aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/OSSL_Api.cs
diff options
context:
space:
mode:
Diffstat (limited to 'OpenSim/Region/ScriptEngine/Shared/Api/Implementation/OSSL_Api.cs')
-rw-r--r--OpenSim/Region/ScriptEngine/Shared/Api/Implementation/OSSL_Api.cs189
1 files changed, 121 insertions, 68 deletions
diff --git a/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/OSSL_Api.cs b/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/OSSL_Api.cs
index 4abd2f1..d1f4ae6 100644
--- a/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/OSSL_Api.cs
+++ b/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/OSSL_Api.cs
@@ -112,18 +112,31 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
112 // modification of user data, or allows the compromise of 112 // modification of user data, or allows the compromise of
113 // sensitive data by design. 113 // sensitive data by design.
114 114
115 // flags functions threat control
116 public enum AllowedControlFlags : int
117 {
118 NONE = 0,
119 PARCEL_OWNER = 1,
120 PARCEL_GROUP_MEMBER = 1 << 1,
121 ESTATE_MANAGER = 1 << 2,
122 ESTATE_OWNER = 1 << 3,
123 ACTIVE_GOD = 1 << 4,
124 GOD = 1 << 5,
125 GRID_GOD = 1 << 6,
126
127 // internal
128 THREATLEVEL = 1 << 28,
129 OWNERUUID = 1 << 29,
130 CREATORUUID = 1 << 30,
131 //int thingie = 1 << 31,
132 ALL = 0x0FFFFFFF
133 }
134
115 class FunctionPerms 135 class FunctionPerms
116 { 136 {
117 public List<UUID> AllowedCreators; 137 public List<UUID> AllowedCreators;
118 public List<UUID> AllowedOwners; 138 public List<UUID> AllowedOwners;
119 public List<string> AllowedOwnerClasses; 139 public AllowedControlFlags AllowedControl = AllowedControlFlags.NONE;
120
121 public FunctionPerms()
122 {
123 AllowedCreators = new List<UUID>();
124 AllowedOwners = new List<UUID>();
125 AllowedOwnerClasses = new List<string>();
126 }
127 } 140 }
128 141
129 [Serializable] 142 [Serializable]
@@ -311,102 +324,141 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
311 throw new ScriptException("OSSL Permission Error: " + reasonWhyNot); 324 throw new ScriptException("OSSL Permission Error: " + reasonWhyNot);
312 } 325 }
313 } 326 }
314 // Check to see if function is allowed. Returns an empty string if function permitted 327
315 // or a string explaining why this function can't be used. 328 // Check to see if function is allowed. Returns an empty string if function permitted
329 // or a string explaining why this function can't be used.
316 private string CheckThreatLevelTest(ThreatLevel level, string function) 330 private string CheckThreatLevelTest(ThreatLevel level, string function)
317 { 331 {
318 if (!m_FunctionPerms.ContainsKey(function)) 332 FunctionPerms perms;
333 if (!m_FunctionPerms.TryGetValue(function, out perms))
319 { 334 {
320 FunctionPerms perms = new FunctionPerms(); 335 perms = new FunctionPerms();
321 m_FunctionPerms[function] = perms; 336 m_FunctionPerms[function] = perms;
322 337
323 string ownerPerm = m_osslconfig.GetString("Allow_" + function, ""); 338 string ownerPerm = m_osslconfig.GetString("Allow_" + function, "");
324 string creatorPerm = m_osslconfig.GetString("Creators_" + function, ""); 339 string creatorPerm = m_osslconfig.GetString("Creators_" + function, "");
325 if (ownerPerm == "" && creatorPerm == "") 340 if (string.IsNullOrWhiteSpace(ownerPerm) && string.IsNullOrWhiteSpace(creatorPerm))
326 { 341 {
327 // Default behavior 342 // Default Threat level check
