Clean up viewer-based access control specifications.

7 files changed, 71 insertions, 61 deletions

diff --git a/OpenSim/Region/Framework/Scenes/Scene.cs b/OpenSim/Region/Framework/Scenes/Scene.cs
index 8c2f45e..dce2247 100755
--- a/OpenSim/Region/Framework/Scenes/Scene.cs
+++ b/OpenSim/Region/Framework/Scenes/Scene.cs
@@ -1051,11 +1051,11 @@ namespace OpenSim.Region.Framework.Scenes
                     }
                 }
 
-                string[] possibleAccessControlConfigSections = new string[] { "AccessControl", "Startup" };
+                string[] possibleAccessControlConfigSections = new string[] { "Startup", "AccessControl"};
 
                 string grant
                     = Util.GetConfigVarFromSections<string>(
-                        config, "AllowedClients", possibleAccessControlConfigSections, "");
+                        config, "AllowedClients", possibleAccessControlConfigSections, string.Empty);
 
                 if (grant.Length > 0)
                 {
@@ -1067,7 +1067,11 @@ namespace OpenSim.Region.Framework.Scenes
 
                 grant
                     = Util.GetConfigVarFromSections<string>(
-                        config, "BannedClients", possibleAccessControlConfigSections, "");
+                        config, "DeniedClients", possibleAccessControlConfigSections, String.Empty);
+                // Deal with the mess of someone having used a different word at some point
+                if (grant == String.Empty)
+                    grant = Util.GetConfigVarFromSections<string>(
+                            config, "BannedClients", possibleAccessControlConfigSections, String.Empty);
 
                 if (grant.Length > 0)
                 {
diff --git a/OpenSim/Services/HypergridService/GatekeeperService.cs b/OpenSim/Services/HypergridService/GatekeeperService.cs
index 44b26d5..87c6810 100644
--- a/OpenSim/Services/HypergridService/GatekeeperService.cs
+++ b/OpenSim/Services/HypergridService/GatekeeperService.cs
@@ -131,8 +131,11 @@ namespace OpenSim.Services.HypergridService
                 else if (simulationService != string.Empty)
                         m_SimulationService = ServerUtils.LoadPlugin<ISimulationService>(simulationService, args);
 
-                m_AllowedClients = serverConfig.GetString("AllowedClients", string.Empty);
-                m_DeniedClients = serverConfig.GetString("DeniedClients", string.Empty);
+                string[] possibleAccessControlConfigSections = new string[] { "AccessControl", "GatekeeperService" };
+                m_AllowedClients = Util.GetConfigVarFromSections<string>(
+                        config, "AllowedClients", possibleAccessControlConfigSections, string.Empty);
+                m_DeniedClients = Util.GetConfigVarFromSections<string>(
+                        config, "DeniedClients", possibleAccessControlConfigSections, string.Empty); 
                 m_ForeignAgentsAllowed = serverConfig.GetBoolean("ForeignAgentsAllowed", true);
 
                 LoadDomainExceptionsFromConfig(serverConfig, "AllowExcept", m_ForeignsAllowedExceptions);
diff --git a/OpenSim/Services/LLLoginService/LLLoginService.cs b/OpenSim/Services/LLLoginService/LLLoginService.cs
index d67bc4d..10c2e8c 100644
--- a/OpenSim/Services/LLLoginService/LLLoginService.cs
+++ b/OpenSim/Services/LLLoginService/LLLoginService.cs
@@ -123,8 +123,12 @@ namespace OpenSim.Services.LLLoginService
             m_DestinationGuide = m_LoginServerConfig.GetString ("DestinationGuide", string.Empty);
             m_AvatarPicker = m_LoginServerConfig.GetString ("AvatarPicker", string.Empty);
 
-            m_AllowedClients = m_LoginServerConfig.GetString("AllowedClients", string.Empty);
-            m_DeniedClients = m_LoginServerConfig.GetString("DeniedClients", string.Empty);
+            string[] possibleAccessControlConfigSections = new string[] { "AccessControl", "LoginService" };
+            m_AllowedClients = Util.GetConfigVarFromSections<string>(
+                    config, "AllowedClients", possibleAccessControlConfigSections, string.Empty);
+            m_DeniedClients = Util.GetConfigVarFromSections<string>(
+                    config, "DeniedClients", possibleAccessControlConfigSections, string.Empty); 
+
             m_MessageUrl = m_LoginServerConfig.GetString("MessageUrl", string.Empty);
             m_DSTZone = m_LoginServerConfig.GetString("DSTZone", "America/Los_Angeles;Pacific Standard Time");
 
diff --git a/bin/OpenSim.ini.example b/bin/OpenSim.ini.example
index 71e76db..f5268bd 100644
--- a/bin/OpenSim.ini.example
+++ b/bin/OpenSim.ini.example
@@ -308,9 +308,9 @@
     ;; - "Imprudence" has access
     ;; - "Imprudence 1.3" has access
     ;; - "Imprudence 1.3.1" has no access
-    ; AllowedClients =
+    ; AllowedClients = ""
 
