From 7f2ec02802cabc98e93ac872999933b6e5be48e5 Mon Sep 17 00:00:00 2001
From: Adam Frisby
Date: Sun, 21 Oct 2007 22:15:41 +0000
Subject: * Disabled TCP Remoting Channel Security for InterRegion
communication, as it appears we are not implementing this correctly. (need to
set up certificates first) * Documented ACL class
---
OpenSim/Region/Environment/PermissionManager.cs | 653 ++++++++++++------------
1 file changed, 327 insertions(+), 326 deletions(-)
(limited to 'OpenSim/Region/Environment/PermissionManager.cs')
diff --git a/OpenSim/Region/Environment/PermissionManager.cs b/OpenSim/Region/Environment/PermissionManager.cs
index d32ac0b..c40012d 100644
--- a/OpenSim/Region/Environment/PermissionManager.cs
+++ b/OpenSim/Region/Environment/PermissionManager.cs
@@ -1,327 +1,328 @@
-/*
-* Copyright (c) Contributors, http://opensimulator.org/
-* See CONTRIBUTORS.TXT for a full list of copyright holders.
-*
-* Redistribution and use in source and binary forms, with or without
-* modification, are permitted provided that the following conditions are met:
-* * Redistributions of source code must retain the above copyright
-* notice, this list of conditions and the following disclaimer.
-* * Redistributions in binary form must reproduce the above copyright
-* notice, this list of conditions and the following disclaimer in the
-* documentation and/or other materials provided with the distribution.
-* * Neither the name of the OpenSim Project nor the
-* names of its contributors may be used to endorse or promote products
-* derived from this software without specific prior written permission.
-*
-* THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS AS IS AND ANY
-* EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
-* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-* DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY
-* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
-* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
-* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
-* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-*
-*/
-
-using libsecondlife;
-using OpenSim.Region.Environment.LandManagement;
+/*
+* Copyright (c) Contributors, http://opensimulator.org/
+* See CONTRIBUTORS.TXT for a full list of copyright holders.
+*
+* Redistribution and use in source and binary forms, with or without
+* modification, are permitted provided that the following conditions are met:
+* * Redistributions of source code must retain the above copyright
+* notice, this list of conditions and the following disclaimer.
+* * Redistributions in binary form must reproduce the above copyright
+* notice, this list of conditions and the following disclaimer in the
+* documentation and/or other materials provided with the distribution.
+* * Neither the name of the OpenSim Project nor the
+* names of its contributors may be used to endorse or promote products
+* derived from this software without specific prior written permission.
+*
+* THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS AS IS AND ANY
+* EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+* DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY
+* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*
+*/
+
+using libsecondlife;
+using OpenSim.Region.Environment.LandManagement;
using OpenSim.Region.Environment.Scenes;
-
-namespace OpenSim.Region.Environment
-{
- public class PermissionManager
- {
- protected Scene m_scene;
-
- // Bypasses the permissions engine (always returns OK)
- // disable in any production environment
- // TODO: Change this to false when permissions are a desired default
- // TODO: Move to configuration option.
- private bool m_bypassPermissions = true;
-
- public bool BypassPermissions
- {
- get { return m_bypassPermissions; }
- set { m_bypassPermissions = value; }
- }
-
-
- public PermissionManager(Scene scene)
- {
- m_scene = scene;
- }
-
- protected virtual void SendPermissionError(LLUUID user, string reason)
- {
- m_scene.EventManager.TriggerPermissionError(user, reason);
- }
-
- protected virtual bool IsAdministrator(LLUUID user)
- {
- if (m_bypassPermissions)
- {
- return true;
- }
-
- return m_scene.RegionInfo.MasterAvatarAssignedUUID == user;
- }
-
- protected virtual bool IsEstateManager(LLUUID user)
- {
- if (m_bypassPermissions)
- {
- return true;
- }
-
- return false;
- }
-
- protected virtual bool IsGridUser(LLUUID user)
- {
- return true;
- }
-
- protected virtual bool IsGuest(LLUUID user)
- {
- return false;
- }
-
- public virtual bool CanRezObject(LLUUID user, LLVector3 position)
- {
- bool permission = false;
-
- string reason = "Insufficient permission";
-
- if (IsAdministrator(user))
- {
- permission = true;
- }
- else
- {
- reason = "Not an administrator";
- }
-
- if (GenericParcelPermission(user, position))
- {
- permission = true;
- }
- else
- {
- reason = "Not the parcel owner";
- }
-
- if (!permission)
- SendPermissionError(user, reason);
-
- return permission;
- }
-
- #region Object Permissions
-
- protected virtual bool GenericObjectPermission(LLUUID user, LLUUID objId)
- {
- // Default: deny
- bool permission = false;
-
- if (!m_scene.Entities.ContainsKey(objId))
- {
- return false;
- }
-
- // If it's not an object, we cant edit it.
