diff options
author | Diva Canto | 2010-08-19 19:54:40 -0700 |
---|---|---|
committer | Diva Canto | 2010-08-19 19:54:40 -0700 |
commit | a39ea07158756a76757d4b616c60cbcedf06f268 (patch) | |
tree | 59438c64692b850dc09f96e2658e9f4d77b36a9d | |
parent | Partial rewrite of client IP verification. Not completely finished yet, and u... (diff) | |
download | opensim-SC_OLD-a39ea07158756a76757d4b616c60cbcedf06f268.zip opensim-SC_OLD-a39ea07158756a76757d4b616c60cbcedf06f268.tar.gz opensim-SC_OLD-a39ea07158756a76757d4b616c60cbcedf06f268.tar.bz2 opensim-SC_OLD-a39ea07158756a76757d4b616c60cbcedf06f268.tar.xz |
Finished implementing ViaLogin vs ViaHGLogin. Removed lookup on myipaddress.com. Also removed client IP verification upon UDP connection that had been left there -- we can't do that in general.
-rw-r--r-- | OpenSim/Framework/NetworkUtil.cs | 82 | ||||
-rw-r--r-- | OpenSim/Region/Framework/Scenes/Scene.cs | 52 | ||||
-rw-r--r-- | OpenSim/Services/HypergridService/GatekeeperService.cs | 28 | ||||
-rw-r--r-- | OpenSim/Services/HypergridService/UserAgentService.cs | 5 |
4 files changed, 48 insertions, 119 deletions
diff --git a/OpenSim/Framework/NetworkUtil.cs b/OpenSim/Framework/NetworkUtil.cs index 831ff70..2e94b0d 100644 --- a/OpenSim/Framework/NetworkUtil.cs +++ b/OpenSim/Framework/NetworkUtil.cs | |||
@@ -181,18 +181,10 @@ namespace OpenSim.Framework | |||
181 | throw new ArgumentException("[NetworkUtil] Unable to resolve defaultHostname to an IPv4 address for an IPv4 client"); | 181 | throw new ArgumentException("[NetworkUtil] Unable to resolve defaultHostname to an IPv4 address for an IPv4 client"); |
182 | } | 182 | } |
183 | 183 | ||
184 | static IPAddress externalIPAddress; | ||
185 | |||
186 | static NetworkUtil() | 184 | static NetworkUtil() |
187 | { | 185 | { |
188 | try | 186 | try |
189 | { | 187 | { |
190 | externalIPAddress = GetExternalIP(); | ||
191 | } | ||
192 | catch { /* ignore */ } | ||
193 | |||
194 | try | ||
195 | { | ||
196 | foreach (NetworkInterface ni in NetworkInterface.GetAllNetworkInterfaces()) | 188 | foreach (NetworkInterface ni in NetworkInterface.GetAllNetworkInterfaces()) |
197 | { | 189 | { |
198 | foreach (UnicastIPAddressInformation address in ni.GetIPProperties().UnicastAddresses) | 190 | foreach (UnicastIPAddressInformation address in ni.GetIPProperties().UnicastAddresses) |
@@ -254,79 +246,5 @@ namespace OpenSim.Framework | |||
254 | return defaultHostname; | 246 | return defaultHostname; |
255 | } | 247 | } |
256 | 248 | ||
257 | public static IPAddress GetExternalIPOf(IPAddress user) | ||
258 | { | ||
259 | if (externalIPAddress == null) | ||
260 | return user; | ||
261 | |||
262 | if (user.ToString() == "127.0.0.1") | ||
263 | { | ||
264 | m_log.Info("[NetworkUtil] 127.0.0.1 user detected, sending '" + externalIPAddress + "' instead of '" + user + "'"); | ||
265 | return externalIPAddress; | ||
266 | } | ||
267 | // Check if we're accessing localhost. | ||
268 | foreach (IPAddress host in Dns.GetHostAddresses(Dns.GetHostName())) | ||
269 | { | ||
270 | if (host.Equals(user) && host.AddressFamily == AddressFamily.InterNetwork) | ||
271 | { | ||
272 | m_log.Info("[NetworkUtil] Localhost user detected, sending '" + externalIPAddress + "' instead of '" + user + "'"); | ||
273 | return externalIPAddress; | ||
274 | } | ||
275 | } | ||
276 | |||
277 | // Check for same LAN segment | ||
278 | foreach (KeyValuePair<IPAddress, IPAddress> subnet in m_subnets) | ||
279 | { | ||
280 | byte[] subnetBytes = subnet.Value.GetAddressBytes(); | ||
281 | byte[] localBytes = subnet.Key.GetAddressBytes(); | ||
282 | byte[] destBytes = user.GetAddressBytes(); | ||
283 | |||
