aboutsummaryrefslogtreecommitdiffstatshomepage
diff options
context:
space:
mode:
authorUbitUmarov2019-10-16 00:08:45 +0100
committerUbitUmarov2019-10-16 00:08:45 +0100
commitd79d7e228a059e40a9334c9e2ec4c81075443f83 (patch)
tree14e2d3ef3e7515f1e285cdd3ef66925ccd6039b0
parentchange coments on osslEnable.ini and remove list of functions always suported; (diff)
downloadopensim-SC-d79d7e228a059e40a9334c9e2ec4c81075443f83.zip
opensim-SC-d79d7e228a059e40a9334c9e2ec4c81075443f83.tar.gz
opensim-SC-d79d7e228a059e40a9334c9e2ec4c81075443f83.tar.bz2
opensim-SC-d79d7e228a059e40a9334c9e2ec4c81075443f83.tar.xz
add OSSL option PermissionErrortoOwner (true or false). if true ossl functions permission errors will only be sent to prim owner, defaul false: send all around
-rw-r--r--OpenSim/Region/ScriptEngine/Shared/Api/Implementation/OSSL_Api.cs194
-rw-r--r--OpenSim/Region/ScriptEngine/Shared/Instance/ScriptInstance.cs21
-rw-r--r--OpenSim/Region/ScriptEngine/YEngine/XMRInstRun.cs24
-rw-r--r--bin/config-include/osslEnable.ini5
4 files changed, 142 insertions, 102 deletions
diff --git a/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/OSSL_Api.cs b/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/OSSL_Api.cs
index f0f6781..4abd2f1 100644
--- a/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/OSSL_Api.cs
+++ b/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/OSSL_Api.cs
@@ -146,6 +146,7 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
146 protected ISoundModule m_SoundModule = null; 146 protected ISoundModule m_SoundModule = null;
147 internal IConfig m_osslconfig; 147 internal IConfig m_osslconfig;
148 internal TimeZoneInfo PSTTimeZone = null; 148 internal TimeZoneInfo PSTTimeZone = null;
149 internal bool m_PermissionErrortoOwner = false;
149 150
150 public void Initialize( 151 public void Initialize(
151 IScriptEngine scriptEngine, SceneObjectPart host, TaskInventoryItem item) 152 IScriptEngine scriptEngine, SceneObjectPart host, TaskInventoryItem item)
@@ -167,10 +168,10 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
167 // m_log.Warn("[OSSL] OSSL FUNCTIONS ENABLED"); 168 // m_log.Warn("[OSSL] OSSL FUNCTIONS ENABLED");
168 } 169 }
169 170
170 m_ScriptDelayFactor = 171 m_PermissionErrortoOwner = m_osslconfig.GetBoolean("PermissionErrorToOwner", m_PermissionErrortoOwner);
171 m_ScriptEngine.Config.GetFloat("ScriptDelayFactor", 1.0f); 172
172 m_ScriptDistanceFactor = 173 m_ScriptDelayFactor = m_ScriptEngine.Config.GetFloat("ScriptDelayFactor", 1.0f);
173 m_ScriptEngine.Config.GetFloat("ScriptDistanceLimitFactor", 1.0f); 174 m_ScriptDistanceFactor = m_ScriptEngine.Config.GetFloat("ScriptDistanceLimitFactor", 1.0f);
174 175
175 string risk = m_osslconfig.GetString("OSFunctionThreatLevel", "VeryLow"); 176 string risk = m_osslconfig.GetString("OSFunctionThreatLevel", "VeryLow");
176 switch (risk) 177 switch (risk)
@@ -286,7 +287,7 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
286 { 287 {
287 m_host.AddScriptLPS(1); 288 m_host.AddScriptLPS(1);
288 if (!m_OSFunctionsEnabled) 289 if (!m_OSFunctionsEnabled)
289 OSSLError("permission denied. All OS functions are disabled."); // throws 290 OSSLError("permission denied. All unsafe OSSL funtions disabled"); // throws
290 } 291 }
291 292
292 // Returns if the function is allowed. Throws a script exception if not allowed. 293 // Returns if the function is allowed. Throws a script exception if not allowed.
