diff options
author | UbitUmarov | 2019-10-16 00:08:45 +0100 |
---|---|---|
committer | UbitUmarov | 2019-10-16 00:08:45 +0100 |
commit | d79d7e228a059e40a9334c9e2ec4c81075443f83 (patch) | |
tree | 14e2d3ef3e7515f1e285cdd3ef66925ccd6039b0 /OpenSim/Region/ScriptEngine/Shared/Api/Implementation/OSSL_Api.cs | |
parent | change coments on osslEnable.ini and remove list of functions always suported; (diff) | |
download | opensim-SC-d79d7e228a059e40a9334c9e2ec4c81075443f83.zip opensim-SC-d79d7e228a059e40a9334c9e2ec4c81075443f83.tar.gz opensim-SC-d79d7e228a059e40a9334c9e2ec4c81075443f83.tar.bz2 opensim-SC-d79d7e228a059e40a9334c9e2ec4c81075443f83.tar.xz |
add OSSL option PermissionErrortoOwner (true or false). if true ossl functions permission errors will only be sent to prim owner, defaul false: send all around
Diffstat (limited to 'OpenSim/Region/ScriptEngine/Shared/Api/Implementation/OSSL_Api.cs')
-rw-r--r-- | OpenSim/Region/ScriptEngine/Shared/Api/Implementation/OSSL_Api.cs | 194 |
1 files changed, 101 insertions, 93 deletions
diff --git a/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/OSSL_Api.cs b/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/OSSL_Api.cs index f0f6781..4abd2f1 100644 --- a/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/OSSL_Api.cs +++ b/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/OSSL_Api.cs | |||
@@ -146,6 +146,7 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api | |||
146 | protected ISoundModule m_SoundModule = null; | 146 | protected ISoundModule m_SoundModule = null; |
147 | internal IConfig m_osslconfig; | 147 | internal IConfig m_osslconfig; |
148 | internal TimeZoneInfo PSTTimeZone = null; | 148 | internal TimeZoneInfo PSTTimeZone = null; |
149 | internal bool m_PermissionErrortoOwner = false; | ||
149 | 150 | ||
150 | public void Initialize( | 151 | public void Initialize( |
151 | IScriptEngine scriptEngine, SceneObjectPart host, TaskInventoryItem item) | 152 | IScriptEngine scriptEngine, SceneObjectPart host, TaskInventoryItem item) |
@@ -167,10 +168,10 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api | |||
167 | // m_log.Warn("[OSSL] OSSL FUNCTIONS ENABLED"); | 168 | // m_log.Warn("[OSSL] OSSL FUNCTIONS ENABLED"); |
168 | } | 169 | } |
169 | 170 | ||
170 | m_ScriptDelayFactor = | 171 | m_PermissionErrortoOwner = m_osslconfig.GetBoolean("PermissionErrorToOwner", m_PermissionErrortoOwner); |
171 | m_ScriptEngine.Config.GetFloat("ScriptDelayFactor", 1.0f); | 172 | |
172 | m_ScriptDistanceFactor = | 173 | m_ScriptDelayFactor = m_ScriptEngine.Config.GetFloat("ScriptDelayFactor", 1.0f); |
173 | m_ScriptEngine.Config.GetFloat("ScriptDistanceLimitFactor", 1.0f); | 174 | m_ScriptDistanceFactor = m_ScriptEngine.Config.GetFloat("ScriptDistanceLimitFactor", 1.0f); |
174 | 175 | ||
175 | string risk = m_osslconfig.GetString("OSFunctionThreatLevel", "VeryLow"); | 176 | string risk = m_osslconfig.GetString("OSFunctionThreatLevel", "VeryLow"); |
176 | switch (risk) | 177 | switch (risk) |
@@ -286,7 +287,7 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api | |||
286 | { | 287 | { |
287 | m_host.AddScriptLPS(1); | 288 | m_host.AddScriptLPS(1); |
288 | if (!m_OSFunctionsEnabled) | 289 | if (!m_OSFunctionsEnabled) |
289 | OSSLError("permission denied. All OS functions are disabled."); // throws | 290 | OSSLError("permission denied. All unsafe OSSL funtions disabled"); // throws |
290 | } | 291 | } |
291 | 292 | ||
292 | // Returns if the function is allowed. Throws a script exception if not allowed. | 293 | // Returns if the function is allowed. Throws a script exception if not allowed. |
@@ -294,17 +295,24 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api | |||
294 | { | 295 | { |
295 | m_host.AddScriptLPS(1); | 296 | m_host.AddScriptLPS(1); |
296 | if (!m_OSFunctionsEnabled) | 297 | if (!m_OSFunctionsEnabled) |
297 | OSSLError(String.Format("{0} permission denied. All OS functions are disabled.", function)); // throws | 298 | { |
299 | if (m_PermissionErrortoOwner) | ||
300 | throw new ScriptException("(OWNER)OSSL Permission Error: All unsafe OSSL funtions disabled"); | ||
301 | else | ||
302 | throw new ScriptException("OSSL Permission Error: All unsafe OSSL funtions disabled"); | ||
303 | } | ||
298 | 304 | ||
