diff options
author | Diva Canto | 2012-09-20 15:49:22 -0700 |
---|---|---|
committer | Diva Canto | 2012-09-20 15:49:22 -0700 |
commit | 3089b6d824f1d4eb25ba12c5fd037153fdc92e1e (patch) | |
tree | f70c7a399cf2e2af599f25798a6b3c3b3d3f89d6 | |
parent | Correctly override and call base OpenSimTestCase.SetUp() method in GridConnec... (diff) | |
download | opensim-SC-3089b6d824f1d4eb25ba12c5fd037153fdc92e1e.zip opensim-SC-3089b6d824f1d4eb25ba12c5fd037153fdc92e1e.tar.gz opensim-SC-3089b6d824f1d4eb25ba12c5fd037153fdc92e1e.tar.bz2 opensim-SC-3089b6d824f1d4eb25ba12c5fd037153fdc92e1e.tar.xz |
More HG2.0: Added permission policies in HGAsset Service based on asset types. The policies are given in the config. This is only half of the story. The other half, pertaining to exports/imports made by the sim, will be done next.
-rw-r--r-- | OpenSim/Region/CoreModules/Framework/InventoryAccess/HGAssetMapper.cs | 34 | ||||
-rw-r--r-- | OpenSim/Services/HypergridService/HGAssetService.cs | 79 | ||||
-rw-r--r-- | bin/Robust.HG.ini.example | 10 | ||||
-rw-r--r-- | bin/config-include/StandaloneCommon.ini.example | 11 |
4 files changed, 116 insertions, 18 deletions
diff --git a/OpenSim/Region/CoreModules/Framework/InventoryAccess/HGAssetMapper.cs b/OpenSim/Region/CoreModules/Framework/InventoryAccess/HGAssetMapper.cs index eaadc1b..fcecbbc 100644 --- a/OpenSim/Region/CoreModules/Framework/InventoryAccess/HGAssetMapper.cs +++ b/OpenSim/Region/CoreModules/Framework/InventoryAccess/HGAssetMapper.cs | |||
@@ -93,6 +93,7 @@ namespace OpenSim.Region.CoreModules.Framework.InventoryAccess | |||
93 | if (!url.EndsWith("/") && !url.EndsWith("=")) | 93 | if (!url.EndsWith("/") && !url.EndsWith("=")) |
94 | url = url + "/"; | 94 | url = url + "/"; |
95 | 95 | ||
96 | bool success = true; | ||
96 | // See long comment in AssetCache.AddAsset | 97 | // See long comment in AssetCache.AddAsset |
97 | if (!asset.Temporary || asset.Local) | 98 | if (!asset.Temporary || asset.Local) |
98 | { | 99 | { |
@@ -103,14 +104,7 @@ namespace OpenSim.Region.CoreModules.Framework.InventoryAccess | |||
103 | // not having a global naming infrastructure | 104 | // not having a global naming infrastructure |
104 | AssetBase asset1 = new AssetBase(asset.FullID, asset.Name, asset.Type, asset.Metadata.CreatorID); | 105 | AssetBase asset1 = new AssetBase(asset.FullID, asset.Name, asset.Type, asset.Metadata.CreatorID); |
105 | Copy(asset, asset1); | 106 | Copy(asset, asset1); |
106 | try | 107 | asset1.ID = url + asset.ID; |
107 | { | ||
108 | asset1.ID = url + asset.ID; | ||
109 | } | ||
110 | catch | ||
111 | { | ||
112 | m_log.Warn("[HG ASSET MAPPER]: Oops."); | ||
113 | } | ||
114 | 108 | ||
115 | AdjustIdentifiers(asset1.Metadata); | 109 | AdjustIdentifiers(asset1.Metadata); |
116 | if (asset1.Metadata.Type == (sbyte)AssetType.Object) | 110 | if (asset1.Metadata.Type == (sbyte)AssetType.Object) |
@@ -118,11 +112,17 @@ namespace OpenSim.Region.CoreModules.Framework.InventoryAccess | |||
118 | else | 112 | else |
119 | asset1.Data = asset.Data; | 113 | asset1.Data = asset.Data; |
120 | 114 | ||
121 | m_scene.AssetService.Store(asset1); | 115 | string id = m_scene.AssetService.Store(asset1); |
122 | m_log.DebugFormat("[HG ASSET MAPPER]: Posted copy of asset {0} from local asset server to {1}", asset1.ID, url); | 116 | if (id == UUID.Zero.ToString()) |
117 | { | ||
118 | m_log.DebugFormat("[HG ASSET MAPPER]: Asset server {0} did not accept {1}", url, asset.ID); | ||
119 | success = false; | ||
120 | } | ||
121 | else | ||
