From 51b208e96c881bd322b3769b843f0ebae3c09a84 Mon Sep 17 00:00:00 2001 From: Justin Clark-Casey (justincc) Date: Tue, 13 Jul 2010 23:19:45 +0100 Subject: implement prim media control permissions serverside in order to stop bad clients --- .../World/Permissions/PermissionsModule.cs | 43 +++++++++++++++++++++- 1 file changed, 42 insertions(+), 1 deletion(-) (limited to 'OpenSim/Region/CoreModules/World/Permissions') diff --git a/OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs b/OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs index 69b247c..358ea59 100644 --- a/OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs +++ b/OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs @@ -164,6 +164,7 @@ namespace OpenSim.Region.CoreModules.World.Permissions private Dictionary GrantYP = new Dictionary(); private IFriendsModule m_friendsModule; private IGroupsModule m_groupsModule; + private IMoapModule m_moapModule; #endregion @@ -248,6 +249,8 @@ namespace OpenSim.Region.CoreModules.World.Permissions m_scene.Permissions.OnDeleteUserInventory += CanDeleteUserInventory; //NOT YET IMPLEMENTED m_scene.Permissions.OnTeleport += CanTeleport; //NOT YET IMPLEMENTED + + m_scene.Permissions.OnControlPrimMedia += CanControlPrimMedia; m_scene.AddCommand(this, "bypass permissions", "bypass permissions ", @@ -393,6 +396,8 @@ namespace OpenSim.Region.CoreModules.World.Permissions if (m_groupsModule == null) m_log.Warn("[PERMISSIONS]: Groups module not found, group permissions will not work"); + + m_moapModule = m_scene.RequestModuleInterface(); } public void Close() @@ -1893,5 +1898,41 @@ namespace OpenSim.Region.CoreModules.World.Permissions } return(false); } + + private bool CanControlPrimMedia(UUID agentID, UUID primID, int face) + { + if (null == m_moapModule) + return false; + + SceneObjectPart part = m_scene.GetSceneObjectPart(primID); + if (null == part) + return false; + + MediaEntry me = m_moapModule.GetMediaEntry(part, face); + + // If there is no existing media entry then it can be controlled (in this context, created). + if (null == me) + return true; + + if (IsAdministrator(agentID)) + return true; + + if ((me.ControlPermissions & MediaPermission.Anyone) == MediaPermission.Anyone) + return true; + + if ((me.ControlPermissions & MediaPermission.Owner) == MediaPermission.Owner) + { + if (agentID == part.OwnerID) + return true; + } + + if ((me.ControlPermissions & MediaPermission.Group) == MediaPermission.Group) + { + if (IsGroupMember(part.GroupID, agentID, 0)) + return true; + } + + return false; + } } -} +} \ No newline at end of file -- cgit v1.1 From a9101feb107e5d210c93df5ee3119d827a1c8320 Mon Sep 17 00:00:00 2001 From: Justin Clark-Casey (justincc) Date: Tue, 13 Jul 2010 23:46:49 +0100 Subject: factor out soon to be common media permissions check code --- .../CoreModules/World/Permissions/PermissionsModule.cs | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) (limited to 'OpenSim/Region/CoreModules/World/Permissions') diff --git a/OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs b/OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs index 358ea59..2344e96 100644 --- a/OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs +++ b/OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs @@ -1914,25 +1914,30 @@ namespace OpenSim.Region.CoreModules.World.Permissions if (null == me) return true; + return GenericPrimMediaPermission(part, agentID, me.ControlPermissions); + } + + private bool GenericPrimMediaPermission(SceneObjectPart part, UUID agentID, MediaPermission perms) + { if (IsAdministrator(agentID)) return true; - if ((me.ControlPermissions & MediaPermission.Anyone) == MediaPermission.Anyone) + if ((perms & MediaPermission.Anyone) == MediaPermission.Anyone) return true; - if ((me.ControlPermissions & MediaPermission.Owner) == MediaPermission.Owner) + if ((perms & MediaPermission.Owner) == MediaPermission.Owner) { if (agentID == part.OwnerID) return true; } - if ((me.ControlPermissions & MediaPermission.Group) == MediaPermission.Group) + if ((perms & MediaPermission.Group) == MediaPermission.Group) { if (IsGroupMember(part.GroupID, agentID, 0)) return true; } - return false; + return false; } } } \ No newline at end of file -- cgit