diff options
author | Diva Canto | 2012-09-21 21:03:14 -0700 |
---|---|---|
committer | Diva Canto | 2012-09-21 21:03:14 -0700 |
commit | 48f4b32d7f23c2d7a52db355017c8b2bb57b55fa (patch) | |
tree | ed64af8f3eb3842b75b4b645b3900cad033aa406 | |
parent | Merge branch 'master' of ssh://opensimulator.org/var/git/opensim (diff) | |
download | opensim-SC_OLD-48f4b32d7f23c2d7a52db355017c8b2bb57b55fa.zip opensim-SC_OLD-48f4b32d7f23c2d7a52db355017c8b2bb57b55fa.tar.gz opensim-SC_OLD-48f4b32d7f23c2d7a52db355017c8b2bb57b55fa.tar.bz2 opensim-SC_OLD-48f4b32d7f23c2d7a52db355017c8b2bb57b55fa.tar.xz |
More HG 2.0: access control at the Gatekeeper. \o/
-rw-r--r-- | OpenSim/Services/HypergridService/GatekeeperService.cs | 62 | ||||
-rw-r--r-- | bin/Robust.HG.ini.example | 12 | ||||
-rw-r--r-- | bin/config-include/StandaloneCommon.ini.example | 11 |
3 files changed, 76 insertions, 9 deletions
diff --git a/OpenSim/Services/HypergridService/GatekeeperService.cs b/OpenSim/Services/HypergridService/GatekeeperService.cs index 47d22b9..0f7d7c6 100644 --- a/OpenSim/Services/HypergridService/GatekeeperService.cs +++ b/OpenSim/Services/HypergridService/GatekeeperService.cs | |||
@@ -58,9 +58,11 @@ namespace OpenSim.Services.HypergridService | |||
58 | private static IUserAgentService m_UserAgentService; | 58 | private static IUserAgentService m_UserAgentService; |
59 | private static ISimulationService m_SimulationService; | 59 | private static ISimulationService m_SimulationService; |
60 | 60 | ||
61 | protected string m_AllowedClients = string.Empty; | 61 | private static string m_AllowedClients = string.Empty; |
62 | protected string m_DeniedClients = string.Empty; | 62 | private static string m_DeniedClients = string.Empty; |
63 | private static bool m_ForeignAgentsAllowed = true; | 63 | private static bool m_ForeignAgentsAllowed = true; |
64 | private static List<string> m_ForeignsAllowedExceptions = new List<string>(); | ||
65 | private static List<string> m_ForeignsDisallowedExceptions = new List<string>(); | ||
64 | 66 | ||
65 | private static UUID m_ScopeID; | 67 | private static UUID m_ScopeID; |
66 | private static bool m_AllowTeleportsToAnyRegion; | 68 | private static bool m_AllowTeleportsToAnyRegion; |
@@ -113,6 +115,9 @@ namespace OpenSim.Services.HypergridService | |||
113 | m_DeniedClients = serverConfig.GetString("DeniedClients", string.Empty); | 115 | m_DeniedClients = serverConfig.GetString("DeniedClients", string.Empty); |
114 | m_ForeignAgentsAllowed = serverConfig.GetBoolean("ForeignAgentsAllowed", true); | 116 | m_ForeignAgentsAllowed = serverConfig.GetBoolean("ForeignAgentsAllowed", true); |
115 | 117 | ||
118 | LoadDomainExceptionsFromConfig(serverConfig, "AllowExcept", m_ForeignsAllowedExceptions); | ||
119 | LoadDomainExceptionsFromConfig(serverConfig, "DisallowExcept", m_ForeignsDisallowedExceptions); | ||
120 | |||
116 | if (m_GridService == null || m_PresenceService == null || m_SimulationService == null) | 121 | if (m_GridService == null || m_PresenceService == null || m_SimulationService == null) |
117 | throw new Exception("Unable to load a required plugin, Gatekeeper Service cannot function."); | 122 | throw new Exception("Unable to load a required plugin, Gatekeeper Service cannot function."); |
118 | 123 | ||
@@ -125,6 +130,15 @@ namespace OpenSim.Services.HypergridService | |||
125 | { | 130 | { |
126 | } | 131 | } |
127 | 132 | ||
133 | protected void LoadDomainExceptionsFromConfig(IConfig config, string variable, List<string> exceptions) | ||
134 | { | ||
135 | string value = config.GetString(variable, string.Empty); | ||
136 | string[] parts = value.Split(new char[] { ',' }, StringSplitOptions.RemoveEmptyEntries); | ||
137 | |||
138 | foreach (string s in parts) | ||
139 | exceptions.Add(s.Trim()); | ||
140 | } | ||
141 | |||
128 | public bool LinkRegion(string regionName, out UUID regionID, out ulong regionHandle, out string externalName, out string imageURL, out string reason) | 142 | public bool LinkRegion(string regionName, out UUID regionID, out ulong regionHandle, out string externalName, out string imageURL, out string reason) |
129 | { | 143 | { |
130 | regionID = UUID.Zero; | 144 | regionID = UUID.Zero; |
@@ -260,14 +274,25 @@ namespace OpenSim.Services.HypergridService | |||
260 | m_log.DebugFormat("[GATEKEEPER SERVICE]: User is ok"); | 274 | m_log.DebugFormat("[GATEKEEPER SERVICE]: User is ok"); |
261 | 275 | ||
262 | // | 276 | // |
263 | // Foreign agents allowed | 277 | // Foreign agents allowed? Exceptions? |
264 | // | 278 | // |
