|Anonymous | Login | Signup for a new account||2019-01-18 17:08 PST|
|Main | My View | View Issues | Change Log | Roadmap | Summary | My Account|
|View Issue Details|
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0007710||opensim||[REGION] OpenSim Core||public||2015-08-29 09:27||2015-09-06 10:29|
|Product Version||master (dev code)|
|Target Version||master (dev code)||Fixed in Version||master (dev code)|
|Summary||0007710: [PATCH] AllowedClients and DeniedClients configuration examples corrected and clarified|
|Description||Templates to specify AllowedClients and DeniedClients lists are given in the [LoginService] and [GatekeeperService] sections in Robust.[HG].ini.example for a grid and in config-include/StandaloneCommon.ini.example for a standalone.|
But there was a straggler section in OpenSim.ini.example (but not reflected in OpenSimDefaults.ini) for
; AllowedClients =
; BannedClients =
Note the use of BannedClients here, and DeniedClients in the other config files.
The code does not support the parameter "BannedClients"...
Hence the straggler [AccessControl] section in OpenSim.ini.example is removed. The other config example files are simplified and shortened.
|Tags||No tags attached.|
|Git Revision or version number||r/26205|
|Run Mode||Grid (Multiple Regions per Sim)|
|Environment||.NET / Windows64|
|Attached Files||0001-AllowedClients-and-DeniedClients-configuration-examp.patch [^] (8,177 bytes) 2015-08-29 09:31 [Show Content]|
edited on: 2015-08-31 00:37
Patch removes unused [AccessControl] BannedClients OpenSim.ini.example section
to clarify where AllowedClients/BannedClients should be configured for
both Robust grids and Standalones.
edited on: 2015-09-01 10:58
I deliberately did not repeat the changes made in the patch here in another pach offered in mantis issue 7705 to correct a number of other configuration issues in .ini.example files.
edited on: 2015-09-05 20:37
I see you removed [AccessControl] from OpenSim.ini.example, but you didn't add it to StandaloneCommon.ini.example... It needs to be somewhere.
Things are a bit more complicated than they need to be. We should probably put these in [AccessControl] section everywhere.
edited on: 2015-09-06 02:16
@Diva, the AllowedClients and DeniedClients parameters are in the [LoginService] section of StandaloneCommon.ini.example aleady and the patch makes the examples across all the config examples uniform too.
Thanks for checking this carefully... it was a right wiggy worm to get hold of and I traced various paths through the code via config .ini files in standalone and grid modes, did some testing and THINK I got it right!
The example configuration should be only be in Robust.[HG].ini.example and StandaloneClmmon.ini.example [LoginService] section to show the recommended place for consistency of approach.
The [AccessControl] section in OpenSim.ini.example only offers AllowedClients and BannedClients (which I think the code does not support.. it was meant to be DeniedClients) and was also not in OpenSimDefaults.ini by the way.
I hope the patch does the right think and makes this considerably simpler.
By the way, I would have like to have included one exmaple of banning a client below a certain version number for that viewer. I drafted a patch that did that originally, but decided not to expose my weakness of regular expressions and risk publishing it. If you are a regular expression guru you might consider applying the patch and then adding such an example to the relevant bits of Robust.ini.example, Robust.HG.ini.example and StandaloneCommon.ini.example.
If you feel that moving the Allowedlients and Deniedclients settings from [LoginService] to an [AccessControl] section in Robust.ini.example, Robust.HG.ini.example and StandaloneCommon.ini.example makes sense that sounds fine. But I assume some code change is needed to properly connect that up.
But I don't think it should ALSO be in OpenSim.ini.example anyway.
My patch does not require any config changes for anyone already using AllowedClients and DeniedClients.
|It needs to be in OpenSim.ini.example because it turns out that the simulator itself also loads those specifications. I'm guessing this is happening because of open grids like OSGrid that don't have any checks at login but where the region owners may want to restrict access.|
edited on: 2015-09-06 08:37
Okay @Diva... thanks for spotting that. I do think its an odd thing to allow.. as the region server person could override the grid defaults.. for example to allow copybots or copybot style viewers.
But if it is allowed and used from an OpenSim.ini [AccessControl] section.... does the setting need to be DeniedClients rather than BannedClients as it is now in OpenSim.ini.example? Maybe that settings is used somewherf totally different to where I was checking the code.
If its left in OpenSim.ini.example it also should be in OpenSimDefaults.ini too.
