diff options
| author | Justin Clark-Casey (justincc) | 2011-07-23 03:46:55 +0100 |
|---|---|---|
| committer | Justin Clark-Casey (justincc) | 2011-07-23 03:48:53 +0100 |
| commit | 504de8bc4792eda165d71a2c7481cb43cb92759a (patch) | |
| tree | 3206f651448b2a9ef0fae5b210ae4f35d1b6730d | |
| parent | Change default AllowScriptCrossings config setting to true. (diff) | |
| download | opensim-SC_OLD-504de8bc4792eda165d71a2c7481cb43cb92759a.zip opensim-SC_OLD-504de8bc4792eda165d71a2c7481cb43cb92759a.tar.gz opensim-SC_OLD-504de8bc4792eda165d71a2c7481cb43cb92759a.tar.bz2 opensim-SC_OLD-504de8bc4792eda165d71a2c7481cb43cb92759a.tar.xz | |
Pass the first name and last name from the agent circuit data to the authorization service rather than from the account.
This is to accomodate situations where the authorization service is being used by the hypergrid, where visitors have no user account.
See http://opensimulator.org/mantis/view.php?id=5517, this code is somewhat adapted/cleaned up from Michelle's patch
I'm a little ambivalent about this since visitors could put anything in firstname/lastname so it's not much of an auth measure.
It's up to the auth service to decide which data it actually uses.
Possibly we should be passing through other info such as agent circuit ip
7 files changed, 50 insertions, 37 deletions
diff --git a/OpenSim/Framework/TaskInventoryDictionary.cs b/OpenSim/Framework/TaskInventoryDictionary.cs index 25ae6b0..421bd5d 100644 --- a/OpenSim/Framework/TaskInventoryDictionary.cs +++ b/OpenSim/Framework/TaskInventoryDictionary.cs | |||
| @@ -59,7 +59,7 @@ namespace OpenSim.Framework | |||
| 59 | clone.Add(uuid, (TaskInventoryItem) this[uuid].Clone()); | 59 | clone.Add(uuid, (TaskInventoryItem) this[uuid].Clone()); |
| 60 | } | 60 | } |
| 61 | } | 61 | } |
| 62 | 62 | ||
| 63 | return clone; | 63 | return clone; |
| 64 | } | 64 | } |
| 65 | 65 | ||
diff --git a/OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/LocalAuthorizationServiceConnector.cs b/OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/LocalAuthorizationServiceConnector.cs index 85a1ac3..18a7177 100644 --- a/OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/LocalAuthorizationServiceConnector.cs +++ b/OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/LocalAuthorizationServiceConnector.cs | |||
| @@ -39,8 +39,7 @@ using OpenMetaverse; | |||
| 39 | 39 | ||
| 40 | namespace OpenSim.Region.CoreModules.ServiceConnectorsOut.Authorization | 40 | namespace OpenSim.Region.CoreModules.ServiceConnectorsOut.Authorization |
| 41 | { | 41 | { |
| 42 | public class LocalAuthorizationServicesConnector : | 42 | public class LocalAuthorizationServicesConnector : ISharedRegionModule, IAuthorizationService |
| 43 | ISharedRegionModule, IAuthorizationService | ||
| 44 | { | 43 | { |
| 45 | private static readonly ILog m_log = | 44 | private static readonly ILog m_log = |
| 46 | LogManager.GetLogger( | 45 | LogManager.GetLogger( |
| @@ -127,15 +126,15 @@ namespace OpenSim.Region.CoreModules.ServiceConnectorsOut.Authorization | |||
| 127 | if (!m_Enabled) | 126 | if (!m_Enabled) |
| 128 | return; | 127 | return; |
| 129 | 128 | ||
| 130 | m_log.InfoFormat("[AUTHORIZATION CONNECTOR]: Enabled local authorization for region {0}", scene.RegionInfo.RegionName); | 129 | m_log.InfoFormat( |
| 131 | 130 | "[AUTHORIZATION CONNECTOR]: Enabled local authorization for region {0}", | |
| 132 | 131 | scene.RegionInfo.RegionName); | |
| 133 | } | 132 | } |
| 134 | 133 | ||
