From 16940097beee0fad554dfcb7249294ff8ac247d4 Mon Sep 17 00:00:00 2001
From: Rob Smart
Date: Wed, 9 Sep 2009 19:42:53 +0100
Subject: The stubs for an authorization service, at the moment the service
will always grant access to an avatar entering the region if requested.
---
.../Communications/OGS1/OGS1UserDataPlugin.cs | 1 +
.../Resources/CoreModulePlugin.addin.xml | 2 +
.../LocalAuthorizationServiceConnector.cs | 141 +++++++++++++++++++++
.../RemoteAuthorizationServiceConnector.cs | 113 +++++++++++++++++
OpenSim/Region/Framework/Scenes/Scene.cs | 33 ++++-
5 files changed, 289 insertions(+), 1 deletion(-)
create mode 100644 OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/LocalAuthorizationServiceConnector.cs
create mode 100644 OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/RemoteAuthorizationServiceConnector.cs
(limited to 'OpenSim/Region')
diff --git a/OpenSim/Region/Communications/OGS1/OGS1UserDataPlugin.cs b/OpenSim/Region/Communications/OGS1/OGS1UserDataPlugin.cs
index ec8512a..adc12aa 100644
--- a/OpenSim/Region/Communications/OGS1/OGS1UserDataPlugin.cs
+++ b/OpenSim/Region/Communications/OGS1/OGS1UserDataPlugin.cs
@@ -651,6 +651,7 @@ namespace OpenSim.Region.Communications.OGS1
UserProfileData userData = new UserProfileData();
userData.FirstName = (string)data["firstname"];
userData.SurName = (string)data["lastname"];
+ userData.Email = (string)data["email"];
userData.ID = new UUID((string)data["uuid"]);
userData.Created = Convert.ToInt32(data["profile_created"]);
userData.UserInventoryURI = (string)data["server_inventory"];
diff --git a/OpenSim/Region/CoreModules/Resources/CoreModulePlugin.addin.xml b/OpenSim/Region/CoreModules/Resources/CoreModulePlugin.addin.xml
index 0de5215..f9e61aa 100644
--- a/OpenSim/Region/CoreModules/Resources/CoreModulePlugin.addin.xml
+++ b/OpenSim/Region/CoreModules/Resources/CoreModulePlugin.addin.xml
@@ -26,6 +26,8 @@
+
+
diff --git a/OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/LocalAuthorizationServiceConnector.cs b/OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/LocalAuthorizationServiceConnector.cs
new file mode 100644
index 0000000..7973496
--- /dev/null
+++ b/OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/LocalAuthorizationServiceConnector.cs
@@ -0,0 +1,141 @@
+/*
+ * Copyright (c) Contributors, http://opensimulator.org/
+ * See CONTRIBUTORS.TXT for a full list of copyright holders.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * * Neither the name of the OpenSimulator Project nor the
+ * names of its contributors may be used to endorse or promote products
+ * derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+using log4net;
+using Nini.Config;
+using System;
+using System.Collections.Generic;
+using System.Reflection;
+using OpenSim.Framework;
+using OpenSim.Server.Base;
+using OpenSim.Region.Framework.Interfaces;
+using OpenSim.Region.Framework.Scenes;
+using OpenSim.Services.Interfaces;
+using OpenMetaverse;
+
+namespace OpenSim.Region.CoreModules.ServiceConnectorsOut.Authorization
+{
+ public class LocalAuthorizationServicesConnector :
+ ISharedRegionModule, IAuthorizationService
+ {
+ private static readonly ILog m_log =
+ LogManager.GetLogger(
+ MethodBase.GetCurrentMethod().DeclaringType);
+
+ private IAuthorizationService m_AuthorizationService;
+
+ private bool m_Enabled = false;
+
+ public Type ReplaceableInterface
+ {
+ get { return null; }
+ }
+
+ public string Name
+ {
+ get { return "LocalAuthorizationServicesConnector"; }
+ }
+
+ public void Initialise(IConfigSource source)
+ {
+ m_log.Info("[AUTHORIZATION CONNECTOR]: Initialise");
+
+ IConfig moduleConfig = source.Configs["Modules"];
+ if (moduleConfig != null)
+ {
+ string name = moduleConfig.GetString("AuthorizationServices", "");
+ if (name == Name)
+ {
+ IConfig authorizationConfig = source.Configs["AuthorizationService"];
+ if (authorizationConfig == null)
+ {
+ m_log.Error("[AUTHORIZATION CONNECTOR]: AuthorizationService missing from OpenSim.ini");
+ return;
+ }
+
+ string serviceDll = authorizationConfig.GetString("LocalServiceModule",
+ String.Empty);
+
+ if (serviceDll == String.Empty)
+ {
+ m_log.Error("[AUTHORIZATION CONNECTOR]: No LocalServiceModule named in section AuthorizationService");
+ return;
+ }
+
+ Object[] args = new Object[] { source };
+ m_AuthorizationService =
+ ServerUtils.LoadPlugin(serviceDll,
+ args);
+
+ if (m_AuthorizationService == null)
+ {
+ m_log.Error("[AUTHORIZATION CONNECTOR]: Can't load authorization service");
+ return;
+ }
+ m_Enabled = true;
+ m_log.Info("[AUTHORIZATION CONNECTOR]: Local authorization connector enabled");
+ }
+ }
+ }
+
+ public void PostInitialise()
+ {
+ }
+
+ public void Close()
+ {
+ }
+
+ public void AddRegion(Scene scene)
+ {
+ if (!m_Enabled)
