User level based restrictions for HyperGrid teleports, asset uploads, group creations and getting contacted from other grids. Incoming HyperGrid teleports can also be restricted to local users.

0.7.4.1
Snoopy Pfeffer 2012-03-27 22:09:58 +02:00
parent de242a29ca
commit 7223b63563
11 changed files with 164 additions and 25 deletions

View File

@ -111,6 +111,7 @@ namespace OpenSim.Region.ClientStack.Linden
private IAssetService m_assetService;
private bool m_dumpAssetsToFile = false;
private string m_regionName;
private int m_levelUpload = 0;
public BunchOfCaps(Scene scene, Caps caps)
{
@ -121,7 +122,10 @@ namespace OpenSim.Region.ClientStack.Linden
{
IConfig sconfig = config.Configs["Startup"];
if (sconfig != null)
{
m_persistBakedTextures = sconfig.GetBoolean("PersistBakedTextures", m_persistBakedTextures);
m_levelUpload = sconfig.GetInt("LevelUpload", 0);
}
}
m_assetService = m_Scene.AssetService;
@ -357,21 +361,37 @@ namespace OpenSim.Region.ClientStack.Linden
llsdRequest.asset_type == "animation" ||
llsdRequest.asset_type == "sound")
{
ScenePresence avatar = null;
IClientAPI client = null;
IScene scene = null;
if (GetClient != null)
{
client = GetClient(m_HostCapsObj.AgentID);
scene = client.Scene;
m_Scene.TryGetScenePresence(m_HostCapsObj.AgentID, out avatar);
IMoneyModule mm = scene.RequestModuleInterface<IMoneyModule>();
// check user level
if (avatar != null)
{
client = avatar.ControllingClient;
if (avatar.UserLevel < m_levelUpload)
{
if (client != null)
client.SendAgentAlertMessage("Unable to upload asset. Insufficient permissions.", false);
LLSDAssetUploadResponse errorResponse = new LLSDAssetUploadResponse();
errorResponse.uploader = "";
errorResponse.state = "error";
return errorResponse;
}
}
// check funds
if (client != null)
{
IMoneyModule mm = m_Scene.RequestModuleInterface<IMoneyModule>();
if (mm != null)
{
if (!mm.UploadCovered(client.AgentId, mm.UploadCharge))
{
if (client != null)
client.SendAgentAlertMessage("Unable to upload asset. Insufficient funds.", false);
client.SendAgentAlertMessage("Unable to upload asset. Insufficient funds.", false);
LLSDAssetUploadResponse errorResponse = new LLSDAssetUploadResponse();
errorResponse.uploader = "";

View File

@ -56,6 +56,7 @@ namespace OpenSim.Region.ClientStack.Linden
// private IAssetService m_assetService;
private bool m_dumpAssetsToFile = false;
private bool m_enabled = true;
private int m_levelUpload = 0;
#region IRegionModuleBase Members
@ -72,6 +73,7 @@ namespace OpenSim.Region.ClientStack.Linden
return;
m_enabled = meshConfig.GetBoolean("AllowMeshUpload", true);
m_levelUpload = meshConfig.GetInt("LevelUpload", 0);
}
public void AddRegion(Scene pScene)
@ -137,25 +139,41 @@ namespace OpenSim.Region.ClientStack.Linden
// llsdRequest.asset_type == "animation" ||
// llsdRequest.asset_type == "sound")
// {
// check user level
ScenePresence avatar = null;
IClientAPI client = null;
m_scene.TryGetScenePresence(agentID, out avatar);
if (avatar != null)
{
client = avatar.ControllingClient;
if (avatar.UserLevel < m_levelUpload)
{
if (client != null)
client.SendAgentAlertMessage("Unable to upload asset. Insufficient permissions.", false);
LLSDNewFileAngentInventoryVariablePriceReplyResponse errorResponse = new LLSDNewFileAngentInventoryVariablePriceReplyResponse();
errorResponse.rsvp = "";
errorResponse.state = "error";
return errorResponse;
}
}
// check funds
IMoneyModule mm = m_scene.RequestModuleInterface<IMoneyModule>();
if (mm != null)
{
if (m_scene.TryGetClient(agentID, out client))
if (!mm.UploadCovered(agentID, mm.UploadCharge))
{
if (!mm.UploadCovered(client.AgentId, mm.UploadCharge))
{
if (client != null)
client.SendAgentAlertMessage("Unable to upload asset. Insufficient funds.", false);
if (client != null)
client.SendAgentAlertMessage("Unable to upload asset. Insufficient funds.", false);
LLSDNewFileAngentInventoryVariablePriceReplyResponse errorResponse = new LLSDNewFileAngentInventoryVariablePriceReplyResponse();
errorResponse.rsvp = "";
errorResponse.state = "error";
return errorResponse;
}
LLSDNewFileAngentInventoryVariablePriceReplyResponse errorResponse = new LLSDNewFileAngentInventoryVariablePriceReplyResponse();
errorResponse.rsvp = "";
errorResponse.state = "error";
return errorResponse;
}
}
// }

