From 7f2ec02802cabc98e93ac872999933b6e5be48e5 Mon Sep 17 00:00:00 2001
From: Adam Frisby
Date: Sun, 21 Oct 2007 22:15:41 +0000
Subject: * Disabled TCP Remoting Channel Security for InterRegion
communication, as it appears we are not implementing this correctly. (need to
set up certificates first) * Documented ACL class
---
OpenSim/Framework/General/PolicyManager/ACL.cs | 480 +++++++++++++------------
1 file changed, 257 insertions(+), 223 deletions(-)
(limited to 'OpenSim/Framework/General/PolicyManager/ACL.cs')
diff --git a/OpenSim/Framework/General/PolicyManager/ACL.cs b/OpenSim/Framework/General/PolicyManager/ACL.cs
index 53c1b2d..8dffe7b 100644
--- a/OpenSim/Framework/General/PolicyManager/ACL.cs
+++ b/OpenSim/Framework/General/PolicyManager/ACL.cs
@@ -1,223 +1,257 @@
-using System;
-using System.Collections.Generic;
-using System.Text;
-
-namespace OpenSim.Framework.PolicyManager
-{
- #region ACL Core Class
- ///
- /// Access Control List Engine
- ///
- public class ACL
- {
- Dictionary Roles = new Dictionary();
- Dictionary Resources = new Dictionary();
-
- public ACL AddRole(Role role)
- {
- if (Roles.ContainsKey(role.Name))
- throw new AlreadyContainsRoleException(role);
-
- Roles.Add(role.Name, role);
-
- return this;
- }
-
- public ACL AddResource(Resource resource)
- {
- Resources.Add(resource.Name, resource);
-
- return this;
- }
-
- public Permission HasPermission(string role, string resource)
- {
- if (!Roles.ContainsKey(role))
- throw new KeyNotFoundException();
-
- if (!Resources.ContainsKey(resource))
- throw new KeyNotFoundException();
-
- return Roles[role].RequestPermission(resource);
- }
-
- public ACL GrantPermission(string role, string resource)
- {
- if (!Roles.ContainsKey(role))
- throw new KeyNotFoundException();
-
- if (!Resources.ContainsKey(resource))
- throw new KeyNotFoundException();
-
- Roles[role].GivePermission(resource, Permission.Allow);
-
- return this;
- }
-
- public ACL DenyPermission(string role, string resource)
- {
- if (!Roles.ContainsKey(role))
- throw new KeyNotFoundException();
-
- if (!Resources.ContainsKey(resource))
- throw new KeyNotFoundException();
-
- Roles[role].GivePermission(resource, Permission.Deny);
-
- return this;
- }
-
- public ACL ResetPermission(string role, string resource)
- {
- if (!Roles.ContainsKey(role))
- throw new KeyNotFoundException();
-
- if (!Resources.ContainsKey(resource))
- throw new KeyNotFoundException();
-
- Roles[role].GivePermission(resource, Permission.None);
-
- return this;
- }
- }
- #endregion
-
- #region Exceptions
- ///
- /// Thrown when an ACL attempts to add a duplicate role.
- ///
- public class AlreadyContainsRoleException : Exception
- {
- protected Role m_role;
-
- public Role ErrorRole
- {
- get { return m_role; }
- }
-
- public AlreadyContainsRoleException(Role role)
- {
- m_role = role;
- }
-
- public override string ToString()
- {
- return "This ACL already contains a role called '" + m_role.Name + "'.";
- }
- }
- #endregion
-
- #region Roles and Resources
-
- ///
- /// Does this Role have permission to access a specified Resource?
