aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/OpenSim
diff options
context:
space:
mode:
authorDiva Canto2012-03-17 10:00:11 -0700
committerDiva Canto2012-03-17 10:00:11 -0700
commit33c14cb107ecb67a3e971d6adaab17d173d52747 (patch)
tree401301804f123e686b23c3ff925a7a393eaf4c2c /OpenSim
parentClean up "save iar" help (diff)
downloadopensim-SC-33c14cb107ecb67a3e971d6adaab17d173d52747.zip
opensim-SC-33c14cb107ecb67a3e971d6adaab17d173d52747.tar.gz
opensim-SC-33c14cb107ecb67a3e971d6adaab17d173d52747.tar.bz2
opensim-SC-33c14cb107ecb67a3e971d6adaab17d173d52747.tar.xz
Region access control! Region operators can now specify things like DisallowForeigners (means what it says) and DisallowResidents (means that only admins and managers can get into the region). This puts the never-completed AuthorizationService to good use. Note that I didn't implement a grid-wide Authorization service; this service implementation is done entirely locally on the simulator. This can be changed as usual by pluging in a different AuthorizationServicesConnector.
Diffstat (limited to 'OpenSim')
-rw-r--r--OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/AuthorizationService.cs124
-rw-r--r--OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/LocalAuthorizationServiceConnector.cs43
-rw-r--r--OpenSim/Region/Framework/Scenes/Scene.cs4
3 files changed, 142 insertions, 29 deletions
diff --git a/OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/AuthorizationService.cs b/OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/AuthorizationService.cs
new file mode 100644
index 0000000..f0d21e6
--- /dev/null
+++ b/OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/AuthorizationService.cs
@@ -0,0 +1,124 @@
1/*
2 * Copyright (c) Contributors, http://opensimulator.org/
3 * See CONTRIBUTORS.TXT for a full list of copyright holders.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions are met:
7 * * Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer.
9 * * Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the
11 * documentation and/or other materials provided with the distribution.
12 * * Neither the name of the OpenSimulator Project nor the
13 * names of its contributors may be used to endorse or promote products
14 * derived from this software without specific prior written permission.
15 *
16 * THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY
17 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
18 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
19 * DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY
20 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
21 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
22 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
23 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
24 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
25 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26 */
27
28using System;
29using System.Collections.Generic;
30using System.Linq;
31using System.Reflection;
32using Nini.Config;
33using log4net;
34using OpenSim.Framework;
35using OpenSim.Services.Interfaces;
36using OpenSim.Region.Framework.Interfaces;
37using OpenSim.Region.Framework.Scenes;
38using OpenMetaverse;
39
40using GridRegion = OpenSim.Services.Interfaces.GridRegion;
41
42namespace OpenSim.Region.CoreModules.ServiceConnectorsOut.Authorization
43{
44 public class AuthorizationService : IAuthorizationService
45 {
46 private enum AccessFlags
47 {
48 None = 0, /* No restrictions */
49 DisallowResidents = 1, /* Only gods and managers*/
50 DisallowForeigners = 2, /* Only local people */
51 }
52
53 private static readonly ILog m_log =
54 LogManager.GetLogger(
