aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/OpenSim/Region
diff options
context:
space:
mode:
authorAdam Frisby2007-10-21 22:15:41 +0000
committerAdam Frisby2007-10-21 22:15:41 +0000
commit7f2ec02802cabc98e93ac872999933b6e5be48e5 (patch)
tree9a3fd985e02939a090fdf4ffaa9e7b1af25a8173 /OpenSim/Region
parentfix line ending mixing. Probably should put some (diff)
downloadopensim-SC-7f2ec02802cabc98e93ac872999933b6e5be48e5.zip
opensim-SC-7f2ec02802cabc98e93ac872999933b6e5be48e5.tar.gz
opensim-SC-7f2ec02802cabc98e93ac872999933b6e5be48e5.tar.bz2
opensim-SC-7f2ec02802cabc98e93ac872999933b6e5be48e5.tar.xz
* Disabled TCP Remoting Channel Security for InterRegion communication, as it appears we are not implementing this correctly. (need to set up certificates first)
* Documented ACL class
Diffstat (limited to 'OpenSim/Region')
-rw-r--r--OpenSim/Region/Communications/OGS1/OGS1GridServices.cs2
-rw-r--r--OpenSim/Region/Environment/PermissionManager.cs653
2 files changed, 328 insertions, 327 deletions
diff --git a/OpenSim/Region/Communications/OGS1/OGS1GridServices.cs b/OpenSim/Region/Communications/OGS1/OGS1GridServices.cs
index 1a9584a..cc56078 100644
--- a/OpenSim/Region/Communications/OGS1/OGS1GridServices.cs
+++ b/OpenSim/Region/Communications/OGS1/OGS1GridServices.cs
@@ -327,7 +327,7 @@ namespace OpenSim.Region.Communications.OGS1
327 private void StartRemoting() 327 private void StartRemoting()
328 { 328 {
329 TcpChannel ch = new TcpChannel(this.serversInfo.RemotingListenerPort); 329 TcpChannel ch = new TcpChannel(this.serversInfo.RemotingListenerPort);
330 ChannelServices.RegisterChannel(ch, true); 330 ChannelServices.RegisterChannel(ch, false); // Disabled security as Mono doesnt support this.
331 331
332 WellKnownServiceTypeEntry wellType = new WellKnownServiceTypeEntry(typeof(OGS1InterRegionRemoting), "InterRegions", WellKnownObjectMode.Singleton); 332 WellKnownServiceTypeEntry wellType = new WellKnownServiceTypeEntry(typeof(OGS1InterRegionRemoting), "InterRegions", WellKnownObjectMode.Singleton);
333 RemotingConfiguration.RegisterWellKnownServiceType(wellType); 333 RemotingConfiguration.RegisterWellKnownServiceType(wellType);
diff --git a/OpenSim/Region/Environment/PermissionManager.cs b/OpenSim/Region/Environment/PermissionManager.cs
index d32ac0b..c40012d 100644
--- a/OpenSim/Region/Environment/PermissionManager.cs
+++ b/OpenSim/Region/Environment/PermissionManager.cs
@@ -1,327 +1,328 @@
1/* 1/*
2* Copyright (c) Contributors, http://opensimulator.org/ 2* Copyright (c) Contributors, http://opensimulator.org/
3* See CONTRIBUTORS.TXT for a full list of copyright holders. 3* See CONTRIBUTORS.TXT for a full list of copyright holders.
4* 4*
5* Redistribution and use in source and binary forms, with or without 5* Redistribution and use in source and binary forms, with or without
6* modification, are permitted provided that the following conditions are met: 6* modification, are permitted provided that the following conditions are met:
7* * Redistributions of source code must retain the above copyright 7* * Redistributions of source code must retain the above copyright
8* notice, this list of conditions and the following disclaimer. 8* notice, this list of conditions and the following disclaimer.
9* * Redistributions in binary form must reproduce the above copyright 9* * Redistributions in binary form must reproduce the above copyright
10* notice, this list of conditions and the following disclaimer in the 10* notice, this list of conditions and the following disclaimer in the
11* documentation and/or other materials provided with the distribution. 11* documentation and/or other materials provided with the distribution.
