diff options
author | Justin Clarke Casey | 2008-11-13 18:52:16 +0000 |
---|---|---|
committer | Justin Clarke Casey | 2008-11-13 18:52:16 +0000 |
commit | ef601d805ab948caf1ab4dcf4f5ee2ff640be1df (patch) | |
tree | 8c7c5390eac69b258c28ecab121a94ad566446e3 | |
parent | * Attempt to make OpenSim.ini.example a bit more readable by (diff) | |
download | opensim-SC_OLD-ef601d805ab948caf1ab4dcf4f5ee2ff640be1df.zip opensim-SC_OLD-ef601d805ab948caf1ab4dcf4f5ee2ff640be1df.tar.gz opensim-SC_OLD-ef601d805ab948caf1ab4dcf4f5ee2ff640be1df.tar.bz2 opensim-SC_OLD-ef601d805ab948caf1ab4dcf4f5ee2ff640be1df.tar.xz |
* First part of a series of patches
* Intension is to provide a way to lock down script creation to administrators/gods only
* Defaults will remain as they are at the moment
Diffstat (limited to '')
4 files changed, 39 insertions, 21 deletions
diff --git a/OpenSim/Region/Environment/Modules/World/Permissions/PermissionsModule.cs b/OpenSim/Region/Environment/Modules/World/Permissions/PermissionsModule.cs index 5d48cbd..b6b7d4a 100644 --- a/OpenSim/Region/Environment/Modules/World/Permissions/PermissionsModule.cs +++ b/OpenSim/Region/Environment/Modules/World/Permissions/PermissionsModule.cs | |||
@@ -142,7 +142,6 @@ namespace OpenSim.Region.Environment.Modules.World.Permissions | |||
142 | return; | 142 | return; |
143 | 143 | ||
144 | m_allowGridGods = myConfig.GetBoolean("allow_grid_gods", false); | 144 | m_allowGridGods = myConfig.GetBoolean("allow_grid_gods", false); |
145 | |||
146 | m_bypassPermissions = !myConfig.GetBoolean("serverside_object_permissions", true); | 145 | m_bypassPermissions = !myConfig.GetBoolean("serverside_object_permissions", true); |
147 | m_RegionOwnerIsGod = myConfig.GetBoolean("region_owner_is_god", true); | 146 | m_RegionOwnerIsGod = myConfig.GetBoolean("region_owner_is_god", true); |
148 | m_ParcelOwnerIsGod = myConfig.GetBoolean("parcel_owner_is_god", true); | 147 | m_ParcelOwnerIsGod = myConfig.GetBoolean("parcel_owner_is_god", true); |
@@ -236,7 +235,7 @@ namespace OpenSim.Region.Environment.Modules.World.Permissions | |||
236 | protected void DebugPermissionInformation(string permissionCalled) | 235 | protected void DebugPermissionInformation(string permissionCalled) |
237 | { | 236 | { |
238 | if (m_debugPermissions) | 237 | if (m_debugPermissions) |
239 | m_log.Info("[PERMISSIONS]: " + permissionCalled + " was called from " + m_scene.RegionInfo.RegionName); | 238 | m_log.Debug("[PERMISSIONS]: " + permissionCalled + " was called from " + m_scene.RegionInfo.RegionName); |
240 | } | 239 | } |
241 | 240 | ||
242 | protected bool IsAdministrator(UUID user) | 241 | protected bool IsAdministrator(UUID user) |
@@ -408,6 +407,14 @@ namespace OpenSim.Region.Environment.Modules.World.Permissions | |||
408 | return objectFlagsMask; | 407 | return objectFlagsMask; |
409 | } | 408 | } |
410 | 409 | ||
410 | /// <summary> | ||
411 | /// General permissions checks for any operation involving an object. These supplement more specific checks | ||
412 | /// implemented by callers. | ||
413 | /// </summary> | ||
414 | /// <param name="currentUser"></param> | ||
415 | /// <param name="objId"></param> | ||
