aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/OpenSim
diff options
context:
space:
mode:
authorJustin Clark-Casey (justincc)2011-07-23 03:46:55 +0100
committerJustin Clark-Casey (justincc)2011-07-23 03:48:53 +0100
commit504de8bc4792eda165d71a2c7481cb43cb92759a (patch)
tree3206f651448b2a9ef0fae5b210ae4f35d1b6730d /OpenSim
parentChange default AllowScriptCrossings config setting to true. (diff)
downloadopensim-SC_OLD-504de8bc4792eda165d71a2c7481cb43cb92759a.zip
opensim-SC_OLD-504de8bc4792eda165d71a2c7481cb43cb92759a.tar.gz
opensim-SC_OLD-504de8bc4792eda165d71a2c7481cb43cb92759a.tar.bz2
opensim-SC_OLD-504de8bc4792eda165d71a2c7481cb43cb92759a.tar.xz
Pass the first name and last name from the agent circuit data to the authorization service rather than from the account.
This is to accomodate situations where the authorization service is being used by the hypergrid, where visitors have no user account. See http://opensimulator.org/mantis/view.php?id=5517, this code is somewhat adapted/cleaned up from Michelle's patch I'm a little ambivalent about this since visitors could put anything in firstname/lastname so it's not much of an auth measure. It's up to the auth service to decide which data it actually uses. Possibly we should be passing through other info such as agent circuit ip
Diffstat (limited to 'OpenSim')
-rw-r--r--OpenSim/Framework/TaskInventoryDictionary.cs2
-rw-r--r--OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/LocalAuthorizationServiceConnector.cs17
-rw-r--r--OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/RemoteAuthorizationServiceConnector.cs24
-rw-r--r--OpenSim/Region/Framework/Scenes/Scene.cs5
-rw-r--r--OpenSim/Server/Handlers/Authorization/AuthorizationServerPostHandler.cs2
-rw-r--r--OpenSim/Services/AuthorizationService/AuthorizationService.cs5
-rw-r--r--OpenSim/Services/Interfaces/IAuthorizationService.cs32
7 files changed, 50 insertions, 37 deletions
diff --git a/OpenSim/Framework/TaskInventoryDictionary.cs b/OpenSim/Framework/TaskInventoryDictionary.cs
index 25ae6b0..421bd5d 100644
--- a/OpenSim/Framework/TaskInventoryDictionary.cs
+++ b/OpenSim/Framework/TaskInventoryDictionary.cs
@@ -59,7 +59,7 @@ namespace OpenSim.Framework
59 clone.Add(uuid, (TaskInventoryItem) this[uuid].Clone()); 59 clone.Add(uuid, (TaskInventoryItem) this[uuid].Clone());
60 } 60 }
61 } 61 }
62 62
63 return clone; 63 return clone;
64 } 64 }
65 65
diff --git a/OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/LocalAuthorizationServiceConnector.cs b/OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/LocalAuthorizationServiceConnector.cs
index 85a1ac3..18a7177 100644
--- a/OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/LocalAuthorizationServiceConnector.cs
+++ b/OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/LocalAuthorizationServiceConnector.cs
@@ -39,8 +39,7 @@ using OpenMetaverse;
39 39
40namespace OpenSim.Region.CoreModules.ServiceConnectorsOut.Authorization 40namespace OpenSim.Region.CoreModules.ServiceConnectorsOut.Authorization
41{ 41{
42 public class LocalAuthorizationServicesConnector : 42 public class LocalAuthorizationServicesConnector : ISharedRegionModule, IAuthorizationService
43 ISharedRegionModule, IAuthorizationService
44 { 43 {
45 private static readonly ILog m_log = 44 private static readonly ILog m_log =
46 LogManager.GetLogger( 45 LogManager.GetLogger(
@@ -127,15 +126,15 @@ namespace OpenSim.Region.CoreModules.ServiceConnectorsOut.Authorization
127 if (!m_Enabled) 126 if (!m_Enabled)
128 return; 127 return;
129 128
130 m_log.InfoFormat("[AUTHORIZATION CONNECTOR]: Enabled local authorization for region {0}", scene.RegionInfo.RegionName); 129 m_log.InfoFormat(
131 130 "[AUTHORIZATION CONNECTOR]: Enabled local authorization for region {0}",
132 131 scene.RegionInfo.RegionName);
133 } 132 }
134 133
135 public bool IsAuthorizedForRegion(string userID, string regionID, out string message) 134 public bool IsAuthorizedForRegion(
135 string userID, string firstName, string lastName, string regionID, out string message)
136 { 136 {
137 return m_AuthorizationService.IsAuthorizedForRegion(userID, regionID, out message); 137 return m_AuthorizationService.IsAuthorizedForRegion(userID, firstName, lastName, regionID, out message);
138 } 138 }
139
140 } 139 }
141} 140} \ No newline at end of file