@@ -294,17 +295,24 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
294 { 295 {
295 m_host.AddScriptLPS(1); 296 m_host.AddScriptLPS(1);
296 if (!m_OSFunctionsEnabled) 297 if (!m_OSFunctionsEnabled)
297 OSSLError(String.Format("{0} permission denied. All OS functions are disabled.", function)); // throws 298 {
299 if (m_PermissionErrortoOwner)
300 throw new ScriptException("(OWNER)OSSL Permission Error: All unsafe OSSL funtions disabled");
301 else
302 throw new ScriptException("OSSL Permission Error: All unsafe OSSL funtions disabled");
303 }
298 304
299 string reasonWhyNot = CheckThreatLevelTest(level, function); 305 string reasonWhyNot = CheckThreatLevelTest(level, function);
300 if (!String.IsNullOrEmpty(reasonWhyNot)) 306 if (!String.IsNullOrEmpty(reasonWhyNot))
301 { 307 {
302 OSSLError(reasonWhyNot); 308 if (m_PermissionErrortoOwner)
309 throw new ScriptException("(OWNER)OSSL Permission Error: " + reasonWhyNot);
310 else
311 throw new ScriptException("OSSL Permission Error: " + reasonWhyNot);
303 } 312 }
304 } 313 }
305 314 // Check to see if function is allowed. Returns an empty string if function permitted
306 // Check to see if function is allowed. Returns an empty string if function permitted 315 // or a string explaining why this function can't be used.
307 // or a string explaining why this function can't be used.
308 private string CheckThreatLevelTest(ThreatLevel level, string function) 316 private string CheckThreatLevelTest(ThreatLevel level, string function)
309 { 317 {
310 if (!m_FunctionPerms.ContainsKey(function)) 318 if (!m_FunctionPerms.ContainsKey(function))
@@ -386,107 +394,107 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
386 { 394 {
387 // Allow / disallow by threat level 395 // Allow / disallow by threat level
388 if (level > m_MaxThreatLevel) 396 if (level > m_MaxThreatLevel)
389 return 397 return String.Empty;
390 String.Format( 398 return String.Format(
391 "{0} permission denied. Allowed threat level is {1} but function threat level is {2}.", 399 "{0} permission denied. Allowed threat level is {1} but function threat level is {2}.",
392 function, m_MaxThreatLevel, level); 400 function, m_MaxThreatLevel, level);
393 } 401 }
394 else
395 {
396 if (!m_FunctionPerms[function].AllowedOwners.Contains(UUID.Zero))
397 {
398 // Not anyone. Do detailed checks
399 if (m_FunctionPerms[function].AllowedOwners.Contains(m_host.OwnerID))
400 {
401 // prim owner is in the list of allowed owners
402 return String.Empty;
403 }
404 402
405 UUID ownerID = m_item.OwnerID; 403 if(m_FunctionPerms[function].AllowedOwners.Count == 0 && m_FunctionPerms[function].AllowedCreators.Count == 0)
404 return String.Format("{0} disabled in region configuration", function);
406 405
407 //OSSL only may be used if object is in the same group as the parcel 406 if (m_FunctionPerms[function].AllowedOwners.Contains(UUID.Zero)) // always allowed
408 if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("PARCEL_GROUP_MEMBER")) 407 return String.Empty;
409 {
410 ILandObject land = World.LandChannel.GetLandObject(m_host.AbsolutePosition);
411 408
412 if (land.LandData.GroupID == m_item.GroupID && land.LandData.GroupID != UUID.Zero) 409 if (m_FunctionPerms[function].AllowedOwners.Contains(m_host.OwnerID))
413 { 410 {
414 return String.Empty; 411 // prim owner is in the list of allowed owners