55 MethodBase.GetCurrentMethod().DeclaringType);
56
57 private IUserManagement m_UserManagement;
58 private IGridService m_GridService;
59
60 private Scene m_Scene;
61 AccessFlags m_accessValue = AccessFlags.None;
62
63
64 public AuthorizationService(IConfig config, Scene scene)
65 {
66 m_Scene = scene;
67 m_UserManagement = scene.RequestModuleInterface<IUserManagement>();
68 m_GridService = scene.GridService;
69
70 if (config != null)
71 {
72 string accessStr = config.GetString("Region_" + scene.RegionInfo.RegionName.Replace(' ', '_'), String.Empty);
73 if (accessStr != string.Empty)
74 {
75 try
76 {
77 m_accessValue = (AccessFlags)Enum.Parse(typeof(AccessFlags), accessStr);
78 }
79 catch (ArgumentException)
80 {
81 m_log.WarnFormat("[AuthorizationService]: {0} is not a valid access flag", accessStr);
82 }
83 }
84 m_log.DebugFormat("[AuthorizationService]: Region {0} access restrictions: {1}", m_Scene.RegionInfo.RegionName, m_accessValue);
85 }
86
87 }
88
89 public bool IsAuthorizedForRegion(
90 string user, string firstName, string lastName, string regionID, out string message)
91 {
92 message = "authorized";
93
94 // This should not happen
95 if (m_Scene.RegionInfo.RegionID.ToString() != regionID)
96 {
97 m_log.WarnFormat("[AuthorizationService]: Service for region {0} received request to authorize for region {1}",
98 m_Scene.RegionInfo.RegionID, regionID);
99 return true;
100 }
101
102 if (m_accessValue == AccessFlags.None)
103 return true;
104
105 UUID userID = new UUID(user);
106 bool authorized = true;
107 if ((m_accessValue & AccessFlags.DisallowForeigners) == AccessFlags.DisallowForeigners)
108 {
109 authorized = m_UserManagement.IsLocalGridUser(userID);
110 if (!authorized)
111 message = "no foreigner users allowed in this region";
112 }
113 if (authorized && (m_accessValue & AccessFlags.DisallowResidents) == AccessFlags.DisallowResidents)
114 {
115 authorized = m_Scene.Permissions.IsGod(userID) | m_Scene.Permissions.IsAdministrator(userID);
116 if (!authorized)
117 message = "only Admins and Managers allowed in this region";
118 }
119
120 return authorized;
121 }
122
123 }
124} \ No newline at end of file
diff --git a/OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/LocalAuthorizationServiceConnector.cs b/OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/LocalAuthorizationServiceConnector.cs
index 18a7177..c982db6 100644
--- a/OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/LocalAuthorizationServiceConnector.cs
+++ b/OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/LocalAuthorizationServiceConnector.cs
@@ -39,13 +39,15 @@ using OpenMetaverse;
39 39
40namespace OpenSim.Region.CoreModules.ServiceConnectorsOut.Authorization 40namespace OpenSim.Region.CoreModules.ServiceConnectorsOut.Authorization
41{ 41{
42 public class LocalAuthorizationServicesConnector : ISharedRegionModule, IAuthorizationService 42 public class LocalAuthorizationServicesConnector : INonSharedRegionModule, IAuthorizationService
43 { 43 {
44 private static readonly ILog m_log = 44 private static readonly ILog m_log =
45 LogManager.GetLogger( 45 LogManager.GetLogger(
46 MethodBase.GetCurrentMethod().DeclaringType); 46 MethodBase.GetCurrentMethod().DeclaringType);
47 47
48 private IAuthorizationService m_AuthorizationService; 48 private IAuthorizationService m_AuthorizationService;
49 private Scene m_Scene;
50 private IConfig m_AuthorizationConfig;
49 51
50 private bool m_Enabled = false; 52 private bool m_Enabled = false;
51 53
@@ -69,33 +71,8 @@ namespace OpenSim.Region.CoreModules.ServiceConnectorsOut.Authorization
