Clean up viewer-based access control specifications.

0.8.2-post-fixes
Diva Canto 2015-09-06 10:00:20 -07:00
parent 4f208b6282
commit 82ea4179da
7 changed files with 71 additions and 61 deletions

View File

@ -1051,11 +1051,11 @@ namespace OpenSim.Region.Framework.Scenes
} }
} }
string[] possibleAccessControlConfigSections = new string[] { "AccessControl", "Startup" }; string[] possibleAccessControlConfigSections = new string[] { "Startup", "AccessControl"};
string grant string grant
= Util.GetConfigVarFromSections<string>( = Util.GetConfigVarFromSections<string>(
config, "AllowedClients", possibleAccessControlConfigSections, ""); config, "AllowedClients", possibleAccessControlConfigSections, string.Empty);
if (grant.Length > 0) if (grant.Length > 0)
{ {
@ -1067,7 +1067,11 @@ namespace OpenSim.Region.Framework.Scenes
grant grant
= Util.GetConfigVarFromSections<string>( = Util.GetConfigVarFromSections<string>(
config, "BannedClients", possibleAccessControlConfigSections, ""); config, "DeniedClients", possibleAccessControlConfigSections, String.Empty);
// Deal with the mess of someone having used a different word at some point
if (grant == String.Empty)
grant = Util.GetConfigVarFromSections<string>(
config, "BannedClients", possibleAccessControlConfigSections, String.Empty);
if (grant.Length > 0) if (grant.Length > 0)
{ {

View File

@ -131,8 +131,11 @@ namespace OpenSim.Services.HypergridService
else if (simulationService != string.Empty) else if (simulationService != string.Empty)
m_SimulationService = ServerUtils.LoadPlugin<ISimulationService>(simulationService, args); m_SimulationService = ServerUtils.LoadPlugin<ISimulationService>(simulationService, args);
m_AllowedClients = serverConfig.GetString("AllowedClients", string.Empty); string[] possibleAccessControlConfigSections = new string[] { "AccessControl", "GatekeeperService" };
m_DeniedClients = serverConfig.GetString("DeniedClients", string.Empty); m_AllowedClients = Util.GetConfigVarFromSections<string>(
config, "AllowedClients", possibleAccessControlConfigSections, string.Empty);
m_DeniedClients = Util.GetConfigVarFromSections<string>(
config, "DeniedClients", possibleAccessControlConfigSections, string.Empty);
m_ForeignAgentsAllowed = serverConfig.GetBoolean("ForeignAgentsAllowed", true); m_ForeignAgentsAllowed = serverConfig.GetBoolean("ForeignAgentsAllowed", true);
LoadDomainExceptionsFromConfig(serverConfig, "AllowExcept", m_ForeignsAllowedExceptions); LoadDomainExceptionsFromConfig(serverConfig, "AllowExcept", m_ForeignsAllowedExceptions);

View File

@ -123,8 +123,12 @@ namespace OpenSim.Services.LLLoginService
m_DestinationGuide = m_LoginServerConfig.GetString ("DestinationGuide", string.Empty); m_DestinationGuide = m_LoginServerConfig.GetString ("DestinationGuide", string.Empty);
m_AvatarPicker = m_LoginServerConfig.GetString ("AvatarPicker", string.Empty); m_AvatarPicker = m_LoginServerConfig.GetString ("AvatarPicker", string.Empty);
m_AllowedClients = m_LoginServerConfig.GetString("AllowedClients", string.Empty); string[] possibleAccessControlConfigSections = new string[] { "AccessControl", "LoginService" };
m_DeniedClients = m_LoginServerConfig.GetString("DeniedClients", string.Empty); m_AllowedClients = Util.GetConfigVarFromSections<string>(
config, "AllowedClients", possibleAccessControlConfigSections, string.Empty);
m_DeniedClients = Util.GetConfigVarFromSections<string>(
config, "DeniedClients", possibleAccessControlConfigSections, string.Empty);
m_MessageUrl = m_LoginServerConfig.GetString("MessageUrl", string.Empty); m_MessageUrl = m_LoginServerConfig.GetString("MessageUrl", string.Empty);
m_DSTZone = m_LoginServerConfig.GetString("DSTZone", "America/Los_Angeles;Pacific Standard Time"); m_DSTZone = m_LoginServerConfig.GetString("DSTZone", "America/Los_Angeles;Pacific Standard Time");

