diff options
author | Diva Canto | 2012-09-21 21:03:14 -0700 |
---|---|---|
committer | Diva Canto | 2012-09-21 21:03:14 -0700 |
commit | 48f4b32d7f23c2d7a52db355017c8b2bb57b55fa (patch) | |
tree | ed64af8f3eb3842b75b4b645b3900cad033aa406 /OpenSim | |
parent | Merge branch 'master' of ssh://opensimulator.org/var/git/opensim (diff) | |
download | opensim-SC-48f4b32d7f23c2d7a52db355017c8b2bb57b55fa.zip opensim-SC-48f4b32d7f23c2d7a52db355017c8b2bb57b55fa.tar.gz opensim-SC-48f4b32d7f23c2d7a52db355017c8b2bb57b55fa.tar.bz2 opensim-SC-48f4b32d7f23c2d7a52db355017c8b2bb57b55fa.tar.xz |
More HG 2.0: access control at the Gatekeeper. \o/
Diffstat (limited to 'OpenSim')
-rw-r--r-- | OpenSim/Services/HypergridService/GatekeeperService.cs | 62 |
1 files changed, 54 insertions, 8 deletions
diff --git a/OpenSim/Services/HypergridService/GatekeeperService.cs b/OpenSim/Services/HypergridService/GatekeeperService.cs index 47d22b9..0f7d7c6 100644 --- a/OpenSim/Services/HypergridService/GatekeeperService.cs +++ b/OpenSim/Services/HypergridService/GatekeeperService.cs | |||
@@ -58,9 +58,11 @@ namespace OpenSim.Services.HypergridService | |||
58 | private static IUserAgentService m_UserAgentService; | 58 | private static IUserAgentService m_UserAgentService; |
59 | private static ISimulationService m_SimulationService; | 59 | private static ISimulationService m_SimulationService; |
60 | 60 | ||
61 | protected string m_AllowedClients = string.Empty; | 61 | private static string m_AllowedClients = string.Empty; |
62 | protected string m_DeniedClients = string.Empty; | 62 | private static string m_DeniedClients = string.Empty; |
63 | private static bool m_ForeignAgentsAllowed = true; | 63 | private static bool m_ForeignAgentsAllowed = true; |
64 | private static List<string> m_ForeignsAllowedExceptions = new List<string>(); | ||
65 | private static List<string> m_ForeignsDisallowedExceptions = new List<string>(); | ||
64 | 66 | ||
65 | private static UUID m_ScopeID; | 67 | private static UUID m_ScopeID; |
66 | private static bool m_AllowTeleportsToAnyRegion; | 68 | private static bool m_AllowTeleportsToAnyRegion; |
@@ -113,6 +115,9 @@ namespace OpenSim.Services.HypergridService | |||
113 | m_DeniedClients = serverConfig.GetString("DeniedClients", string.Empty); | 115 | m_DeniedClients = serverConfig.GetString("DeniedClients", string.Empty); |
114 | m_ForeignAgentsAllowed = serverConfig.GetBoolean("ForeignAgentsAllowed", true); | 116 | m_ForeignAgentsAllowed = serverConfig.GetBoolean("ForeignAgentsAllowed", true); |
115 | 117 | ||
118 | LoadDomainExceptionsFromConfig(serverConfig, "AllowExcept", m_ForeignsAllowedExceptions); | ||
119 | LoadDomainExceptionsFromConfig(serverConfig, "DisallowExcept", m_ForeignsDisallowedExceptions); | ||
120 | |||
116 | if (m_GridService == null || m_PresenceService == null || m_SimulationService == null) | 121 | if (m_GridService == null || m_PresenceService == null || m_SimulationService == null) |
117 | throw new Exception("Unable to load a required plugin, Gatekeeper Service cannot function."); | 122 | throw new Exception("Unable to load a required plugin, Gatekeeper Service cannot function."); |
118 | 123 | ||