- ///
- public enum Permission { Deny, None, Allow };
-
- ///
- /// A role class, for use with Users or Groups
- ///
- public class Role
- {
- private string m_name;
- private Role[] m_parents;
- private Dictionary m_resources = new Dictionary();
-
- public string Name
- {
- get { return m_name; }
- }
-
- public Permission RequestPermission(string resource)
- {
- return RequestPermission(resource, Permission.None);
- }
-
- public Permission RequestPermission(string resource, Permission current)
- {
- // Deny permissions always override any others
- if (current == Permission.Deny)
- return current;
-
- Permission temp = Permission.None;
-
- // Pickup non-None permissions
- if (m_resources.ContainsKey(resource) && m_resources[resource] != Permission.None)
- temp = m_resources[resource];
-
- if (m_parents != null)
- {
- foreach (Role parent in m_parents)
- {
- temp = parent.RequestPermission(resource, temp);
- }
- }
-
- return temp;
- }
-
- public void GivePermission(string resource, Permission perm)
- {
- m_resources[resource] = perm;
- }
-
- public Role(string name)
- {
- m_name = name;
- m_parents = null;
- }
-
- public Role(string name, Role[] parents)
- {
- m_name = name;
- m_parents = parents;
- }
- }
-
- public class Resource
- {
- private string m_name;
-
- public string Name
- {
- get { return m_name; }
- }
-
- public Resource(string name)
- {
- m_name = name;
- }
- }
-
- #endregion
-
- #region Tests
-
- class ACLTester
- {
- public ACLTester()
- {
- ACL acl = new ACL();
-
- Role Guests = new Role("Guests");
- acl.AddRole(Guests);
-
- Role[] parents = new Role[0];
- parents[0] = Guests;
-
- Role JoeGuest = new Role("JoeGuest", parents);
- acl.AddRole(JoeGuest);
-
- Resource CanBuild = new Resource("CanBuild");
- acl.AddResource(CanBuild);
-
-
- acl.GrantPermission("Guests", "CanBuild");
-
- acl.HasPermission("JoeGuest", "CanBuild");
-
- }
- }
-
- #endregion
-}
+/*
+* Copyright (c) Contributors, http://opensimulator.org/
+* See CONTRIBUTORS.TXT for a full list of copyright holders.
+*
+* Redistribution and use in source and binary forms, with or without
+* modification, are permitted provided that the following conditions are met:
+* * Redistributions of source code must retain the above copyright
+* notice, this list of conditions and the following disclaimer.
+* * Redistributions in binary form must reproduce the above copyright
+* notice, this list of conditions and the following disclaimer in the
+* documentation and/or other materials provided with the distribution.
+* * Neither the name of the OpenSim Project nor the
+* names of its contributors may be used to endorse or promote products
+* derived from this software without specific prior written permission.
+*
+* THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS AS IS AND ANY
+* EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+* DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY
+* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*
+*/
+using System;
+using System.Collections.Generic;
+using System.Text;
+
+namespace OpenSim.Framework.PolicyManager
+{
+ // ACL Class
+ // Modelled after the structure of the Zend ACL Framework Library
+ // with one key difference - the tree will search for all matching
+ // permissions rather than just the first. Deny permissions will
+ // override all others.
+
+
+ #region ACL Core Class
+ ///
+ /// Access Control List Engine
+ ///
+ public class ACL
+ {
+ Dictionary Roles = new Dictionary();
+ Dictionary Resources = new Dictionary();
+
+ public ACL AddRole(Role role)
+ {
+ if (Roles.ContainsKey(role.Name))
+ throw new AlreadyContainsRoleException(role);
+
+ Roles.Add(role.Name, role);
+
+ return this;
+ }
+
+ public ACL AddResource(Resource resource)
+ {
+ Resources.Add(resource.Name, resource);
+
+ return this;
+ }
+
+ public Permission HasPermission(string role, string resource)
+ {
+ if (!Roles.ContainsKey(role))
+ throw new KeyNotFoundException();
+
+ if (!Resources.ContainsKey(resource))
+ throw new KeyNotFoundException();
+
+ return Roles[role].RequestPermission(resource);
+ }
+
+ public ACL GrantPermission(string role, string resource)
+ {
+ if (!Roles.ContainsKey(role))
+ throw new KeyNotFoundException();
+
+ if (!Resources.ContainsKey(resource))
+ throw new KeyNotFoundException();
+
+ Roles[role].GivePermission(resource, Permission.Allow);
+
+ return this;
+ }
+
+ public ACL DenyPermission(string role, string resource)
+ {
+ if (!Roles.ContainsKey(role))
+ throw new KeyNotFoundException();
+
+ if (!Resources.ContainsKey(resource))
+ throw new KeyNotFoundException();
+
+ Roles[role].GivePermission(resource, Permission.Deny);
+
+ return this;
+ }
+
+ public ACL ResetPermission(string role, string resource)
+ {
+ if (!Roles.ContainsKey(role))
+ throw new KeyNotFoundException();
+
+ if (!Resources.ContainsKey(resource))
+ throw new KeyNotFoundException();
+
+ Roles[role].GivePermission(resource, Permission.None);
+
+ return this;
+ }
+ }
+ #endregion
+
+ #region Exceptions
+ ///
+ /// Thrown when an ACL attempts to add a duplicate role.
