aboutsummaryrefslogtreecommitdiffstatshomepage
diff options
context:
space:
mode:
authorDiva Canto2012-09-22 11:11:48 -0700
committerDiva Canto2012-09-22 11:11:48 -0700
commitfb6d6e5cca8e283025ef80cfd29a97bc5882550d (patch)
tree6a3b50fccf9645b2752cd90b5751fefae15068ea
parentMore HG 2.0: access control at the Gatekeeper. \o/ (diff)
downloadopensim-SC-fb6d6e5cca8e283025ef80cfd29a97bc5882550d.zip
opensim-SC-fb6d6e5cca8e283025ef80cfd29a97bc5882550d.tar.gz
opensim-SC-fb6d6e5cca8e283025ef80cfd29a97bc5882550d.tar.bz2
opensim-SC-fb6d6e5cca8e283025ef80cfd29a97bc5882550d.tar.xz
HG 2.0: User Agent Service now can also control where the local users can go. Domain-name and user-level based. \o/
Diffstat (limited to '')
-rw-r--r--OpenSim/Services/HypergridService/UserAgentService.cs103
-rw-r--r--bin/Robust.HG.ini.example18
-rw-r--r--bin/config-include/StandaloneCommon.ini.example19
3 files changed, 136 insertions, 4 deletions
diff --git a/OpenSim/Services/HypergridService/UserAgentService.cs b/OpenSim/Services/HypergridService/UserAgentService.cs
index 49c7f89..a6fc731 100644
--- a/OpenSim/Services/HypergridService/UserAgentService.cs
+++ b/OpenSim/Services/HypergridService/UserAgentService.cs
@@ -77,6 +77,10 @@ namespace OpenSim.Services.HypergridService
77 77
78 protected static bool m_BypassClientVerification; 78 protected static bool m_BypassClientVerification;
79 79
80 private static Dictionary<int, bool> m_ForeignTripsAllowed = new Dictionary<int, bool>();
81 private static Dictionary<int, List<string>> m_TripsAllowedExceptions = new Dictionary<int, List<string>>();
82 private static Dictionary<int, List<string>> m_TripsDisallowedExceptions = new Dictionary<int, List<string>>();
83
80 public UserAgentService(IConfigSource config) : this(config, null) 84 public UserAgentService(IConfigSource config) : this(config, null)
81 { 85 {
82 } 86 }
@@ -121,6 +125,12 @@ namespace OpenSim.Services.HypergridService
121 m_PresenceService = ServerUtils.LoadPlugin<IPresenceService>(presenceService, args); 125 m_PresenceService = ServerUtils.LoadPlugin<IPresenceService>(presenceService, args);
122 m_UserAccountService = ServerUtils.LoadPlugin<IUserAccountService>(userAccountService, args); 126 m_UserAccountService = ServerUtils.LoadPlugin<IUserAccountService>(userAccountService, args);
123 127
128 m_LevelOutsideContacts = serverConfig.GetInt("LevelOutsideContacts", 0);
129
130 LoadTripPermissionsFromConfig(serverConfig, "ForeignTripsAllowed");
131 LoadDomainExceptionsFromConfig(serverConfig, "AllowExcept", m_TripsAllowedExceptions);
132 LoadDomainExceptionsFromConfig(serverConfig, "DisallowExcept", m_TripsDisallowedExceptions);
133
124 m_GridName = serverConfig.GetString("ExternalName", string.Empty); 134 m_GridName = serverConfig.GetString("ExternalName", string.Empty);
125 if (m_GridName == string.Empty) 135 if (m_GridName == string.Empty)
126 { 136 {
@@ -130,10 +140,43 @@ namespace OpenSim.Services.HypergridService
130 if (!m_GridName.EndsWith("/")) 140 if (!m_GridName.EndsWith("/"))
131 m_GridName = m_GridName + "/"; 141 m_GridName = m_GridName + "/";
132 142
133 m_LevelOutsideContacts = serverConfig.GetInt("LevelOutsideContacts", 0);
134 } 143 }
135 } 144 }
136 145
146 protected void LoadTripPermissionsFromConfig(IConfig config, string variable)
147 {
148 foreach (string keyName in config.GetKeys())
149 {
150 if (keyName.StartsWith(variable + "_Level_"))
151 {
152 int level = 0;
153 if (Int32.TryParse(keyName.Replace(variable + "_Level_", ""), out level))
154 m_ForeignTripsAllowed.Add(level, config.GetBoolean(keyName, true));
155 }
156 }
157 }
158
159 protected void LoadDomainExceptionsFromConfig(IConfig config, string variable, Dictionary<int, List<string>> exceptions)
160 {
161 foreach (string keyName in config.GetKeys())
162 {
163 if (keyName.StartsWith(variable + "_Level_"))
