From 82ea4179da7ea32ea2efbd1cb209c77d5871b3fd Mon Sep 17 00:00:00 2001
From: Diva Canto
Date: Sun, 6 Sep 2015 10:00:20 -0700
Subject: Clean up viewer-based access control specifications.

---
 bin/OpenSim.ini.example   |  7 +++---
 bin/OpenSimDefaults.ini   |  8 +++++++
 bin/Robust.HG.ini.example | 54 ++++++++++++++++++-----------------------------
 bin/Robust.ini.example    | 38 ++++++++++++++++++---------------
 4 files changed, 53 insertions(+), 54 deletions(-)

(limited to 'bin')

diff --git a/bin/OpenSim.ini.example b/bin/OpenSim.ini.example
index 71e76db..f5268bd 100644
--- a/bin/OpenSim.ini.example
+++ b/bin/OpenSim.ini.example
@@ -308,9 +308,9 @@
     ;; - "Imprudence" has access
     ;; - "Imprudence 1.3" has access
     ;; - "Imprudence 1.3.1" has no access
-    ; AllowedClients =
+    ; AllowedClients = ""
 
-    ;# {BannedClients} {} {Bar (|) separated list of banned clients} {}
+    ;# {DeniedClients} {} {Bar (|) separated list of denied clients} {}
     ;; Bar (|) separated list of viewers which may not gain access to the regions.
     ;; One can use a Substring of the viewer name to disable only certain
     ;; versions
@@ -318,7 +318,8 @@
     ;; - "Imprudence" has no access
     ;; - "Imprudence 1.3" has no access
     ;; - "Imprudence 1.3.1" has access
-    ; BannedClients = 
+	;;
+    ; DeniedClients = ""
 
 
 [Map]
diff --git a/bin/OpenSimDefaults.ini b/bin/OpenSimDefaults.ini
index c0c8134..963eeff 100644
--- a/bin/OpenSimDefaults.ini
+++ b/bin/OpenSimDefaults.ini
@@ -531,6 +531,14 @@
     ; many simultaneous requests, default is 30 and is currently applied only to assets
     ;MaxRequestConcurrency = 30
 
+[AccessControl]
+	; Viewer-based access control. |-separated list of allowed viewers.
+    ; AllowedClients = ""
+
+	; Viewer-based access control. |-separated list of denied viewers. 
+	; No restrictions by default.
+    ; DeniedClients = ""
+
 
 [ClientStack.LindenUDP]
     ; Set this to true to process incoming packets asynchronously. Networking is
diff --git a/bin/Robust.HG.ini.example b/bin/Robust.HG.ini.example
index 36025d5..82eaf1f 100644
--- a/bin/Robust.HG.ini.example
+++ b/bin/Robust.HG.ini.example
@@ -184,6 +184,26 @@
     ;; This is a default that can be overwritten in some sections.
     ; GatekeeperURI = "${Const|BaseURL}:${Const|PublicPort}"
 
+[AccessControl]
+    ;# {AllowedClients} {} {Bar (|) separated list of allowed clients} {}
+    ;; Bar (|) separated list of viewers which may gain access to the regions.
+    ;; One can use a substring of the viewer name to enable only certain
+    ;; versions
+    ;; Example: Agent uses the viewer "Imprudence 1.3.2.0"
+    ;; - "Imprudence" has access
+    ;; - "Imprudence 1.3" has access
+    ;; - "Imprudence 1.3.1" has no access
+    ; AllowedClients = ""
+
+    ;# {DeniedClients} {} {Bar (|) separated list of denied clients} {}
+    ;; Bar (|) separated list of viewers which may not gain access to the regions.
+    ;; One can use a Substring of the viewer name to disable only certain
+    ;; versions
+    ;; Example: Agent uses the viewer "Imprudence 1.3.2.0"
+    ;; - "Imprudence" has no access
+    ;; - "Imprudence 1.3" has no access
+    ;; - "Imprudence 1.3.1" has access
+    ; DeniedClients = ""
 
 [DatabaseService]
     ; PGSQL
@@ -482,23 +502,6 @@
     SRV_IMServerURI = "${Const|BaseURL}:${Const|PublicPort}"
     SRV_GroupsServerURI = "${Const|BaseURL}:${Const|PublicPort}"
 
