From dd30a29ba07a181d5c8f5773140a7247a0066510 Mon Sep 17 00:00:00 2001 From: Oren Hurvitz Date: Sun, 18 May 2014 16:10:18 +0300 Subject: Return more specific error messages if an attempt to enter a region fails due to permissions (in QueryAccess and IsAuthorizedForRegion) --- .../EntityTransfer/EntityTransferModule.cs | 2 +- .../Authorization/AuthorizationService.cs | 34 +++++++++++++--------- OpenSim/Region/Framework/Scenes/Scene.cs | 15 ++++++++-- .../AuthorizationServicesConnector.cs | 2 +- 4 files changed, 36 insertions(+), 17 deletions(-) diff --git a/OpenSim/Region/CoreModules/Framework/EntityTransfer/EntityTransferModule.cs b/OpenSim/Region/CoreModules/Framework/EntityTransfer/EntityTransferModule.cs index 539367d..3830791 100644 --- a/OpenSim/Region/CoreModules/Framework/EntityTransfer/EntityTransferModule.cs +++ b/OpenSim/Region/CoreModules/Framework/EntityTransfer/EntityTransferModule.cs @@ -766,7 +766,7 @@ namespace OpenSim.Region.CoreModules.Framework.EntityTransfer sp.ControllingClient.SendTeleportFailed(reason); m_log.DebugFormat( - "[ENTITY TRANSFER MODULE]: {0} was stopped from teleporting from {1} to {2} because {3}", + "[ENTITY TRANSFER MODULE]: {0} was stopped from teleporting from {1} to {2} because: {3}", sp.Name, sp.Scene.Name, finalDestination.RegionName, reason); return; diff --git a/OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/AuthorizationService.cs b/OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/AuthorizationService.cs index 4470799..93dff1f 100644 --- a/OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/AuthorizationService.cs +++ b/OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/AuthorizationService.cs @@ -89,35 +89,43 @@ namespace OpenSim.Region.CoreModules.ServiceConnectorsOut.Authorization public bool IsAuthorizedForRegion( string user, string firstName, string lastName, string regionID, out string message) { - message = "authorized"; - // This should not happen if (m_Scene.RegionInfo.RegionID.ToString() != regionID) { m_log.WarnFormat("[AuthorizationService]: Service for region {0} received request to authorize for region {1}", m_Scene.RegionInfo.RegionID, regionID); - return true; + message = string.Format("Region {0} received request to authorize for region {1}", m_Scene.RegionInfo.RegionID, regionID); + return false; } if (m_accessValue == AccessFlags.None) + { + message = "Authorized"; return true; + } UUID userID = new UUID(user); - bool authorized = true; - if ((m_accessValue & AccessFlags.DisallowForeigners) == AccessFlags.DisallowForeigners) + + if ((m_accessValue & AccessFlags.DisallowForeigners) != 0) { - authorized = m_UserManagement.IsLocalGridUser(userID); - if (!authorized) - message = "no foreigner users allowed in this region"; + if (!m_UserManagement.IsLocalGridUser(userID)) + { + message = "No foreign users allowed in this region"; + return false; + } } - if (authorized && (m_accessValue & AccessFlags.DisallowResidents) == AccessFlags.DisallowResidents) + + if ((m_accessValue & AccessFlags.DisallowResidents) != 0) { - authorized = m_Scene.Permissions.IsGod(userID) | m_Scene.Permissions.IsAdministrator(userID); - if (!authorized) - message = "only Admins and Managers allowed in this region"; + if (!(m_Scene.Permissions.IsGod(userID) || m_Scene.Permissions.IsAdministrator(userID))) + { + message = "Only Admins and Managers allowed in this region"; + return false; + } } - return authorized; + message = "Authorized"; + return true; } } diff --git a/OpenSim/Region/Framework/Scenes/Scene.cs b/OpenSim/Region/Framework/Scenes/Scene.cs index e6887b4..1115399 100644 --- a/OpenSim/Region/Framework/Scenes/Scene.cs +++ b/OpenSim/Region/Framework/Scenes/Scene.cs @@ -3865,7 +3865,7 @@ namespace OpenSim.Region.Framework.Scenes if (!AuthorizationService.IsAuthorizedForRegion( agent.AgentID.ToString(), agent.firstname, agent.lastname, RegionInfo.RegionID.ToString(), out reason)) { - m_log.WarnFormat("[CONNECTION BEGIN]: Denied access to: {0} ({1} {2}) at {3} because {4}", + m_log.WarnFormat("[CONNECTION BEGIN]: Denied access to: {0} ({1} {2}) at {3} because: {4}", agent.AgentID, agent.firstname, agent.lastname, RegionInfo.RegionName, reason); return false; @@ -5465,7 +5465,7 @@ namespace OpenSim.Region.Framework.Scenes /// public bool QueryAccess(UUID agentID, string agentHomeURI, Vector3 position, out string reason) { - reason = "You are banned from the region"; + reason = string.Empty; if (Permissions.IsGod(agentID)) { @@ -5525,6 +5525,7 @@ namespace OpenSim.Region.Framework.Scenes catch (Exception e) { m_log.DebugFormat("[SCENE]: Exception authorizing agent: {0} "+ e.StackTrace, e.Message); + reason = "Error authorizing agent: " + e.Message; return false; } @@ -5568,6 +5569,7 @@ namespace OpenSim.Region.Framework.Scenes if (!TestLandRestrictions(agentID, out reason, ref posX, ref posY)) { // m_log.DebugFormat("[SCENE]: Denying {0} because they are banned on all parcels", agentID); + reason = "You are banned from the region on all parcels"; return false; } } @@ -5575,13 +5577,22 @@ namespace OpenSim.Region.Framework.Scenes { ILandObject land = LandChannel.GetLandObject(position.X, position.Y); if (land == null) + { + reason = "No parcel found"; return false; + } bool banned = land.IsBannedFromLand(agentID); bool restricted = land.IsRestrictedFromLand(agentID); if (banned || restricted) + { + if (banned) + reason = "You are banned from the parcel"; + else + reason = "The parcel is restricted"; return false; + } } reason = String.Empty; diff --git a/OpenSim/Services/Connectors/Authorization/AuthorizationServicesConnector.cs b/OpenSim/Services/Connectors/Authorization/AuthorizationServicesConnector.cs index 35b7109..63730b3 100644 --- a/OpenSim/Services/Connectors/Authorization/AuthorizationServicesConnector.cs +++ b/OpenSim/Services/Connectors/Authorization/AuthorizationServicesConnector.cs @@ -105,7 +105,7 @@ namespace OpenSim.Services.Connectors catch (Exception e) { m_log.WarnFormat("[AUTHORIZATION CONNECTOR]: Unable to send authorize {0} for region {1} error thrown during comms with remote server. Reason: {2}", userID, regionID, e.Message); - message = ""; + message = e.Message; return m_ResponseOnFailure; } if (response == null) -- cgit v1.1