- if (!(m_scene.Entities[objId] is SceneObjectGroup))
- {
- return false;
- }
-
- SceneObjectGroup task = (SceneObjectGroup) m_scene.Entities[objId];
- LLUUID taskOwner = null;
-
- // Object owners should be able to edit their own content
- if (user == taskOwner)
- permission = true;
-
- // Users should be able to edit what is over their land.
- if (m_scene.LandManager.getLandObject(task.AbsolutePosition.X, task.AbsolutePosition.Y).landData.ownerID ==
- user)
- permission = true;
-
- // Estate users should be able to edit anything in the sim
- if (IsEstateManager(user))
- permission = true;
-
- // Admin objects should not be editable by the above
- if (IsAdministrator(taskOwner))
- permission = false;
-
- // Admin should be able to edit anything in the sim (including admin objects)
- if (IsAdministrator(user))
- permission = true;
-
- return permission;
- }
-
- ///
- /// Permissions check - can user delete an object?
- ///
- /// User attempting the delete
- /// Target object
- /// Has permission?
- public virtual bool CanDeRezObject(LLUUID user, LLUUID obj)
- {
- return GenericObjectPermission(user, obj);
- }
-
- public virtual bool CanEditObject(LLUUID user, LLUUID obj)
- {
- return GenericObjectPermission(user, obj);
- }
-
- public virtual bool CanReturnObject(LLUUID user, LLUUID obj)
- {
- return GenericObjectPermission(user, obj);
- }
-
- #endregion
-
- #region Communication Permissions
-
- public virtual bool GenericCommunicationPermission(LLUUID user, LLUUID target)
- {
- bool permission = false;
- string reason = "Only registered users may communicate with another account.";
-
- if (IsGridUser(user))
- permission = true;
-
- if (!IsGridUser(user))
- {
- permission = false;
- reason = "The person that you are messaging is not a registered user.";
- }
- if (IsAdministrator(user))
- permission = true;
-
- if (IsEstateManager(user))
- permission = true;
-
- if (!permission)
- SendPermissionError(user, reason);
-
- return permission;
- }
-
- public virtual bool CanInstantMessage(LLUUID user, LLUUID target)
- {
- return GenericCommunicationPermission(user, target);
- }
-
- public virtual bool CanInventoryTransfer(LLUUID user, LLUUID target)
- {
- return GenericCommunicationPermission(user, target);
- }
-
- #endregion
-
- public virtual bool CanEditScript(LLUUID user, LLUUID script)
- {
- return IsAdministrator(user);
- }
-
- public virtual bool CanRunScript(LLUUID user, LLUUID script)
- {
- return IsAdministrator(user);
- }
-
- public virtual bool CanTerraform(LLUUID user, LLVector3 position)
- {
- bool permission = false;
-
- // Estate override
- if (GenericEstatePermission(user))
- permission = true;
-
- // Land owner can terraform too
- if (GenericParcelPermission(user, m_scene.LandManager.getLandObject(position.X, position.Y)))
- permission = true;
-
- if (!permission)
- SendPermissionError(user, "Not authorized to terraform at this location.");
-
- return permission;
- }
-
- #region Estate Permissions
-
- protected virtual bool GenericEstatePermission(LLUUID user)
- {
- // Default: deny
- bool permission = false;
-
- // Estate admins should be able to use estate tools
- if (IsEstateManager(user))
- permission = true;
-
- // Administrators always have permission
- if (IsAdministrator(user))
- permission = true;
-
- return permission;
- }
-
- public virtual bool CanEditEstateTerrain(LLUUID user)
- {
- return GenericEstatePermission(user);
- }
-
- #endregion
-
- #region Parcel Permissions
-
- protected virtual bool GenericParcelPermission(LLUUID user, Land parcel)
- {
- bool permission = false;
-
- if (parcel.landData.ownerID == user)
- permission = true;
-
- if (parcel.landData.isGroupOwned)
- {
- // TODO: Need to do some extra checks here. Requires group code.