12* * Neither the name of the OpenSim Project nor the 12* * Neither the name of the OpenSim Project nor the
13* names of its contributors may be used to endorse or promote products 13* names of its contributors may be used to endorse or promote products
14* derived from this software without specific prior written permission. 14* derived from this software without specific prior written permission.
15* 15*
16* THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS AS IS AND ANY 16* THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS AS IS AND ANY
17* EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 17* EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
18* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 18* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
19* DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY 19* DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY
20* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 20* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
21* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 21* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
22* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 22* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
23* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 23* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
24* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 24* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
25* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 25* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26* 26*
27*/ 27*/
28 28
29using libsecondlife; 29using libsecondlife;
30using OpenSim.Region.Environment.LandManagement; 30using OpenSim.Region.Environment.LandManagement;
31using OpenSim.Region.Environment.Scenes; 31using OpenSim.Region.Environment.Scenes;
32 32using OpenSim.Framework.PolicyManager;
33namespace OpenSim.Region.Environment 33
34{ 34namespace OpenSim.Region.Environment
35 public class PermissionManager 35{
36 { 36 public class PermissionManager
37 protected Scene m_scene; 37 {
38 38 protected Scene m_scene;
39 // Bypasses the permissions engine (always returns OK) 39
40 // disable in any production environment 40 // Bypasses the permissions engine (always returns OK)
41 // TODO: Change this to false when permissions are a desired default 41 // disable in any production environment
42 // TODO: Move to configuration option. 42 // TODO: Change this to false when permissions are a desired default
43 private bool m_bypassPermissions = true; 43 // TODO: Move to configuration option.
44 44 private bool m_bypassPermissions = true;
45 public bool BypassPermissions 45
46 { 46 public bool BypassPermissions
47 get { return m_bypassPermissions; } 47 {
48 set { m_bypassPermissions = value; } 48 get { return m_bypassPermissions; }
49 } 49 set { m_bypassPermissions = value; }
50 50 }
51 51
52 public PermissionManager(Scene scene) 52
53 { 53 public PermissionManager(Scene scene)
54 m_scene = scene; 54 {
55 } 55 m_scene = scene;
56 56 }
57 protected virtual void SendPermissionError(LLUUID user, string reason) 57
58 { 58 protected virtual void SendPermissionError(LLUUID user, string reason)
59 m_scene.EventManager.TriggerPermissionError(user, reason); 59 {
60 } 60 m_scene.EventManager.TriggerPermissionError(user, reason);
61 61 }
62 protected virtual bool IsAdministrator(LLUUID user) 62
63 { 63 protected virtual bool IsAdministrator(LLUUID user)
64 if (m_bypassPermissions) 64 {
65 { 65 if (m_bypassPermissions)
66 return true; 66 {
67 } 67 return true;
68 68 }
69 return m_scene.RegionInfo.MasterAvatarAssignedUUID == user; 69
70 } 70 return m_scene.RegionInfo.MasterAvatarAssignedUUID == user;
71 71 }
72 protected virtual bool IsEstateManager(LLUUID user) 72
73 { 73 protected virtual bool IsEstateManager(LLUUID user)
74 if (m_bypassPermissions) 74 {
75 { 75 if (m_bypassPermissions)
76 return true; 76 {
77 } 77 return true;
78 78 }
79 return false; 79
80 } 80 return false;
