From 3d536944153d4931cf891d6a788a47484f3e6f4d Mon Sep 17 00:00:00 2001 From: Diva Canto Date: Mon, 18 Jan 2010 16:34:23 -0800 Subject: Go Home works. With security!! --- .../Services/HypergridService/GatekeeperService.cs | 53 +++++++++++------ .../HypergridService/HomeUsersSecurityService.cs | 67 ++++++++++++++++++++++ 2 files changed, 104 insertions(+), 16 deletions(-) create mode 100644 OpenSim/Services/HypergridService/HomeUsersSecurityService.cs (limited to 'OpenSim/Services/HypergridService') diff --git a/OpenSim/Services/HypergridService/GatekeeperService.cs b/OpenSim/Services/HypergridService/GatekeeperService.cs index 55d9ce1..169cfa3 100644 --- a/OpenSim/Services/HypergridService/GatekeeperService.cs +++ b/OpenSim/Services/HypergridService/GatekeeperService.cs @@ -27,6 +27,7 @@ using System; using System.Collections.Generic; +using System.Net; using System.Reflection; using OpenSim.Framework; @@ -51,6 +52,7 @@ namespace OpenSim.Services.HypergridService IPresenceService m_PresenceService; IAuthenticationService m_AuthenticationService; IUserAccountService m_UserAccountService; + IHomeUsersSecurityService m_HomeUsersSecurityService; ISimulationService m_SimulationService; string m_AuthDll; @@ -66,14 +68,15 @@ namespace OpenSim.Services.HypergridService throw new Exception(String.Format("No section GatekeeperService in config file")); string accountService = serverConfig.GetString("UserAccountService", String.Empty); + string homeUsersSecurityService = serverConfig.GetString("HomeUsersSecurityService", string.Empty); string gridService = serverConfig.GetString("GridService", String.Empty); string presenceService = serverConfig.GetString("PresenceService", String.Empty); string simulationService = serverConfig.GetString("SimulationService", String.Empty); m_AuthDll = serverConfig.GetString("AuthenticationService", String.Empty); - if (accountService == string.Empty || gridService == string.Empty || - presenceService == string.Empty || m_AuthDll == string.Empty) + // These 3 are mandatory, the others aren't + if (gridService == string.Empty || presenceService == string.Empty || m_AuthDll == string.Empty) throw new Exception("Incomplete specifications, Gatekeeper Service cannot function."); string scope = serverConfig.GetString("ScopeID", UUID.Zero.ToString()); @@ -82,16 +85,20 @@ namespace OpenSim.Services.HypergridService m_AllowTeleportsToAnyRegion = serverConfig.GetBoolean("AllowTeleportsToAnyRegion", true); Object[] args = new Object[] { config }; - m_UserAccountService = ServerUtils.LoadPlugin(accountService, args); m_GridService = ServerUtils.LoadPlugin(gridService, args); m_PresenceService = ServerUtils.LoadPlugin(presenceService, args); + + if (accountService != string.Empty) + m_UserAccountService = ServerUtils.LoadPlugin(accountService, args); + if (homeUsersSecurityService != string.Empty) + m_HomeUsersSecurityService = ServerUtils.LoadPlugin(homeUsersSecurityService, args); + if (simService != null) m_SimulationService = simService; else if (simulationService != string.Empty) m_SimulationService = ServerUtils.LoadPlugin(simulationService, args); - if (m_UserAccountService == null || m_GridService == null || - m_PresenceService == null || m_SimulationService == null) + if (m_GridService == null || m_PresenceService == null || m_SimulationService == null) throw new Exception("Unable to load a required plugin, Gatekeeper Service cannot function."); m_log.Debug("[GATEKEEPER SERVICE]: Starting..."); @@ -183,17 +190,31 @@ namespace OpenSim.Services.HypergridService } m_log.DebugFormat("[GATEKEEPER SERVICE]: Identity verified for {0} {1} @ {2}", aCircuit.firstname, aCircuit.lastname, authURL); - // Check to see if we have a local user