aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/OpenSim
diff options
context:
space:
mode:
authorDr Scofield2009-05-11 07:46:12 +0000
committerDr Scofield2009-05-11 07:46:12 +0000
commitecc876bc18dc4a9b6e279bfdbfd4160e35b170a5 (patch)
tree60101d8dae570e1f2950a894ada7c20f34027d5c /OpenSim
parentPlumb the HG asset broker. More naming changes to clarify things. Lots more (diff)
downloadopensim-SC-ecc876bc18dc4a9b6e279bfdbfd4160e35b170a5.zip
opensim-SC-ecc876bc18dc4a9b6e279bfdbfd4160e35b170a5.tar.gz
opensim-SC-ecc876bc18dc4a9b6e279bfdbfd4160e35b170a5.tar.bz2
opensim-SC-ecc876bc18dc4a9b6e279bfdbfd4160e35b170a5.tar.xz
Squashed commit of the following:
further ACL stuff: - adding StrictAccessControl variable: DON'T set this to false if you want to enforce ACL, it will disable ACLs right now. Default is true. once we've got code added to allow child agents but prevent them from becoming root agents when the ACL denies access to the avatar, setting this to false will then allow avatars to see into a neighboring region but not enter it (currently ACL prevent both, seeing and entering). - enhancing log statements
Diffstat (limited to 'OpenSim')
-rw-r--r--OpenSim/Region/Framework/Scenes/Scene.cs50
1 files changed, 45 insertions, 5 deletions
diff --git a/OpenSim/Region/Framework/Scenes/Scene.cs b/OpenSim/Region/Framework/Scenes/Scene.cs
index 7cb66a0..72d1435 100644
--- a/OpenSim/Region/Framework/Scenes/Scene.cs
+++ b/OpenSim/Region/Framework/Scenes/Scene.cs
@@ -98,6 +98,9 @@ namespace OpenSim.Region.Framework.Scenes
98 public bool m_useFlySlow = false; 98 public bool m_useFlySlow = false;
99 public bool m_usePreJump = false; 99 public bool m_usePreJump = false;
100 public bool m_seeIntoRegionFromNeighbor; 100 public bool m_seeIntoRegionFromNeighbor;
101 // TODO: need to figure out how allow client agents but deny
102 // root agents when ACL denies access to root agent
103 public bool m_strictAccessControl = true;
101 public int MaxUndoCount = 5; 104 public int MaxUndoCount = 5;
102 private int m_RestartTimerCounter; 105 private int m_RestartTimerCounter;
103 private readonly Timer m_restartTimer = new Timer(15000); // Wait before firing 106 private readonly Timer m_restartTimer = new Timer(15000); // Wait before firing
@@ -386,6 +389,8 @@ namespace OpenSim.Region.Framework.Scenes
386 PacketPool.Instance.RecyclePackets = packetConfig.GetBoolean("RecyclePackets", true); 389 PacketPool.Instance.RecyclePackets = packetConfig.GetBoolean("RecyclePackets", true);
387 PacketPool.Instance.RecycleDataBlocks = packetConfig.GetBoolean("RecycleDataBlocks", true); 390 PacketPool.Instance.RecycleDataBlocks = packetConfig.GetBoolean("RecycleDataBlocks", true);
388 } 391 }
392
393 m_strictAccessControl = startupConfig.GetBoolean("StrictAccessControl", m_strictAccessControl);
389 } 394 }
390 catch 395 catch
391 { 396 {
@@ -2392,6 +2397,11 @@ namespace OpenSim.Region.Framework.Scenes
2392 if (!AuthorizeUser(agent, out reason)) 2397 if (!AuthorizeUser(agent, out reason))
2393 return false; 2398 return false;
2394 2399
2400 m_log.InfoFormat(
2401 "[CONNECTION BEGIN]: Region {0} authenticated and authorized incoming {1} agent {2} {3} {4} (circuit code {5})",
2402 RegionInfo.RegionName, (agent.child ? "child" : "root"), agent.firstname, agent.lastname,
2403 agent.AgentID, agent.circuitcode);
2404
2395 CapsModule.NewUserConnection(agent); 2405 CapsModule.NewUserConnection(agent);
