diff options
Diffstat (limited to 'OpenSim/Region/ScriptEngine/Shared/Api/Implementation')
-rw-r--r-- | OpenSim/Region/ScriptEngine/Shared/Api/Implementation/LSL_Api.cs | 4 | ||||
-rw-r--r-- | OpenSim/Region/ScriptEngine/Shared/Api/Implementation/OSSL_Api.cs | 189 |
2 files changed, 121 insertions, 72 deletions
diff --git a/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/LSL_Api.cs b/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/LSL_Api.cs index abaec43..b260062 100644 --- a/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/LSL_Api.cs +++ b/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/LSL_Api.cs | |||
@@ -12899,8 +12899,6 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api | |||
12899 | 12899 | ||
12900 | public LSL_Key llRequestSimulatorData(string simulator, int data) | 12900 | public LSL_Key llRequestSimulatorData(string simulator, int data) |
12901 | { | 12901 | { |
12902 | IOSSL_Api ossl = (IOSSL_Api)m_ScriptEngine.GetApi(m_item.ItemID, "OSSL"); | ||
12903 | |||
12904 | try | 12902 | try |
12905 | { | 12903 | { |
12906 | m_host.AddScriptLPS(1); | 12904 | m_host.AddScriptLPS(1); |
@@ -12980,8 +12978,6 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api | |||
12980 | reply = "UNKNOWN"; | 12978 | reply = "UNKNOWN"; |
12981 | break; | 12979 | break; |
12982 | case ScriptBaseClass.DATA_SIM_RELEASE: | 12980 | case ScriptBaseClass.DATA_SIM_RELEASE: |
12983 | if (ossl != null) | ||
12984 | ossl.CheckThreatLevel(ThreatLevel.High, "llRequestSimulatorData"); | ||
12985 | reply = "OpenSim"; | 12981 | reply = "OpenSim"; |
12986 | break; | 12982 | break; |
12987 | default: | 12983 | default: |
diff --git a/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/OSSL_Api.cs b/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/OSSL_Api.cs index 4abd2f1..d1f4ae6 100644 --- a/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/OSSL_Api.cs +++ b/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/OSSL_Api.cs | |||
@@ -112,18 +112,31 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api | |||
112 | // modification of user data, or allows the compromise of | 112 | // modification of user data, or allows the compromise of |
113 | // sensitive data by design. | 113 | // sensitive data by design. |
114 | 114 | ||
115 | // flags functions threat control | ||
116 | public enum AllowedControlFlags : int | ||
117 | { | ||
118 | NONE = 0, | ||
119 | PARCEL_OWNER = 1, | ||
120 | PARCEL_GROUP_MEMBER = 1 << 1, | ||
121 | ESTATE_MANAGER = 1 << 2, | ||
122 | ESTATE_OWNER = 1 << 3, | ||
123 | ACTIVE_GOD = 1 << 4, | ||
124 | GOD = 1 << 5, | ||
125 | GRID_GOD = 1 << 6, | ||
126 | |||
127 | // internal | ||
128 | THREATLEVEL = 1 << 28, | ||
129 | OWNERUUID = 1 << 29, | ||
130 | CREATORUUID = 1 << 30, | ||
131 | //int thingie = 1 << 31, | ||
132 | ALL = 0x0FFFFFFF | ||
133 | } | ||
134 | |||
115 | class FunctionPerms | 135 | class FunctionPerms |
116 | { | 136 | { |
117 | public List<UUID> AllowedCreators; | 137 | public List<UUID> AllowedCreators; |
118 | public List<UUID> AllowedOwners; | 138 | public List<UUID> AllowedOwners; |
119 | public List<string> AllowedOwnerClasses; | 139 | public AllowedControlFlags AllowedControl = AllowedControlFlags.NONE; |
120 | |||
121 | public FunctionPerms() | ||
122 | { | ||
123 | AllowedCreators = new List<UUID>(); | ||
124 | AllowedOwners = new List<UUID>(); | ||
125 | AllowedOwnerClasses = new List<string>(); | ||
126 | } | ||