299 | string reasonWhyNot = CheckThreatLevelTest(level, function); | 305 | string reasonWhyNot = CheckThreatLevelTest(level, function); |
300 | if (!String.IsNullOrEmpty(reasonWhyNot)) | 306 | if (!String.IsNullOrEmpty(reasonWhyNot)) |
301 | { | 307 | { |
302 | OSSLError(reasonWhyNot); | 308 | if (m_PermissionErrortoOwner) |
309 | throw new ScriptException("(OWNER)OSSL Permission Error: " + reasonWhyNot); | ||
310 | else | ||
311 | throw new ScriptException("OSSL Permission Error: " + reasonWhyNot); | ||
303 | } | 312 | } |
304 | } | 313 | } |
305 | 314 | // Check to see if function is allowed. Returns an empty string if function permitted | |
306 | // Check to see if function is allowed. Returns an empty string if function permitted | 315 | // or a string explaining why this function can't be used. |
307 | // or a string explaining why this function can't be used. | ||
308 | private string CheckThreatLevelTest(ThreatLevel level, string function) | 316 | private string CheckThreatLevelTest(ThreatLevel level, string function) |
309 | { | 317 | { |
310 | if (!m_FunctionPerms.ContainsKey(function)) | 318 | if (!m_FunctionPerms.ContainsKey(function)) |
@@ -386,107 +394,107 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api | |||
386 | { | 394 | { |
387 | // Allow / disallow by threat level | 395 | // Allow / disallow by threat level |
388 | if (level > m_MaxThreatLevel) | 396 | if (level > m_MaxThreatLevel) |
389 | return | 397 | return String.Empty; |
390 | String.Format( | 398 | return String.Format( |
391 | "{0} permission denied. Allowed threat level is {1} but function threat level is {2}.", | 399 | "{0} permission denied. Allowed threat level is {1} but function threat level is {2}.", |
392 | function, m_MaxThreatLevel, level); | 400 | function, m_MaxThreatLevel, level); |
393 | } | 401 | } |
394 | else | ||
395 | { | ||
396 | if (!m_FunctionPerms[function].AllowedOwners.Contains(UUID.Zero)) | ||
397 | { | ||
398 | // Not anyone. Do detailed checks | ||
399 | if (m_FunctionPerms[function].AllowedOwners.Contains(m_host.OwnerID)) | ||
400 | { | ||
401 | // prim owner is in the list of allowed owners | ||
402 | return String.Empty; | ||
403 | } | ||
404 | 402 | ||
405 | UUID ownerID = m_item.OwnerID; | 403 | if(m_FunctionPerms[function].AllowedOwners.Count == 0 && m_FunctionPerms[function].AllowedCreators.Count == 0) |
404 | return String.Format("{0} disabled in region configuration", function); | ||
406 | 405 | ||
407 | //OSSL only may be used if object is in the same group as the parcel | 406 | if (m_FunctionPerms[function].AllowedOwners.Contains(UUID.Zero)) // always allowed |
408 | if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("PARCEL_GROUP_MEMBER")) | 407 | return String.Empty; |
409 | { | ||
410 | ILandObject land = World.LandChannel.GetLandObject(m_host.AbsolutePosition); | ||
411 | 408 | ||
412 | if (land.LandData.GroupID == m_item.GroupID && land.LandData.GroupID != UUID.Zero) | 409 | if (m_FunctionPerms[function].AllowedOwners.Contains(m_host.OwnerID)) |
413 | { | 410 | { |
414 | return String.Empty; | 411 | // prim owner is in the list of allowed owners |
415 | } | 412 | return String.Empty; |
416 | } | 413 | } |
417 | 414 | ||
418 | //Only Parcelowners may use the function | 415 | UUID ownerID = m_item.OwnerID; |
419 | if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("PARCEL_OWNER")) | ||
420 | { | ||
421 | ILandObject land = World.LandChannel.GetLandObject(m_host.AbsolutePosition); | ||
422 | 416 | ||
423 | if (land.LandData.OwnerID == ownerID) | 417 | //Only Parcelowners may use the function |
424 | { | 418 | if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("PARCEL_OWNER")) |
425 | return String.Empty; | 419 | { |
426 | } | 420 | ILandObject land = World.LandChannel.GetLandObject(m_host.AbsolutePosition); |
427 | } | ||
428 | |||
429 | //Only Estate Managers may use the function | ||
430 | if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("ESTATE_MANAGER")) | ||
431 | { | ||
432 | //Only Estate Managers may use the function | ||
433 | if (World.RegionInfo.EstateSettings.IsEstateManagerOrOwner(ownerID) && World.RegionInfo.EstateSettings.EstateOwner != ownerID) | ||
434 | { | ||
435 | return String.Empty; | ||
436 | } | ||
437 | } | ||
438 | 421 | ||
439 | //Only regionowners may use the function | 422 | if (land.LandData.OwnerID == ownerID) |