| 135 | public bool IsAuthorizedForRegion(string userID, string regionID, out string message) | 134 | public bool IsAuthorizedForRegion( |
| 135 | string userID, string firstName, string lastName, string regionID, out string message) | ||
| 136 | { | 136 | { |
| 137 | return m_AuthorizationService.IsAuthorizedForRegion(userID, regionID, out message); | 137 | return m_AuthorizationService.IsAuthorizedForRegion(userID, firstName, lastName, regionID, out message); |
| 138 | } | 138 | } |
| 139 | |||
| 140 | } | 139 | } |
| 141 | } | 140 | } \ No newline at end of file |
diff --git a/OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/RemoteAuthorizationServiceConnector.cs b/OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/RemoteAuthorizationServiceConnector.cs index 66994fa..5fa27b8 100644 --- a/OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/RemoteAuthorizationServiceConnector.cs +++ b/OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/RemoteAuthorizationServiceConnector.cs | |||
| @@ -117,12 +117,15 @@ namespace OpenSim.Region.CoreModules.ServiceConnectorsOut.Authorization | |||
| 117 | 117 | ||
| 118 | } | 118 | } |
| 119 | 119 | ||
| 120 | public bool IsAuthorizedForRegion(string userID, string regionID, out string message) | 120 | public bool IsAuthorizedForRegion( |
| 121 | string userID, string firstName, string lastName, string regionID, out string message) | ||
| 121 | { | 122 | { |
| 122 | m_log.InfoFormat("[REMOTE AUTHORIZATION CONNECTOR]: IsAuthorizedForRegion checking {0} for region {1}", userID, regionID); | 123 | m_log.InfoFormat( |
| 124 | "[REMOTE AUTHORIZATION CONNECTOR]: IsAuthorizedForRegion checking {0} for region {1}", userID, regionID); | ||
| 123 | 125 | ||
| 124 | bool isAuthorized = true; | 126 | bool isAuthorized = true; |
| 125 | message = String.Empty; | 127 | message = String.Empty; |
| 128 | string mail = String.Empty; | ||
| 126 | 129 | ||
| 127 | // get the scene this call is being made for | 130 | // get the scene this call is being made for |
| 128 | Scene scene = null; | 131 | Scene scene = null; |
| @@ -140,17 +143,22 @@ namespace OpenSim.Region.CoreModules.ServiceConnectorsOut.Authorization | |||
| 140 | if (scene != null) | 143 | if (scene != null) |
| 141 | { | 144 | { |
| 142 | UserAccount account = scene.UserAccountService.GetUserAccount(UUID.Zero, new UUID(userID)); | 145 | UserAccount account = scene.UserAccountService.GetUserAccount(UUID.Zero, new UUID(userID)); |
| 143 | isAuthorized = IsAuthorizedForRegion(userID, account.FirstName, account.LastName, | 146 | |
| 144 | account.Email, scene.RegionInfo.RegionName, regionID, out message); | 147 | if (account != null) |
| 148 | mail = account.Email; | ||
| 149 | |||
| 150 | isAuthorized | ||
| 151 | = IsAuthorizedForRegion( | ||
| 152 | userID, firstName, lastName, account.Email, scene.RegionInfo.RegionName, regionID, out message); | ||
| 145 | } | 153 | } |
| 146 | else | 154 | else |
| 147 | { | 155 | { |
| 148 | m_log.ErrorFormat("[REMOTE AUTHORIZATION CONNECTOR] IsAuthorizedForRegion, can't find scene to match region id of {0} ",regionID); | 156 | m_log.ErrorFormat( |
| 157 | "[REMOTE AUTHORIZATION CONNECTOR] IsAuthorizedForRegion, can't find scene to match region id of {0}", | ||
| 158 | regionID); | ||
| 149 | } | 159 | } |
| 150 | 160 | ||
| 151 | |||
| 152 | return isAuthorized; | 161 | return isAuthorized; |
| 153 | |||
| 154 | } | 162 | } |
| 155 | } | 163 | } |
| 156 | } | 164 | } \ No newline at end of file |