+ ///
+ public class AlreadyContainsRoleException : Exception
+ {
+ protected Role m_role;
+
+ public Role ErrorRole
+ {
+ get { return m_role; }
+ }
+
+ public AlreadyContainsRoleException(Role role)
+ {
+ m_role = role;
+ }
+
+ public override string ToString()
+ {
+ return "This ACL already contains a role called '" + m_role.Name + "'.";
+ }
+ }
+ #endregion
+
+ #region Roles and Resources
+
+ ///
+ /// Does this Role have permission to access a specified Resource?
+ ///
+ public enum Permission { Deny, None, Allow };
+
+ ///
+ /// A role class, for use with Users or Groups
+ ///
+ public class Role
+ {
+ private string m_name;
+ private Role[] m_parents;
+ private Dictionary m_resources = new Dictionary();
+
+ public string Name
+ {
+ get { return m_name; }
+ }
+
+ public Permission RequestPermission(string resource)
+ {
+ return RequestPermission(resource, Permission.None);
+ }
+
+ public Permission RequestPermission(string resource, Permission current)
+ {
+ // Deny permissions always override any others
+ if (current == Permission.Deny)
+ return current;
+
+ Permission temp = Permission.None;
+
+ // Pickup non-None permissions
+ if (m_resources.ContainsKey(resource) && m_resources[resource] != Permission.None)
+ temp = m_resources[resource];
+
+ if (m_parents != null)
+ {
+ foreach (Role parent in m_parents)
+ {
+ temp = parent.RequestPermission(resource, temp);
+ }
+ }
+
+ return temp;
+ }
+
+ public void GivePermission(string resource, Permission perm)
+ {
+ m_resources[resource] = perm;
+ }
+
+ public Role(string name)
+ {
+ m_name = name;
+ m_parents = null;
+ }
+
+ public Role(string name, Role[] parents)
+ {
+ m_name = name;
+ m_parents = parents;
+ }
+ }
+
+ public class Resource
+ {
+ private string m_name;
+
+ public string Name
+ {
+ get { return m_name; }
+ }
+
+ public Resource(string name)
+ {
+ m_name = name;
+ }
+ }
+
+ #endregion
+
+ #region Tests
+
+ class ACLTester
+ {
+ public ACLTester()
+ {
+ ACL acl = new ACL();
+
+ Role Guests = new Role("Guests");
+ acl.AddRole(Guests);
+
+ Role[] parents = new Role[0];
+ parents[0] = Guests;
+
+ Role JoeGuest = new Role("JoeGuest", parents);
+ acl.AddRole(JoeGuest);
+
+ Resource CanBuild = new Resource("CanBuild");
+ acl.AddResource(CanBuild);
+
+
+ acl.GrantPermission("Guests", "CanBuild");
+
+ acl.HasPermission("JoeGuest", "CanBuild");
+
+ }
+ }
+
+ #endregion
+}
--
cgit v1.1