-    ;# {BannedClients} {} {Bar (|) separated list of banned clients} {}
+    ;# {DeniedClients} {} {Bar (|) separated list of denied clients} {}
     ;; Bar (|) separated list of viewers which may not gain access to the regions.
     ;; One can use a Substring of the viewer name to disable only certain
     ;; versions
@@ -318,7 +318,8 @@
     ;; - "Imprudence" has no access
     ;; - "Imprudence 1.3" has no access
     ;; - "Imprudence 1.3.1" has access
-    ; BannedClients = 
+        ;;
+    ; DeniedClients = ""
 
 
 [Map]
diff --git a/bin/OpenSimDefaults.ini b/bin/OpenSimDefaults.ini
index c0c8134..963eeff 100644
--- a/bin/OpenSimDefaults.ini
+++ b/bin/OpenSimDefaults.ini
@@ -531,6 +531,14 @@
     ; many simultaneous requests, default is 30 and is currently applied only to assets
     ;MaxRequestConcurrency = 30
 
+[AccessControl]
+        ; Viewer-based access control. |-separated list of allowed viewers.
+    ; AllowedClients = ""
+
+        ; Viewer-based access control. |-separated list of denied viewers. 
+        ; No restrictions by default.
+    ; DeniedClients = ""
+
 
 [ClientStack.LindenUDP]
     ; Set this to true to process incoming packets asynchronously. Networking is
diff --git a/bin/Robust.HG.ini.example b/bin/Robust.HG.ini.example
index 36025d5..82eaf1f 100644
--- a/bin/Robust.HG.ini.example
+++ b/bin/Robust.HG.ini.example
@@ -184,6 +184,26 @@
     ;; This is a default that can be overwritten in some sections.
     ; GatekeeperURI = "${Const|BaseURL}:${Const|PublicPort}"
 
+[AccessControl]
+    ;# {AllowedClients} {} {Bar (|) separated list of allowed clients} {}
+    ;; Bar (|) separated list of viewers which may gain access to the regions.
+    ;; One can use a substring of the viewer name to enable only certain
+    ;; versions
+    ;; Example: Agent uses the viewer "Imprudence 1.3.2.0"
+    ;; - "Imprudence" has access
+    ;; - "Imprudence 1.3" has access
+    ;; - "Imprudence 1.3.1" has no access
+    ; AllowedClients = ""
+
+    ;# {DeniedClients} {} {Bar (|) separated list of denied clients} {}
+    ;; Bar (|) separated list of viewers which may not gain access to the regions.
+    ;; One can use a Substring of the viewer name to disable only certain
+    ;; versions
+    ;; Example: Agent uses the viewer "Imprudence 1.3.2.0"
+    ;; - "Imprudence" has no access
+    ;; - "Imprudence 1.3" has no access
+    ;; - "Imprudence 1.3.1" has access
+    ; DeniedClients = ""
 
 [DatabaseService]
     ; PGSQL
@@ -482,23 +502,6 @@
     SRV_IMServerURI = "${Const|BaseURL}:${Const|PublicPort}"
     SRV_GroupsServerURI = "${Const|BaseURL}:${Const|PublicPort}"
 
