| Anonymous | Login | Signup for a new account | 2021-01-15 06:26 PST |  |
| Main | My View | View Issues | Change Log | Roadmap | Summary | My Account |
| View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | ||||||||
| ID | Project | Category | View Status | Date Submitted | Last Update | ||||
| 0008405 | opensim | [GRID] Grid Service | public | 2018-11-09 04:45 | 2020-11-19 07:34 | ||||
| Reporter | Data Rossini | ||||||||
| Assigned To | tampa | ||||||||
| Priority | normal | Severity | major | Reproducibility | always | ||||
| Status | resolved | Resolution | fixed | ||||||
| Platform | Operating System | Linux | Operating System Version | Suse 42.3 | |||||
| Product Version | 0.9.0.1 | ||||||||
| Target Version | Fixed in Version | master (dev code) | |||||||
| Summary | 0008405: Client version access control does not work | ||||||||
| Description | Client version access control configured in the "Robust.HG.ini" section "[AccessControl]" does not work. It looks like that the string "clientVersion" is truncated at a space in the viewer version string. You can see it in Robust.log at ... using viewer. | ||||||||
| Steps To Reproduce | Firestorm Version: "Firestorm 5.1.7 (55786)" Case 1: You can not log in ========================== -> Get in Firestorm: "Logins are currently restricted. Please try again later." Robust.HG.ini Section [AccessControl]: ... [AccessControl] ;# {AllowedClients} {} {Bar (|) separated list of allowed clients} {} ;; Bar (|) separated list of viewers which may gain access to the regions. ;; One can use a substring of the viewer name to enable only certain ;; versions ;; Example: Agent uses the viewer "Imprudence 1.3.2.0" ;; - "Imprudence" has access ;; - "Imprudence 1.3" has access ;; - "Imprudence 1.3.1" has no access ; AllowedClients = "" AllowedClients = "Firestorm" ;AllowedClients = "5.1.7.55786" ;# {DeniedClients} {} {Bar (|) separated list of denied clients} {} ;; Bar (|) separated list of viewers which may not gain access to the regions. ;; One can use a Substring of the viewer name to disable only certain ;; versions ;; Example: Agent uses the viewer "Imprudence 1.3.2.0" ;; - "Imprudence" has no access ;; - "Imprudence 1.3" has no access ;; - "Imprudence 1.3.1" has access ; DeniedClients = "" ;DeniedClients = "Imprudence|CopyBot|Twisted|Crawler|Cryolife|FuckLife|StreetLife|GreenLife|AntiLife|KORE-Phaze|Synlyfe|PurpleSecond Life|Emerald|Darkstorm|BuilderBot|Phoenix-Firestorm-Professional" ... Robust.log (XXX for IP and Mac): ... 2018-11-09 12:53:10,190 INFO (Threadpool worker) - OpenSim.Services.LLLoginService.LLLoginService [LLOGIN SERVICE]: Login request for Owner RoMetaverse at home using viewer 5.1.7.55786, channel Firestorm-Releasex64, IP XX.XXX.XX.XXX, Mac XXXXXXXX, Id0 2be72c62d2bed82f20db3532d25eb274, Possible LibOMVGridProxy: False 2018-11-09 12:53:10,191 INFO (Threadpool worker) - OpenSim.Services.LLLoginService.LLLoginService [LLOGIN SERVICE]: Login failed for Owner RoMetaverse, reason: client 5.1.7.55786 is not allowed Case 2: You can log in ====================== Robust.HG.ini Section [AccessControl]: ... [AccessControl] ;# {AllowedClients} {} {Bar (|) separated list of allowed clients} {} ;; Bar (|) separated list of viewers which may gain access to the regions. ;; One can use a substring of the viewer name to enable only certain ;; versions ;; Example: Agent uses the viewer "Imprudence 1.3.2.0" ;; - "Imprudence" has access ;; - "Imprudence 1.3" has access ;; - "Imprudence 1.3.1" has no access ; AllowedClients = "" ;AllowedClients = "Firestorm" AllowedClients = "5.1.7.55786" ;# {DeniedClients} {} {Bar (|) separated list of denied clients} {} ;; Bar (|) separated list of viewers which may not gain access to the regions. ;; One can use a Substring of the viewer name to disable only certain ;; versions ;; Example: Agent uses the viewer "Imprudence 1.3.2.0" ;; - "Imprudence" has no access ;; - "Imprudence 1.3" has no access ;; - "Imprudence 1.3.1" has access ; DeniedClients = "" ;DeniedClients = "Imprudence|CopyBot|Twisted|Crawler|Cryolife|FuckLife|StreetLife|GreenLife|AntiLife|KORE-Phaze|Synlyfe|PurpleSecond Life|Emerald|Darkstorm|BuilderBot|Phoenix-Firestorm-Professional" ... Robust.log (XXX for IP and Mac): 2018-11-09 13:11:38,486 INFO (Threadpool worker) - OpenSim.Services.LLLoginService.LLLoginService [LLOGIN SERVICE]: Login request for Owner RoMetaverse at home using viewer 5.1.7.55786, channel Firestorm-Releasex64, IP XX.XXX.XX.XXX, Mac XXXXXXXX, Id0 2be72c62d2bed82f20db3532d25eb274, Possible LibOMVGridProxy: False ... 2018-11-09 13:11:38,578 INFO (Threadpool worker) - OpenSim.Services.HypergridService.GatekeeperService [GATEKEEPER SERVICE]: Login request for Owner RoMetaverse @ http://XXXXXX.ultrasrv.de:8002/ [^] (406c5f02-1f96-4c74-adec-d6a7c80f87b1) at 8cebdc4e-bc0b-11e8-a355-529269fb1459 using viewer Firestorm-Releasex64 5.1.7.55786, channel Firestorm-Releasex64, IP XX.XXX.XX.XXX, Mac XXXXXXXX, Id0 2be72c62d2bed82f20db3532d25eb274, Teleport Flags: ViaHome, ViaLogin. From region Unknown | ||||||||
| Additional Information | OpenSim Version: 0.9.0.1 g6b2da57 2018-06-29 Mono Version 4.6.1 | ||||||||
| Tags | No tags attached. | ||||||||
| Git Revision or version number | |||||||||
| Run Mode | Grid (Multiple Regions per Sim) | ||||||||
| Physics Engine | BulletSim | ||||||||
| Script Engine | |||||||||
| Environment | Mono / Linux64 | ||||||||
| Mono Version | Other | ||||||||
| Viewer | Firestorm 5.1.7 (55786) | ||||||||
| Attached Files |  LLLoginService.cs.patch [^] (3,738 bytes) 2019-02-06 15:28 [Show Content]
| ||||||||
 Relationships |
|
 Relationships |
|
Notes |
|
|
(0033455) tampa (reporter) 2018-11-09 05:10 |
iirc that's because you are entering the wrong strings for it to check against, you can read that in the log, the reported name is "Firestorm-Releasex64" which will not match with just "Firestorm". Beyond that however, the system is completely useless anyways as that is a reported check, so anyone can just send a name of what they claim to be using and the system has no way of actually knowing whether that is true or not. You can self-compile a viewer and make it named Firestorm even if it is actually Singularity. It's rather ineffective in forcing certain client versions in case you were hoping this would prevent any sort of nasty behavior from users. |
|
(0033456) danbanner (manager) 2018-11-09 05:38 |
"Imprudence" would still work as expected since the client (viewer) is reported with name and version. Older viewers displayed client/channel differently than current viewers present this information now (this was changed several years ago.. thank LL) viewer | channel Imprudence 1.3.2.0 | Imprudence 5.1.7.55786 | Firestorm-Releasex64 1.8.7.6994 | Singularity Alpha 64 |
|
(0033457) UbitUmarov (administrator) 2018-11-09 07:31 edited on: 2018-11-09 07:35 |
made a change on master. our code on access control was still for old format, where version also included the viewer name, now it only includes the version. ie was Firestorm-Releasex64 5.1.7.55786 now is just 5.1.7.55786 With the code change, the string used on the match should now be "Firestorm-Releasex64 5.1.7.55786" in both cases. note that you may need to change your settings to match this changes. the match is done using .net Regex as before (https://docs.microsoft.com/en-us/dotnet/standard/base-types/regular-expressions?view=netframework-4 [^]) |
|
(0033458) Data Rossini (reporter) 2018-11-09 11:17 edited on: 2018-11-10 10:58 |
