aboutsummaryrefslogtreecommitdiffstatshomepage
diff options
context:
space:
mode:
authorDiva Canto2012-09-21 21:03:14 -0700
committerDiva Canto2012-09-21 21:03:14 -0700
commit48f4b32d7f23c2d7a52db355017c8b2bb57b55fa (patch)
treeed64af8f3eb3842b75b4b645b3900cad033aa406
parentMerge branch 'master' of ssh://opensimulator.org/var/git/opensim (diff)
downloadopensim-SC_OLD-48f4b32d7f23c2d7a52db355017c8b2bb57b55fa.zip
opensim-SC_OLD-48f4b32d7f23c2d7a52db355017c8b2bb57b55fa.tar.gz
opensim-SC_OLD-48f4b32d7f23c2d7a52db355017c8b2bb57b55fa.tar.bz2
opensim-SC_OLD-48f4b32d7f23c2d7a52db355017c8b2bb57b55fa.tar.xz
More HG 2.0: access control at the Gatekeeper. \o/
-rw-r--r--OpenSim/Services/HypergridService/GatekeeperService.cs62
-rw-r--r--bin/Robust.HG.ini.example12
-rw-r--r--bin/config-include/StandaloneCommon.ini.example11
3 files changed, 76 insertions, 9 deletions
diff --git a/OpenSim/Services/HypergridService/GatekeeperService.cs b/OpenSim/Services/HypergridService/GatekeeperService.cs
index 47d22b9..0f7d7c6 100644
--- a/OpenSim/Services/HypergridService/GatekeeperService.cs
+++ b/OpenSim/Services/HypergridService/GatekeeperService.cs
@@ -58,9 +58,11 @@ namespace OpenSim.Services.HypergridService
58 private static IUserAgentService m_UserAgentService; 58 private static IUserAgentService m_UserAgentService;
59 private static ISimulationService m_SimulationService; 59 private static ISimulationService m_SimulationService;
60 60
61 protected string m_AllowedClients = string.Empty; 61 private static string m_AllowedClients = string.Empty;
62 protected string m_DeniedClients = string.Empty; 62 private static string m_DeniedClients = string.Empty;
63 private static bool m_ForeignAgentsAllowed = true; 63 private static bool m_ForeignAgentsAllowed = true;
64 private static List<string> m_ForeignsAllowedExceptions = new List<string>();
65 private static List<string> m_ForeignsDisallowedExceptions = new List<string>();
64 66
65 private static UUID m_ScopeID; 67 private static UUID m_ScopeID;
66 private static bool m_AllowTeleportsToAnyRegion; 68 private static bool m_AllowTeleportsToAnyRegion;
@@ -113,6 +115,9 @@ namespace OpenSim.Services.HypergridService
113 m_DeniedClients = serverConfig.GetString("DeniedClients", string.Empty); 115 m_DeniedClients = serverConfig.GetString("DeniedClients", string.Empty);
114 m_ForeignAgentsAllowed = serverConfig.GetBoolean("ForeignAgentsAllowed", true); 116 m_ForeignAgentsAllowed = serverConfig.GetBoolean("ForeignAgentsAllowed", true);
115 117
118 LoadDomainExceptionsFromConfig(serverConfig, "AllowExcept", m_ForeignsAllowedExceptions);
119 LoadDomainExceptionsFromConfig(serverConfig, "DisallowExcept", m_ForeignsDisallowedExceptions);
120
116 if (m_GridService == null || m_PresenceService == null || m_SimulationService == null) 121 if (m_GridService == null || m_PresenceService == null || m_SimulationService == null)
117 throw new Exception("Unable to load a required plugin, Gatekeeper Service cannot function."); 122 throw new Exception("Unable to load a required plugin, Gatekeeper Service cannot function.");
118 123
@@ -125,6 +130,15 @@ namespace OpenSim.Services.HypergridService
125 { 130 {
126 } 131 }
127 132
133 protected void LoadDomainExceptionsFromConfig(IConfig config, string variable, List<string> exceptions)
134 {
135 string value = config.GetString(variable, string.Empty);
136 string[] parts = value.Split(new char[] { ',' }, StringSplitOptions.RemoveEmptyEntries);
137
138 foreach (string s in parts)
139 exceptions.Add(s.Trim());
140 }
141
128 public bool LinkRegion(string regionName, out UUID regionID, out ulong regionHandle, out string externalName, out string imageURL, out string reason) 142 public bool LinkRegion(string regionName, out UUID regionID, out ulong regionHandle, out string externalName, out string imageURL, out string reason)
129 { 143 {
130 regionID = UUID.Zero; 144 regionID = UUID.Zero;
@@ -260,14 +274,25 @@ namespace OpenSim.Services.HypergridService
260 m_log.DebugFormat("[GATEKEEPER SERVICE]: User is ok"); 274 m_log.DebugFormat("[GATEKEEPER SERVICE]: User is ok");
261 275
262 // 276 //
263 // Foreign agents allowed 277 // Foreign agents allowed? Exceptions?
