OpenSim
/
OpenSimMirror
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Guard against unauthorized agent deletes.

cpu-performance
Diva Canto 2013-07-13 21:28:46 -07:00
parent 931eb892d9
commit b4f1b9acf6
9 changed files with 57 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
OpenSim/Region/CoreModules/Framework/EntityTransfer/EntityTransferModule.cs
View File

@ -817,7 +817,7 @@ namespace OpenSim.Region.CoreModules.Framework.EntityTransfer
"[ENTITY TRANSFER MODULE]: UpdateAgent failed on teleport of {0} to {1} from {2}. Keeping avatar in source region.", "[ENTITY TRANSFER MODULE]: UpdateAgent failed on teleport of {0} to {1} from {2}. Keeping avatar in source region.",
sp.Name, finalDestination.RegionName, sp.Scene.RegionInfo.RegionName); sp.Name, finalDestination.RegionName, sp.Scene.RegionInfo.RegionName);
Fail(sp, finalDestination, logout, "Connection between viewer and destination region could not be established."); Fail(sp, finalDestination, logout, Util.Md5Hash(currentAgentCircuit.Id0), "Connection between viewer and destination region could not be established.");
return; return;
} }
@ -829,7 +829,7 @@ namespace OpenSim.Region.CoreModules.Framework.EntityTransfer
"[ENTITY TRANSFER MODULE]: Cancelled teleport of {0} to {1} from {2} after UpdateAgent on client request", "[ENTITY TRANSFER MODULE]: Cancelled teleport of {0} to {1} from {2} after UpdateAgent on client request",
sp.Name, finalDestination.RegionName, sp.Scene.Name); sp.Name, finalDestination.RegionName, sp.Scene.Name);
CleanupFailedInterRegionTeleport(sp, finalDestination); CleanupFailedInterRegionTeleport(sp, Util.Md5Hash(currentAgentCircuit.Id0), finalDestination);
return; return;
} }
@ -873,7 +873,7 @@ namespace OpenSim.Region.CoreModules.Framework.EntityTransfer
"[ENTITY TRANSFER MODULE]: Teleport of {0} to {1} from {2} failed due to no callback from destination region. Returning avatar to source region.", "[ENTITY TRANSFER MODULE]: Teleport of {0} to {1} from {2} failed due to no callback from destination region. Returning avatar to source region.",
sp.Name, finalDestination.RegionName, sp.Scene.RegionInfo.RegionName); sp.Name, finalDestination.RegionName, sp.Scene.RegionInfo.RegionName);
Fail(sp, finalDestination, logout, "Destination region did not signal teleport completion."); Fail(sp, finalDestination, logout, Util.Md5Hash(currentAgentCircuit.Id0), "Destination region did not signal teleport completion.");
return; return;
} }
@ -927,7 +927,7 @@ namespace OpenSim.Region.CoreModules.Framework.EntityTransfer
/// <remarks> /// <remarks>
/// <param name='sp'> </param> /// <param name='sp'> </param>
/// <param name='finalDestination'></param> /// <param name='finalDestination'></param>
protected virtual void CleanupFailedInterRegionTeleport(ScenePresence sp, GridRegion finalDestination) protected virtual void CleanupFailedInterRegionTeleport(ScenePresence sp, string auth_token, GridRegion finalDestination)
{ {
m_entityTransferStateMachine.UpdateInTransit(sp.UUID, AgentTransferState.CleaningUp); m_entityTransferStateMachine.UpdateInTransit(sp.UUID, AgentTransferState.CleaningUp);
@ -938,7 +938,7 @@ namespace OpenSim.Region.CoreModules.Framework.EntityTransfer
// Finally, kill the agent we just created at the destination. // Finally, kill the agent we just created at the destination.
// XXX: Possibly this should be done asynchronously. // XXX: Possibly this should be done asynchronously.
Scene.SimulationService.CloseAgent(finalDestination, sp.UUID); Scene.SimulationService.CloseAgent(finalDestination, sp.UUID, auth_token);
} }
/// <summary> /// <summary>
@ -948,9 +948,9 @@ namespace OpenSim.Region.CoreModules.Framework.EntityTransfer
/// <param name='finalDestination'></param> /// <param name='finalDestination'></param>
/// <param name='logout'></param> /// <param name='logout'></param>
/// <param name='reason'>Human readable reason for teleport failure. Will be sent to client.</param> /// <param name='reason'>Human readable reason for teleport failure. Will be sent to client.</param>
protected virtual void Fail(ScenePresence sp, GridRegion finalDestination, bool logout, string reason) protected virtual void Fail(ScenePresence sp, GridRegion finalDestination, bool logout, string auth_code, string reason)
{ {
CleanupFailedInterRegionTeleport(sp, finalDestination); CleanupFailedInterRegionTeleport(sp, auth_code, finalDestination);
m_interRegionTeleportFailures.Value++; m_interRegionTeleportFailures.Value++;