View File

@ -47,6 +47,7 @@ namespace OpenSim.Region.CoreModules.Agent.AssetTransaction
protected Scene m_Scene;
private bool m_dumpAssetsToFile = false;
private int m_levelUpload = 0;
/// <summary>
/// Each agent has its own singleton collection of transactions
@ -56,8 +57,13 @@ namespace OpenSim.Region.CoreModules.Agent.AssetTransaction
#region IRegionModule Members
public void Initialise(IConfigSource config)
public void Initialise(IConfigSource source)
{
IConfig sconfig = source.Configs["Startup"];
if (sconfig != null)
{
m_levelUpload = sconfig.GetInt("LevelUpload", 0);
}
}
public void AddRegion(Scene scene)
@ -241,7 +247,21 @@ namespace OpenSim.Region.CoreModules.Agent.AssetTransaction
(AssetType)type == AssetType.Animation) &&
tempFile == false)
{
ScenePresence avatar = null;
Scene scene = (Scene)remoteClient.Scene;
scene.TryGetScenePresence(remoteClient.AgentId, out avatar);
// check user level
if (avatar != null)
{
if (avatar.UserLevel < m_levelUpload)
{
remoteClient.SendAgentAlertMessage("Unable to upload asset. Insufficient permissions.", false);
return;
}
}
// check funds
IMoneyModule mm = scene.RequestModuleInterface<IMoneyModule>();
if (mm != null)

View File

@ -60,6 +60,8 @@ namespace OpenSim.Region.CoreModules.Framework.EntityTransfer
set { m_MaxTransferDistance = value; }
}
private int m_levelHGTeleport = 0;
protected bool m_Enabled = false;
protected Scene m_aScene;
protected List<Scene> m_Scenes = new List<Scene>();
@ -101,7 +103,10 @@ namespace OpenSim.Region.CoreModules.Framework.EntityTransfer
{
IConfig transferConfig = source.Configs["EntityTransfer"];
if (transferConfig != null)
{
MaxTransferDistance = transferConfig.GetInt("max_distance", 4095);
m_levelHGTeleport = transferConfig.GetInt("LevelHGTeleport", 0);
}
m_agentsInTransit = new List<UUID>();
m_Enabled = true;
@ -227,6 +232,16 @@ namespace OpenSim.Region.CoreModules.Framework.EntityTransfer
return;
}
// check if HyperGrid teleport is allowed, based on user level
int flags = m_aScene.GridService.GetRegionFlags(sp.Scene.RegionInfo.ScopeID, reg.RegionID);
if (((flags & (int)OpenSim.Data.RegionFlags.Hyperlink) != 0) && (sp.UserLevel < m_levelHGTeleport))
{
m_log.WarnFormat("[ENTITY TRANSFER MODULE]: Final destination link is non permitted hypergrid region. Unable to teleport agent.");
sp.ControllingClient.SendTeleportFailed("HyperGrid teleport not permitted");
return;
}
uint curX = 0, curY = 0;
Utils.LongToUInts(sp.Scene.RegionInfo.RegionHandle, out curX, out curY);
int curCellX = (int)(curX / Constants.RegionSize);

View File

@ -84,6 +84,7 @@ namespace OpenSim.Region.OptionalModules.Avatar.XmlRpcGroups
private bool m_groupsEnabled = false;
private bool m_groupNoticesEnabled = true;
private bool m_debugEnabled = false;
private int m_levelGroupCreate = 0;
#region IRegionModuleBase Members
@ -115,6 +116,7 @@ namespace OpenSim.Region.OptionalModules.Avatar.XmlRpcGroups
m_groupNoticesEnabled = groupsConfig.GetBoolean("NoticesEnabled", true);
m_debugEnabled = groupsConfig.GetBoolean("DebugEnabled", false);
m_levelGroupCreate = groupsConfig.GetInt("LevelGroupCreate", 0);
}
}
@ -708,13 +710,29 @@ namespace OpenSim.Region.OptionalModules.Avatar.XmlRpcGroups
remoteClient.SendCreateGroupReply(UUID.Zero, false, "A group with the same name already exists.");
return UUID.Zero;
}
// check user level
ScenePresence avatar = null;
Scene scene = (Scene)remoteClient.Scene;
scene.TryGetScenePresence(remoteClient.AgentId, out avatar);
if (avatar != null)
{
if (avatar.UserLevel < m_levelGroupCreate)
{
remoteClient.SendCreateGroupReply(UUID.Zero, false, "You have got insufficient permissions to create a group.");
return UUID.Zero;
}
}
// check funds
// is there is a money module present ?
IMoneyModule money = remoteClient.Scene.RequestModuleInterface<IMoneyModule>();
IMoneyModule money = scene.RequestModuleInterface<IMoneyModule>();
if (money != null)
{
// do the transaction, that is if the agent has got sufficient funds
if (!money.AmountCovered(remoteClient.AgentId, money.GroupCreationCharge)) {
remoteClient.SendCreateGroupReply(UUID.Zero, false, "You have got issuficient funds to create a group.");
remoteClient.SendCreateGroupReply(UUID.Zero, false, "You have got insufficient funds to create a group.");
return UUID.Zero;
}
money.ApplyCharge(GetRequestingAgentID(remoteClient), money.GroupCreationCharge, "Group Creation");

