From 85fcb4e75c94ff7b5b45609826df5113f32aacc0 Mon Sep 17 00:00:00 2001
From: onefang
Date: Fri, 2 Aug 2019 21:20:11 +1000
Subject: Another attempt at sorting out the auto group chicken and egg
problems.
Are you a local? Asking for a friend.
---
.../Authorization/AuthorizationService.cs | 8 +++++---
.../LocalAuthorizationServiceConnector.cs | 5 +++--
.../RemoteAuthorizationServiceConnector.cs | 4 +++-
OpenSim/Region/Framework/Scenes/Scene.cs | 24 +++++++++++++++-------
.../AuthorizationServerPostHandler.cs | 3 ++-
.../AuthorizationService/AuthorizationService.cs | 3 ++-
.../Services/Interfaces/IAuthorizationService.cs | 2 +-
7 files changed, 33 insertions(+), 16 deletions(-)
(limited to 'OpenSim')
diff --git a/OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/AuthorizationService.cs b/OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/AuthorizationService.cs
index 2e06bc8..c910422 100644
--- a/OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/AuthorizationService.cs
+++ b/OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/AuthorizationService.cs
@@ -88,8 +88,11 @@ namespace OpenSim.Region.CoreModules.ServiceConnectorsOut.Authorization
}
public bool IsAuthorizedForRegion(
- string user, string firstName, string lastName, string regionID, out string message)
+ string user, string firstName, string lastName, string regionID, out string message, out bool isLocal)
{
+ UUID userID = new UUID(user);
+ isLocal = m_UserManagement.IsLocalGridUser(userID);
+
// This should not happen
if (m_Scene.RegionInfo.RegionID.ToString() != regionID)
{
@@ -105,11 +108,10 @@ namespace OpenSim.Region.CoreModules.ServiceConnectorsOut.Authorization
return true;
}
- UUID userID = new UUID(user);
if ((m_accessValue & AccessFlags.DisallowForeigners) != 0)
{
- if (!m_UserManagement.IsLocalGridUser(userID))
+ if (!isLocal)
{
message = "No foreign users allowed in this region";
return false;
diff --git a/OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/LocalAuthorizationServiceConnector.cs b/OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/LocalAuthorizationServiceConnector.cs
index 0be0676..b2be907 100644
--- a/OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/LocalAuthorizationServiceConnector.cs
+++ b/OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/LocalAuthorizationServiceConnector.cs
@@ -114,13 +114,14 @@ namespace OpenSim.Region.CoreModules.ServiceConnectorsOut.Authorization
}
public bool IsAuthorizedForRegion(
- string userID, string firstName, string lastName, string regionID, out string message)
+ string userID, string firstName, string lastName, string regionID, out string message, out bool isLocal)
{
message = "";
+ isLocal = false;
if (!m_Enabled)
return true;
- return m_AuthorizationService.IsAuthorizedForRegion(userID, firstName, lastName, regionID, out message);
+ return m_AuthorizationService.IsAuthorizedForRegion(userID, firstName, lastName, regionID, out message, out isLocal);
}
}
}
\ No newline at end of file
diff --git a/OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/RemoteAuthorizationServiceConnector.cs b/OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/RemoteAuthorizationServiceConnector.cs
index f312b0d..3df3288 100644
--- a/OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/RemoteAuthorizationServiceConnector.cs
+++ b/OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/RemoteAuthorizationServiceConnector.cs
@@ -120,7 +120,7 @@ namespace OpenSim.Region.CoreModules.ServiceConnectorsOut.Authorization
}
public bool IsAuthorizedForRegion(
- string userID, string firstName, string lastName, string regionID, out string message)
+ string userID, string firstName, string lastName, string regionID, out string message, out bool isLocal)
{
m_log.InfoFormat(
"[REMOTE AUTHORIZATION CONNECTOR]: IsAuthorizedForRegion checking {0} for region {1}", userID, regionID);
@@ -141,6 +141,7 @@ namespace OpenSim.Region.CoreModules.ServiceConnectorsOut.Authorization
}
}
+ isLocal = false;
if (scene != null)
{
string mail = String.Empty;
@@ -153,6 +154,7 @@ namespace OpenSim.Region.CoreModules.ServiceConnectorsOut.Authorization
mail = account.Email;
firstName = account.FirstName;
lastName = account.LastName;
+ isLocal = true;
}
isAuthorized
diff --git a/OpenSim/Region/Framework/Scenes/Scene.cs b/OpenSim/Region/Framework/Scenes/Scene.cs
index ba08aab..fcfa448 100644
--- a/OpenSim/Region/Framework/Scenes/Scene.cs
+++ b/OpenSim/Region/Framework/Scenes/Scene.cs
@@ -4351,6 +4351,7 @@ namespace OpenSim.Region.Framework.Scenes
protected virtual bool AuthorizeUser(AgentCircuitData agent, bool bypassAccessControl, out string reason)
{
reason = String.Empty;
+ bool isLocal = false;
if (!m_strictAccessControl)
return true;
@@ -4360,7 +4361,7 @@ namespace OpenSim.Region.Framework.Scenes
if (AuthorizationService != null)
{
if (!AuthorizationService.IsAuthorizedForRegion(
- agent.AgentID.ToString(), agent.firstname, agent.lastname, RegionInfo.RegionID.ToString(), out reason))
+ agent.AgentID.ToString(), agent.firstname, agent.lastname, RegionInfo.RegionID.ToString(), out reason, out isLocal))
{
m_log.WarnFormat("[CONNECTION BEGIN]: Denied access to: {0} ({1} {2}) at {3} because: {4}",
agent.AgentID, agent.firstname, agent.lastname, RegionInfo.RegionName, reason);
@@ -4403,15 +4404,24 @@ namespace OpenSim.Region.Framework.Scenes
for(int i = 0;i < GroupMembership.Length;i++)
agentGroups.Add(GroupMembership[i].GroupID);
// We get called twice, the first time the name is set to a single space.