164 {
165 int level = 0;
166 if (Int32.TryParse(keyName.Replace(variable + "_Level_", ""), out level) && !exceptions.ContainsKey(level))
167 {
168 exceptions.Add(level, new List<string>());
169 string value = config.GetString(keyName, string.Empty);
170 string[] parts = value.Split(new char[] { ',' }, StringSplitOptions.RemoveEmptyEntries);
171
172 foreach (string s in parts)
173 exceptions[level].Add(s.Trim());
174 }
175 }
176 }
177 }
178
179
137 public GridRegion GetHomeRegion(UUID userID, out Vector3 position, out Vector3 lookAt) 180 public GridRegion GetHomeRegion(UUID userID, out Vector3 position, out Vector3 lookAt)
138 { 181 {
139 position = new Vector3(128, 128, 0); lookAt = Vector3.UnitY; 182 position = new Vector3(128, 128, 0); lookAt = Vector3.UnitY;
@@ -166,13 +209,39 @@ namespace OpenSim.Services.HypergridService
166 m_log.DebugFormat("[USER AGENT SERVICE]: Request to login user {0} {1} (@{2}) to grid {3}", 209 m_log.DebugFormat("[USER AGENT SERVICE]: Request to login user {0} {1} (@{2}) to grid {3}",
167 agentCircuit.firstname, agentCircuit.lastname, ((clientIP == null) ? "stored IP" : clientIP.Address.ToString()), gatekeeper.ServerURI); 210 agentCircuit.firstname, agentCircuit.lastname, ((clientIP == null) ? "stored IP" : clientIP.Address.ToString()), gatekeeper.ServerURI);
168 211
169 if (m_UserAccountService.GetUserAccount(UUID.Zero, agentCircuit.AgentID) == null) 212 string gridName = gatekeeper.ServerURI;
213
214 UserAccount account = m_UserAccountService.GetUserAccount(UUID.Zero, agentCircuit.AgentID);
215 if (account == null)
170 { 216 {
171 m_log.WarnFormat("[USER AGENT SERVICE]: Someone attempted to lauch a foreign user from here {0} {1}", agentCircuit.firstname, agentCircuit.lastname); 217 m_log.WarnFormat("[USER AGENT SERVICE]: Someone attempted to lauch a foreign user from here {0} {1}", agentCircuit.firstname, agentCircuit.lastname);
172 reason = "Forbidden to launch your agents from here"; 218 reason = "Forbidden to launch your agents from here";
173 return false; 219 return false;
174 } 220 }
175 221
222 // Is this user allowed to go there?
223 if (m_GridName != gridName)
224 {
225 if (m_ForeignTripsAllowed.ContainsKey(account.UserLevel))
226 {
227 bool allowed = m_ForeignTripsAllowed[account.UserLevel];
228
229 if (m_ForeignTripsAllowed[account.UserLevel] && IsException(gridName, account.UserLevel, m_TripsAllowedExceptions))
230 allowed = false;
231
232 if (!m_ForeignTripsAllowed[account.UserLevel] && IsException(gridName, account.UserLevel, m_TripsDisallowedExceptions))
233 allowed = true;
234
235 if (!allowed)
236 {
237 reason = "Your world does not allow you to visit the destination";
238 m_log.InfoFormat("[USER AGENT SERVICE]: Agents not permitted to visit {0}. Refusing service.", gridName);
239 return false;
240 }
241 }
242 }
243
244
176 // Take the IP address + port of the gatekeeper (reg) plus the info of finalDestination 245 // Take the IP address + port of the gatekeeper (reg) plus the info of finalDestination
177 GridRegion region = new GridRegion(gatekeeper); 246 GridRegion region = new GridRegion(gatekeeper);
178 region.ServerURI = gatekeeper.ServerURI; 247 region.ServerURI = gatekeeper.ServerURI;
@@ -189,7 +258,6 @@ namespace OpenSim.Services.HypergridService
189 258
190 bool success = false; 259 bool success = false;
191 string myExternalIP = string.Empty; 260 string myExternalIP = string.Empty;
192 string gridName = gatekeeper.ServerURI;
193 261
194 m_log.DebugFormat("[USER AGENT SERVICE]: this grid: {0}, desired grid: {1}", m_GridName, gridName); 262 m_log.DebugFormat("[USER AGENT SERVICE]: this grid: {0}, desired grid: {1}", m_GridName, gridName);
195 263
@@ -588,6 +656,35 @@ namespace OpenSim.Services.HypergridService
588 else 656 else
589 return UUID.Zero; 657 return UUID.Zero;