69 string name = moduleConfig.GetString("AuthorizationServices", string.Empty); 71 string name = moduleConfig.GetString("AuthorizationServices", string.Empty);
70 if (name == Name) 72 if (name == Name)
71 { 73 {
72 IConfig authorizationConfig = source.Configs["AuthorizationService"];
73 if (authorizationConfig == null)
74 {
75 m_log.Error("[AUTHORIZATION CONNECTOR]: AuthorizationService missing from OpenSim.ini");
76 return;
77 }
78
79 string serviceDll = authorizationConfig.GetString("LocalServiceModule",
80 String.Empty);
81
82 if (serviceDll == String.Empty)
83 {
84 m_log.Error("[AUTHORIZATION CONNECTOR]: No LocalServiceModule named in section AuthorizationService");
85 return;
86 }
87
88 Object[] args = new Object[] { source };
89 m_AuthorizationService =
90 ServerUtils.LoadPlugin<IAuthorizationService>(serviceDll,
91 args);
92
93 if (m_AuthorizationService == null)
94 {
95 m_log.Error("[AUTHORIZATION CONNECTOR]: Can't load authorization service");
96 return;
97 }
98 m_Enabled = true; 74 m_Enabled = true;
75 m_AuthorizationConfig = source.Configs["AuthorizationService"];
99 m_log.Info("[AUTHORIZATION CONNECTOR]: Local authorization connector enabled"); 76 m_log.Info("[AUTHORIZATION CONNECTOR]: Local authorization connector enabled");
100 } 77 }
101 } 78 }
@@ -115,6 +92,9 @@ namespace OpenSim.Region.CoreModules.ServiceConnectorsOut.Authorization
115 return; 92 return;
116 93
117 scene.RegisterModuleInterface<IAuthorizationService>(this); 94 scene.RegisterModuleInterface<IAuthorizationService>(this);
95 m_Scene = scene;
96
97 scene.EventManager.OnLoginsEnabled += new EventManager.LoginsEnabled(OnLoginsEnabled);
118 } 98 }
119 99
120 public void RemoveRegion(Scene scene) 100 public void RemoveRegion(Scene scene)
@@ -131,9 +111,18 @@ namespace OpenSim.Region.CoreModules.ServiceConnectorsOut.Authorization
131 scene.RegionInfo.RegionName); 111 scene.RegionInfo.RegionName);
132 } 112 }
133 113
114 private void OnLoginsEnabled(string regionName)
115 {
116 m_AuthorizationService = new AuthorizationService(m_AuthorizationConfig, m_Scene);
117 }
118
134 public bool IsAuthorizedForRegion( 119 public bool IsAuthorizedForRegion(
135 string userID, string firstName, string lastName, string regionID, out string message) 120 string userID, string firstName, string lastName, string regionID, out string message)
136 { 121 {
122 message = "";
123 if (!m_Enabled)
124 return true;
125
137 return m_AuthorizationService.IsAuthorizedForRegion(userID, firstName, lastName, regionID, out message); 126 return m_AuthorizationService.IsAuthorizedForRegion(userID, firstName, lastName, regionID, out message);
138 } 127 }
139 } 128 }
diff --git a/OpenSim/Region/Framework/Scenes/Scene.cs b/OpenSim/Region/Framework/Scenes/Scene.cs
index 5b1b165..0042f7b 100644
--- a/OpenSim/Region/Framework/Scenes/Scene.cs
+++ b/OpenSim/Region/Framework/Scenes/Scene.cs
@@ -3533,8 +3533,8 @@ namespace OpenSim.Region.Framework.Scenes
3533 if (!AuthorizationService.IsAuthorizedForRegion( 3533 if (!AuthorizationService.IsAuthorizedForRegion(
3534 agent.AgentID.ToString(), agent.firstname, agent.lastname, RegionInfo.RegionID.ToString(), out reason)) 3534 agent.AgentID.ToString(), agent.firstname, agent.lastname, RegionInfo.RegionID.ToString(), out reason))
3535 { 3535 {
3536 m_log.WarnFormat("[CONNECTION BEGIN]: Denied access to: {0} ({1} {2}) at {3} because the user does not have access to the region", 3536 m_log.WarnFormat("[CONNECTION BEGIN]: Denied access to: {0} ({1} {2}) at {3} because {4}",
3537 agent.AgentID, agent.firstname, agent.lastname, RegionInfo.RegionName); 3537 agent.AgentID, agent.firstname, agent.lastname, RegionInfo.RegionName, reason);
3538 3538
3539 return false; 3539 return false;
3540 } 3540 }