284 | if (subnetBytes.Length != destBytes.Length || subnetBytes.Length != localBytes.Length) | ||
285 | return user; | ||
286 | |||
287 | bool valid = true; | ||
288 | |||
289 | for (int i = 0; i < subnetBytes.Length; i++) | ||
290 | { | ||
291 | if ((localBytes[i] & subnetBytes[i]) != (destBytes[i] & subnetBytes[i])) | ||
292 | { | ||
293 | valid = false; | ||
294 | break; | ||
295 | } | ||
296 | } | ||
297 | |||
298 | if (subnet.Key.AddressFamily != AddressFamily.InterNetwork) | ||
299 | valid = false; | ||
300 | |||
301 | if (valid) | ||
302 | { | ||
303 | m_log.Info("[NetworkUtil] Local LAN user detected, sending '" + externalIPAddress + "' instead of '" + user + "'"); | ||
304 | return externalIPAddress; | ||
305 | } | ||
306 | } | ||
307 | |||
308 | // Otherwise, return user address | ||
309 | return user; | ||
310 | } | ||
311 | |||
312 | private static IPAddress GetExternalIP() | ||
313 | { | ||
314 | string whatIsMyIp = "http://www.whatismyip.com/automation/n09230945.asp"; | ||
315 | WebClient wc = new WebClient(); | ||
316 | UTF8Encoding utf8 = new UTF8Encoding(); | ||
317 | string requestHtml = ""; | ||
318 | try | ||
319 | { | ||
320 | requestHtml = utf8.GetString(wc.DownloadData(whatIsMyIp)); | ||
321 | } | ||
322 | catch (WebException we) | ||
323 | { | ||
324 | m_log.Info("[NetworkUtil]: Exception in GetExternalIP: " + we.ToString()); | ||
325 | return null; | ||
326 | } | ||
327 | |||
328 | IPAddress externalIp = IPAddress.Parse(requestHtml); | ||
329 | return externalIp; | ||
330 | } | ||
331 | } | 249 | } |
332 | } | 250 | } |
diff --git a/OpenSim/Region/Framework/Scenes/Scene.cs b/OpenSim/Region/Framework/Scenes/Scene.cs index 18705a8..e742b55 100644 --- a/OpenSim/Region/Framework/Scenes/Scene.cs +++ b/OpenSim/Region/Framework/Scenes/Scene.cs | |||
@@ -2507,26 +2507,26 @@ namespace OpenSim.Region.Framework.Scenes | |||
2507 | { | 2507 | { |
2508 | AgentCircuitData aCircuit = m_authenticateHandler.GetAgentCircuitData(client.CircuitCode); | 2508 | AgentCircuitData aCircuit = m_authenticateHandler.GetAgentCircuitData(client.CircuitCode); |
2509 | 2509 | ||
2510 | // Do the verification here | 2510 | //// Do the verification here -- No, really don't do this here. This is UDP address, let it go. |
2511 | System.Net.IPEndPoint ep = (System.Net.IPEndPoint)client.GetClientEP(); | 2511 | //System.Net.IPEndPoint ep = (System.Net.IPEndPoint)client.GetClientEP(); |
2512 | if (aCircuit != null) | 2512 | //if (aCircuit != null) |
2513 | { | 2513 | //{ |
2514 | if (!VerifyClient(aCircuit, ep, out vialogin)) | 2514 | // if (!VerifyClient(aCircuit, ep, out vialogin)) |
2515 | { | 2515 | // { |
2516 | // uh-oh, this is fishy | 2516 | // // uh-oh, this is fishy |
2517 | m_log.WarnFormat("[SCENE]: Agent {0} with session {1} connecting with unidentified end point {2}. Refusing service.", | 2517 | // m_log.WarnFormat("[SCENE]: Agent {0} with session {1} connecting with unidentified end point {2}. Refusing service.", |
2518 | client.AgentId, client.SessionId, ep.ToString()); | 2518 | // client.AgentId, client.SessionId, ep.ToString()); |
2519 | try | 2519 | // try |
2520 | { | 2520 | // { |
2521 | client.Close(); | 2521 | // client.Close(); |
2522 | } | 2522 | // } |
2523 | catch (Exception e) | 2523 | // catch (Exception e) |
2524 | { | 2524 | // { |
2525 | m_log.DebugFormat("[SCENE]: Exception while closing aborted client: {0}", e.StackTrace); | 2525 | // m_log.DebugFormat("[SCENE]: Exception while closing aborted client: {0}", e.StackTrace); |
2526 | } | 2526 | // } |
2527 | return; | 2527 | // return; |
2528 | } | 2528 | // } |
2529 | } | 2529 | //} |
2530 | 2530 | ||
2531 | m_log.Debug("[SCENE]: Adding new agent " + client.Name + " to scene " + RegionInfo.RegionName); | 2531 | m_log.Debug("[SCENE]: Adding new agent " + client.Name + " to scene " + RegionInfo.RegionName); |
