aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/OpenSim/Region
diff options
context:
space:
mode:
authorJustin Clark-Casey (justincc)2011-07-23 03:46:55 +0100
committerJustin Clark-Casey (justincc)2011-07-23 03:48:53 +0100
commit504de8bc4792eda165d71a2c7481cb43cb92759a (patch)
tree3206f651448b2a9ef0fae5b210ae4f35d1b6730d /OpenSim/Region
parentChange default AllowScriptCrossings config setting to true. (diff)
downloadopensim-SC-504de8bc4792eda165d71a2c7481cb43cb92759a.zip
opensim-SC-504de8bc4792eda165d71a2c7481cb43cb92759a.tar.gz
opensim-SC-504de8bc4792eda165d71a2c7481cb43cb92759a.tar.bz2
opensim-SC-504de8bc4792eda165d71a2c7481cb43cb92759a.tar.xz
Pass the first name and last name from the agent circuit data to the authorization service rather than from the account.
This is to accomodate situations where the authorization service is being used by the hypergrid, where visitors have no user account. See http://opensimulator.org/mantis/view.php?id=5517, this code is somewhat adapted/cleaned up from Michelle's patch I'm a little ambivalent about this since visitors could put anything in firstname/lastname so it's not much of an auth measure. It's up to the auth service to decide which data it actually uses. Possibly we should be passing through other info such as agent circuit ip
Diffstat (limited to 'OpenSim/Region')
-rw-r--r--OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/LocalAuthorizationServiceConnector.cs17
-rw-r--r--OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/RemoteAuthorizationServiceConnector.cs24
-rw-r--r--OpenSim/Region/Framework/Scenes/Scene.cs5
3 files changed, 27 insertions, 19 deletions
diff --git a/OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/LocalAuthorizationServiceConnector.cs b/OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/LocalAuthorizationServiceConnector.cs
index 85a1ac3..18a7177 100644
--- a/OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/LocalAuthorizationServiceConnector.cs
+++ b/OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/LocalAuthorizationServiceConnector.cs
@@ -39,8 +39,7 @@ using OpenMetaverse;
39 39
40namespace OpenSim.Region.CoreModules.ServiceConnectorsOut.Authorization 40namespace OpenSim.Region.CoreModules.ServiceConnectorsOut.Authorization
41{ 41{
42 public class LocalAuthorizationServicesConnector : 42 public class LocalAuthorizationServicesConnector : ISharedRegionModule, IAuthorizationService
43 ISharedRegionModule, IAuthorizationService
44 { 43 {
45 private static readonly ILog m_log = 44 private static readonly ILog m_log =
46 LogManager.GetLogger( 45 LogManager.GetLogger(
@@ -127,15 +126,15 @@ namespace OpenSim.Region.CoreModules.ServiceConnectorsOut.Authorization
127 if (!m_Enabled) 126 if (!m_Enabled)
128 return; 127 return;
129 128
130 m_log.InfoFormat("[AUTHORIZATION CONNECTOR]: Enabled local authorization for region {0}", scene.RegionInfo.RegionName); 129 m_log.InfoFormat(
131 130 "[AUTHORIZATION CONNECTOR]: Enabled local authorization for region {0}",
132 131 scene.RegionInfo.RegionName);
133 } 132 }
134 133
135 public bool IsAuthorizedForRegion(string userID, string regionID, out string message) 134 public bool IsAuthorizedForRegion(
135 string userID, string firstName, string lastName, string regionID, out string message)
136 { 136 {
137 return m_AuthorizationService.IsAuthorizedForRegion(userID, regionID, out message); 137 return m_AuthorizationService.IsAuthorizedForRegion(userID, firstName, lastName, regionID, out message);
138 } 138 }
139
140 } 139 }
141} 140} \ No newline at end of file
diff --git a/OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/RemoteAuthorizationServiceConnector.cs b/OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/RemoteAuthorizationServiceConnector.cs