416 | /// <param name="denyOnLocked"></param> | ||
417 | /// <returns></returns> | ||
411 | protected bool GenericObjectPermission(UUID currentUser, UUID objId, bool denyOnLocked) | 418 | protected bool GenericObjectPermission(UUID currentUser, UUID objId, bool denyOnLocked) |
412 | { | 419 | { |
413 | // Default: deny | 420 | // Default: deny |
@@ -425,7 +432,6 @@ namespace OpenSim.Region.Environment.Modules.World.Permissions | |||
425 | return false; | 432 | return false; |
426 | } | 433 | } |
427 | 434 | ||
428 | |||
429 | SceneObjectGroup group = (SceneObjectGroup)m_scene.Entities[objId]; | 435 | SceneObjectGroup group = (SceneObjectGroup)m_scene.Entities[objId]; |
430 | 436 | ||
431 | UUID objectOwner = group.OwnerID; | 437 | UUID objectOwner = group.OwnerID; |
@@ -477,7 +483,6 @@ namespace OpenSim.Region.Environment.Modules.World.Permissions | |||
477 | return permission; | 483 | return permission; |
478 | } | 484 | } |
479 | 485 | ||
480 | |||
481 | #endregion | 486 | #endregion |
482 | 487 | ||
483 | #region Generic Permissions | 488 | #region Generic Permissions |
@@ -655,8 +660,7 @@ namespace OpenSim.Region.Environment.Modules.World.Permissions | |||
655 | { | 660 | { |
656 | m_log.ErrorFormat("[PERMISSIONS]: Could not find user {0} for edit notecard check", user); | 661 | m_log.ErrorFormat("[PERMISSIONS]: Could not find user {0} for edit notecard check", user); |
657 | return false; | 662 | return false; |
658 | } | 663 | } |
659 | |||
660 | 664 | ||
661 | if (userInfo.RootFolder == null) | 665 | if (userInfo.RootFolder == null) |
662 | return false; | 666 | return false; |
@@ -1214,8 +1218,19 @@ namespace OpenSim.Region.Environment.Modules.World.Permissions | |||
1214 | return true; | 1218 | return true; |
1215 | } | 1219 | } |
1216 | 1220 | ||
1217 | public bool CanCreateInventory(uint invType, UUID objectID, UUID userID) | 1221 | /// <summary> |
1222 | /// Check whether the specified user is allowed to directly create the given inventory type in a prim's | ||
1223 | /// inventory (e.g. the New Script button in the 1.21 Linden Lab client). This permission check does not | ||
1224 | /// apply to existing items that are being dragged in to that prim's inventory. | ||
1225 | /// </summary> | ||
1226 | /// <param name="invType"></param> | ||
1227 | /// <param name="objectID"></param> | ||
1228 | /// <param name="userID"></param> | ||
1229 | /// <returns></returns> | ||
1230 | public bool CanCreateInventory(int invType, UUID objectID, UUID userID) | ||
1218 | { | 1231 | { |
1232 | m_log.Debug("[PERMISSIONS]: CanCreateInventory called"); | ||
1233 | |||
1219 | DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); | 1234 | DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); |
1220 | if (m_bypassPermissions) return m_bypassPermissionsValue; | 1235 | if (m_bypassPermissions) return m_bypassPermissionsValue; |
1221 | 1236 | ||
diff --git a/OpenSim/Region/Environment/Scenes/Scene.Inventory.cs b/OpenSim/Region/Environment/Scenes/Scene.Inventory.cs index c6ad94c..0e28b0c 100644 --- a/OpenSim/Region/Environment/Scenes/Scene.Inventory.cs +++ b/OpenSim/Region/Environment/Scenes/Scene.Inventory.cs | |||