diff --git a/OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/RemoteAuthorizationServiceConnector.cs b/OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/RemoteAuthorizationServiceConnector.cs
index 66994fa..5fa27b8 100644
--- a/OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/RemoteAuthorizationServiceConnector.cs
+++ b/OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/RemoteAuthorizationServiceConnector.cs
@@ -117,12 +117,15 @@ namespace OpenSim.Region.CoreModules.ServiceConnectorsOut.Authorization
117 117
118 } 118 }
119 119
120 public bool IsAuthorizedForRegion(string userID, string regionID, out string message) 120 public bool IsAuthorizedForRegion(
121 string userID, string firstName, string lastName, string regionID, out string message)
121 { 122 {
122 m_log.InfoFormat("[REMOTE AUTHORIZATION CONNECTOR]: IsAuthorizedForRegion checking {0} for region {1}", userID, regionID); 123 m_log.InfoFormat(
124 "[REMOTE AUTHORIZATION CONNECTOR]: IsAuthorizedForRegion checking {0} for region {1}", userID, regionID);
123 125
124 bool isAuthorized = true; 126 bool isAuthorized = true;
125 message = String.Empty; 127 message = String.Empty;
128 string mail = String.Empty;
126 129
127 // get the scene this call is being made for 130 // get the scene this call is being made for
128 Scene scene = null; 131 Scene scene = null;
@@ -140,17 +143,22 @@ namespace OpenSim.Region.CoreModules.ServiceConnectorsOut.Authorization
140 if (scene != null) 143 if (scene != null)
141 { 144 {
142 UserAccount account = scene.UserAccountService.GetUserAccount(UUID.Zero, new UUID(userID)); 145 UserAccount account = scene.UserAccountService.GetUserAccount(UUID.Zero, new UUID(userID));
143 isAuthorized = IsAuthorizedForRegion(userID, account.FirstName, account.LastName, 146
144 account.Email, scene.RegionInfo.RegionName, regionID, out message); 147 if (account != null)
148 mail = account.Email;
149
150 isAuthorized
151 = IsAuthorizedForRegion(
152 userID, firstName, lastName, account.Email, scene.RegionInfo.RegionName, regionID, out message);
145 } 153 }
146 else 154 else
147 { 155 {
148 m_log.ErrorFormat("[REMOTE AUTHORIZATION CONNECTOR] IsAuthorizedForRegion, can't find scene to match region id of {0} ",regionID); 156 m_log.ErrorFormat(
157 "[REMOTE AUTHORIZATION CONNECTOR] IsAuthorizedForRegion, can't find scene to match region id of {0}",
158 regionID);
149 } 159 }
150 160
151
152 return isAuthorized; 161 return isAuthorized;
153
154 } 162 }
155 } 163 }
156} 164} \ No newline at end of file
diff --git a/OpenSim/Region/Framework/Scenes/Scene.cs b/OpenSim/Region/Framework/Scenes/Scene.cs
index 32a2887..1a32510 100644
--- a/OpenSim/Region/Framework/Scenes/Scene.cs
+++ b/OpenSim/Region/Framework/Scenes/Scene.cs
@@ -3553,11 +3553,12 @@ namespace OpenSim.Region.Framework.Scenes
3553 3553
3554 if (AuthorizationService != null) 3554 if (AuthorizationService != null)
3555 { 3555 {
3556 if (!AuthorizationService.IsAuthorizedForRegion(agent.AgentID.ToString(), RegionInfo.RegionID.ToString(),out reason)) 3556 if (!AuthorizationService.IsAuthorizedForRegion(
3557 agent.AgentID.ToString(), agent.firstname, agent.lastname, RegionInfo.RegionID.ToString(), out reason))
3557 { 3558 {
3558 m_log.WarnFormat("[CONNECTION BEGIN]: Denied access to: {0} ({1} {2}) at {3} because the user does not have access to the region", 3559 m_log.WarnFormat("[CONNECTION BEGIN]: Denied access to: {0} ({1} {2}) at {3} because the user does not have access to the region",
3559 agent.AgentID, agent.firstname, agent.lastname, RegionInfo.RegionName); 3560 agent.AgentID, agent.firstname, agent.lastname, RegionInfo.RegionName);
3560 //reason = String.Format("You are not currently on the access list for {0}",RegionInfo.RegionName); 3561
3561 return false; 3562 return false;
3562 } 3563 }
3563 } 3564 }
diff --git a/OpenSim/Server/Handlers/Authorization/AuthorizationServerPostHandler.cs b/OpenSim/Server/Handlers/Authorization/AuthorizationServerPostHandler.cs
index f987de4..d656238 100644
--- a/OpenSim/Server/Handlers/Authorization/AuthorizationServerPostHandler.cs
+++ b/OpenSim/Server/Handlers/Authorization/AuthorizationServerPostHandler.cs
@@ -61,7 +61,7 @@ namespace OpenSim.Server.Handlers.Authorization