with that UUID - UserAccount account = m_UserAccountService.GetUserAccount(m_ScopeID, aCircuit.AgentID); - if (account != null) - { - // No, sorry; go away - reason = "User identifier not allowed on this grid"; - m_log.InfoFormat("[GATEKEEPER SERVICE]: Foreign agent {0} {1} has UUID of local user {3}. Refusing service.", - aCircuit.firstname, aCircuit.lastname, aCircuit.AgentID); - return false; - } - m_log.DebugFormat("[GATEKEEPER SERVICE]: User ID ok"); + //if (m_UserAccountService != null && m_HomeUsersSecurityService != null) + //{ + // // Check to see if we have a local user with that UUID + // UserAccount account = m_UserAccountService.GetUserAccount(m_ScopeID, aCircuit.AgentID); + + // // See if that user went out of this home grid + // IPEndPoint ep = m_HomeUsersSecurityService.GetEndPoint(aCircuit.AgentID); + + // if (account != null) + // { + // if ((ep == null) || // there's no memory of this agent going out + // (ep != null && (ep.Address != aCircuit.ClientEndPoint.Address || ep.Port != aCircuit.ClientEndPoint.Port))) // fake agent + // { + // // No, sorry; go away + // reason = "User identifier not allowed on this grid"; + // m_log.InfoFormat("[GATEKEEPER SERVICE]: Foreign agent {0} {1} has UUID of local user {2}. Refusing service.", + // aCircuit.firstname, aCircuit.lastname, aCircuit.AgentID); + // return false; + // } + // else + // { + // } + // } + // m_log.DebugFormat("[GATEKEEPER SERVICE]: User ID ok"); + //} // May want to authorize diff --git a/OpenSim/Services/HypergridService/HomeUsersSecurityService.cs b/OpenSim/Services/HypergridService/HomeUsersSecurityService.cs new file mode 100644 index 0000000..a7adfc1 --- /dev/null +++ b/OpenSim/Services/HypergridService/HomeUsersSecurityService.cs @@ -0,0 +1,67 @@ +using System; +using System.Collections.Generic; +using System.Net; +using System.Reflection; + +using OpenSim.Services.Interfaces; + +using OpenMetaverse; +using log4net; +using Nini.Config; + +namespace OpenSim.Services.HypergridService +{ + /// + /// This service is for HG1.5 only, to make up for the fact that clients don't + /// keep any private information in themselves, and that their 'home service' + /// needs to do it for them. + /// Once we have better clients, this shouldn't be needed. + /// + public class HomeUsersSecurityService : IHomeUsersSecurityService + { + private static readonly ILog m_log = + LogManager.GetLogger( + MethodBase.GetCurrentMethod().DeclaringType); + + // + // This is a persistent storage wannabe for dealing with the + // quirks of HG1.5. We don't really want to store this in a table. + // But this is the necessary information for securing clients + // coming home. + // + protected static Dictionary m_ClientEndPoints = new Dictionary(); + + public HomeUsersSecurityService(IConfigSource config) + { + m_log.DebugFormat("[HOME USERS SECURITY]: Starting..."); + } + + public void SetEndPoint(UUID sessionID, IPEndPoint ep) + { + m_log.DebugFormat("[HOME USERS SECURITY]: Set EndPoint {0} for session {1}", ep.ToString(), sessionID); + + lock (m_ClientEndPoints) + m_ClientEndPoints[sessionID] = ep; + } + + public IPEndPoint GetEndPoint(UUID sessionID) + { + lock (m_ClientEndPoints) + if (m_ClientEndPoints.ContainsKey(sessionID)) + { + m_log.DebugFormat("[HOME USERS SECURITY]: Get EndPoint {0} for session {1}", m_ClientEndPoints[sessionID].ToString(), sessionID); + return m_ClientEndPoints[sessionID]; + } + + return null; + } + + public void RemoveEndPoint(UUID sessionID) + { + m_log.DebugFormat("[HOME USERS SECURITY]: Remove EndPoint for session {0}", sessionID); + lock (m_ClientEndPoints) + if (m_ClientEndPoints.ContainsKey(sessionID)) + m_ClientEndPoints.Remove(sessionID); + } + } +} -- cgit v1.1