- moving banned check and public/private check to

Scene.NewUserConnection()
- adding reason reporting

this enforces estate bans very early on and prevents us from
circulating client objects that we'd then have to retract once we
realize that the client is not allowed into the region
0.6.5-rc1
Dr Scofield 2009-05-05 16:17:52 +00:00
parent b6ae8b7ba7
commit e0a06f6416
19 changed files with 186 additions and 131 deletions

View File

@ -213,13 +213,14 @@ namespace OpenSim.Client.Linden
}
else
{
if (scene.NewUserConnection(agentData))
string reason;
if (scene.NewUserConnection(agentData, out reason))
{
success = true;
}
else
{
denyMess = "Login refused by region";
denyMess = String.Format("Login refused by region: {0}", reason);
m_log.InfoFormat(
"[CLIENT]: Denying access for user {0} {1} because user connection was refused by the region",
agentData.firstname, agentData.lastname);

View File

@ -154,13 +154,14 @@ namespace OpenSim.Client.Linden
}
}
public bool NewUserConnection(ulong regionHandle, AgentCircuitData agent)
public bool NewUserConnection(ulong regionHandle, AgentCircuitData agent, out string reason)
{
Scene scene;
if (TryGetRegion(regionHandle, out scene))
{
return scene.NewUserConnection(agent);
return scene.NewUserConnection(agent, out reason);
}
reason = "Region not found.";
return false;
}

View File

@ -201,7 +201,15 @@ namespace OpenSim.Client.Linden
if (m_regionsConnector.RegionLoginsEnabled)
{
return m_regionsConnector.NewUserConnection(regionInfo.RegionHandle, agent);
string reason;
bool success = m_regionsConnector.NewUserConnection(regionInfo.RegionHandle, agent, out reason);
if (!success)
{
response.ErrorReason = "key";
response.ErrorMessage = reason;
}
return success;
// return m_regionsConnector.NewUserConnection(regionInfo.RegionHandle, agent, out reason);
}
return false;

View File

@ -313,6 +313,8 @@ namespace OpenSim.Client.MXP.PacketHandler
Scene scene = m_scenes[sceneId];
UUID mxpSessionID = UUID.Random();
string reason;
m_log.Debug("[MXP ClientStack]: Session join request success: " + session.SessionId + " (" +
(session.IsIncoming ? "from" : "to") + " " + session.RemoteEndPoint.Address + ":" +
session.RemoteEndPoint.Port + ")");
@ -321,7 +323,13 @@ namespace OpenSim.Client.MXP.PacketHandler
AttachUserAgentToUserProfile(session, mxpSessionID, sceneId, user);
m_log.Debug("[MXP ClientStack]: Attached UserAgent to UserProfile.");
m_log.Debug("[MXP ClientStack]: Preparing Scene to Connection...");
PrepareSceneForConnection(mxpSessionID, sceneId, user);
if (!PrepareSceneForConnection(mxpSessionID, sceneId, user, out reason))
{
m_log.DebugFormat("[MXP ClientStack]: Scene refused connection: {0}", reason);
DeclineConnection(session, joinRequestMessage);
tmpRemove.Add(session);
continue;
}
m_log.Debug("[MXP ClientStack]: Prepared Scene to Connection.");
m_log.Debug("[MXP ClientStack]: Accepting connection...");
AcceptConnection(session, joinRequestMessage, mxpSessionID, userId);
@ -579,7 +587,7 @@ namespace OpenSim.Client.MXP.PacketHandler
//userService.CommitAgent(ref userProfile);
}
private void PrepareSceneForConnection(UUID sessionId, UUID sceneId, UserProfileData userProfile)
private bool PrepareSceneForConnection(UUID sessionId, UUID sceneId, UserProfileData userProfile, out string reason)
{
Scene scene = m_scenes[sceneId];
CommunicationsManager commsManager = m_scenes[sceneId].CommsManager;
@ -604,8 +612,7 @@ namespace OpenSim.Client.MXP.PacketHandler
agent.Appearance = new AvatarAppearance();
}
scene.NewUserConnection(agent);
return scene.NewUserConnection(agent, out reason);
}
public void PrintDebugInformation()