415 } 412 return String.Empty;
416 } 413 }
417 414
418 //Only Parcelowners may use the function 415 UUID ownerID = m_item.OwnerID;
419 if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("PARCEL_OWNER"))
420 {
421 ILandObject land = World.LandChannel.GetLandObject(m_host.AbsolutePosition);
422 416
423 if (land.LandData.OwnerID == ownerID) 417 //Only Parcelowners may use the function
424 { 418 if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("PARCEL_OWNER"))
425 return String.Empty; 419 {
426 } 420 ILandObject land = World.LandChannel.GetLandObject(m_host.AbsolutePosition);
427 }
428
429 //Only Estate Managers may use the function
430 if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("ESTATE_MANAGER"))
431 {
432 //Only Estate Managers may use the function
433 if (World.RegionInfo.EstateSettings.IsEstateManagerOrOwner(ownerID) && World.RegionInfo.EstateSettings.EstateOwner != ownerID)
434 {
435 return String.Empty;
436 }
437 }
438 421
439 //Only regionowners may use the function 422 if (land.LandData.OwnerID == ownerID)
440 if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("ESTATE_OWNER")) 423 {
441 { 424 return String.Empty;
442 if (World.RegionInfo.EstateSettings.EstateOwner == ownerID) 425 }
443 { 426 }
444 return String.Empty;
445 }
446 }
447 427
428 //OSSL only may be used if object is in the same group as the parcel
429 if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("PARCEL_GROUP_MEMBER"))
430 {
431 ILandObject land = World.LandChannel.GetLandObject(m_host.AbsolutePosition);
448 432
449 //Only grid gods may use the function 433 if (land.LandData.GroupID == m_item.GroupID && land.LandData.GroupID != UUID.Zero)
450 if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("GRID_GOD")) 434 {
451 { 435 return String.Empty;
452 if (World.Permissions.IsGridGod(ownerID)) 436 }
453 { 437 }
454 return String.Empty;
455 }
456 }
457 438
458 //Any god may use the function 439 //Only Estate Managers may use the function
459 if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("GOD")) 440 if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("ESTATE_MANAGER"))
460 { 441 {
461 if (World.Permissions.IsAdministrator(ownerID)) 442 //Only Estate Managers may use the function
462 { 443 if (World.RegionInfo.EstateSettings.IsEstateManagerOrOwner(ownerID) && World.RegionInfo.EstateSettings.EstateOwner != ownerID)
463 return String.Empty; 444 {
464 } 445 return String.Empty;
465 } 446 }
447 }
466 448
467 //Only active gods may use the function 449 //Only regionowners may use the function
468 if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("ACTIVE_GOD")) 450 if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("ESTATE_OWNER"))
469 { 451 {
470 ScenePresence sp = World.GetScenePresence(ownerID); 452 if (World.RegionInfo.EstateSettings.EstateOwner == ownerID)
471 if (sp != null && !sp.IsDeleted && sp.IsGod) 453 {
472 { 454 return String.Empty;
473 return String.Empty; 455 }
474 } 456 }
475 }
476 457
477 if (!m_FunctionPerms[function].AllowedCreators.Contains(m_item.CreatorID)) 458 //Only grid gods may use the function
478 return( 459 if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("GRID_GOD"))
479 String.Format("{0} permission denied. Script creator is not in the list of users allowed to execute this function and prim owner also has no permission.", 460 {
