From dd30a29ba07a181d5c8f5773140a7247a0066510 Mon Sep 17 00:00:00 2001
From: Oren Hurvitz <orenh@kitely.com>
Date: Sun, 18 May 2014 16:10:18 +0300
Subject: [PATCH] Return more specific error messages if an attempt to enter a
 region fails due to permissions (in QueryAccess and IsAuthorizedForRegion)

---
 .../EntityTransfer/EntityTransferModule.cs    |  2 +-
 .../Authorization/AuthorizationService.cs     | 38 +++++++++++--------
 OpenSim/Region/Framework/Scenes/Scene.cs      | 15 +++++++-
 .../AuthorizationServicesConnector.cs         |  2 +-
 4 files changed, 38 insertions(+), 19 deletions(-)

diff --git a/OpenSim/Region/CoreModules/Framework/EntityTransfer/EntityTransferModule.cs b/OpenSim/Region/CoreModules/Framework/EntityTransfer/EntityTransferModule.cs
index 539367d87f..3830791de4 100644
--- a/OpenSim/Region/CoreModules/Framework/EntityTransfer/EntityTransferModule.cs
+++ b/OpenSim/Region/CoreModules/Framework/EntityTransfer/EntityTransferModule.cs
@@ -766,7 +766,7 @@ namespace OpenSim.Region.CoreModules.Framework.EntityTransfer
                 sp.ControllingClient.SendTeleportFailed(reason);
 
                 m_log.DebugFormat(
-                    "[ENTITY TRANSFER MODULE]: {0} was stopped from teleporting from {1} to {2} because {3}",
+                    "[ENTITY TRANSFER MODULE]: {0} was stopped from teleporting from {1} to {2} because: {3}",
                     sp.Name, sp.Scene.Name, finalDestination.RegionName, reason);
 
                 return;
diff --git a/OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/AuthorizationService.cs b/OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/AuthorizationService.cs
index 4470799f79..93dff1f083 100644
--- a/OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/AuthorizationService.cs
+++ b/OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/AuthorizationService.cs
@@ -89,35 +89,43 @@ namespace OpenSim.Region.CoreModules.ServiceConnectorsOut.Authorization
         public bool IsAuthorizedForRegion(
             string user, string firstName, string lastName, string regionID, out string message)
         {
-            message = "authorized";
-
             // This should not happen
             if (m_Scene.RegionInfo.RegionID.ToString() != regionID)
             {
                 m_log.WarnFormat("[AuthorizationService]: Service for region {0} received request to authorize for region {1}",
                     m_Scene.RegionInfo.RegionID, regionID);
-                return true;
+                message = string.Format("Region {0} received request to authorize for region {1}", m_Scene.RegionInfo.RegionID, regionID);
+                return false;
             }
 
             if (m_accessValue == AccessFlags.None)
+            {
+                message = "Authorized";
                 return true;
+            }
 
             UUID userID = new UUID(user);
-            bool authorized = true;
-            if ((m_accessValue & AccessFlags.DisallowForeigners) == AccessFlags.DisallowForeigners)
+
+            if ((m_accessValue & AccessFlags.DisallowForeigners) != 0)
             {
-                authorized = m_UserManagement.IsLocalGridUser(userID);
-                if (!authorized)
-                    message = "no foreigner users allowed in this region";
-            }
-            if (authorized && (m_accessValue & AccessFlags.DisallowResidents) == AccessFlags.DisallowResidents)
-            {
-                authorized = m_Scene.Permissions.IsGod(userID) | m_Scene.Permissions.IsAdministrator(userID);
-                if (!authorized)
-                    message = "only Admins and Managers allowed in this region";
+                if (!m_UserManagement.IsLocalGridUser(userID))
+                {
+                    message = "No foreign users allowed in this region";
+                    return false;
+                }
             }
 