View File

@ -43,7 +43,7 @@ namespace OpenSim.Framework.Communications.Clients
{
private static readonly ILog m_log = LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType);
public bool DoCreateChildAgentCall(RegionInfo region, AgentCircuitData aCircuit, string authKey)
public bool DoCreateChildAgentCall(RegionInfo region, AgentCircuitData aCircuit, string authKey, out string reason)
{
// Eventually, we want to use a caps url instead of the agentID
string uri = "http://" + region.ExternalEndPoint.Address + ":" + region.HttpPort + "/agent/" + aCircuit.AgentID + "/";
@ -56,6 +56,8 @@ namespace OpenSim.Framework.Communications.Clients
//AgentCreateRequest.KeepAlive = false;
AgentCreateRequest.Headers.Add("Authorization", authKey);
reason = String.Empty;
// Fill it in
OSDMap args = null;
try
@ -98,7 +100,7 @@ namespace OpenSim.Framework.Communications.Clients
catch
{
//m_log.InfoFormat("[REST COMMS]: Bad send on ChildAgentUpdate {0}", ex.Message);
reason = "cannot contact remote region";
return false;
}
@ -112,13 +114,24 @@ namespace OpenSim.Framework.Communications.Clients
{
m_log.Info("[REST COMMS]: Null reply on DoCreateChildAgentCall post");
}
else
{
StreamReader sr = new StreamReader(webResponse.GetResponseStream());
//reply = sr.ReadToEnd().Trim();
sr.ReadToEnd().Trim();
string response = sr.ReadToEnd().Trim();
sr.Close();
//m_log.InfoFormat("[REST COMMS]: DoCreateChildAgentCall reply was {0} ", reply);
m_log.InfoFormat("[REST COMMS]: DoCreateChildAgentCall reply was {0} ", response);
if (!String.IsNullOrEmpty(response))
{
// we assume we got an OSDMap back
OSDMap r = GetOSDMap(response);
bool success = r["success"].AsBoolean();
reason = r["reason"].AsString();
return success;
}
}
}
catch (WebException ex)
{

View File

@ -320,7 +320,7 @@ namespace OpenSim.Framework.Communications.Services
{
return GenerateFailureResponseLLSD(
"key",
"Error connecting to grid. Could not percieve credentials from login XML.",
"Error connecting to grid. Could not perceive credentials from login XML.",
"false");
}

View File

@ -946,13 +946,15 @@ namespace OpenSim.Framework.Communications.Services
{
regionInfo = homeInfo;
theUser.CurrentAgent.Position = theUser.HomeLocation;
response.LookAt = "[r" + theUser.HomeLookAt.X.ToString() + ",r" + theUser.HomeLookAt.Y.ToString() + ",r" + theUser.HomeLookAt.Z.ToString() + "]";
response.LookAt = String.Format("[r{0},r{1},r{2}]", theUser.HomeLookAt.X.ToString(),
theUser.HomeLookAt.Y.ToString(), theUser.HomeLookAt.Z.ToString());
}
else if (startLocationRequest == "last")
{
UUID lastRegion = theUser.CurrentAgent.Region;
regionInfo = GetRegionInfo(lastRegion);
response.LookAt = "[r" + theUser.CurrentAgent.LookAt.X.ToString() + ",r" + theUser.CurrentAgent.LookAt.Y.ToString() + ",r" + theUser.CurrentAgent.LookAt.Z.ToString() + "]";
response.LookAt = String.Format("[r{0},r{1},r{2}]", theUser.CurrentAgent.LookAt.X.ToString(),
theUser.CurrentAgent.LookAt.Y.ToString(), theUser.CurrentAgent.LookAt.Z.ToString());
}
else
{

View File

@ -345,8 +345,9 @@ namespace OpenSim.Framework.Communications.Tests
{
}
public bool NewUserConnection(ulong regionHandle, AgentCircuitData agent)
public bool NewUserConnection(ulong regionHandle, AgentCircuitData agent, out string reason)
{
reason = String.Empty;
lock (m_regionsList)
{
foreach (RegionInfo regInfo in m_regionsList)
@ -355,6 +356,7 @@ namespace OpenSim.Framework.Communications.Tests
return true;
}
}
reason = "Region not found";
return false;
}

View File

@ -34,7 +34,7 @@ namespace OpenSim.Framework
{
bool RegionLoginsEnabled { get; }
void LogOffUserFromGrid(ulong regionHandle, UUID AvatarID, UUID RegionSecret, string message);
bool NewUserConnection(ulong regionHandle, AgentCircuitData agent);
bool NewUserConnection(ulong regionHandle, AgentCircuitData agent, out string reason);
RegionInfo RequestClosestRegion(string region);
RegionInfo RequestNeighbourInfo(UUID regionID);
RegionInfo RequestNeighbourInfo(ulong regionhandle);

View File

@ -160,8 +160,9 @@ namespace OpenSim.Region.CoreModules.Hypergrid
}
}
public bool NewUserConnection(ulong regionHandle, AgentCircuitData agent)
public bool NewUserConnection(ulong regionHandle, AgentCircuitData agent, out string reason)
{
reason = String.Empty;
return true;
}