264 // 278 //
265 if (account == null && !m_ForeignAgentsAllowed) 279 if (account == null)
266 { 280 {
267 reason = "Unauthorized"; 281 bool allowed = m_ForeignAgentsAllowed;
268 m_log.InfoFormat("[GATEKEEPER SERVICE]: Foreign agents are not permitted {0} {1}. Refusing service.", 282
269 aCircuit.firstname, aCircuit.lastname); 283 if (m_ForeignAgentsAllowed && IsException(aCircuit, m_ForeignsAllowedExceptions))
270 return false; 284 allowed = false;
285
286 if (!m_ForeignAgentsAllowed && IsException(aCircuit, m_ForeignsDisallowedExceptions))
287 allowed = true;
288
289 if (!allowed)
290 {
291 reason = "Destination does not allow visitors from your world";
292 m_log.InfoFormat("[GATEKEEPER SERVICE]: Foreign agents are not permitted {0} {1} @ {2}. Refusing service.",
293 aCircuit.firstname, aCircuit.lastname, aCircuit.ServiceURLs["HomeURI"]);
294 return false;
295 }
271 } 296 }
272 297
273 // May want to authorize 298 // May want to authorize
@@ -393,6 +418,27 @@ namespace OpenSim.Services.HypergridService
393 418
394 #region Misc 419 #region Misc
395 420
421 private bool IsException(AgentCircuitData aCircuit, List<string> exceptions)
422 {
423 bool exception = false;
424 if (exceptions.Count > 0) // we have exceptions
425 {
426 // Retrieve the visitor's origin
427 string userURL = aCircuit.ServiceURLs["HomeURI"].ToString();
428 if (!userURL.EndsWith("/"))
429 userURL += "/";
430
431 if (exceptions.Find(delegate(string s)
432 {
433 if (!s.EndsWith("/"))
434 s += "/";
435 return s == userURL;
436 }) != null)
437 exception = true;
438 }
439
440 return exception;
441 }
396 442
397 #endregion 443 #endregion
398 } 444 }
diff --git a/bin/Robust.HG.ini.example b/bin/Robust.HG.ini.example
index afb3f6f..1bafdbd 100644
--- a/bin/Robust.HG.ini.example
+++ b/bin/Robust.HG.ini.example
@@ -396,6 +396,18 @@ ServiceConnectors = "8003/OpenSim.Server.Handlers.dll:AssetServiceConnector,8003
396 ;AllowedClients = "" 396 ;AllowedClients = ""
397 ;DeniedClients = "" 397 ;DeniedClients = ""
398 398
399 ;; Are foreign visitors allowed?
400 ;ForeignAgentsAllowed = true
401 ;;
402 ;; If ForeignAgentsAllowed is true, make exceptions using AllowExcept.
403 ;; Leave blank or commented for no exceptions.
404 ; AllowExcept = "http://griefer.com:8002, http://enemy.com:8002"
405 ;;
406 ;; If ForeignAgentsAllowed is false, make exceptions using DisallowExcept
407 ;; Leave blank or commented for no exceptions.
408 ; DisallowExcept = "http://myfriendgrid.com:8002, http://myboss.com:8002"
409
410
399[UserAgentService] 411[UserAgentService]
400 LocalServiceModule = "OpenSim.Services.HypergridService.dll:UserAgentService" 412 LocalServiceModule = "OpenSim.Services.HypergridService.dll:UserAgentService"
401 ;; for the service 413 ;; for the service
diff --git a/bin/config-include/StandaloneCommon.ini.example b/bin/config-include/StandaloneCommon.ini.example
index 048710a..4339cb1 100644
--- a/bin/config-include/StandaloneCommon.ini.example
+++ b/bin/config-include/StandaloneCommon.ini.example
@@ -164,8 +164,17 @@
164 ;AllowedClients = "" 164 ;AllowedClients = ""
165 ;DeniedClients = "" 165 ;DeniedClients = ""
166 166
167 ;; Are foreign visitors allowed 167 ;; Are foreign visitors allowed?
168 ;ForeignAgentsAllowed = true 168 ;ForeignAgentsAllowed = true
169 ;;
170 ;; If ForeignAgentsAllowed is true, make exceptions using AllowExcept.
171 ;; Leave blank or commented for no exceptions.
172 ; AllowExcept = "http://griefer.com:8002, http://enemy.com:8002"
173 ;;
174 ;; If ForeignAgentsAllowed is false, make exceptions using DisallowExcept
175 ;; Leave blank or commented for no exceptions.
176 ; DisallowExcept = "http://myfriendgrid.com:8002, http://myboss.com:8002"
177
169 178
170[FreeswitchService] 179[FreeswitchService]
171 ;; If FreeSWITCH is not being used then you don't need to set any of these parameters 180 ;; If FreeSWITCH is not being used then you don't need to set any of these parameters