127 | } | 140 | } |
128 | 141 | ||
129 | [Serializable] | 142 | [Serializable] |
@@ -311,102 +324,141 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api | |||
311 | throw new ScriptException("OSSL Permission Error: " + reasonWhyNot); | 324 | throw new ScriptException("OSSL Permission Error: " + reasonWhyNot); |
312 | } | 325 | } |
313 | } | 326 | } |
314 | // Check to see if function is allowed. Returns an empty string if function permitted | 327 | |
315 | // or a string explaining why this function can't be used. | 328 | // Check to see if function is allowed. Returns an empty string if function permitted |
329 | // or a string explaining why this function can't be used. | ||
316 | private string CheckThreatLevelTest(ThreatLevel level, string function) | 330 | private string CheckThreatLevelTest(ThreatLevel level, string function) |
317 | { | 331 | { |
318 | if (!m_FunctionPerms.ContainsKey(function)) | 332 | FunctionPerms perms; |
333 | if (!m_FunctionPerms.TryGetValue(function, out perms)) | ||
319 | { | 334 | { |
320 | FunctionPerms perms = new FunctionPerms(); | 335 | perms = new FunctionPerms(); |
321 | m_FunctionPerms[function] = perms; | 336 | m_FunctionPerms[function] = perms; |
322 | 337 | ||
323 | string ownerPerm = m_osslconfig.GetString("Allow_" + function, ""); | 338 | string ownerPerm = m_osslconfig.GetString("Allow_" + function, ""); |
324 | string creatorPerm = m_osslconfig.GetString("Creators_" + function, ""); | 339 | string creatorPerm = m_osslconfig.GetString("Creators_" + function, ""); |
325 | if (ownerPerm == "" && creatorPerm == "") | 340 | if (string.IsNullOrWhiteSpace(ownerPerm) && string.IsNullOrWhiteSpace(creatorPerm)) |
326 | { | 341 | { |
327 | // Default behavior | 342 | // Default Threat level check |
328 | perms.AllowedOwners = null; | 343 | perms.AllowedControl = AllowedControlFlags.THREATLEVEL; |
329 | perms.AllowedCreators = null; | ||
330 | perms.AllowedOwnerClasses = null; | ||
331 | } | 344 | } |
332 | else | 345 | else |
333 | { | 346 | { |
334 | bool allowed; | 347 | if (bool.TryParse(ownerPerm, out bool allowed)) |
335 | |||
336 | if (bool.TryParse(ownerPerm, out allowed)) | ||
337 | { | 348 | { |
338 | // Boolean given | 349 | // Boolean given |
339 | if (allowed) | 350 | if (allowed) |
340 | { | 351 | { |
341 | // Allow globally | 352 | // Allow globally |
342 | perms.AllowedOwners.Add(UUID.Zero); | 353 | perms.AllowedControl = AllowedControlFlags.ALL; |
343 | } | 354 | } |
355 | // false is fallback | ||
344 | } | 356 | } |
345 | else | 357 | else |
346 | { | 358 | { |
347 | string[] ids = ownerPerm.Split(new char[] {','}); | 359 | string[] ids; |
348 | foreach (string id in ids) | 360 | if (!string.IsNullOrWhiteSpace(ownerPerm)) |
349 | { | 361 | { |
350 | string current = id.Trim(); | 362 | ids = ownerPerm.Split(new char[] {','}); |
351 | if (current.ToUpper() == "PARCEL_GROUP_MEMBER" || current.ToUpper() == "PARCEL_OWNER" || current.ToUpper() == "ESTATE_MANAGER" || current.ToUpper() == "ESTATE_OWNER" || current.ToUpper() == "ACTIVE_GOD" || current.ToUpper() == "GRID_GOD" || current.ToUpper() == "GOD") | 363 | foreach (string id in ids) |
352 | { | ||
353 | if (!perms.AllowedOwnerClasses.Contains(current)) | ||
354 | perms.AllowedOwnerClasses.Add(current.ToUpper()); | ||
355 | } | ||
356 | else | ||
357 | { | 364 | { |
358 | UUID uuid; | 365 | string current = id.Trim(); |
359 | 366 | current = current.ToUpper(); | |