480 function)); 461 if (World.Permissions.IsGridGod(ownerID))
462 {
463 return String.Empty;
464 }
465 }
481 466
482 if (m_item.CreatorID != ownerID) 467 //Any god may use the function
483 { 468 if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("GOD"))
484 if ((m_item.CurrentPermissions & (uint)PermissionMask.Modify) != 0) 469 {
485 return String.Format("{0} permission denied. Script permissions error.", function); 470 if (World.Permissions.IsAdministrator(ownerID))
471 {
472 return String.Empty;
473 }
474 }
486 475
487 } 476 //Only active gods may use the function
477 if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("ACTIVE_GOD"))
478 {
479 ScenePresence sp = World.GetScenePresence(ownerID);
480 if (sp != null && !sp.IsDeleted && sp.IsGod)
481 {
482 return String.Empty;
488 } 483 }
489 } 484 }
485
486 if (!m_FunctionPerms[function].AllowedCreators.Contains(m_item.CreatorID))
487 return(
488 String.Format("{0} permission denied. Script creator is not in the list of users allowed to execute this function and prim owner also has no permission.",
489 function));
490
491 if (m_item.CreatorID != ownerID)
492 {
493 if ((m_item.CurrentPermissions & (uint)PermissionMask.Modify) != 0)
494 return String.Format("{0} permission denied. Script creator is not prim owner.", function);
495
496 }
497
490 return String.Empty; 498 return String.Empty;
491 } 499 }
492 500
diff --git a/OpenSim/Region/ScriptEngine/Shared/Instance/ScriptInstance.cs b/OpenSim/Region/ScriptEngine/Shared/Instance/ScriptInstance.cs
index ec2a24e..668bb1f 100644
--- a/OpenSim/Region/ScriptEngine/Shared/Instance/ScriptInstance.cs
+++ b/OpenSim/Region/ScriptEngine/Shared/Instance/ScriptInstance.cs
@@ -928,17 +928,30 @@ namespace OpenSim.Region.ScriptEngine.Shared.Instance
928 { 928 {
929 try 929 try
930 { 930 {
931
932 if(e.InnerException != null && e.InnerException is ScriptException) 931 if(e.InnerException != null && e.InnerException is ScriptException)
933 { 932 {
934 string text = e.InnerException.Message + 933 bool toowner = false;
935 "(script: " + ScriptName + 934 string text = e.InnerException.Message;
935 if(text.StartsWith("(OWNER)"))
936 {
937 text = text.Substring(7);
938 toowner = true;
939 }
940 text += "(script: " + ScriptName +
936 " event: " + data.EventName + 941 " event: " + data.EventName +
937 " primID:" + Part.UUID.ToString() + 942 " primID:" + Part.UUID.ToString() +
938 " at " + Part.AbsolutePosition + ")"; 943 " at " + Part.AbsolutePosition + ")";
939 if (text.Length > 1000) 944 if (text.Length > 1000)
940 text = text.Substring(0, 1000); 945 text = text.Substring(0, 1000);
941 Engine.World.SimChat(Utils.StringToBytes(text), 946 if (toowner)
947 {
948 ScenePresence sp = Engine.World.GetScenePresence(Part.OwnerID);
949 if (sp != null && !sp.IsNPC)
950 Engine.World.SimChatToAgent(Part.OwnerID, Utils.StringToBytes(text), 0x7FFFFFFF, Part.AbsolutePosition,
951 Part.Name, Part.UUID, false);
952 }
953 else
954 Engine.World.SimChat(Utils.StringToBytes(text),
942 ChatTypeEnum.DebugChannel, 2147483647, 955 ChatTypeEnum.DebugChannel, 2147483647,
943 Part.AbsolutePosition, 956 Part.AbsolutePosition,
944 Part.Name, Part.UUID, false); 957 Part.Name, Part.UUID, false);
diff --git a/OpenSim/Region/ScriptEngine/YEngine/XMRInstRun.cs b/OpenSim/Region/ScriptEngine/YEngine/XMRInstRun.cs
index 987e22c..30e397b 100644
--- a/OpenSim/Region/ScriptEngine/YEngine/XMRInstRun.cs
