scenes/Scene.cs b/OpenSim/Region/Framework/Scenes/Scene.cs
index 18705a8..e742b55 100644
--- a/OpenSim/Region/Framework/Scenes/Scene.cs
+++ b/OpenSim/Region/Framework/Scenes/Scene.cs
@@ -2507,26 +2507,26 @@ namespace OpenSim.Region.Framework.Scenes
2507 { 2507 {
2508 AgentCircuitData aCircuit = m_authenticateHandler.GetAgentCircuitData(client.CircuitCode); 2508 AgentCircuitData aCircuit = m_authenticateHandler.GetAgentCircuitData(client.CircuitCode);
2509 2509
2510 // Do the verification here 2510 //// Do the verification here -- No, really don't do this here. This is UDP address, let it go.
2511 System.Net.IPEndPoint ep = (System.Net.IPEndPoint)client.GetClientEP(); 2511 //System.Net.IPEndPoint ep = (System.Net.IPEndPoint)client.GetClientEP();
2512 if (aCircuit != null) 2512 //if (aCircuit != null)
2513 { 2513 //{
2514 if (!VerifyClient(aCircuit, ep, out vialogin)) 2514 // if (!VerifyClient(aCircuit, ep, out vialogin))
2515 { 2515 // {
2516 // uh-oh, this is fishy 2516 // // uh-oh, this is fishy
2517 m_log.WarnFormat("[SCENE]: Agent {0} with session {1} connecting with unidentified end point {2}. Refusing service.", 2517 // m_log.WarnFormat("[SCENE]: Agent {0} with session {1} connecting with unidentified end point {2}. Refusing service.",
2518 client.AgentId, client.SessionId, ep.ToString()); 2518 // client.AgentId, client.SessionId, ep.ToString());
2519 try 2519 // try
2520 { 2520 // {
2521 client.Close(); 2521 // client.Close();
2522 } 2522 // }
2523 catch (Exception e) 2523 // catch (Exception e)
2524 { 2524 // {
2525 m_log.DebugFormat("[SCENE]: Exception while closing aborted client: {0}", e.StackTrace); 2525 // m_log.DebugFormat("[SCENE]: Exception while closing aborted client: {0}", e.StackTrace);
2526 } 2526 // }
2527 return; 2527 // return;
2528 } 2528 // }
2529 } 2529 //}
2530 2530
2531 m_log.Debug("[SCENE]: Adding new agent " + client.Name + " to scene " + RegionInfo.RegionName); 2531 m_log.Debug("[SCENE]: Adding new agent " + client.Name + " to scene " + RegionInfo.RegionName);
2532 2532
@@ -2555,16 +2555,14 @@ namespace OpenSim.Region.Framework.Scenes
2555 vialogin = false; 2555 vialogin = false;
2556 2556
2557 // Do the verification here 2557 // Do the verification here
2558 if ((aCircuit.teleportFlags & (uint)Constants.TeleportFlags.ViaLogin) != 0) 2558 if ((aCircuit.teleportFlags & (uint)Constants.TeleportFlags.ViaHGLogin) != 0)
2559 { 2559 {
2560 m_log.DebugFormat("[SCENE]: Incoming client {0} {1} in region {2} via Login", aCircuit.firstname, aCircuit.lastname, RegionInfo.RegionName); 2560 m_log.DebugFormat("[SCENE]: Incoming client {0} {1} in region {2} via HG login", aCircuit.firstname, aCircuit.lastname, RegionInfo.RegionName);
2561 vialogin = true; 2561 vialogin = true;
2562 IUserAgentVerificationModule userVerification = RequestModuleInterface<IUserAgentVerificationModule>(); 2562 IUserAgentVerificationModule userVerification = RequestModuleInterface<IUserAgentVerificationModule>();
2563 if (userVerification != null && ep != null) 2563 if (userVerification != null && ep != null)
2564 { 2564 {
2565 System.Net.IPAddress addr = NetworkUtil.GetExternalIPOf(ep.Address); 2565 if (!userVerification.VerifyClient(aCircuit, ep.Address.ToString()))
2566
2567 if (!userVerification.VerifyClient(aCircuit, /*ep.Address.ToString() */ addr.ToString()))
2568 { 2566 {
2569 // uh-oh, this is fishy 2567 // uh-oh, this is fishy
2570 m_log.DebugFormat("[SCENE]: User Client Verification for {0} {1} in {2} returned false", aCircuit.firstname, aCircuit.lastname, RegionInfo.RegionName); 2568 m_log.DebugFormat("[SCENE]: User Client Verification for {0} {1} in {2} returned false", aCircuit.firstname, aCircuit.lastname, RegionInfo.RegionName);
@@ -2575,6 +2573,10 @@ namespace OpenSim.Region.Framework.Scenes
2575 } 2573 }
2576 } 2574 }
2577 2575
2576 else if ((aCircuit.teleportFlags & (uint)Constants.TeleportFlags.ViaLogin) != 0)
2577 m_log.DebugFormat("[SCENE]: Incoming client {0} {1} in region {2} via regular login. Client IP verification not performed.",
2578 aCircuit.firstname, aCircuit.lastname, RegionInfo.RegionName);
2579
2578 return true; 2580 return true;
2579 } 2581 }
2580 2582
diff --git a/OpenSim/Services/HypergridService/GatekeeperService.cs b/OpenSim/Services/HypergridService/GatekeeperService.cs
index 6f041da..3f5c4f1 100644
--- a/OpenSim/Services/HypergridService/GatekeeperService.cs