v1.1 From ee6cd884c9732b492675e043fe318ffcdfecc45d Mon Sep 17 00:00:00 2001 From: Justin Clark-Casey (justincc) Date: Tue, 13 Jul 2010 23:58:19 +0100 Subject: implement serverside checks for media texture navigation in order to stop naughty clients --- .../World/Permissions/PermissionsModule.cs | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) (limited to 'OpenSim/Region/CoreModules/World/Permissions') diff --git a/OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs b/OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs index 2344e96..3a690af 100644 --- a/OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs +++ b/OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs @@ -251,6 +251,7 @@ namespace OpenSim.Region.CoreModules.World.Permissions m_scene.Permissions.OnTeleport += CanTeleport; //NOT YET IMPLEMENTED m_scene.Permissions.OnControlPrimMedia += CanControlPrimMedia; + m_scene.Permissions.OnInteractWithPrimMedia += CanInteractWithPrimMedia; m_scene.AddCommand(this, "bypass permissions", "bypass permissions ", @@ -1915,7 +1916,25 @@ namespace OpenSim.Region.CoreModules.World.Permissions return true; return GenericPrimMediaPermission(part, agentID, me.ControlPermissions); - } + } + + private bool CanInteractWithPrimMedia(UUID agentID, UUID primID, int face) + { + if (null == m_moapModule) + return false; + + SceneObjectPart part = m_scene.GetSceneObjectPart(primID); + if (null == part) + return false; + + MediaEntry me = m_moapModule.GetMediaEntry(part, face); + + // If there is no existing media entry then it can be controlled (in this context, created). + if (null == me) + return true; + + return GenericPrimMediaPermission(part, agentID, me.InteractPermissions); + } private bool GenericPrimMediaPermission(SceneObjectPart part, UUID agentID, MediaPermission perms) { -- cgit v1.1 From 049ccba8d3b71583f9f1aa7d13ca4a7f60501871 Mon Sep 17 00:00:00 2001 From: Justin Clark-Casey (justincc) Date: Wed, 14 Jul 2010 23:26:24 +0100 Subject: fix previous media interact serverside checking. perform very basic serverside url whitelist checks at the moment, only checking for the exact name prefix is implemented for some reason, whitelists are not persisting this commit also fixes a very recent problem where setting any media texture parameters after the initial configuration would not work --- .../World/Permissions/PermissionsModule.cs | 30 ++++++++++++++++++---- 1 file changed, 25 insertions(+), 5 deletions(-) (limited to 'OpenSim/Region/CoreModules/World/Permissions') diff --git a/OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs b/OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs index 3a690af..7f6f851 100644 --- a/OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs +++ b/OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs @@ -178,7 +178,7 @@ namespace OpenSim.Region.CoreModules.World.Permissions string permissionModules = myConfig.GetString("permissionmodules", "DefaultPermissionsModule"); - List modules=new List(permissionModules.Split(',')); + List modules = new List(permissionModules.Split(',')); if (!modules.Contains("DefaultPermissionsModule")) return; @@ -399,6 +399,10 @@ namespace OpenSim.Region.CoreModules.World.Permissions m_log.Warn("[PERMISSIONS]: Groups module not found, group permissions will not work"); m_moapModule = m_scene.RequestModuleInterface(); + + // This log line will be commented out when no longer required for debugging + if (m_moapModule == null) + m_log.Warn("[PERMISSIONS]: Media on a prim module not found, media on a prim permissions will not work"); } public void Close() @@ -1901,7 +1905,11 @@ namespace OpenSim.Region.CoreModules.World.Permissions } private bool CanControlPrimMedia(UUID agentID, UUID primID, int face) - { + { +// m_log.DebugFormat( +// "[PERMISSONS]: Performing CanControlPrimMedia check with agentID {0}, primID {1}, face {2}", +// agentID, primID, face); + if (null == m_moapModule) return false; @@ -1909,17 +1917,25 @@ namespace OpenSim.Region.CoreModules.World.Permissions if (null == part) return false; - MediaEntry me = m_moapModule.GetMediaEntry(part, face); + MediaEntry me = m_moapModule.GetMediaEntry(part, face); // If there is no existing media entry then it can be controlled (in