diff options
author | Dr Scofield | 2009-05-11 07:46:12 +0000 |
---|---|---|
committer | Dr Scofield | 2009-05-11 07:46:12 +0000 |
commit | ecc876bc18dc4a9b6e279bfdbfd4160e35b170a5 (patch) | |
tree | 60101d8dae570e1f2950a894ada7c20f34027d5c /OpenSim | |
parent | Plumb the HG asset broker. More naming changes to clarify things. Lots more (diff) | |
download | opensim-SC-ecc876bc18dc4a9b6e279bfdbfd4160e35b170a5.zip opensim-SC-ecc876bc18dc4a9b6e279bfdbfd4160e35b170a5.tar.gz opensim-SC-ecc876bc18dc4a9b6e279bfdbfd4160e35b170a5.tar.bz2 opensim-SC-ecc876bc18dc4a9b6e279bfdbfd4160e35b170a5.tar.xz |
Squashed commit of the following:
further ACL stuff:
- adding StrictAccessControl variable: DON'T set this to false if you
want to enforce ACL, it will disable ACLs right now. Default is
true.
once we've got code added to allow child agents but prevent them
from becoming root agents when the ACL denies access to the avatar,
setting this to false will then allow avatars to see into a
neighboring region but not enter it (currently ACL prevent both,
seeing and entering).
- enhancing log statements
Diffstat (limited to 'OpenSim')
-rw-r--r-- | OpenSim/Region/Framework/Scenes/Scene.cs | 50 |
1 files changed, 45 insertions, 5 deletions
diff --git a/OpenSim/Region/Framework/Scenes/Scene.cs b/OpenSim/Region/Framework/Scenes/Scene.cs index 7cb66a0..72d1435 100644 --- a/OpenSim/Region/Framework/Scenes/Scene.cs +++ b/OpenSim/Region/Framework/Scenes/Scene.cs | |||
@@ -98,6 +98,9 @@ namespace OpenSim.Region.Framework.Scenes | |||
98 | public bool m_useFlySlow = false; | 98 | public bool m_useFlySlow = false; |
99 | public bool m_usePreJump = false; | 99 | public bool m_usePreJump = false; |
100 | public bool m_seeIntoRegionFromNeighbor; | 100 | public bool m_seeIntoRegionFromNeighbor; |
101 | // TODO: need to figure out how allow client agents but deny | ||
102 | // root agents when ACL denies access to root agent | ||
103 | public bool m_strictAccessControl = true; | ||
101 | public int MaxUndoCount = 5; | 104 | public int MaxUndoCount = 5; |
102 | private int m_RestartTimerCounter; | 105 | private int m_RestartTimerCounter; |
103 | private readonly Timer m_restartTimer = new Timer(15000); // Wait before firing | 106 | private readonly Timer m_restartTimer = new Timer(15000); // Wait before firing |
@@ -386,6 +389,8 @@ namespace OpenSim.Region.Framework.Scenes | |||
386 | PacketPool.Instance.RecyclePackets = packetConfig.GetBoolean("RecyclePackets", true); | 389 | PacketPool.Instance.RecyclePackets = packetConfig.GetBoolean("RecyclePackets", true); |
387 | PacketPool.Instance.RecycleDataBlocks = packetConfig.GetBoolean("RecycleDataBlocks", true); | 390 | PacketPool.Instance.RecycleDataBlocks = packetConfig.GetBoolean("RecycleDataBlocks", true); |
388 | } | 391 | } |
392 | |||
393 | m_strictAccessControl = startupConfig.GetBoolean("StrictAccessControl", m_strictAccessControl); | ||
389 | } | 394 | } |
390 | catch | 395 | catch |
391 | { | 396 | { |
@@ -2392,6 +2397,11 @@ namespace OpenSim.Region.Framework.Scenes | |||
2392 | if (!AuthorizeUser(agent, out reason)) | 2397 | if (!AuthorizeUser(agent, out reason)) |
2393 | return false; | 2398 | return false; |
2394 | 2399 | ||
2400 | m_log.InfoFormat( | ||
2401 | "[CONNECTION BEGIN]: Region {0} authenticated and authorized incoming {1} agent {2} {3} {4} (circuit code {5})", | ||
2402 | RegionInfo.RegionName, (agent.child ? "child" : "root"), agent.firstname, agent.lastname, | ||
2403 | agent.AgentID, agent.circuitcode); | ||
2404 | |||
2395 | CapsModule.NewUserConnection(agent); | 2405 | CapsModule.NewUserConnection(agent); |
2396 | 2406 | ||
2397 | ScenePresence sp = m_sceneGraph.GetScenePresence(agent.AgentID); | 2407 | ScenePresence sp = m_sceneGraph.GetScenePresence(agent.AgentID); |