328 perms.AllowedOwners = null; 343 perms.AllowedControl = AllowedControlFlags.THREATLEVEL;
329 perms.AllowedCreators = null;
330 perms.AllowedOwnerClasses = null;
331 } 344 }
332 else 345 else
333 { 346 {
334 bool allowed; 347 if (bool.TryParse(ownerPerm, out bool allowed))
335
336 if (bool.TryParse(ownerPerm, out allowed))
337 { 348 {
338 // Boolean given 349 // Boolean given
339 if (allowed) 350 if (allowed)
340 { 351 {
341 // Allow globally 352 // Allow globally
342 perms.AllowedOwners.Add(UUID.Zero); 353 perms.AllowedControl = AllowedControlFlags.ALL;
343 } 354 }
355 // false is fallback
344 } 356 }
345 else 357 else
346 { 358 {
347 string[] ids = ownerPerm.Split(new char[] {','}); 359 string[] ids;
348 foreach (string id in ids) 360 if (!string.IsNullOrWhiteSpace(ownerPerm))
349 { 361 {
350 string current = id.Trim(); 362 ids = ownerPerm.Split(new char[] {','});
351 if (current.ToUpper() == "PARCEL_GROUP_MEMBER" || current.ToUpper() == "PARCEL_OWNER" || current.ToUpper() == "ESTATE_MANAGER" || current.ToUpper() == "ESTATE_OWNER" || current.ToUpper() == "ACTIVE_GOD" || current.ToUpper() == "GRID_GOD" || current.ToUpper() == "GOD") 363 foreach (string id in ids)
352 {
353 if (!perms.AllowedOwnerClasses.Contains(current))
354 perms.AllowedOwnerClasses.Add(current.ToUpper());
355 }
356 else
357 { 364 {
358 UUID uuid; 365 string current = id.Trim();
359 366 current = current.ToUpper();
360 if (UUID.TryParse(current, out uuid)) 367 switch(current)
361 { 368 {
362 if (uuid != UUID.Zero) 369 case "":
363 perms.AllowedOwners.Add(uuid); 370 break;
371 case "PARCEL_OWNER":
372 perms.AllowedControl |= AllowedControlFlags.PARCEL_OWNER;
373 break;
374 case "PARCEL_GROUP_MEMBER":
375 perms.AllowedControl |= AllowedControlFlags.PARCEL_GROUP_MEMBER;
376 break;
377 case "ESTATE_MANAGER":
378 perms.AllowedControl |= AllowedControlFlags.ESTATE_MANAGER;
379 break;
380 case "ESTATE_OWNER":
381 perms.AllowedControl |= AllowedControlFlags.ESTATE_OWNER;
382 break;
383 case "ACTIVE_GOD":
384 perms.AllowedControl |= AllowedControlFlags.ACTIVE_GOD;
385 break;
386 case "GOD":
387 perms.AllowedControl |= AllowedControlFlags.GOD;
388 break;
389 case "GRID_GOD":
390 perms.AllowedControl |= AllowedControlFlags.GRID_GOD;
391 break;
392 default:
393 {
394 if (UUID.TryParse(current, out UUID uuid))
395 {
396 if (uuid != UUID.Zero)
397 {
398 if (perms.AllowedOwners == null)
399 perms.AllowedOwners = new List<UUID>();
400 perms.AllowedControl |= AllowedControlFlags.OWNERUUID;
401 perms.AllowedOwners.Add(uuid);
402 }
403 }
404 else
405 {
406 m_log.WarnFormat("[OSSLENABLE]: error parsing line {0}", ownerPerm);
407 }
408
409 break;
410 }
364 } 411 }
365 } 412 }
366 } 413 }
367 414
368 ids = creatorPerm.Split(new char[] {','}); 415 if (!string.IsNullOrWhiteSpace(creatorPerm))
369 foreach (string id in ids)
370 { 416 {
371 string current = id.Trim(); 417 ids = creatorPerm.Split(new char[] {','});
372 UUID uuid; 418 foreach (string id in ids)
373
374 if (UUID.TryParse(current, out uuid))
375 { 419 {
376 if (uuid != UUID.Zero) 420 string current = id.Trim();
377 perms.AllowedCreators.Add(uuid); 421 if (UUID.TryParse(current, out UUID uuid))
422 {
423 if (uuid != UUID.Zero)
424 {
425 if (perms.AllowedCreators == null)
426 perms.AllowedCreators = new List<UUID>();
427 perms.AllowedControl |= AllowedControlFlags.CREATORUUID;
428 perms.AllowedCreators.Add(uuid);
429 }
430 }
431 else
432 {
433 m_log.WarnFormat("[OSSLENABLE]: error parsing line {0}", creatorPerm);