diff --git a/OpenSim/Region/Framework/Scenes/Scene.cs b/OpenSim/Region/Framework/Scenes/Scene.cs index 32a2887..1a32510 100644 --- a/OpenSim/Region/Framework/Scenes/Scene.cs +++ b/OpenSim/Region/Framework/Scenes/Scene.cs | |||
| @@ -3553,11 +3553,12 @@ namespace OpenSim.Region.Framework.Scenes | |||
| 3553 | 3553 | ||
| 3554 | if (AuthorizationService != null) | 3554 | if (AuthorizationService != null) |
| 3555 | { | 3555 | { |
| 3556 | if (!AuthorizationService.IsAuthorizedForRegion(agent.AgentID.ToString(), RegionInfo.RegionID.ToString(),out reason)) | 3556 | if (!AuthorizationService.IsAuthorizedForRegion( |
| 3557 | agent.AgentID.ToString(), agent.firstname, agent.lastname, RegionInfo.RegionID.ToString(), out reason)) | ||
| 3557 | { | 3558 | { |
| 3558 | m_log.WarnFormat("[CONNECTION BEGIN]: Denied access to: {0} ({1} {2}) at {3} because the user does not have access to the region", | 3559 | m_log.WarnFormat("[CONNECTION BEGIN]: Denied access to: {0} ({1} {2}) at {3} because the user does not have access to the region", |
| 3559 | agent.AgentID, agent.firstname, agent.lastname, RegionInfo.RegionName); | 3560 | agent.AgentID, agent.firstname, agent.lastname, RegionInfo.RegionName); |
| 3560 | //reason = String.Format("You are not currently on the access list for {0}",RegionInfo.RegionName); | 3561 | |
| 3561 | return false; | 3562 | return false; |
| 3562 | } | 3563 | } |
| 3563 | } | 3564 | } |
diff --git a/OpenSim/Server/Handlers/Authorization/AuthorizationServerPostHandler.cs b/OpenSim/Server/Handlers/Authorization/AuthorizationServerPostHandler.cs index f987de4..d656238 100644 --- a/OpenSim/Server/Handlers/Authorization/AuthorizationServerPostHandler.cs +++ b/OpenSim/Server/Handlers/Authorization/AuthorizationServerPostHandler.cs | |||
| @@ -61,7 +61,7 @@ namespace OpenSim.Server.Handlers.Authorization | |||
| 61 | AuthorizationRequest Authorization = (AuthorizationRequest) xs.Deserialize(request); | 61 | AuthorizationRequest Authorization = (AuthorizationRequest) xs.Deserialize(request); |
| 62 | 62 | ||
| 63 | string message = String.Empty; | 63 | string message = String.Empty; |
| 64 | bool authorized = m_AuthorizationService.IsAuthorizedForRegion(Authorization.ID, Authorization.RegionID,out message); | 64 | bool authorized = m_AuthorizationService.IsAuthorizedForRegion(Authorization.ID, Authorization.FirstName, Authorization.SurName, Authorization.RegionID, out message); |
| 65 | 65 | ||
| 66 | AuthorizationResponse result = new AuthorizationResponse(authorized, Authorization.ID + " has been authorized"); | 66 | AuthorizationResponse result = new AuthorizationResponse(authorized, Authorization.ID + " has been authorized"); |
| 67 | 67 | ||
diff --git a/OpenSim/Services/AuthorizationService/AuthorizationService.cs b/OpenSim/Services/AuthorizationService/AuthorizationService.cs index d658368..03da6e1 100644 --- a/OpenSim/Services/AuthorizationService/AuthorizationService.cs +++ b/OpenSim/Services/AuthorizationService/AuthorizationService.cs | |||
| @@ -48,10 +48,11 @@ namespace OpenSim.Services.AuthorizationService | |||
| 48 | m_log.Info("[AUTHORIZATION CONNECTOR]: Local Authorization service enabled"); | 48 | m_log.Info("[AUTHORIZATION CONNECTOR]: Local Authorization service enabled"); |
| 49 | } | 49 | } |
| 50 | 50 | ||
| 51 | public bool IsAuthorizedForRegion(string userID, string regionID, out string message) | 51 | public bool IsAuthorizedForRegion( |
