diff options
author | Diva Canto | 2012-09-22 11:11:48 -0700 |
---|---|---|
committer | Diva Canto | 2012-09-22 11:11:48 -0700 |
commit | fb6d6e5cca8e283025ef80cfd29a97bc5882550d (patch) | |
tree | 6a3b50fccf9645b2752cd90b5751fefae15068ea | |
parent | More HG 2.0: access control at the Gatekeeper. \o/ (diff) | |
download | opensim-SC-fb6d6e5cca8e283025ef80cfd29a97bc5882550d.zip opensim-SC-fb6d6e5cca8e283025ef80cfd29a97bc5882550d.tar.gz opensim-SC-fb6d6e5cca8e283025ef80cfd29a97bc5882550d.tar.bz2 opensim-SC-fb6d6e5cca8e283025ef80cfd29a97bc5882550d.tar.xz |
HG 2.0: User Agent Service now can also control where the local users can go. Domain-name and user-level based. \o/
Diffstat (limited to '')
-rw-r--r-- | OpenSim/Services/HypergridService/UserAgentService.cs | 103 | ||||
-rw-r--r-- | bin/Robust.HG.ini.example | 18 | ||||
-rw-r--r-- | bin/config-include/StandaloneCommon.ini.example | 19 |
3 files changed, 136 insertions, 4 deletions
diff --git a/OpenSim/Services/HypergridService/UserAgentService.cs b/OpenSim/Services/HypergridService/UserAgentService.cs index 49c7f89..a6fc731 100644 --- a/OpenSim/Services/HypergridService/UserAgentService.cs +++ b/OpenSim/Services/HypergridService/UserAgentService.cs | |||
@@ -77,6 +77,10 @@ namespace OpenSim.Services.HypergridService | |||
77 | 77 | ||
78 | protected static bool m_BypassClientVerification; | 78 | protected static bool m_BypassClientVerification; |
79 | 79 | ||
80 | private static Dictionary<int, bool> m_ForeignTripsAllowed = new Dictionary<int, bool>(); | ||
81 | private static Dictionary<int, List<string>> m_TripsAllowedExceptions = new Dictionary<int, List<string>>(); | ||
82 | private static Dictionary<int, List<string>> m_TripsDisallowedExceptions = new Dictionary<int, List<string>>(); | ||
83 | |||
80 | public UserAgentService(IConfigSource config) : this(config, null) | 84 | public UserAgentService(IConfigSource config) : this(config, null) |
81 | { | 85 | { |
82 | } | 86 | } |
@@ -121,6 +125,12 @@ namespace OpenSim.Services.HypergridService | |||
121 | m_PresenceService = ServerUtils.LoadPlugin<IPresenceService>(presenceService, args); | 125 | m_PresenceService = ServerUtils.LoadPlugin<IPresenceService>(presenceService, args); |
122 | m_UserAccountService = ServerUtils.LoadPlugin<IUserAccountService>(userAccountService, args); | 126 | m_UserAccountService = ServerUtils.LoadPlugin<IUserAccountService>(userAccountService, args); |
123 | 127 | ||
128 | m_LevelOutsideContacts = serverConfig.GetInt("LevelOutsideContacts", 0); | ||
129 | |||
130 | LoadTripPermissionsFromConfig(serverConfig, "ForeignTripsAllowed"); | ||
131 | LoadDomainExceptionsFromConfig(serverConfig, "AllowExcept", m_TripsAllowedExceptions); | ||
132 | LoadDomainExceptionsFromConfig(serverConfig, "DisallowExcept", m_TripsDisallowedExceptions); | ||
133 | |||
124 | m_GridName = serverConfig.GetString("ExternalName", string.Empty); | 134 | m_GridName = serverConfig.GetString("ExternalName", string.Empty); |
125 | if (m_GridName == string.Empty) | 135 | if (m_GridName == string.Empty) |
126 | { | 136 | { |
@@ -130,10 +140,43 @@ namespace OpenSim.Services.HypergridService | |||
130 | if (!m_GridName.EndsWith("/")) | 140 | if (!m_GridName.EndsWith("/")) |
