diff options
author | Diva Canto | 2010-08-19 19:54:40 -0700 |
---|---|---|
committer | Diva Canto | 2010-08-19 21:32:35 -0700 |
commit | 1e389438e2656cc8b5ae7027946f7863d6ffc528 (patch) | |
tree | cdc32bf16284e8c3548218b6bf859b12ed069068 | |
parent | Partial rewrite of client IP verification. Not completely finished yet, and u... (diff) | |
download | opensim-SC_OLD-1e389438e2656cc8b5ae7027946f7863d6ffc528.zip opensim-SC_OLD-1e389438e2656cc8b5ae7027946f7863d6ffc528.tar.gz opensim-SC_OLD-1e389438e2656cc8b5ae7027946f7863d6ffc528.tar.bz2 opensim-SC_OLD-1e389438e2656cc8b5ae7027946f7863d6ffc528.tar.xz |
Finished implementing ViaLogin vs ViaHGLogin. Removed lookup on myipaddress.com. Also removed client IP verification upon UDP connection that had been left there -- we can't do that in general.
-rw-r--r-- | OpenSim/Framework/NetworkUtil.cs | 82 | ||||
-rw-r--r-- | OpenSim/Region/Framework/Scenes/Scene.cs | 52 | ||||
-rw-r--r-- | OpenSim/Services/HypergridService/GatekeeperService.cs | 28 | ||||
-rw-r--r-- | OpenSim/Services/HypergridService/UserAgentService.cs | 5 |
4 files changed, 48 insertions, 119 deletions
diff --git a/OpenSim/Framework/NetworkUtil.cs b/OpenSim/Framework/NetworkUtil.cs index 831ff70..2e94b0d 100644 --- a/OpenSim/Framework/NetworkUtil.cs +++ b/OpenSim/Framework/NetworkUtil.cs | |||
@@ -181,18 +181,10 @@ namespace OpenSim.Framework | |||
181 | throw new ArgumentException("[NetworkUtil] Unable to resolve defaultHostname to an IPv4 address for an IPv4 client"); | 181 | throw new ArgumentException("[NetworkUtil] Unable to resolve defaultHostname to an IPv4 address for an IPv4 client"); |
182 | } | 182 | } |
183 | 183 | ||
184 | static IPAddress externalIPAddress; | ||
185 | |||
186 | static NetworkUtil() | 184 | static NetworkUtil() |
187 | { | 185 | { |
188 | try | 186 | try |
189 | { | 187 | { |
190 | externalIPAddress = GetExternalIP(); | ||
191 | } | ||
192 | catch { /* ignore */ } | ||
193 | |||
194 | try | ||
195 | { | ||
196 | foreach (NetworkInterface ni in NetworkInterface.GetAllNetworkInterfaces()) | 188 | foreach (NetworkInterface ni in NetworkInterface.GetAllNetworkInterfaces()) |
197 | { | 189 | { |
198 | foreach (UnicastIPAddressInformation address in ni.GetIPProperties().UnicastAddresses) | 190 | foreach (UnicastIPAddressInformation address in ni.GetIPProperties().UnicastAddresses) |
@@ -254,79 +246,5 @@ namespace OpenSim.Framework | |||
254 | return defaultHostname; | 246 | return defaultHostname; |
255 | } | 247 | } |
256 | 248 | ||
257 | public static IPAddress GetExternalIPOf(IPAddress user) | ||
258 | { | ||
259 | if (externalIPAddress == null) | ||
260 | return user; | ||
261 | |||
262 | if (user.ToString() == "127.0.0.1") | ||
263 | { | ||
264 | m_log.Info("[NetworkUtil] 127.0.0.1 user detected, sending '" + externalIPAddress + "' instead of '" + user + "'"); | ||
265 | return externalIPAddress; | ||
266 | } | ||
267 | // Check if we're accessing localhost. | ||
268 | foreach (IPAddress host in Dns.GetHostAddresses(Dns.GetHostName())) | ||
269 | { | ||
270 | if (host.Equals(user) && host.AddressFamily == AddressFamily.InterNetwork) | ||
271 | { | ||
272 | m_log.Info("[NetworkUtil] Localhost user detected, sending '" + externalIPAddress + "' instead of '" + user + "'"); | ||
273 | return externalIPAddress; | ||
274 | } | ||
275 | } | ||
276 | |||
277 | // Check for same LAN segment | ||
278 | foreach (KeyValuePair<IPAddress, IPAddress> subnet in m_subnets) | ||
279 | { | ||
280 | byte[] subnetBytes = subnet.Value.GetAddressBytes(); | ||
281 | byte[] localBytes = subnet.Key.GetAddressBytes(); | ||
282 | byte[] destBytes = user.GetAddressBytes(); | ||
283 | |||