View File

@ -545,7 +545,15 @@ namespace OpenSim.Region.CoreModules.InterGrid
homeScene.CommsManager.UserProfileCacheService.PreloadUserCache(userProfile);
// Call 'new user' event handler
homeScene.NewUserConnection(agentData);
string reason;
if (!homeScene.NewUserConnection(agentData, out reason))
{
responseMap["connect"] = OSD.FromBoolean(false);
responseMap["message"] = OSD.FromString(String.Format("Connection refused: {0}", reason));
m_log.ErrorFormat("[OGP]: rez_avatar/request failed: {0}", reason);
return responseMap;
}
//string raCap = string.Empty;

View File

@ -24,6 +24,7 @@
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
using System;
using System.Collections.Generic;
using System.Reflection;
using log4net;
@ -112,19 +113,19 @@ namespace OpenSim.Region.CoreModules.ServiceConnectors.Interregion
* Agent-related communications
*/
public bool SendCreateChildAgent(ulong regionHandle, AgentCircuitData aCircuit)
public bool SendCreateChildAgent(ulong regionHandle, AgentCircuitData aCircuit, out string reason)
{
foreach (Scene s in m_sceneList)
{
if (s.RegionInfo.RegionHandle == regionHandle)
{
// m_log.DebugFormat("[LOCAL COMMS]: Found region {0} to send SendCreateChildAgent", regionHandle);
s.NewUserConnection(aCircuit);
return true;
return s.NewUserConnection(aCircuit, out reason);
}
}
// m_log.DebugFormat("[LOCAL COMMS]: Did not find region {0} for SendCreateChildAgent", regionHandle);
reason = "Did not find region.";
return false;
}

View File

@ -140,10 +140,10 @@ namespace OpenSim.Region.CoreModules.ServiceConnectors.Interregion
* Agent-related communications
*/
public bool SendCreateChildAgent(ulong regionHandle, AgentCircuitData aCircuit)
public bool SendCreateChildAgent(ulong regionHandle, AgentCircuitData aCircuit, out string reason)
{
// Try local first
if (m_localBackend.SendCreateChildAgent(regionHandle, aCircuit))
if (m_localBackend.SendCreateChildAgent(regionHandle, aCircuit, out reason))
return true;
// else do the remote thing
@ -154,7 +154,7 @@ namespace OpenSim.Region.CoreModules.ServiceConnectors.Interregion
{
m_regionClient.SendUserInformation(regInfo, aCircuit);
return m_regionClient.DoCreateChildAgentCall(regInfo, aCircuit, "None");
return m_regionClient.DoCreateChildAgentCall(regInfo, aCircuit, "None", out reason);
}
//else
// m_log.Warn("[REST COMMS]: Region not found " + regionHandle);
@ -431,12 +431,19 @@ namespace OpenSim.Region.CoreModules.ServiceConnectors.Interregion
return;
}
OSDMap resp = new OSDMap(2);
string reason = String.Empty;
// This is the meaning of POST agent
m_regionClient.AdjustUserInformation(aCircuit);
bool result = m_localBackend.SendCreateChildAgent(regionhandle, aCircuit);
bool result = m_localBackend.SendCreateChildAgent(regionhandle, aCircuit, out reason);
resp["reason"] = OSD.FromString(reason);
resp["success"] = OSD.FromBoolean(result);
// TODO: add reason if not String.Empty?
responsedata["int_response_code"] = 200;
responsedata["str_response_string"] = result.ToString();
responsedata["str_response_string"] = OSDParser.SerializeJsonString(resp);
}
protected virtual void DoAgentPut(Hashtable request, Hashtable responsedata)

View File

@ -38,7 +38,7 @@ namespace OpenSim.Region.Framework.Interfaces
#region Agents
bool SendCreateChildAgent(ulong regionHandle, AgentCircuitData aCircuit);
bool SendCreateChildAgent(ulong regionHandle, AgentCircuitData aCircuit, out string reason);
/// <summary>
/// Full child agent update.