440 | if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("ESTATE_OWNER")) | 423 | { |
441 | { | 424 | return String.Empty; |
442 | if (World.RegionInfo.EstateSettings.EstateOwner == ownerID) | 425 | } |
443 | { | 426 | } |
444 | return String.Empty; | ||
445 | } | ||
446 | } | ||
447 | 427 | ||
428 | //OSSL only may be used if object is in the same group as the parcel | ||
429 | if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("PARCEL_GROUP_MEMBER")) | ||
430 | { | ||
431 | ILandObject land = World.LandChannel.GetLandObject(m_host.AbsolutePosition); | ||
448 | 432 | ||
449 | //Only grid gods may use the function | 433 | if (land.LandData.GroupID == m_item.GroupID && land.LandData.GroupID != UUID.Zero) |
450 | if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("GRID_GOD")) | 434 | { |
451 | { | 435 | return String.Empty; |
452 | if (World.Permissions.IsGridGod(ownerID)) | 436 | } |
453 | { | 437 | } |
454 | return String.Empty; | ||
455 | } | ||
456 | } | ||
457 | 438 | ||
458 | //Any god may use the function | 439 | //Only Estate Managers may use the function |
459 | if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("GOD")) | 440 | if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("ESTATE_MANAGER")) |
460 | { | 441 | { |
461 | if (World.Permissions.IsAdministrator(ownerID)) | 442 | //Only Estate Managers may use the function |
462 | { | 443 | if (World.RegionInfo.EstateSettings.IsEstateManagerOrOwner(ownerID) && World.RegionInfo.EstateSettings.EstateOwner != ownerID) |
463 | return String.Empty; | 444 | { |
464 | } | 445 | return String.Empty; |
465 | } | 446 | } |
447 | } | ||
466 | 448 | ||
467 | //Only active gods may use the function | 449 | //Only regionowners may use the function |
468 | if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("ACTIVE_GOD")) | 450 | if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("ESTATE_OWNER")) |
469 | { | 451 | { |
470 | ScenePresence sp = World.GetScenePresence(ownerID); | 452 | if (World.RegionInfo.EstateSettings.EstateOwner == ownerID) |
471 | if (sp != null && !sp.IsDeleted && sp.IsGod) | 453 | { |
472 | { | 454 | return String.Empty; |
473 | return String.Empty; | 455 | } |
474 | } | 456 | } |
475 | } | ||
476 | 457 | ||
477 | if (!m_FunctionPerms[function].AllowedCreators.Contains(m_item.CreatorID)) | 458 | //Only grid gods may use the function |
478 | return( | 459 | if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("GRID_GOD")) |
479 | String.Format("{0} permission denied. Script creator is not in the list of users allowed to execute this function and prim owner also has no permission.", | 460 | { |
480 | function)); | 461 | if (World.Permissions.IsGridGod(ownerID)) |
462 | { | ||
463 | return String.Empty; | ||
464 | } | ||
465 | } | ||
481 | 466 | ||
482 | if (m_item.CreatorID != ownerID) | 467 | //Any god may use the function |
483 | { | 468 | if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("GOD")) |
484 | if ((m_item.CurrentPermissions & (uint)PermissionMask.Modify) != 0) | 469 | { |
485 | return String.Format("{0} permission denied. Script permissions error.", function); | 470 | if (World.Permissions.IsAdministrator(ownerID)) |
471 | { | ||
472 | return String.Empty; | ||
473 | } | ||
474 | } | ||
486 | 475 | ||
487 | } | 476 | //Only active gods may use the function |
477 | if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("ACTIVE_GOD")) | ||
478 | { | ||
479 | ScenePresence sp = World.GetScenePresence(ownerID); | ||
480 | if (sp != null && !sp.IsDeleted && sp.IsGod) | ||
481 | { | ||
482 | return String.Empty; | ||
488 | } | 483 | } |
489 | } | 484 | } |
485 | |||
486 | if (!m_FunctionPerms[function].AllowedCreators.Contains(m_item.CreatorID)) | ||
487 | return( | ||
488 | String.Format("{0} permission denied. Script creator is not in the list of users allowed to execute this function and prim owner also has no permission.", | ||
489 | function)); | ||
490 | |||
491 | if (m_item.CreatorID != ownerID) | ||
492 | { | ||
493 | if ((m_item.CurrentPermissions & (uint)PermissionMask.Modify) != 0) | ||
494 | return String.Format("{0} permission denied. Script creator is not prim owner.", function); | ||
495 | |||
496 | } | ||
497 | |||
490 | return String.Empty; | 498 | return String.Empty; |
491 | } | 499 | } |
492 | 500 | ||