4
OpenSim/Region/CoreModules/ServiceConnectorsOut/Simulation/LocalSimulationConnector.cs
View File

@ -286,7 +286,7 @@ namespace OpenSim.Region.CoreModules.ServiceConnectorsOut.Simulation
return false; return false;
} }
public bool CloseAgent(GridRegion destination, UUID id) public bool CloseAgent(GridRegion destination, UUID id, string auth_token)
{ {
if (destination == null) if (destination == null)
return false; return false;
@ -297,7 +297,7 @@ namespace OpenSim.Region.CoreModules.ServiceConnectorsOut.Simulation
// "[LOCAL SIMULATION CONNECTOR]: Found region {0} {1} to send AgentUpdate", // "[LOCAL SIMULATION CONNECTOR]: Found region {0} {1} to send AgentUpdate",
// s.RegionInfo.RegionName, destination.RegionHandle); // s.RegionInfo.RegionName, destination.RegionHandle);
m_scenes[destination.RegionID].IncomingCloseAgent(id, false); m_scenes[destination.RegionID].IncomingCloseAgent(id, false, auth_token);
return true; return true;
} }

6
OpenSim/Region/CoreModules/ServiceConnectorsOut/Simulation/RemoteSimulationConnector.cs
View File

@ -245,18 +245,18 @@ namespace OpenSim.Region.CoreModules.ServiceConnectorsOut.Simulation
} }
public bool CloseAgent(GridRegion destination, UUID id) public bool CloseAgent(GridRegion destination, UUID id, string auth_token)
{ {
if (destination == null) if (destination == null)
return false; return false;
// Try local first // Try local first
if (m_localBackend.CloseAgent(destination, id)) if (m_localBackend.CloseAgent(destination, id, auth_token))
return true; return true;
// else do the remote thing // else do the remote thing
if (!m_localBackend.IsLocalRegion(destination.RegionID)) if (!m_localBackend.IsLocalRegion(destination.RegionID))
return m_remoteConnector.CloseAgent(destination, id); return m_remoteConnector.CloseAgent(destination, id, auth_token);
return false; return false;
} }

24
OpenSim/Region/Framework/Scenes/Scene.cs
View File

@ -3452,7 +3452,7 @@ namespace OpenSim.Region.Framework.Scenes
regions.Remove(RegionInfo.RegionHandle); regions.Remove(RegionInfo.RegionHandle);
// This ends up being done asynchronously so that a logout isn't held up where there are many present but unresponsive neighbours. // This ends up being done asynchronously so that a logout isn't held up where there are many present but unresponsive neighbours.
m_sceneGridService.SendCloseChildAgentConnections(agentID, regions); m_sceneGridService.SendCloseChildAgentConnections(agentID, Util.Md5Hash(acd.Id0), regions);
} }
m_eventManager.TriggerClientClosed(agentID, this); m_eventManager.TriggerClientClosed(agentID, this);
@ -4277,6 +4277,25 @@ namespace OpenSim.Region.Framework.Scenes
return false; return false;
} }
/// <summary>
/// Authenticated close (via network)
/// </summary>
/// <param name="agentID"></param>
/// <param name="force"></param>
/// <param name="auth_token"></param>
/// <returns></returns>
public bool IncomingCloseAgent(UUID agentID, bool force, string auth_token)
{
//m_log.DebugFormat("[SCENE]: Processing incoming close agent {0} in region {1} with auth_token {2}", agentID, RegionInfo.RegionName, auth_token);
// Check that the auth_token is valid
AgentCircuitData acd = AuthenticateHandler.GetAgentCircuitData(agentID);
if (acd != null && Util.Md5Hash(acd.Id0) == auth_token)
return IncomingCloseAgent(agentID, force);
else
m_log.ErrorFormat("[SCENE]: Request to close agent {0} with invalid authorization token {1}", agentID, auth_token);
return false;
}
/// <summary> /// <summary>
/// Tell a single agent to disconnect from the region. /// Tell a single agent to disconnect from the region.
@ -4292,10 +4311,7 @@ namespace OpenSim.Region.Framework.Scenes
ScenePresence presence = m_sceneGraph.GetScenePresence(agentID); ScenePresence presence = m_sceneGraph.GetScenePresence(agentID);
if (presence != null) if (presence != null)
{
presence.ControllingClient.Close(force); presence.ControllingClient.Close(force);
return true;
}
// Agent not here // Agent not here
return false; return false;

