aboutsummaryrefslogtreecommitdiffstatshomepage
diff options
context:
space:
mode:
authoronefang2019-08-02 21:20:11 +1000
committeronefang2019-08-02 21:20:11 +1000
commit85fcb4e75c94ff7b5b45609826df5113f32aacc0 (patch)
treeb34fa5ce80e228850c1548b9ba210e6836558c2e
parentBump sim ports up by 2 when creating, coz 5 is silly. (diff)
downloadopensim-SC_OLD-85fcb4e75c94ff7b5b45609826df5113f32aacc0.zip
opensim-SC_OLD-85fcb4e75c94ff7b5b45609826df5113f32aacc0.tar.gz
opensim-SC_OLD-85fcb4e75c94ff7b5b45609826df5113f32aacc0.tar.bz2
opensim-SC_OLD-85fcb4e75c94ff7b5b45609826df5113f32aacc0.tar.xz
Another attempt at sorting out the auto group chicken and egg problems.
Are you a local? Asking for a friend.
-rw-r--r--OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/AuthorizationService.cs8
-rw-r--r--OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/LocalAuthorizationServiceConnector.cs5
-rw-r--r--OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/RemoteAuthorizationServiceConnector.cs4
-rw-r--r--OpenSim/Region/Framework/Scenes/Scene.cs24
-rw-r--r--OpenSim/Server/Handlers/Authorization/AuthorizationServerPostHandler.cs3
-rw-r--r--OpenSim/Services/AuthorizationService/AuthorizationService.cs3
-rw-r--r--OpenSim/Services/Interfaces/IAuthorizationService.cs2
7 files changed, 33 insertions, 16 deletions
diff --git a/OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/AuthorizationService.cs b/OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/AuthorizationService.cs
index 2e06bc8..c910422 100644
--- a/OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/AuthorizationService.cs
+++ b/OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/AuthorizationService.cs
@@ -88,8 +88,11 @@ namespace OpenSim.Region.CoreModules.ServiceConnectorsOut.Authorization
88 } 88 }
89 89
90 public bool IsAuthorizedForRegion( 90 public bool IsAuthorizedForRegion(
91 string user, string firstName, string lastName, string regionID, out string message) 91 string user, string firstName, string lastName, string regionID, out string message, out bool isLocal)
92 { 92 {
93 UUID userID = new UUID(user);
94 isLocal = m_UserManagement.IsLocalGridUser(userID);
95
93 // This should not happen 96 // This should not happen
94 if (m_Scene.RegionInfo.RegionID.ToString() != regionID) 97 if (m_Scene.RegionInfo.RegionID.ToString() != regionID)
95 { 98 {
@@ -105,11 +108,10 @@ namespace OpenSim.Region.CoreModules.ServiceConnectorsOut.Authorization
105 return true; 108 return true;
106 } 109 }
107 110
108 UUID userID = new UUID(user);
109 111
110 if ((m_accessValue & AccessFlags.DisallowForeigners) != 0) 112 if ((m_accessValue & AccessFlags.DisallowForeigners) != 0)
111 { 113 {
112 if (!m_UserManagement.IsLocalGridUser(userID)) 114 if (!isLocal)
113 { 115 {
114 message = "No foreign users allowed in this region"; 116 message = "No foreign users allowed in this region";
115 return false; 117 return false;
diff --git a/OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/LocalAuthorizationServiceConnector.cs b/OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/LocalAuthorizationServiceConnector.cs
index 0be0676..b2be907 100644
--- a/OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/LocalAuthorizationServiceConnector.cs
+++ b/OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/LocalAuthorizationServiceConnector.cs
@@ -114,13 +114,14 @@ namespace OpenSim.Region.CoreModules.ServiceConnectorsOut.Authorization
114 } 114 }
115 115
116 public bool IsAuthorizedForRegion( 116 public bool IsAuthorizedForRegion(
117 string userID, string firstName, string lastName, string regionID, out string message) 117 string userID, string firstName, string lastName, string regionID, out string message, out bool isLocal)
118 { 118 {
119 message = ""; 119 message = "";
120 isLocal = false;
120 if (!m_Enabled) 121 if (!m_Enabled)
121 return true; 122 return true;
122 123