@@ -799,11 +799,9 @@ namespace OpenSim.Region.Environment.Scenes | |||
799 | if (agentTransactions != null) | 799 | if (agentTransactions != null) |
800 | { | 800 | { |
801 | agentTransactions.HandleItemCreationFromTransaction( | 801 | agentTransactions.HandleItemCreationFromTransaction( |
802 | remoteClient, transactionID, folderID, callbackID, description, | 802 | remoteClient, transactionID, folderID, callbackID, description, |
803 | name, invType, assetType, wearableType, nextOwnerMask); | 803 | name, invType, assetType, wearableType, nextOwnerMask); |
804 | } | 804 | } |
805 | |||
806 | |||
807 | } | 805 | } |
808 | } | 806 | } |
809 | 807 | ||
@@ -1002,7 +1000,6 @@ namespace OpenSim.Region.Environment.Scenes | |||
1002 | /// <param name="itemID"></param> | 1000 | /// <param name="itemID"></param> |
1003 | public void MoveTaskInventoryItem(IClientAPI remoteClient, UUID folderId, SceneObjectPart part, UUID itemId) | 1001 | public void MoveTaskInventoryItem(IClientAPI remoteClient, UUID folderId, SceneObjectPart part, UUID itemId) |
1004 | { | 1002 | { |
1005 | |||
1006 | InventoryItemBase agentItem = CreateAgentInventoryItemFromTask(remoteClient.AgentId, part, itemId); | 1003 | InventoryItemBase agentItem = CreateAgentInventoryItemFromTask(remoteClient.AgentId, part, itemId); |
1007 | 1004 | ||
1008 | if (agentItem == null) | 1005 | if (agentItem == null) |
@@ -1316,17 +1313,17 @@ namespace OpenSim.Region.Environment.Scenes | |||
1316 | } | 1313 | } |
1317 | 1314 | ||
1318 | /// <summary> | 1315 | /// <summary> |
1319 | /// Rez a script into a prim's inventory | 1316 | /// Rez a script into a prim's inventory, either ex nihilo or from an existing avatar inventory |
1320 | /// </summary> | 1317 | /// </summary> |
1321 | /// <param name="remoteClient"></param> | 1318 | /// <param name="remoteClient"></param> |
1322 | /// <param name="itemID"> </param> | 1319 | /// <param name="itemID"> </param> |
1323 | /// <param name="localID"></param> | 1320 | /// <param name="localID"></param> |
1324 | public void RezScript(IClientAPI remoteClient, InventoryItemBase itemBase, UUID transactionID, uint localID) | 1321 | public void RezScript(IClientAPI remoteClient, InventoryItemBase itemBase, UUID transactionID, uint localID) |
1325 | { | 1322 | { |
1326 | UUID itemID=itemBase.ID; | 1323 | UUID itemID = itemBase.ID; |
1327 | UUID copyID = UUID.Random(); | 1324 | UUID copyID = UUID.Random(); |
1328 | 1325 | ||
1329 | if (itemID != UUID.Zero) | 1326 | if (itemID != UUID.Zero) // transferred from an avatar inventory to the prim's pinventory |
1330 | { | 1327 | { |
1331 | CachedUserInfo userInfo = CommsManager.UserProfileCacheService.GetUserDetails(remoteClient.AgentId); | 1328 | CachedUserInfo userInfo = CommsManager.UserProfileCacheService.GetUserDetails(remoteClient.AgentId); |
1332 | 1329 | ||
@@ -1378,9 +1375,9 @@ namespace OpenSim.Region.Environment.Scenes | |||
1378 | } | 1375 | } |
1379 | } | 1376 | } |
1380 | } | 1377 | } |
1381 | else // If the itemID is zero then the script has been rezzed directly in an object's inventory | 1378 | else // script has been rezzed directly into a prim's inventory |
1382 | { | 1379 | { |
