From 2a1e45f65736214a9e8d782be1f92bb78725121f Mon Sep 17 00:00:00 2001 From: Diva Canto Date: Sat, 15 May 2010 19:25:14 -0700 Subject: Finalized the client's TCP IP address verification process for HG1.5. --- OpenSim/Region/Framework/Scenes/Scene.cs | 95 ++++++++++++++++------ OpenSim/Region/Framework/Scenes/SceneBase.cs | 1 + .../Framework/Scenes/Tests/SceneBaseTests.cs | 5 ++ 3 files changed, 77 insertions(+), 24 deletions(-) (limited to 'OpenSim/Region/Framework/Scenes') diff --git a/OpenSim/Region/Framework/Scenes/Scene.cs b/OpenSim/Region/Framework/Scenes/Scene.cs index edbef4c..401551d 100644 --- a/OpenSim/Region/Framework/Scenes/Scene.cs +++ b/OpenSim/Region/Framework/Scenes/Scene.cs @@ -2629,34 +2629,23 @@ namespace OpenSim.Region.Framework.Scenes AgentCircuitData aCircuit = m_authenticateHandler.GetAgentCircuitData(client.CircuitCode); // Do the verification here - System.Net.EndPoint ep = client.GetClientEP(); + System.Net.IPEndPoint ep = (System.Net.IPEndPoint)client.GetClientEP(); if (aCircuit != null) { - if ((aCircuit.teleportFlags & (uint)Constants.TeleportFlags.ViaLogin) != 0) + if (!VerifyClient(aCircuit, ep, out vialogin)) { - m_log.DebugFormat("[Scene]: Incoming client {0} {1} in region {2} via Login", aCircuit.firstname, aCircuit.lastname, RegionInfo.RegionName); - vialogin = true; - IUserAgentVerificationModule userVerification = RequestModuleInterface(); - if (userVerification != null && ep != null) + // uh-oh, this is fishy + m_log.WarnFormat("[Scene]: Agent {0} with session {1} connecting with unidentified end point {2}. Refusing service.", + client.AgentId, client.SessionId, ep.ToString()); + try { - if (!userVerification.VerifyClient(aCircuit, ep.ToString())) - { - // uh-oh, this is fishy - m_log.WarnFormat("[Scene]: Agent {0} with session {1} connecting with unidentified end point {2}. Refusing service.", - client.AgentId, client.SessionId, ep.ToString()); - try - { - client.Close(); - } - catch (Exception e) - { - m_log.DebugFormat("[Scene]: Exception while closing aborted client: {0}", e.StackTrace); - } - return; - } - else - m_log.DebugFormat("[Scene]: User Client Verification for {0} {1} returned true", aCircuit.firstname, aCircuit.lastname); + client.Close(); + } + catch (Exception e) + { + m_log.DebugFormat("[Scene]: Exception while closing aborted client: {0}", e.StackTrace); } + return; } } @@ -2682,7 +2671,65 @@ namespace OpenSim.Region.Framework.Scenes EventManager.TriggerOnClientLogin(client); } - + private bool VerifyClient(AgentCircuitData aCircuit, System.Net.IPEndPoint ep, out bool vialogin) + { + vialogin = false; + + // Do the verification here + if ((aCircuit.teleportFlags & (uint)Constants.TeleportFlags.ViaLogin) != 0) + { + m_log.DebugFormat("[Scene]: Incoming client {0} {1} in region {2} via Login", aCircuit.firstname, aCircuit.lastname, RegionInfo.RegionName); + vialogin = true; + IUserAgentVerificationModule userVerification = RequestModuleInterface(); + if (userVerification != null && ep != null) + { + if (!userVerification.VerifyClient(aCircuit, ep.Address.ToString())) + { + // uh-oh, this is fishy + m_log.DebugFormat("[Scene]: User Client Verification for {0} {1} in {2} returned false", aCircuit.firstname, aCircuit.lastname, RegionInfo.RegionName); + return false; + } + else + m_log.DebugFormat("[Scene]: User Client Verification for {0} {1} in {2} returned true", aCircuit.firstname, aCircuit.lastname, RegionInfo.RegionName); + } + } + + return true; + } + + // Called by Caps, on the first HTTP contact from the client + public override bool CheckClient(UUID agentID, System.Net.IPEndPoint ep) + { + AgentCircuitData aCircuit = m_authenticateHandler.GetAgentCircuitData(agentID); + if (aCircuit != null) + { + bool vialogin = false; + if (!VerifyClient(aCircuit, ep, out vialogin)) + { + // if it doesn't pass, we remove the agentcircuitdata altogether + // and the scene presence and the client, if they exist + try + { + ScenePresence sp = GetScenePresence(agentID); + if (sp != null) + sp.ControllingClient.Close(); + + // BANG! SLASH! + m_authenticateHandler.RemoveCircuit(agentID); + + return false; + } + catch (Exception e) + { + m_log.DebugFormat("[Scene]: Exception while closing aborted client: {0}", e.StackTrace); + } + } + else + return true; + } + + return false; + } /// /// Register for events from the client diff --git a/OpenSim/Region/Framework/Scenes/SceneBase.cs b/OpenSim/Region/Framework/Scenes/SceneBase.cs index 3218dad..bfc19b7 100644 --- a/OpenSim/Region/Framework/Scenes/SceneBase.cs +++ b/OpenSim/Region/Framework/Scenes/SceneBase.cs @@ -536,5 +536,6 @@ namespace OpenSim.Region.Framework.Scenes get { return false; } } + public abstract bool CheckClient(UUID agentID, System.Net.IPEndPoint ep); } } diff --git a/OpenSim/Region/Framework/Scenes/Tests/SceneBaseTests.cs b/OpenSim/Region/Framework/Scenes/Tests/SceneBaseTests.cs index dd9f8f6..42587c1 100644 --- a/OpenSim/Region/Framework/Scenes/Tests/SceneBaseTests.cs +++ b/OpenSim/Region/Framework/Scenes/Tests/SceneBaseTests.cs @@ -70,6 +70,11 @@ namespace OpenSim.Region.Framework.Scenes.Tests { throw new NotImplementedException(); } + + public override bool CheckClient(UUID agentID, System.Net.IPEndPoint ep) + { + throw new NotImplementedException(); + } } [Test] -- cgit v1.1