this context, created). if (null == me) return true; + m_log.DebugFormat( + "[PERMISSIONS]: Checking CanControlPrimMedia for {0} on {1} face {2} with control permissions {3}", + agentID, primID, face, me.ControlPermissions); + return GenericPrimMediaPermission(part, agentID, me.ControlPermissions); } private bool CanInteractWithPrimMedia(UUID agentID, UUID primID, int face) { +// m_log.DebugFormat( +// "[PERMISSONS]: Performing CanInteractWithPrimMedia check with agentID {0}, primID {1}, face {2}", +// agentID, primID, face); + if (null == m_moapModule) return false; @@ -1933,13 +1949,17 @@ namespace OpenSim.Region.CoreModules.World.Permissions if (null == me) return true; + m_log.DebugFormat( + "[PERMISSIONS]: Checking CanInteractWithPrimMedia for {0} on {1} face {2} with interact permissions {3}", + agentID, primID, face, me.InteractPermissions); + return GenericPrimMediaPermission(part, agentID, me.InteractPermissions); } private bool GenericPrimMediaPermission(SceneObjectPart part, UUID agentID, MediaPermission perms) { - if (IsAdministrator(agentID)) - return true; +// if (IsAdministrator(agentID)) +// return true; if ((perms & MediaPermission.Anyone) == MediaPermission.Anyone) return true; -- cgit v1.1 From 4d23749241eb002c3815aa18789e8c3ffd44bfc1 Mon Sep 17 00:00:00 2001 From: Justin Clark-Casey (justincc) Date: Mon, 26 Jul 2010 21:41:39 +0100 Subject: provide config option for media on a prim --- OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'OpenSim/Region/CoreModules/World/Permissions') diff --git a/OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs b/OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs index 7f6f851..982ac52 100644 --- a/OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs +++ b/OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs @@ -401,8 +401,8 @@ namespace OpenSim.Region.CoreModules.World.Permissions m_moapModule = m_scene.RequestModuleInterface(); // This log line will be commented out when no longer required for debugging - if (m_moapModule == null) - m_log.Warn("[PERMISSIONS]: Media on a prim module not found, media on a prim permissions will not work"); +// if (m_moapModule == null) +// m_log.Warn("[PERMISSIONS]: Media on a prim module not found, media on a prim permissions will not work"); } public void Close() -- cgit v1.1 From 5aa56b12743c19a68cb371609be797e5fb3e2c4b Mon Sep 17 00:00:00 2001 From: Justin Clark-Casey (justincc) Date: Wed, 28 Jul 2010 18:55:29 +0100 Subject: Fix problem where changes to media textures for prims duplicated by shify copy would change both prims until server restart I also found out that you can crash the current viewer by giving it more media entrys than it's expecting --- .../CoreModules/World/Permissions/PermissionsModule.cs | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'OpenSim/Region/CoreModules/World/Permissions') diff --git a/OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs b/OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs index 982ac52..3a642f4 100644 --- a/OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs +++ b/OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs @@ -1923,9 +1923,9 @@ namespace OpenSim.Region.CoreModules.World.Permissions if (null == me) return true; - m_log.DebugFormat( - "[PERMISSIONS]: Checking CanControlPrimMedia for {0} on {1} face {2} with control permissions {3}", - agentID, primID, face, me.ControlPermissions); +// m_log.DebugFormat( +// "[PERMISSIONS]: Checking CanControlPrimMedia for {0} on {1} face {2} with control permissions {3}", +// agentID, primID, face, me.ControlPermissions); return GenericPrimMediaPermission(part, agentID, me.ControlPermissions); } @@ -1949,9 +1949,9 @@ namespace OpenSim.Region.CoreModules.World.Permissions if (null == me) return true; - m_log.DebugFormat( - "[PERMISSIONS]: Checking CanInteractWithPrimMedia for {0} on {1} face {2} with interact permissions {3}", - agentID, primID, face, me.InteractPermissions); +// m_log.DebugFormat( +// "[PERMISSIONS]: Checking CanInteractWithPrimMedia for {0} on {1} face {2} with interact permissions {3}", +// agentID, primID, face, me.InteractPermissions); return GenericPrimMediaPermission(part, agentID, me.InteractPermissions); } -- cgit v1.1