From e0576b56d376d6bc7b9c5c3818acbdbcdb0dc56f Mon Sep 17 00:00:00 2001 From: Diva Canto Date: Wed, 27 Apr 2011 07:02:37 -0700 Subject: Thank you Snoopy for a patch that adds some filtering to client versions allowed at login and HG-login times. NOTE: additional (optional) configuration variables in [LoginService] and [GatekeeperService]. See .examples. --- .../Services/HypergridService/GatekeeperService.cs | 39 +++++++++++++++++++-- OpenSim/Services/LLLoginService/LLLoginService.cs | 40 ++++++++++++++++++++-- 2 files changed, 74 insertions(+), 5 deletions(-) (limited to 'OpenSim/Services') diff --git a/OpenSim/Services/HypergridService/GatekeeperService.cs b/OpenSim/Services/HypergridService/GatekeeperService.cs index b66bfed..9385b8d 100644 --- a/OpenSim/Services/HypergridService/GatekeeperService.cs +++ b/OpenSim/Services/HypergridService/GatekeeperService.cs @@ -29,6 +29,7 @@ using System; using System.Collections.Generic; using System.Net; using System.Reflection; +using System.Text.RegularExpressions; using OpenSim.Framework; using OpenSim.Services.Interfaces; @@ -57,6 +58,9 @@ namespace OpenSim.Services.HypergridService private static IUserAgentService m_UserAgentService; private static ISimulationService m_SimulationService; + protected string m_AllowedClients = string.Empty; + protected string m_DeniedClients = string.Empty; + private static UUID m_ScopeID; private static bool m_AllowTeleportsToAnyRegion; private static string m_ExternalName; @@ -104,6 +108,9 @@ namespace OpenSim.Services.HypergridService else if (simulationService != string.Empty) m_SimulationService = ServerUtils.LoadPlugin(simulationService, args); + m_AllowedClients = serverConfig.GetString("AllowedClients", string.Empty); + m_DeniedClients = serverConfig.GetString("DeniedClients", string.Empty); + if (m_GridService == null || m_PresenceService == null || m_SimulationService == null) throw new Exception("Unable to load a required plugin, Gatekeeper Service cannot function."); @@ -181,8 +188,36 @@ namespace OpenSim.Services.HypergridService string authURL = string.Empty; if (aCircuit.ServiceURLs.ContainsKey("HomeURI")) authURL = aCircuit.ServiceURLs["HomeURI"].ToString(); - m_log.DebugFormat("[GATEKEEPER SERVICE]: Request to login foreign agent {0} {1} @ {2} ({3}) at destination {4}", - aCircuit.firstname, aCircuit.lastname, authURL, aCircuit.AgentID, destination.RegionName); + m_log.InfoFormat("[GATEKEEPER SERVICE]: Login request for {0} {1} @ {2} ({3}) at {4} using viewer {5}, channel {6}, IP {7}, Mac {8}, Id0 {9}", + aCircuit.firstname, aCircuit.lastname, authURL, aCircuit.AgentID, destination.RegionName, + aCircuit.Viewer, aCircuit.Channel, aCircuit.IPAddress, aCircuit.Mac, aCircuit.Id0); + + // + // Check client + // + if (m_AllowedClients != string.Empty) + { + Regex arx = new Regex(m_AllowedClients); + Match am = arx.Match(aCircuit.Viewer); + + if (!am.Success) + { + m_log.InfoFormat("[GATEKEEPER SERVICE]: Login failed, reason: client {0} is not allowed", aCircuit.Viewer); + return false; + } + } + + if (m_DeniedClients != string.Empty) + { + Regex drx = new Regex(m_DeniedClients); + Match dm = drx.Match(aCircuit.Viewer); + + if (dm.Success) + { + m_log.InfoFormat("[GATEKEEPER SERVICE]: Login failed, reason: client {0} is denied", aCircuit.Viewer); + return false; + } + } // // Authenticate the user diff --git a/OpenSim/Services/LLLoginService/LLLoginService.cs b/OpenSim/Services/LLLoginService/LLLoginService.cs index d364aa4..9bcc3dd 100644 --- a/OpenSim/Services/LLLoginService/LLLoginService.cs +++ b/OpenSim/Services/LLLoginService/LLLoginService.cs @@ -77,7 +77,11 @@ namespace OpenSim.Services.LLLoginService protected string m_MapTileURL; protected string m_SearchURL; + protected string m_AllowedClients; + protected string m_DeniedClients; + IConfig m_LoginServerConfig; + IConfig m_ClientsConfig; public LLLoginService(IConfigSource config, ISimulationService simService, ILibraryService libraryService) { @@ -105,7 +109,10 @@ namespace OpenSim.Services.LLLoginService m_GatekeeperURL = m_LoginServerConfig.GetString("GatekeeperURI", string.Empty); m_MapTileURL = m_LoginServerConfig.GetString("MapTileURL", string.Empty); m_SearchURL = m_LoginServerConfig.GetString("SearchURL", string.Empty); - + + m_AllowedClients = m_LoginServerConfig.GetString("AllowedClients", string.Empty); + m_DeniedClients = m_LoginServerConfig.GetString("DeniedClients", string.Empty); + // These are required; the others aren't if (accountService == string.Empty || authService == string.Empty) throw new Exception("LoginService is missing service specifications"); @@ -215,11 +222,38 @@ namespace OpenSim.Services.LLLoginService bool success = false; UUID session = UUID.Random(); - m_log.InfoFormat("[LLOGIN SERVICE]: Login request for {0} {1} from {2} with user agent {3} starting in {4}", - firstName, lastName, clientIP.Address.ToString(), clientVersion, startLocation); + m_log.InfoFormat("[LLOGIN SERVICE]: Login request for {0} {1} at {2} using viewer {3}, channel {4}, IP {5}, Mac {6}, Id0 {7}", + firstName, lastName, startLocation, clientVersion, channel, clientIP.Address.ToString(), mac, id0); try { // + // Check client + // + if (m_AllowedClients != string.Empty) + { + Regex arx = new Regex(m_AllowedClients); + Match am = arx.Match(clientVersion); + + if (!am.Success) + { + m_log.InfoFormat("[LLOGIN SERVICE]: Login failed, reason: client {0} is not allowed", clientVersion); + return LLFailedLoginResponse.LoginBlockedProblem; + } + } + + if (m_DeniedClients != string.Empty) + { + Regex drx = new Regex(m_DeniedClients); + Match dm = drx.Match(clientVersion); + + if (dm.Success) + { + m_log.InfoFormat("[LLOGIN SERVICE]: Login failed, reason: client {0} is denied", clientVersion); + return LLFailedLoginResponse.LoginBlockedProblem; + } + } + + // // Get the account and check that it exists // UserAccount account = m_UserAccountService.GetUserAccount(scopeID, firstName, lastName); -- cgit v1.1 From 9892e115ccdcc8567087041917fb5c7694aa8836 Mon Sep 17 00:00:00 2001 From: Diva Canto Date: Thu, 28 Apr 2011 20:19:54 -0700 Subject: Fatpack message on agent transfers: 1 message only (UpdateAgent) containing the agent and all attachments. Preserves backwards compatibility -- older sims get passed attachments one by one. Meaning that I finally introduced versioning in the simulation service. --- .../Simulation/SimulationServiceConnector.cs | 19 ++++++++++++------- OpenSim/Services/Interfaces/ISimulationService.cs | 2 +- 2 files changed, 13 insertions(+), 8 deletions(-) (limited to 'OpenSim/Services') diff --git a/OpenSim/Services/Connectors/Simulation/SimulationServiceConnector.cs b/OpenSim/Services/Connectors/Simulation/SimulationServiceConnector.cs index 93b3ae6..415b4f0 100644 --- a/OpenSim/Services/Connectors/Simulation/SimulationServiceConnector.cs +++ b/OpenSim/Services/Connectors/Simulation/SimulationServiceConnector.cs @@ -241,7 +241,7 @@ namespace OpenSim.Services.Connectors.Simulation if (args != null) { agent = new