284 | if (subnetBytes.Length != destBytes.Length || subnetBytes.Length != localBytes.Length) | ||
285 | return user; | ||
286 | |||
287 | bool valid = true; | ||
288 | |||
289 | for (int i = 0; i < subnetBytes.Length; i++) | ||
290 | { | ||
291 | if ((localBytes[i] & subnetBytes[i]) != (destBytes[i] & subnetBytes[i])) | ||
292 | { | ||
293 | valid = false; | ||
294 | break; | ||
295 | } | ||
296 | } | ||
297 | |||
298 | if (subnet.Key.AddressFamily != AddressFamily.InterNetwork) | ||
299 | valid = false; | ||
300 | |||
301 | if (valid) | ||
302 | { | ||
303 | m_log.Info("[NetworkUtil] Local LAN user detected, sending '" + externalIPAddress + "' instead of '" + user + "'"); | ||
304 | return externalIPAddress; | ||
305 | } | ||
306 | } | ||
307 | |||
308 | // Otherwise, return user address | ||
309 | return user; | ||
310 | } | ||
311 | |||
312 | private static IPAddress GetExternalIP() | ||
313 | { | ||
314 | string whatIsMyIp = "http://www.whatismyip.com/automation/n09230945.asp"; | ||
315 | WebClient wc = new WebClient(); | ||
316 | UTF8Encoding utf8 = new UTF8Encoding(); | ||
317 | string requestHtml = ""; | ||
318 | try | ||
319 | { | ||
320 | requestHtml = utf8.GetString(wc.DownloadData(whatIsMyIp)); | ||
321 | } | ||
322 | catch (WebException we) | ||
323 | { | ||
324 | m_log.Info("[NetworkUtil]: Exception in GetExternalIP: " + we.ToString()); | ||
325 | return null; | ||
326 | } | ||
327 | |||
328 | IPAddress externalIp = IPAddress.Parse(requestHtml); | ||
329 | return externalIp; | ||
330 | } | ||
331 | } | 249 | } |
332 | } | 250 | } |
diff --git a/OpenSim/Region/Framework/Scenes/Scene.cs b/OpenSim/Region/Framework/Scenes/Scene.cs index f1828da..455e163 100644 --- a/OpenSim/Region/Framework/Scenes/Scene.cs +++ b/OpenSim/Region/Framework/Scenes/Scene.cs | |||
@@ -2673,26 +2673,26 @@ namespace OpenSim.Region.Framework.Scenes | |||
2673 | { | 2673 | { |
2674 | AgentCircuitData aCircuit = m_authenticateHandler.GetAgentCircuitData(client.CircuitCode); | 2674 | AgentCircuitData aCircuit = m_authenticateHandler.GetAgentCircuitData(client.CircuitCode); |
2675 | 2675 | ||
2676 | // Do the verification here | 2676 | //// Do the verification here -- No, really don't do this here. This is UDP address, let it go. |
2677 | System.Net.IPEndPoint ep = (System.Net.IPEndPoint)client.GetClientEP(); | 2677 | //System.Net.IPEndPoint ep = (System.Net.IPEndPoint)client.GetClientEP(); |
2678 | if (aCircuit != null) | 2678 | //if (aCircuit != null) |
2679 | { | 2679 | //{ |
2680 | if (!VerifyClient(aCircuit, ep, out vialogin)) | 2680 | // if (!VerifyClient(aCircuit, ep, out vialogin)) |
2681 | { | 2681 | // { |
2682 | // uh-oh, this is fishy | 2682 | // // uh-oh, this is fishy |
2683 | m_log.WarnFormat("[Scene]: Agent {0} with session {1} connecting with unidentified end point {2}. Refusing service.", | 2683 | // m_log.WarnFormat("[SCENE]: Agent {0} with session {1} connecting with unidentified end point {2}. Refusing service.", |
2684 | client.AgentId, client.SessionId, ep.ToString()); | 2684 | // client.AgentId, client.SessionId, ep.ToString()); |
2685 | try | 2685 | // try |
2686 | { | 2686 | // { |
2687 | client.Close(); | 2687 | // client.Close(); |
2688 | } | 2688 | // } |
2689 | catch (Exception e) | 2689 | // catch (Exception e) |
2690 | { | 2690 | // { |
2691 | m_log.DebugFormat("[Scene]: Exception while closing aborted client: {0}", e.StackTrace); | 2691 | // m_log.DebugFormat("[SCENE]: Exception while closing aborted client: {0}", e.StackTrace); |
2692 | } | 2692 | // } |
2693 | return; | 2693 | // return; |
2694 | } | 2694 | // } |
2695 | } | 2695 | //} |
2696 | 2696 | ||
2697 | m_log.Debug("[Scene] Adding new agent " + client.Name + " to scene " + RegionInfo.RegionName); | 2697 | m_log.Debug("[Scene] Adding new agent " + client.Name + " to scene " + RegionInfo.RegionName); |
