aboutsummaryrefslogtreecommitdiffstatshomepage
diff options
context:
space:
mode:
authorMelanie Thielker2010-05-30 15:46:54 +0200
committerMelanie2010-05-30 14:42:58 +0100
commitf1a1d7a5211a250aeb4ed540562be0c79f051e4b (patch)
treed3f61dec6e974dd8397086a4d51b71b5b91bfae2
parentChanges OSSL Api permissions for the case of UUID list. In 0.6.9, the UUIDs (diff)
downloadopensim-SC-f1a1d7a5211a250aeb4ed540562be0c79f051e4b.zip
opensim-SC-f1a1d7a5211a250aeb4ed540562be0c79f051e4b.tar.gz
opensim-SC-f1a1d7a5211a250aeb4ed540562be0c79f051e4b.tar.bz2
opensim-SC-f1a1d7a5211a250aeb4ed540562be0c79f051e4b.tar.xz
Changes osFunction permissions again. Allow_ with a list of UUIDs now again
refers to prim OWNERS. A new option set, Creators_, is added to allow selection by script creator. For existing installs, this means no functional change. The warning from my prior commit doesn't apply anymore.
Diffstat (limited to '')
-rw-r--r--OpenSim/Region/ScriptEngine/Shared/Api/Implementation/OSSL_Api.cs67
-rw-r--r--bin/OpenSim.ini.example6
2 files changed, 57 insertions, 16 deletions
diff --git a/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/OSSL_Api.cs b/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/OSSL_Api.cs
index 5b634e0..7ada738 100644
--- a/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/OSSL_Api.cs
+++ b/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/OSSL_Api.cs
@@ -105,6 +105,18 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
105 // modification of user data, or allows the compromise of 105 // modification of user data, or allows the compromise of
106 // sensitive data by design. 106 // sensitive data by design.
107 107
108 class FunctionPerms
109 {
110 public List<UUID> AllowedCreators;
111 public List<UUID> AllowedOwners;
112
113 public FunctionPerms()
114 {
115 AllowedCreators = new List<UUID>();
116 AllowedOwners = new List<UUID>();
117 }
118 }
119
108 [Serializable] 120 [Serializable]
109 public class OSSL_Api : MarshalByRefObject, IOSSL_Api, IScriptApi 121 public class OSSL_Api : MarshalByRefObject, IOSSL_Api, IScriptApi
110 { 122 {
@@ -117,7 +129,7 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
117 internal ThreatLevel m_MaxThreatLevel = ThreatLevel.VeryLow; 129 internal ThreatLevel m_MaxThreatLevel = ThreatLevel.VeryLow;
118 internal float m_ScriptDelayFactor = 1.0f; 130 internal float m_ScriptDelayFactor = 1.0f;
119 internal float m_ScriptDistanceFactor = 1.0f; 131 internal float m_ScriptDistanceFactor = 1.0f;
120 internal Dictionary<string, List<UUID> > m_FunctionPerms = new Dictionary<string, List<UUID> >(); 132 internal Dictionary<string, FunctionPerms > m_FunctionPerms = new Dictionary<string, FunctionPerms >();
121 133
122 public void Initialize(IScriptEngine ScriptEngine, SceneObjectPart host, uint localID, UUID itemID) 134 public void Initialize(IScriptEngine ScriptEngine, SceneObjectPart host, uint localID, UUID itemID)
123 { 135 {
@@ -217,31 +229,46 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
217 229
218 if (!m_FunctionPerms.ContainsKey(function)) 230 if (!m_FunctionPerms.ContainsKey(function))
219 { 231 {
220 string perm = m_ScriptEngine.Config.GetString("Allow_" + function, ""); 232 FunctionPerms perms = new FunctionPerms();
221 if (perm == "") 233 m_FunctionPerms[function] = perms;
234
235 string ownerPerm = m_ScriptEngine.Config.GetString("Allow_" + function, "");
236 string creatorPerm = m_ScriptEngine.Config.GetString("Creators_" + function, "");
237 if (ownerPerm == "" && creatorPerm == "")
222 { 238 {
223 m_FunctionPerms[function] = null; // a null value is default 239 // Default behavior
240 perms.AllowedOwners = null;
241 perms.AllowedCreators = null;
224 } 242 }
225 else 243 else
226 { 244 {
227 bool allowed; 245 bool allowed;
228 246
229 if (bool.TryParse(perm, out allowed)) 247 if (bool.TryParse(ownerPerm, out allowed))
230 { 248 {
231 // Boolean given 249 // Boolean given
232 if (allowed) 250 if (allowed)
233 { 251 {
234 m_FunctionPerms[function] = new List<UUID>(); 252 // Allow globally
235 m_FunctionPerms[function].Add(UUID.Zero); 253 perms.AllowedOwners.Add(UUID.Zero);
236 } 254 }
