From 504de8bc4792eda165d71a2c7481cb43cb92759a Mon Sep 17 00:00:00 2001 From: "Justin Clark-Casey (justincc)" Date: Sat, 23 Jul 2011 03:46:55 +0100 Subject: [PATCH] Pass the first name and last name from the agent circuit data to the authorization service rather than from the account. This is to accomodate situations where the authorization service is being used by the hypergrid, where visitors have no user account. See http://opensimulator.org/mantis/view.php?id=5517, this code is somewhat adapted/cleaned up from Michelle's patch I'm a little ambivalent about this since visitors could put anything in firstname/lastname so it's not much of an auth measure. It's up to the auth service to decide which data it actually uses. Possibly we should be passing through other info such as agent circuit ip --- OpenSim/Framework/TaskInventoryDictionary.cs | 2 +- .../LocalAuthorizationServiceConnector.cs | 17 +++++----- .../RemoteAuthorizationServiceConnector.cs | 24 +++++++++----- OpenSim/Region/Framework/Scenes/Scene.cs | 5 +-- .../AuthorizationServerPostHandler.cs | 2 +- .../AuthorizationService.cs | 5 +-- .../Interfaces/IAuthorizationService.cs | 32 +++++++++++-------- 7 files changed, 50 insertions(+), 37 deletions(-) diff --git a/OpenSim/Framework/TaskInventoryDictionary.cs b/OpenSim/Framework/TaskInventoryDictionary.cs index 25ae6b05c6..421bd5ddcf 100644 --- a/OpenSim/Framework/TaskInventoryDictionary.cs +++ b/OpenSim/Framework/TaskInventoryDictionary.cs @@ -59,7 +59,7 @@ namespace OpenSim.Framework clone.Add(uuid, (TaskInventoryItem) this[uuid].Clone()); } } - + return clone; } diff --git a/OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/LocalAuthorizationServiceConnector.cs b/OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/LocalAuthorizationServiceConnector.cs index 85a1ac3b64..18a7177b6f 100644 --- a/OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/LocalAuthorizationServiceConnector.cs +++ b/OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/LocalAuthorizationServiceConnector.cs @@ -39,8 +39,7 @@ using OpenMetaverse; namespace OpenSim.Region.CoreModules.ServiceConnectorsOut.Authorization { - public class LocalAuthorizationServicesConnector : - ISharedRegionModule, IAuthorizationService + public class LocalAuthorizationServicesConnector : ISharedRegionModule, IAuthorizationService { private static readonly ILog m_log = LogManager.GetLogger( @@ -127,15 +126,15 @@ namespace OpenSim.Region.CoreModules.ServiceConnectorsOut.Authorization if (!m_Enabled) return; - m_log.InfoFormat("[AUTHORIZATION CONNECTOR]: Enabled local authorization for region {0}", scene.RegionInfo.RegionName); - - + m_log.InfoFormat( + "[AUTHORIZATION CONNECTOR]: Enabled local authorization for region {0}", + scene.RegionInfo.RegionName); } - public bool IsAuthorizedForRegion(string userID, string regionID, out string message) + public bool IsAuthorizedForRegion( + string userID, string firstName, string lastName, string regionID, out string message) { - return m_AuthorizationService.IsAuthorizedForRegion(userID, regionID, out message); + return m_AuthorizationService.IsAuthorizedForRegion(userID, firstName, lastName, regionID, out message); } - } -} +} \ No newline at end of file diff --git a/OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/RemoteAuthorizationServiceConnector.cs b/OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/RemoteAuthorizationServiceConnector.cs index 66994facff..5fa27b8704 100644 --- a/OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/RemoteAuthorizationServiceConnector.cs +++ b/OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/RemoteAuthorizationServiceConnector.cs @@ -117,12 +117,15 @@ namespace OpenSim.Region.CoreModules.ServiceConnectorsOut.Authorization } - public bool IsAuthorizedForRegion(string userID, string regionID, out string message) + public bool IsAuthorizedForRegion( + string userID, string firstName, string lastName, string regionID, out string message) { - m_log.InfoFormat("[REMOTE AUTHORIZATION CONNECTOR]: IsAuthorizedForRegion checking {0} for region {1}", userID, regionID); + m_log.InfoFormat( + "[REMOTE AUTHORIZATION CONNECTOR]: IsAuthorizedForRegion checking {0} for region {1}", userID, regionID); bool isAuthorized = true; message = String.Empty; + string mail = String.Empty; // get the scene this call is being made for Scene scene = null; @@ -140,17 +143,22 @@ namespace OpenSim.Region.CoreModules.ServiceConnectorsOut.Authorization if (scene != null) { UserAccount account = scene.UserAccountService.GetUserAccount(UUID.Zero, new UUID(userID)); - isAuthorized = IsAuthorizedForRegion(userID, account.FirstName, account.LastName, - account.Email, scene.RegionInfo.RegionName, regionID, out message); + + if (account != null) + mail = account.Email; + + isAuthorized + = IsAuthorizedForRegion( + userID, firstName, lastName, account.Email, scene.RegionInfo.RegionName, regionID, out