123 return m_AuthorizationService.IsAuthorizedForRegion(userID, firstName, lastName, regionID, out message); 124 return m_AuthorizationService.IsAuthorizedForRegion(userID, firstName, lastName, regionID, out message, out isLocal);
124 } 125 }
125 } 126 }
126} \ No newline at end of file 127} \ No newline at end of file
diff --git a/OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/RemoteAuthorizationServiceConnector.cs b/OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/RemoteAuthorizationServiceConnector.cs
index f312b0d..3df3288 100644
--- a/OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/RemoteAuthorizationServiceConnector.cs
+++ b/OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/RemoteAuthorizationServiceConnector.cs
@@ -120,7 +120,7 @@ namespace OpenSim.Region.CoreModules.ServiceConnectorsOut.Authorization
120 } 120 }
121 121
122 public bool IsAuthorizedForRegion( 122 public bool IsAuthorizedForRegion(
123 string userID, string firstName, string lastName, string regionID, out string message) 123 string userID, string firstName, string lastName, string regionID, out string message, out bool isLocal)
124 { 124 {
125 m_log.InfoFormat( 125 m_log.InfoFormat(
126 "[REMOTE AUTHORIZATION CONNECTOR]: IsAuthorizedForRegion checking {0} for region {1}", userID, regionID); 126 "[REMOTE AUTHORIZATION CONNECTOR]: IsAuthorizedForRegion checking {0} for region {1}", userID, regionID);
@@ -141,6 +141,7 @@ namespace OpenSim.Region.CoreModules.ServiceConnectorsOut.Authorization
141 } 141 }
142 } 142 }
143 143
144 isLocal = false;
144 if (scene != null) 145 if (scene != null)
145 { 146 {
146 string mail = String.Empty; 147 string mail = String.Empty;
@@ -153,6 +154,7 @@ namespace OpenSim.Region.CoreModules.ServiceConnectorsOut.Authorization
153 mail = account.Email; 154 mail = account.Email;
154 firstName = account.FirstName; 155 firstName = account.FirstName;
155 lastName = account.LastName; 156 lastName = account.LastName;
157 isLocal = true;
156 } 158 }
157 159
158 isAuthorized 160 isAuthorized
diff --git a/OpenSim/Region/Framework/Scenes/Scene.cs b/OpenSim/Region/Framework/Scenes/Scene.cs
index ba08aab..fcfa448 100644
--- a/OpenSim/Region/Framework/Scenes/Scene.cs
+++ b/OpenSim/Region/Framework/Scenes/Scene.cs
@@ -4351,6 +4351,7 @@ namespace OpenSim.Region.Framework.Scenes
4351 protected virtual bool AuthorizeUser(AgentCircuitData agent, bool bypassAccessControl, out string reason) 4351 protected virtual bool AuthorizeUser(AgentCircuitData agent, bool bypassAccessControl, out string reason)
4352 { 4352 {
4353 reason = String.Empty; 4353 reason = String.Empty;
4354 bool isLocal = false;
4354 4355
4355 if (!m_strictAccessControl) 4356 if (!m_strictAccessControl)
4356 return true; 4357 return true;
@@ -4360,7 +4361,7 @@ namespace OpenSim.Region.Framework.Scenes
4360 if (AuthorizationService != null) 4361 if (AuthorizationService != null)
4361 { 4362 {
4362 if (!AuthorizationService.IsAuthorizedForRegion( 4363 if (!AuthorizationService.IsAuthorizedForRegion(
4363 agent.AgentID.ToString(), agent.firstname, agent.lastname, RegionInfo.RegionID.ToString(), out reason)) 4364 agent.AgentID.ToString(), agent.firstname, agent.lastname, RegionInfo.RegionID.ToString(), out reason, out isLocal))
4364 { 4365 {
4365 m_log.WarnFormat("[CONNECTION BEGIN]: Denied access to: {0} ({1} {2}) at {3} because: {4}", 4366 m_log.WarnFormat("[CONNECTION BEGIN]: Denied access to: {0} ({1} {2}) at {3} because: {4}",
4366 agent.AgentID, agent.firstname, agent.lastname, RegionInfo.RegionName, reason); 4367 agent.AgentID, agent.firstname, agent.lastname, RegionInfo.RegionName, reason);
@@ -4403,15 +4404,24 @@ namespace OpenSim.Region.Framework.Scenes
4403 for(int i = 0;i < GroupMembership.Length;i++) 4404 for(int i = 0;i < GroupMembership.Length;i++)
4404 agentGroups.Add(GroupMembership[i].GroupID); 4405 agentGroups.Add(GroupMembership[i].GroupID);
4405 // We get called twice, the first time the name is set to a single space. 4406 // We get called twice, the first time the name is set to a single space.