131 | m_GridName = m_GridName + "/"; | 141 | m_GridName = m_GridName + "/"; |
132 | 142 | ||
133 | m_LevelOutsideContacts = serverConfig.GetInt("LevelOutsideContacts", 0); | ||
134 | } | 143 | } |
135 | } | 144 | } |
136 | 145 | ||
146 | protected void LoadTripPermissionsFromConfig(IConfig config, string variable) | ||
147 | { | ||
148 | foreach (string keyName in config.GetKeys()) | ||
149 | { | ||
150 | if (keyName.StartsWith(variable + "_Level_")) | ||
151 | { | ||
152 | int level = 0; | ||
153 | if (Int32.TryParse(keyName.Replace(variable + "_Level_", ""), out level)) | ||
154 | m_ForeignTripsAllowed.Add(level, config.GetBoolean(keyName, true)); | ||
155 | } | ||
156 | } | ||
157 | } | ||
158 | |||
159 | protected void LoadDomainExceptionsFromConfig(IConfig config, string variable, Dictionary<int, List<string>> exceptions) | ||
160 | { | ||
161 | foreach (string keyName in config.GetKeys()) | ||
162 | { | ||
163 | if (keyName.StartsWith(variable + "_Level_")) | ||
164 | { | ||
165 | int level = 0; | ||
166 | if (Int32.TryParse(keyName.Replace(variable + "_Level_", ""), out level) && !exceptions.ContainsKey(level)) | ||
167 | { | ||
168 | exceptions.Add(level, new List<string>()); | ||
169 | string value = config.GetString(keyName, string.Empty); | ||
170 | string[] parts = value.Split(new char[] { ',' }, StringSplitOptions.RemoveEmptyEntries); | ||
171 | |||
172 | foreach (string s in parts) | ||
173 | exceptions[level].Add(s.Trim()); | ||
174 | } | ||
175 | } | ||
176 | } | ||
177 | } | ||
178 | |||
179 | |||
137 | public GridRegion GetHomeRegion(UUID userID, out Vector3 position, out Vector3 lookAt) | 180 | public GridRegion GetHomeRegion(UUID userID, out Vector3 position, out Vector3 lookAt) |
138 | { | 181 | { |
139 | position = new Vector3(128, 128, 0); lookAt = Vector3.UnitY; | 182 | position = new Vector3(128, 128, 0); lookAt = Vector3.UnitY; |
@@ -166,13 +209,39 @@ namespace OpenSim.Services.HypergridService | |||
166 | m_log.DebugFormat("[USER AGENT SERVICE]: Request to login user {0} {1} (@{2}) to grid {3}", | 209 | m_log.DebugFormat("[USER AGENT SERVICE]: Request to login user {0} {1} (@{2}) to grid {3}", |
167 | agentCircuit.firstname, agentCircuit.lastname, ((clientIP == null) ? "stored IP" : clientIP.Address.ToString()), gatekeeper.ServerURI); | 210 | agentCircuit.firstname, agentCircuit.lastname, ((clientIP == null) ? "stored IP" : clientIP.Address.ToString()), gatekeeper.ServerURI); |
168 | 211 | ||
169 | if (m_UserAccountService.GetUserAccount(UUID.Zero, agentCircuit.AgentID) == null) | 212 | string gridName = gatekeeper.ServerURI; |
213 | |||
214 | UserAccount account = m_UserAccountService.GetUserAccount(UUID.Zero, agentCircuit.AgentID); | ||
215 | if (account == null) | ||
170 | { | 216 | { |
171 | m_log.WarnFormat("[USER AGENT SERVICE]: Someone attempted to lauch a foreign user from here {0} {1}", agentCircuit.firstname, agentCircuit.lastname); | 217 | m_log.WarnFormat("[USER AGENT SERVICE]: Someone attempted to lauch a foreign user from here {0} {1}", agentCircuit.firstname, agentCircuit.lastname); |
172 | reason = "Forbidden to launch your agents from here"; | 218 | reason = "Forbidden to launch your agents from here"; |