index 66994fa..5fa27b8 100644
--- a/OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/RemoteAuthorizationServiceConnector.cs
+++ b/OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/RemoteAuthorizationServiceConnector.cs
@@ -117,12 +117,15 @@ namespace OpenSim.Region.CoreModules.ServiceConnectorsOut.Authorization
117 117
118 } 118 }
119 119
120 public bool IsAuthorizedForRegion(string userID, string regionID, out string message) 120 public bool IsAuthorizedForRegion(
121 string userID, string firstName, string lastName, string regionID, out string message)
121 { 122 {
122 m_log.InfoFormat("[REMOTE AUTHORIZATION CONNECTOR]: IsAuthorizedForRegion checking {0} for region {1}", userID, regionID); 123 m_log.InfoFormat(
124 "[REMOTE AUTHORIZATION CONNECTOR]: IsAuthorizedForRegion checking {0} for region {1}", userID, regionID);
123 125
124 bool isAuthorized = true; 126 bool isAuthorized = true;
125 message = String.Empty; 127 message = String.Empty;
128 string mail = String.Empty;
126 129
127 // get the scene this call is being made for 130 // get the scene this call is being made for
128 Scene scene = null; 131 Scene scene = null;
@@ -140,17 +143,22 @@ namespace OpenSim.Region.CoreModules.ServiceConnectorsOut.Authorization
140 if (scene != null) 143 if (scene != null)
141 { 144 {
142 UserAccount account = scene.UserAccountService.GetUserAccount(UUID.Zero, new UUID(userID)); 145 UserAccount account = scene.UserAccountService.GetUserAccount(UUID.Zero, new UUID(userID));
143 isAuthorized = IsAuthorizedForRegion(userID, account.FirstName, account.LastName, 146
144 account.Email, scene.RegionInfo.RegionName, regionID, out message); 147 if (account != null)
148 mail = account.Email;
149
150 isAuthorized
151 = IsAuthorizedForRegion(
152 userID, firstName, lastName, account.Email, scene.RegionInfo.RegionName, regionID, out message);
145 } 153 }
146 else 154 else
147 { 155 {
148 m_log.ErrorFormat("[REMOTE AUTHORIZATION CONNECTOR] IsAuthorizedForRegion, can't find scene to match region id of {0} ",regionID); 156 m_log.ErrorFormat(
157 "[REMOTE AUTHORIZATION CONNECTOR] IsAuthorizedForRegion, can't find scene to match region id of {0}",
158 regionID);
149 } 159 }
150 160
151
152 return isAuthorized; 161 return isAuthorized;
153
154 } 162 }
155 } 163 }
156} 164} \ No newline at end of file
diff --git a/OpenSim/Region/Framework/Scenes/Scene.cs b/OpenSim/Region/Framework/Scenes/Scene.cs
index 32a2887..1a32510 100644
--- a/OpenSim/Region/Framework/Scenes/Scene.cs
+++ b/OpenSim/Region/Framework/Scenes/Scene.cs
@@ -3553,11 +3553,12 @@ namespace OpenSim.Region.Framework.Scenes
3553 3553
3554 if (AuthorizationService != null) 3554 if (AuthorizationService != null)
3555 { 3555 {
3556 if (!AuthorizationService.IsAuthorizedForRegion(agent.AgentID.ToString(), RegionInfo.RegionID.ToString(),out reason)) 3556 if (!AuthorizationService.IsAuthorizedForRegion(
3557 agent.AgentID.ToString(), agent.firstname, agent.lastname, RegionInfo.RegionID.ToString(), out reason))
3557 { 3558 {
3558 m_log.WarnFormat("[CONNECTION BEGIN]: Denied access to: {0} ({1} {2}) at {3} because the user does not have access to the region", 3559 m_log.WarnFormat("[CONNECTION BEGIN]: Denied access to: {0} ({1} {2}) at {3} because the user does not have access to the region",
3559 agent.AgentID, agent.firstname, agent.lastname, RegionInfo.RegionName); 3560 agent.AgentID, agent.firstname, agent.lastname, RegionInfo.RegionName);
3560 //reason = String.Format("You are not currently on the access list for {0}",RegionInfo.RegionName); 3561
3561 return false; 3562 return false;
3562 } 3563 }
3563 } 3564 }