2532 | 2532 | ||
@@ -2555,16 +2555,14 @@ namespace OpenSim.Region.Framework.Scenes | |||
2555 | vialogin = false; | 2555 | vialogin = false; |
2556 | 2556 | ||
2557 | // Do the verification here | 2557 | // Do the verification here |
2558 | if ((aCircuit.teleportFlags & (uint)Constants.TeleportFlags.ViaLogin) != 0) | 2558 | if ((aCircuit.teleportFlags & (uint)Constants.TeleportFlags.ViaHGLogin) != 0) |
2559 | { | 2559 | { |
2560 | m_log.DebugFormat("[SCENE]: Incoming client {0} {1} in region {2} via Login", aCircuit.firstname, aCircuit.lastname, RegionInfo.RegionName); | 2560 | m_log.DebugFormat("[SCENE]: Incoming client {0} {1} in region {2} via HG login", aCircuit.firstname, aCircuit.lastname, RegionInfo.RegionName); |
2561 | vialogin = true; | 2561 | vialogin = true; |
2562 | IUserAgentVerificationModule userVerification = RequestModuleInterface<IUserAgentVerificationModule>(); | 2562 | IUserAgentVerificationModule userVerification = RequestModuleInterface<IUserAgentVerificationModule>(); |
2563 | if (userVerification != null && ep != null) | 2563 | if (userVerification != null && ep != null) |
2564 | { | 2564 | { |
2565 | System.Net.IPAddress addr = NetworkUtil.GetExternalIPOf(ep.Address); | 2565 | if (!userVerification.VerifyClient(aCircuit, ep.Address.ToString())) |
2566 | |||
2567 | if (!userVerification.VerifyClient(aCircuit, /*ep.Address.ToString() */ addr.ToString())) | ||
2568 | { | 2566 | { |
2569 | // uh-oh, this is fishy | 2567 | // uh-oh, this is fishy |
2570 | m_log.DebugFormat("[SCENE]: User Client Verification for {0} {1} in {2} returned false", aCircuit.firstname, aCircuit.lastname, RegionInfo.RegionName); | 2568 | m_log.DebugFormat("[SCENE]: User Client Verification for {0} {1} in {2} returned false", aCircuit.firstname, aCircuit.lastname, RegionInfo.RegionName); |
@@ -2575,6 +2573,10 @@ namespace OpenSim.Region.Framework.Scenes | |||
2575 | } | 2573 | } |
2576 | } | 2574 | } |
2577 | 2575 | ||
2576 | else if ((aCircuit.teleportFlags & (uint)Constants.TeleportFlags.ViaLogin) != 0) | ||
2577 | m_log.DebugFormat("[SCENE]: Incoming client {0} {1} in region {2} via regular login. Client IP verification not performed.", | ||
2578 | aCircuit.firstname, aCircuit.lastname, RegionInfo.RegionName); | ||
2579 | |||
2578 | return true; | 2580 | return true; |
2579 | } | 2581 | } |
2580 | 2582 | ||
diff --git a/OpenSim/Services/HypergridService/GatekeeperService.cs b/OpenSim/Services/HypergridService/GatekeeperService.cs index 6f041da..3f5c4f1 100644 --- a/OpenSim/Services/HypergridService/GatekeeperService.cs +++ b/OpenSim/Services/HypergridService/GatekeeperService.cs | |||
@@ -225,17 +225,23 @@ namespace OpenSim.Services.HypergridService | |||
225 | 225 | ||
226 | // May want to authorize | 226 | // May want to authorize |
227 | 227 | ||
228 | bool isFirstLogin = false; | ||
228 | // | 229 | // |
229 | // Login the presence | 230 | // Login the presence, if it's not there yet (by the login service) |
230 | // | 231 | // |
231 | if (!m_PresenceService.LoginAgent(aCircuit.AgentID.ToString(), aCircuit.SessionID, aCircuit.SecureSessionID)) | 232 | PresenceInfo presence = m_PresenceService.GetAgent(aCircuit.SessionID); |
232 | { | 233 | if (presence != null) // it has been placed there by the login service |
233 | reason = "Unable to login presence"; | 234 | isFirstLogin = true; |
234 | m_log.InfoFormat("[GATEKEEPER SERVICE]: Presence login failed for foreign agent {0} {1}. Refusing service.", | 235 | |
235 | aCircuit.firstname, aCircuit.lastname); | 236 | else |
