aboutsummaryrefslogtreecommitdiffstatshomepage
diff options
context:
space:
mode:
authorDiva Canto2012-09-20 15:49:22 -0700
committerDiva Canto2012-09-20 15:49:22 -0700
commit3089b6d824f1d4eb25ba12c5fd037153fdc92e1e (patch)
treef70c7a399cf2e2af599f25798a6b3c3b3d3f89d6
parentCorrectly override and call base OpenSimTestCase.SetUp() method in GridConnec... (diff)
downloadopensim-SC-3089b6d824f1d4eb25ba12c5fd037153fdc92e1e.zip
opensim-SC-3089b6d824f1d4eb25ba12c5fd037153fdc92e1e.tar.gz
opensim-SC-3089b6d824f1d4eb25ba12c5fd037153fdc92e1e.tar.bz2
opensim-SC-3089b6d824f1d4eb25ba12c5fd037153fdc92e1e.tar.xz
More HG2.0: Added permission policies in HGAsset Service based on asset types. The policies are given in the config. This is only half of the story. The other half, pertaining to exports/imports made by the sim, will be done next.
-rw-r--r--OpenSim/Region/CoreModules/Framework/InventoryAccess/HGAssetMapper.cs34
-rw-r--r--OpenSim/Services/HypergridService/HGAssetService.cs79
-rw-r--r--bin/Robust.HG.ini.example10
-rw-r--r--bin/config-include/StandaloneCommon.ini.example11
4 files changed, 116 insertions, 18 deletions
diff --git a/OpenSim/Region/CoreModules/Framework/InventoryAccess/HGAssetMapper.cs b/OpenSim/Region/CoreModules/Framework/InventoryAccess/HGAssetMapper.cs
index eaadc1b..fcecbbc 100644
--- a/OpenSim/Region/CoreModules/Framework/InventoryAccess/HGAssetMapper.cs
+++ b/OpenSim/Region/CoreModules/Framework/InventoryAccess/HGAssetMapper.cs
@@ -93,6 +93,7 @@ namespace OpenSim.Region.CoreModules.Framework.InventoryAccess
93 if (!url.EndsWith("/") && !url.EndsWith("=")) 93 if (!url.EndsWith("/") && !url.EndsWith("="))
94 url = url + "/"; 94 url = url + "/";
95 95
96 bool success = true;
96 // See long comment in AssetCache.AddAsset 97 // See long comment in AssetCache.AddAsset
97 if (!asset.Temporary || asset.Local) 98 if (!asset.Temporary || asset.Local)
98 { 99 {
@@ -103,14 +104,7 @@ namespace OpenSim.Region.CoreModules.Framework.InventoryAccess
103 // not having a global naming infrastructure 104 // not having a global naming infrastructure
104 AssetBase asset1 = new AssetBase(asset.FullID, asset.Name, asset.Type, asset.Metadata.CreatorID); 105 AssetBase asset1 = new AssetBase(asset.FullID, asset.Name, asset.Type, asset.Metadata.CreatorID);
105 Copy(asset, asset1); 106 Copy(asset, asset1);
106 try 107 asset1.ID = url + asset.ID;
107 {
108 asset1.ID = url + asset.ID;
109 }
110 catch
111 {
112 m_log.Warn("[HG ASSET MAPPER]: Oops.");
113 }
114 108
115 AdjustIdentifiers(asset1.Metadata); 109 AdjustIdentifiers(asset1.Metadata);
116 if (asset1.Metadata.Type == (sbyte)AssetType.Object) 110 if (asset1.Metadata.Type == (sbyte)AssetType.Object)
@@ -118,11 +112,17 @@ namespace OpenSim.Region.CoreModules.Framework.InventoryAccess
118 else 112 else
119 asset1.Data = asset.Data; 113 asset1.Data = asset.Data;
120 114
121 m_scene.AssetService.Store(asset1); 115 string id = m_scene.AssetService.Store(asset1);
122 m_log.DebugFormat("[HG ASSET MAPPER]: Posted copy of asset {0} from local asset server to {1}", asset1.ID, url); 116 if (id == UUID.Zero.ToString())
117 {
118 m_log.DebugFormat("[HG ASSET MAPPER]: Asset server {0} did not accept {1}", url, asset.ID);
