[Opensim-dev] Validating IP and Region

Haravikk opensim at haravikk.me
Mon Jul 24 08:17:17 UTC 2017 

> On 23 Jul 2017, at 20:56, Cinder Roxley <cinder at alchemyviewer.org> wrote:
> 
> On July 23, 2017 at 2:27:34 PM, Haravikk (opensim at haravikk.me <mailto:opensim at haravikk.me>) wrote:
>> After digging around it's starting to look like the answer is a "no" to this capability at present (do feel free to correct me if that's wrong, pretty please!) so I'm thinking about what it would take to add it.
>> 
>> There are only really two key features needed to support it however:
>> 
>> Add an X-OpenSim-Grid header to llHTTPRequest()
>> 
>> The idea here is to add a new X-OpenSim-Grid header to all llHTTPRequest() calls, automatically containing the current grid's login URI, nickname and full name, in a format resembling the following:
>> 
>> X-OpenSim-Grid: http://mygrid.com/login <http://mygrid.com/login>; nick_name=my_grid; name="My Grid"
> 
> x-grid-info:// makes a better resource identifier for grids: https://alchemy.atlassian.net/wiki/pages/viewpage.action?pageId=28737538 <https://alchemy.atlassian.net/wiki/pages/viewpage.action?pageId=28737538> The nick and the name can be easily pulled from get_grid_info/

Hmm, that does look like a good URI scheme; are you suggesting then that an X-OpenSim-GridInfo header would be more appropriate, providing a URI in that form? That does seem like a good alternative!

>> Enable Querying of IP and Region Name
>> 
>> My thinking is that a new request would be supported on a grid's login URI (if possible); whereby, instead of logging in, the sender queries the grid about whether a given region name exists with a given IP address or not, with the server responding either true or false. There should be no viable risk of exploitation here as the call will only return true if the sender already knows both a valid IP address and region name; all it can therefore do is confirm that <region name> is currently provided by a server at <IP address>.
> 
> You can already POST to the grid service to get this information, although the grid service isn’t always exposed publicly: http://opensimulator.org/wiki/GridService <http://opensimulator.org/wiki/GridService> 

That same page says that the GridService should only be LAN accessible, so it seems like some external service for validation would still be more appropriate?

>> Adding this to the login URI seems like the simplest option, but it may not be the cleanest (is it polluting the login URI to have it handle other things like this?), however, with the login URI being the primary point of contact for a grid it seems like the most logical way to do it to me. If anyone has any other ideas where the query should be performed (and how the necessary info can be passed to a web-service) please let comment!
> 
> Please don’t pollute the endpoint. While it may be convenient, the login service may not even have access to the grid service and it doesn’t belong there. The services are tangled up enough as it is. I would think the Gatekeeper service would be more appropriate, but don’t quote me on that.
> 
Actually on the issue of grid-info, perhaps something of that nature makes sense? If I've understood correctly, grid-info is retrieved simply by send a GET /get_grid_info request to the grid's domain and port. Is GridInfo its own service? Perhaps something in a similar vein to that makes sense, except for validating IP and region?

>>>>>> Okay, so I just found that there's no way to retrieve a region's UUID in a script so you can ignore that part; though I had thought it would be a better way to identify a region (in case a region is renamed).
> 
> Also, bear in mind having one, two, five, or one hundred regions with the same name on the same ip address is perfectly valid in OpenSim.

This shouldn't be an issue; I just need to know if I'm receiving a request from an IP hosting a region name that it claims to, basically the intent is a basic sanity check that a request has come from the grid and region it claims to. As long as the grid is happy to verify that the IP is hosting the region I got a request from, then that should be perfectly fine.

>>>>>> Though that does raise the separate question; would there be any harm in making a region's UUID available to scripts and/or sending it as a HTTP header? It just seems like it would be a good way to handle any region that is renamed, because as long as the GUID is kept the same then web-services (and grids) could recognise that it's the same region and treat it accordingly.
> 
> Changing a region’s UUID is as easy as changing its name, and just as easy to spoof in most cases.

True. I'm also now leaning away from using the UUID as it seems like keeping it private between simulators and grids is the best thing to do, as it provides a way for grids to limit theft of region names; I don't know if any do this, but if a region is down a grid could put a hold on its name using its GUID, to prevent a malicious simulator from stealing that region name (since it'd have to know the region's UUID as well).

So using that information for any other purpose would reduce security, so that's a nope on that one!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://opensimulator.org/pipermail/opensim-dev/attachments/20170724/bccdb68d/attachment-0001.html>

More information about the Opensim-dev mailing list