-            return authorized;
+            if ((m_accessValue & AccessFlags.DisallowResidents) != 0)
+            {
+                if (!(m_Scene.Permissions.IsGod(userID) || m_Scene.Permissions.IsAdministrator(userID)))
+                {
+                    message = "Only Admins and Managers allowed in this region";
+                    return false;
+                }
+            }
+
+            message = "Authorized";
+            return true;
         }
 
     }
diff --git a/OpenSim/Region/Framework/Scenes/Scene.cs b/OpenSim/Region/Framework/Scenes/Scene.cs
index e6887b46ba..1115399911 100644
--- a/OpenSim/Region/Framework/Scenes/Scene.cs
+++ b/OpenSim/Region/Framework/Scenes/Scene.cs
@@ -3865,7 +3865,7 @@ namespace OpenSim.Region.Framework.Scenes
                 if (!AuthorizationService.IsAuthorizedForRegion(
                     agent.AgentID.ToString(), agent.firstname, agent.lastname, RegionInfo.RegionID.ToString(), out reason))
                 {
-                    m_log.WarnFormat("[CONNECTION BEGIN]: Denied access to: {0} ({1} {2}) at {3} because {4}",
+                    m_log.WarnFormat("[CONNECTION BEGIN]: Denied access to: {0} ({1} {2}) at {3} because: {4}",
                                      agent.AgentID, agent.firstname, agent.lastname, RegionInfo.RegionName, reason);
                     
                     return false;
@@ -5465,7 +5465,7 @@ namespace OpenSim.Region.Framework.Scenes
         /// <returns></returns>
         public bool QueryAccess(UUID agentID, string agentHomeURI, Vector3 position, out string reason)
         {
-            reason = "You are banned from the region";
+            reason = string.Empty;
 
             if (Permissions.IsGod(agentID))
             {
@@ -5525,6 +5525,7 @@ namespace OpenSim.Region.Framework.Scenes
             catch (Exception e)
             {
                 m_log.DebugFormat("[SCENE]: Exception authorizing agent: {0} "+ e.StackTrace, e.Message);
+                reason = "Error authorizing agent: " + e.Message;
                 return false;
             }
 
@@ -5568,6 +5569,7 @@ namespace OpenSim.Region.Framework.Scenes
                 if (!TestLandRestrictions(agentID, out reason, ref posX, ref posY))
                 {
                     // m_log.DebugFormat("[SCENE]: Denying {0} because they are banned on all parcels", agentID);
+                    reason = "You are banned from the region on all parcels";
                     return false;
                 }
             }
@@ -5575,13 +5577,22 @@ namespace OpenSim.Region.Framework.Scenes
             {
                 ILandObject land = LandChannel.GetLandObject(position.X, position.Y);
                 if (land == null)
+                {
+                    reason = "No parcel found";
                     return false;
+                }
 
                 bool banned = land.IsBannedFromLand(agentID);
                 bool restricted = land.IsRestrictedFromLand(agentID);
 
                 if (banned || restricted)
+                {
+                    if (banned)
+                        reason = "You are banned from the parcel";
+                    else
+                        reason = "The parcel is restricted";
                     return false;
+                }
             }
 
             reason = String.Empty;
diff --git a/OpenSim/Services/Connectors/Authorization/AuthorizationServicesConnector.cs b/OpenSim/Services/Connectors/Authorization/AuthorizationServicesConnector.cs
index 35b7109496..63730b3a83 100644
--- a/OpenSim/Services/Connectors/Authorization/AuthorizationServicesConnector.cs
+++ b/OpenSim/Services/Connectors/Authorization/AuthorizationServicesConnector.cs
@@ -105,7 +105,7 @@ namespace OpenSim.Services.Connectors
             catch (Exception e)
             {
                 m_log.WarnFormat("[AUTHORIZATION CONNECTOR]: Unable to send authorize {0} for region {1} error thrown during comms with remote server. Reason: {2}", userID, regionID, e.Message);
-                message = "";
+                message = e.Message;
                 return m_ResponseOnFailure;
             }
             if (response == null)