From 9090a907692e7deaafd79150bf6482507be86d55 Mon Sep 17 00:00:00 2001 From: Adam Frisby Date: Sun, 16 Aug 2009 03:48:16 +1000 Subject: * Beginnings of a Security Credential system in MRM. This will eventually lead to trusted execution of untrusted MRMs. --- OpenSim/Region/OptionalModules/Scripting/Minimodule/SOPObject.cs | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'OpenSim/Region/OptionalModules/Scripting/Minimodule/SOPObject.cs') diff --git a/OpenSim/Region/OptionalModules/Scripting/Minimodule/SOPObject.cs b/OpenSim/Region/OptionalModules/Scripting/Minimodule/SOPObject.cs index bc26389..fa9ef53 100644 --- a/OpenSim/Region/OptionalModules/Scripting/Minimodule/SOPObject.cs +++ b/OpenSim/Region/OptionalModules/Scripting/Minimodule/SOPObject.cs @@ -42,13 +42,22 @@ namespace OpenSim.Region.OptionalModules.Scripting.Minimodule { private readonly Scene m_rootScene; private readonly uint m_localID; + private readonly ISecurityCredential m_security; + [Obsolete("Replace with 'credential' constructor [security]")] public SOPObject(Scene rootScene, uint localID) { m_rootScene = rootScene; m_localID = localID; } + public SOPObject(Scene rootScene, uint localID, ISecurityCredential credential) + { + m_rootScene = rootScene; + m_localID = localID; + m_security = credential; + } + /// /// This needs to run very, very quickly. /// It is utilized in nearly every property and method. -- cgit v1.1 From 975c49a399d2822b93496d7abea8587c9f8c7af4 Mon Sep 17 00:00:00 2001 From: Adam Frisby Date: Sun, 16 Aug 2009 21:20:45 +1000 Subject: * [MRM] Implements permission checks on IObject implementations in SOPObject.cs. Does not implement security on IObjectInventory yet. --- .../Scripting/Minimodule/SOPObject.cs | 86 +++++++++++++++++++--- 1 file changed, 77 insertions(+), 9 deletions(-) (limited to 'OpenSim/Region/OptionalModules/Scripting/Minimodule/SOPObject.cs') diff --git a/OpenSim/Region/OptionalModules/Scripting/Minimodule/SOPObject.cs b/OpenSim/Region/OptionalModules/Scripting/Minimodule/SOPObject.cs index fa9ef53..674c9e0 100644 --- a/OpenSim/Region/OptionalModules/Scripting/Minimodule/SOPObject.cs +++ b/OpenSim/Region/OptionalModules/Scripting/Minimodule/SOPObject.cs @@ -27,6 +27,7 @@ using System; using System.Collections.Generic; +using System.Security; using OpenMetaverse; using OpenMetaverse.Packets; using OpenSim.Framework; @@ -68,6 +69,15 @@ namespace OpenSim.Region.OptionalModules.Scripting.Minimodule return m_rootScene.GetSceneObjectPart(m_localID); } + private bool CanEdit() + { + if(!m_security.CanEditObject(this)) + { + throw new SecurityException("Insufficient Permission to edit object with UUID [" + GetSOP().UUID + "]"); + } + return true; + } + #region OnTouch private event OnTouchDelegate _OnTouch; @@ -139,13 +149,21 @@ namespace OpenSim.Region.OptionalModules.Scripting.Minimodule public string Name { get { return GetSOP().Name; } - set { GetSOP().Name = value; } + set + { + if (CanEdit()) + GetSOP().Name = value; + } } public string Description { get { return GetSOP().Description; } - set { GetSOP().Description = value; } + set + { + if (CanEdit()) + GetSOP().Description = value; + } } public IObject[] Children @@ -169,7 +187,7 @@ namespace OpenSim.Region.OptionalModules.Scripting.Minimodule public IObject Root { - get { return new SOPObject(m_rootScene, GetSOP().ParentGroup.RootPart.LocalId); } + get { return new SOPObject(m_rootScene, GetSOP().ParentGroup.RootPart.LocalId, m_security); } } public IObjectMaterial[] Materials @@ -191,7 +209,11 @@ namespace OpenSim.Region.OptionalModules.Scripting.Minimodule public Vector3 Scale { get { return GetSOP().Scale; } - set { GetSOP().Scale = value; } + set + { + if (CanEdit()) + GetSOP().Scale = value; + } } public Quaternion WorldRotation @@ -211,15 +233,24 @@ namespace OpenSim.Region.OptionalModules.Scripting.Minimodule