122 | m_log.DebugFormat("[HG ASSET MAPPER]: Posted copy of asset {0} from local asset server to {1}", asset1.ID, url); | ||
123 | } | 123 | } |
124 | return true; | 124 | return success; |
125 | } | 125 | } |
126 | else | 126 | else |
127 | m_log.Warn("[HG ASSET MAPPER]: Tried to post asset to remote server, but asset not in local cache."); | 127 | m_log.Warn("[HG ASSET MAPPER]: Tried to post asset to remote server, but asset not in local cache."); |
128 | 128 | ||
@@ -259,17 +259,21 @@ namespace OpenSim.Region.CoreModules.Framework.InventoryAccess | |||
259 | Dictionary<UUID, AssetType> ids = new Dictionary<UUID, AssetType>(); | 259 | Dictionary<UUID, AssetType> ids = new Dictionary<UUID, AssetType>(); |
260 | HGUuidGatherer uuidGatherer = new HGUuidGatherer(this, m_scene.AssetService, string.Empty); | 260 | HGUuidGatherer uuidGatherer = new HGUuidGatherer(this, m_scene.AssetService, string.Empty); |
261 | uuidGatherer.GatherAssetUuids(asset.FullID, (AssetType)asset.Type, ids); | 261 | uuidGatherer.GatherAssetUuids(asset.FullID, (AssetType)asset.Type, ids); |
262 | bool success = false; | ||
262 | foreach (UUID uuid in ids.Keys) | 263 | foreach (UUID uuid in ids.Keys) |
263 | { | 264 | { |
264 | asset = m_scene.AssetService.Get(uuid.ToString()); | 265 | asset = m_scene.AssetService.Get(uuid.ToString()); |
265 | if (asset == null) | 266 | if (asset == null) |
266 | m_log.DebugFormat("[HG ASSET MAPPER]: Could not find asset {0}", uuid); | 267 | m_log.DebugFormat("[HG ASSET MAPPER]: Could not find asset {0}", uuid); |
267 | else | 268 | else |
268 | PostAsset(userAssetURL, asset); | 269 | success = PostAsset(userAssetURL, asset); |
269 | } | 270 | } |
270 | 271 | ||
271 | // maybe all pieces got there... | 272 | // maybe all pieces got there... |
272 | m_log.DebugFormat("[HG ASSET MAPPER]: Successfully posted item {0} to asset server {1}", assetID, userAssetURL); | 273 | if (!success) |
274 | m_log.DebugFormat("[HG ASSET MAPPER]: Problems posting item {0} to asset server {1}", assetID, userAssetURL); | ||
275 | else | ||
276 | m_log.DebugFormat("[HG ASSET MAPPER]: Successfully posted item {0} to asset server {1}", assetID, userAssetURL); | ||
273 | 277 | ||
274 | } | 278 | } |
275 | else | 279 | else |
diff --git a/OpenSim/Services/HypergridService/HGAssetService.cs b/OpenSim/Services/HypergridService/HGAssetService.cs index db98166..d6541c4 100644 --- a/OpenSim/Services/HypergridService/HGAssetService.cs +++ b/OpenSim/Services/HypergridService/HGAssetService.cs | |||
@@ -58,6 +58,9 @@ namespace OpenSim.Services.HypergridService | |||
58 | 58 | ||
59 | private UserAccountCache m_Cache; | 59 | private UserAccountCache m_Cache; |
60 | 60 | ||
61 | private bool[] m_DisallowGET, m_DisallowPOST; | ||
62 | private string[] m_AssetTypeNames; | ||
63 | |||
61 | public HGAssetService(IConfigSource config, string configName) : base(config, configName) | 64 | public HGAssetService(IConfigSource config, string configName) : base(config, configName) |
62 | { | 65 | { |
63 | m_log.Debug("[HGAsset Service]: Starting"); | 66 | m_log.Debug("[HGAsset Service]: Starting"); |
@@ -80,6 +83,34 @@ namespace OpenSim.Services.HypergridService | |||
80 | m_HomeURL = assetConfig.GetString("HomeURI", m_HomeURL); | 83 | m_HomeURL = assetConfig.GetString("HomeURI", m_HomeURL); |
81 | 84 | ||
82 | m_Cache = UserAccountCache.CreateUserAccountCache(m_UserAccountService); | 85 | m_Cache = UserAccountCache.CreateUserAccountCache(m_UserAccountService); |
86 | |||
87 | // Permissions | ||
88 | Type enumType = typeof(AssetType); | ||
89 | m_AssetTypeNames = Enum.GetNames(enumType); | ||