CompleteAgentData(); - agent.Unpack(args); + agent.Unpack(args, null); return true; } } @@ -256,9 +256,10 @@ namespace OpenSim.Services.Connectors.Simulation /// /// - public bool QueryAccess(GridRegion destination, UUID id, Vector3 position, out string reason) + public bool QueryAccess(GridRegion destination, UUID id, Vector3 position, out string version, out string reason) { reason = "Failed to contact destination"; + version = "Unknown"; // m_log.DebugFormat("[REMOTE SIMULATION CONNECTOR]: QueryAccess start, position={0}", position); @@ -274,23 +275,27 @@ namespace OpenSim.Services.Connectors.Simulation try { OSDMap result = WebUtil.ServiceOSDRequest(uri, request, "QUERYACCESS", 10000); + OSDMap data = (OSDMap)result["_Result"]; + bool success = result["success"].AsBoolean(); - reason = result["reason"].AsString(); + reason = data["reason"].AsString(); + if (data["version"] != null) + version = data["version"].AsString(); - //m_log.DebugFormat("[REMOTE SIMULATION CONNECTOR]: QueryAccess to {0} returned {1}", uri, success); + m_log.DebugFormat("[REMOTE SIMULATION CONNECTOR]: QueryAccess to {0} returned {1} version {2} ({3})", uri, success, version, data["version"].AsString()); if (!success) { - if (result.ContainsKey("Message")) + if (data.ContainsKey("Message")) { - string message = result["Message"].AsString(); + string message = data["Message"].AsString(); if (message == "Service request failed: [MethodNotAllowed] MethodNotAllowed") // Old style region { m_log.Info("[REMOTE SIMULATION CONNECTOR]: The above web util error was caused by a TP to a sim that doesn't support QUERYACCESS and can be ignored"); return true; } - reason = result["Message"]; + reason = data["Message"]; } else { diff --git a/OpenSim/Services/Interfaces/ISimulationService.cs b/OpenSim/Services/Interfaces/ISimulationService.cs index 55c9cc5..5f9ce6d 100644 --- a/OpenSim/Services/Interfaces/ISimulationService.cs +++ b/OpenSim/Services/Interfaces/ISimulationService.cs @@ -67,7 +67,7 @@ namespace OpenSim.Services.Interfaces bool RetrieveAgent(GridRegion destination, UUID id, out IAgentData agent); - bool QueryAccess(GridRegion destination, UUID id, Vector3 position, out string reason); + bool QueryAccess(GridRegion destination, UUID id, Vector3 position, out string version, out string reason); /// /// Message from receiving region to departing region, telling it got contacted by the client. -- cgit v1.1 From e462b926acc2810303d4ce5fc00f494f4765a7ad Mon Sep 17 00:00:00 2001 From: Diva Canto Date: Fri, 29 Apr 2011 08:01:44 -0700 Subject: Minor improvement in version checking (Simulation service) --- OpenSim/Services/Connectors/Simulation/SimulationServiceConnector.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'OpenSim/Services') diff --git a/OpenSim/Services/Connectors/Simulation/SimulationServiceConnector.cs b/OpenSim/Services/Connectors/Simulation/SimulationServiceConnector.cs index 415b4f0..7545db8 100644 --- a/OpenSim/Services/Connectors/Simulation/SimulationServiceConnector.cs +++ b/OpenSim/Services/Connectors/Simulation/SimulationServiceConnector.cs @@ -279,7 +279,7 @@ namespace OpenSim.Services.Connectors.Simulation bool success = result["success"].AsBoolean(); reason = data["reason"].AsString(); - if (data["version"] != null) + if (data["version"] != null && data["version"].AsString() != string.Empty) version = data["version"].AsString(); m_log.DebugFormat("[REMOTE SIMULATION CONNECTOR]: QueryAccess to {0} returned {1} version {2} ({3})", uri, success, version, data["version"].AsString()); -- cgit v1.1