81 81 }
82 protected virtual bool IsGridUser(LLUUID user) 82
83 { 83 protected virtual bool IsGridUser(LLUUID user)
84 return true; 84 {
85 } 85 return true;
86 86 }
87 protected virtual bool IsGuest(LLUUID user) 87
88 { 88 protected virtual bool IsGuest(LLUUID user)
89 return false; 89 {
90 } 90 return false;
91 91 }
92 public virtual bool CanRezObject(LLUUID user, LLVector3 position) 92
93 { 93 public virtual bool CanRezObject(LLUUID user, LLVector3 position)
94 bool permission = false; 94 {
95 95 bool permission = false;
96 string reason = "Insufficient permission"; 96
97 97 string reason = "Insufficient permission";
98 if (IsAdministrator(user)) 98
99 { 99 if (IsAdministrator(user))
100 permission = true; 100 {
101 } 101 permission = true;
102 else 102 }
103 { 103 else
104 reason = "Not an administrator"; 104 {
105 } 105 reason = "Not an administrator";
106 106 }
107 if (GenericParcelPermission(user, position)) 107
108 { 108 if (GenericParcelPermission(user, position))
109 permission = true; 109 {
110 } 110 permission = true;
111 else 111 }
112 { 112 else
113 reason = "Not the parcel owner"; 113 {
114 } 114 reason = "Not the parcel owner";
115 115 }
116 if (!permission) 116
117 SendPermissionError(user, reason); 117 if (!permission)
118 118 SendPermissionError(user, reason);
119 return permission; 119
120 } 120 return permission;
121 121 }
122 #region Object Permissions 122
123 123 #region Object Permissions
124 protected virtual bool GenericObjectPermission(LLUUID user, LLUUID objId) 124
125 { 125 protected virtual bool GenericObjectPermission(LLUUID user, LLUUID objId)
126 // Default: deny 126 {
127 bool permission = false; 127 // Default: deny
128 128 bool permission = false;
129 if (!m_scene.Entities.ContainsKey(objId)) 129
130 { 130 if (!m_scene.Entities.ContainsKey(objId))
131 return false; 131 {
132 } 132 return false;
133 133 }
134 // If it's not an object, we cant edit it. 134
135 if (!(m_scene.Entities[objId] is SceneObjectGroup)) 135 // If it's not an object, we cant edit it.
136 { 136 if (!(m_scene.Entities[objId] is SceneObjectGroup))
137 return false; 137 {
138 } 138 return false;
139 139 }
140 SceneObjectGroup task = (SceneObjectGroup) m_scene.Entities[objId]; 140
141 LLUUID taskOwner = null; 141 SceneObjectGroup task = (SceneObjectGroup) m_scene.Entities[objId];
142 142 LLUUID taskOwner = null;
143 // Object owners should be able to edit their own content 143
144 if (user == taskOwner) 144 // Object owners should be able to edit their own content
145 permission = true; 145 if (user == taskOwner)
146 146 permission = true;
147 // Users should be able to edit what is over their land. 147
148 if (m_scene.LandManager.getLandObject(task.AbsolutePosition.X, task.AbsolutePosition.Y).landData.ownerID == 148 // Users should be able to edit what is over their land.
149 user) 149 if (m_scene.LandManager.getLandObject(task.AbsolutePosition.X, task.AbsolutePosition.Y).landData.ownerID ==
150 permission = true; 150 user)
151 151 permission = true;
152 // Estate users should be able to edit anything in the sim 152
153 if (IsEstateManager(user)) 153 // Estate users should be able to edit anything in the sim
154 permission = true; 154 if (IsEstateManager(user))
155 155 permission = true;
156 // Admin objects should not be editable by the above 156
157 if (IsAdministrator(taskOwner)) 157 // Admin objects should not be editable by the above
158 permission = false; 158 if (IsAdministrator(taskOwner))
159 159 permission = false;
160 // Admin should be able to edit anything in the sim (including admin objects) 160
161 if (IsAdministrator(user)) 161 // Admin should be able to edit anything in the sim (including admin objects)
162 permission = true; 162 if (IsAdministrator(user))
163 163 permission = true;
164 return permission; 164
165 } 165 return permission;
166 166 }
167 /// <summary> 167
168 /// Permissions check - can user delete an object? 168 /// <summary>
169 /// </summary> 169 /// Permissions check - can user delete an object?
