From 3089b6d824f1d4eb25ba12c5fd037153fdc92e1e Mon Sep 17 00:00:00 2001 From: Diva Canto Date: Thu, 20 Sep 2012 15:49:22 -0700 Subject: More HG2.0: Added permission policies in HGAsset Service based on asset types. The policies are given in the config. This is only half of the story. The other half, pertaining to exports/imports made by the sim, will be done next. --- bin/config-include/StandaloneCommon.ini.example | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'bin/config-include') diff --git a/bin/config-include/StandaloneCommon.ini.example b/bin/config-include/StandaloneCommon.ini.example index e4bc548..d8ecba8 100644 --- a/bin/config-include/StandaloneCommon.ini.example +++ b/bin/config-include/StandaloneCommon.ini.example @@ -53,6 +53,17 @@ [HGAssetService] HomeURI = "http://127.0.0.1:9000" + ;; The asset types that other grids can get from / post to this service. + ;; Valid values are all the asset types in OpenMetaverse.AssetType, namely: + ;; Unknown, Texture, Sound, CallingCard, Landmark, Clothing, Object, Notecard, LSLText, LSLBytecode, TextureTGA, Bodypart, SoundWAV, ImageTGA, ImageJPEG, Animation, Gesture, Mesh + ;; + ;; Leave blank or commented if you don't want to apply any restrictions. + ;; A more strict, but still reasonable, policy may be to disallow the exchange + ;; of scripts, like so: + ; DisallowGET ="LSLText" + ; DisallowPOST ="LSLBytecode" + + [HGInventoryAccessModule] HomeURI = "http://127.0.0.1:9000" Gatekeeper = "http://127.0.0.1:9000" -- cgit v1.1 From e379566e6e3bed0d7001f099a5ea8dfd648d76cf Mon Sep 17 00:00:00 2001 From: Diva Canto Date: Thu, 20 Sep 2012 19:50:57 -0700 Subject: Improvement over last commit: refactor the asset permissions code, so that it can be used by both the HG Asset Service and the simulator. Also renamed the config vars to something more intuitive --- bin/config-include/StandaloneCommon.ini.example | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) (limited to 'bin/config-include') diff --git a/bin/config-include/StandaloneCommon.ini.example b/bin/config-include/StandaloneCommon.ini.example index d8ecba8..d5eb50d 100644 --- a/bin/config-include/StandaloneCommon.ini.example +++ b/bin/config-include/StandaloneCommon.ini.example @@ -53,15 +53,17 @@ [HGAssetService] HomeURI = "http://127.0.0.1:9000" - ;; The asset types that other grids can get from / post to this service. + ;; The asset types that this service can export to / import from other grids. + ;; Comma separated. ;; Valid values are all the asset types in OpenMetaverse.AssetType, namely: - ;; Unknown, Texture, Sound, CallingCard, Landmark, Clothing, Object, Notecard, LSLText, LSLBytecode, TextureTGA, Bodypart, SoundWAV, ImageTGA, ImageJPEG, Animation, Gesture, Mesh + ;; Unknown, Texture, Sound, CallingCard, Landmark, Clothing, Object, Notecard, LSLText, + ;; LSLBytecode, TextureTGA, Bodypart, SoundWAV, ImageTGA, ImageJPEG, Animation, Gesture, Mesh ;; ;; Leave blank or commented if you don't want to apply any restrictions. ;; A more strict, but still reasonable, policy may be to disallow the exchange ;; of scripts, like so: - ; DisallowGET ="LSLText" - ; DisallowPOST ="LSLBytecode" + ; DisallowExport ="LSLText" + ; DisallowImport ="LSLBytecode" [HGInventoryAccessModule] -- cgit v1.1 From b542622b3a841e73f071aab563ba1e211c5a87e3 Mon Sep 17 00:00:00 2001 From: Diva Canto Date: Fri, 21 Sep 2012 07:44:18 -0700 Subject: HG 2.0: added asset import/export policies at the sim too. --- bin/config-include/GridCommon.ini.example | 20 ++++++++++++++++++++ bin/config-include/StandaloneCommon.ini.example | 2 +- 2 files changed, 21 insertions(+), 1 deletion(-) (limited to 'bin/config-include') diff --git a/bin/config-include/GridCommon.ini.example b/bin/config-include/GridCommon.ini.example index 8d7f6fc..79f7ed6 100644 --- a/bin/config-include/GridCommon.ini.example +++ b/bin/config-include/GridCommon.ini.example @@ -137,6 +137,26 @@ ;; uncomment the next line. You may want to do this on sims that have licensed content. ; OutboundPermission = False +[HGAssetService] + ; + ; === HG ONLY === + ; Change this to your server + ; accessible from other grids + ; + HomeURI = "http://mygridserver.com:8002" + + ;; The asset types that this grid can export to / import from other