From 82ea4179da7ea32ea2efbd1cb209c77d5871b3fd Mon Sep 17 00:00:00 2001 From: Diva Canto Date: Sun, 6 Sep 2015 10:00:20 -0700 Subject: Clean up viewer-based access control specifications. --- OpenSim/Region/Framework/Scenes/Scene.cs | 10 ++-- .../Services/HypergridService/GatekeeperService.cs | 7 ++- OpenSim/Services/LLLoginService/LLLoginService.cs | 8 +++- bin/OpenSim.ini.example | 7 +-- bin/OpenSimDefaults.ini | 8 ++++ bin/Robust.HG.ini.example | 54 ++++++++-------------- bin/Robust.ini.example | 38 ++++++++------- 7 files changed, 71 insertions(+), 61 deletions(-) diff --git a/OpenSim/Region/Framework/Scenes/Scene.cs b/OpenSim/Region/Framework/Scenes/Scene.cs index 8c2f45e..dce2247 100755 --- a/OpenSim/Region/Framework/Scenes/Scene.cs +++ b/OpenSim/Region/Framework/Scenes/Scene.cs @@ -1051,11 +1051,11 @@ namespace OpenSim.Region.Framework.Scenes } } - string[] possibleAccessControlConfigSections = new string[] { "AccessControl", "Startup" }; + string[] possibleAccessControlConfigSections = new string[] { "Startup", "AccessControl"}; string grant = Util.GetConfigVarFromSections( - config, "AllowedClients", possibleAccessControlConfigSections, ""); + config, "AllowedClients", possibleAccessControlConfigSections, string.Empty); if (grant.Length > 0) { @@ -1067,7 +1067,11 @@ namespace OpenSim.Region.Framework.Scenes grant = Util.GetConfigVarFromSections( - config, "BannedClients", possibleAccessControlConfigSections, ""); + config, "DeniedClients", possibleAccessControlConfigSections, String.Empty); + // Deal with the mess of someone having used a different word at some point + if (grant == String.Empty) + grant = Util.GetConfigVarFromSections( + config, "BannedClients", possibleAccessControlConfigSections, String.Empty); if (grant.Length > 0) { diff --git a/OpenSim/Services/HypergridService/GatekeeperService.cs b/OpenSim/Services/HypergridService/GatekeeperService.cs index 44b26d5..87c6810 100644 --- a/OpenSim/Services/HypergridService/GatekeeperService.cs +++ b/OpenSim/Services/HypergridService/GatekeeperService.cs @@ -131,8 +131,11 @@ namespace OpenSim.Services.HypergridService else if (simulationService != string.Empty) m_SimulationService = ServerUtils.LoadPlugin(simulationService, args); - m_AllowedClients = serverConfig.GetString("AllowedClients", string.Empty); - m_DeniedClients = serverConfig.GetString("DeniedClients", string.Empty); + string[] possibleAccessControlConfigSections = new string[] { "AccessControl", "GatekeeperService" }; + m_AllowedClients = Util.GetConfigVarFromSections( + config, "AllowedClients", possibleAccessControlConfigSections, string.Empty); + m_DeniedClients = Util.GetConfigVarFromSections( + config, "DeniedClients", possibleAccessControlConfigSections, string.Empty); m_ForeignAgentsAllowed = serverConfig.GetBoolean("ForeignAgentsAllowed", true); LoadDomainExceptionsFromConfig(serverConfig, "AllowExcept", m_ForeignsAllowedExceptions); diff --git a/OpenSim/Services/LLLoginService/LLLoginService.cs b/OpenSim/Services/LLLoginService/LLLoginService.cs index d67bc4d..10c2e8c 100644 --- a/OpenSim/Services/LLLoginService/LLLoginService.cs +++ b/OpenSim/Services/LLLoginService/LLLoginService.cs @@ -123,8 +123,12 @@ namespace OpenSim.Services.LLLoginService m_DestinationGuide = m_LoginServerConfig.GetString ("DestinationGuide", string.Empty); m_AvatarPicker = m_LoginServerConfig.GetString ("AvatarPicker", string.Empty); - m_AllowedClients = m_LoginServerConfig.GetString("AllowedClients", string.Empty); - m_DeniedClients = m_LoginServerConfig.GetString("DeniedClients", string.Empty); + string[] possibleAccessControlConfigSections = new string[] { "AccessControl", "LoginService" }; + m_AllowedClients = Util.GetConfigVarFromSections( + config, "AllowedClients", possibleAccessControlConfigSections, string.Empty); + m_DeniedClients = Util.GetConfigVarFromSections( + config, "DeniedClients", possibleAccessControlConfigSections, string.Empty); + m_MessageUrl = m_LoginServerConfig.GetString("MessageUrl", string.Empty); m_DSTZone = m_LoginServerConfig.GetString("DSTZone", "America/Los_Angeles;Pacific Standard Time"); diff --git a/bin/OpenSim.ini.example b/bin/OpenSim.ini.example index 71e76db..f5268bd 100644 --- a/bin/OpenSim.ini.example +++ b/bin/OpenSim.ini.example @@ -308,9 +308,9 @@ ;; - "Imprudence" has access ;; - "Imprudence 1.3" has access ;; - "Imprudence 1.3.1" has no access - ; AllowedClients = + ; AllowedClients = "" - ;# {BannedClients} {} {Bar (|) separated list of banned clients} {} + ;# {DeniedClients} {} {Bar (|) separated list of denied clients} {} ;; Bar (|) separated list of viewers which may not gain access to the regions. ;; One can use a Substring of the viewer name to disable only certain ;; versions @@ -318,7 +318,8 @@ ;; - "Imprudence" has no access ;; - "Imprudence 1.3" has no access ;; - "Imprudence 1.3.1" has access - ; BannedClients = + ;; + ; DeniedClients = "" [Map] diff --git a/bin/OpenSimDefaults.ini b/bin/OpenSimDefaults.ini index c0c8134..963eeff 100644 --- a/bin/OpenSimDefaults.ini +++ b/bin/OpenSimDefaults.ini @@ -531,6 +531,14 @@ ; many simultaneous requests, default is 30 and is currently applied only to assets ;MaxRequestConcurrency = 30 +[AccessControl] + ; Viewer-based access control. |-separated list of allowed viewers. + ; AllowedClients = "" + + ; Viewer-based access control. |-separated list of denied viewers. + ; No restrictions by default. + ; DeniedClients = "" + [ClientStack.LindenUDP] ; Set this to true to process incoming packets asynchronously. Networking is diff --git a/bin/Robust.HG.ini.example b/bin/Robust.HG.ini.example index 36025d5..82eaf1f 100644 --- a/bin/Robust.HG.ini.example +++ b/bin/Robust.HG.ini.example @@ -184,6 +184,26 @@ ;; This is a default that can be overwritten in some sections. ; GatekeeperURI = "${Const|BaseURL}:${Const|PublicPort}" +[AccessControl] + ;# {AllowedClients} {} {Bar (|) separated list of allowed clients} {} + ;; Bar (|) separated list of viewers which may gain access to the regions. + ;; One can use a substring of the viewer name to enable only certain + ;; versions + ;; Example: Agent uses the viewer "Imprudence 1.3.2.0" + ;; - "Imprudence" has access + ;; - "Imprudence 1.3" has access + ;; - "Imprudence 1.3.1" has no access + ; AllowedClients = "" + + ;# {DeniedClients} {} {Bar (|) separated list of denied clients} {} + ;; Bar (|) separated list of viewers which may not gain access to the regions. + ;; One can use a Substring of the viewer name to disable only certain + ;; versions + ;; Example: Agent uses the viewer "Imprudence 1.3.2.0" + ;; - "Imprudence" has no access + ;; - "Imprudence 1.3" has no access + ;; - "Imprudence 1.3.1" has access + ; DeniedClients = "" [DatabaseService] ; PGSQL @@ -482,23 +502,6 @@ SRV_IMServerURI = "${Const|BaseURL}:${Const|PublicPort}" SRV_GroupsServerURI = "${Const|BaseURL}:${Const|PublicPort}" - ;; Regular expressions for controlling which client versions are accepted/denied. - ;; An empty string means nothing is checked. - ;; - ;; Example 1: allow only these 3 types of clients (any version of them) - ;; AllowedClients = "Imprudence|Hippo|Second Life" - ;; - ;; Example 2: allow all clients except these - ;; DeniedClients = "Twisted|Crawler|Cryolife|FuckLife|StreetLife|GreenLife|AntiLife|KORE-Phaze|Synlyfe|Purple Second Life|SecondLi |Emerald" - ;; - ;; Note that these are regular expressions, so every character counts. - ;; Also note that this is very weak security and