From e0576b56d376d6bc7b9c5c3818acbdbcdb0dc56f Mon Sep 17 00:00:00 2001 From: Diva Canto Date: Wed, 27 Apr 2011 07:02:37 -0700 Subject: Thank you Snoopy for a patch that adds some filtering to client versions allowed at login and HG-login times. NOTE: additional (optional) configuration variables in [LoginService] and [GatekeeperService]. See .examples. --- .../Services/HypergridService/GatekeeperService.cs | 39 +++++++++++++++++++-- OpenSim/Services/LLLoginService/LLLoginService.cs | 40 ++++++++++++++++++++-- 2 files changed, 74 insertions(+), 5 deletions(-) (limited to 'OpenSim/Services') diff --git a/OpenSim/Services/HypergridService/GatekeeperService.cs b/OpenSim/Services/HypergridService/GatekeeperService.cs index b66bfed..9385b8d 100644 --- a/OpenSim/Services/HypergridService/GatekeeperService.cs +++ b/OpenSim/Services/HypergridService/GatekeeperService.cs @@ -29,6 +29,7 @@ using System; using System.Collections.Generic; using System.Net; using System.Reflection; +using System.Text.RegularExpressions; using OpenSim.Framework; using OpenSim.Services.Interfaces; @@ -57,6 +58,9 @@ namespace OpenSim.Services.HypergridService private static IUserAgentService m_UserAgentService; private static ISimulationService m_SimulationService; + protected string m_AllowedClients = string.Empty; + protected string m_DeniedClients = string.Empty; + private static UUID m_ScopeID; private static bool m_AllowTeleportsToAnyRegion; private static string m_ExternalName; @@ -104,6 +108,9 @@ namespace OpenSim.Services.HypergridService else if (simulationService != string.Empty) m_SimulationService = ServerUtils.LoadPlugin(simulationService, args); + m_AllowedClients = serverConfig.GetString("AllowedClients", string.Empty); + m_DeniedClients = serverConfig.GetString("DeniedClients", string.Empty); + if (m_GridService == null || m_PresenceService == null || m_SimulationService == null) throw new Exception("Unable to load a required plugin, Gatekeeper Service cannot function."); @@ -181,8 +188,36 @@ namespace OpenSim.Services.HypergridService string authURL = string.Empty; if (aCircuit.ServiceURLs.ContainsKey("HomeURI")) authURL = aCircuit.ServiceURLs["HomeURI"].ToString(); - m_log.DebugFormat("[GATEKEEPER SERVICE]: Request to login foreign agent {0} {1} @ {2} ({3}) at destination {4}", - aCircuit.firstname, aCircuit.lastname, authURL, aCircuit.AgentID, destination.RegionName); + m_log.InfoFormat("[GATEKEEPER SERVICE]: Login request for {0} {1} @ {2} ({3}) at {4} using viewer {5}, channel {6}, IP {7}, Mac {8}, Id0 {9}", + aCircuit.firstname, aCircuit.lastname, authURL, aCircuit.AgentID, destination.RegionName, + aCircuit.Viewer, aCircuit.Channel, aCircuit.IPAddress, aCircuit.Mac, aCircuit.Id0); + + // + // Check client + // + if (m_AllowedClients != string.Empty) + { + Regex arx = new Regex(m_AllowedClients); + Match am = arx.Match(aCircuit.Viewer); + + if (!am.Success) + { + m_log.InfoFormat("[GATEKEEPER SERVICE]: Login failed, reason: client {0} is not allowed", aCircuit.Viewer); + return false; + } + } + + if (m_DeniedClients != string.Empty) + { + Regex drx = new Regex(m_DeniedClients); + Match dm = drx.Match(aCircuit.Viewer); + + if (dm.Success) + { + m_log.InfoFormat("[GATEKEEPER SERVICE]: Login failed, reason: client {0} is denied", aCircuit.Viewer); + return false; + } + } // // Authenticate the user diff --git a/OpenSim/Services/LLLoginService/LLLoginService.cs b/OpenSim/Services/LLLoginService/LLLoginService.cs index d364aa4..9bcc3dd 100644 --- a/OpenSim/Services/LLLoginService/LLLoginService.cs +++ b/OpenSim/Services/LLLoginService/LLLoginService.cs @@ -77,7 +77,11 @@ namespace OpenSim.Services.LLLoginService protected string m_MapTileURL; protected string m_SearchURL; + protected string m_AllowedClients; + protected string m_DeniedClients; + IConfig m_LoginServerConfig; + IConfig m_ClientsConfig; public LLLoginService(IConfigSource config, ISimulationService simService, ILibraryService libraryService) { @@ -105,7 +109,10 @@ namespace OpenSim.Services.LLLoginService m_GatekeeperURL = m_LoginServerConfig.GetString("GatekeeperURI", string.Empty); m_MapTileURL = m_LoginServerConfig.GetString("MapTileURL", string.Empty); m_SearchURL = m_LoginServerConfig.GetString("SearchURL", string.Empty); - + + m_AllowedClients = m_LoginServerConfig.GetString("AllowedClients", string.Empty); + m_DeniedClients = m_LoginServerConfig.GetString("DeniedClients", string.Empty); + // These are required; the others aren't if (accountService == string.Empty || authService == string.Empty) throw new Exception("LoginService is missing service specifications"); @@ -215,11 +222,38 @@ namespace OpenSim.Services.LLLoginService bool success = false; UUID session = UUID.Random(); - m_log.InfoFormat("[LLOGIN SERVICE]: Login request for {0} {1} from {2} with user agent {3} starting in {4}", - firstName, lastName, clientIP.Address.ToString(), clientVersion, startLocation); + m_log.InfoFormat("[LLOGIN SERVICE]: Login request for {0} {1} at {2} using viewer {3}, channel {4}, IP {5}, Mac {6}, Id0 {7}", + firstName, lastName, startLocation, clientVersion, channel, clientIP.Address.ToString(), mac, id0); try { // + // Check client + // + if (m_AllowedClients != string.Empty) + { + Regex arx = new Regex(m_AllowedClients); + Match am = arx.Match(clientVersion); + + if (!am.Success) + { + m_log.InfoFormat("[LLOGIN SERVICE]: Login failed, reason: client {0} is not allowed", clientVersion); + return LLFailedLoginResponse.LoginBlockedProblem; + } + } + + if (m_DeniedClients != string.Empty) + { + Regex drx = new Regex(m_DeniedClients); + Match dm = drx.Match(clientVersion); + + if (dm.Success) + { + m_log.InfoFormat("[LLOGIN SERVICE]: Login failed, reason: client {0} is denied", clientVersion); + return LLFailedLoginResponse.LoginBlockedProblem; + } + } + + // // Get the account and check that it exists // UserAccount account = m_UserAccountService.GetUserAccount(scopeID, firstName, lastName); -- cgit v1.1