-    ;; Regular expressions for controlling which client versions are accepted/denied.
-    ;; An empty string means nothing is checked.
-    ;;
-    ;; Example 1: allow only these 3 types of clients (any version of them)
-    ;; AllowedClients = "Imprudence|Hippo|Second Life"
-    ;;
-    ;; Example 2: allow all clients except these
-    ;; DeniedClients = "Twisted|Crawler|Cryolife|FuckLife|StreetLife|GreenLife|AntiLife|KORE-Phaze|Synlyfe|Purple Second Life|SecondLi |Emerald"
-    ;;
-    ;; Note that these are regular expressions, so every character counts.
-    ;; Also note that this is very weak security and should not be trusted as a reliable means
-    ;; for keeping bad clients out; modified clients can fake their identifiers.
-    ;;
-    ;;
-    ;AllowedClients = ""
-    ;DeniedClients = ""
-
     ;# {DSTZone} {} {Override Daylight Saving Time rules} {* none local} "America/Los_Angeles;Pacific Standard Time"
     ;; Viewers do not receive timezone information from the server - almost all (?) default to Pacific Standard Time
     ;; However, they do rely on the server to tell them whether it's Daylight Saving Time or not.
@@ -595,23 +598,6 @@
     ; If you run this gatekeeper server behind a proxy, set this to true
     ; HasProxy = false
 
-    ;; Regular expressions for controlling which client versions are accepted/denied.
-    ;; An empty string means nothing is checked.
-    ;;
-    ;; Example 1: allow only these 3 types of clients (any version of them)
-    ;; AllowedClients = "Imprudence|Hippo|Second Life"
-    ;;
-    ;; Example 2: allow all clients except these
-    ;; DeniedClients = "Twisted|Crawler|Cryolife|FuckLife|StreetLife|GreenLife|AntiLife|KORE-Phaze|Synlyfe|Purple Second Life|SecondLi |Emerald"
-    ;;
-    ;; Note that these are regular expressions, so every character counts.
-    ;; Also note that this is very weak security and should not be trusted as a reliable means
-    ;; for keeping bad clients out; modified clients can fake their identifiers.
-    ;;
-    ;;
-    ;AllowedClients = ""
-    ;DeniedClients = ""
-
     ;; Are foreign visitors allowed?
     ;ForeignAgentsAllowed = true
     ;;
diff --git a/bin/Robust.ini.example b/bin/Robust.ini.example
index 284e969..8d6496d 100644
--- a/bin/Robust.ini.example
+++ b/bin/Robust.ini.example
@@ -145,6 +145,27 @@
     ;ConsolePass = secret
     ;ConsolePort = 0
 
+[AccessControl]
+    ;# {AllowedClients} {} {Bar (|) separated list of allowed clients} {}
+    ;; Bar (|) separated list of viewers which may gain access to the regions.
+    ;; One can use a substring of the viewer name to enable only certain
+    ;; versions
+    ;; Example: Agent uses the viewer "Imprudence 1.3.2.0"
+    ;; - "Imprudence" has access
+    ;; - "Imprudence 1.3" has access
+    ;; - "Imprudence 1.3.1" has no access
+    ; AllowedClients = ""
+
+    ;# {DeniedClients} {} {Bar (|) separated list of denied clients} {}
+    ;; Bar (|) separated list of viewers which may not gain access to the regions.
+    ;; One can use a Substring of the viewer name to disable only certain
+    ;; versions
+    ;; Example: Agent uses the viewer "Imprudence 1.3.2.0"
+    ;; - "Imprudence" has no access
+    ;; - "Imprudence 1.3" has no access
+    ;; - "Imprudence 1.3.1" has access
+    ; DeniedClients = ""
+
 
 [DatabaseService]
     ; PGSQL
@@ -431,23 +452,6 @@
     ; If you run this login server behind a proxy, set this to true
     ; HasProxy = false
 
-    ;; Regular expressions for controlling which client versions are accepted/denied.
-    ;; An empty string means nothing is checked.
-    ;;
-    ;; Example 1: allow only these 3 types of clients (any version of them)
-    ;; AllowedClients = "Imprudence|Hippo|Second Life"
-    ;;
-    ;; Example 2: allow all clients except these
-    ;; DeniedClients = "Twisted|Crawler|Cryolife|FuckLife|StreetLife|GreenLife|AntiLife|KORE-Phaze|Synlyfe|Purple Second Life|SecondLi |Emerald"
-    ;;
-    ;; Note that these are regular expressions, so every character counts.
-    ;; Also note that this is very weak security and should not be trusted as a reliable means
-    ;; for keeping bad clients out; modified clients can fake their identifiers.
-    ;;
-    ;;
-    ;AllowedClients = ""
-    ;DeniedClients = ""
-
     ;# {DSTZone} {} {Override Daylight Saving Time rules} {* none local} "America/Los_Angeles;Pacific Standard Time"
     ;; Viewers do not listen to timezone sent by the server. They use Pacific Standard Time instead,
     ;; but rely on the server to calculate Daylight Saving Time. Sending another DST than US Pacific
-- 
cgit v1.1