- }
-
- if (IsEstateManager(user))
- permission = true;
-
- if (IsAdministrator(user))
- permission = true;
-
- return permission;
- }
-
- protected virtual bool GenericParcelPermission(LLUUID user, LLVector3 pos)
- {
- return GenericParcelPermission(user, m_scene.LandManager.getLandObject(pos.X, pos.Y));
- }
-
- public virtual bool CanEditParcel(LLUUID user, Land parcel)
- {
- return GenericParcelPermission(user, parcel);
- }
-
- public virtual bool CanSellParcel(LLUUID user, Land parcel)
- {
- return GenericParcelPermission(user, parcel);
- }
-
- public virtual bool CanAbandonParcel(LLUUID user, Land parcel)
- {
- return GenericParcelPermission(user, parcel);
- }
-
- #endregion
- }
-}
+using OpenSim.Framework.PolicyManager;
+
+namespace OpenSim.Region.Environment
+{
+ public class PermissionManager
+ {
+ protected Scene m_scene;
+
+ // Bypasses the permissions engine (always returns OK)
+ // disable in any production environment
+ // TODO: Change this to false when permissions are a desired default
+ // TODO: Move to configuration option.
+ private bool m_bypassPermissions = true;
+
+ public bool BypassPermissions
+ {
+ get { return m_bypassPermissions; }
+ set { m_bypassPermissions = value; }
+ }
+
+
+ public PermissionManager(Scene scene)
+ {
+ m_scene = scene;
+ }
+
+ protected virtual void SendPermissionError(LLUUID user, string reason)
+ {
+ m_scene.EventManager.TriggerPermissionError(user, reason);
+ }
+
+ protected virtual bool IsAdministrator(LLUUID user)
+ {
+ if (m_bypassPermissions)
+ {
+ return true;
+ }
+
+ return m_scene.RegionInfo.MasterAvatarAssignedUUID == user;
+ }
+
+ protected virtual bool IsEstateManager(LLUUID user)
+ {
+ if (m_bypassPermissions)
+ {
+ return true;
+ }
+
+ return false;
+ }
+
+ protected virtual bool IsGridUser(LLUUID user)
+ {
+ return true;
+ }
+
+ protected virtual bool IsGuest(LLUUID user)
+ {
+ return false;
+ }
+
+ public virtual bool CanRezObject(LLUUID user, LLVector3 position)
+ {
+ bool permission = false;
+
+ string reason = "Insufficient permission";
+
+ if (IsAdministrator(user))
+ {
+ permission = true;
+ }
+ else
+ {
+ reason = "Not an administrator";
+ }
+
+ if (GenericParcelPermission(user, position))
+ {
+ permission = true;
+ }
+ else
+ {
+ reason = "Not the parcel owner";
+ }
+
+ if (!permission)
+ SendPermissionError(user, reason);
+
+ return permission;
+ }
+
+ #region Object Permissions
+
+ protected virtual bool GenericObjectPermission(LLUUID user, LLUUID objId)
+ {
+ // Default: deny
+ bool permission = false;
+
+ if (!m_scene.Entities.ContainsKey(objId))
+ {
+ return false;
+ }
+
+ // If it's not an object, we cant edit it.
+ if (!(m_scene.Entities[objId] is SceneObjectGroup))
+ {
+ return false;
+ }
+
+ SceneObjectGroup task = (SceneObjectGroup) m_scene.Entities[objId];
+ LLUUID taskOwner = null;
+
+ // Object owners should be able to edit their own content
+ if (user == taskOwner)
+ permission = true;
+
+ // Users should be able to edit what is over their land.
+ if (m_scene.LandManager.getLandObject(task.AbsolutePosition.X, task.AbsolutePosition.Y).landData.ownerID ==
+ user)
+ permission = true;
+
+ // Estate users should be able to edit anything in the sim
+ if (IsEstateManager(user))
+ permission = true;
+
+ // Admin objects should not be editable by the above
+ if (IsAdministrator(taskOwner))
+ permission = false;
+
+ // Admin should be able to edit anything in the sim (including admin objects)
+ if (IsAdministrator(user))
+ permission = true;
+
+ return permission;
+ }
+
+ ///
+ /// Permissions check - can user delete an object?