View File

@ -180,10 +180,13 @@ namespace OpenSim.Region.Framework.Scenes.Hypergrid
agentCircuit.CapsPath = CapsUtil.GetRandomCapsObjectPath();
}
string reason = String.Empty;
//if (!m_commsProvider.InterRegion.InformRegionOfChildAgent(reg.RegionHandle, agentCircuit))
if (!m_interregionCommsOut.SendCreateChildAgent(reg.RegionHandle, agentCircuit))
if (!m_interregionCommsOut.SendCreateChildAgent(reg.RegionHandle, agentCircuit, out reason))
{
avatar.ControllingClient.SendTeleportFailed("Destination is not accepting teleports.");
avatar.ControllingClient.SendTeleportFailed(String.Format("Destination is not accepting teleports: {0}",
reason));
return;
}

View File

@ -1858,46 +1858,6 @@ namespace OpenSim.Region.Framework.Scenes
#region Add/Remove Avatar Methods
public override void AddNewClient(IClientAPI client)
{
bool welcome = true;
if (m_regInfo.EstateSettings.IsBanned(client.AgentId) && (!Permissions.IsGod(client.AgentId)))
{
m_log.WarnFormat("[CONNECTION BEGIN]: Denied access to: {0} ({1} {2}) at {3} because the user is on the banlist",
client.AgentId, client.FirstName, client.LastName, RegionInfo.RegionName);
client.SendAlertMessage("Denied access to region " + RegionInfo.RegionName + ". You have been banned from that region.");
welcome = false;
}
else if (!m_regInfo.EstateSettings.PublicAccess && !m_regInfo.EstateSettings.HasAccess(client.AgentId) && !Permissions.IsGod(client.AgentId))
{
m_log.WarnFormat("[CONNECTION BEGIN]: Denied access to: {0} ({1} {2}) at {3} because the user does not have access",
client.AgentId, client.FirstName, client.LastName, RegionInfo.RegionName);
client.SendAlertMessage("Denied access to private region " + RegionInfo.RegionName + ". You do not have access to this region.");
welcome = false;
}
if (!welcome)
{
try
{
IEventQueue eq = RequestModuleInterface<IEventQueue>();
if (eq != null)
{
eq.DisableSimulator(RegionInfo.RegionHandle, client.AgentId);
}
else
client.SendShutdownConnectionNotice();
client.Close(false);
CapsModule.RemoveCapsHandler(client.AgentId);
m_authenticateHandler.RemoveCircuit(client.CircuitCode);
}
catch (Exception e)
{
m_log.DebugFormat("[SCENE]: Exception while closing unwelcome client {0} {1}: {2}", client.FirstName, client.LastName, e.Message);
}
}
else
{
SubscribeToClientEvents(client);
ScenePresence presence;
@ -1940,7 +1900,6 @@ namespace OpenSim.Region.Framework.Scenes
m_LastLogin = Environment.TickCount;
EventManager.TriggerOnNewClient(client);
}
}
protected virtual void SubscribeToClientEvents(IClientAPI client)
{
@ -2404,7 +2363,8 @@ namespace OpenSim.Region.Framework.Scenes
/// <param name="agent"></param>
public void HandleNewUserConnection(AgentCircuitData agent)
{
NewUserConnection(agent);
string reason;
NewUserConnection(agent, out reason);
}
/// <summary>
@ -2415,10 +2375,36 @@ namespace OpenSim.Region.Framework.Scenes
/// </summary>
/// <param name="regionHandle"></param>
/// <param name="agent"></param>
public bool NewUserConnection(AgentCircuitData agent)
/// <param name="reason"></param>
public bool NewUserConnection(AgentCircuitData agent, out string reason)
{
bool goodUserConnection = AuthenticateUser(agent);
reason = String.Empty;
if (goodUserConnection &&
m_regInfo.EstateSettings.IsBanned(agent.AgentID) &&
(!Permissions.IsGod(agent.AgentID)))
{
m_log.WarnFormat("[CONNECTION BEGIN]: Denied access to: {0} ({1} {2}) at {3} because the user is on the banlist",
agent.AgentID, agent.firstname, agent.lastname, RegionInfo.RegionName);
reason = String.Format("Denied access to region {0}: You have been banned from that region.",
RegionInfo.RegionName);
goodUserConnection = false;
}
else if (goodUserConnection &&
!m_regInfo.EstateSettings.PublicAccess &&
!m_regInfo.EstateSettings.HasAccess(agent.AgentID) &&
!Permissions.IsGod(agent.AgentID))
{
m_log.WarnFormat("[CONNECTION BEGIN]: Denied access to: {0} ({1} {2}) at {3} because the user does not have access",
agent.AgentID, agent.firstname, agent.lastname, RegionInfo.RegionName);
reason = String.Format("Denied access to private region {0}: You are not on the access list for that region.",
RegionInfo.RegionName);
goodUserConnection = false;
}
if (goodUserConnection)
{
CapsModule.NewUserConnection(agent);
@ -2440,13 +2426,13 @@ namespace OpenSim.Region.Framework.Scenes
"[CONNECTION BEGIN]: Region {0} told of incoming client {1} {2} {3} (circuit code {4})",
RegionInfo.RegionName, agent.firstname, agent.lastname, agent.AgentID, agent.circuitcode);
if (m_regInfo.EstateSettings.IsBanned(agent.AgentID))
{
m_log.WarnFormat(
"[CONNECTION BEGIN]: Incoming user {0} at {1} is on the region banlist",
agent.AgentID, RegionInfo.RegionName);
//return false;
}
// if (m_regInfo.EstateSettings.IsBanned(agent.AgentID))
// {
// m_log.WarnFormat(
// "[CONNECTION BEGIN]: Incoming user {0} at {1} is on the region banlist",
// agent.AgentID, RegionInfo.RegionName);
// //return false;
// }
CapsModule.AddCapsHandler(agent.AgentID);
@ -2481,7 +2467,12 @@ namespace OpenSim.Region.Framework.Scenes
}
else
{
m_log.WarnFormat("[CONNECTION BEGIN]: failed to authenticate user {0} {1}. Denying connection.", agent.firstname, agent.lastname);
m_log.WarnFormat("[CONNECTION BEGIN]: failed to authenticate user {0} {1}: {2}. Denying connection.",
agent.firstname, agent.lastname, reason);
if (String.IsNullOrEmpty(reason))
{
reason = String.Format("Failed to authenticate user {0} {1}, access denied.", agent.firstname, agent.lastname);
}
return false;
}
}