170 /// <param name="user">User attempting the delete</param> 170 /// </summary>
171 /// <param name="obj">Target object</param> 171 /// <param name="user">User attempting the delete</param>
172 /// <returns>Has permission?</returns> 172 /// <param name="obj">Target object</param>
173 public virtual bool CanDeRezObject(LLUUID user, LLUUID obj) 173 /// <returns>Has permission?</returns>
174 { 174 public virtual bool CanDeRezObject(LLUUID user, LLUUID obj)
175 return GenericObjectPermission(user, obj); 175 {
176 } 176 return GenericObjectPermission(user, obj);
177 177 }
178 public virtual bool CanEditObject(LLUUID user, LLUUID obj) 178
179 { 179 public virtual bool CanEditObject(LLUUID user, LLUUID obj)
180 return GenericObjectPermission(user, obj); 180 {
181 } 181 return GenericObjectPermission(user, obj);
182 182 }
183 public virtual bool CanReturnObject(LLUUID user, LLUUID obj) 183
184 { 184 public virtual bool CanReturnObject(LLUUID user, LLUUID obj)
185 return GenericObjectPermission(user, obj); 185 {
186 } 186 return GenericObjectPermission(user, obj);
187 187 }
188 #endregion 188
189 189 #endregion
190 #region Communication Permissions 190
191 191 #region Communication Permissions
192 public virtual bool GenericCommunicationPermission(LLUUID user, LLUUID target) 192
193 { 193 public virtual bool GenericCommunicationPermission(LLUUID user, LLUUID target)
194 bool permission = false; 194 {
195 string reason = "Only registered users may communicate with another account."; 195 bool permission = false;
196 196 string reason = "Only registered users may communicate with another account.";
197 if (IsGridUser(user)) 197
198 permission = true; 198 if (IsGridUser(user))
199 199 permission = true;
200 if (!IsGridUser(user)) 200
201 { 201 if (!IsGridUser(user))
202 permission = false; 202 {
203 reason = "The person that you are messaging is not a registered user."; 203 permission = false;
204 } 204 reason = "The person that you are messaging is not a registered user.";
205 if (IsAdministrator(user)) 205 }
206 permission = true; 206 if (IsAdministrator(user))
207 207 permission = true;
208 if (IsEstateManager(user)) 208
209 permission = true; 209 if (IsEstateManager(user))
210 210 permission = true;
211 if (!permission) 211
212 SendPermissionError(user, reason); 212 if (!permission)
213 213 SendPermissionError(user, reason);
214 return permission; 214
215 } 215 return permission;
216 216 }
217 public virtual bool CanInstantMessage(LLUUID user, LLUUID target) 217
218 { 218 public virtual bool CanInstantMessage(LLUUID user, LLUUID target)
219 return GenericCommunicationPermission(user, target); 219 {
220 } 220 return GenericCommunicationPermission(user, target);
221 221 }
222 public virtual bool CanInventoryTransfer(LLUUID user, LLUUID target) 222
223 { 223 public virtual bool CanInventoryTransfer(LLUUID user, LLUUID target)
224 return GenericCommunicationPermission(user, target); 224 {
225 } 225 return GenericCommunicationPermission(user, target);
226 226 }
227 #endregion 227
228 228 #endregion
229 public virtual bool CanEditScript(LLUUID user, LLUUID script) 229
230 { 230 public virtual bool CanEditScript(LLUUID user, LLUUID script)
231 return IsAdministrator(user); 231 {
232 } 232 return IsAdministrator(user);
233 233 }
234 public virtual bool CanRunScript(LLUUID user, LLUUID script) 234
235 { 235 public virtual bool CanRunScript(LLUUID user, LLUUID script)
236 return IsAdministrator(user); 236 {
237 } 237 return IsAdministrator(user);
238 238 }
239 public virtual bool CanTerraform(LLUUID user, LLVector3 position) 239
240 { 240 public virtual bool CanTerraform(LLUUID user, LLVector3 position)
241 bool permission = false; 241 {
242 242 bool permission = false;
243 // Estate override 243
244 if (GenericEstatePermission(user)) 244 // Estate override
245 permission = true; 245 if (GenericEstatePermission(user))
246 246 permission = true;
