diff options
author | onefang | 2019-08-02 21:20:11 +1000 |
---|---|---|
committer | onefang | 2019-08-02 21:20:11 +1000 |
commit | 85fcb4e75c94ff7b5b45609826df5113f32aacc0 (patch) | |
tree | b34fa5ce80e228850c1548b9ba210e6836558c2e /OpenSim | |
parent | Bump sim ports up by 2 when creating, coz 5 is silly. (diff) | |
download | opensim-SC_OLD-85fcb4e75c94ff7b5b45609826df5113f32aacc0.zip opensim-SC_OLD-85fcb4e75c94ff7b5b45609826df5113f32aacc0.tar.gz opensim-SC_OLD-85fcb4e75c94ff7b5b45609826df5113f32aacc0.tar.bz2 opensim-SC_OLD-85fcb4e75c94ff7b5b45609826df5113f32aacc0.tar.xz |
Another attempt at sorting out the auto group chicken and egg problems.
Are you a local? Asking for a friend.
Diffstat (limited to '')
7 files changed, 33 insertions, 16 deletions
diff --git a/OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/AuthorizationService.cs b/OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/AuthorizationService.cs index 2e06bc8..c910422 100644 --- a/OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/AuthorizationService.cs +++ b/OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/AuthorizationService.cs | |||
@@ -88,8 +88,11 @@ namespace OpenSim.Region.CoreModules.ServiceConnectorsOut.Authorization | |||
88 | } | 88 | } |
89 | 89 | ||
90 | public bool IsAuthorizedForRegion( | 90 | public bool IsAuthorizedForRegion( |
91 | string user, string firstName, string lastName, string regionID, out string message) | 91 | string user, string firstName, string lastName, string regionID, out string message, out bool isLocal) |
92 | { | 92 | { |
93 | UUID userID = new UUID(user); | ||
94 | isLocal = m_UserManagement.IsLocalGridUser(userID); | ||
95 | |||
93 | // This should not happen | 96 | // This should not happen |
94 | if (m_Scene.RegionInfo.RegionID.ToString() != regionID) | 97 | if (m_Scene.RegionInfo.RegionID.ToString() != regionID) |
95 | { | 98 | { |
@@ -105,11 +108,10 @@ namespace OpenSim.Region.CoreModules.ServiceConnectorsOut.Authorization | |||
105 | return true; | 108 | return true; |
106 | } | 109 | } |
107 | 110 | ||
108 | UUID userID = new UUID(user); | ||
109 | 111 | ||
110 | if ((m_accessValue & AccessFlags.DisallowForeigners) != 0) | 112 | if ((m_accessValue & AccessFlags.DisallowForeigners) != 0) |
111 | { | 113 | { |
112 | if (!m_UserManagement.IsLocalGridUser(userID)) | 114 | if (!isLocal) |
113 | { | 115 | { |
114 | message = "No foreign users allowed in this region"; | 116 | message = "No foreign users allowed in this region"; |
115 | return false; | 117 | return false; |
diff --git a/OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/LocalAuthorizationServiceConnector.cs b/OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/LocalAuthorizationServiceConnector.cs index 0be0676..b2be907 100644 --- a/OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/LocalAuthorizationServiceConnector.cs +++ b/OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/LocalAuthorizationServiceConnector.cs | |||
@@ -114,13 +114,14 @@ namespace OpenSim.Region.CoreModules.ServiceConnectorsOut.Authorization | |||
114 | } | 114 | } |
115 | 115 | ||
116 | public bool IsAuthorizedForRegion( | 116 | public bool IsAuthorizedForRegion( |
117 | string userID, string firstName, string lastName, string regionID, out string message) | 117 | string userID, string firstName, string lastName, string regionID, out string message, out bool isLocal) |
118 | { | 118 | { |
119 | message = ""; | 119 | message = ""; |
120 | isLocal = false; | ||
120 | if (!m_Enabled) | 121 | if (!m_Enabled) |
121 | return true; | 122 | return true; |
122 | 123 | ||
123 | return m_AuthorizationService.IsAuthorizedForRegion(userID, firstName, lastName, regionID, out message); | 124 | return m_AuthorizationService.IsAuthorizedForRegion(userID, firstName, lastName, regionID, out message, out isLocal); |
124 | } | 125 | } |
125 | } | 126 | } |
126 | } \ No newline at end of file | 127 | } \ No newline at end of file |