8
OpenSim/Region/Framework/Scenes/SceneCommunicationService.cs
View File

@ -197,7 +197,7 @@ namespace OpenSim.Region.Framework.Scenes
/// <summary> /// <summary>
/// Closes a child agent on a given region /// Closes a child agent on a given region
/// </summary> /// </summary>
protected void SendCloseChildAgent(UUID agentID, ulong regionHandle) protected void SendCloseChildAgent(UUID agentID, ulong regionHandle, string auth_token)
{ {
// let's do our best, but there's not much we can do if the neighbour doesn't accept. // let's do our best, but there's not much we can do if the neighbour doesn't accept.
@ -210,7 +210,7 @@ namespace OpenSim.Region.Framework.Scenes
m_log.DebugFormat( m_log.DebugFormat(
"[SCENE COMMUNICATION SERVICE]: Sending close agent ID {0} to {1}", agentID, destination.RegionName); "[SCENE COMMUNICATION SERVICE]: Sending close agent ID {0} to {1}", agentID, destination.RegionName);
m_scene.SimulationService.CloseAgent(destination, agentID); m_scene.SimulationService.CloseAgent(destination, agentID, auth_token);
} }
/// <summary> /// <summary>
@ -219,14 +219,14 @@ namespace OpenSim.Region.Framework.Scenes
/// </summary> /// </summary>
/// <param name="agentID"></param> /// <param name="agentID"></param>
/// <param name="regionslst"></param> /// <param name="regionslst"></param>
public void SendCloseChildAgentConnections(UUID agentID, List<ulong> regionslst) public void SendCloseChildAgentConnections(UUID agentID, string auth_code, List<ulong> regionslst)
{ {
foreach (ulong handle in regionslst) foreach (ulong handle in regionslst)
{ {
// We must take a copy here since handle is acts like a reference when used in an iterator. // We must take a copy here since handle is acts like a reference when used in an iterator.
// This leads to race conditions if directly passed to SendCloseChildAgent with more than one neighbour region. // This leads to race conditions if directly passed to SendCloseChildAgent with more than one neighbour region.
ulong handleCopy = handle; ulong handleCopy = handle;
Util.FireAndForget((o) => { SendCloseChildAgent(agentID, handleCopy); }); Util.FireAndForget((o) => { SendCloseChildAgent(agentID, handleCopy, auth_code); });
} }
} }

6
OpenSim/Region/Framework/Scenes/ScenePresence.cs
View File

@ -3167,7 +3167,11 @@ namespace OpenSim.Region.Framework.Scenes
{ {
m_log.Debug("[SCENE PRESENCE]: Closing " + byebyeRegions.Count + " child agents"); m_log.Debug("[SCENE PRESENCE]: Closing " + byebyeRegions.Count + " child agents");
m_scene.SceneGridService.SendCloseChildAgentConnections(ControllingClient.AgentId, byebyeRegions); AgentCircuitData acd = Scene.AuthenticateHandler.GetAgentCircuitData(UUID);
string auth = string.Empty;
if (acd != null)
auth = Util.Md5Hash(acd.Id0);
m_scene.SceneGridService.SendCloseChildAgentConnections(ControllingClient.AgentId, auth, byebyeRegions);
} }
foreach (ulong handle in byebyeRegions) foreach (ulong handle in byebyeRegions)