590 } 658 }
659
660 #region Misc
661
662 private bool IsException(string dest, int level, Dictionary<int, List<string>> exceptions)
663 {
664 if (!exceptions.ContainsKey(level))
665 return false;
666
667 bool exception = false;
668 if (exceptions[level].Count > 0) // we have exceptions
669 {
670 string destination = dest;
671 if (!destination.EndsWith("/"))
672 destination += "/";
673
674 if (exceptions[level].Find(delegate(string s)
675 {
676 if (!s.EndsWith("/"))
677 s += "/";
678 return s == destination;
679 }) != null)
680 exception = true;
681 }
682
683 return exception;
684 }
685
686 #endregion
687
591 } 688 }
592 689
593 class TravelingAgentInfo 690 class TravelingAgentInfo
diff --git a/bin/Robust.HG.ini.example b/bin/Robust.HG.ini.example
index 1bafdbd..18094b7 100644
--- a/bin/Robust.HG.ini.example
+++ b/bin/Robust.HG.ini.example
@@ -428,6 +428,24 @@ ServiceConnectors = "8003/OpenSim.Server.Handlers.dll:AssetServiceConnector,8003
428 ; User level required to be contacted from other grids 428 ; User level required to be contacted from other grids
429 ;LevelOutsideContacts = 0 429 ;LevelOutsideContacts = 0
430 430
431 ;; Restrictions on destinations of local users.
432 ;; Are local users allowed to visit other grids?
433 ;; What user level? Use variables of this forrm:
434 ;; ForeignTripsAllowed_Level_<UserLevel> = true | false
435 ;; (the default is true)
436 ;; For example:
437 ; ForeignTripsAllowed_Level_0 = false
438 ; ForeignTripsAllowed_Level_200 = true ; true is default, no need to say it
439 ;;
440 ;; If ForeignTripsAllowed is false, make exceptions using DisallowExcept
441 ;; Leave blank or commented for no exceptions.
442 ; DisallowExcept_Level_0 = "http://myothergrid.com:8002, http://boss.com:8002"
443 ;;
444 ;; If ForeignTripsAllowed is true, make exceptions using AllowExcept.
445 ;; Leave blank or commented for no exceptions.
446 ; AllowExcept_Level_200 = "http://griefer.com:8002, http://enemy.com:8002"
447
448
431; * The interface that local users get when they are in other grids. 449; * The interface that local users get when they are in other grids.
432; * This restricts the inventory operations while in other grids. 450; * This restricts the inventory operations while in other grids.
433; * Still not completely safe, especially if users perform inventory operations 451; * Still not completely safe, especially if users perform inventory operations
diff --git a/bin/config-include/StandaloneCommon.ini.example b/bin/config-include/StandaloneCommon.ini.example
index 4339cb1..84de0ec 100644
--- a/bin/config-include/StandaloneCommon.ini.example
+++ b/bin/config-include/StandaloneCommon.ini.example
@@ -280,5 +280,22 @@
280 ; Region_Test_1 = "DisallowForeigners" 280 ; Region_Test_1 = "DisallowForeigners"
281 281
282[UserAgentService] 282[UserAgentService]
283 ; User level required to be contacted from other grids 283 ;; User level required to be contacted from other grids
284 ;LevelOutsideContacts = 0 284 ;LevelOutsideContacts = 0
285
286 ;; Restrictions on destinations of local users.
287 ;; Are local users allowed to visit other grids?
288 ;; What user level? Use variables of this forrm:
289 ;; ForeignTripsAllowed_Level_<UserLevel> = true | false
290 ;; (the default is true)
291 ;; For example:
292 ; ForeignTripsAllowed_Level_0 = false
293 ; ForeignTripsAllowed_Level_200 = true ; true is default, no need to say it
294 ;;
295 ;; If ForeignTripsAllowed is false, make exceptions using DisallowExcept
296 ;; Leave blank or commented for no exceptions.
297 ; DisallowExcept_Level_0 = "http://myothergrid.com:8002, http://boss.com:8002"
298 ;;
299 ;; If ForeignTripsAllowed is true, make exceptions using AllowExcept.
300 ;; Leave blank or commented for no exceptions.
301 ; AllowExcept_Level_200 = "http://griefer.com:8002, http://enemy.com:8002"