More HG 2.0: access control at the Gatekeeper. \o/

connector_plugin
Diva Canto 2012-09-21 21:03:14 -07:00
parent ebd99c9e3e
commit 48f4b32d7f
3 changed files with 76 additions and 9 deletions

View File

@ -58,9 +58,11 @@ namespace OpenSim.Services.HypergridService
private static IUserAgentService m_UserAgentService;
private static ISimulationService m_SimulationService;
protected string m_AllowedClients = string.Empty;
protected string m_DeniedClients = string.Empty;
private static string m_AllowedClients = string.Empty;
private static string m_DeniedClients = string.Empty;
private static bool m_ForeignAgentsAllowed = true;
private static List<string> m_ForeignsAllowedExceptions = new List<string>();
private static List<string> m_ForeignsDisallowedExceptions = new List<string>();
private static UUID m_ScopeID;
private static bool m_AllowTeleportsToAnyRegion;
@ -113,6 +115,9 @@ namespace OpenSim.Services.HypergridService
m_DeniedClients = serverConfig.GetString("DeniedClients", string.Empty);
m_ForeignAgentsAllowed = serverConfig.GetBoolean("ForeignAgentsAllowed", true);
LoadDomainExceptionsFromConfig(serverConfig, "AllowExcept", m_ForeignsAllowedExceptions);
LoadDomainExceptionsFromConfig(serverConfig, "DisallowExcept", m_ForeignsDisallowedExceptions);
if (m_GridService == null || m_PresenceService == null || m_SimulationService == null)
throw new Exception("Unable to load a required plugin, Gatekeeper Service cannot function.");
@ -125,6 +130,15 @@ namespace OpenSim.Services.HypergridService
{
}
protected void LoadDomainExceptionsFromConfig(IConfig config, string variable, List<string> exceptions)
{
string value = config.GetString(variable, string.Empty);
string[] parts = value.Split(new char[] { ',' }, StringSplitOptions.RemoveEmptyEntries);
foreach (string s in parts)
exceptions.Add(s.Trim());
}
public bool LinkRegion(string regionName, out UUID regionID, out ulong regionHandle, out string externalName, out string imageURL, out string reason)
{
regionID = UUID.Zero;
@ -260,14 +274,25 @@ namespace OpenSim.Services.HypergridService
m_log.DebugFormat("[GATEKEEPER SERVICE]: User is ok");
//
// Foreign agents allowed
// Foreign agents allowed? Exceptions?
//
if (account == null && !m_ForeignAgentsAllowed)
if (account == null)
{
reason = "Unauthorized";
m_log.InfoFormat("[GATEKEEPER SERVICE]: Foreign agents are not permitted {0} {1}. Refusing service.",
aCircuit.firstname, aCircuit.lastname);
return false;
bool allowed = m_ForeignAgentsAllowed;
if (m_ForeignAgentsAllowed && IsException(aCircuit, m_ForeignsAllowedExceptions))
allowed = false;
if (!m_ForeignAgentsAllowed && IsException(aCircuit, m_ForeignsDisallowedExceptions))
allowed = true;
if (!allowed)
{
reason = "Destination does not allow visitors from your world";
m_log.InfoFormat("[GATEKEEPER SERVICE]: Foreign agents are not permitted {0} {1} @ {2}. Refusing service.",
aCircuit.firstname, aCircuit.lastname, aCircuit.ServiceURLs["HomeURI"]);
return false;
}
}
// May want to authorize
@ -393,6 +418,27 @@ namespace OpenSim.Services.HypergridService
#region Misc
private bool IsException(AgentCircuitData aCircuit, List<string> exceptions)
{
bool exception = false;
if (exceptions.Count > 0) // we have exceptions
{
// Retrieve the visitor's origin
string userURL = aCircuit.ServiceURLs["HomeURI"].ToString();
if (!userURL.EndsWith("/"))
userURL += "/";
if (exceptions.Find(delegate(string s)
{
if (!s.EndsWith("/"))
s += "/";
return s == userURL;
}) != null)
exception = true;
}
return exception;
}
#endregion
}

View File

@ -396,6 +396,18 @@ ServiceConnectors = "8003/OpenSim.Server.Handlers.dll:AssetServiceConnector,8003
;AllowedClients = ""
;DeniedClients = ""
;; Are foreign visitors allowed?
;ForeignAgentsAllowed = true
;;
;; If ForeignAgentsAllowed is true, make exceptions using AllowExcept.
;; Leave blank or commented for no exceptions.
; AllowExcept = "http://griefer.com:8002, http://enemy.com:8002"
;;
;; If ForeignAgentsAllowed is false, make exceptions using DisallowExcept
;; Leave blank or commented for no exceptions.
; DisallowExcept = "http://myfriendgrid.com:8002, http://myboss.com:8002"
[UserAgentService]
LocalServiceModule = "OpenSim.Services.HypergridService.dll:UserAgentService"
;; for the service

View File

@ -164,8 +164,17 @@
;AllowedClients = ""
;DeniedClients = ""
;; Are foreign visitors allowed
;; Are foreign visitors allowed?
;ForeignAgentsAllowed = true
;;
;; If ForeignAgentsAllowed is true, make exceptions using AllowExcept.
;; Leave blank or commented for no exceptions.
; AllowExcept = "http://griefer.com:8002, http://enemy.com:8002"
;;
;; If ForeignAgentsAllowed is false, make exceptions using DisallowExcept
;; Leave blank or commented for no exceptions.
; DisallowExcept = "http://myfriendgrid.com:8002, http://myboss.com:8002"
[FreeswitchService]
;; If FreeSWITCH is not being used then you don't need to set any of these parameters