236 | return false; | 237 | if (!m_PresenceService.LoginAgent(aCircuit.AgentID.ToString(), aCircuit.SessionID, aCircuit.SecureSessionID)) |
237 | } | 238 | { |
238 | m_log.DebugFormat("[GATEKEEPER SERVICE]: Login presence ok"); | 239 | reason = "Unable to login presence"; |
240 | m_log.InfoFormat("[GATEKEEPER SERVICE]: Presence login failed for foreign agent {0} {1}. Refusing service.", | ||
241 | aCircuit.firstname, aCircuit.lastname); | ||
242 | return false; | ||
243 | } | ||
244 | m_log.DebugFormat("[GATEKEEPER SERVICE]: Login presence ok"); | ||
239 | 245 | ||
240 | // | 246 | // |
241 | // Get the region | 247 | // Get the region |
@@ -274,7 +280,9 @@ namespace OpenSim.Services.HypergridService | |||
274 | // | 280 | // |
275 | // Finally launch the agent at the destination | 281 | // Finally launch the agent at the destination |
276 | // | 282 | // |
277 | return m_SimulationService.CreateAgent(destination, aCircuit, (uint)Constants.TeleportFlags.ViaLogin, out reason); | 283 | Constants.TeleportFlags loginFlag = isFirstLogin ? Constants.TeleportFlags.ViaLogin : Constants.TeleportFlags.ViaHGLogin; |
284 | m_log.DebugFormat("[GATEKEEPER SERVICE]: launching agent {0}", loginFlag); | ||
285 | return m_SimulationService.CreateAgent(destination, aCircuit, (uint)loginFlag, out reason); | ||
278 | } | 286 | } |
279 | 287 | ||
280 | protected bool Authenticate(AgentCircuitData aCircuit) | 288 | protected bool Authenticate(AgentCircuitData aCircuit) |
diff --git a/OpenSim/Services/HypergridService/UserAgentService.cs b/OpenSim/Services/HypergridService/UserAgentService.cs index 6b14e21..8c3be70 100644 --- a/OpenSim/Services/HypergridService/UserAgentService.cs +++ b/OpenSim/Services/HypergridService/UserAgentService.cs | |||
@@ -134,7 +134,7 @@ namespace OpenSim.Services.HypergridService | |||
134 | public bool LoginAgentToGrid(AgentCircuitData agentCircuit, GridRegion gatekeeper, GridRegion finalDestination, IPEndPoint clientIP, out string reason) | 134 | public bool LoginAgentToGrid(AgentCircuitData agentCircuit, GridRegion gatekeeper, GridRegion finalDestination, IPEndPoint clientIP, out string reason) |
135 | { | 135 | { |
136 | m_log.DebugFormat("[USER AGENT SERVICE]: Request to login user {0} {1} (@{2}) to grid {3}", | 136 | m_log.DebugFormat("[USER AGENT SERVICE]: Request to login user {0} {1} (@{2}) to grid {3}", |
137 | agentCircuit.firstname, agentCircuit.lastname, ((clientIP == null) ? "(stored IP)" : clientIP.ToString()), | 137 | agentCircuit.firstname, agentCircuit.lastname, ((clientIP == null) ? "stored IP" : clientIP.Address.ToString()), |
138 | gatekeeper.ExternalHostName +":"+ gatekeeper.HttpPort); | 138 | gatekeeper.ExternalHostName +":"+ gatekeeper.HttpPort); |
139 | 139 | ||
140 | // Take the IP address + port of the gatekeeper (reg) plus the info of finalDestination | 140 | // Take the IP address + port of the gatekeeper (reg) plus the info of finalDestination |
@@ -169,9 +169,10 @@ namespace OpenSim.Services.HypergridService | |||
169 | return false; | 169 | return false; |
170 | } | 170 | } |
171 | 171 | ||
172 | m_log.DebugFormat("[USER AGENT SERVICE]: Gatekeeper sees me as {0}", myExternalIP); | ||
172 | // else set the IP addresses associated with this client | 173 | // else set the IP addresses associated with this client |
173 | if (clientIP != null) | 174 | if (clientIP != null) |
174 | m_TravelingAgents[agentCircuit.SessionID].ClientIPAddress = clientIP.ToString(); | 175 | m_TravelingAgents[agentCircuit.SessionID].ClientIPAddress = clientIP.Address.ToString(); |
175 | m_TravelingAgents[agentCircuit.SessionID].MyIpAddress = myExternalIP; | 176 | m_TravelingAgents[agentCircuit.SessionID].MyIpAddress = myExternalIP; |
176 | return true; | 177 | return true; |
177 | } | 178 | } |