View File

@ -308,9 +308,9 @@
;; - "Imprudence" has access ;; - "Imprudence" has access
;; - "Imprudence 1.3" has access ;; - "Imprudence 1.3" has access
;; - "Imprudence 1.3.1" has no access ;; - "Imprudence 1.3.1" has no access
; AllowedClients = ; AllowedClients = ""
;# {BannedClients} {} {Bar (|) separated list of banned clients} {} ;# {DeniedClients} {} {Bar (|) separated list of denied clients} {}
;; Bar (|) separated list of viewers which may not gain access to the regions. ;; Bar (|) separated list of viewers which may not gain access to the regions.
;; One can use a Substring of the viewer name to disable only certain ;; One can use a Substring of the viewer name to disable only certain
;; versions ;; versions
@ -318,7 +318,8 @@
;; - "Imprudence" has no access ;; - "Imprudence" has no access
;; - "Imprudence 1.3" has no access ;; - "Imprudence 1.3" has no access
;; - "Imprudence 1.3.1" has access ;; - "Imprudence 1.3.1" has access
; BannedClients = ;;
; DeniedClients = ""
[Map] [Map]

View File

@ -531,6 +531,14 @@
; many simultaneous requests, default is 30 and is currently applied only to assets ; many simultaneous requests, default is 30 and is currently applied only to assets
;MaxRequestConcurrency = 30 ;MaxRequestConcurrency = 30
[AccessControl]
; Viewer-based access control. |-separated list of allowed viewers.
; AllowedClients = ""
; Viewer-based access control. |-separated list of denied viewers.
; No restrictions by default.
; DeniedClients = ""
[ClientStack.LindenUDP] [ClientStack.LindenUDP]
; Set this to true to process incoming packets asynchronously. Networking is ; Set this to true to process incoming packets asynchronously. Networking is

View File

@ -184,6 +184,26 @@
;; This is a default that can be overwritten in some sections. ;; This is a default that can be overwritten in some sections.
; GatekeeperURI = "${Const|BaseURL}:${Const|PublicPort}" ; GatekeeperURI = "${Const|BaseURL}:${Const|PublicPort}"
[AccessControl]
;# {AllowedClients} {} {Bar (|) separated list of allowed clients} {}
;; Bar (|) separated list of viewers which may gain access to the regions.
;; One can use a substring of the viewer name to enable only certain
;; versions
;; Example: Agent uses the viewer "Imprudence 1.3.2.0"
;; - "Imprudence" has access
;; - "Imprudence 1.3" has access
;; - "Imprudence 1.3.1" has no access
; AllowedClients = ""
;# {DeniedClients} {} {Bar (|) separated list of denied clients} {}
;; Bar (|) separated list of viewers which may not gain access to the regions.
;; One can use a Substring of the viewer name to disable only certain
;; versions
;; Example: Agent uses the viewer "Imprudence 1.3.2.0"
;; - "Imprudence" has no access
;; - "Imprudence 1.3" has no access
;; - "Imprudence 1.3.1" has access
; DeniedClients = ""
[DatabaseService] [DatabaseService]
; PGSQL ; PGSQL
@ -482,23 +502,6 @@
SRV_IMServerURI = "${Const|BaseURL}:${Const|PublicPort}" SRV_IMServerURI = "${Const|BaseURL}:${Const|PublicPort}"
SRV_GroupsServerURI = "${Const|BaseURL}:${Const|PublicPort}" SRV_GroupsServerURI = "${Const|BaseURL}:${Const|PublicPort}"
;; Regular expressions for controlling which client versions are accepted/denied.
;; An empty string means nothing is checked.
;;
;; Example 1: allow only these 3 types of clients (any version of them)
;; AllowedClients = "Imprudence|Hippo|Second Life"
;;
;; Example 2: allow all clients except these
;; DeniedClients = "Twisted|Crawler|Cryolife|FuckLife|StreetLife|GreenLife|AntiLife|KORE-Phaze|Synlyfe|Purple Second Life|SecondLi |Emerald"
;;
;; Note that these are regular expressions, so every character counts.
;; Also note that this is very weak security and should not be trusted as a reliable means
;; for keeping bad clients out; modified clients can fake their identifiers.
;;
;;
;AllowedClients = ""
;DeniedClients = ""
;# {DSTZone} {} {Override Daylight Saving Time rules} {* none local} "America/Los_Angeles;Pacific Standard Time" ;# {DSTZone} {} {Override Daylight Saving Time rules} {* none local} "America/Los_Angeles;Pacific Standard Time"
;; Viewers do not receive timezone information from the server - almost all (?) default to Pacific Standard Time ;; Viewers do not receive timezone information from the server - almost all (?) default to Pacific Standard Time
;; However, they do rely on the server to tell them whether it's Daylight Saving Time or not. ;; However, they do rely on the server to tell them whether it's Daylight Saving Time or not.
@ -595,23 +598,6 @@
; If you run this gatekeeper server behind a proxy, set this to true ; If you run this gatekeeper server behind a proxy, set this to true
; HasProxy = false ; HasProxy = false
;; Regular expressions for controlling which client versions are accepted/denied.
;; An empty string means nothing is checked.
;;
;; Example 1: allow only these 3 types of clients (any version of them)
;; AllowedClients = "Imprudence|Hippo|Second Life"
;;
;; Example 2: allow all clients except these
;; DeniedClients = "Twisted|Crawler|Cryolife|FuckLife|StreetLife|GreenLife|AntiLife|KORE-Phaze|Synlyfe|Purple Second Life|SecondLi |Emerald"
;;
;; Note that these are regular expressions, so every character counts.
;; Also note that this is very weak security and should not be trusted as a reliable means
;; for keeping bad clients out; modified clients can fake their identifiers.
;;
;;
;AllowedClients = ""
;DeniedClients = ""
;; Are foreign visitors allowed? ;; Are foreign visitors allowed?
;ForeignAgentsAllowed = true ;ForeignAgentsAllowed = true
;; ;;

