aboutsummaryrefslogtreecommitdiffstatshomepage
diff options
context:
space:
mode:
authorJustin Clarke Casey2008-11-13 18:52:16 +0000
committerJustin Clarke Casey2008-11-13 18:52:16 +0000
commitef601d805ab948caf1ab4dcf4f5ee2ff640be1df (patch)
tree8c7c5390eac69b258c28ecab121a94ad566446e3
parent* Attempt to make OpenSim.ini.example a bit more readable by (diff)
downloadopensim-SC-ef601d805ab948caf1ab4dcf4f5ee2ff640be1df.zip
opensim-SC-ef601d805ab948caf1ab4dcf4f5ee2ff640be1df.tar.gz
opensim-SC-ef601d805ab948caf1ab4dcf4f5ee2ff640be1df.tar.bz2
opensim-SC-ef601d805ab948caf1ab4dcf4f5ee2ff640be1df.tar.xz
* First part of a series of patches
* Intension is to provide a way to lock down script creation to administrators/gods only * Defaults will remain as they are at the moment
-rw-r--r--OpenSim/Region/Environment/Modules/World/Permissions/PermissionsModule.cs29
-rw-r--r--OpenSim/Region/Environment/Scenes/Scene.Inventory.cs24
-rw-r--r--OpenSim/Region/Environment/Scenes/SceneExternalChecks.cs4
-rw-r--r--bin/OpenSim.ini.example3
4 files changed, 39 insertions, 21 deletions
diff --git a/OpenSim/Region/Environment/Modules/World/Permissions/PermissionsModule.cs b/OpenSim/Region/Environment/Modules/World/Permissions/PermissionsModule.cs
index 5d48cbd..b6b7d4a 100644
--- a/OpenSim/Region/Environment/Modules/World/Permissions/PermissionsModule.cs
+++ b/OpenSim/Region/Environment/Modules/World/Permissions/PermissionsModule.cs
@@ -142,7 +142,6 @@ namespace OpenSim.Region.Environment.Modules.World.Permissions
142 return; 142 return;
143 143
144 m_allowGridGods = myConfig.GetBoolean("allow_grid_gods", false); 144 m_allowGridGods = myConfig.GetBoolean("allow_grid_gods", false);
145
146 m_bypassPermissions = !myConfig.GetBoolean("serverside_object_permissions", true); 145 m_bypassPermissions = !myConfig.GetBoolean("serverside_object_permissions", true);
147 m_RegionOwnerIsGod = myConfig.GetBoolean("region_owner_is_god", true); 146 m_RegionOwnerIsGod = myConfig.GetBoolean("region_owner_is_god", true);
148 m_ParcelOwnerIsGod = myConfig.GetBoolean("parcel_owner_is_god", true); 147 m_ParcelOwnerIsGod = myConfig.GetBoolean("parcel_owner_is_god", true);
@@ -236,7 +235,7 @@ namespace OpenSim.Region.Environment.Modules.World.Permissions
236 protected void DebugPermissionInformation(string permissionCalled) 235 protected void DebugPermissionInformation(string permissionCalled)
237 { 236 {
238 if (m_debugPermissions) 237 if (m_debugPermissions)
239 m_log.Info("[PERMISSIONS]: " + permissionCalled + " was called from " + m_scene.RegionInfo.RegionName); 238 m_log.Debug("[PERMISSIONS]: " + permissionCalled + " was called from " + m_scene.RegionInfo.RegionName);
240 } 239 }
241 240
242 protected bool IsAdministrator(UUID user) 241 protected bool IsAdministrator(UUID user)
@@ -408,6 +407,14 @@ namespace OpenSim.Region.Environment.Modules.World.Permissions
408 return objectFlagsMask; 407 return objectFlagsMask;
409 } 408 }
410 409
410 /// <summary>
411 /// General permissions checks for any operation involving an object. These supplement more specific checks
412 /// implemented by callers.
