Thank you Snoopy for a patch that adds some filtering to client versions allowed at login and HG-login times. NOTE: additional (optional) configuration variables in [LoginService] and [GatekeeperService]. See .examples.

bulletsim
Diva Canto 2011-04-27 07:02:37 -07:00
parent 12010849b8
commit e0576b56d3
5 changed files with 158 additions and 5 deletions

View File

@ -29,6 +29,7 @@ using System;
using System.Collections.Generic;
using System.Net;
using System.Reflection;
using System.Text.RegularExpressions;
using OpenSim.Framework;
using OpenSim.Services.Interfaces;
@ -57,6 +58,9 @@ namespace OpenSim.Services.HypergridService
private static IUserAgentService m_UserAgentService;
private static ISimulationService m_SimulationService;
protected string m_AllowedClients = string.Empty;
protected string m_DeniedClients = string.Empty;
private static UUID m_ScopeID;
private static bool m_AllowTeleportsToAnyRegion;
private static string m_ExternalName;
@ -104,6 +108,9 @@ namespace OpenSim.Services.HypergridService
else if (simulationService != string.Empty)
m_SimulationService = ServerUtils.LoadPlugin<ISimulationService>(simulationService, args);
m_AllowedClients = serverConfig.GetString("AllowedClients", string.Empty);
m_DeniedClients = serverConfig.GetString("DeniedClients", string.Empty);
if (m_GridService == null || m_PresenceService == null || m_SimulationService == null)
throw new Exception("Unable to load a required plugin, Gatekeeper Service cannot function.");
@ -181,8 +188,36 @@ namespace OpenSim.Services.HypergridService
string authURL = string.Empty;
if (aCircuit.ServiceURLs.ContainsKey("HomeURI"))
authURL = aCircuit.ServiceURLs["HomeURI"].ToString();
m_log.DebugFormat("[GATEKEEPER SERVICE]: Request to login foreign agent {0} {1} @ {2} ({3}) at destination {4}",
aCircuit.firstname, aCircuit.lastname, authURL, aCircuit.AgentID, destination.RegionName);
m_log.InfoFormat("[GATEKEEPER SERVICE]: Login request for {0} {1} @ {2} ({3}) at {4} using viewer {5}, channel {6}, IP {7}, Mac {8}, Id0 {9}",
aCircuit.firstname, aCircuit.lastname, authURL, aCircuit.AgentID, destination.RegionName,
aCircuit.Viewer, aCircuit.Channel, aCircuit.IPAddress, aCircuit.Mac, aCircuit.Id0);
//
// Check client
//
if (m_AllowedClients != string.Empty)
{
Regex arx = new Regex(m_AllowedClients);
Match am = arx.Match(aCircuit.Viewer);
if (!am.Success)
{
m_log.InfoFormat("[GATEKEEPER SERVICE]: Login failed, reason: client {0} is not allowed", aCircuit.Viewer);
return false;
}
}
if (m_DeniedClients != string.Empty)
{
Regex drx = new Regex(m_DeniedClients);
Match dm = drx.Match(aCircuit.Viewer);
if (dm.Success)
{
m_log.InfoFormat("[GATEKEEPER SERVICE]: Login failed, reason: client {0} is denied", aCircuit.Viewer);
return false;
}
}
//
// Authenticate the user

View File

@ -77,7 +77,11 @@ namespace OpenSim.Services.LLLoginService
protected string m_MapTileURL;
protected string m_SearchURL;
protected string m_AllowedClients;
protected string m_DeniedClients;
IConfig m_LoginServerConfig;
IConfig m_ClientsConfig;
public LLLoginService(IConfigSource config, ISimulationService simService, ILibraryService libraryService)
{
@ -106,6 +110,9 @@ namespace OpenSim.Services.LLLoginService
m_MapTileURL = m_LoginServerConfig.GetString("MapTileURL", string.Empty);
m_SearchURL = m_LoginServerConfig.GetString("SearchURL", string.Empty);
m_AllowedClients = m_LoginServerConfig.GetString("AllowedClients", string.Empty);
m_DeniedClients = m_LoginServerConfig.GetString("DeniedClients", string.Empty);
// These are required; the others aren't
if (accountService == string.Empty || authService == string.Empty)
throw new Exception("LoginService is missing service specifications");
@ -215,10 +222,37 @@ namespace OpenSim.Services.LLLoginService
bool success = false;
UUID session = UUID.Random();
m_log.InfoFormat("[LLOGIN SERVICE]: Login request for {0} {1} from {2} with user agent {3} starting in {4}",
firstName, lastName, clientIP.Address.ToString(), clientVersion, startLocation);
m_log.InfoFormat("[LLOGIN SERVICE]: Login request for {0} {1} at {2} using viewer {3}, channel {4}, IP {5}, Mac {6}, Id0 {7}",
firstName, lastName, startLocation, clientVersion, channel, clientIP.Address.ToString(), mac, id0);
try
{
//
// Check client
//
if (m_AllowedClients != string.Empty)
{
Regex arx = new Regex(m_AllowedClients);
Match am = arx.Match(clientVersion);
if (!am.Success)
{
m_log.InfoFormat("[LLOGIN SERVICE]: Login failed, reason: client {0} is not allowed", clientVersion);
return LLFailedLoginResponse.LoginBlockedProblem;
}
}
if (m_DeniedClients != string.Empty)
{
Regex drx = new Regex(m_DeniedClients);
Match dm = drx.Match(clientVersion);
if (dm.Success)
{
m_log.InfoFormat("[LLOGIN SERVICE]: Login failed, reason: client {0} is denied", clientVersion);
return LLFailedLoginResponse.LoginBlockedProblem;
}
}
//
// Get the account and check that it exists
//