61 AuthorizationRequest Authorization = (AuthorizationRequest) xs.Deserialize(request); 61 AuthorizationRequest Authorization = (AuthorizationRequest) xs.Deserialize(request);
62 62
63 string message = String.Empty; 63 string message = String.Empty;
64 bool authorized = m_AuthorizationService.IsAuthorizedForRegion(Authorization.ID, Authorization.RegionID,out message); 64 bool authorized = m_AuthorizationService.IsAuthorizedForRegion(Authorization.ID, Authorization.FirstName, Authorization.SurName, Authorization.RegionID, out message);
65 65
66 AuthorizationResponse result = new AuthorizationResponse(authorized, Authorization.ID + " has been authorized"); 66 AuthorizationResponse result = new AuthorizationResponse(authorized, Authorization.ID + " has been authorized");
67 67
diff --git a/OpenSim/Services/AuthorizationService/AuthorizationService.cs b/OpenSim/Services/AuthorizationService/AuthorizationService.cs
index d658368..03da6e1 100644
--- a/OpenSim/Services/AuthorizationService/AuthorizationService.cs
+++ b/OpenSim/Services/AuthorizationService/AuthorizationService.cs
@@ -48,10 +48,11 @@ namespace OpenSim.Services.AuthorizationService
48 m_log.Info("[AUTHORIZATION CONNECTOR]: Local Authorization service enabled"); 48 m_log.Info("[AUTHORIZATION CONNECTOR]: Local Authorization service enabled");
49 } 49 }
50 50
51 public bool IsAuthorizedForRegion(string userID, string regionID, out string message) 51 public bool IsAuthorizedForRegion(
52 string userID, string firstName, string lastName, string regionID, out string message)
52 { 53 {
53 message = "Authorized"; 54 message = "Authorized";
54 return true; 55 return true;
55 } 56 }
56 } 57 }
57} 58} \ No newline at end of file
diff --git a/OpenSim/Services/Interfaces/IAuthorizationService.cs b/OpenSim/Services/Interfaces/IAuthorizationService.cs
index c5d577a..e5c68f6 100644
--- a/OpenSim/Services/Interfaces/IAuthorizationService.cs
+++ b/OpenSim/Services/Interfaces/IAuthorizationService.cs
@@ -34,14 +34,21 @@ namespace OpenSim.Services.Interfaces
34 34
35 public interface IAuthorizationService 35 public interface IAuthorizationService
36 { 36 {
37 ////////////////////////////////////////////////////// 37 /// <summary>
38 // Authorized 38 /// Check whether the user should be given access to the region.
39 // 39 /// </summary>
40 // This method returns a simple true false indicating 40 /// <remarks>
41 // whether or not a user has access to the region 41 /// We also supply user first name and last name for situations where the user does not have an account
42 // 42 /// on the region (e.g. they're a visitor via Hypergrid).
43 bool IsAuthorizedForRegion(string userID, string regionID, out string message); 43 /// </remarks>
44 44 /// <param name="userID"></param>
45 /// <param name="firstName">/param>
46 /// <param name="lastName"></param>
47 /// <param name="regionID"></param>
48 /// <param name="message"></param>
49 /// <returns></returns>
50 bool IsAuthorizedForRegion(
51 string userID, string firstName, string lastName, string regionID, out string message);
45 } 52 }
46 53
47 public class AuthorizationRequest 54 public class AuthorizationRequest
@@ -63,7 +70,8 @@ namespace OpenSim.Services.Interfaces
63 m_regionID = RegionID; 70 m_regionID = RegionID;
64 } 71 }
65 72
66 public AuthorizationRequest(string ID,string FirstName, string SurName, string Email, string RegionName, string RegionID) 73 public AuthorizationRequest(
74 string ID, string FirstName, string SurName, string Email, string RegionName, string RegionID)
67 { 75 {
68 m_userID = ID; 76 m_userID = ID;
69 m_firstname = FirstName; 77 m_firstname = FirstName;
@@ -108,9 +116,6 @@ namespace OpenSim.Services.Interfaces
108 get { return m_regionID; } 116 get { return m_regionID; }
109 set { m_regionID = value; } 117 set { m_regionID = value; }
110 } 118 }
111
112
113
114 } 119 }
115 120
116 public class AuthorizationResponse 121 public class AuthorizationResponse
@@ -126,7 +131,6 @@ namespace OpenSim.Services.Interfaces
126 { 131 {
127 m_isAuthorized = isAuthorized; 132 m_isAuthorized = isAuthorized;
128 m_message = message; 133 m_message = message;
129
130 } 134 }
131 135
132 public bool IsAuthorized 136 public bool IsAuthorized
@@ -141,4 +145,4 @@ namespace OpenSim.Services.Interfaces
141 set { m_message = value; } 145 set { m_message = value; }
142 } 146 }
143 } 147 }
144} 148} \ No newline at end of file