413 /// </summary>
414 /// <param name="currentUser"></param>
415 /// <param name="objId"></param>
416 /// <param name="denyOnLocked"></param>
417 /// <returns></returns>
411 protected bool GenericObjectPermission(UUID currentUser, UUID objId, bool denyOnLocked) 418 protected bool GenericObjectPermission(UUID currentUser, UUID objId, bool denyOnLocked)
412 { 419 {
413 // Default: deny 420 // Default: deny
@@ -425,7 +432,6 @@ namespace OpenSim.Region.Environment.Modules.World.Permissions
425 return false; 432 return false;
426 } 433 }
427 434
428
429 SceneObjectGroup group = (SceneObjectGroup)m_scene.Entities[objId]; 435 SceneObjectGroup group = (SceneObjectGroup)m_scene.Entities[objId];
430 436
431 UUID objectOwner = group.OwnerID; 437 UUID objectOwner = group.OwnerID;
@@ -477,7 +483,6 @@ namespace OpenSim.Region.Environment.Modules.World.Permissions
477 return permission; 483 return permission;
478 } 484 }
479 485
480
481 #endregion 486 #endregion
482 487
483 #region Generic Permissions 488 #region Generic Permissions
@@ -655,8 +660,7 @@ namespace OpenSim.Region.Environment.Modules.World.Permissions
655 { 660 {
656 m_log.ErrorFormat("[PERMISSIONS]: Could not find user {0} for edit notecard check", user); 661 m_log.ErrorFormat("[PERMISSIONS]: Could not find user {0} for edit notecard check", user);
657 return false; 662 return false;
658 } 663 }
659
660 664
661 if (userInfo.RootFolder == null) 665 if (userInfo.RootFolder == null)
662 return false; 666 return false;
@@ -1214,8 +1218,19 @@ namespace OpenSim.Region.Environment.Modules.World.Permissions
1214 return true; 1218 return true;
1215 } 1219 }
1216 1220
1217 public bool CanCreateInventory(uint invType, UUID objectID, UUID userID) 1221 /// <summary>
1222 /// Check whether the specified user is allowed to directly create the given inventory type in a prim's
1223 /// inventory (e.g. the New Script button in the 1.21 Linden Lab client). This permission check does not
1224 /// apply to existing items that are being dragged in to that prim's inventory.
1225 /// </summary>
1226 /// <param name="invType"></param>
1227 /// <param name="objectID"></param>
1228 /// <param name="userID"></param>
1229 /// <returns></returns>
1230 public bool CanCreateInventory(int invType, UUID objectID, UUID userID)
1218 { 1231 {
1232 m_log.Debug("[PERMISSIONS]: CanCreateInventory called");
1233
1219 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); 1234 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
1220 if (m_bypassPermissions) return m_bypassPermissionsValue; 1235 if (m_bypassPermissions) return m_bypassPermissionsValue;
1221 1236
diff --git a/OpenSim/Region/Environment/Scenes/Scene.Inventory.cs b/OpenSim/Region/Environment/Scenes/Scene.Inventory.cs
index c6ad94c..0e28b0c 100644
--- a/OpenSim/Region/Environment/Scenes/Scene.Inventory.cs
+++ b/OpenSim/Region/Environment/Scenes/Scene.Inventory.cs
@@ -799,11 +799,9 @@ namespace OpenSim.Region.Environment.Scenes
799 if (agentTransactions != null) 799 if (agentTransactions != null)
800 { 800 {
801 agentTransactions.HandleItemCreationFromTransaction( 801 agentTransactions.HandleItemCreationFromTransaction(
802 remoteClient, transactionID, folderID, callbackID, description, 802 remoteClient, transactionID, folderID, callbackID, description,
803 name, invType, assetType, wearableType, nextOwnerMask); 803 name, invType, assetType, wearableType, nextOwnerMask);
804 } 804 }
805
806
807 } 805 }
808 } 806 }
809 807
@@ -1002,7 +1000,6 @@ namespace OpenSim.Region.Environment.Scenes