+ return;
+
+ scene.RegisterModuleInterface(this);
+ }
+
+ public void RemoveRegion(Scene scene)
+ {
+ }
+
+ public void RegionLoaded(Scene scene)
+ {
+ if (!m_Enabled)
+ return;
+
+ m_log.InfoFormat("[AUTHORIZATION CONNECTOR]: Enabled local authorization for region {0}", scene.RegionInfo.RegionName);
+
+
+ }
+
+ public bool isAuthorizedForRegion(UserProfileData user, RegionInfo region)
+ {
+ return m_AuthorizationService.isAuthorizedForRegion( user, region);
+ }
+
+ }
+}
diff --git a/OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/RemoteAuthorizationServiceConnector.cs b/OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/RemoteAuthorizationServiceConnector.cs
new file mode 100644
index 0000000..5870111
--- /dev/null
+++ b/OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/RemoteAuthorizationServiceConnector.cs
@@ -0,0 +1,113 @@
+/*
+ * Copyright (c) Contributors, http://opensimulator.org/
+ * See CONTRIBUTORS.TXT for a full list of copyright holders.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * * Neither the name of the OpenSimulator Project nor the
+ * names of its contributors may be used to endorse or promote products
+ * derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+using log4net;
+using System;
+using System.Collections.Generic;
+using System.Reflection;
+using Nini.Config;
+using OpenSim.Framework;
+using OpenSim.Services.Connectors;
+using OpenSim.Region.Framework.Interfaces;
+using OpenSim.Region.Framework.Scenes;
+using OpenSim.Services.Interfaces;
+
+namespace OpenSim.Region.CoreModules.ServiceConnectorsOut.Authorization
+{
+ public class RemoteAuthorizationServicesConnector :
+ AuthorizationServicesConnector, ISharedRegionModule, IAuthorizationService
+ {
+ private static readonly ILog m_log =
+ LogManager.GetLogger(
+ MethodBase.GetCurrentMethod().DeclaringType);
+
+ private bool m_Enabled = false;
+
+ public Type ReplaceableInterface
+ {
+ get { return null; }
+ }
+
+ public string Name
+ {
+ get { return "RemoteAuthorizationServicesConnector"; }
+ }
+
+ public override void Initialise(IConfigSource source)
+ {
+ IConfig moduleConfig = source.Configs["Modules"];
+ if (moduleConfig != null)
+ {
+ string name = moduleConfig.GetString("AuthorizationServices", "");
+ if (name == Name)
+ {
+ IConfig authorizationConfig = source.Configs["AuthorizationService"];
+ if (authorizationConfig == null)
+ {
+ m_log.Error("[AUTHORIZATION CONNECTOR]: AuthorizationService missing from OpenSim.ini");
+ return;
+ }
+
+ m_Enabled = true;
+
+ base.Initialise(source);
+
+ m_log.Info("[AUTHORIZATION CONNECTOR]: Remote assets enabled");
+ }
+ }
+ }
+
+ public void PostInitialise()
+ {
+ }
+
+ public void Close()
+ {
+ }
+
+ public void AddRegion(Scene scene)
+ {
+ if (!m_Enabled)
+ return;
+
+ scene.RegisterModuleInterface(this);
+ }
+
+ public void RemoveRegion(Scene scene)
+ {
+ }
+
+ public void RegionLoaded(Scene scene)
+ {
+ if (!m_Enabled)
+ return;
+
+ m_log.InfoFormat("[AUTHORIZATION CONNECTOR]: Enabled remote authorization for region {0}", scene.RegionInfo.RegionName);
+
+ }
+ }
+}
diff --git a/OpenSim/Region/Framework/Scenes/Scene.cs b/OpenSim/Region/Framework/Scenes/Scene.cs
index 5e27eff..1346844 100644
--- a/OpenSim/Region/Framework/Scenes/Scene.cs
+++ b/OpenSim/Region/Framework/Scenes/Scene.cs
@@ -134,6 +134,7 @@ namespace OpenSim.Region.Framework.Scenes
public IXfer XferManager;
protected IAssetService m_AssetService = null;
+ protected IAuthorizationService m_AuthorizationService = null;
public IAssetService AssetService
{
@@ -152,6 +153,25 @@ namespace OpenSim.Region.Framework.Scenes
return m_AssetService;
}
}
+
+ public IAuthorizationService AuthorizationService
+ {
+ get
+ {
+ if (m_AuthorizationService == null)
+ {
+ m_AuthorizationService = RequestModuleInterface();
+
+ if (m_AuthorizationService == null)
+ {
+ // don't throw an exception if no authorization service is set for the time being
+ m_log.InfoFormat("[SCENE]: No Authorization service is configured");
+ }
+ }
+
+ return m_AuthorizationService;
+ }
+ }
protected IInventoryService m_InventoryService = null;
@@ -3230,7 +3250,18 @@ namespace OpenSim.Region.Framework.Scenes
if (!m_strictAccessControl) return true;
if (Permissions.IsGod(agent.AgentID)) return true;
-
+
+ UserProfileData userProfile = CommsManager.UserService.GetUserProfile(agent.AgentID);
+
+ if(AuthorizationService!=null)
+ {
+ if(!AuthorizationService.isAuthorizedForRegion(userProfile,RegionInfo))
+ {
+ m_log.WarnFormat("[CONNECTION BEGIN]: Denied access to: {0} ({1} {2}) at {3} because the user does not have access to the region",
+ agent.AgentID, agent.firstname, agent.lastname, RegionInfo.RegionName);
+ return false;
+ }
+ }
if (m_regInfo.EstateSettings.IsBanned(agent.AgentID))
{
--
cgit v1.1