should not be trusted as a reliable means - ;; for keeping bad clients out; modified clients can fake their identifiers. - ;; - ;; - ;AllowedClients = "" - ;DeniedClients = "" - ;# {DSTZone} {} {Override Daylight Saving Time rules} {* none local} "America/Los_Angeles;Pacific Standard Time" ;; Viewers do not receive timezone information from the server - almost all (?) default to Pacific Standard Time ;; However, they do rely on the server to tell them whether it's Daylight Saving Time or not. @@ -595,23 +598,6 @@ ; If you run this gatekeeper server behind a proxy, set this to true ; HasProxy = false - ;; Regular expressions for controlling which client versions are accepted/denied. - ;; An empty string means nothing is checked. - ;; - ;; Example 1: allow only these 3 types of clients (any version of them) - ;; AllowedClients = "Imprudence|Hippo|Second Life" - ;; - ;; Example 2: allow all clients except these - ;; DeniedClients = "Twisted|Crawler|Cryolife|FuckLife|StreetLife|GreenLife|AntiLife|KORE-Phaze|Synlyfe|Purple Second Life|SecondLi |Emerald" - ;; - ;; Note that these are regular expressions, so every character counts. - ;; Also note that this is very weak security and should not be trusted as a reliable means - ;; for keeping bad clients out; modified clients can fake their identifiers. - ;; - ;; - ;AllowedClients = "" - ;DeniedClients = "" - ;; Are foreign visitors allowed? ;ForeignAgentsAllowed = true ;; diff --git a/bin/Robust.ini.example b/bin/Robust.ini.example index 284e969..8d6496d 100644 --- a/bin/Robust.ini.example +++ b/bin/Robust.ini.example @@ -145,6 +145,27 @@ ;ConsolePass = secret ;ConsolePort = 0 +[AccessControl] + ;# {AllowedClients} {} {Bar (|) separated list of allowed clients} {} + ;; Bar (|) separated list of viewers which may gain access to the regions. + ;; One can use a substring of the viewer name to enable only certain + ;; versions + ;; Example: Agent uses the viewer "Imprudence 1.3.2.0" + ;; - "Imprudence" has access + ;; - "Imprudence 1.3" has access + ;; - "Imprudence 1.3.1" has no access + ; AllowedClients = "" + + ;# {DeniedClients} {} {Bar (|) separated list of denied clients} {} + ;; Bar (|) separated list of viewers which may not gain access to the regions. + ;; One can use a Substring of the viewer name to disable only certain + ;; versions + ;; Example: Agent uses the viewer "Imprudence 1.3.2.0" + ;; - "Imprudence" has no access + ;; - "Imprudence 1.3" has no access + ;; - "Imprudence 1.3.1" has access + ; DeniedClients = "" + [DatabaseService] ; PGSQL @@ -431,23 +452,6 @@ ; If you run this login server behind a proxy, set this to true ; HasProxy = false - ;; Regular expressions for controlling which client versions are accepted/denied. - ;; An empty string means nothing is checked. - ;; - ;; Example 1: allow only these 3 types of clients (any version of them) - ;; AllowedClients = "Imprudence|Hippo|Second Life" - ;; - ;; Example 2: allow all clients except these - ;; DeniedClients = "Twisted|Crawler|Cryolife|FuckLife|StreetLife|GreenLife|AntiLife|KORE-Phaze|Synlyfe|Purple Second Life|SecondLi |Emerald" - ;; - ;; Note that these are regular expressions, so every character counts. - ;; Also note that this is very weak security and should not be trusted as a reliable means - ;; for keeping bad clients out; modified clients can fake their identifiers. - ;; - ;; - ;AllowedClients = "" - ;DeniedClients = "" - ;# {DSTZone} {} {Override Daylight Saving Time rules} {* none local} "America/Los_Angeles;Pacific Standard Time" ;; Viewers do not listen to timezone sent by the server. They use Pacific Standard Time instead, ;; but rely on the server to calculate Daylight Saving Time. Sending another DST than US Pacific -- cgit v1.1