From 48f4b32d7f23c2d7a52db355017c8b2bb57b55fa Mon Sep 17 00:00:00 2001 From: Diva Canto Date: Fri, 21 Sep 2012 21:03:14 -0700 Subject: More HG 2.0: access control at the Gatekeeper. \o/ --- .../Services/HypergridService/GatekeeperService.cs | 62 +++++++++++++++++++--- 1 file changed, 54 insertions(+), 8 deletions(-) (limited to 'OpenSim/Services/HypergridService/GatekeeperService.cs') diff --git a/OpenSim/Services/HypergridService/GatekeeperService.cs b/OpenSim/Services/HypergridService/GatekeeperService.cs index 47d22b9..0f7d7c6 100644 --- a/OpenSim/Services/HypergridService/GatekeeperService.cs +++ b/OpenSim/Services/HypergridService/GatekeeperService.cs @@ -58,9 +58,11 @@ namespace OpenSim.Services.HypergridService private static IUserAgentService m_UserAgentService; private static ISimulationService m_SimulationService; - protected string m_AllowedClients = string.Empty; - protected string m_DeniedClients = string.Empty; + private static string m_AllowedClients = string.Empty; + private static string m_DeniedClients = string.Empty; private static bool m_ForeignAgentsAllowed = true; + private static List m_ForeignsAllowedExceptions = new List(); + private static List m_ForeignsDisallowedExceptions = new List(); private static UUID m_ScopeID; private static bool m_AllowTeleportsToAnyRegion; @@ -113,6 +115,9 @@ namespace OpenSim.Services.HypergridService m_DeniedClients = serverConfig.GetString("DeniedClients", string.Empty); m_ForeignAgentsAllowed = serverConfig.GetBoolean("ForeignAgentsAllowed", true); + LoadDomainExceptionsFromConfig(serverConfig, "AllowExcept", m_ForeignsAllowedExceptions); + LoadDomainExceptionsFromConfig(serverConfig, "DisallowExcept", m_ForeignsDisallowedExceptions); + if (m_GridService == null || m_PresenceService == null || m_SimulationService == null) throw new Exception("Unable to load a required plugin, Gatekeeper Service cannot function."); @@ -125,6 +130,15 @@ namespace OpenSim.Services.HypergridService { } + protected void LoadDomainExceptionsFromConfig(IConfig config, string variable, List exceptions) + { + string value = config.GetString(variable, string.Empty); + string[] parts = value.Split(new char[] { ',' }, StringSplitOptions.RemoveEmptyEntries); + + foreach (string s in parts) + exceptions.Add(s.Trim()); + } + public bool LinkRegion(string regionName, out UUID regionID, out ulong regionHandle, out string externalName, out string imageURL, out string reason) { regionID = UUID.Zero; @@ -260,14 +274,25 @@ namespace OpenSim.Services.HypergridService m_log.DebugFormat("[GATEKEEPER SERVICE]: User is ok"); // - // Foreign agents allowed + // Foreign agents allowed? Exceptions? // - if (account == null && !m_ForeignAgentsAllowed) + if (account == null) { - reason = "Unauthorized"; - m_log.InfoFormat("[GATEKEEPER SERVICE]: Foreign agents are not permitted {0} {1}. Refusing service.", - aCircuit.firstname, aCircuit.lastname); - return false; + bool allowed = m_ForeignAgentsAllowed; + + if (m_ForeignAgentsAllowed && IsException(aCircuit, m_ForeignsAllowedExceptions)) + allowed = false; + + if (!m_ForeignAgentsAllowed && IsException(aCircuit, m_ForeignsDisallowedExceptions)) + allowed = true; + + if (!allowed) + { + reason = "Destination does not allow visitors from your world"; + m_log.InfoFormat("[GATEKEEPER SERVICE]: Foreign agents are not permitted {0} {1} @ {2}. Refusing service.", + aCircuit.firstname, aCircuit.lastname, aCircuit.ServiceURLs["HomeURI"]); + return false; + } } // May want to authorize @@ -393,6 +418,27 @@ namespace OpenSim.Services.HypergridService #region Misc + private bool IsException(AgentCircuitData aCircuit, List exceptions) + { + bool exception = false; + if (exceptions.Count > 0) // we have exceptions + { + // Retrieve the visitor's origin + string userURL = aCircuit.ServiceURLs["HomeURI"].ToString(); + if (!userURL.EndsWith("/")) + userURL += "/"; + + if (exceptions.Find(delegate(string s) + { + if (!s.EndsWith("/")) + s += "/"; + return s == userURL; + }) != null) + exception = true; + } + + return exception; + } #endregion } -- cgit v1.1 From 3c77b8f463a852aecf3cb29fe4e5f4614f474dbf Mon Sep 17 00:00:00 2001 From: Diva Canto Date: Wed, 26 Sep 2012 12:40:41 -0700 Subject: Use GridUser properly for foreign users. --- .../Services/HypergridService/GatekeeperService.cs | 31 +++++++++++++++++++--- 1 file changed, 27 insertions(+), 4 deletions(-) (limited to 'OpenSim/Services/HypergridService/GatekeeperService.cs') diff --git a/OpenSim/Services/HypergridService/GatekeeperService.cs b/OpenSim/Services/HypergridService/GatekeeperService.cs index 0f7d7c6..004311f 100644 --- a/OpenSim/Services/HypergridService/GatekeeperService.cs +++ b/OpenSim/Services/HypergridService/GatekeeperService.cs @@ -57,6 +57,7 @@ namespace OpenSim.Services.HypergridService private static IUserAccountService m_UserAccountService; private static IUserAgentService m_UserAgentService; private static ISimulationService m_SimulationService; + private static IGridUserService m_GridUserService; private static string m_AllowedClients = string.Empty; private static string m_DeniedClients = string.Empty; @@ -84,8 +85,9 @@ namespace OpenSim.Services.HypergridService string gridService = serverConfig.GetString("GridService", String.Empty); string presenceService = serverConfig.GetString("PresenceService", String.Empty); string simulationService = serverConfig.GetString("SimulationService", String.Empty); + string gridUserService = serverConfig.GetString("GridUserService", String.Empty); - // These 3 are mandatory, the others aren't + // These are mandatory, the others aren't if (gridService == string.Empty || presenceService == string.Empty) throw new Exception("Incomplete specifications, Gatekeeper Service cannot function."); @@ -105,6 +107,8 @@ namespace OpenSim.Services.HypergridService m_UserAccountService = ServerUtils.LoadPlugin(accountService, args); if (homeUsersService != string.Empty) m_UserAgentService = ServerUtils.LoadPlugin(homeUsersService, args); + if (gridUserService != string.Empty) + m_GridUserService = ServerUtils.LoadPlugin(gridUserService, args); if (simService != null) m_SimulationService = simService; @@ -295,8 +299,6 @@ namespace OpenSim.Services.HypergridService } } - // May want to authorize - bool isFirstLogin = false; // // Login the presence, if it's not there yet (by the login service) @@ -305,7 +307,8 @@ namespace OpenSim.Services.HypergridService if (presence != null) // it has been placed there by the login service isFirstLogin = true; - else + else + { if (!m_PresenceService.LoginAgent(aCircuit.AgentID.ToString(), aCircuit.SessionID, aCircuit.SecureSessionID)) { reason = "Unable to login presence"; @@ -315,6 +318,26 @@ namespace OpenSim.Services.HypergridService } m_log.DebugFormat("[GATEKEEPER SERVICE]: Login presence ok"); + // Also login foreigners with GridUser service + if (m_GridUserService != null && account == null) + { + string userId = aCircuit.AgentID.ToString(); + string first = aCircuit.firstname, last = aCircuit.lastname; + if (last.StartsWith("@")) + { + string[] parts = aCircuit.firstname.Split('.'); + if (parts.Length >= 2) + { + first = parts[0]; + last = parts[1]; + } + } + + userId += ";" + aCircuit.ServiceURLs["HomeURI"] + ";" + first + " " + last; + m_GridUserService.LoggedIn(userId); + } + } + // // Get the region // -- cgit v1.1