237 else
238 m_FunctionPerms[function] = new List<UUID>(); // Empty list = none
239 } 255 }
240 else 256 else
241 { 257 {
242 m_FunctionPerms[function] = new List<UUID>(); 258 string[] ids = ownerPerm.Split(new char[] {','});
259 foreach (string id in ids)
260 {
261 string current = id.Trim();
262 UUID uuid;
263
264 if (UUID.TryParse(current, out uuid))
265 {
266 if (uuid != UUID.Zero)
267 perms.AllowedOwners.Add(uuid);
268 }
269 }
243 270
244 string[] ids = perm.Split(new char[] {','}); 271 ids = creatorPerm.Split(new char[] {','});
245 foreach (string id in ids) 272 foreach (string id in ids)
246 { 273 {
247 string current = id.Trim(); 274 string current = id.Trim();
@@ -250,7 +277,7 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
250 if (UUID.TryParse(current, out uuid)) 277 if (UUID.TryParse(current, out uuid))
251 { 278 {
252 if (uuid != UUID.Zero) 279 if (uuid != UUID.Zero)
253 m_FunctionPerms[function].Add(uuid); 280 perms.AllowedCreators.Add(uuid);
254 } 281 }
255 } 282 }
256 } 283 }
@@ -266,8 +293,9 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
266 // 293 //
267 // To allow use by anyone, the list contains UUID.Zero 294 // To allow use by anyone, the list contains UUID.Zero
268 // 295 //
269 if (m_FunctionPerms[function] == null) // No list = true 296 if (m_FunctionPerms[function].AllowedOwners == null)
270 { 297 {
298 // Allow / disallow by threat level
271 if (level > m_MaxThreatLevel) 299 if (level > m_MaxThreatLevel)
272 OSSLError( 300 OSSLError(
273 String.Format( 301 String.Format(
@@ -276,8 +304,15 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
276 } 304 }
277 else 305 else
278 { 306 {
279 if (!m_FunctionPerms[function].Contains(UUID.Zero)) 307 if (!m_FunctionPerms[function].AllowedOwners.Contains(UUID.Zero))
280 { 308 {
309 // Not anyone. Do detailed checks
310 if (m_FunctionPerms[function].AllowedOwners.Contains(m_host.OwnerID))
311 {
312 // prim owner is in the list of allowed owners
313 return;
314 }
315
281 TaskInventoryItem ti = m_host.Inventory.GetInventoryItem(m_itemID); 316 TaskInventoryItem ti = m_host.Inventory.GetInventoryItem(m_itemID);
282 if (ti == null) 317 if (ti == null)
283 { 318 {
@@ -285,9 +320,9 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
285 String.Format("{0} permission error. Can't find script in prim inventory.", 320 String.Format("{0} permission error. Can't find script in prim inventory.",
286 function)); 321 function));
287 } 322 }
288 if (!m_FunctionPerms[function].Contains(ti.CreatorID)) 323 if (!m_FunctionPerms[function].AllowedCreators.Contains(ti.CreatorID))
289 OSSLError( 324 OSSLError(
290 String.Format("{0} permission denied. Script creator is not in the list of users allowed to execute this function.", 325 String.Format("{0} permission denied. Script creator is not in the list of users allowed to execute this function and prim owner also has no permission.",
291 function)); 326 function));
292 if (ti.CreatorID != ti.OwnerID) 327 if (ti.CreatorID != ti.OwnerID)
293 { 328 {
diff --git a/bin/OpenSim.ini.example b/bin/OpenSim.ini.example
index 7b427a5..2a70e96 100644
--- a/bin/OpenSim.ini.example
+++ b/bin/OpenSim.ini.example
@@ -979,6 +979,12 @@
979 ; Comma separated list of UUIDS allows the function for that list of UUIDS 979 ; Comma separated list of UUIDS allows the function for that list of UUIDS
980 ; Allow_osSetRegionWaterHeight = 888760cb-a3cf-43ac-8ea4-8732fd3ee2bb 980 ; Allow_osSetRegionWaterHeight = 888760cb-a3cf-43ac-8ea4-8732fd3ee2bb
981 981
982 ; You can also use script creators as the uuid
983 ; Creators_osSetRegionWaterHeight = <uuid>, ...
984
985 ; If both Allow_ and Creators_ are given, effective permissions
986 ; are the union of the two.
987
982 ; Allow for llCreateLink and llBreakLink to work without asking for permission 988 ; Allow for llCreateLink and llBreakLink to work without asking for permission
983 ; only enable this in a trusted environment otherwise you may be subject to hijacking 989 ; only enable this in a trusted environment otherwise you may be subject to hijacking
984 ; AutomaticLinkPermission = false 990 ; AutomaticLinkPermission = false