get { return GetSOP().AbsolutePosition; } set { - SceneObjectPart pos = GetSOP(); - pos.UpdateOffSet(value - pos.AbsolutePosition); + if (CanEdit()) + { + SceneObjectPart pos = GetSOP(); + pos.UpdateOffSet(value - pos.AbsolutePosition); + } } } public Vector3 OffsetPosition { get { return GetSOP().OffsetPosition; } - set { GetSOP().OffsetPosition = value; } + set + { + if (CanEdit()) + { + GetSOP().OffsetPosition = value; + } + } } public Vector3 SitTarget @@ -319,8 +350,10 @@ namespace OpenSim.Region.OptionalModules.Scripting.Minimodule public void Say(string msg) { - SceneObjectPart sop = GetSOP(); + if (!CanEdit()) + return; + SceneObjectPart sop = GetSOP(); m_rootScene.SimChat(msg, ChatTypeEnum.Say, sop.AbsolutePosition, sop.Name, sop.UUID, false); } @@ -512,6 +545,9 @@ namespace OpenSim.Region.OptionalModules.Scripting.Minimodule } set { + if (!CanEdit()) + return; + GetSOP().PhysActor.RotationalVelocity = new PhysicsVector(value.X, value.Y, value.Z); } } @@ -525,6 +561,9 @@ namespace OpenSim.Region.OptionalModules.Scripting.Minimodule } set { + if (!CanEdit()) + return; + GetSOP().PhysActor.Velocity = new PhysicsVector(value.X, value.Y, value.Z); } } @@ -538,6 +577,9 @@ namespace OpenSim.Region.OptionalModules.Scripting.Minimodule } set { + if (!CanEdit()) + return; + GetSOP().PhysActor.Torque = new PhysicsVector(value.X, value.Y, value.Z); } } @@ -560,27 +602,44 @@ namespace OpenSim.Region.OptionalModules.Scripting.Minimodule } set { + if (!CanEdit()) + return; + GetSOP().PhysActor.Force = new PhysicsVector(value.X, value.Y, value.Z); } } public bool FloatOnWater { - set { GetSOP().PhysActor.FloatOnWater = value; } + set + { + if (!CanEdit()) + return; + GetSOP().PhysActor.FloatOnWater = value; + } } public void AddForce(Vector3 force, bool pushforce) { + if (!CanEdit()) + return; + GetSOP().PhysActor.AddForce(new PhysicsVector(force.X, force.Y, force.Z), pushforce); } public void AddAngularForce(Vector3 force, bool pushforce) { + if (!CanEdit()) + return; + GetSOP().PhysActor.AddAngularForce(new PhysicsVector(force.X, force.Y, force.Z), pushforce); } public void SetMomentum(Vector3 momentum) { + if (!CanEdit()) + return; + GetSOP().PhysActor.SetMomentum(new PhysicsVector(momentum.X, momentum.Y, momentum.Z)); } @@ -595,6 +654,9 @@ namespace OpenSim.Region.OptionalModules.Scripting.Minimodule get { return m_sculptMap; } set { + if (!CanEdit()) + return; + m_sculptMap = value; SetPrimitiveSculpted(SculptMap, (byte) SculptType); } @@ -607,6 +669,9 @@ namespace OpenSim.Region.OptionalModules.Scripting.Minimodule get { return m_sculptType; } set { + if(!CanEdit()) + return; + m_sculptType = value; SetPrimitiveSculpted(SculptMap, (byte) SculptType); } @@ -663,6 +728,9 @@ namespace OpenSim.Region.OptionalModules.Scripting.Minimodule public void Play(UUID asset, double volume) { + if (!CanEdit()) + return; + GetSOP().SendSound(asset.ToString(), volume, true, 0); } -- cgit v1.1 From adae13cd185b17b4644f2d939b1970aab309097a Mon Sep 17 00:00:00 2001 From: Adam Frisby Date: Sun, 16 Aug 2009 21:36:33 +1000 Subject: * [MRM] Added permission checks to MRM Events (ie, requires edit permission to bind to OnTouch) --- .../OptionalModules/Scripting/Minimodule/SOPObject.cs | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) (limited to 'OpenSim/Region/OptionalModules/Scripting/Minimodule/SOPObject.cs') diff --git a/OpenSim/Region/OptionalModules/Scripting/Minimodule/SOPObject.cs b/OpenSim/Region/OptionalModules/Scripting/Minimodule/SOPObject.cs index 674c9e0..2e3ed3c 100644 --- a/OpenSim/Region/OptionalModules/Scripting/Minimodule/SOPObject.cs +++ b/OpenSim/Region/OptionalModules/Scripting/Minimodule/SOPObject.cs @@ -87,14 +87,17 @@ namespace OpenSim.Region.OptionalModules.Scripting.Minimodule { add { - if (!