diff --git a/OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/RemoteAuthorizationServiceConnector.cs b/OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/RemoteAuthorizationServiceConnector.cs index f312b0d..3df3288 100644 --- a/OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/RemoteAuthorizationServiceConnector.cs +++ b/OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/RemoteAuthorizationServiceConnector.cs | |||
@@ -120,7 +120,7 @@ namespace OpenSim.Region.CoreModules.ServiceConnectorsOut.Authorization | |||
120 | } | 120 | } |
121 | 121 | ||
122 | public bool IsAuthorizedForRegion( | 122 | public bool IsAuthorizedForRegion( |
123 | string userID, string firstName, string lastName, string regionID, out string message) | 123 | string userID, string firstName, string lastName, string regionID, out string message, out bool isLocal) |
124 | { | 124 | { |
125 | m_log.InfoFormat( | 125 | m_log.InfoFormat( |
126 | "[REMOTE AUTHORIZATION CONNECTOR]: IsAuthorizedForRegion checking {0} for region {1}", userID, regionID); | 126 | "[REMOTE AUTHORIZATION CONNECTOR]: IsAuthorizedForRegion checking {0} for region {1}", userID, regionID); |
@@ -141,6 +141,7 @@ namespace OpenSim.Region.CoreModules.ServiceConnectorsOut.Authorization | |||
141 | } | 141 | } |
142 | } | 142 | } |
143 | 143 | ||
144 | isLocal = false; | ||
144 | if (scene != null) | 145 | if (scene != null) |
145 | { | 146 | { |
146 | string mail = String.Empty; | 147 | string mail = String.Empty; |
@@ -153,6 +154,7 @@ namespace OpenSim.Region.CoreModules.ServiceConnectorsOut.Authorization | |||
153 | mail = account.Email; | 154 | mail = account.Email; |
154 | firstName = account.FirstName; | 155 | firstName = account.FirstName; |
155 | lastName = account.LastName; | 156 | lastName = account.LastName; |
157 | isLocal = true; | ||
156 | } | 158 | } |
157 | 159 | ||
158 | isAuthorized | 160 | isAuthorized |
diff --git a/OpenSim/Region/Framework/Scenes/Scene.cs b/OpenSim/Region/Framework/Scenes/Scene.cs index ba08aab..fcfa448 100644 --- a/OpenSim/Region/Framework/Scenes/Scene.cs +++ b/OpenSim/Region/Framework/Scenes/Scene.cs | |||
@@ -4351,6 +4351,7 @@ namespace OpenSim.Region.Framework.Scenes | |||
4351 | protected virtual bool AuthorizeUser(AgentCircuitData agent, bool bypassAccessControl, out string reason) | 4351 | protected virtual bool AuthorizeUser(AgentCircuitData agent, bool bypassAccessControl, out string reason) |
4352 | { | 4352 | { |
4353 | reason = String.Empty; | 4353 | reason = String.Empty; |
4354 | bool isLocal = false; | ||
4354 | 4355 | ||
4355 | if (!m_strictAccessControl) | 4356 | if (!m_strictAccessControl) |
4356 | return true; | 4357 | return true; |
@@ -4360,7 +4361,7 @@ namespace OpenSim.Region.Framework.Scenes | |||
4360 | if (AuthorizationService != null) | 4361 | if (AuthorizationService != null) |
4361 | { | 4362 | { |
4362 | if (!AuthorizationService.IsAuthorizedForRegion( | 4363 | if (!AuthorizationService.IsAuthorizedForRegion( |
4363 | agent.AgentID.ToString(), agent.firstname, agent.lastname, RegionInfo.RegionID.ToString(), out reason)) | 4364 | agent.AgentID.ToString(), agent.firstname, agent.lastname, RegionInfo.RegionID.ToString(), out reason, out isLocal)) |
4364 | { | 4365 | { |
4365 | m_log.WarnFormat("[CONNECTION BEGIN]: Denied access to: {0} ({1} {2}) at {3} because: {4}", | 4366 | m_log.WarnFormat("[CONNECTION BEGIN]: Denied access to: {0} ({1} {2}) at {3} because: {4}", |
4366 | agent.AgentID, agent.firstname, agent.lastname, RegionInfo.RegionName, reason); | 4367 | agent.AgentID, agent.firstname, agent.lastname, RegionInfo.RegionName, reason); |
@@ -4403,15 +4404,24 @@ namespace OpenSim.Region.Framework.Scenes | |||
4403 | for(int i = 0;i < GroupMembership.Length;i++) | 4404 | for(int i = 0;i < GroupMembership.Length;i++) |
4404 | agentGroups.Add(GroupMembership[i].GroupID); | 4405 | agentGroups.Add(GroupMembership[i].GroupID); |
4405 | // We get called twice, the first time the name is set to a single space. | 4406 | // We get called twice, the first time the name is set to a single space. |
4407 | // The first time is from QueryAccess(), the second from NewUserConnection() | ||
4406 | // if (" " != agent.Name) | 4408 | // if (" " != agent.Name) |
4407 | { | 4409 | { |
4408 | string grid = "local"; | 4410 | string grid = ""; |