@ALL TOGETHER. OK. Thank you very much for information. I would like to add that the client version check also takes place when teleporting to another grid. Here is the relevant source code: GatekeeperService.cs: // // Check client // if (m_AllowedClients != string.Empty) { Regex arx = new Regex(m_AllowedClients); Match am = arx.Match(curViewer); if (!am.Success) { reason = "Login failed: client " + curViewer + " is not allowed"; m_log.InfoFormat("[GATEKEEPER SERVICE]: Login failed, reason: client {0} is not allowed", curViewer); return false; } } if (m_DeniedClients != string.Empty) { Regex drx = new Regex(m_DeniedClients); Match dm = drx.Match(curViewer); if (dm.Success) { reason = "Login failed: client " + curViewer + " is denied"; m_log.InfoFormat("[GATEKEEPER SERVICE]: Login failed, reason: client {0} is denied", curViewer); return false; } } Util.cs --> GetViewerName(AgentCircuitData agent) /// <summary> /// Returns the name of the user's viewer. /// </summary> /// <remarks> /// This method handles two ways that viewers specify their name: /// 1. Viewer = "Firestorm-Release 4.4.2.34167", Channel = "(don't care)" -> "Firestorm-Release 4.4.2.34167" /// 2. Viewer = "4.5.1.38838", Channel = "Firestorm-Beta" -> "Firestorm-Beta 4.5.1.38838" /// </remarks> public static string GetViewerName(AgentCircuitData agent) { string name = agent.Viewer; if (name == null) name = ""; else name = name.Trim(); // Check if 'Viewer' is just a version number. If it's *not*, then we // assume that it contains the real viewer name, and we return it. foreach (char c in name) { if (Char.IsLetter(c)) return name; } // The 'Viewer' string contains just a version number. If there's anything in // 'Channel' then assume that it's the viewer name. if ((agent.Channel != null) && (agent.Channel.Length > 0)) name = agent.Channel.Trim() + " " + name; return name; } And that's the answer string for the LoginHandler from Viewer (mac and passwd were replaced by XXX...): agree_to_tos:0 platform:lnx last:RoMetaverse address_size:64 host_id: extended_errors:1 platform_string:Linux 4.15 version:5.1.7.55786 last_exec_duration:166 mac:XXXXXXXXXXXXXXXXXXXXXX last_exec_event:0 passwd:$XXXXXXXXXXXXXXXXXXX channel:Firestorm-Releasex64 id0:bef500f4a93a2e991e9c163f60c23315 first:Owner read_critical:0 options:System.Collections.ArrayList inventory-root inventory-skeleton inventory-lib-root inventory-lib-owner inventory-skel-lib initial-outfit gestures display_names event_categories event_notifications classified_categories adult_compliant buddy-list newuser-config ui-config advanced-mode max-agent-groups map-server-url voice-config tutorial_setting login-flags global-textures currency max_groups search destination_guide_url avatar_picker_url start:home platform_version:2.23.0 Thanks |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2018-11-09 04:45 | Data Rossini | New Issue | |
| 2018-11-09 04:50 | Data Rossini | Steps to Reproduce Updated | View Revisions |
| 2018-11-09 04:51 | Data Rossini | Description Updated | View Revisions |
| 2018-11-09 04:53 | Data Rossini | Description Updated | View Revisions |
| 2018-11-09 04:53 | Data Rossini | Description Updated | View Revisions |
| 2018-11-09 04:58 | Data Rossini | Description Updated | View Revisions |
| 2018-11-09 04:59 | Data Rossini | Description Updated | View Revisions |
| 2018-11-09 05:10 | tampa | Note Added: 0033455 | |
| 2018-11-09 05:38 | danbanner | Note Added: 0033456 | |
| 2018-11-09 07:31 | UbitUmarov | Note Added: 0033457 | |
| 2018-11-09 07:35 | UbitUmarov | Note Edited: 0033457 | View Revisions |
| 2018-11-09 11:17 | Data Rossini | Note Added: 0033458 | |
| 2018-11-09 11:47 | Data Rossini | Note Edited: 0033458 | View Revisions |
| 2018-11-09 12:36 | Data Rossini | Note Edited: 0033458 | View Revisions |
| 2018-11-10 10:58 | Data Rossini | Note Edited: 0033458 | View Revisions |
| 2019-02-06 15:28 | Data Rossini | File Added: LLLoginService.cs.patch | |
| 2020-11-19 07:34 | tampa | Status | new => resolved |
| 2020-11-19 07:34 | tampa | Fixed in Version | => master (dev code) |
| 2020-11-19 07:34 | tampa | Resolution | open => fixed |
| 2020-11-19 07:34 | tampa | Assigned To | => tampa |
|
Issue History |
| Copyright © 2000 - 2012 MantisBT Group |
 |