_OnTouchActive) + if (CanEdit()) { - GetSOP().Flags |= PrimFlags.Touch; - _OnTouchActive = true; - m_rootScene.EventManager.OnObjectGrab += EventManager_OnObjectGrab; + if (!_OnTouchActive) + { + GetSOP().Flags |= PrimFlags.Touch; + _OnTouchActive = true; + m_rootScene.EventManager.OnObjectGrab += EventManager_OnObjectGrab; + } + + _OnTouch += value; } - - _OnTouch += value; } remove { -- cgit v1.1 From b28e82654150edd0ef21fc8361c023a99186d658 Mon Sep 17 00:00:00 2001 From: Adam Frisby Date: Sun, 16 Aug 2009 21:41:57 +1000 Subject: * Implements ISecurityCredential on all uses of SOPObject.cs except Avatar Attachments. --- OpenSim/Region/OptionalModules/Scripting/Minimodule/SOPObject.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'OpenSim/Region/OptionalModules/Scripting/Minimodule/SOPObject.cs') diff --git a/OpenSim/Region/OptionalModules/Scripting/Minimodule/SOPObject.cs b/OpenSim/Region/OptionalModules/Scripting/Minimodule/SOPObject.cs index 2e3ed3c..bdc7a15 100644 --- a/OpenSim/Region/OptionalModules/Scripting/Minimodule/SOPObject.cs +++ b/OpenSim/Region/OptionalModules/Scripting/Minimodule/SOPObject.cs @@ -181,7 +181,7 @@ namespace OpenSim.Region.OptionalModules.Scripting.Minimodule int i = 0; foreach (KeyValuePair pair in my.ParentGroup.Children) { - rets[i++] = new SOPObject(m_rootScene, pair.Value.LocalId); + rets[i++] = new SOPObject(m_rootScene, pair.Value.LocalId, m_security); } return rets; -- cgit v1.1 From cbd454d69231598daf6748070fb5f0baace61c59 Mon Sep 17 00:00:00 2001 From: Adam Frisby Date: Sun, 16 Aug 2009 22:01:18 +1000 Subject: * Implements ISecurityCredential member on SPAvatar, SPAvatarAttachment * Disables 'event not used' warning for IRCClientView; cuts OpenSim total warnings back. --- OpenSim/Region/OptionalModules/Scripting/Minimodule/SOPObject.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'OpenSim/Region/OptionalModules/Scripting/Minimodule/SOPObject.cs') diff --git a/OpenSim/Region/OptionalModules/Scripting/Minimodule/SOPObject.cs b/OpenSim/Region/OptionalModules/Scripting/Minimodule/SOPObject.cs index bdc7a15..35b0a0f 100644 --- a/OpenSim/Region/OptionalModules/Scripting/Minimodule/SOPObject.cs +++ b/OpenSim/Region/OptionalModules/Scripting/Minimodule/SOPObject.cs @@ -117,7 +117,7 @@ namespace OpenSim.Region.OptionalModules.Scripting.Minimodule if (_OnTouchActive && m_localID == localID) { TouchEventArgs e = new TouchEventArgs(); - e.Avatar = new SPAvatar(m_rootScene, remoteClient.AgentId); + e.Avatar = new SPAvatar(m_rootScene, remoteClient.AgentId, m_security); e.TouchBiNormal = surfaceArgs.Binormal; e.TouchMaterialIndex = surfaceArgs.FaceIndex; e.TouchNormal = surfaceArgs.Normal; -- cgit v1.1 From 58d2775ff29c1a4faa26302515c7a6cbd8bdb764 Mon Sep 17 00:00:00 2001 From: Jeff Ames Date: Mon, 17 Aug 2009 02:05:12 +0900 Subject: Add copyright header. Formatting cleanup. --- OpenSim/Region/OptionalModules/Scripting/Minimodule/SOPObject.cs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'OpenSim/Region/OptionalModules/Scripting/Minimodule/SOPObject.cs') diff --git a/OpenSim/Region/OptionalModules/Scripting/Minimodule/SOPObject.cs b/OpenSim/Region/OptionalModules/Scripting/Minimodule/SOPObject.cs index 35b0a0f..292e345 100644 --- a/OpenSim/Region/OptionalModules/Scripting/Minimodule/SOPObject.cs +++ b/OpenSim/Region/OptionalModules/Scripting/Minimodule/SOPObject.cs @@ -71,7 +71,7 @@ namespace OpenSim.Region.OptionalModules.Scripting.Minimodule private bool CanEdit() { - if(!m_security.CanEditObject(this)) + if (!m_security.CanEditObject(this)) { throw new SecurityException("Insufficient Permission to edit object with UUID [" + GetSOP().UUID + "]"); } @@ -672,7 +672,7 @@ namespace OpenSim.Region.OptionalModules.Scripting.Minimodule get { return m_sculptType; } set { - if(!CanEdit()) + if (!CanEdit()) return; m_sculptType = value; -- cgit v1.1