+++ b/OpenSim/Services/HypergridService/GatekeeperService.cs
@@ -225,17 +225,23 @@ namespace OpenSim.Services.HypergridService
225 225
226 // May want to authorize 226 // May want to authorize
227 227
228 bool isFirstLogin = false;
228 // 229 //
229 // Login the presence 230 // Login the presence, if it's not there yet (by the login service)
230 // 231 //
231 if (!m_PresenceService.LoginAgent(aCircuit.AgentID.ToString(), aCircuit.SessionID, aCircuit.SecureSessionID)) 232 PresenceInfo presence = m_PresenceService.GetAgent(aCircuit.SessionID);
232 { 233 if (presence != null) // it has been placed there by the login service
233 reason = "Unable to login presence"; 234 isFirstLogin = true;
234 m_log.InfoFormat("[GATEKEEPER SERVICE]: Presence login failed for foreign agent {0} {1}. Refusing service.", 235
235 aCircuit.firstname, aCircuit.lastname); 236 else
236 return false; 237 if (!m_PresenceService.LoginAgent(aCircuit.AgentID.ToString(), aCircuit.SessionID, aCircuit.SecureSessionID))
237 } 238 {
238 m_log.DebugFormat("[GATEKEEPER SERVICE]: Login presence ok"); 239 reason = "Unable to login presence";
240 m_log.InfoFormat("[GATEKEEPER SERVICE]: Presence login failed for foreign agent {0} {1}. Refusing service.",
241 aCircuit.firstname, aCircuit.lastname);
242 return false;
243 }
244 m_log.DebugFormat("[GATEKEEPER SERVICE]: Login presence ok");
239 245
240 // 246 //
241 // Get the region 247 // Get the region
@@ -274,7 +280,9 @@ namespace OpenSim.Services.HypergridService
274 // 280 //
275 // Finally launch the agent at the destination 281 // Finally launch the agent at the destination
276 // 282 //
277 return m_SimulationService.CreateAgent(destination, aCircuit, (uint)Constants.TeleportFlags.ViaLogin, out reason); 283 Constants.TeleportFlags loginFlag = isFirstLogin ? Constants.TeleportFlags.ViaLogin : Constants.TeleportFlags.ViaHGLogin;
284 m_log.DebugFormat("[GATEKEEPER SERVICE]: launching agent {0}", loginFlag);
285 return m_SimulationService.CreateAgent(destination, aCircuit, (uint)loginFlag, out reason);
278 } 286 }
279 287
280 protected bool Authenticate(AgentCircuitData aCircuit) 288 protected bool Authenticate(AgentCircuitData aCircuit)
diff --git a/OpenSim/Services/HypergridService/UserAgentService.cs b/OpenSim/Services/HypergridService/UserAgentService.cs
index 6b14e21..8c3be70 100644
--- a/OpenSim/Services/HypergridService/UserAgentService.cs
+++ b/OpenSim/Services/HypergridService/UserAgentService.cs
@@ -134,7 +134,7 @@ namespace OpenSim.Services.HypergridService
134 public bool LoginAgentToGrid(AgentCircuitData agentCircuit, GridRegion gatekeeper, GridRegion finalDestination, IPEndPoint clientIP, out string reason) 134 public bool LoginAgentToGrid(AgentCircuitData agentCircuit, GridRegion gatekeeper, GridRegion finalDestination, IPEndPoint clientIP, out string reason)
135 { 135 {
136 m_log.DebugFormat("[USER AGENT SERVICE]: Request to login user {0} {1} (@{2}) to grid {3}", 136 m_log.DebugFormat("[USER AGENT SERVICE]: Request to login user {0} {1} (@{2}) to grid {3}",
137 agentCircuit.firstname, agentCircuit.lastname, ((clientIP == null) ? "(stored IP)" : clientIP.ToString()), 137 agentCircuit.firstname, agentCircuit.lastname, ((clientIP == null) ? "stored IP" : clientIP.Address.ToString()),
138 gatekeeper.ExternalHostName +":"+ gatekeeper.HttpPort); 138 gatekeeper.ExternalHostName +":"+ gatekeeper.HttpPort);
139 139
140 // Take the IP address + port of the gatekeeper (reg) plus the info of finalDestination 140 // Take the IP address + port of the gatekeeper (reg) plus the info of finalDestination
@@ -169,9 +169,10 @@ namespace OpenSim.Services.HypergridService
169 return false; 169 return false;
170 } 170 }
171 171
172 m_log.DebugFormat("[USER AGENT SERVICE]: Gatekeeper sees me as {0}", myExternalIP);
172 // else set the IP addresses associated with this client 173 // else set the IP addresses associated with this client
173 if (clientIP != null) 174 if (clientIP != null)
174 m_TravelingAgents[agentCircuit.SessionID].ClientIPAddress = clientIP.ToString(); 175 m_TravelingAgents[agentCircuit.SessionID].ClientIPAddress = clientIP.Address.ToString();
175 m_TravelingAgents[agentCircuit.SessionID].MyIpAddress = myExternalIP; 176 m_TravelingAgents[agentCircuit.SessionID].MyIpAddress = myExternalIP;
176 return true; 177 return true;
177 } 178 }