2396 2406
2397 ScenePresence sp = m_sceneGraph.GetScenePresence(agent.AgentID); 2407 ScenePresence sp = m_sceneGraph.GetScenePresence(agent.AgentID);
@@ -2454,8 +2464,11 @@ namespace OpenSim.Region.Framework.Scenes
2454 { 2464 {
2455 reason = String.Empty; 2465 reason = String.Empty;
2456 2466
2457 if (m_regInfo.EstateSettings.IsBanned(agent.AgentID) && 2467 if (!m_strictAccessControl) return true;
2458 (!Permissions.IsGod(agent.AgentID))) 2468 if (Permissions.IsGod(agent.AgentID)) return true;
2469
2470
2471 if (m_regInfo.EstateSettings.IsBanned(agent.AgentID))
2459 { 2472 {
2460 m_log.WarnFormat("[CONNECTION BEGIN]: Denied access to: {0} ({1} {2}) at {3} because the user is on the banlist", 2473 m_log.WarnFormat("[CONNECTION BEGIN]: Denied access to: {0} ({1} {2}) at {3} because the user is on the banlist",
2461 agent.AgentID, agent.firstname, agent.lastname, RegionInfo.RegionName); 2474 agent.AgentID, agent.firstname, agent.lastname, RegionInfo.RegionName);
@@ -2465,16 +2478,43 @@ namespace OpenSim.Region.Framework.Scenes
2465 } 2478 }
2466 2479
2467 if (!m_regInfo.EstateSettings.PublicAccess && 2480 if (!m_regInfo.EstateSettings.PublicAccess &&
2468 !m_regInfo.EstateSettings.HasAccess(agent.AgentID) && 2481 !m_regInfo.EstateSettings.HasAccess(agent.AgentID))
2469 !Permissions.IsGod(agent.AgentID))
2470 { 2482 {
2471 m_log.WarnFormat("[CONNECTION BEGIN]: Denied access to: {0} ({1} {2}) at {3} because the user does not have access", 2483 m_log.WarnFormat("[CONNECTION BEGIN]: Denied access to: {0} ({1} {2}) at {3} because the user does not have access to the estate",
2472 agent.AgentID, agent.firstname, agent.lastname, RegionInfo.RegionName); 2484 agent.AgentID, agent.firstname, agent.lastname, RegionInfo.RegionName);
2473 reason = String.Format("Denied access to private region {0}: You are not on the access list for that region.", 2485 reason = String.Format("Denied access to private region {0}: You are not on the access list for that region.",
2474 RegionInfo.RegionName); 2486 RegionInfo.RegionName);
2475 return false; 2487 return false;
2476 } 2488 }
2477 2489
2490 // TODO: estate/region settings are not properly hooked up
2491 // to ILandObject.isRestrictedFromLand()
2492 // if (null != LandChannel)
2493 // {
2494 // // region seems to have local Id of 1
2495 // ILandObject land = LandChannel.GetLandObject(1);
2496 // if (null != land)
2497 // {
2498 // if (land.isBannedFromLand(agent.AgentID))
2499 // {
2500 // m_log.WarnFormat("[CONNECTION BEGIN]: Denied access to: {0} ({1} {2}) at {3} because the user has been banned from land",
2501 // agent.AgentID, agent.firstname, agent.lastname, RegionInfo.RegionName);
2502 // reason = String.Format("Denied access to private region {0}: You are banned from that region.",
2503 // RegionInfo.RegionName);
2504 // return false;
2505 // }
2506
2507 // if (land.isRestrictedFromLand(agent.AgentID))
2508 // {
2509 // m_log.WarnFormat("[CONNECTION BEGIN]: Denied access to: {0} ({1} {2}) at {3} because the user does not have access to the region",
2510 // agent.AgentID, agent.firstname, agent.lastname, RegionInfo.RegionName);
2511 // reason = String.Format("Denied access to private region {0}: You are not on the access list for that region.",
2512 // RegionInfo.RegionName);
2513 // return false;
2514 // }
2515 // }
2516 // }
2517
2478 return true; 2518 return true;
2479 } 2519 }
2480 2520