Mantis Bug Tracker

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0007710opensim[REGION] OpenSim Corepublic2015-08-29 09:272015-09-06 10:29
Reporteraiaustin 
Assigned ToDiva 
PrioritynormalSeverityminorReproducibilityalways
StatusresolvedResolutionfixed 
PlatformPCOSWindowsOS Version10
Product Versionmaster (dev code) 
Target Versionmaster (dev code)Fixed in Versionmaster (dev code) 
Summary0007710: [PATCH] AllowedClients and DeniedClients configuration examples corrected and clarified
DescriptionTemplates to specify AllowedClients and DeniedClients lists are given in the [LoginService] and [GatekeeperService] sections in Robust.[HG].ini.example for a grid and in config-include/StandaloneCommon.ini.example for a standalone.

But there was a straggler section in OpenSim.ini.example (but not reflected in OpenSimDefaults.ini) for

[AccessControl]
   ; AllowedClients =
   ; BannedClients =

Note the use of BannedClients here, and DeniedClients in the other config files.

The code does not support the parameter "BannedClients"...
   OpenSim\Services\LLLoginService\LLLoginService.cs
   OpenSim/Services/HypergridService/GatekeeperService.cs

Hence the straggler [AccessControl] section in OpenSim.ini.example is removed. The other config example files are simplified and shortened.
TagsNo tags attached.
Git Revision or version numberr/26205
Run Mode Grid (Multiple Regions per Sim)
Physics EngineBulletSim
Environment.NET / Windows64
Mono VersionNone
ViewerN/A
Attached Filespatch file icon 0001-AllowedClients-and-DeniedClients-configuration-examp.patch [^] (8,177 bytes) 2015-08-29 09:31 [Show Content]

- Relationships

-  Notes
(0029387)
aiaustin (developer)
2015-08-29 09:27
edited on: 2015-08-31 00:37

Patch removes unused [AccessControl] BannedClients OpenSim.ini.example section
to clarify where AllowedClients/BannedClients should be configured for
both Robust grids and Standalones.

(0029408)
aiaustin (developer)
2015-09-01 08:33
edited on: 2015-09-01 10:58

I deliberately did not repeat the changes made in the patch here in another pach offered in mantis issue 7705 to correct a number of other configuration issues in .ini.example files.

(0029423)
Diva (administrator)
2015-09-05 20:31
edited on: 2015-09-05 20:37

I see you removed [AccessControl] from OpenSim.ini.example, but you didn't add it to StandaloneCommon.ini.example... It needs to be somewhere.

Things are a bit more complicated than they need to be. We should probably put these in [AccessControl] section everywhere.

(0029428)
aiaustin (developer)
2015-09-06 02:09
edited on: 2015-09-06 02:16

@Diva, the AllowedClients and DeniedClients parameters are in the [LoginService] section of StandaloneCommon.ini.example aleady and the patch makes the examples across all the config examples uniform too.

Thanks for checking this carefully... it was a right wiggy worm to get hold of and I traced various paths through the code via config .ini files in standalone and grid modes, did some testing and THINK I got it right!

The example configuration should be only be in Robust.[HG].ini.example and StandaloneClmmon.ini.example [LoginService] section to show the recommended place for consistency of approach.

The [AccessControl] section in OpenSim.ini.example only offers AllowedClients and BannedClients (which I think the code does not support.. it was meant to be DeniedClients) and was also not in OpenSimDefaults.ini by the way.

I hope the patch does the right think and makes this considerably simpler.

By the way, I would have like to have included one exmaple of banning a client below a certain version number for that viewer. I drafted a patch that did that originally, but decided not to expose my weakness of regular expressions and risk publishing it. If you are a regular expression guru you might consider applying the patch and then adding such an example to the relevant bits of Robust.ini.example, Robust.HG.ini.example and StandaloneCommon.ini.example.

(0029429)
aiaustin (developer)
2015-09-06 02:14

If you feel that moving the Allowedlients and Deniedclients settings from [LoginService] to an [AccessControl] section in Robust.ini.example, Robust.HG.ini.example and StandaloneCommon.ini.example makes sense that sounds fine. But I assume some code change is needed to properly connect that up.

But I don't think it should ALSO be in OpenSim.ini.example anyway.

My patch does not require any config changes for anyone already using AllowedClients and DeniedClients.
(0029431)
Diva (administrator)
2015-09-06 08:27

It needs to be in OpenSim.ini.example because it turns out that the simulator itself also loads those specifications. I'm guessing this is happening because of open grids like OSGrid that don't have any checks at login but where the region owners may want to restrict access.
(0029432)
aiaustin (developer)
2015-09-06 08:37
edited on: 2015-09-06 08:37

Okay @Diva... thanks for spotting that. I do think its an odd thing to allow.. as the region server person could override the grid defaults.. for example to allow copybots or copybot style viewers.