View File

@ -4151,6 +4151,9 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
case 4: // DATA_RATING (0,0,0,0,0,0)
reply = "0,0,0,0,0,0";
break;
case 7: // DATA_USERLEVEL (integer)
reply = account.UserLevel.ToString();
break;
case 8: // DATA_PAYINFO (0|1|2|3)
reply = "0";
break;

View File

@ -60,6 +60,7 @@ namespace OpenSim.Services.HypergridService
protected string m_AllowedClients = string.Empty;
protected string m_DeniedClients = string.Empty;
private static bool m_ForeignAgentsAllowed = true;
private static UUID m_ScopeID;
private static bool m_AllowTeleportsToAnyRegion;
@ -110,6 +111,7 @@ namespace OpenSim.Services.HypergridService
m_AllowedClients = serverConfig.GetString("AllowedClients", string.Empty);
m_DeniedClients = serverConfig.GetString("DeniedClients", string.Empty);
m_ForeignAgentsAllowed = serverConfig.GetBoolean("ForeignAgentsAllowed", true);
if (m_GridService == null || m_PresenceService == null || m_SimulationService == null)
throw new Exception("Unable to load a required plugin, Gatekeeper Service cannot function.");
@ -257,6 +259,17 @@ namespace OpenSim.Services.HypergridService
}
m_log.DebugFormat("[GATEKEEPER SERVICE]: User is ok");
//
// Foreign agents allowed
//
if (account == null && !m_ForeignAgentsAllowed)
{
reason = "Unauthorized";
m_log.InfoFormat("[GATEKEEPER SERVICE]: Foreign agents are not permitted {0} {1}. Refusing service.",
aCircuit.firstname, aCircuit.lastname);
return false;
}
// May want to authorize
bool isFirstLogin = false;

View File

@ -73,6 +73,8 @@ namespace OpenSim.Services.HypergridService
protected static string m_GridName;
protected static int m_LevelOutsideContacts;
protected static bool m_BypassClientVerification;
public UserAgentService(IConfigSource config) : this(config, null)
@ -127,6 +129,8 @@ namespace OpenSim.Services.HypergridService
}
if (!m_GridName.EndsWith("/"))
m_GridName = m_GridName + "/";
m_LevelOutsideContacts = serverConfig.GetInt("LevelOutsideContacts", 0);
}
}
@ -571,10 +575,16 @@ namespace OpenSim.Services.HypergridService
public UUID GetUUID(String first, String last)
{
// Let's see if it's a local user
// Let's see if it's a local user
UserAccount account = m_UserAccountService.GetUserAccount(UUID.Zero, first, last);
if (account != null)
return account.PrincipalID;
{
// check user level
if (account.UserLevel < m_LevelOutsideContacts)
return UUID.Zero;
else
return account.PrincipalID;
}
else
return UUID.Zero;
}

View File

@ -272,6 +272,8 @@
; Disabled by default
; simple_build_permissions = False
; Minimum user level required to upload assets
;LevelUpload = 0
; ##
; ## SCRIPT ENGINE
@ -620,6 +622,10 @@
; This is set to 4095 because current viewers can't handle teleports that are greater than this distance
max_distance = 4095
; Minimum user level required for HyperGrid teleports
LevelHGTeleport = 0
[Messaging]
; Control which region module is used for instant messaging.
; Default is InstantMessageModule (this is the name of the core IM module as well as the setting)
@ -657,6 +663,9 @@
; mesh, and use it for collisions.
UseMeshiesPhysicsMesh = true
; Minimum user level required to upload meshes
;LevelUpload = 0
[ODEPhysicsSettings]
;##
@ -1497,6 +1506,9 @@
; System.Net.WebException: The request was aborted: The request was canceled.
; XmlRpcDisableKeepAlive = false
; Minimum user level required to create groups
;LevelGroupCreate = 0
[PacketPool]
; Enables the experimental packet pool. Yes, we've been here before.

View File

@ -373,6 +373,9 @@ ServiceConnectors = "8003/OpenSim.Server.Handlers.dll:AssetServiceConnector,8003
;; the IP address of the machine where your LoginService is
;LoginServerIP = "127.0.0.1"
; User level required to be contacted from other grids
;LevelOutsideContacts = 0
; * The interface that local users get when they are in other grids.
; * This restricts the inventory operations while in other grids.
; * Still not completely safe, especially if users perform inventory operations

View File

@ -147,6 +147,9 @@
;AllowedClients = ""
;DeniedClients = ""
;; Are foreign visitors allowed
;ForeignAgentsAllowed = true
[FreeswitchService]
;; If FreeSWITCH is not being used then you don't need to set any of these parameters
;;
@ -241,3 +244,7 @@
; DisallowResidents -- only Admins and Managers allowed
; Example:
; Region_Test_1 = "DisallowForeigners"
[UserAgentService]
; User level required to be contacted from other grids
;LevelOutsideContacts = 0