4409 | // agent.AgentID could look like this - @grid.com:8002 01234567-89ab-cdef-0123-456789abcdef | 4411 | if (isLocal) |
4410 | string a = agent.AgentID.ToString(); | ||
4411 | if ("@" == a.Substring(0, 1)) | ||
4412 | { | 4412 | { |
4413 | grid = a.Split(':')[0].Substring(1); | 4413 | grid = "local"; |
4414 | m_log.InfoFormat("[CONNECTION BEGIN]: HYPERGRID agent {0} from grid {1}, checking auto groups.", agent.AgentID, grid); | 4414 | m_log.InfoFormat("[CONNECTION BEGIN]: LOCAL agent {0}, checking auto groups.", agent.AgentID); |
4415 | } | ||
4416 | else | ||
4417 | { | ||
4418 | // agent.AgentID could look like this - @grid.com:8002 01234567-89ab-cdef-0123-456789abcdef | ||
4419 | string a = agent.AgentID.ToString(); | ||
4420 | if ("@" == a.Substring(0, 1)) | ||
4421 | { | ||
4422 | grid = a.Split(':')[0].Substring(1); | ||
4423 | m_log.InfoFormat("[CONNECTION BEGIN]: HYPERGRID agent {0} from grid {1}, checking auto groups.", agent.AgentID, grid); | ||
4424 | } | ||
4415 | } | 4425 | } |
4416 | string[] groupIDs = null; | 4426 | string[] groupIDs = null; |
4417 | try | 4427 | try |
diff --git a/OpenSim/Server/Handlers/Authorization/AuthorizationServerPostHandler.cs b/OpenSim/Server/Handlers/Authorization/AuthorizationServerPostHandler.cs index 310a542..07e09bc 100644 --- a/OpenSim/Server/Handlers/Authorization/AuthorizationServerPostHandler.cs +++ b/OpenSim/Server/Handlers/Authorization/AuthorizationServerPostHandler.cs | |||
@@ -61,7 +61,8 @@ namespace OpenSim.Server.Handlers.Authorization | |||
61 | AuthorizationRequest Authorization = (AuthorizationRequest) xs.Deserialize(request); | 61 | AuthorizationRequest Authorization = (AuthorizationRequest) xs.Deserialize(request); |
62 | 62 | ||
63 | string message = String.Empty; | 63 | string message = String.Empty; |
64 | bool authorized = m_AuthorizationService.IsAuthorizedForRegion(Authorization.ID, Authorization.FirstName, Authorization.SurName, Authorization.RegionID, out message); | 64 | bool isLocal = false; |
65 | bool authorized = m_AuthorizationService.IsAuthorizedForRegion(Authorization.ID, Authorization.FirstName, Authorization.SurName, Authorization.RegionID, out message, out isLocal); | ||
65 | 66 | ||
66 | AuthorizationResponse result = new AuthorizationResponse(authorized, Authorization.ID + " has been authorized"); | 67 | AuthorizationResponse result = new AuthorizationResponse(authorized, Authorization.ID + " has been authorized"); |
67 | 68 | ||
diff --git a/OpenSim/Services/AuthorizationService/AuthorizationService.cs b/OpenSim/Services/AuthorizationService/AuthorizationService.cs index 03da6e1..2fe43e7 100644 --- a/OpenSim/Services/AuthorizationService/AuthorizationService.cs +++ b/OpenSim/Services/AuthorizationService/AuthorizationService.cs | |||
@@ -49,9 +49,10 @@ namespace OpenSim.Services.AuthorizationService | |||
49 | } | 49 | } |
50 | 50 | ||
51 | public bool IsAuthorizedForRegion( | 51 | public bool IsAuthorizedForRegion( |
52 | string userID, string firstName, string lastName, string regionID, out string message) | 52 | string userID, string firstName, string lastName, string regionID, out string message, out bool isLocal) |
53 | { | 53 | { |
54 | message = "Authorized"; | 54 | message = "Authorized"; |
55 | isLocal = true; | ||
55 | return true; | 56 | return true; |
56 | } | 57 | } |
57 | } | 58 | } |
diff --git a/OpenSim/Services/Interfaces/IAuthorizationService.cs b/OpenSim/Services/Interfaces/IAuthorizationService.cs index d4c697a..1974234 100644 --- a/OpenSim/Services/Interfaces/IAuthorizationService.cs +++ b/OpenSim/Services/Interfaces/IAuthorizationService.cs | |||
@@ -48,7 +48,7 @@ namespace OpenSim.Services.Interfaces | |||
48 | /// <param name="message"></param> | 48 | /// <param name="message"></param> |
49 | /// <returns></returns> | 49 | /// <returns></returns> |
50 | bool IsAuthorizedForRegion( | 50 | bool IsAuthorizedForRegion( |
51 | string userID, string firstName, string lastName, string regionID, out string message); | 51 | string userID, string firstName, string lastName, string regionID, out string message, out bool isLocal); |
52 | } | 52 | } |
53 | 53 | ||
54 | public class AuthorizationRequest | 54 | public class AuthorizationRequest |