265 | if (account == null && !m_ForeignAgentsAllowed) | 279 | if (account == null) |
266 | { | 280 | { |
267 | reason = "Unauthorized"; | 281 | bool allowed = m_ForeignAgentsAllowed; |
268 | m_log.InfoFormat("[GATEKEEPER SERVICE]: Foreign agents are not permitted {0} {1}. Refusing service.", | 282 | |
269 | aCircuit.firstname, aCircuit.lastname); | 283 | if (m_ForeignAgentsAllowed && IsException(aCircuit, m_ForeignsAllowedExceptions)) |
270 | return false; | 284 | allowed = false; |
285 | |||
286 | if (!m_ForeignAgentsAllowed && IsException(aCircuit, m_ForeignsDisallowedExceptions)) | ||
287 | allowed = true; | ||
288 | |||
289 | if (!allowed) | ||
290 | { | ||
291 | reason = "Destination does not allow visitors from your world"; | ||
292 | m_log.InfoFormat("[GATEKEEPER SERVICE]: Foreign agents are not permitted {0} {1} @ {2}. Refusing service.", | ||
293 | aCircuit.firstname, aCircuit.lastname, aCircuit.ServiceURLs["HomeURI"]); | ||
294 | return false; | ||
295 | } | ||
271 | } | 296 | } |
272 | 297 | ||
273 | // May want to authorize | 298 | // May want to authorize |
@@ -393,6 +418,27 @@ namespace OpenSim.Services.HypergridService | |||
393 | 418 | ||
394 | #region Misc | 419 | #region Misc |
395 | 420 | ||
421 | private bool IsException(AgentCircuitData aCircuit, List<string> exceptions) | ||
422 | { | ||
423 | bool exception = false; | ||
424 | if (exceptions.Count > 0) // we have exceptions | ||
425 | { | ||
426 | // Retrieve the visitor's origin | ||
427 | string userURL = aCircuit.ServiceURLs["HomeURI"].ToString(); | ||
428 | if (!userURL.EndsWith("/")) | ||
429 | userURL += "/"; | ||
430 | |||
431 | if (exceptions.Find(delegate(string s) | ||
432 | { | ||
433 | if (!s.EndsWith("/")) | ||
434 | s += "/"; | ||
435 | return s == userURL; | ||
436 | }) != null) | ||
437 | exception = true; | ||
438 | } | ||
439 | |||
440 | return exception; | ||
441 | } | ||
396 | 442 | ||
397 | #endregion | 443 | #endregion |
398 | } | 444 | } |
diff --git a/bin/Robust.HG.ini.example b/bin/Robust.HG.ini.example index afb3f6f..1bafdbd 100644 --- a/bin/Robust.HG.ini.example +++ b/bin/Robust.HG.ini.example | |||
@@ -396,6 +396,18 @@ ServiceConnectors = "8003/OpenSim.Server.Handlers.dll:AssetServiceConnector,8003 | |||
396 | ;AllowedClients = "" | 396 | ;AllowedClients = "" |
397 | ;DeniedClients = "" | 397 | ;DeniedClients = "" |
398 | 398 | ||
399 | ;; Are foreign visitors allowed? | ||
400 | ;ForeignAgentsAllowed = true | ||
401 | ;; | ||
402 | ;; If ForeignAgentsAllowed is true, make exceptions using AllowExcept. | ||
403 | ;; Leave blank or commented for no exceptions. | ||
404 | ; AllowExcept = "http://griefer.com:8002, http://enemy.com:8002" | ||
405 | ;; | ||
406 | ;; If ForeignAgentsAllowed is false, make exceptions using DisallowExcept | ||
407 | ;; Leave blank or commented for no exceptions. | ||
408 | ; DisallowExcept = "http://myfriendgrid.com:8002, http://myboss.com:8002" | ||
409 | |||
410 | |||
399 | [UserAgentService] | 411 | [UserAgentService] |
400 | LocalServiceModule = "OpenSim.Services.HypergridService.dll:UserAgentService" | 412 | LocalServiceModule = "OpenSim.Services.HypergridService.dll:UserAgentService" |
401 | ;; for the service | 413 | ;; for the service |
diff --git a/bin/config-include/StandaloneCommon.ini.example b/bin/config-include/StandaloneCommon.ini.example index 048710a..4339cb1 100644 --- a/bin/config-include/StandaloneCommon.ini.example +++ b/bin/config-include/StandaloneCommon.ini.example | |||
@@ -164,8 +164,17 @@ | |||
164 | ;AllowedClients = "" | 164 | ;AllowedClients = "" |
165 | ;DeniedClients = "" | 165 | ;DeniedClients = "" |
166 | 166 | ||
167 | ;; Are foreign visitors allowed | 167 | ;; Are foreign visitors allowed? |
168 | ;ForeignAgentsAllowed = true | 168 | ;ForeignAgentsAllowed = true |
169 | ;; | ||
170 | ;; If ForeignAgentsAllowed is true, make exceptions using AllowExcept. | ||
171 | ;; Leave blank or commented for no exceptions. | ||
172 | ; AllowExcept = "http://griefer.com:8002, http://enemy.com:8002" | ||
173 | ;; | ||
174 | ;; If ForeignAgentsAllowed is false, make exceptions using DisallowExcept | ||
175 | ;; Leave blank or commented for no exceptions. | ||
176 | ; DisallowExcept = "http://myfriendgrid.com:8002, http://myboss.com:8002" | ||
177 | |||
169 | 178 | ||
170 | [FreeswitchService] | 179 | [FreeswitchService] |
171 | ;; If FreeSWITCH is not being used then you don't need to set any of these parameters | 180 | ;; If FreeSWITCH is not being used then you don't need to set any of these parameters |