119 success = false;
120 }
121 else
122 m_log.DebugFormat("[HG ASSET MAPPER]: Posted copy of asset {0} from local asset server to {1}", asset1.ID, url);
123 } 123 }
124 return true; 124 return success;
125 } 125 }
126 else 126 else
127 m_log.Warn("[HG ASSET MAPPER]: Tried to post asset to remote server, but asset not in local cache."); 127 m_log.Warn("[HG ASSET MAPPER]: Tried to post asset to remote server, but asset not in local cache.");
128 128
@@ -259,17 +259,21 @@ namespace OpenSim.Region.CoreModules.Framework.InventoryAccess
259 Dictionary<UUID, AssetType> ids = new Dictionary<UUID, AssetType>(); 259 Dictionary<UUID, AssetType> ids = new Dictionary<UUID, AssetType>();
260 HGUuidGatherer uuidGatherer = new HGUuidGatherer(this, m_scene.AssetService, string.Empty); 260 HGUuidGatherer uuidGatherer = new HGUuidGatherer(this, m_scene.AssetService, string.Empty);
261 uuidGatherer.GatherAssetUuids(asset.FullID, (AssetType)asset.Type, ids); 261 uuidGatherer.GatherAssetUuids(asset.FullID, (AssetType)asset.Type, ids);
262 bool success = false;
262 foreach (UUID uuid in ids.Keys) 263 foreach (UUID uuid in ids.Keys)
263 { 264 {
264 asset = m_scene.AssetService.Get(uuid.ToString()); 265 asset = m_scene.AssetService.Get(uuid.ToString());
265 if (asset == null) 266 if (asset == null)
266 m_log.DebugFormat("[HG ASSET MAPPER]: Could not find asset {0}", uuid); 267 m_log.DebugFormat("[HG ASSET MAPPER]: Could not find asset {0}", uuid);
267 else 268 else
268 PostAsset(userAssetURL, asset); 269 success = PostAsset(userAssetURL, asset);
269 } 270 }
270 271
271 // maybe all pieces got there... 272 // maybe all pieces got there...
272 m_log.DebugFormat("[HG ASSET MAPPER]: Successfully posted item {0} to asset server {1}", assetID, userAssetURL); 273 if (!success)
274 m_log.DebugFormat("[HG ASSET MAPPER]: Problems posting item {0} to asset server {1}", assetID, userAssetURL);
275 else
276 m_log.DebugFormat("[HG ASSET MAPPER]: Successfully posted item {0} to asset server {1}", assetID, userAssetURL);
273 277
274 } 278 }
275 else 279 else
diff --git a/OpenSim/Services/HypergridService/HGAssetService.cs b/OpenSim/Services/HypergridService/HGAssetService.cs
index db98166..d6541c4 100644
--- a/OpenSim/Services/HypergridService/HGAssetService.cs
+++ b/OpenSim/Services/HypergridService/HGAssetService.cs
@@ -58,6 +58,9 @@ namespace OpenSim.Services.HypergridService
58 58
59 private UserAccountCache m_Cache; 59 private UserAccountCache m_Cache;
60 60
61 private bool[] m_DisallowGET, m_DisallowPOST;
62 private string[] m_AssetTypeNames;
63
61 public HGAssetService(IConfigSource config, string configName) : base(config, configName) 64 public HGAssetService(IConfigSource config, string configName) : base(config, configName)
62 { 65 {
63 m_log.Debug("[HGAsset Service]: Starting"); 66 m_log.Debug("[HGAsset Service]: Starting");
@@ -80,6 +83,34 @@ namespace OpenSim.Services.HypergridService
80 m_HomeURL = assetConfig.GetString("HomeURI", m_HomeURL); 83 m_HomeURL = assetConfig.GetString("HomeURI", m_HomeURL);
81 84
