Squashed commit of the following:

further ACL stuff:
- adding StrictAccessControl variable: DON'T set this to false if you
  want to enforce ACL, it will disable ACLs right now. Default is
  true.

  once we've got code added to allow child agents but prevent them
  from becoming root agents when the ACL denies access to the avatar,
  setting this to false will then allow avatars to see into a
  neighboring region but not enter it (currently ACL prevent both,
  seeing and entering).

- enhancing log statements
0.6.5-rc1
Dr Scofield 2009-05-11 07:46:12 +00:00
parent 461e213a39
commit ecc876bc18
1 changed files with 45 additions and 5 deletions

View File

@ -98,6 +98,9 @@ namespace OpenSim.Region.Framework.Scenes
public bool m_useFlySlow = false; public bool m_useFlySlow = false;
public bool m_usePreJump = false; public bool m_usePreJump = false;
public bool m_seeIntoRegionFromNeighbor; public bool m_seeIntoRegionFromNeighbor;
// TODO: need to figure out how allow client agents but deny
// root agents when ACL denies access to root agent
public bool m_strictAccessControl = true;
public int MaxUndoCount = 5; public int MaxUndoCount = 5;
private int m_RestartTimerCounter; private int m_RestartTimerCounter;
private readonly Timer m_restartTimer = new Timer(15000); // Wait before firing private readonly Timer m_restartTimer = new Timer(15000); // Wait before firing
@ -386,6 +389,8 @@ namespace OpenSim.Region.Framework.Scenes
PacketPool.Instance.RecyclePackets = packetConfig.GetBoolean("RecyclePackets", true); PacketPool.Instance.RecyclePackets = packetConfig.GetBoolean("RecyclePackets", true);
PacketPool.Instance.RecycleDataBlocks = packetConfig.GetBoolean("RecycleDataBlocks", true); PacketPool.Instance.RecycleDataBlocks = packetConfig.GetBoolean("RecycleDataBlocks", true);
} }
m_strictAccessControl = startupConfig.GetBoolean("StrictAccessControl", m_strictAccessControl);
} }
catch catch
{ {
@ -2392,6 +2397,11 @@ namespace OpenSim.Region.Framework.Scenes
if (!AuthorizeUser(agent, out reason)) if (!AuthorizeUser(agent, out reason))
return false; return false;
m_log.InfoFormat(
"[CONNECTION BEGIN]: Region {0} authenticated and authorized incoming {1} agent {2} {3} {4} (circuit code {5})",
RegionInfo.RegionName, (agent.child ? "child" : "root"), agent.firstname, agent.lastname,
agent.AgentID, agent.circuitcode);
CapsModule.NewUserConnection(agent); CapsModule.NewUserConnection(agent);
ScenePresence sp = m_sceneGraph.GetScenePresence(agent.AgentID); ScenePresence sp = m_sceneGraph.GetScenePresence(agent.AgentID);
@ -2454,8 +2464,11 @@ namespace OpenSim.Region.Framework.Scenes
{ {
reason = String.Empty; reason = String.Empty;
if (m_regInfo.EstateSettings.IsBanned(agent.AgentID) && if (!m_strictAccessControl) return true;
(!Permissions.IsGod(agent.AgentID))) if (Permissions.IsGod(agent.AgentID)) return true;
if (m_regInfo.EstateSettings.IsBanned(agent.AgentID))
{ {
m_log.WarnFormat("[CONNECTION BEGIN]: Denied access to: {0} ({1} {2}) at {3} because the user is on the banlist", m_log.WarnFormat("[CONNECTION BEGIN]: Denied access to: {0} ({1} {2}) at {3} because the user is on the banlist",
agent.AgentID, agent.firstname, agent.lastname, RegionInfo.RegionName); agent.AgentID, agent.firstname, agent.lastname, RegionInfo.RegionName);
@ -2465,16 +2478,43 @@ namespace OpenSim.Region.Framework.Scenes
} }
if (!m_regInfo.EstateSettings.PublicAccess && if (!m_regInfo.EstateSettings.PublicAccess &&
!m_regInfo.EstateSettings.HasAccess(agent.AgentID) && !m_regInfo.EstateSettings.HasAccess(agent.AgentID))
!Permissions.IsGod(agent.AgentID))
{ {
m_log.WarnFormat("[CONNECTION BEGIN]: Denied access to: {0} ({1} {2}) at {3} because the user does not have access", m_log.WarnFormat("[CONNECTION BEGIN]: Denied access to: {0} ({1} {2}) at {3} because the user does not have access to the estate",
agent.AgentID, agent.firstname, agent.lastname, RegionInfo.RegionName); agent.AgentID, agent.firstname, agent.lastname, RegionInfo.RegionName);
reason = String.Format("Denied access to private region {0}: You are not on the access list for that region.", reason = String.Format("Denied access to private region {0}: You are not on the access list for that region.",
RegionInfo.RegionName); RegionInfo.RegionName);
return false; return false;
} }
// TODO: estate/region settings are not properly hooked up
// to ILandObject.isRestrictedFromLand()
// if (null != LandChannel)
// {
// // region seems to have local Id of 1
// ILandObject land = LandChannel.GetLandObject(1);
// if (null != land)
// {
// if (land.isBannedFromLand(agent.AgentID))
// {
// m_log.WarnFormat("[CONNECTION BEGIN]: Denied access to: {0} ({1} {2}) at {3} because the user has been banned from land",
// agent.AgentID, agent.firstname, agent.lastname, RegionInfo.RegionName);
// reason = String.Format("Denied access to private region {0}: You are banned from that region.",
// RegionInfo.RegionName);
// return false;
// }
// if (land.isRestrictedFromLand(agent.AgentID))
// {
// m_log.WarnFormat("[CONNECTION BEGIN]: Denied access to: {0} ({1} {2}) at {3} because the user does not have access to the region",
// agent.AgentID, agent.firstname, agent.lastname, RegionInfo.RegionName);
// reason = String.Format("Denied access to private region {0}: You are not on the access list for that region.",
// RegionInfo.RegionName);
// return false;
// }
// }
// }
return true; return true;
} }