90 | for (int i = 0; i < m_AssetTypeNames.Length; i++) | ||
91 | m_AssetTypeNames[i] = m_AssetTypeNames[i].ToLower(); | ||
92 | int n = Enum.GetValues(enumType).Length; | ||
93 | m_DisallowGET = new bool[n]; | ||
94 | m_DisallowPOST = new bool[n]; | ||
95 | |||
96 | LoadPermsFromConfig(assetConfig, "DisallowGET", m_DisallowGET); | ||
97 | LoadPermsFromConfig(assetConfig, "DisallowPOST", m_DisallowPOST); | ||
98 | |||
99 | } | ||
100 | |||
101 | private void LoadPermsFromConfig(IConfig assetConfig, string variable, bool[] bitArray) | ||
102 | { | ||
103 | string perms = assetConfig.GetString(variable, String.Empty); | ||
104 | string[] parts = perms.Split(new char[] {','}, StringSplitOptions.RemoveEmptyEntries); | ||
105 | foreach (string s in parts) | ||
106 | { | ||
107 | int index = Array.IndexOf(m_AssetTypeNames, s.Trim().ToLower()); | ||
108 | if (index >= 0) | ||
109 | bitArray[index] = true; | ||
110 | else | ||
111 | m_log.WarnFormat("[HGAsset Service]: Invalid AssetType {0}", s); | ||
112 | } | ||
113 | |||
83 | } | 114 | } |
84 | 115 | ||
85 | #region IAssetService overrides | 116 | #region IAssetService overrides |
@@ -90,6 +121,9 @@ namespace OpenSim.Services.HypergridService | |||
90 | if (asset == null) | 121 | if (asset == null) |
91 | return null; | 122 | return null; |
92 | 123 | ||
124 | if (!AllowedGet(asset.Type)) | ||
125 | return null; | ||
126 | |||
93 | if (asset.Metadata.Type == (sbyte)AssetType.Object) | 127 | if (asset.Metadata.Type == (sbyte)AssetType.Object) |
94 | asset.Data = AdjustIdentifiers(asset.Data); ; | 128 | asset.Data = AdjustIdentifiers(asset.Data); ; |
95 | 129 | ||
@@ -112,16 +146,27 @@ namespace OpenSim.Services.HypergridService | |||
112 | 146 | ||
113 | public override byte[] GetData(string id) | 147 | public override byte[] GetData(string id) |
114 | { | 148 | { |
115 | byte[] data = base.GetData(id); | 149 | AssetBase asset = Get(id); |
116 | 150 | ||
117 | if (data == null) | 151 | if (asset == null) |
118 | return null; | 152 | return null; |
119 | 153 | ||
120 | return AdjustIdentifiers(data); | 154 | if (!AllowedGet(asset.Type)) |
155 | return null; | ||
156 | |||
157 | return asset.Data; | ||
121 | } | 158 | } |
122 | 159 | ||
123 | //public virtual bool Get(string id, Object sender, AssetRetrieved handler) | 160 | //public virtual bool Get(string id, Object sender, AssetRetrieved handler) |
124 | 161 | ||
162 | public override string Store(AssetBase asset) | ||
163 | { | ||
164 | if (!AllowedPost(asset.Type)) | ||
165 | return UUID.Zero.ToString(); | ||
166 | |||
167 | return base.Store(asset); | ||
168 | } | ||
169 | |||
125 | public override bool Delete(string id) | 170 | public override bool Delete(string id) |
126 | { | 171 | { |
127 | // NOGO | 172 | // NOGO |
@@ -130,6 +175,34 @@ namespace OpenSim.Services.HypergridService | |||
130 | 175 | ||
131 | #endregion | 176 | #endregion |
132 | 177 | ||
178 | protected bool AllowedGet(sbyte type) | ||
179 | { | ||
180 | string assetTypeName = ((AssetType)type).ToString(); | ||
181 | |||
182 | int index = Array.IndexOf(m_AssetTypeNames, assetTypeName.ToLower()); | ||
183 | if (index >= 0 && m_DisallowGET[index]) | ||
184 | { | ||
185 | m_log.DebugFormat("[HGAsset Service]: GET denied: service does not allow export of AssetType {0}", assetTypeName); | ||
186 | return false; | ||
187 | } | ||
188 | |||
189 | return true; | ||
190 | } | ||
191 | |||
192 | protected bool AllowedPost(sbyte type) | ||
193 | { | ||
194 | string assetTypeName = ((AssetType)type).ToString(); | ||
