Squashed commit of the following:

further ACL stuff: - adding StrictAccessControl variable: DON'T set this to false if you want to enforce ACL, it will disable ACLs right now. Default is true. once we've got code added to allow child agents but prevent them from becoming root agents when the ACL denies access to the avatar, setting this to false will then allow avatars to see into a neighboring region but not enter it (currently ACL prevent both, seeing and entering). - enhancing log statements
2009-05-11 07:46:12 +00:00 · 2009-05-11 07:46:12 +00:00 · ecc876bc18
parent 461e213a39
commit ecc876bc18
1 changed files with 45 additions and 5 deletions
--- a/OpenSim/Region/Framework/Scenes/Scene.cs
+++ b/OpenSim/Region/Framework/Scenes/Scene.cs
@ -98,6 +98,9 @@ namespace OpenSim.Region.Framework.Scenes
        public bool m_useFlySlow = false;
        public bool m_usePreJump = false;
        public bool m_seeIntoRegionFromNeighbor;
+        // TODO: need to figure out how allow client agents but deny
+        // root agents when ACL denies access to root agent
+        public bool m_strictAccessControl = true;
        public int MaxUndoCount = 5;
        private int m_RestartTimerCounter;
        private readonly Timer m_restartTimer = new Timer(15000); // Wait before firing
@ -386,6 +389,8 @@ namespace OpenSim.Region.Framework.Scenes
                    PacketPool.Instance.RecyclePackets = packetConfig.GetBoolean("RecyclePackets", true);
                    PacketPool.Instance.RecycleDataBlocks = packetConfig.GetBoolean("RecycleDataBlocks", true);
                }
+
+                m_strictAccessControl = startupConfig.GetBoolean("StrictAccessControl", m_strictAccessControl);
            }
            catch
            {
@ -2392,6 +2397,11 @@ namespace OpenSim.Region.Framework.Scenes
            if (!AuthorizeUser(agent, out reason))
                return false;

+            m_log.InfoFormat(
+                "[CONNECTION BEGIN]: Region {0} authenticated and authorized incoming {1} agent {2} {3} {4} (circuit code {5})",
+                RegionInfo.RegionName, (agent.child ? "child" : "root"), agent.firstname, agent.lastname, 
+                agent.AgentID, agent.circuitcode);
+
            CapsModule.NewUserConnection(agent);

            ScenePresence sp = m_sceneGraph.GetScenePresence(agent.AgentID);
@ -2454,8 +2464,11 @@ namespace OpenSim.Region.Framework.Scenes
        {
            reason = String.Empty;

-            if (m_regInfo.EstateSettings.IsBanned(agent.AgentID) && 
-                (!Permissions.IsGod(agent.AgentID)))
+            if (!m_strictAccessControl) return true;
+            if (Permissions.IsGod(agent.AgentID)) return true;
+            
+
+            if (m_regInfo.EstateSettings.IsBanned(agent.AgentID))
            {
                m_log.WarnFormat("[CONNECTION BEGIN]: Denied access to: {0} ({1} {2}) at {3} because the user is on the banlist",
                                agent.AgentID, agent.firstname, agent.lastname, RegionInfo.RegionName);
@ -2465,16 +2478,43 @@ namespace OpenSim.Region.Framework.Scenes
            }

            if (!m_regInfo.EstateSettings.PublicAccess && 
-                !m_regInfo.EstateSettings.HasAccess(agent.AgentID) && 
-                !Permissions.IsGod(agent.AgentID))
+                !m_regInfo.EstateSettings.HasAccess(agent.AgentID))
            {
-                m_log.WarnFormat("[CONNECTION BEGIN]: Denied access to: {0} ({1} {2}) at {3} because the user does not have access",
+                m_log.WarnFormat("[CONNECTION BEGIN]: Denied access to: {0} ({1} {2}) at {3} because the user does not have access to the estate",
                                 agent.AgentID, agent.firstname, agent.lastname, RegionInfo.RegionName);
                reason = String.Format("Denied access to private region {0}: You are not on the access list for that region.", 
                                       RegionInfo.RegionName);
                return false;
            }

+            // TODO: estate/region settings are not properly hooked up
+            // to ILandObject.isRestrictedFromLand()
+            // if (null != LandChannel)
+            // {
+            //     // region seems to have local Id of 1
+            //     ILandObject land = LandChannel.GetLandObject(1);
+            //     if (null != land)
+            //     {
+            //         if (land.isBannedFromLand(agent.AgentID))
+            //         {
+            //             m_log.WarnFormat("[CONNECTION BEGIN]: Denied access to: {0} ({1} {2}) at {3} because the user has been banned from land",
+            //                              agent.AgentID, agent.firstname, agent.lastname, RegionInfo.RegionName);
+            //             reason = String.Format("Denied access to private region {0}: You are banned from that region.", 
+            //                                    RegionInfo.RegionName);
+            //             return false;
+            //         }
+
+            //         if (land.isRestrictedFromLand(agent.AgentID))
+            //         {
+            //             m_log.WarnFormat("[CONNECTION BEGIN]: Denied access to: {0} ({1} {2}) at {3} because the user does not have access to the region",
+            //                              agent.AgentID, agent.firstname, agent.lastname, RegionInfo.RegionName);
+            //             reason = String.Format("Denied access to private region {0}: You are not on the access list for that region.", 
+            //                                    RegionInfo.RegionName);
+            //             return false;
+            //         }
+            //     }
+            // }
+
            return true;
        }