434 }
378 } 435 }
379 } 436 }
437 // both empty fallback as disabled
380 } 438 }
381 } 439 }
382 } 440 }
383 441
384 // If the list is null, then the value was true / undefined 442 AllowedControlFlags functionControl = perms.AllowedControl;
385 // Threat level governs permissions in this case 443
386 // 444 if (functionControl == AllowedControlFlags.THREATLEVEL)
387 // If the list is non-null, then it is a list of UUIDs allowed
388 // to use that particular function. False causes an empty
389 // list and therefore means "no one"
390 //
391 // To allow use by anyone, the list contains UUID.Zero
392 //
393 if (m_FunctionPerms[function].AllowedOwners == null)
394 { 445 {
395 // Allow / disallow by threat level 446 // Allow / disallow by threat level
396 if (level > m_MaxThreatLevel) 447 if (level <= m_MaxThreatLevel)
397 return String.Empty; 448 return String.Empty;
449
398 return String.Format( 450 return String.Format(
399 "{0} permission denied. Allowed threat level is {1} but function threat level is {2}.", 451 "{0} permission denied. Allowed threat level is {1} but function threat level is {2}.",
400 function, m_MaxThreatLevel, level); 452 function, m_MaxThreatLevel, level);
401 } 453 }
402 454
403 if(m_FunctionPerms[function].AllowedOwners.Count == 0 && m_FunctionPerms[function].AllowedCreators.Count == 0) 455 if (functionControl == 0)
404 return String.Format("{0} disabled in region configuration", function); 456 return String.Format("{0} disabled in region configuration", function);
405 457
406 if (m_FunctionPerms[function].AllowedOwners.Contains(UUID.Zero)) // always allowed 458 if (functionControl == AllowedControlFlags.ALL)
407 return String.Empty; 459 return String.Empty;
408 460
409 if (m_FunctionPerms[function].AllowedOwners.Contains(m_host.OwnerID)) 461 if (((functionControl & AllowedControlFlags.OWNERUUID) != 0) && perms.AllowedOwners.Contains(m_host.OwnerID))
410 { 462 {
411 // prim owner is in the list of allowed owners 463 // prim owner is in the list of allowed owners
412 return String.Empty; 464 return String.Empty;
@@ -414,11 +466,9 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
414 466
415 UUID ownerID = m_item.OwnerID; 467 UUID ownerID = m_item.OwnerID;
416 468
417 //Only Parcelowners may use the function 469 if ((functionControl & AllowedControlFlags.PARCEL_OWNER) != 0)
418 if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("PARCEL_OWNER"))
419 { 470 {
420 ILandObject land = World.LandChannel.GetLandObject(m_host.AbsolutePosition); 471 ILandObject land = World.LandChannel.GetLandObject(m_host.AbsolutePosition);
421
422 if (land.LandData.OwnerID == ownerID) 472 if (land.LandData.OwnerID == ownerID)
423 { 473 {
424 return String.Empty; 474 return String.Empty;
@@ -426,10 +476,9 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
426 } 476 }
427 477
428 //OSSL only may be used if object is in the same group as the parcel 478 //OSSL only may be used if object is in the same group as the parcel
429 if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("PARCEL_GROUP_MEMBER")) 479 if ((functionControl & AllowedControlFlags.PARCEL_GROUP_MEMBER) != 0)
430 { 480 {
431 ILandObject land = World.LandChannel.GetLandObject(m_host.AbsolutePosition); 481 ILandObject land = World.LandChannel.GetLandObject(m_host.AbsolutePosition);
432
433 if (land.LandData.GroupID == m_item.GroupID && land.LandData.GroupID != UUID.Zero) 482 if (land.LandData.GroupID == m_item.GroupID && land.LandData.GroupID != UUID.Zero)