View File

@ -145,6 +145,27 @@
;ConsolePass = secret ;ConsolePass = secret
;ConsolePort = 0 ;ConsolePort = 0
[AccessControl]
;# {AllowedClients} {} {Bar (|) separated list of allowed clients} {}
;; Bar (|) separated list of viewers which may gain access to the regions.
;; One can use a substring of the viewer name to enable only certain
;; versions
;; Example: Agent uses the viewer "Imprudence 1.3.2.0"
;; - "Imprudence" has access
;; - "Imprudence 1.3" has access
;; - "Imprudence 1.3.1" has no access
; AllowedClients = ""
;# {DeniedClients} {} {Bar (|) separated list of denied clients} {}
;; Bar (|) separated list of viewers which may not gain access to the regions.
;; One can use a Substring of the viewer name to disable only certain
;; versions
;; Example: Agent uses the viewer "Imprudence 1.3.2.0"
;; - "Imprudence" has no access
;; - "Imprudence 1.3" has no access
;; - "Imprudence 1.3.1" has access
; DeniedClients = ""
[DatabaseService] [DatabaseService]
; PGSQL ; PGSQL
@ -431,23 +452,6 @@
; If you run this login server behind a proxy, set this to true ; If you run this login server behind a proxy, set this to true
; HasProxy = false ; HasProxy = false
;; Regular expressions for controlling which client versions are accepted/denied.
;; An empty string means nothing is checked.
;;
;; Example 1: allow only these 3 types of clients (any version of them)
;; AllowedClients = "Imprudence|Hippo|Second Life"
;;
;; Example 2: allow all clients except these
;; DeniedClients = "Twisted|Crawler|Cryolife|FuckLife|StreetLife|GreenLife|AntiLife|KORE-Phaze|Synlyfe|Purple Second Life|SecondLi |Emerald"
;;
;; Note that these are regular expressions, so every character counts.
;; Also note that this is very weak security and should not be trusted as a reliable means
;; for keeping bad clients out; modified clients can fake their identifiers.
;;
;;
;AllowedClients = ""
;DeniedClients = ""
;# {DSTZone} {} {Override Daylight Saving Time rules} {* none local} "America/Los_Angeles;Pacific Standard Time" ;# {DSTZone} {} {Override Daylight Saving Time rules} {* none local} "America/Los_Angeles;Pacific Standard Time"
;; Viewers do not listen to timezone sent by the server. They use Pacific Standard Time instead, ;; Viewers do not listen to timezone sent by the server. They use Pacific Standard Time instead,
;; but rely on the server to calculate Daylight Saving Time. Sending another DST than US Pacific ;; but rely on the server to calculate Daylight Saving Time. Sending another DST than US Pacific