grids. + ;; Comma separated. + ;; Valid values are all the asset types in OpenMetaverse.AssetType, namely: + ;; Unknown, Texture, Sound, CallingCard, Landmark, Clothing, Object, Notecard, LSLText, + ;; LSLBytecode, TextureTGA, Bodypart, SoundWAV, ImageTGA, ImageJPEG, Animation, Gesture, Mesh + ;; + ;; Leave blank or commented if you don't want to apply any restrictions. + ;; A more strict, but still reasonable, policy may be to disallow the exchange + ;; of scripts, like so: + ; DisallowExport ="LSLText" + ; DisallowImport ="LSLBytecode" + [HGFriendsModule] ; User level required to be able to send friendship invitations to foreign users ;LevelHGFriends = 0; diff --git a/bin/config-include/StandaloneCommon.ini.example b/bin/config-include/StandaloneCommon.ini.example index d5eb50d..048710a 100644 --- a/bin/config-include/StandaloneCommon.ini.example +++ b/bin/config-include/StandaloneCommon.ini.example @@ -53,7 +53,7 @@ [HGAssetService] HomeURI = "http://127.0.0.1:9000" - ;; The asset types that this service can export to / import from other grids. + ;; The asset types that this grid can export to / import from other grids. ;; Comma separated. ;; Valid values are all the asset types in OpenMetaverse.AssetType, namely: ;; Unknown, Texture, Sound, CallingCard, Landmark, Clothing, Object, Notecard, LSLText, -- cgit v1.1 From 48f4b32d7f23c2d7a52db355017c8b2bb57b55fa Mon Sep 17 00:00:00 2001 From: Diva Canto Date: Fri, 21 Sep 2012 21:03:14 -0700 Subject: More HG 2.0: access control at the Gatekeeper. \o/ --- bin/config-include/StandaloneCommon.ini.example | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) (limited to 'bin/config-include') diff --git a/bin/config-include/StandaloneCommon.ini.example b/bin/config-include/StandaloneCommon.ini.example index 048710a..4339cb1 100644 --- a/bin/config-include/StandaloneCommon.ini.example +++ b/bin/config-include/StandaloneCommon.ini.example @@ -164,8 +164,17 @@ ;AllowedClients = "" ;DeniedClients = "" - ;; Are foreign visitors allowed + ;; Are foreign visitors allowed? ;ForeignAgentsAllowed = true + ;; + ;; If ForeignAgentsAllowed is true, make exceptions using AllowExcept. + ;; Leave blank or commented for no exceptions. + ; AllowExcept = "http://griefer.com:8002, http://enemy.com:8002" + ;; + ;; If ForeignAgentsAllowed is false, make exceptions using DisallowExcept + ;; Leave blank or commented for no exceptions. + ; DisallowExcept = "http://myfriendgrid.com:8002, http://myboss.com:8002" + [FreeswitchService] ;; If FreeSWITCH is not being used then you don't need to set any of these parameters -- cgit v1.1 From fb6d6e5cca8e283025ef80cfd29a97bc5882550d Mon Sep 17 00:00:00 2001 From: Diva Canto Date: Sat, 22 Sep 2012 11:11:48 -0700 Subject: HG 2.0: User Agent Service now can also control where the local users can go. Domain-name and user-level based. \o/ --- bin/config-include/StandaloneCommon.ini.example | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) (limited to 'bin/config-include') diff --git a/bin/config-include/StandaloneCommon.ini.example b/bin/config-include/StandaloneCommon.ini.example index 4339cb1..84de0ec 100644 --- a/bin/config-include/StandaloneCommon.ini.example +++ b/bin/config-include/StandaloneCommon.ini.example @@ -280,5 +280,22 @@ ; Region_Test_1 = "DisallowForeigners" [UserAgentService] - ; User level required to be contacted from other grids + ;; User level required to be contacted from other grids ;LevelOutsideContacts = 0 + + ;; Restrictions on destinations of local users. + ;; Are local users allowed to visit other grids? + ;; What user level? Use variables of this forrm: + ;; ForeignTripsAllowed_Level_ = true | false + ;; (the default is true) + ;; For example: + ; ForeignTripsAllowed_Level_0 = false + ; ForeignTripsAllowed_Level_200 = true ; true is default, no need to say it + ;; + ;; If ForeignTripsAllowed is false, make exceptions using DisallowExcept + ;; Leave blank or commented for no exceptions. + ; DisallowExcept_Level_0 = "http://myothergrid.com:8002, http://boss.com:8002" + ;; + ;; If ForeignTripsAllowed is true, make exceptions using AllowExcept. + ;; Leave blank or commented for no exceptions. + ; AllowExcept_Level_200 = "http://griefer.com:8002, http://enemy.com:8002" -- cgit v1.1