247 // Land owner can terraform too 247
248 if (GenericParcelPermission(user, m_scene.LandManager.getLandObject(position.X, position.Y))) 248 // Land owner can terraform too
249 permission = true; 249 if (GenericParcelPermission(user, m_scene.LandManager.getLandObject(position.X, position.Y)))
250 250 permission = true;
251 if (!permission) 251
252 SendPermissionError(user, "Not authorized to terraform at this location."); 252 if (!permission)
253 253 SendPermissionError(user, "Not authorized to terraform at this location.");
254 return permission; 254
255 } 255 return permission;
256 256 }
257 #region Estate Permissions 257
258 258 #region Estate Permissions
259 protected virtual bool GenericEstatePermission(LLUUID user) 259
260 { 260 protected virtual bool GenericEstatePermission(LLUUID user)
261 // Default: deny 261 {
262 bool permission = false; 262 // Default: deny
263 263 bool permission = false;
264 // Estate admins should be able to use estate tools 264
265 if (IsEstateManager(user)) 265 // Estate admins should be able to use estate tools
266 permission = true; 266 if (IsEstateManager(user))
267 267 permission = true;
268 // Administrators always have permission 268
269 if (IsAdministrator(user)) 269 // Administrators always have permission
270 permission = true; 270 if (IsAdministrator(user))
271 271 permission = true;
272 return permission; 272
273 } 273 return permission;
274 274 }
275 public virtual bool CanEditEstateTerrain(LLUUID user) 275
276 { 276 public virtual bool CanEditEstateTerrain(LLUUID user)
277 return GenericEstatePermission(user); 277 {
278 } 278 return GenericEstatePermission(user);
279 279 }
280 #endregion 280
281 281 #endregion
282 #region Parcel Permissions 282
283 283 #region Parcel Permissions
284 protected virtual bool GenericParcelPermission(LLUUID user, Land parcel) 284
285 { 285 protected virtual bool GenericParcelPermission(LLUUID user, Land parcel)
286 bool permission = false; 286 {
287 287 bool permission = false;
288 if (parcel.landData.ownerID == user) 288
289 permission = true; 289 if (parcel.landData.ownerID == user)
290 290 permission = true;
291 if (parcel.landData.isGroupOwned) 291
292 { 292 if (parcel.landData.isGroupOwned)
293 // TODO: Need to do some extra checks here. Requires group code. 293 {
294 } 294 // TODO: Need to do some extra checks here. Requires group code.
295 295 }
296 if (IsEstateManager(user)) 296
297 permission = true; 297 if (IsEstateManager(user))
298 298 permission = true;
299 if (IsAdministrator(user)) 299
300 permission = true; 300 if (IsAdministrator(user))
301 301 permission = true;
302 return permission; 302
303 } 303 return permission;
304 304 }
305 protected virtual bool GenericParcelPermission(LLUUID user, LLVector3 pos) 305
306 { 306 protected virtual bool GenericParcelPermission(LLUUID user, LLVector3 pos)
307 return GenericParcelPermission(user, m_scene.LandManager.getLandObject(pos.X, pos.Y)); 307 {
308 } 308 return GenericParcelPermission(user, m_scene.LandManager.getLandObject(pos.X, pos.Y));
309 309 }
310 public virtual bool CanEditParcel(LLUUID user, Land parcel) 310
311 { 311 public virtual bool CanEditParcel(LLUUID user, Land parcel)
312 return GenericParcelPermission(user, parcel); 312 {
313 } 313 return GenericParcelPermission(user, parcel);
314 314 }
315 public virtual bool CanSellParcel(LLUUID user, Land parcel) 315
316 { 316 public virtual bool CanSellParcel(LLUUID user, Land parcel)
317 return GenericParcelPermission(user, parcel); 317 {
318 } 318 return GenericParcelPermission(user, parcel);
319 319 }
320 public virtual bool CanAbandonParcel(LLUUID user, Land parcel) 320
321 { 321 public virtual bool CanAbandonParcel(LLUUID user, Land parcel)
322 return GenericParcelPermission(user, parcel); 322 {
323 } 323 return GenericParcelPermission(user, parcel);
324 324 }
325 #endregion 325
326 } 326 #endregion
327} 327 }
328}