diff options
author | Adam Frisby | 2009-08-17 02:25:00 +1000 |
---|---|---|
committer | Adam Frisby | 2009-08-17 02:25:00 +1000 |
commit | fa921ec147cae620f3126c01b1db94a8f6e90c7e (patch) | |
tree | ba819f4a3bceadde3bf44ba00621057e101ae6a5 | |
parent | * Implements ISecurityCredential member on SPAvatar, SPAvatarAttachment (diff) | |
download | opensim-SC-fa921ec147cae620f3126c01b1db94a8f6e90c7e.zip opensim-SC-fa921ec147cae620f3126c01b1db94a8f6e90c7e.tar.gz opensim-SC-fa921ec147cae620f3126c01b1db94a8f6e90c7e.tar.bz2 opensim-SC-fa921ec147cae620f3126c01b1db94a8f6e90c7e.tar.xz |
* Implements AppDomain Security for MRM Scripts.
* Added permissionLevel attribute to [MRM] section in OpenSim.ini. Default is 'Internet', however may be any of the following (case sensitive), FullTrust, SkipVerification, Execution, Nothing, LocalIntranet, Internet, Everything. For previous functionality, set to FullTrust or Execution.
-rw-r--r-- | OpenSim/Region/OptionalModules/Scripting/Minimodule/MRMModule.cs | 103 |
1 files changed, 101 insertions, 2 deletions
diff --git a/OpenSim/Region/OptionalModules/Scripting/Minimodule/MRMModule.cs b/OpenSim/Region/OptionalModules/Scripting/Minimodule/MRMModule.cs index 6daae29..9042e0d 100644 --- a/OpenSim/Region/OptionalModules/Scripting/Minimodule/MRMModule.cs +++ b/OpenSim/Region/OptionalModules/Scripting/Minimodule/MRMModule.cs | |||
@@ -27,9 +27,14 @@ | |||
27 | 27 | ||
28 | using System; | 28 | using System; |
29 | using System.CodeDom.Compiler; | 29 | using System.CodeDom.Compiler; |
30 | using System.Collections; | ||
30 | using System.Collections.Generic; | 31 | using System.Collections.Generic; |
32 | using System.Diagnostics; | ||
31 | using System.IO; | 33 | using System.IO; |
32 | using System.Reflection; | 34 | using System.Reflection; |
35 | using System.Security; | ||
36 | using System.Security.Permissions; | ||
37 | using System.Security.Policy; | ||
33 | using System.Text; | 38 | using System.Text; |
34 | using log4net; | 39 | using log4net; |
35 | using Microsoft.CSharp; | 40 | using Microsoft.CSharp; |
@@ -54,6 +59,9 @@ namespace OpenSim.Region.OptionalModules.Scripting.Minimodule | |||
54 | 59 | ||
55 | private readonly MicroScheduler m_microthreads = new MicroScheduler(); | 60 | private readonly MicroScheduler m_microthreads = new MicroScheduler(); |
56 | 61 | ||
62 | |||
63 | private IConfig m_config; | ||
64 | |||
57 | public void RegisterExtension<T>(T instance) | 65 | public void RegisterExtension<T>(T instance) |
58 | { | 66 | { |
59 | m_extensions[typeof (T)] = instance; | 67 | m_extensions[typeof (T)] = instance; |
@@ -63,6 +71,8 @@ namespace OpenSim.Region.OptionalModules.Scripting.Minimodule | |||
63 | { | 71 | { |
64 | if (source.Configs["MRM"] != null) | 72 | if (source.Configs["MRM"] != null) |
65 | { | 73 | { |
74 | m_config = source.Configs["MRM"]; | ||
75 | |||
66 | if (source.Configs["MRM"].GetBoolean("Enabled", false)) | 76 | if (source.Configs["MRM"].GetBoolean("Enabled", false)) |
67 | { | 77 | { |
68 | m_log.Info("[MRM] Enabling MRM Module"); | 78 | m_log.Info("[MRM] Enabling MRM Module"); |
@@ -112,6 +122,91 @@ namespace OpenSim.Region.OptionalModules.Scripting.Minimodule | |||
112 | return script; | 122 | return script; |
113 | } | 123 | } |
114 | 124 | ||
125 | /// <summary> | ||
126 | /// Create an AppDomain that contains policy restricting code to execute | ||
127 | /// with only the permissions granted by a named permission set | ||
128 | /// </summary> | ||
129 | /// <param name="permissionSetName">name of the permission set to restrict to</param> | ||
130 | /// <param name="appDomainName">'friendly' name of the appdomain to be created</param> | ||
131 | /// <exception cref="ArgumentNullException"> | ||
132 | /// if <paramref name="permissionSetName"/> is null | ||
133 | /// </exception> | ||
134 | /// <exception cref="ArgumentOutOfRangeException"> | ||
135 | /// if <paramref name="permissionSetName"/> is empty | ||
136 | /// </exception> | ||
137 | /// <returns>AppDomain with a restricted security policy</returns> | ||
138 | /// <remarks>Substantial portions of this function from: http://blogs.msdn.com/shawnfa/archive/2004/10/25/247379.aspx | ||
139 | /// Valid permissionSetName values are: | ||
140 | /// * FullTrust | ||
141 | /// * SkipVerification | ||
142 | /// * Execution | ||
143 | /// * Nothing | ||