173 | return false; | 219 | return false; |
174 | } | 220 | } |
175 | 221 | ||
222 | // Is this user allowed to go there? | ||
223 | if (m_GridName != gridName) | ||
224 | { | ||
225 | if (m_ForeignTripsAllowed.ContainsKey(account.UserLevel)) | ||
226 | { | ||
227 | bool allowed = m_ForeignTripsAllowed[account.UserLevel]; | ||
228 | |||
229 | if (m_ForeignTripsAllowed[account.UserLevel] && IsException(gridName, account.UserLevel, m_TripsAllowedExceptions)) | ||
230 | allowed = false; | ||
231 | |||
232 | if (!m_ForeignTripsAllowed[account.UserLevel] && IsException(gridName, account.UserLevel, m_TripsDisallowedExceptions)) | ||
233 | allowed = true; | ||
234 | |||
235 | if (!allowed) | ||
236 | { | ||
237 | reason = "Your world does not allow you to visit the destination"; | ||
238 | m_log.InfoFormat("[USER AGENT SERVICE]: Agents not permitted to visit {0}. Refusing service.", gridName); | ||
239 | return false; | ||
240 | } | ||
241 | } | ||
242 | } | ||
243 | |||
244 | |||
176 | // Take the IP address + port of the gatekeeper (reg) plus the info of finalDestination | 245 | // Take the IP address + port of the gatekeeper (reg) plus the info of finalDestination |
177 | GridRegion region = new GridRegion(gatekeeper); | 246 | GridRegion region = new GridRegion(gatekeeper); |
178 | region.ServerURI = gatekeeper.ServerURI; | 247 | region.ServerURI = gatekeeper.ServerURI; |
@@ -189,7 +258,6 @@ namespace OpenSim.Services.HypergridService | |||
189 | 258 | ||
190 | bool success = false; | 259 | bool success = false; |
191 | string myExternalIP = string.Empty; | 260 | string myExternalIP = string.Empty; |
192 | string gridName = gatekeeper.ServerURI; | ||
193 | 261 | ||
194 | m_log.DebugFormat("[USER AGENT SERVICE]: this grid: {0}, desired grid: {1}", m_GridName, gridName); | 262 | m_log.DebugFormat("[USER AGENT SERVICE]: this grid: {0}, desired grid: {1}", m_GridName, gridName); |
195 | 263 | ||
@@ -588,6 +656,35 @@ namespace OpenSim.Services.HypergridService | |||
588 | else | 656 | else |
589 | return UUID.Zero; | 657 | return UUID.Zero; |
590 | } | 658 | } |
659 | |||
660 | #region Misc | ||
661 | |||
662 | private bool IsException(string dest, int level, Dictionary<int, List<string>> exceptions) | ||
663 | { | ||
664 | if (!exceptions.ContainsKey(level)) | ||
665 | return false; | ||
666 | |||
667 | bool exception = false; | ||
668 | if (exceptions[level].Count > 0) // we have exceptions | ||
669 | { | ||
670 | string destination = dest; | ||
671 | if (!destination.EndsWith("/")) | ||
672 | destination += "/"; | ||
673 | |||
674 | if (exceptions[level].Find(delegate(string s) | ||
675 | { | ||
676 | if (!s.EndsWith("/")) | ||
677 | s += "/"; | ||
678 | return s == destination; | ||
679 | }) != null) | ||
680 | exception = true; | ||
681 | } | ||
682 | |||
683 | return exception; | ||
684 | } | ||
685 | |||
686 | #endregion | ||
687 | |||
591 | } | 688 | } |
592 | 689 | ||
593 | class TravelingAgentInfo | 690 | class TravelingAgentInfo |
diff --git a/bin/Robust.HG.ini.example b/bin/Robust.HG.ini.example index 1bafdbd..18094b7 100644 --- a/bin/Robust.HG.ini.example +++ b/bin/Robust.HG.ini.example | |||
@@ -428,6 +428,24 @@ ServiceConnectors = "8003/OpenSim.Server.Handlers.dll:AssetServiceConnector,8003 | |||
