diff options
author | Melanie Thielker | 2010-05-30 15:46:54 +0200 |
---|---|---|
committer | Melanie | 2010-05-30 14:42:58 +0100 |
commit | f1a1d7a5211a250aeb4ed540562be0c79f051e4b (patch) | |
tree | d3f61dec6e974dd8397086a4d51b71b5b91bfae2 | |
parent | Changes OSSL Api permissions for the case of UUID list. In 0.6.9, the UUIDs (diff) | |
download | opensim-SC-f1a1d7a5211a250aeb4ed540562be0c79f051e4b.zip opensim-SC-f1a1d7a5211a250aeb4ed540562be0c79f051e4b.tar.gz opensim-SC-f1a1d7a5211a250aeb4ed540562be0c79f051e4b.tar.bz2 opensim-SC-f1a1d7a5211a250aeb4ed540562be0c79f051e4b.tar.xz |
Changes osFunction permissions again. Allow_ with a list of UUIDs now again
refers to prim OWNERS. A new option set, Creators_, is added to allow
selection by script creator. For existing installs, this means no functional
change. The warning from my prior commit doesn't apply anymore.
Diffstat (limited to '')
-rw-r--r-- | OpenSim/Region/ScriptEngine/Shared/Api/Implementation/OSSL_Api.cs | 67 | ||||
-rw-r--r-- | bin/OpenSim.ini.example | 6 |
2 files changed, 57 insertions, 16 deletions
diff --git a/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/OSSL_Api.cs b/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/OSSL_Api.cs index 5b634e0..7ada738 100644 --- a/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/OSSL_Api.cs +++ b/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/OSSL_Api.cs | |||
@@ -105,6 +105,18 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api | |||
105 | // modification of user data, or allows the compromise of | 105 | // modification of user data, or allows the compromise of |
106 | // sensitive data by design. | 106 | // sensitive data by design. |
107 | 107 | ||
108 | class FunctionPerms | ||
109 | { | ||
110 | public List<UUID> AllowedCreators; | ||
111 | public List<UUID> AllowedOwners; | ||
112 | |||
113 | public FunctionPerms() | ||
114 | { | ||
115 | AllowedCreators = new List<UUID>(); | ||
116 | AllowedOwners = new List<UUID>(); | ||
117 | } | ||
118 | } | ||
119 | |||
108 | [Serializable] | 120 | [Serializable] |
109 | public class OSSL_Api : MarshalByRefObject, IOSSL_Api, IScriptApi | 121 | public class OSSL_Api : MarshalByRefObject, IOSSL_Api, IScriptApi |
110 | { | 122 | { |
@@ -117,7 +129,7 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api | |||
117 | internal ThreatLevel m_MaxThreatLevel = ThreatLevel.VeryLow; | 129 | internal ThreatLevel m_MaxThreatLevel = ThreatLevel.VeryLow; |
118 | internal float m_ScriptDelayFactor = 1.0f; | 130 | internal float m_ScriptDelayFactor = 1.0f; |
119 | internal float m_ScriptDistanceFactor = 1.0f; | 131 | internal float m_ScriptDistanceFactor = 1.0f; |
120 | internal Dictionary<string, List<UUID> > m_FunctionPerms = new Dictionary<string, List<UUID> >(); | 132 | internal Dictionary<string, FunctionPerms > m_FunctionPerms = new Dictionary<string, FunctionPerms >(); |
121 | 133 | ||
122 | public void Initialize(IScriptEngine ScriptEngine, SceneObjectPart host, uint localID, UUID itemID) | 134 | public void Initialize(IScriptEngine ScriptEngine, SceneObjectPart host, uint localID, UUID itemID) |
123 | { | 135 | { |
@@ -217,31 +229,46 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api | |||
217 | 229 | ||
218 | if (!m_FunctionPerms.ContainsKey(function)) | 230 | if (!m_FunctionPerms.ContainsKey(function)) |
219 | { | 231 | { |
220 | string perm = m_ScriptEngine.Config.GetString("Allow_" + function, ""); | 232 | FunctionPerms perms = new FunctionPerms(); |
221 | if (perm == "") | 233 | m_FunctionPerms[function] = perms; |
234 | |||
235 | string ownerPerm = m_ScriptEngine.Config.GetString("Allow_" + function, ""); | ||
236 | string creatorPerm = m_ScriptEngine.Config.GetString("Creators_" + function, ""); | ||
237 | if (ownerPerm == "" && creatorPerm == "") | ||
222 | { | 238 | { |
223 | m_FunctionPerms[function] = null; // a null value is default | 239 | // Default behavior |
240 | perms.AllowedOwners = null; | ||
241 | perms.AllowedCreators = null; | ||
224 | } | 242 | } |
225 | else | 243 | else |
226 | { | 244 | { |
227 | bool allowed; | 245 | bool allowed; |
228 | 246 | ||
229 | if (bool.TryParse(perm, out allowed)) | 247 | if (bool.TryParse(ownerPerm, out allowed)) |
230 | { | 248 | { |
231 | // Boolean given | 249 | // Boolean given |
232 | if (allowed) | 250 | if (allowed) |
233 | { | 251 | { |
234 | m_FunctionPerms[function] = new List<UUID>(); | 252 | // Allow globally |
235 | m_FunctionPerms[function].Add(UUID.Zero); | 253 | perms.AllowedOwners.Add(UUID.Zero); |
236 | } | 254 | } |
237 | else | ||
238 | m_FunctionPerms[function] = new List<UUID>(); // Empty list = none | ||