82 m_Cache = UserAccountCache.CreateUserAccountCache(m_UserAccountService); 85 m_Cache = UserAccountCache.CreateUserAccountCache(m_UserAccountService);
86
87 // Permissions
88 Type enumType = typeof(AssetType);
89 m_AssetTypeNames = Enum.GetNames(enumType);
90 for (int i = 0; i < m_AssetTypeNames.Length; i++)
91 m_AssetTypeNames[i] = m_AssetTypeNames[i].ToLower();
92 int n = Enum.GetValues(enumType).Length;
93 m_DisallowGET = new bool[n];
94 m_DisallowPOST = new bool[n];
95
96 LoadPermsFromConfig(assetConfig, "DisallowGET", m_DisallowGET);
97 LoadPermsFromConfig(assetConfig, "DisallowPOST", m_DisallowPOST);
98
99 }
100
101 private void LoadPermsFromConfig(IConfig assetConfig, string variable, bool[] bitArray)
102 {
103 string perms = assetConfig.GetString(variable, String.Empty);
104 string[] parts = perms.Split(new char[] {','}, StringSplitOptions.RemoveEmptyEntries);
105 foreach (string s in parts)
106 {
107 int index = Array.IndexOf(m_AssetTypeNames, s.Trim().ToLower());
108 if (index >= 0)
109 bitArray[index] = true;
110 else
111 m_log.WarnFormat("[HGAsset Service]: Invalid AssetType {0}", s);
112 }
113
83 } 114 }
84 115
85 #region IAssetService overrides 116 #region IAssetService overrides
@@ -90,6 +121,9 @@ namespace OpenSim.Services.HypergridService
90 if (asset == null) 121 if (asset == null)
91 return null; 122 return null;
92 123
124 if (!AllowedGet(asset.Type))
125 return null;
126
93 if (asset.Metadata.Type == (sbyte)AssetType.Object) 127 if (asset.Metadata.Type == (sbyte)AssetType.Object)
94 asset.Data = AdjustIdentifiers(asset.Data); ; 128 asset.Data = AdjustIdentifiers(asset.Data); ;
95 129
@@ -112,16 +146,27 @@ namespace OpenSim.Services.HypergridService
112 146
113 public override byte[] GetData(string id) 147 public override byte[] GetData(string id)
114 { 148 {
115 byte[] data = base.GetData(id); 149 AssetBase asset = Get(id);
116 150
117 if (data == null) 151 if (asset == null)
118 return null; 152 return null;
119 153
120 return AdjustIdentifiers(data); 154 if (!AllowedGet(asset.Type))
155 return null;
156
157 return asset.Data;
121 } 158 }
122 159
123 //public virtual bool Get(string id, Object sender, AssetRetrieved handler) 160 //public virtual bool Get(string id, Object sender, AssetRetrieved handler)
124 161
162 public override string Store(AssetBase asset)
163 {
164 if (!AllowedPost(asset.Type))
165 return UUID.Zero.ToString();
166
167 return base.Store(asset);
168 }
169
125 public override bool Delete(string id) 170 public override bool Delete(string id)
126 { 171 {
127 // NOGO 172 // NOGO
@@ -130,6 +175,34 @@ namespace OpenSim.Services.HypergridService
130 175
131 #endregion 176 #endregion
132 177
178 protected bool AllowedGet(sbyte type)
179 {
180 string assetTypeName = ((AssetType)type).ToString();
181
182 int index = Array.IndexOf(m_AssetTypeNames, assetTypeName.ToLower());
183 if (index >= 0 && m_DisallowGET[index])
184 {
185 m_log.DebugFormat("[HGAsset Service]: GET denied: service does not allow export of AssetType {0}", assetTypeName);
186 return false;
187 }
188
189 return true;
190 }
191
192 protected bool AllowedPost(sbyte type)
193 {
194 string assetTypeName = ((AssetType)type).ToString();
195