2698 | 2698 | ||
@@ -2721,16 +2721,14 @@ namespace OpenSim.Region.Framework.Scenes | |||
2721 | vialogin = false; | 2721 | vialogin = false; |
2722 | 2722 | ||
2723 | // Do the verification here | 2723 | // Do the verification here |
2724 | if ((aCircuit.teleportFlags & (uint)Constants.TeleportFlags.ViaLogin) != 0) | 2724 | if ((aCircuit.teleportFlags & (uint)Constants.TeleportFlags.ViaHGLogin) != 0) |
2725 | { | 2725 | { |
2726 | m_log.DebugFormat("[Scene]: Incoming client {0} {1} in region {2} via Login", aCircuit.firstname, aCircuit.lastname, RegionInfo.RegionName); | 2726 | m_log.DebugFormat("[SCENE]: Incoming client {0} {1} in region {2} via HG login", aCircuit.firstname, aCircuit.lastname, RegionInfo.RegionName); |
2727 | vialogin = true; | 2727 | vialogin = true; |
2728 | IUserAgentVerificationModule userVerification = RequestModuleInterface<IUserAgentVerificationModule>(); | 2728 | IUserAgentVerificationModule userVerification = RequestModuleInterface<IUserAgentVerificationModule>(); |
2729 | if (userVerification != null && ep != null) | 2729 | if (userVerification != null && ep != null) |
2730 | { | 2730 | { |
2731 | System.Net.IPAddress addr = NetworkUtil.GetExternalIPOf(ep.Address); | 2731 | if (!userVerification.VerifyClient(aCircuit, ep.Address.ToString())) |
2732 | |||
2733 | if (!userVerification.VerifyClient(aCircuit, /*ep.Address.ToString() */ addr.ToString())) | ||
2734 | { | 2732 | { |
2735 | // uh-oh, this is fishy | 2733 | // uh-oh, this is fishy |
2736 | m_log.DebugFormat("[Scene]: User Client Verification for {0} {1} in {2} returned false", aCircuit.firstname, aCircuit.lastname, RegionInfo.RegionName); | 2734 | m_log.DebugFormat("[Scene]: User Client Verification for {0} {1} in {2} returned false", aCircuit.firstname, aCircuit.lastname, RegionInfo.RegionName); |
@@ -2741,6 +2739,10 @@ namespace OpenSim.Region.Framework.Scenes | |||
2741 | } | 2739 | } |
2742 | } | 2740 | } |
2743 | 2741 | ||
2742 | else if ((aCircuit.teleportFlags & (uint)Constants.TeleportFlags.ViaLogin) != 0) | ||
2743 | m_log.DebugFormat("[SCENE]: Incoming client {0} {1} in region {2} via regular login. Client IP verification not performed.", | ||
2744 | aCircuit.firstname, aCircuit.lastname, RegionInfo.RegionName); | ||
2745 | |||
2744 | return true; | 2746 | return true; |
2745 | } | 2747 | } |
2746 | 2748 | ||
diff --git a/OpenSim/Services/HypergridService/GatekeeperService.cs b/OpenSim/Services/HypergridService/GatekeeperService.cs index 6f041da..3f5c4f1 100644 --- a/OpenSim/Services/HypergridService/GatekeeperService.cs +++ b/OpenSim/Services/HypergridService/GatekeeperService.cs | |||
@@ -225,17 +225,23 @@ namespace OpenSim.Services.HypergridService | |||
225 | 225 | ||
226 | // May want to authorize | 226 | // May want to authorize |
227 | 227 | ||
228 | bool isFirstLogin = false; | ||
228 | // | 229 | // |
229 | // Login the presence | 230 | // Login the presence, if it's not there yet (by the login service) |
230 | // | 231 | // |
231 | if (!m_PresenceService.LoginAgent(aCircuit.AgentID.ToString(), aCircuit.SessionID, aCircuit.SecureSessionID)) | 232 | PresenceInfo presence = m_PresenceService.GetAgent(aCircuit.SessionID); |
232 | { | 233 | if (presence != null) // it has been placed there by the login service |
233 | reason = "Unable to login presence"; | 234 | isFirstLogin = true; |
234 | m_log.InfoFormat("[GATEKEEPER SERVICE]: Presence login failed for foreign agent {0} {1}. Refusing service.", | 235 | |
235 | aCircuit.firstname, aCircuit.lastname); | 236 | else |