195 | |||
196 | int index = Array.IndexOf(m_AssetTypeNames, assetTypeName.ToLower()); | ||
197 | if (index >= 0 && m_DisallowPOST[index]) | ||
198 | { | ||
199 | m_log.DebugFormat("[HGAsset Service]: POST denied: service does not allow import of AssetType {0}", assetTypeName); | ||
200 | return false; | ||
201 | } | ||
202 | |||
203 | return true; | ||
204 | } | ||
205 | |||
133 | protected void AdjustIdentifiers(AssetMetadata meta) | 206 | protected void AdjustIdentifiers(AssetMetadata meta) |
134 | { | 207 | { |
135 | if (meta == null || m_Cache == null) | 208 | if (meta == null || m_Cache == null) |
diff --git a/bin/Robust.HG.ini.example b/bin/Robust.HG.ini.example index fad399d..8218b14 100644 --- a/bin/Robust.HG.ini.example +++ b/bin/Robust.HG.ini.example | |||
@@ -437,6 +437,16 @@ ServiceConnectors = "8003/OpenSim.Server.Handlers.dll:AssetServiceConnector,8003 | |||
437 | UserAccountsService = "OpenSim.Services.UserAccountService.dll:UserAccountService" | 437 | UserAccountsService = "OpenSim.Services.UserAccountService.dll:UserAccountService" |
438 | HomeURI = "http://127.0.0.1:8002" | 438 | HomeURI = "http://127.0.0.1:8002" |
439 | 439 | ||
440 | ;; The asset types that other grids can get from / post to this service. | ||
441 | ;; Valid values are all the asset types in OpenMetaverse.AssetType, namely: | ||
442 | ;; Unknown, Texture, Sound, CallingCard, Landmark, Clothing, Object, Notecard, LSLText, LSLBytecode, TextureTGA, Bodypart, SoundWAV, ImageTGA, ImageJPEG, Animation, Gesture, Mesh | ||
443 | ;; | ||
444 | ;; Leave blank or commented if you don't want to apply any restrictions. | ||
445 | ;; A more strict, but still reasonable, policy may be to disallow the exchange | ||
446 | ;; of scripts, like so: | ||
447 | ; DisallowGET ="LSLText" | ||
448 | ; DisallowPOST ="LSLBytecode" | ||
449 | |||
440 | [HGFriendsService] | 450 | [HGFriendsService] |
441 | LocalServiceModule = "OpenSim.Services.HypergridService.dll:HGFriendsService" | 451 | LocalServiceModule = "OpenSim.Services.HypergridService.dll:HGFriendsService" |
442 | UserAgentService = "OpenSim.Services.HypergridService.dll:UserAgentService" | 452 | UserAgentService = "OpenSim.Services.HypergridService.dll:UserAgentService" |
diff --git a/bin/config-include/StandaloneCommon.ini.example b/bin/config-include/StandaloneCommon.ini.example index e4bc548..d8ecba8 100644 --- a/bin/config-include/StandaloneCommon.ini.example +++ b/bin/config-include/StandaloneCommon.ini.example | |||
@@ -53,6 +53,17 @@ | |||
53 | [HGAssetService] | 53 | [HGAssetService] |
54 | HomeURI = "http://127.0.0.1:9000" | 54 | HomeURI = "http://127.0.0.1:9000" |
55 | 55 | ||
56 | ;; The asset types that other grids can get from / post to this service. | ||
57 | ;; Valid values are all the asset types in OpenMetaverse.AssetType, namely: | ||
58 | ;; Unknown, Texture, Sound, CallingCard, Landmark, Clothing, Object, Notecard, LSLText, LSLBytecode, TextureTGA, Bodypart, SoundWAV, ImageTGA, ImageJPEG, Animation, Gesture, Mesh | ||
59 | ;; | ||
60 | ;; Leave blank or commented if you don't want to apply any restrictions. | ||
61 | ;; A more strict, but still reasonable, policy may be to disallow the exchange | ||
62 | ;; of scripts, like so: | ||
63 | ; DisallowGET ="LSLText" | ||
64 | ; DisallowPOST ="LSLBytecode" | ||
65 | |||
66 | |||
56 | [HGInventoryAccessModule] | 67 | [HGInventoryAccessModule] |
57 | HomeURI = "http://127.0.0.1:9000" | 68 | HomeURI = "http://127.0.0.1:9000" |
58 | Gatekeeper = "http://127.0.0.1:9000" | 69 | Gatekeeper = "http://127.0.0.1:9000" |