16
OpenSim/Server/Handlers/Simulation/AgentHandlers.cs
View File

@ -27,11 +27,13 @@
using System; using System;
using System.Collections; using System.Collections;
using System.Collections.Specialized;
using System.IO; using System.IO;
using System.IO.Compression; using System.IO.Compression;
using System.Reflection; using System.Reflection;
using System.Net; using System.Net;
using System.Text; using System.Text;
using System.Web;
using OpenSim.Server.Base; using OpenSim.Server.Base;
using OpenSim.Server.Handlers.Base; using OpenSim.Server.Handlers.Base;
@ -92,7 +94,11 @@ namespace OpenSim.Server.Handlers.Simulation
string method = (string)request["http-method"]; string method = (string)request["http-method"];
if (method.Equals("DELETE")) if (method.Equals("DELETE"))
{ {
DoAgentDelete(request, responsedata, agentID, action, regionID); string auth_token = string.Empty;
if (request.ContainsKey("auth"))
auth_token = request["auth"].ToString();
DoAgentDelete(request, responsedata, agentID, action, regionID, auth_token);
return responsedata; return responsedata;
} }
else if (method.Equals("QUERYACCESS")) else if (method.Equals("QUERYACCESS"))
@ -151,9 +157,9 @@ namespace OpenSim.Server.Handlers.Simulation
// Console.WriteLine("str_response_string [{0}]", responsedata["str_response_string"]); // Console.WriteLine("str_response_string [{0}]", responsedata["str_response_string"]);
} }
protected void DoAgentDelete(Hashtable request, Hashtable responsedata, UUID id, string action, UUID regionID) protected void DoAgentDelete(Hashtable request, Hashtable responsedata, UUID id, string action, UUID regionID, string auth_token)
{ {
m_log.Debug(" >>> DoDelete action:" + action + "; RegionID:" + regionID); m_log.DebugFormat("[AGENT HANDLER]: >>> DELETE action: {0}; RegionID: {1}; from: {2}; auth_code: {3}", action, regionID, Util.GetCallerIP(request), auth_token);
GridRegion destination = new GridRegion(); GridRegion destination = new GridRegion();
destination.RegionID = regionID; destination.RegionID = regionID;
@ -161,12 +167,12 @@ namespace OpenSim.Server.Handlers.Simulation
if (action.Equals("release")) if (action.Equals("release"))
ReleaseAgent(regionID, id); ReleaseAgent(regionID, id);
else else
Util.FireAndForget(delegate { m_SimulationService.CloseAgent(destination, id); }); Util.FireAndForget(delegate { m_SimulationService.CloseAgent(destination, id, auth_token); });
responsedata["int_response_code"] = HttpStatusCode.OK; responsedata["int_response_code"] = HttpStatusCode.OK;
responsedata["str_response_string"] = "OpenSim agent " + id.ToString(); responsedata["str_response_string"] = "OpenSim agent " + id.ToString();
m_log.DebugFormat("[AGENT HANDLER]: Agent {0} Released/Deleted from region {1}", id, regionID); //m_log.DebugFormat("[AGENT HANDLER]: Agent {0} Released/Deleted from region {1}", id, regionID);
} }
protected virtual void ReleaseAgent(UUID regionID, UUID id) protected virtual void ReleaseAgent(UUID regionID, UUID id)

7
OpenSim/Services/Connectors/Simulation/SimulationServiceConnector.cs
View File

@ -367,11 +367,10 @@ namespace OpenSim.Services.Connectors.Simulation
/// <summary> /// <summary>
/// </summary> /// </summary>
public bool CloseAgent(GridRegion destination, UUID id) public bool CloseAgent(GridRegion destination, UUID id, string auth_code)
{ {
// m_log.DebugFormat("[REMOTE SIMULATION CONNECTOR]: CloseAgent start"); string uri = destination.ServerURI + AgentPath() + id + "/" + destination.RegionID.ToString() + "/?auth=" + auth_code;
m_log.DebugFormat("[REMOTE SIMULATION CONNECTOR]: CloseAgent {0}", uri);
string uri = destination.ServerURI + AgentPath() + id + "/" + destination.RegionID.ToString() + "/";
try try
{ {

2
OpenSim/Services/Interfaces/ISimulationService.cs
View File

@ -93,7 +93,7 @@ namespace OpenSim.Services.Interfaces
/// <param name="regionHandle"></param> /// <param name="regionHandle"></param>
/// <param name="id"></param> /// <param name="id"></param>
/// <returns></returns> /// <returns></returns>
bool CloseAgent(GridRegion destination, UUID id); bool CloseAgent(GridRegion destination, UUID id, string auth_token);
#endregion Agents #endregion Agents