From b6893a01009df9ed786feec5d37996e884e471f5 Mon Sep 17 00:00:00 2001
From: Ryan Huffman <ryanhuffman@gmail.com>
Date: Thu, 19 Jan 2017 14:35:27 -0800
Subject: [PATCH] Keep Agents and EntityScriptServers from connecting if
 lacking permissions

---
 domain-server/src/DomainServer.cpp | 31 ++++++++++++++++++++----------
 1 file changed, 21 insertions(+), 10 deletions(-)

diff --git a/domain-server/src/DomainServer.cpp b/domain-server/src/DomainServer.cpp
index 791b337764..5a5dd62c40 100644
--- a/domain-server/src/DomainServer.cpp
+++ b/domain-server/src/DomainServer.cpp
@@ -953,21 +953,32 @@ void DomainServer::sendDomainListToNode(const SharedNodePointer& node, const Hif
         // DTLSServerSession* dtlsSession = _isUsingDTLS ? _dtlsSessions[senderSockAddr] : NULL;
         if (nodeData->isAuthenticated()) {
             // if this authenticated node has any interest types, send back those nodes as well
-            limitedNodeList->eachNode([&](const SharedNodePointer& otherNode){
+            limitedNodeList->eachNode([&](const SharedNodePointer& otherNode) {
                 if (otherNode->getUUID() != node->getUUID()
                     && nodeInterestSet.contains(otherNode->getType())) {
-                    
-                    // since we're about to add a node to the packet we start a segment
-                    domainListPackets->startSegment();
 
-                    // don't send avatar nodes to other avatars, that will come from avatar mixer
-                    domainListStream << *otherNode.data();
+                    // (1/19/17) Agents only need to connect to Entity Script Servers to perform administrative tasks
+                    // related to entity server scripts. Only agents with rez permissions should be doing that, so
+                    // if the agent does not have those permissions, we do not want them and the server to incur the
+                    // overhead of connecting to one another.
+                    bool shouldNotConnect = (node->getType() == NodeType::Agent && otherNode->getType() == NodeType::EntityScriptServer
+                                             && !node->getCanRez() && !node->getCanRezTmp())
+                                          || (node->getType() == NodeType::EntityScriptServer && otherNode->getType() == NodeType::Agent
+                                              && !otherNode->getCanRez() && !otherNode->getCanRezTmp());
 
-                    // pack the secret that these two nodes will use to communicate with each other
-                    domainListStream << connectionSecretForNodes(node, otherNode);
+                    if (!shouldNotConnect) {
+                        // since we're about to add a node to the packet we start a segment
+                        domainListPackets->startSegment();
 
-                    // we've added the node we wanted so end the segment now
-                    domainListPackets->endSegment();
+                        // don't send avatar nodes to other avatars, that will come from avatar mixer
+                        domainListStream << *otherNode.data();
+
+                        // pack the secret that these two nodes will use to communicate with each other
+                        domainListStream << connectionSecretForNodes(node, otherNode);
+
+                        // we've added the node we wanted so end the segment now
+                        domainListPackets->endSegment();
+                    }
                 }
             });
         }