1002 /// <param name="itemID"></param> 1000 /// <param name="itemID"></param>
1003 public void MoveTaskInventoryItem(IClientAPI remoteClient, UUID folderId, SceneObjectPart part, UUID itemId) 1001 public void MoveTaskInventoryItem(IClientAPI remoteClient, UUID folderId, SceneObjectPart part, UUID itemId)
1004 { 1002 {
1005
1006 InventoryItemBase agentItem = CreateAgentInventoryItemFromTask(remoteClient.AgentId, part, itemId); 1003 InventoryItemBase agentItem = CreateAgentInventoryItemFromTask(remoteClient.AgentId, part, itemId);
1007 1004
1008 if (agentItem == null) 1005 if (agentItem == null)
@@ -1316,17 +1313,17 @@ namespace OpenSim.Region.Environment.Scenes
1316 } 1313 }
1317 1314
1318 /// <summary> 1315 /// <summary>
1319 /// Rez a script into a prim's inventory 1316 /// Rez a script into a prim's inventory, either ex nihilo or from an existing avatar inventory
1320 /// </summary> 1317 /// </summary>
1321 /// <param name="remoteClient"></param> 1318 /// <param name="remoteClient"></param>
1322 /// <param name="itemID"> </param> 1319 /// <param name="itemID"> </param>
1323 /// <param name="localID"></param> 1320 /// <param name="localID"></param>
1324 public void RezScript(IClientAPI remoteClient, InventoryItemBase itemBase, UUID transactionID, uint localID) 1321 public void RezScript(IClientAPI remoteClient, InventoryItemBase itemBase, UUID transactionID, uint localID)
1325 { 1322 {
1326 UUID itemID=itemBase.ID; 1323 UUID itemID = itemBase.ID;
1327 UUID copyID = UUID.Random(); 1324 UUID copyID = UUID.Random();
1328 1325
1329 if (itemID != UUID.Zero) 1326 if (itemID != UUID.Zero) // transferred from an avatar inventory to the prim's pinventory
1330 { 1327 {
1331 CachedUserInfo userInfo = CommsManager.UserProfileCacheService.GetUserDetails(remoteClient.AgentId); 1328 CachedUserInfo userInfo = CommsManager.UserProfileCacheService.GetUserDetails(remoteClient.AgentId);
1332 1329
@@ -1378,9 +1375,9 @@ namespace OpenSim.Region.Environment.Scenes
1378 } 1375 }
1379 } 1376 }
1380 } 1377 }
1381 else // If the itemID is zero then the script has been rezzed directly in an object's inventory 1378 else // script has been rezzed directly into a prim's inventory
1382 { 1379 {
1383 SceneObjectPart part=GetSceneObjectPart(itemBase.Folder); 1380 SceneObjectPart part = GetSceneObjectPart(itemBase.Folder);
1384 if (part == null) 1381 if (part == null)
1385 return; 1382 return;
1386 1383
@@ -1389,11 +1386,14 @@ namespace OpenSim.Region.Environment.Scenes
1389 1386
1390 if ((part.OwnerMask & (uint)PermissionMask.Modify) == 0) 1387 if ((part.OwnerMask & (uint)PermissionMask.Modify) == 0)
1391 return; 1388 return;
1389
1390 if (!ExternalChecks.ExternalChecksCanCreateInventory(itemBase.InvType, part.UUID, remoteClient.AgentId))
1391 return;
1392 1392
1393 AssetBase asset = CreateAsset(itemBase.Name, itemBase.Description, (sbyte)itemBase.AssetType, Encoding.ASCII.GetBytes("default\n{\n state_entry()\n {\n llSay(0, \"Script running\");\n }\n}")); 1393 AssetBase asset = CreateAsset(itemBase.Name, itemBase.Description, (sbyte)itemBase.AssetType, Encoding.ASCII.GetBytes("default\n{\n state_entry()\n {\n llSay(0, \"Script running\");\n }\n}"));
1394 AssetCache.AddAsset(asset); 1394 AssetCache.AddAsset(asset);
1395 1395
1396 TaskInventoryItem taskItem=new TaskInventoryItem(); 1396 TaskInventoryItem taskItem = new TaskInventoryItem();
1397 1397
1398 taskItem.ResetIDs(itemBase.Folder); 1398 taskItem.ResetIDs(itemBase.Folder);