236 | return false; | 237 | if (!m_PresenceService.LoginAgent(aCircuit.AgentID.ToString(), aCircuit.SessionID, aCircuit.SecureSessionID)) |
237 | } | 238 | { |
238 | m_log.DebugFormat("[GATEKEEPER SERVICE]: Login presence ok"); | 239 | reason = "Unable to login presence"; |
240 | m_log.InfoFormat("[GATEKEEPER SERVICE]: Presence login failed for foreign agent {0} {1}. Refusing service.", | ||
241 | aCircuit.firstname, aCircuit.lastname); | ||
242 | return false; | ||
243 | } | ||
244 | m_log.DebugFormat("[GATEKEEPER SERVICE]: Login presence ok"); | ||
239 | 245 | ||
240 | // | 246 | // |
241 | // Get the region | 247 | // Get the region |
@@ -274,7 +280,9 @@ namespace OpenSim.Services.HypergridService | |||
274 | // | 280 | // |
275 | // Finally launch the agent at the destination | 281 | // Finally launch the agent at the destination |
276 | // | 282 | // |
277 | return m_SimulationService.CreateAgent(destination, aCircuit, (uint)Constants.TeleportFlags.ViaLogin, out reason); | 283 | Constants.TeleportFlags loginFlag = isFirstLogin ? Constants.TeleportFlags.ViaLogin : Constants.TeleportFlags.ViaHGLogin; |
284 | m_log.DebugFormat("[GATEKEEPER SERVICE]: launching agent {0}", loginFlag); | ||
285 | return m_SimulationService.CreateAgent(destination, aCircuit, (uint)loginFlag, out reason); | ||
278 | } | 286 | } |
279 | 287 | ||
280 | protected bool Authenticate(AgentCircuitData aCircuit) | 288 | protected bool Authenticate(AgentCircuitData aCircuit) |
diff --git a/OpenSim/Services/HypergridService/UserAgentService.cs b/OpenSim/Services/HypergridService/UserAgentService.cs index 6b14e21..8c3be70 100644 --- a/OpenSim/Services/HypergridService/UserAgentService.cs +++ b/OpenSim/Services/HypergridService/UserAgentService.cs | |||
@@ -134,7 +134,7 @@ namespace OpenSim.Services.HypergridService | |||
134 | public bool LoginAgentToGrid(AgentCircuitData agentCircuit, GridRegion gatekeeper, GridRegion finalDestination, IPEndPoint clientIP, out string reason) | 134 | public bool LoginAgentToGrid(AgentCircuitData agentCircuit, GridRegion gatekeeper, GridRegion finalDestination, IPEndPoint clientIP, out string reason) |
135 | { | 135 | { |
136 | m_log.DebugFormat("[USER AGENT SERVICE]: Request to login user {0} {1} (@{2}) to grid {3}", | 136 | m_log.DebugFormat("[USER AGENT SERVICE]: Request to login user {0} {1} (@{2}) to grid {3}", |
137 | agentCircuit.firstname, agentCircuit.lastname, ((clientIP == null) ? "(stored IP)" : clientIP.ToString()), | 137 | agentCircuit.firstname, agentCircuit.lastname, ((clientIP == null) ? "stored IP" : clientIP.Address.ToString()), |
138 | gatekeeper.ExternalHostName +":"+ gatekeeper.HttpPort); | 138 | gatekeeper.ExternalHostName +":"+ gatekeeper.HttpPort); |
139 | 139 | ||
140 | // Take the IP address + port of the gatekeeper (reg) plus the info of finalDestination | 140 | // Take the IP address + port of the gatekeeper (reg) plus the info of finalDestination |
@@ -169,9 +169,10 @@ namespace OpenSim.Services.HypergridService | |||
169 | return false; | 169 | return false; |
170 | } | 170 | } |
171 | 171 | ||
172 | m_log.DebugFormat("[USER AGENT SERVICE]: Gatekeeper sees me as {0}", myExternalIP); | ||
172 | // else set the IP addresses associated with this client | 173 | // else set the IP addresses associated with this client |
173 | if (clientIP != null) | 174 | if (clientIP != null) |
174 | m_TravelingAgents[agentCircuit.SessionID].ClientIPAddress = clientIP.ToString(); | 175 | m_TravelingAgents[agentCircuit.SessionID].ClientIPAddress = clientIP.Address.ToString(); |
175 | m_TravelingAgents[agentCircuit.SessionID].MyIpAddress = myExternalIP; | 176 | m_TravelingAgents[agentCircuit.SessionID].MyIpAddress = myExternalIP; |
176 | return true; | 177 | return true; |
177 | } | 178 | } |