360 | if (UUID.TryParse(current, out uuid)) | 367 | switch(current) |
361 | { | 368 | { |
362 | if (uuid != UUID.Zero) | 369 | case "": |
363 | perms.AllowedOwners.Add(uuid); | 370 | break; |
371 | case "PARCEL_OWNER": | ||
372 | perms.AllowedControl |= AllowedControlFlags.PARCEL_OWNER; | ||
373 | break; | ||
374 | case "PARCEL_GROUP_MEMBER": | ||
375 | perms.AllowedControl |= AllowedControlFlags.PARCEL_GROUP_MEMBER; | ||
376 | break; | ||
377 | case "ESTATE_MANAGER": | ||
378 | perms.AllowedControl |= AllowedControlFlags.ESTATE_MANAGER; | ||
379 | break; | ||
380 | case "ESTATE_OWNER": | ||
381 | perms.AllowedControl |= AllowedControlFlags.ESTATE_OWNER; | ||
382 | break; | ||
383 | case "ACTIVE_GOD": | ||
384 | perms.AllowedControl |= AllowedControlFlags.ACTIVE_GOD; | ||
385 | break; | ||
386 | case "GOD": | ||
387 | perms.AllowedControl |= AllowedControlFlags.GOD; | ||
388 | break; | ||
389 | case "GRID_GOD": | ||
390 | perms.AllowedControl |= AllowedControlFlags.GRID_GOD; | ||
391 | break; | ||
392 | default: | ||
393 | { | ||
394 | if (UUID.TryParse(current, out UUID uuid)) | ||
395 | { | ||
396 | if (uuid != UUID.Zero) | ||
397 | { | ||
398 | if (perms.AllowedOwners == null) | ||
399 | perms.AllowedOwners = new List<UUID>(); | ||
400 | perms.AllowedControl |= AllowedControlFlags.OWNERUUID; | ||
401 | perms.AllowedOwners.Add(uuid); | ||
402 | } | ||
403 | } | ||
404 | else | ||
405 | { | ||
406 | m_log.WarnFormat("[OSSLENABLE]: error parsing line {0}", ownerPerm); | ||
407 | } | ||
408 | |||
409 | break; | ||
410 | } | ||
364 | } | 411 | } |
365 | } | 412 | } |
366 | } | 413 | } |
367 | 414 | ||
368 | ids = creatorPerm.Split(new char[] {','}); | 415 | if (!string.IsNullOrWhiteSpace(creatorPerm)) |
369 | foreach (string id in ids) | ||
370 | { | 416 | { |
371 | string current = id.Trim(); | 417 | ids = creatorPerm.Split(new char[] {','}); |
372 | UUID uuid; | 418 | foreach (string id in ids) |
373 | |||
374 | if (UUID.TryParse(current, out uuid)) | ||
375 | { | 419 | { |
376 | if (uuid != UUID.Zero) | 420 | string current = id.Trim(); |
377 | perms.AllowedCreators.Add(uuid); | 421 | if (UUID.TryParse(current, out UUID uuid)) |
422 | { | ||
423 | if (uuid != UUID.Zero) | ||
424 | { | ||
425 | if (perms.AllowedCreators == null) | ||
426 | perms.AllowedCreators = new List<UUID>(); | ||
427 | perms.AllowedControl |= AllowedControlFlags.CREATORUUID; | ||
428 | perms.AllowedCreators.Add(uuid); | ||
429 | } | ||
430 | } | ||
431 | else | ||
432 | { | ||
433 | m_log.WarnFormat("[OSSLENABLE]: error parsing line {0}", creatorPerm); | ||
434 | } | ||
378 | } | 435 | } |
379 | } | 436 | } |
437 | // both empty fallback as disabled | ||
380 | } | 438 | } |
381 | } | 439 | } |
382 | } | 440 | } |
383 | 441 | ||
384 | // If the list is null, then the value was true / undefined | 442 | AllowedControlFlags functionControl = perms.AllowedControl; |
385 | // Threat level governs permissions in this case | 443 | |
386 | // | 444 | if (functionControl == AllowedControlFlags.THREATLEVEL) |
387 | // If the list is non-null, then it is a list of UUIDs allowed | ||
388 | // to use that particular function. False causes an empty | ||
389 | // list and therefore means "no one" | ||
390 | // | ||
391 | // To allow use by anyone, the list contains UUID.Zero | ||
392 | // | ||
393 | if (m_FunctionPerms[function].AllowedOwners == null) | ||
394 | { | 445 | { |
395 | // Allow / disallow by threat level | 446 | // Allow / disallow by threat level |