4407 // The first time is from QueryAccess(), the second from NewUserConnection()
4406// if (" " != agent.Name) 4408// if (" " != agent.Name)
4407 { 4409 {
4408 string grid = "local"; 4410 string grid = "";
4409 // agent.AgentID could look like this - @grid.com:8002 01234567-89ab-cdef-0123-456789abcdef 4411 if (isLocal)
4410 string a = agent.AgentID.ToString();
4411 if ("@" == a.Substring(0, 1))
4412 { 4412 {
4413 grid = a.Split(':')[0].Substring(1); 4413 grid = "local";
4414 m_log.InfoFormat("[CONNECTION BEGIN]: HYPERGRID agent {0} from grid {1}, checking auto groups.", agent.AgentID, grid); 4414 m_log.InfoFormat("[CONNECTION BEGIN]: LOCAL agent {0}, checking auto groups.", agent.AgentID);
4415 }
4416 else
4417 {
4418 // agent.AgentID could look like this - @grid.com:8002 01234567-89ab-cdef-0123-456789abcdef
4419 string a = agent.AgentID.ToString();
4420 if ("@" == a.Substring(0, 1))
4421 {
4422 grid = a.Split(':')[0].Substring(1);
4423 m_log.InfoFormat("[CONNECTION BEGIN]: HYPERGRID agent {0} from grid {1}, checking auto groups.", agent.AgentID, grid);
4424 }
4415 } 4425 }
4416 string[] groupIDs = null; 4426 string[] groupIDs = null;
4417 try 4427 try
diff --git a/OpenSim/Server/Handlers/Authorization/AuthorizationServerPostHandler.cs b/OpenSim/Server/Handlers/Authorization/AuthorizationServerPostHandler.cs
index 310a542..07e09bc 100644
--- a/OpenSim/Server/Handlers/Authorization/AuthorizationServerPostHandler.cs
+++ b/OpenSim/Server/Handlers/Authorization/AuthorizationServerPostHandler.cs
@@ -61,7 +61,8 @@ namespace OpenSim.Server.Handlers.Authorization
61 AuthorizationRequest Authorization = (AuthorizationRequest) xs.Deserialize(request); 61 AuthorizationRequest Authorization = (AuthorizationRequest) xs.Deserialize(request);
62 62
63 string message = String.Empty; 63 string message = String.Empty;
64 bool authorized = m_AuthorizationService.IsAuthorizedForRegion(Authorization.ID, Authorization.FirstName, Authorization.SurName, Authorization.RegionID, out message); 64 bool isLocal = false;
65 bool authorized = m_AuthorizationService.IsAuthorizedForRegion(Authorization.ID, Authorization.FirstName, Authorization.SurName, Authorization.RegionID, out message, out isLocal);
65 66
66 AuthorizationResponse result = new AuthorizationResponse(authorized, Authorization.ID + " has been authorized"); 67 AuthorizationResponse result = new AuthorizationResponse(authorized, Authorization.ID + " has been authorized");
67 68
diff --git a/OpenSim/Services/AuthorizationService/AuthorizationService.cs b/OpenSim/Services/AuthorizationService/AuthorizationService.cs
index 03da6e1..2fe43e7 100644
--- a/OpenSim/Services/AuthorizationService/AuthorizationService.cs
+++ b/OpenSim/Services/AuthorizationService/AuthorizationService.cs
@@ -49,9 +49,10 @@ namespace OpenSim.Services.AuthorizationService
49 } 49 }
50 50
51 public bool IsAuthorizedForRegion( 51 public bool IsAuthorizedForRegion(
52 string userID, string firstName, string lastName, string regionID, out string message) 52 string userID, string firstName, string lastName, string regionID, out string message, out bool isLocal)
53 { 53 {
54 message = "Authorized"; 54 message = "Authorized";
55 isLocal = true;
55 return true; 56 return true;
56 } 57 }
57 } 58 }
diff --git a/OpenSim/Services/Interfaces/IAuthorizationService.cs b/OpenSim/Services/Interfaces/IAuthorizationService.cs
index d4c697a..1974234 100644
--- a/OpenSim/Services/Interfaces/IAuthorizationService.cs
+++ b/OpenSim/Services/Interfaces/IAuthorizationService.cs
@@ -48,7 +48,7 @@ namespace OpenSim.Services.Interfaces
48 /// <param name="message"></param> 48 /// <param name="message"></param>
49 /// <returns></returns> 49 /// <returns></returns>
50 bool IsAuthorizedForRegion( 50 bool IsAuthorizedForRegion(
51 string userID, string firstName, string lastName, string regionID, out string message); 51 string userID, string firstName, string lastName, string regionID, out string message, out bool isLocal);
52 } 52 }
53 53
54 public class AuthorizationRequest 54 public class AuthorizationRequest