+++ b/OpenSim/Region/ScriptEngine/YEngine/XMRInstRun.cs
@@ -539,10 +539,18 @@ namespace OpenSim.Region.ScriptEngine.Yengine
539 private void SendScriptErrorMessage(Exception e, ScriptEventCode ev) 539 private void SendScriptErrorMessage(Exception e, ScriptEventCode ev)
540 { 540 {
541 StringBuilder msg = new StringBuilder(); 541 StringBuilder msg = new StringBuilder();
542 542 bool toowner = false;
543 msg.Append("YEngine: "); 543 msg.Append("YEngine: ");
544 if (e.Message != null) 544 if (e.Message != null)
545 msg.Append(e.Message); 545 {
546 string text = e.Message;
547 if (text.StartsWith("(OWNER)"))
548 {
549 text = text.Substring(7);
550 toowner = true;
551 }
552 msg.Append(text);
553 }
546 554
547 msg.Append(" (script: "); 555 msg.Append(" (script: ");
548 msg.Append(m_Item.Name); 556 msg.Append(m_Item.Name);
@@ -563,8 +571,16 @@ namespace OpenSim.Region.ScriptEngine.Yengine
563 if (msgst.Length > 1000) 571 if (msgst.Length > 1000)
564 msgst = msgst.Substring(0, 1000); 572 msgst = msgst.Substring(0, 1000);
565 573
566 m_Engine.World.SimChat(Utils.StringToBytes(msgst), 574 if (toowner)
567 ChatTypeEnum.DebugChannel, 2147483647, 575 {
576 ScenePresence sp = m_Engine.World.GetScenePresence(m_Part.OwnerID);
577 if (sp != null && !sp.IsNPC)
578 m_Engine.World.SimChatToAgent(m_Part.OwnerID, Utils.StringToBytes(msgst), 0x7FFFFFFF, m_Part.AbsolutePosition,
579 m_Part.Name, m_Part.UUID, false);
580 }
581 else
582 m_Engine.World.SimChat(Utils.StringToBytes(msgst),
583 ChatTypeEnum.DebugChannel, 0x7FFFFFFF,
568 m_Part.AbsolutePosition, 584 m_Part.AbsolutePosition,
569 m_Part.Name, m_Part.UUID, false); 585 m_Part.Name, m_Part.UUID, false);
570 m_log.Debug(string.Format( 586 m_log.Debug(string.Format(
diff --git a/bin/config-include/osslEnable.ini b/bin/config-include/osslEnable.ini
index 759647d..fd559b2 100644
--- a/bin/config-include/osslEnable.ini
+++ b/bin/config-include/osslEnable.ini
@@ -16,6 +16,9 @@
16 ; The setting enable_windlight = true must also be enabled in the [LightShare] section. 16 ; The setting enable_windlight = true must also be enabled in the [LightShare] section.
17 AllowLightShareFunctions = true 17 AllowLightShareFunctions = true
18 18
19 ; Send function permission error to owner if true, to all if false
20 PermissionErrorToOwner = false
21
19 ; Function Threat level 22 ; Function Threat level
20 ; Several functions have a predefined threat level, one of: None, VeryLow, Low, Moderate, High, VeryHigh, Severe. 23 ; Several functions have a predefined threat level, one of: None, VeryLow, Low, Moderate, High, VeryHigh, Severe.
21 ; See http://opensimulator.org/wiki/Threat_level for more information on these levels. 24 ; See http://opensimulator.org/wiki/Threat_level for more information on these levels.
@@ -64,7 +67,7 @@
64 67
65 ; The threat level also can be replaced by lines of the form 68 ; The threat level also can be replaced by lines of the form
66 ; Creators__FunctionName = comma separated list of UUIDs 69 ; Creators__FunctionName = comma separated list of UUIDs
67 ; this will enable the function for users that are creators and owners of the prim 70 ; this will enable the function for users that are the script creators and owners of the prim
68 71
69 72
70; ************************************************* 73; *************************************************