196 int index = Array.IndexOf(m_AssetTypeNames, assetTypeName.ToLower());
197 if (index >= 0 && m_DisallowPOST[index])
198 {
199 m_log.DebugFormat("[HGAsset Service]: POST denied: service does not allow import of AssetType {0}", assetTypeName);
200 return false;
201 }
202
203 return true;
204 }
205
133 protected void AdjustIdentifiers(AssetMetadata meta) 206 protected void AdjustIdentifiers(AssetMetadata meta)
134 { 207 {
135 if (meta == null || m_Cache == null) 208 if (meta == null || m_Cache == null)
diff --git a/bin/Robust.HG.ini.example b/bin/Robust.HG.ini.example
index fad399d..8218b14 100644
--- a/bin/Robust.HG.ini.example
+++ b/bin/Robust.HG.ini.example
@@ -437,6 +437,16 @@ ServiceConnectors = "8003/OpenSim.Server.Handlers.dll:AssetServiceConnector,8003
437 UserAccountsService = "OpenSim.Services.UserAccountService.dll:UserAccountService" 437 UserAccountsService = "OpenSim.Services.UserAccountService.dll:UserAccountService"
438 HomeURI = "http://127.0.0.1:8002" 438 HomeURI = "http://127.0.0.1:8002"
439 439
440 ;; The asset types that other grids can get from / post to this service.
441 ;; Valid values are all the asset types in OpenMetaverse.AssetType, namely:
442 ;; Unknown, Texture, Sound, CallingCard, Landmark, Clothing, Object, Notecard, LSLText, LSLBytecode, TextureTGA, Bodypart, SoundWAV, ImageTGA, ImageJPEG, Animation, Gesture, Mesh
443 ;;
444 ;; Leave blank or commented if you don't want to apply any restrictions.
445 ;; A more strict, but still reasonable, policy may be to disallow the exchange
446 ;; of scripts, like so:
447 ; DisallowGET ="LSLText"
448 ; DisallowPOST ="LSLBytecode"
449
440[HGFriendsService] 450[HGFriendsService]
441 LocalServiceModule = "OpenSim.Services.HypergridService.dll:HGFriendsService" 451 LocalServiceModule = "OpenSim.Services.HypergridService.dll:HGFriendsService"
442 UserAgentService = "OpenSim.Services.HypergridService.dll:UserAgentService" 452 UserAgentService = "OpenSim.Services.HypergridService.dll:UserAgentService"
diff --git a/bin/config-include/StandaloneCommon.ini.example b/bin/config-include/StandaloneCommon.ini.example
index e4bc548..d8ecba8 100644
--- a/bin/config-include/StandaloneCommon.ini.example
+++ b/bin/config-include/StandaloneCommon.ini.example
@@ -53,6 +53,17 @@
53[HGAssetService] 53[HGAssetService]
54 HomeURI = "http://127.0.0.1:9000" 54 HomeURI = "http://127.0.0.1:9000"
55 55
56 ;; The asset types that other grids can get from / post to this service.
57 ;; Valid values are all the asset types in OpenMetaverse.AssetType, namely:
58 ;; Unknown, Texture, Sound, CallingCard, Landmark, Clothing, Object, Notecard, LSLText, LSLBytecode, TextureTGA, Bodypart, SoundWAV, ImageTGA, ImageJPEG, Animation, Gesture, Mesh
59 ;;
60 ;; Leave blank or commented if you don't want to apply any restrictions.
61 ;; A more strict, but still reasonable, policy may be to disallow the exchange
62 ;; of scripts, like so:
63 ; DisallowGET ="LSLText"
64 ; DisallowPOST ="LSLBytecode"
65
66
56[HGInventoryAccessModule] 67[HGInventoryAccessModule]
57 HomeURI = "http://127.0.0.1:9000" 68 HomeURI = "http://127.0.0.1:9000"
58 Gatekeeper = "http://127.0.0.1:9000" 69 Gatekeeper = "http://127.0.0.1:9000"