View File

@ -197,6 +197,23 @@ ServiceConnectors = "8003/OpenSim.Server.Handlers.dll:AssetServiceConnector,8003
SRV_AssetServerURI = "http://127.0.0.1:8002"
SRV_ProfileServerURI = "http://127.0.0.1:8002/user"
;; Regular expressions for controlling which client versions are accepted/denied.
;; An empty string means nothing is checked.
;;
;; Example 1: allow only these 3 types of clients (any version of them)
;; AllowedClients = "Imprudence|Hippo|Second Life"
;;
;; Example 2: allow all clients except these
;; DeniedClients = "Twisted|Crawler|Cryolife|FuckLife|StreetLife|GreenLife|AntiLife|KORE-Phaze|Synlyfe|Purple Second Life|SecondLi |Emerald"
;;
;; Note that these are regular expressions, so every character counts.
;; Also note that this is very weak security and should not be trusted as a reliable means
;; for keeping bad clients out; modified clients can fake their identifiers.
;;
;;
;AllowedClients = ""
;DeniedClients = ""
[GridInfoService]
; These settings are used to return information on a get_grid_info call.
; Client launcher scripts and third-party clients make use of this to
@ -256,6 +273,22 @@ ServiceConnectors = "8003/OpenSim.Server.Handlers.dll:AssetServiceConnector,8003
; If you run this gatekeeper server behind a proxy, set this to true
; HasProxy = false
;; Regular expressions for controlling which client versions are accepted/denied.
;; An empty string means nothing is checked.
;;
;; Example 1: allow only these 3 types of clients (any version of them)
;; AllowedClients = "Imprudence|Hippo|Second Life"
;;
;; Example 2: allow all clients except these
;; DeniedClients = "Twisted|Crawler|Cryolife|FuckLife|StreetLife|GreenLife|AntiLife|KORE-Phaze|Synlyfe|Purple Second Life|SecondLi |Emerald"
;;
;; Note that these are regular expressions, so every character counts.
;; Also note that this is very weak security and should not be trusted as a reliable means
;; for keeping bad clients out; modified clients can fake their identifiers.
;;
;;
;AllowedClients = ""
;DeniedClients = ""
[UserAgentService]
LocalServiceModule = "OpenSim.Services.HypergridService.dll:UserAgentService"

View File

@ -176,6 +176,23 @@ ServiceConnectors = "8003/OpenSim.Server.Handlers.dll:AssetServiceConnector,8003
; If you run this login server behind a proxy, set this to true
; HasProxy = false
;; Regular expressions for controlling which client versions are accepted/denied.
;; An empty string means nothing is checked.
;;
;; Example 1: allow only these 3 types of clients (any version of them)
;; AllowedClients = "Imprudence|Hippo|Second Life"
;;
;; Example 2: allow all clients except these
;; DeniedClients = "Twisted|Crawler|Cryolife|FuckLife|StreetLife|GreenLife|AntiLife|KORE-Phaze|Synlyfe|Purple Second Life|SecondLi |Emerald"
;;
;; Note that these are regular expressions, so every character counts.
;; Also note that this is very weak security and should not be trusted as a reliable means
;; for keeping bad clients out; modified clients can fake their identifiers.
;;
;;
;AllowedClients = ""
;DeniedClients = ""
[GridInfoService]
; These settings are used to return information on a get_grid_info call.
; Client launcher scripts and third-party clients make use of this to

View File

@ -83,6 +83,23 @@
SRV_AssetServerURI = "http://127.0.0.1:9000"
SRV_ProfileServerURI = "http://127.0.0.1:9000"
;; Regular expressions for controlling which client versions are accepted/denied.
;; An empty string means nothing is checked.
;;
;; Example 1: allow only these 3 types of clients (any version of them)
;; AllowedClients = "Imprudence|Hippo|Second Life"
;;
;; Example 2: allow all clients except these
;; DeniedClients = "Twisted|Crawler|Cryolife|FuckLife|StreetLife|GreenLife|AntiLife|KORE-Phaze|Synlyfe|Purple Second Life|SecondLi |Emerald"
;;
;; Note that these are regular expressions, so every character counts.
;; Also note that this is very weak security and should not be trusted as a reliable means
;; for keeping bad clients out; modified clients can fake their identifiers.
;;
;;
;AllowedClients = ""
;DeniedClients = ""
[GatekeeperService]
ExternalName = "http://127.0.0.1:9000"
@ -90,6 +107,23 @@
; If false, HG TPs happen only to the Default regions specified in [GridService] section
AllowTeleportsToAnyRegion = true
;; Regular expressions for controlling which client versions are accepted/denied.
;; An empty string means nothing is checked.
;;
;; Example 1: allow only these 3 types of clients (any version of them)
;; AllowedClients = "Imprudence|Hippo|Second Life"
;;
;; Example 2: allow all clients except these
;; DeniedClients = "Twisted|Crawler|Cryolife|FuckLife|StreetLife|GreenLife|AntiLife|KORE-Phaze|Synlyfe|Purple Second Life|SecondLi |Emerald"
;;
;; Note that these are regular expressions, so every character counts.
;; Also note that this is very weak security and should not be trusted as a reliable means
;; for keeping bad clients out; modified clients can fake their identifiers.
;;
;;
;AllowedClients = ""
;DeniedClients = ""
[GridInfoService]
; These settings are used to return information on a get_grid_info call.
; Client launcher scripts and third-party clients make use of this to