+ // The first time is from QueryAccess(), the second from NewUserConnection()
// if (" " != agent.Name)
{
- string grid = "local";
- // agent.AgentID could look like this - @grid.com:8002 01234567-89ab-cdef-0123-456789abcdef
- string a = agent.AgentID.ToString();
- if ("@" == a.Substring(0, 1))
+ string grid = "";
+ if (isLocal)
{
- grid = a.Split(':')[0].Substring(1);
- m_log.InfoFormat("[CONNECTION BEGIN]: HYPERGRID agent {0} from grid {1}, checking auto groups.", agent.AgentID, grid);
+ grid = "local";
+ m_log.InfoFormat("[CONNECTION BEGIN]: LOCAL agent {0}, checking auto groups.", agent.AgentID);
+ }
+ else
+ {
+ // agent.AgentID could look like this - @grid.com:8002 01234567-89ab-cdef-0123-456789abcdef
+ string a = agent.AgentID.ToString();
+ if ("@" == a.Substring(0, 1))
+ {
+ grid = a.Split(':')[0].Substring(1);
+ m_log.InfoFormat("[CONNECTION BEGIN]: HYPERGRID agent {0} from grid {1}, checking auto groups.", agent.AgentID, grid);
+ }
}
string[] groupIDs = null;
try
diff --git a/OpenSim/Server/Handlers/Authorization/AuthorizationServerPostHandler.cs b/OpenSim/Server/Handlers/Authorization/AuthorizationServerPostHandler.cs
index 310a542..07e09bc 100644
--- a/OpenSim/Server/Handlers/Authorization/AuthorizationServerPostHandler.cs
+++ b/OpenSim/Server/Handlers/Authorization/AuthorizationServerPostHandler.cs
@@ -61,7 +61,8 @@ namespace OpenSim.Server.Handlers.Authorization
AuthorizationRequest Authorization = (AuthorizationRequest) xs.Deserialize(request);
string message = String.Empty;
- bool authorized = m_AuthorizationService.IsAuthorizedForRegion(Authorization.ID, Authorization.FirstName, Authorization.SurName, Authorization.RegionID, out message);
+ bool isLocal = false;
+ bool authorized = m_AuthorizationService.IsAuthorizedForRegion(Authorization.ID, Authorization.FirstName, Authorization.SurName, Authorization.RegionID, out message, out isLocal);
AuthorizationResponse result = new AuthorizationResponse(authorized, Authorization.ID + " has been authorized");
diff --git a/OpenSim/Services/AuthorizationService/AuthorizationService.cs b/OpenSim/Services/AuthorizationService/AuthorizationService.cs
index 03da6e1..2fe43e7 100644
--- a/OpenSim/Services/AuthorizationService/AuthorizationService.cs
+++ b/OpenSim/Services/AuthorizationService/AuthorizationService.cs
@@ -49,9 +49,10 @@ namespace OpenSim.Services.AuthorizationService
}
public bool IsAuthorizedForRegion(
- string userID, string firstName, string lastName, string regionID, out string message)
+ string userID, string firstName, string lastName, string regionID, out string message, out bool isLocal)
{
message = "Authorized";
+ isLocal = true;
return true;
}
}
diff --git a/OpenSim/Services/Interfaces/IAuthorizationService.cs b/OpenSim/Services/Interfaces/IAuthorizationService.cs
index d4c697a..1974234 100644
--- a/OpenSim/Services/Interfaces/IAuthorizationService.cs
+++ b/OpenSim/Services/Interfaces/IAuthorizationService.cs
@@ -48,7 +48,7 @@ namespace OpenSim.Services.Interfaces
///
///
bool IsAuthorizedForRegion(
- string userID, string firstName, string lastName, string regionID, out string message);
+ string userID, string firstName, string lastName, string regionID, out string message, out bool isLocal);
}
public class AuthorizationRequest
--
cgit v1.1