434 { 483 {
435 return String.Empty; 484 return String.Empty;
@@ -437,7 +486,7 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
437 } 486 }
438 487
439 //Only Estate Managers may use the function 488 //Only Estate Managers may use the function
440 if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("ESTATE_MANAGER")) 489 if ((functionControl & AllowedControlFlags.ESTATE_MANAGER) != 0)
441 { 490 {
442 //Only Estate Managers may use the function 491 //Only Estate Managers may use the function
443 if (World.RegionInfo.EstateSettings.IsEstateManagerOrOwner(ownerID) && World.RegionInfo.EstateSettings.EstateOwner != ownerID) 492 if (World.RegionInfo.EstateSettings.IsEstateManagerOrOwner(ownerID) && World.RegionInfo.EstateSettings.EstateOwner != ownerID)
@@ -447,7 +496,7 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
447 } 496 }
448 497
449 //Only regionowners may use the function 498 //Only regionowners may use the function
450 if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("ESTATE_OWNER")) 499 if ((functionControl & AllowedControlFlags.ESTATE_OWNER) != 0)
451 { 500 {
452 if (World.RegionInfo.EstateSettings.EstateOwner == ownerID) 501 if (World.RegionInfo.EstateSettings.EstateOwner == ownerID)
453 { 502 {
@@ -456,7 +505,7 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
456 } 505 }
457 506
458 //Only grid gods may use the function 507 //Only grid gods may use the function
459 if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("GRID_GOD")) 508 if ((functionControl & AllowedControlFlags.GRID_GOD) != 0)
460 { 509 {
461 if (World.Permissions.IsGridGod(ownerID)) 510 if (World.Permissions.IsGridGod(ownerID))
462 { 511 {
@@ -465,7 +514,7 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
465 } 514 }
466 515
467 //Any god may use the function 516 //Any god may use the function
468 if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("GOD")) 517 if ((functionControl & AllowedControlFlags.GOD) != 0)
469 { 518 {
470 if (World.Permissions.IsAdministrator(ownerID)) 519 if (World.Permissions.IsAdministrator(ownerID))
471 { 520 {
@@ -474,7 +523,7 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
474 } 523 }
475 524
476 //Only active gods may use the function 525 //Only active gods may use the function
477 if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("ACTIVE_GOD")) 526 if ((functionControl & AllowedControlFlags.ACTIVE_GOD) != 0)
478 { 527 {
479 ScenePresence sp = World.GetScenePresence(ownerID); 528 ScenePresence sp = World.GetScenePresence(ownerID);
480 if (sp != null && !sp.IsDeleted && sp.IsGod) 529 if (sp != null && !sp.IsDeleted && sp.IsGod)
@@ -483,7 +532,11 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
483 } 532 }
484 } 533 }
485 534
486 if (!m_FunctionPerms[function].AllowedCreators.Contains(m_item.CreatorID)) 535 // else if no creators its denied
536 if((functionControl & AllowedControlFlags.CREATORUUID) == 0)
537 return String.Format("{0} permission denied.", function);
538
539 if (!perms.AllowedCreators.Contains(m_item.CreatorID))
487 return( 540 return(
488 String.Format("{0} permission denied. Script creator is not in the list of users allowed to execute this function and prim owner also has no permission.", 541 String.Format("{0} permission denied. Script creator is not in the list of users allowed to execute this function and prim owner also has no permission.",
489 function)); 542 function));