239 | } | 255 | } |
240 | else | 256 | else |
241 | { | 257 | { |
242 | m_FunctionPerms[function] = new List<UUID>(); | 258 | string[] ids = ownerPerm.Split(new char[] {','}); |
259 | foreach (string id in ids) | ||
260 | { | ||
261 | string current = id.Trim(); | ||
262 | UUID uuid; | ||
263 | |||
264 | if (UUID.TryParse(current, out uuid)) | ||
265 | { | ||
266 | if (uuid != UUID.Zero) | ||
267 | perms.AllowedOwners.Add(uuid); | ||
268 | } | ||
269 | } | ||
243 | 270 | ||
244 | string[] ids = perm.Split(new char[] {','}); | 271 | ids = creatorPerm.Split(new char[] {','}); |
245 | foreach (string id in ids) | 272 | foreach (string id in ids) |
246 | { | 273 | { |
247 | string current = id.Trim(); | 274 | string current = id.Trim(); |
@@ -250,7 +277,7 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api | |||
250 | if (UUID.TryParse(current, out uuid)) | 277 | if (UUID.TryParse(current, out uuid)) |
251 | { | 278 | { |
252 | if (uuid != UUID.Zero) | 279 | if (uuid != UUID.Zero) |
253 | m_FunctionPerms[function].Add(uuid); | 280 | perms.AllowedCreators.Add(uuid); |
254 | } | 281 | } |
255 | } | 282 | } |
256 | } | 283 | } |
@@ -266,8 +293,9 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api | |||
266 | // | 293 | // |
267 | // To allow use by anyone, the list contains UUID.Zero | 294 | // To allow use by anyone, the list contains UUID.Zero |
268 | // | 295 | // |
269 | if (m_FunctionPerms[function] == null) // No list = true | 296 | if (m_FunctionPerms[function].AllowedOwners == null) |
270 | { | 297 | { |
298 | // Allow / disallow by threat level | ||
271 | if (level > m_MaxThreatLevel) | 299 | if (level > m_MaxThreatLevel) |
272 | OSSLError( | 300 | OSSLError( |
273 | String.Format( | 301 | String.Format( |
@@ -276,8 +304,15 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api | |||
276 | } | 304 | } |
277 | else | 305 | else |
278 | { | 306 | { |
279 | if (!m_FunctionPerms[function].Contains(UUID.Zero)) | 307 | if (!m_FunctionPerms[function].AllowedOwners.Contains(UUID.Zero)) |
280 | { | 308 | { |
309 | // Not anyone. Do detailed checks | ||
310 | if (m_FunctionPerms[function].AllowedOwners.Contains(m_host.OwnerID)) | ||
311 | { | ||
312 | // prim owner is in the list of allowed owners | ||
313 | return; | ||
314 | } | ||
315 | |||
281 | TaskInventoryItem ti = m_host.Inventory.GetInventoryItem(m_itemID); | 316 | TaskInventoryItem ti = m_host.Inventory.GetInventoryItem(m_itemID); |
282 | if (ti == null) | 317 | if (ti == null) |
283 | { | 318 | { |
@@ -285,9 +320,9 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api | |||
285 | String.Format("{0} permission error. Can't find script in prim inventory.", | 320 | String.Format("{0} permission error. Can't find script in prim inventory.", |
286 | function)); | 321 | function)); |
287 | } | 322 | } |
288 | if (!m_FunctionPerms[function].Contains(ti.CreatorID)) | 323 | if (!m_FunctionPerms[function].AllowedCreators.Contains(ti.CreatorID)) |
289 | OSSLError( | 324 | OSSLError( |
290 | String.Format("{0} permission denied. Script creator is not in the list of users allowed to execute this function.", | 325 | String.Format("{0} permission denied. Script creator is not in the list of users allowed to execute this function and prim owner also has no permission.", |
291 | function)); | 326 | function)); |
292 | if (ti.CreatorID != ti.OwnerID) | 327 | if (ti.CreatorID != ti.OwnerID) |
293 | { | 328 | { |
diff --git a/bin/OpenSim.ini.example b/bin/OpenSim.ini.example index 7b427a5..2a70e96 100644 --- a/bin/OpenSim.ini.example +++ b/bin/OpenSim.ini.example | |||
@@ -979,6 +979,12 @@ | |||
979 | ; Comma separated list of UUIDS allows the function for that list of UUIDS | 979 | ; Comma separated list of UUIDS allows the function for that list of UUIDS |
980 | ; Allow_osSetRegionWaterHeight = 888760cb-a3cf-43ac-8ea4-8732fd3ee2bb | 980 | ; Allow_osSetRegionWaterHeight = 888760cb-a3cf-43ac-8ea4-8732fd3ee2bb |
981 | 981 | ||
982 | ; You can also use script creators as the uuid | ||
983 | ; Creators_osSetRegionWaterHeight = <uuid>, ... | ||
984 | |||
985 | ; If both Allow_ and Creators_ are given, effective permissions | ||
986 | ; are the union of the two. | ||
987 | |||
982 | ; Allow for llCreateLink and llBreakLink to work without asking for permission | 988 | ; Allow for llCreateLink and llBreakLink to work without asking for permission |
983 | ; only enable this in a trusted environment otherwise you may be subject to hijacking | 989 | ; only enable this in a trusted environment otherwise you may be subject to hijacking |
984 | ; AutomaticLinkPermission = false | 990 | ; AutomaticLinkPermission = false |