@@ -125,6 +130,15 @@ namespace OpenSim.Services.HypergridService | |||
125 | { | 130 | { |
126 | } | 131 | } |
127 | 132 | ||
133 | protected void LoadDomainExceptionsFromConfig(IConfig config, string variable, List<string> exceptions) | ||
134 | { | ||
135 | string value = config.GetString(variable, string.Empty); | ||
136 | string[] parts = value.Split(new char[] { ',' }, StringSplitOptions.RemoveEmptyEntries); | ||
137 | |||
138 | foreach (string s in parts) | ||
139 | exceptions.Add(s.Trim()); | ||
140 | } | ||
141 | |||
128 | public bool LinkRegion(string regionName, out UUID regionID, out ulong regionHandle, out string externalName, out string imageURL, out string reason) | 142 | public bool LinkRegion(string regionName, out UUID regionID, out ulong regionHandle, out string externalName, out string imageURL, out string reason) |
129 | { | 143 | { |
130 | regionID = UUID.Zero; | 144 | regionID = UUID.Zero; |
@@ -260,14 +274,25 @@ namespace OpenSim.Services.HypergridService | |||
260 | m_log.DebugFormat("[GATEKEEPER SERVICE]: User is ok"); | 274 | m_log.DebugFormat("[GATEKEEPER SERVICE]: User is ok"); |
261 | 275 | ||
262 | // | 276 | // |
263 | // Foreign agents allowed | 277 | // Foreign agents allowed? Exceptions? |
264 | // | 278 | // |
265 | if (account == null && !m_ForeignAgentsAllowed) | 279 | if (account == null) |
266 | { | 280 | { |
267 | reason = "Unauthorized"; | 281 | bool allowed = m_ForeignAgentsAllowed; |
268 | m_log.InfoFormat("[GATEKEEPER SERVICE]: Foreign agents are not permitted {0} {1}. Refusing service.", | 282 | |
269 | aCircuit.firstname, aCircuit.lastname); | 283 | if (m_ForeignAgentsAllowed && IsException(aCircuit, m_ForeignsAllowedExceptions)) |
270 | return false; | 284 | allowed = false; |
285 | |||
286 | if (!m_ForeignAgentsAllowed && IsException(aCircuit, m_ForeignsDisallowedExceptions)) | ||
287 | allowed = true; | ||
288 | |||
289 | if (!allowed) | ||
290 | { | ||
291 | reason = "Destination does not allow visitors from your world"; | ||
292 | m_log.InfoFormat("[GATEKEEPER SERVICE]: Foreign agents are not permitted {0} {1} @ {2}. Refusing service.", | ||
293 | aCircuit.firstname, aCircuit.lastname, aCircuit.ServiceURLs["HomeURI"]); | ||
294 | return false; | ||
295 | } | ||
271 | } | 296 | } |
272 | 297 | ||
273 | // May want to authorize | 298 | // May want to authorize |
@@ -393,6 +418,27 @@ namespace OpenSim.Services.HypergridService | |||
393 | 418 | ||
394 | #region Misc | 419 | #region Misc |
395 | 420 | ||
421 | private bool IsException(AgentCircuitData aCircuit, List<string> exceptions) | ||
422 | { | ||
423 | bool exception = false; | ||
424 | if (exceptions.Count > 0) // we have exceptions | ||
425 | { | ||
426 | // Retrieve the visitor's origin | ||
427 | string userURL = aCircuit.ServiceURLs["HomeURI"].ToString(); | ||
428 | if (!userURL.EndsWith("/")) | ||
429 | userURL += "/"; | ||
430 | |||
431 | if (exceptions.Find(delegate(string s) | ||
432 | { | ||
433 | if (!s.EndsWith("/")) | ||
434 | s += "/"; | ||
435 | return s == userURL; | ||
436 | }) != null) | ||
437 | exception = true; | ||
438 | } | ||
439 | |||
440 | return exception; | ||
441 | } | ||
396 | 442 | ||
397 | #endregion | 443 | #endregion |
398 | } | 444 | } |