message); } else { - m_log.ErrorFormat("[REMOTE AUTHORIZATION CONNECTOR] IsAuthorizedForRegion, can't find scene to match region id of {0} ",regionID); + m_log.ErrorFormat( + "[REMOTE AUTHORIZATION CONNECTOR] IsAuthorizedForRegion, can't find scene to match region id of {0}", + regionID); } - return isAuthorized; - } } -} +} \ No newline at end of file diff --git a/OpenSim/Region/Framework/Scenes/Scene.cs b/OpenSim/Region/Framework/Scenes/Scene.cs index 32a288724a..1a32510715 100644 --- a/OpenSim/Region/Framework/Scenes/Scene.cs +++ b/OpenSim/Region/Framework/Scenes/Scene.cs @@ -3553,11 +3553,12 @@ namespace OpenSim.Region.Framework.Scenes if (AuthorizationService != null) { - if (!AuthorizationService.IsAuthorizedForRegion(agent.AgentID.ToString(), RegionInfo.RegionID.ToString(),out reason)) + if (!AuthorizationService.IsAuthorizedForRegion( + agent.AgentID.ToString(), agent.firstname, agent.lastname, RegionInfo.RegionID.ToString(), out reason)) { m_log.WarnFormat("[CONNECTION BEGIN]: Denied access to: {0} ({1} {2}) at {3} because the user does not have access to the region", agent.AgentID, agent.firstname, agent.lastname, RegionInfo.RegionName); - //reason = String.Format("You are not currently on the access list for {0}",RegionInfo.RegionName); + return false; } } diff --git a/OpenSim/Server/Handlers/Authorization/AuthorizationServerPostHandler.cs b/OpenSim/Server/Handlers/Authorization/AuthorizationServerPostHandler.cs index f987de4ef1..d656238cf0 100644 --- a/OpenSim/Server/Handlers/Authorization/AuthorizationServerPostHandler.cs +++ b/OpenSim/Server/Handlers/Authorization/AuthorizationServerPostHandler.cs @@ -61,7 +61,7 @@ namespace OpenSim.Server.Handlers.Authorization AuthorizationRequest Authorization = (AuthorizationRequest) xs.Deserialize(request); string message = String.Empty; - bool authorized = m_AuthorizationService.IsAuthorizedForRegion(Authorization.ID, Authorization.RegionID,out message); + bool authorized = m_AuthorizationService.IsAuthorizedForRegion(Authorization.ID, Authorization.FirstName, Authorization.SurName, Authorization.RegionID, out message); AuthorizationResponse result = new AuthorizationResponse(authorized, Authorization.ID + " has been authorized"); diff --git a/OpenSim/Services/AuthorizationService/AuthorizationService.cs b/OpenSim/Services/AuthorizationService/AuthorizationService.cs index d658368320..03da6e144f 100644 --- a/OpenSim/Services/AuthorizationService/AuthorizationService.cs +++ b/OpenSim/Services/AuthorizationService/AuthorizationService.cs @@ -48,10 +48,11 @@ namespace OpenSim.Services.AuthorizationService m_log.Info("[AUTHORIZATION CONNECTOR]: Local Authorization service enabled"); } - public bool IsAuthorizedForRegion(string userID, string regionID, out string message) + public bool IsAuthorizedForRegion( + string userID, string firstName, string lastName, string regionID, out string message) { message = "Authorized"; return true; } } -} +} \ No newline at end of file diff --git a/OpenSim/Services/Interfaces/IAuthorizationService.cs b/OpenSim/Services/Interfaces/IAuthorizationService.cs index c5d577ad9a..e5c68f62fa 100644 --- a/OpenSim/Services/Interfaces/IAuthorizationService.cs +++ b/OpenSim/Services/Interfaces/IAuthorizationService.cs @@ -34,14 +34,21 @@ namespace OpenSim.Services.Interfaces public interface IAuthorizationService { - ////////////////////////////////////////////////////// - // Authorized - // - // This method returns a simple true false indicating - // whether or not a user has access to the region - // - bool IsAuthorizedForRegion(string userID, string regionID, out string message); - + /// + /// Check whether the user should be given access to the region. + /// + /// + /// We also supply user first name and last name for situations where the user does not have an account + /// on the region (e.g. they're a visitor via Hypergrid). + /// + /// + /// /param> + /// + /// + /// + /// + bool IsAuthorizedForRegion( + string userID, string firstName, string lastName, string regionID, out string message); } public class AuthorizationRequest @@ -63,7 +70,8 @@ namespace OpenSim.Services.Interfaces m_regionID = RegionID; } - public AuthorizationRequest(string ID,string FirstName, string SurName, string Email, string RegionName, string RegionID) + public AuthorizationRequest( + string ID, string FirstName, string SurName, string Email, string RegionName, string RegionID) { m_userID = ID; m_firstname = FirstName; @@ -108,9 +116,6 @@ namespace OpenSim.Services.Interfaces get { return m_regionID; } set { m_regionID = value; } } - - - } public class AuthorizationResponse @@ -126,7 +131,6 @@ namespace OpenSim.Services.Interfaces { m_isAuthorized = isAuthorized; m_message = message; - } public bool IsAuthorized @@ -141,4 +145,4 @@ namespace OpenSim.Services.Interfaces set { m_message = value; } } } -} +} \ No newline at end of file