@@ -2454,8 +2464,11 @@ namespace OpenSim.Region.Framework.Scenes | |||
2454 | { | 2464 | { |
2455 | reason = String.Empty; | 2465 | reason = String.Empty; |
2456 | 2466 | ||
2457 | if (m_regInfo.EstateSettings.IsBanned(agent.AgentID) && | 2467 | if (!m_strictAccessControl) return true; |
2458 | (!Permissions.IsGod(agent.AgentID))) | 2468 | if (Permissions.IsGod(agent.AgentID)) return true; |
2469 | |||
2470 | |||
2471 | if (m_regInfo.EstateSettings.IsBanned(agent.AgentID)) | ||
2459 | { | 2472 | { |
2460 | m_log.WarnFormat("[CONNECTION BEGIN]: Denied access to: {0} ({1} {2}) at {3} because the user is on the banlist", | 2473 | m_log.WarnFormat("[CONNECTION BEGIN]: Denied access to: {0} ({1} {2}) at {3} because the user is on the banlist", |
2461 | agent.AgentID, agent.firstname, agent.lastname, RegionInfo.RegionName); | 2474 | agent.AgentID, agent.firstname, agent.lastname, RegionInfo.RegionName); |
@@ -2465,16 +2478,43 @@ namespace OpenSim.Region.Framework.Scenes | |||
2465 | } | 2478 | } |
2466 | 2479 | ||
2467 | if (!m_regInfo.EstateSettings.PublicAccess && | 2480 | if (!m_regInfo.EstateSettings.PublicAccess && |
2468 | !m_regInfo.EstateSettings.HasAccess(agent.AgentID) && | 2481 | !m_regInfo.EstateSettings.HasAccess(agent.AgentID)) |
2469 | !Permissions.IsGod(agent.AgentID)) | ||
2470 | { | 2482 | { |
2471 | m_log.WarnFormat("[CONNECTION BEGIN]: Denied access to: {0} ({1} {2}) at {3} because the user does not have access", | 2483 | m_log.WarnFormat("[CONNECTION BEGIN]: Denied access to: {0} ({1} {2}) at {3} because the user does not have access to the estate", |
2472 | agent.AgentID, agent.firstname, agent.lastname, RegionInfo.RegionName); | 2484 | agent.AgentID, agent.firstname, agent.lastname, RegionInfo.RegionName); |
2473 | reason = String.Format("Denied access to private region {0}: You are not on the access list for that region.", | 2485 | reason = String.Format("Denied access to private region {0}: You are not on the access list for that region.", |
2474 | RegionInfo.RegionName); | 2486 | RegionInfo.RegionName); |
2475 | return false; | 2487 | return false; |
2476 | } | 2488 | } |
2477 | 2489 | ||
2490 | // TODO: estate/region settings are not properly hooked up | ||
2491 | // to ILandObject.isRestrictedFromLand() | ||
2492 | // if (null != LandChannel) | ||
2493 | // { | ||
2494 | // // region seems to have local Id of 1 | ||
2495 | // ILandObject land = LandChannel.GetLandObject(1); | ||
2496 | // if (null != land) | ||
2497 | // { | ||
2498 | // if (land.isBannedFromLand(agent.AgentID)) | ||
2499 | // { | ||
2500 | // m_log.WarnFormat("[CONNECTION BEGIN]: Denied access to: {0} ({1} {2}) at {3} because the user has been banned from land", | ||
2501 | // agent.AgentID, agent.firstname, agent.lastname, RegionInfo.RegionName); | ||
2502 | // reason = String.Format("Denied access to private region {0}: You are banned from that region.", | ||
2503 | // RegionInfo.RegionName); | ||
2504 | // return false; | ||
2505 | // } | ||
2506 | |||
2507 | // if (land.isRestrictedFromLand(agent.AgentID)) | ||
2508 | // { | ||
2509 | // m_log.WarnFormat("[CONNECTION BEGIN]: Denied access to: {0} ({1} {2}) at {3} because the user does not have access to the region", | ||
2510 | // agent.AgentID, agent.firstname, agent.lastname, RegionInfo.RegionName); | ||
2511 | // reason = String.Format("Denied access to private region {0}: You are not on the access list for that region.", | ||
2512 | // RegionInfo.RegionName); | ||
2513 | // return false; | ||
2514 | // } | ||
2515 | // } | ||
2516 | // } | ||
2517 | |||
2478 | return true; | 2518 | return true; |
2479 | } | 2519 | } |
2480 | 2520 | ||