More HG 2.0: access control at the Gatekeeper. \o/

OpenSim/Services/HypergridService/GatekeeperService.cs

@@ -58,9 +58,11 @@ namespace OpenSim.Services.HypergridService
         private static IUserAgentService m_UserAgentService;
         private static ISimulationService m_SimulationService;
 
-        protected string m_AllowedClients = string.Empty;
+        private static string m_AllowedClients = string.Empty;
-        protected string m_DeniedClients = string.Empty;
+        private static string m_DeniedClients = string.Empty;
         private static bool m_ForeignAgentsAllowed = true;
+        private static List<string> m_ForeignsAllowedExceptions = new List<string>();
+        private static List<string> m_ForeignsDisallowedExceptions = new List<string>();
 
         private static UUID m_ScopeID;
         private static bool m_AllowTeleportsToAnyRegion;
@@ -113,6 +115,9 @@ namespace OpenSim.Services.HypergridService
                 m_DeniedClients = serverConfig.GetString("DeniedClients", string.Empty);
                 m_ForeignAgentsAllowed = serverConfig.GetBoolean("ForeignAgentsAllowed", true);
 
+                LoadDomainExceptionsFromConfig(serverConfig, "AllowExcept", m_ForeignsAllowedExceptions);
+                LoadDomainExceptionsFromConfig(serverConfig, "DisallowExcept", m_ForeignsDisallowedExceptions);
+
                 if (m_GridService == null || m_PresenceService == null || m_SimulationService == null)
                     throw new Exception("Unable to load a required plugin, Gatekeeper Service cannot function.");
 
@@ -125,6 +130,15 @@ namespace OpenSim.Services.HypergridService
         {
         }
 
+        protected void LoadDomainExceptionsFromConfig(IConfig config, string variable, List<string> exceptions)
+        {
+            string value = config.GetString(variable, string.Empty);
+            string[] parts = value.Split(new char[] { ',' }, StringSplitOptions.RemoveEmptyEntries);
+
+            foreach (string s in parts)
+                exceptions.Add(s.Trim());
+        }
+
         public bool LinkRegion(string regionName, out UUID regionID, out ulong regionHandle, out string externalName, out string imageURL, out string reason)
         {
             regionID = UUID.Zero;
@@ -260,14 +274,25 @@ namespace OpenSim.Services.HypergridService
             m_log.DebugFormat("[GATEKEEPER SERVICE]: User is ok");
 
             //
-            // Foreign agents allowed
+            // Foreign agents allowed? Exceptions?
             //
-            if (account == null && !m_ForeignAgentsAllowed)
+            if (account == null) 
             {
-                reason = "Unauthorized";
+                bool allowed = m_ForeignAgentsAllowed;
-                m_log.InfoFormat("[GATEKEEPER SERVICE]: Foreign agents are not permitted {0} {1}. Refusing service.",
+
-                    aCircuit.firstname, aCircuit.lastname);
+                if (m_ForeignAgentsAllowed && IsException(aCircuit, m_ForeignsAllowedExceptions))
-                return false;
+                        allowed = false;
+
+                if (!m_ForeignAgentsAllowed && IsException(aCircuit, m_ForeignsDisallowedExceptions))
+                    allowed = true;
+
+                if (!allowed)
+                {
+                    reason = "Destination does not allow visitors from your world";
+                    m_log.InfoFormat("[GATEKEEPER SERVICE]: Foreign agents are not permitted {0} {1} @ {2}. Refusing service.",
+                        aCircuit.firstname, aCircuit.lastname, aCircuit.ServiceURLs["HomeURI"]);
+                    return false;
+                }
             }
 
             // May want to authorize
@@ -393,6 +418,27 @@ namespace OpenSim.Services.HypergridService
 
         #region Misc
 
+        private bool IsException(AgentCircuitData aCircuit, List<string> exceptions)
+        {
+            bool exception = false;
+            if (exceptions.Count > 0) // we have exceptions
+            {
+                // Retrieve the visitor's origin
+                string userURL = aCircuit.ServiceURLs["HomeURI"].ToString();
+                if (!userURL.EndsWith("/"))
+                    userURL += "/";
+
+                if (exceptions.Find(delegate(string s)
+                {
+                    if (!s.EndsWith("/"))
+                        s += "/";
+                    return s == userURL;
+                }) != null)
+                    exception = true;
+            }
+
+            return exception;
+        }
 
         #endregion
     }

bin/Robust.HG.ini.example

@@ -396,6 +396,18 @@ ServiceConnectors = "8003/OpenSim.Server.Handlers.dll:AssetServiceConnector,8003
     ;AllowedClients = ""
     ;DeniedClients = ""
 
+    ;; Are foreign visitors allowed?
+    ;ForeignAgentsAllowed = true
+    ;;
+    ;; If ForeignAgentsAllowed is true, make exceptions using AllowExcept.
+    ;; Leave blank or commented for no exceptions.
+    ; AllowExcept = "http://griefer.com:8002, http://enemy.com:8002"
+    ;;
+    ;; If ForeignAgentsAllowed is false, make exceptions using DisallowExcept
+    ;; Leave blank or commented for no exceptions.
+    ; DisallowExcept = "http://myfriendgrid.com:8002, http://myboss.com:8002"
+
+
 [UserAgentService]
     LocalServiceModule = "OpenSim.Services.HypergridService.dll:UserAgentService"
     ;; for the service

bin/config-include/StandaloneCommon.ini.example

@@ -164,8 +164,17 @@
     ;AllowedClients = ""
     ;DeniedClients = ""
 
-    ;; Are foreign visitors allowed
+    ;; Are foreign visitors allowed?
     ;ForeignAgentsAllowed = true
+    ;;
+    ;; If ForeignAgentsAllowed is true, make exceptions using AllowExcept.
+    ;; Leave blank or commented for no exceptions.
+    ; AllowExcept = "http://griefer.com:8002, http://enemy.com:8002"
+    ;;
+    ;; If ForeignAgentsAllowed is false, make exceptions using DisallowExcept
+    ;; Leave blank or commented for no exceptions.
+    ; DisallowExcept = "http://myfriendgrid.com:8002, http://myboss.com:8002"
+
 
 [FreeswitchService]
     ;; If FreeSWITCH is not being used then you don't need to set any of these parameters