396 | if (level > m_MaxThreatLevel) | 447 | if (level <= m_MaxThreatLevel) |
397 | return String.Empty; | 448 | return String.Empty; |
449 | |||
398 | return String.Format( | 450 | return String.Format( |
399 | "{0} permission denied. Allowed threat level is {1} but function threat level is {2}.", | 451 | "{0} permission denied. Allowed threat level is {1} but function threat level is {2}.", |
400 | function, m_MaxThreatLevel, level); | 452 | function, m_MaxThreatLevel, level); |
401 | } | 453 | } |
402 | 454 | ||
403 | if(m_FunctionPerms[function].AllowedOwners.Count == 0 && m_FunctionPerms[function].AllowedCreators.Count == 0) | 455 | if (functionControl == 0) |
404 | return String.Format("{0} disabled in region configuration", function); | 456 | return String.Format("{0} disabled in region configuration", function); |
405 | 457 | ||
406 | if (m_FunctionPerms[function].AllowedOwners.Contains(UUID.Zero)) // always allowed | 458 | if (functionControl == AllowedControlFlags.ALL) |
407 | return String.Empty; | 459 | return String.Empty; |
408 | 460 | ||
409 | if (m_FunctionPerms[function].AllowedOwners.Contains(m_host.OwnerID)) | 461 | if (((functionControl & AllowedControlFlags.OWNERUUID) != 0) && perms.AllowedOwners.Contains(m_host.OwnerID)) |
410 | { | 462 | { |
411 | // prim owner is in the list of allowed owners | 463 | // prim owner is in the list of allowed owners |
412 | return String.Empty; | 464 | return String.Empty; |
@@ -414,11 +466,9 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api | |||
414 | 466 | ||
415 | UUID ownerID = m_item.OwnerID; | 467 | UUID ownerID = m_item.OwnerID; |
416 | 468 | ||
417 | //Only Parcelowners may use the function | 469 | if ((functionControl & AllowedControlFlags.PARCEL_OWNER) != 0) |
418 | if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("PARCEL_OWNER")) | ||
419 | { | 470 | { |
420 | ILandObject land = World.LandChannel.GetLandObject(m_host.AbsolutePosition); | 471 | ILandObject land = World.LandChannel.GetLandObject(m_host.AbsolutePosition); |
421 | |||
422 | if (land.LandData.OwnerID == ownerID) | 472 | if (land.LandData.OwnerID == ownerID) |
423 | { | 473 | { |
424 | return String.Empty; | 474 | return String.Empty; |
@@ -426,10 +476,9 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api | |||
426 | } | 476 | } |
427 | 477 | ||
428 | //OSSL only may be used if object is in the same group as the parcel | 478 | //OSSL only may be used if object is in the same group as the parcel |
429 | if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("PARCEL_GROUP_MEMBER")) | 479 | if ((functionControl & AllowedControlFlags.PARCEL_GROUP_MEMBER) != 0) |
430 | { | 480 | { |
431 | ILandObject land = World.LandChannel.GetLandObject(m_host.AbsolutePosition); | 481 | ILandObject land = World.LandChannel.GetLandObject(m_host.AbsolutePosition); |
432 | |||
433 | if (land.LandData.GroupID == m_item.GroupID && land.LandData.GroupID != UUID.Zero) | 482 | if (land.LandData.GroupID == m_item.GroupID && land.LandData.GroupID != UUID.Zero) |
434 | { | 483 | { |
435 | return String.Empty; | 484 | return String.Empty; |
@@ -437,7 +486,7 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api | |||
437 | } | 486 | } |
438 | 487 | ||
439 | //Only Estate Managers may use the function | 488 | //Only Estate Managers may use the function |
440 | if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("ESTATE_MANAGER")) | 489 | if ((functionControl & AllowedControlFlags.ESTATE_MANAGER) != 0) |