+ ///
+ /// User attempting the delete
+ /// Target object
+ /// Has permission?
+ public virtual bool CanDeRezObject(LLUUID user, LLUUID obj)
+ {
+ return GenericObjectPermission(user, obj);
+ }
+
+ public virtual bool CanEditObject(LLUUID user, LLUUID obj)
+ {
+ return GenericObjectPermission(user, obj);
+ }
+
+ public virtual bool CanReturnObject(LLUUID user, LLUUID obj)
+ {
+ return GenericObjectPermission(user, obj);
+ }
+
+ #endregion
+
+ #region Communication Permissions
+
+ public virtual bool GenericCommunicationPermission(LLUUID user, LLUUID target)
+ {
+ bool permission = false;
+ string reason = "Only registered users may communicate with another account.";
+
+ if (IsGridUser(user))
+ permission = true;
+
+ if (!IsGridUser(user))
+ {
+ permission = false;
+ reason = "The person that you are messaging is not a registered user.";
+ }
+ if (IsAdministrator(user))
+ permission = true;
+
+ if (IsEstateManager(user))
+ permission = true;
+
+ if (!permission)
+ SendPermissionError(user, reason);
+
+ return permission;
+ }
+
+ public virtual bool CanInstantMessage(LLUUID user, LLUUID target)
+ {
+ return GenericCommunicationPermission(user, target);
+ }
+
+ public virtual bool CanInventoryTransfer(LLUUID user, LLUUID target)
+ {
+ return GenericCommunicationPermission(user, target);
+ }
+
+ #endregion
+
+ public virtual bool CanEditScript(LLUUID user, LLUUID script)
+ {
+ return IsAdministrator(user);
+ }
+
+ public virtual bool CanRunScript(LLUUID user, LLUUID script)
+ {
+ return IsAdministrator(user);
+ }
+
+ public virtual bool CanTerraform(LLUUID user, LLVector3 position)
+ {
+ bool permission = false;
+
+ // Estate override
+ if (GenericEstatePermission(user))
+ permission = true;
+
+ // Land owner can terraform too
+ if (GenericParcelPermission(user, m_scene.LandManager.getLandObject(position.X, position.Y)))
+ permission = true;
+
+ if (!permission)
+ SendPermissionError(user, "Not authorized to terraform at this location.");
+
+ return permission;
+ }
+
+ #region Estate Permissions
+
+ protected virtual bool GenericEstatePermission(LLUUID user)
+ {
+ // Default: deny
+ bool permission = false;
+
+ // Estate admins should be able to use estate tools
+ if (IsEstateManager(user))
+ permission = true;
+
+ // Administrators always have permission
+ if (IsAdministrator(user))
+ permission = true;
+
+ return permission;
+ }
+
+ public virtual bool CanEditEstateTerrain(LLUUID user)
+ {
+ return GenericEstatePermission(user);
+ }
+
+ #endregion
+
+ #region Parcel Permissions
+
+ protected virtual bool GenericParcelPermission(LLUUID user, Land parcel)
+ {
+ bool permission = false;
+
+ if (parcel.landData.ownerID == user)
+ permission = true;
+
+ if (parcel.landData.isGroupOwned)
+ {
+ // TODO: Need to do some extra checks here. Requires group code.
+ }
+
+ if (IsEstateManager(user))
+ permission = true;
+
+ if (IsAdministrator(user))
+ permission = true;
+
+ return permission;
+ }
+
+ protected virtual bool GenericParcelPermission(LLUUID user, LLVector3 pos)
+ {
+ return GenericParcelPermission(user, m_scene.LandManager.getLandObject(pos.X, pos.Y));
+ }
+
+ public virtual bool CanEditParcel(LLUUID user, Land parcel)
+ {
+ return GenericParcelPermission(user, parcel);
+ }
+
+ public virtual bool CanSellParcel(LLUUID user, Land parcel)
+ {
+ return GenericParcelPermission(user, parcel);
+ }
+
+ public virtual bool CanAbandonParcel(LLUUID user, Land parcel)
+ {
+ return GenericParcelPermission(user, parcel);
+ }
+
+ #endregion
+ }
+}
--
cgit v1.1