View File

@ -296,8 +296,10 @@ namespace OpenSim.Region.Framework.Scenes
string capsPath = "http://" + reg.ExternalHostName + ":" + reg.HttpPort
+ "/CAPS/" + a.CapsPath + "0000/";
string reason = String.Empty;
//bool regionAccepted = m_commsProvider.InterRegion.InformRegionOfChildAgent(reg.RegionHandle, a);
bool regionAccepted = m_interregionCommsOut.SendCreateChildAgent(reg.RegionHandle, a);
bool regionAccepted = m_interregionCommsOut.SendCreateChildAgent(reg.RegionHandle, a, out reason);
if (regionAccepted && newAgent)
{
@ -785,11 +787,14 @@ namespace OpenSim.Region.Framework.Scenes
agentCircuit.CapsPath = CapsUtil.GetRandomCapsObjectPath();
}
string reason = String.Empty;
// Let's create an agent there if one doesn't exist yet.
//if (!m_commsProvider.InterRegion.InformRegionOfChildAgent(reg.RegionHandle, agentCircuit))
if (!m_interregionCommsOut.SendCreateChildAgent(reg.RegionHandle, agentCircuit))
if (!m_interregionCommsOut.SendCreateChildAgent(reg.RegionHandle, agentCircuit, out reason))
{
avatar.ControllingClient.SendTeleportFailed("Destination is not accepting teleports.");
avatar.ControllingClient.SendTeleportFailed(String.Format("Destination is not accepting teleports: {0}",
reason));
return;
}

View File

@ -115,7 +115,8 @@ namespace OpenSim.Region.Framework.Scenes.Tests
agent.startpos = Vector3.Zero;
agent.CapsPath = GetRandomCapsObjectPath();
scene.NewUserConnection(agent);
string reason;
scene.NewUserConnection(agent, out reason);
testclient = new TestClient(agent, scene);
scene.AddNewClient(testclient);
@ -146,7 +147,8 @@ namespace OpenSim.Region.Framework.Scenes.Tests
{
Console.WriteLine("Beginning test {0}", MethodBase.GetCurrentMethod());
scene.NewUserConnection(acd1);
string reason;
scene.NewUserConnection(acd1, out reason);
scene.AddNewClient(testclient);
ScenePresence presence = scene.GetScenePresence(agent1);
@ -203,7 +205,8 @@ namespace OpenSim.Region.Framework.Scenes.Tests
Console.WriteLine("Beginning test {0}", MethodBase.GetCurrentMethod());
// Adding child agent to region 1001
scene2.NewUserConnection(acd1);
string reason;
scene2.NewUserConnection(acd1, out reason);
scene2.AddNewClient(testclient);
ScenePresence presence = scene.GetScenePresence(agent1);

View File

@ -245,9 +245,11 @@ namespace OpenSim.Tests.Common.Setup
/// <returns></returns>
public static TestClient AddRootAgent(Scene scene, AgentCircuitData agentData)
{
string reason;
// We emulate the proper login sequence here by doing things in three stages
// Stage 1: simulate login by telling the scene to expect a new user connection
scene.NewUserConnection(agentData);
scene.NewUserConnection(agentData, out reason);
// Stage 2: add the new client as a child agent to the scene
TestClient client = new TestClient(agentData, scene);