144 | /// * LocalIntranet | ||
145 | /// * Internet | ||
146 | /// * Everything | ||
147 | /// </remarks> | ||
148 | public static AppDomain CreateRestrictedDomain(string permissionSetName, string appDomainName) | ||
149 | { | ||
150 | if (permissionSetName == null) | ||
151 | throw new ArgumentNullException("permissionSetName"); | ||
152 | if (permissionSetName.Length == 0) | ||
153 | throw new ArgumentOutOfRangeException("permissionSetName", permissionSetName, | ||
154 | "Cannot have an empty permission set name"); | ||
155 | |||
156 | // Default to all code getting nothing | ||
157 | PolicyStatement emptyPolicy = new PolicyStatement(new PermissionSet(PermissionState.None)); | ||
158 | UnionCodeGroup policyRoot = new UnionCodeGroup(new AllMembershipCondition(), emptyPolicy); | ||
159 | |||
160 | bool foundName = false; | ||
161 | PermissionSet setIntersection = new PermissionSet(PermissionState.Unrestricted); | ||
162 | |||
163 | // iterate over each policy level | ||
164 | IEnumerator levelEnumerator = SecurityManager.PolicyHierarchy(); | ||
165 | while (levelEnumerator.MoveNext()) | ||
166 | { | ||
167 | PolicyLevel level = levelEnumerator.Current as PolicyLevel; | ||
168 | |||
169 | // if this level has defined a named permission set with the | ||
170 | // given name, then intersect it with what we've retrieved | ||
171 | // from all the previous levels | ||
172 | if (level != null) | ||
173 | { | ||
174 | PermissionSet levelSet = level.GetNamedPermissionSet(permissionSetName); | ||
175 | if (levelSet != null) | ||
176 | { | ||
177 | foundName = true; | ||
178 | if (setIntersection != null) | ||
179 | setIntersection = setIntersection.Intersect(levelSet); | ||
180 | } | ||
181 | } | ||
182 | } | ||
183 | |||
184 | // Intersect() can return null for an empty set, so convert that | ||
185 | // to an empty set object. Also return an empty set if we didn't find | ||
186 | // the named permission set we were looking for | ||
187 | if (setIntersection == null || !foundName) | ||
188 | setIntersection = new PermissionSet(PermissionState.None); | ||
189 | else | ||
190 | setIntersection = new NamedPermissionSet(permissionSetName, setIntersection); | ||
191 | |||
192 | // if no named permission sets were found, return an empty set, | ||
193 | // otherwise return the set that was found | ||
194 | PolicyStatement permissions = new PolicyStatement(setIntersection); | ||
195 | policyRoot.AddChild(new UnionCodeGroup(new AllMembershipCondition(), permissions)); | ||
196 | |||
197 | // create an AppDomain policy level for the policy tree | ||
198 | PolicyLevel appDomainLevel = PolicyLevel.CreateAppDomainLevel(); | ||
199 | appDomainLevel.RootCodeGroup = policyRoot; | ||
200 | |||
201 | // create an AppDomain where this policy will be in effect | ||
202 | string domainName = appDomainName; | ||
203 | AppDomain restrictedDomain = AppDomain.CreateDomain(domainName); | ||
204 | restrictedDomain.SetAppDomainPolicy(appDomainLevel); | ||
205 | |||
206 | return restrictedDomain; | ||
207 | } | ||
208 | |||
209 | |||
115 | void EventManager_OnRezScript(uint localID, UUID itemID, string script, int startParam, bool postOnRez, string engine, int stateSource) | 210 | void EventManager_OnRezScript(uint localID, UUID itemID, string script, int startParam, bool postOnRez, string engine, int stateSource) |
116 | { | 211 | { |
117 | if (script.StartsWith("//MRM:C#")) | 212 | if (script.StartsWith("//MRM:C#")) |
@@ -125,9 +220,13 @@ namespace OpenSim.Region.OptionalModules.Scripting.Minimodule | |||
125 | 220 | ||
126 | try | 221 | try |
127 | { | 222 | { |
128 | m_log.Info("[MRM] Found C# MRM"); | 223 | m_log.Info("[MRM] Found C# MRM - Starting in AppDomain with " + m_config.GetString("permissionLevel", "Internet") + "-level security."); |
224 | |||
225 | string domainName = UUID.Random().ToString(); | ||
226 | AppDomain target = CreateRestrictedDomain(m_config.GetString("permissionLevel", "Internet"), | ||
227 | domainName); | ||
129 | 228 | ||
130 | MRMBase mmb = (MRMBase)AppDomain.CurrentDomain.CreateInstanceFromAndUnwrap( | 229 | MRMBase mmb = (MRMBase) target.CreateInstanceFromAndUnwrap( |
131 | CompileFromDotNetText(script, itemID.ToString()), | 230 | CompileFromDotNetText(script, itemID.ToString()), |
132 | "OpenSim.MiniModule"); | 231 | "OpenSim.MiniModule"); |
133 | 232 | ||