-    ;; Regular expressions for controlling which client versions are accepted/denied.
-    ;; An empty string means nothing is checked.
-    ;;
-    ;; Example 1: allow only these 3 types of clients (any version of them)
-    ;; AllowedClients = "Imprudence|Hippo|Second Life"
-    ;;
-    ;; Example 2: allow all clients except these
-    ;; DeniedClients = "Twisted|Crawler|Cryolife|FuckLife|StreetLife|GreenLife|AntiLife|KORE-Phaze|Synlyfe|Purple Second Life|SecondLi |Emerald"
-    ;;
-    ;; Note that these are regular expressions, so every character counts.
-    ;; Also note that this is very weak security and should not be trusted as a reliable means
-    ;; for keeping bad clients out; modified clients can fake their identifiers.
-    ;;
-    ;;
-    ;AllowedClients = ""
-    ;DeniedClients = ""
-
     ;# {DSTZone} {} {Override Daylight Saving Time rules} {* none local} "America/Los_Angeles;Pacific Standard Time"
     ;; Viewers do not receive timezone information from the server - almost all (?) default to Pacific Standard Time
     ;; However, they do rely on the server to tell them whether it's Daylight Saving Time or not.
@@ -595,23 +598,6 @@
     ; If you run this gatekeeper server behind a proxy, set this to true
     ; HasProxy = false
 
-    ;; Regular expressions for controlling which client versions are accepted/denied.
-    ;; An empty string means nothing is checked.
-    ;;
-    ;; Example 1: allow only these 3 types of clients (any version of them)
-    ;; AllowedClients = "Imprudence|Hippo|Second Life"
-    ;;
-    ;; Example 2: allow all clients except these
-    ;; DeniedClients = "Twisted|Crawler|Cryolife|FuckLife|StreetLife|GreenLife|AntiLife|KORE-Phaze|Synlyfe|Purple Second Life|SecondLi |Emerald"
-    ;;
-    ;; Note that these are regular expressions, so every character counts.
-    ;; Also note that this is very weak security and should not be trusted as a reliable means
-    ;; for keeping bad clients out; modified clients can fake their identifiers.
-    ;;
-    ;;
-    ;AllowedClients = ""
-    ;DeniedClients = ""
-
     ;; Are foreign visitors allowed?
     ;ForeignAgentsAllowed = true
     ;;
diff --git a/bin/Robust.ini.example b/bin/Robust.ini.example
index 284e969..8d6496d 100644
--- a/bin/Robust.ini.example
+++ b/bin/Robust.ini.example
@@ -145,6 +145,27 @@
     ;ConsolePass = secret
     ;ConsolePort = 0
 
+[AccessControl]
+    ;# {AllowedClients} {} {Bar (|) separated list of allowed clients} {}
+    ;; Bar (|) separated list of viewers which may gain access to the regions.
+    ;; One can use a substring of the viewer name to enable only certain
+    ;; versions
+    ;; Example: Agent uses the viewer "Imprudence 1.3.2.0"
+    ;; - "Imprudence" has access
+    ;; - "Imprudence 1.3" has access
+    ;; - "Imprudence 1.3.1" has no access
+    ; AllowedClients = ""
+
+    ;# {DeniedClients} {} {Bar (|) separated list of denied clients} {}
+    ;; Bar (|) separated list of viewers which may not gain access to the regions.
+    ;; One can use a Substring of the viewer name to disable only certain
+    ;; versions
+    ;; Example: Agent uses the viewer "Imprudence 1.3.2.0"
+    ;; - "Imprudence" has no access
+    ;; - "Imprudence 1.3" has no access
+    ;; - "Imprudence 1.3.1" has access
+    ; DeniedClients = ""
+
 
 [DatabaseService]
     ; PGSQL
@@ -431,23 +452,6 @@
     ; If you run this login server behind a proxy, set this to true
     ; HasProxy = false
 
-    ;; Regular expressions for controlling which client versions are accepted/denied.
-    ;; An empty string means nothing is checked.
-    ;;
-    ;; Example 1: allow only these 3 types of clients (any version of them)
-    ;; AllowedClients = "Imprudence|Hippo|Second Life"
-    ;;
-    ;; Example 2: allow all clients except these
-    ;; DeniedClients = "Twisted|Crawler|Cryolife|FuckLife|StreetLife|GreenLife|AntiLife|KORE-Phaze|Synlyfe|Purple Second Life|SecondLi |Emerald"
-    ;;
-    ;; Note that these are regular expressions, so every character counts.
-    ;; Also note that this is very weak security and should not be trusted as a reliable means
-    ;; for keeping bad clients out; modified clients can fake their identifiers.
-    ;;
-    ;;
-    ;AllowedClients = ""
-    ;DeniedClients = ""
-
     ;# {DSTZone} {} {Override Daylight Saving Time rules} {* none local} "America/Los_Angeles;Pacific Standard Time"
     ;; Viewers do not listen to timezone sent by the server. They use Pacific Standard Time instead,
     ;; but rely on the server to calculate Daylight Saving Time. Sending another DST than US Pacific