428 | ; User level required to be contacted from other grids | 428 | ; User level required to be contacted from other grids |
429 | ;LevelOutsideContacts = 0 | 429 | ;LevelOutsideContacts = 0 |
430 | 430 | ||
431 | ;; Restrictions on destinations of local users. | ||
432 | ;; Are local users allowed to visit other grids? | ||
433 | ;; What user level? Use variables of this forrm: | ||
434 | ;; ForeignTripsAllowed_Level_<UserLevel> = true | false | ||
435 | ;; (the default is true) | ||
436 | ;; For example: | ||
437 | ; ForeignTripsAllowed_Level_0 = false | ||
438 | ; ForeignTripsAllowed_Level_200 = true ; true is default, no need to say it | ||
439 | ;; | ||
440 | ;; If ForeignTripsAllowed is false, make exceptions using DisallowExcept | ||
441 | ;; Leave blank or commented for no exceptions. | ||
442 | ; DisallowExcept_Level_0 = "http://myothergrid.com:8002, http://boss.com:8002" | ||
443 | ;; | ||
444 | ;; If ForeignTripsAllowed is true, make exceptions using AllowExcept. | ||
445 | ;; Leave blank or commented for no exceptions. | ||
446 | ; AllowExcept_Level_200 = "http://griefer.com:8002, http://enemy.com:8002" | ||
447 | |||
448 | |||
431 | ; * The interface that local users get when they are in other grids. | 449 | ; * The interface that local users get when they are in other grids. |
432 | ; * This restricts the inventory operations while in other grids. | 450 | ; * This restricts the inventory operations while in other grids. |
433 | ; * Still not completely safe, especially if users perform inventory operations | 451 | ; * Still not completely safe, especially if users perform inventory operations |
diff --git a/bin/config-include/StandaloneCommon.ini.example b/bin/config-include/StandaloneCommon.ini.example index 4339cb1..84de0ec 100644 --- a/bin/config-include/StandaloneCommon.ini.example +++ b/bin/config-include/StandaloneCommon.ini.example | |||
@@ -280,5 +280,22 @@ | |||
280 | ; Region_Test_1 = "DisallowForeigners" | 280 | ; Region_Test_1 = "DisallowForeigners" |
281 | 281 | ||
282 | [UserAgentService] | 282 | [UserAgentService] |
283 | ; User level required to be contacted from other grids | 283 | ;; User level required to be contacted from other grids |
284 | ;LevelOutsideContacts = 0 | 284 | ;LevelOutsideContacts = 0 |
285 | |||
286 | ;; Restrictions on destinations of local users. | ||
287 | ;; Are local users allowed to visit other grids? | ||
288 | ;; What user level? Use variables of this forrm: | ||
289 | ;; ForeignTripsAllowed_Level_<UserLevel> = true | false | ||
290 | ;; (the default is true) | ||
291 | ;; For example: | ||
292 | ; ForeignTripsAllowed_Level_0 = false | ||
293 | ; ForeignTripsAllowed_Level_200 = true ; true is default, no need to say it | ||
294 | ;; | ||
295 | ;; If ForeignTripsAllowed is false, make exceptions using DisallowExcept | ||
296 | ;; Leave blank or commented for no exceptions. | ||
297 | ; DisallowExcept_Level_0 = "http://myothergrid.com:8002, http://boss.com:8002" | ||
298 | ;; | ||
299 | ;; If ForeignTripsAllowed is true, make exceptions using AllowExcept. | ||
300 | ;; Leave blank or commented for no exceptions. | ||
301 | ; AllowExcept_Level_200 = "http://griefer.com:8002, http://enemy.com:8002" | ||