441 | { | 490 | { |
442 | //Only Estate Managers may use the function | 491 | //Only Estate Managers may use the function |
443 | if (World.RegionInfo.EstateSettings.IsEstateManagerOrOwner(ownerID) && World.RegionInfo.EstateSettings.EstateOwner != ownerID) | 492 | if (World.RegionInfo.EstateSettings.IsEstateManagerOrOwner(ownerID) && World.RegionInfo.EstateSettings.EstateOwner != ownerID) |
@@ -447,7 +496,7 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api | |||
447 | } | 496 | } |
448 | 497 | ||
449 | //Only regionowners may use the function | 498 | //Only regionowners may use the function |
450 | if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("ESTATE_OWNER")) | 499 | if ((functionControl & AllowedControlFlags.ESTATE_OWNER) != 0) |
451 | { | 500 | { |
452 | if (World.RegionInfo.EstateSettings.EstateOwner == ownerID) | 501 | if (World.RegionInfo.EstateSettings.EstateOwner == ownerID) |
453 | { | 502 | { |
@@ -456,7 +505,7 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api | |||
456 | } | 505 | } |
457 | 506 | ||
458 | //Only grid gods may use the function | 507 | //Only grid gods may use the function |
459 | if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("GRID_GOD")) | 508 | if ((functionControl & AllowedControlFlags.GRID_GOD) != 0) |
460 | { | 509 | { |
461 | if (World.Permissions.IsGridGod(ownerID)) | 510 | if (World.Permissions.IsGridGod(ownerID)) |
462 | { | 511 | { |
@@ -465,7 +514,7 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api | |||
465 | } | 514 | } |
466 | 515 | ||
467 | //Any god may use the function | 516 | //Any god may use the function |
468 | if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("GOD")) | 517 | if ((functionControl & AllowedControlFlags.GOD) != 0) |
469 | { | 518 | { |
470 | if (World.Permissions.IsAdministrator(ownerID)) | 519 | if (World.Permissions.IsAdministrator(ownerID)) |
471 | { | 520 | { |
@@ -474,7 +523,7 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api | |||
474 | } | 523 | } |
475 | 524 | ||
476 | //Only active gods may use the function | 525 | //Only active gods may use the function |
477 | if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("ACTIVE_GOD")) | 526 | if ((functionControl & AllowedControlFlags.ACTIVE_GOD) != 0) |
478 | { | 527 | { |
479 | ScenePresence sp = World.GetScenePresence(ownerID); | 528 | ScenePresence sp = World.GetScenePresence(ownerID); |
480 | if (sp != null && !sp.IsDeleted && sp.IsGod) | 529 | if (sp != null && !sp.IsDeleted && sp.IsGod) |
@@ -483,7 +532,11 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api | |||
483 | } | 532 | } |
484 | } | 533 | } |
485 | 534 | ||
486 | if (!m_FunctionPerms[function].AllowedCreators.Contains(m_item.CreatorID)) | 535 | // else if no creators its denied |
536 | if((functionControl & AllowedControlFlags.CREATORUUID) == 0) | ||
537 | return String.Format("{0} permission denied.", function); | ||
538 | |||
539 | if (!perms.AllowedCreators.Contains(m_item.CreatorID)) | ||
487 | return( | 540 | return( |
488 | String.Format("{0} permission denied. Script creator is not in the list of users allowed to execute this function and prim owner also has no permission.", | 541 | String.Format("{0} permission denied. Script creator is not in the list of users allowed to execute this function and prim owner also has no permission.", |
489 | function)); | 542 | function)); |