| 52 | string userID, string firstName, string lastName, string regionID, out string message) | ||
| 52 | { | 53 | { |
| 53 | message = "Authorized"; | 54 | message = "Authorized"; |
| 54 | return true; | 55 | return true; |
| 55 | } | 56 | } |
| 56 | } | 57 | } |
| 57 | } | 58 | } \ No newline at end of file |
diff --git a/OpenSim/Services/Interfaces/IAuthorizationService.cs b/OpenSim/Services/Interfaces/IAuthorizationService.cs index c5d577a..e5c68f6 100644 --- a/OpenSim/Services/Interfaces/IAuthorizationService.cs +++ b/OpenSim/Services/Interfaces/IAuthorizationService.cs | |||
| @@ -34,14 +34,21 @@ namespace OpenSim.Services.Interfaces | |||
| 34 | 34 | ||
| 35 | public interface IAuthorizationService | 35 | public interface IAuthorizationService |
| 36 | { | 36 | { |
| 37 | ////////////////////////////////////////////////////// | 37 | /// <summary> |
| 38 | // Authorized | 38 | /// Check whether the user should be given access to the region. |
| 39 | // | 39 | /// </summary> |
| 40 | // This method returns a simple true false indicating | 40 | /// <remarks> |
| 41 | // whether or not a user has access to the region | 41 | /// We also supply user first name and last name for situations where the user does not have an account |
| 42 | // | 42 | /// on the region (e.g. they're a visitor via Hypergrid). |
| 43 | bool IsAuthorizedForRegion(string userID, string regionID, out string message); | 43 | /// </remarks> |
| 44 | 44 | /// <param name="userID"></param> | |
| 45 | /// <param name="firstName">/param> | ||
| 46 | /// <param name="lastName"></param> | ||
| 47 | /// <param name="regionID"></param> | ||
| 48 | /// <param name="message"></param> | ||
| 49 | /// <returns></returns> | ||
| 50 | bool IsAuthorizedForRegion( | ||
| 51 | string userID, string firstName, string lastName, string regionID, out string message); | ||
| 45 | } | 52 | } |
| 46 | 53 | ||
| 47 | public class AuthorizationRequest | 54 | public class AuthorizationRequest |
| @@ -63,7 +70,8 @@ namespace OpenSim.Services.Interfaces | |||
| 63 | m_regionID = RegionID; | 70 | m_regionID = RegionID; |
| 64 | } | 71 | } |
| 65 | 72 | ||
| 66 | public AuthorizationRequest(string ID,string FirstName, string SurName, string Email, string RegionName, string RegionID) | 73 | public AuthorizationRequest( |
| 74 | string ID, string FirstName, string SurName, string Email, string RegionName, string RegionID) | ||
| 67 | { | 75 | { |
| 68 | m_userID = ID; | 76 | m_userID = ID; |
| 69 | m_firstname = FirstName; | 77 | m_firstname = FirstName; |
| @@ -108,9 +116,6 @@ namespace OpenSim.Services.Interfaces | |||
| 108 | get { return m_regionID; } | 116 | get { return m_regionID; } |
| 109 | set { m_regionID = value; } | 117 | set { m_regionID = value; } |
| 110 | } | 118 | } |
| 111 | |||
| 112 | |||
| 113 | |||
| 114 | } | 119 | } |
| 115 | 120 | ||
| 116 | public class AuthorizationResponse | 121 | public class AuthorizationResponse |
| @@ -126,7 +131,6 @@ namespace OpenSim.Services.Interfaces | |||
| 126 | { | 131 | { |
| 127 | m_isAuthorized = isAuthorized; | 132 | m_isAuthorized = isAuthorized; |
| 128 | m_message = message; | 133 | m_message = message; |
| 129 | |||
| 130 | } | 134 | } |
| 131 | 135 | ||
| 132 | public bool IsAuthorized | 136 | public bool IsAuthorized |
| @@ -141,4 +145,4 @@ namespace OpenSim.Services.Interfaces | |||
| 141 | set { m_message = value; } | 145 | set { m_message = value; } |
| 142 | } | 146 | } |
| 143 | } | 147 | } |
| 144 | } | 148 | } \ No newline at end of file |