But if it is allowed and used from an OpenSim.ini [AccessControl] section.... does the setting need to be DeniedClients rather than BannedClients as it is now in OpenSim.ini.example? Maybe that settings is used somewherf totally different to where I was checking the code.

If its left in OpenSim.ini.example it also should be in OpenSimDefaults.ini too.

(0029433)
Diva (administrator)
2015-09-06 09:25

Ai, there's nothing you and I can do about open grids in spite of their ginormous vulnerability holes. They are technically possible and some people want them, so let them have it.

An [AccessControl] section is a perfectly reasonabe thing to do. I'll fix it.
(0029435)
Diva (administrator)
2015-09-06 10:03

[10:02] <cia-opensim> opensim: diva * r82ea4179da7e / (7 files in 4 dirs):
[10:02] <cia-opensim> Clean up viewer-based access control specifications.
[10:02] <cia-opensim> http://opensimulator.org/viewgit/?a=commit&p=opensim&h=82ea4179da7ea32ea2efbd1cb209c77d5871b3fd [^]
[10:02] <cia-opensim> opensim: diva * r3a72e755b900 bin/config-include (StandaloneCommon.ini.example):
[10:02] <cia-opensim> Deleted access control spec from [LoginService] section of standalone config. It's in OpenSim.ini now under [AccessControl]. Backwards compatibility preserved.
(0029437)
Diva (administrator)
2015-09-06 10:06

It's been added.
(0029439)
aiaustin (developer)
2015-09-06 10:15

Okay, great thanks. I see the commi now. All that looks good.. except for the examples of denying access to certain versions of viewers. Does

AllowedClients = "Imprudence 1.3.2.0" achieve the example restrictions?

    ;; One can use a Substring of the viewer name to disable only certain
    ;; versions
    ;; Example: Agent uses the viewer "Imprudence 1.3.2.0"
    ;; - "Imprudence" has no access
    ;; - "Imprudence 1.3" has no access
    ;; - "Imprudence 1.3.1" has access

Its the " ;; Example: Agent uses the viewer "Imprudence 1.3.2.0"" that is confusing. If this is what is meant maybe that line can be replace to clarify it with...

    ;; Example: AllowedClients = "Imprudence 1.3.2.0"

and maybe not repeat the example twice under AllowedClients and DeniedClients?

Thanks anyway... this Mantis issue looks to be fixed.
(0029441)
aiaustin (developer)
2015-09-06 10:29

Fixed in r/26238 and r/26239

- Issue History
Date Modified Username Field Change
2015-08-29 09:27 aiaustin New Issue
2015-08-29 09:27 aiaustin Note Added: 0029387
2015-08-29 09:27 aiaustin Assigned To => aiaustin
2015-08-29 09:27 aiaustin Status new => patch included
2015-08-29 09:28 aiaustin Assigned To aiaustin =>
2015-08-29 09:31 aiaustin File Added: 0001-AllowedClients-and-DeniedClients-configuration-examp.patch
2015-08-29 09:36 aiaustin Description Updated View Revisions
2015-08-31 00:37 aiaustin Note Edited: 0029387 View Revisions
2015-09-01 08:33 aiaustin Note Added: 0029408
2015-09-01 08:35 aiaustin Description Updated View Revisions
2015-09-01 10:58 aiaustin Note Edited: 0029408 View Revisions
2015-09-01 10:58 aiaustin Note Edited: 0029408 View Revisions
2015-09-05 20:31 Diva Note Added: 0029423
2015-09-05 20:37 Diva Note Edited: 0029423 View Revisions
2015-09-06 02:09 aiaustin Note Added: 0029428
2015-09-06 02:14 aiaustin Note Added: 0029429
2015-09-06 02:15 aiaustin Note Edited: 0029428 View Revisions
2015-09-06 02:16 aiaustin Note Edited: 0029428 View Revisions
2015-09-06 08:27 Diva Note Added: 0029431
2015-09-06 08:37 aiaustin Note Added: 0029432
2015-09-06 08:37 aiaustin Note Edited: 0029432 View Revisions
2015-09-06 09:25 Diva Note Added: 0029433
2015-09-06 10:03 Diva Note Added: 0029435
2015-09-06 10:04 aiaustin Note Added: 0029436
2015-09-06 10:06 Diva Note Added: 0029437
2015-09-06 10:08 aiaustin Note Edited: 0029436 View Revisions
2015-09-06 10:11 aiaustin Note Deleted: 0029436
2015-09-06 10:15 aiaustin Note Added: 0029439
2015-09-06 10:29 aiaustin Note Added: 0029441
2015-09-06 10:29 aiaustin Status patch included => resolved
2015-09-06 10:29 aiaustin Fixed in Version => master (dev code)
2015-09-06 10:29 aiaustin Resolution open => fixed
2015-09-06 10:29 aiaustin Assigned To => Diva


Copyright © 2000 - 2012 MantisBT Group
Powered by Mantis Bugtracker