Ai, there's nothing you and I can do about open grids in spite of their ginormous vulnerability holes. They are technically possible and some people want them, so let them have it.
An [AccessControl] section is a perfectly reasonabe thing to do. I'll fix it.
[10:02] <cia-opensim> opensim: diva * r82ea4179da7e / (7 files in 4 dirs):
[10:02] <cia-opensim> Clean up viewer-based access control specifications.
[10:02] <cia-opensim> http://opensimulator.org/viewgit/?a=commit&p=opensim&h=82ea4179da7ea32ea2efbd1cb209c77d5871b3fd [^]
[10:02] <cia-opensim> opensim: diva * r3a72e755b900 bin/config-include (StandaloneCommon.ini.example):
[10:02] <cia-opensim> Deleted access control spec from [LoginService] section of standalone config. It's in OpenSim.ini now under [AccessControl]. Backwards compatibility preserved.
|It's been added.|
Okay, great thanks. I see the commi now. All that looks good.. except for the examples of denying access to certain versions of viewers. Does
AllowedClients = "Imprudence 126.96.36.199" achieve the example restrictions?
;; One can use a Substring of the viewer name to disable only certain
;; Example: Agent uses the viewer "Imprudence 188.8.131.52"
;; - "Imprudence" has no access
;; - "Imprudence 1.3" has no access
;; - "Imprudence 1.3.1" has access
Its the " ;; Example: Agent uses the viewer "Imprudence 184.108.40.206"" that is confusing. If this is what is meant maybe that line can be replace to clarify it with...
;; Example: AllowedClients = "Imprudence 220.127.116.11"
and maybe not repeat the example twice under AllowedClients and DeniedClients?
Thanks anyway... this Mantis issue looks to be fixed.
|Fixed in r/26238 and r/26239|
|2015-08-29 09:27||aiaustin||New Issue|
|2015-08-29 09:27||aiaustin||Note Added: 0029387|
|2015-08-29 09:27||aiaustin||Assigned To||=> aiaustin|
|2015-08-29 09:27||aiaustin||Status||new => patch included|
|2015-08-29 09:28||aiaustin||Assigned To||aiaustin =>|
|2015-08-29 09:31||aiaustin||File Added: 0001-AllowedClients-and-DeniedClients-configuration-examp.patch|
|2015-08-29 09:36||aiaustin||Description Updated||View Revisions|
|2015-08-31 00:37||aiaustin||Note Edited: 0029387||View Revisions|
|2015-09-01 08:33||aiaustin||Note Added: 0029408|
|2015-09-01 08:35||aiaustin||Description Updated||View Revisions|
|2015-09-01 10:58||aiaustin||Note Edited: 0029408||View Revisions|
|2015-09-01 10:58||aiaustin||Note Edited: 0029408||View Revisions|
|2015-09-05 20:31||Diva||Note Added: 0029423|
|2015-09-05 20:37||Diva||Note Edited: 0029423||View Revisions|
|2015-09-06 02:09||aiaustin||Note Added: 0029428|
|2015-09-06 02:14||aiaustin||Note Added: 0029429|
|2015-09-06 02:15||aiaustin||Note Edited: 0029428||View Revisions|
|2015-09-06 02:16||aiaustin||Note Edited: 0029428||View Revisions|
|2015-09-06 08:27||Diva||Note Added: 0029431|
|2015-09-06 08:37||aiaustin||Note Added: 0029432|
|2015-09-06 08:37||aiaustin||Note Edited: 0029432||View Revisions|
|2015-09-06 09:25||Diva||Note Added: 0029433|
|2015-09-06 10:03||Diva||Note Added: 0029435|
|2015-09-06 10:04||aiaustin||Note Added: 0029436|
|2015-09-06 10:06||Diva||Note Added: 0029437|
|2015-09-06 10:08||aiaustin||Note Edited: 0029436||View Revisions|
|2015-09-06 10:11||aiaustin||Note Deleted: 0029436|
|2015-09-06 10:15||aiaustin||Note Added: 0029439|
|2015-09-06 10:29||aiaustin||Note Added: 0029441|
|2015-09-06 10:29||aiaustin||Status||patch included => resolved|
|2015-09-06 10:29||aiaustin||Fixed in Version||=> master (dev code)|
|2015-09-06 10:29||aiaustin||Resolution||open => fixed|
|2015-09-06 10:29||aiaustin||Assigned To||=> Diva|
|Copyright © 2000 - 2012 MantisBT Group|