1399 taskItem.ParentID = itemBase.Folder; 1399 taskItem.ParentID = itemBase.Folder;
diff --git a/OpenSim/Region/Environment/Scenes/SceneExternalChecks.cs b/OpenSim/Region/Environment/Scenes/SceneExternalChecks.cs
index f8d041a..c5bbcdd 100644
--- a/OpenSim/Region/Environment/Scenes/SceneExternalChecks.cs
+++ b/OpenSim/Region/Environment/Scenes/SceneExternalChecks.cs
@@ -1070,7 +1070,7 @@ namespace OpenSim.Region.Environment.Scenes
1070 1070
1071 #endregion 1071 #endregion
1072 1072
1073 public delegate bool CanCreateInventory(uint invType, UUID objectID, UUID userID); 1073 public delegate bool CanCreateInventory(int invType, UUID objectID, UUID userID);
1074 private List<CanCreateInventory> CanCreateInventoryCheckFunctions = new List<CanCreateInventory>(); 1074 private List<CanCreateInventory> CanCreateInventoryCheckFunctions = new List<CanCreateInventory>();
1075 1075
1076 public void addCheckCanCreateInventory(CanCreateInventory delegateFunc) 1076 public void addCheckCanCreateInventory(CanCreateInventory delegateFunc)
@@ -1085,7 +1085,7 @@ namespace OpenSim.Region.Environment.Scenes
1085 CanCreateInventoryCheckFunctions.Remove(delegateFunc); 1085 CanCreateInventoryCheckFunctions.Remove(delegateFunc);
1086 } 1086 }
1087 1087
1088 public bool ExternalChecksCanCreateInventory(uint invType, UUID objectID, UUID userID) 1088 public bool ExternalChecksCanCreateInventory(int invType, UUID objectID, UUID userID)
1089 { 1089 {
1090 foreach (CanCreateInventory check in CanCreateInventoryCheckFunctions) 1090 foreach (CanCreateInventory check in CanCreateInventoryCheckFunctions)
1091 { 1091 {
diff --git a/bin/OpenSim.ini.example b/bin/OpenSim.ini.example
index 7c5c995..a529a48 100644
--- a/bin/OpenSim.ini.example
+++ b/bin/OpenSim.ini.example
@@ -111,6 +111,7 @@
111 ;permissionmodules = "DefaultPermissionsModule" 111 ;permissionmodules = "DefaultPermissionsModule"
112 serverside_object_permissions = false 112 serverside_object_permissions = false
113 allow_grid_gods = false 113 allow_grid_gods = false
114
114 ; This allows somne control over permissions 115 ; This allows somne control over permissions
115 ; please note that this still doesn't duplicate SL, and is not intended to 116 ; please note that this still doesn't duplicate SL, and is not intended to
116 ;region_owner_is_god = true 117 ;region_owner_is_god = true
@@ -212,6 +213,7 @@
212 ; user_send_key and user_recv_key, too 213 ; user_send_key and user_recv_key, too
213 messaging_server_url = "http://127.0.0.1:8006" 214 messaging_server_url = "http://127.0.0.1:8006"
214 215
216
215[ClientStack.LindenUDP] 217[ClientStack.LindenUDP]
216 ; This is the multiplier applied to all client throttles for outgoing UDP network data 218 ; This is the multiplier applied to all client throttles for outgoing UDP network data
217 ; If it is set to 1, then we obey the throttle settings as given to us by the client. If it is set to 3, for example, then we 219 ; If it is set to 1, then we obey the throttle settings as given to us by the client. If it is set to 3, for example, then we
@@ -432,6 +434,7 @@
432 dump-line-size=32 434 dump-line-size=32
433 flush-on-error=true 435 flush-on-error=true
434 436
437
435; Uncomment the following for IRC bridge 438; Uncomment the following for IRC bridge
436; experimental, so if it breaks... keep both parts... yada yada 439; experimental, so if it breaks... keep both parts... yada yada
437; also, not good error detection when it fails 440; also, not good error detection when it fails