1383 | SceneObjectPart part=GetSceneObjectPart(itemBase.Folder); | 1380 | SceneObjectPart part = GetSceneObjectPart(itemBase.Folder); |
1384 | if (part == null) | 1381 | if (part == null) |
1385 | return; | 1382 | return; |
1386 | 1383 | ||
@@ -1389,11 +1386,14 @@ namespace OpenSim.Region.Environment.Scenes | |||
1389 | 1386 | ||
1390 | if ((part.OwnerMask & (uint)PermissionMask.Modify) == 0) | 1387 | if ((part.OwnerMask & (uint)PermissionMask.Modify) == 0) |
1391 | return; | 1388 | return; |
1389 | |||
1390 | if (!ExternalChecks.ExternalChecksCanCreateInventory(itemBase.InvType, part.UUID, remoteClient.AgentId)) | ||
1391 | return; | ||
1392 | 1392 | ||
1393 | AssetBase asset = CreateAsset(itemBase.Name, itemBase.Description, (sbyte)itemBase.AssetType, Encoding.ASCII.GetBytes("default\n{\n state_entry()\n {\n llSay(0, \"Script running\");\n }\n}")); | 1393 | AssetBase asset = CreateAsset(itemBase.Name, itemBase.Description, (sbyte)itemBase.AssetType, Encoding.ASCII.GetBytes("default\n{\n state_entry()\n {\n llSay(0, \"Script running\");\n }\n}")); |
1394 | AssetCache.AddAsset(asset); | 1394 | AssetCache.AddAsset(asset); |
1395 | 1395 | ||
1396 | TaskInventoryItem taskItem=new TaskInventoryItem(); | 1396 | TaskInventoryItem taskItem = new TaskInventoryItem(); |
1397 | 1397 | ||
1398 | taskItem.ResetIDs(itemBase.Folder); | 1398 | taskItem.ResetIDs(itemBase.Folder); |
1399 | taskItem.ParentID = itemBase.Folder; | 1399 | taskItem.ParentID = itemBase.Folder; |
diff --git a/OpenSim/Region/Environment/Scenes/SceneExternalChecks.cs b/OpenSim/Region/Environment/Scenes/SceneExternalChecks.cs index f8d041a..c5bbcdd 100644 --- a/OpenSim/Region/Environment/Scenes/SceneExternalChecks.cs +++ b/OpenSim/Region/Environment/Scenes/SceneExternalChecks.cs | |||
@@ -1070,7 +1070,7 @@ namespace OpenSim.Region.Environment.Scenes | |||
1070 | 1070 | ||
1071 | #endregion | 1071 | #endregion |
1072 | 1072 | ||
1073 | public delegate bool CanCreateInventory(uint invType, UUID objectID, UUID userID); | 1073 | public delegate bool CanCreateInventory(int invType, UUID objectID, UUID userID); |
1074 | private List<CanCreateInventory> CanCreateInventoryCheckFunctions = new List<CanCreateInventory>(); | 1074 | private List<CanCreateInventory> CanCreateInventoryCheckFunctions = new List<CanCreateInventory>(); |
1075 | 1075 | ||
1076 | public void addCheckCanCreateInventory(CanCreateInventory delegateFunc) | 1076 | public void addCheckCanCreateInventory(CanCreateInventory delegateFunc) |
@@ -1085,7 +1085,7 @@ namespace OpenSim.Region.Environment.Scenes | |||
1085 | CanCreateInventoryCheckFunctions.Remove(delegateFunc); | 1085 | CanCreateInventoryCheckFunctions.Remove(delegateFunc); |
1086 | } | 1086 | } |
1087 | 1087 | ||
1088 | public bool ExternalChecksCanCreateInventory(uint invType, UUID objectID, UUID userID) | 1088 | public bool ExternalChecksCanCreateInventory(int invType, UUID objectID, UUID userID) |
1089 | { | 1089 | { |
1090 | foreach (CanCreateInventory check in CanCreateInventoryCheckFunctions) | 1090 | foreach (CanCreateInventory check in CanCreateInventoryCheckFunctions) |
1091 | { | 1091 | { |
diff --git a/bin/OpenSim.ini.example b/bin/OpenSim.ini.example index 7c5c995..a529a48 100644 --- a/bin/OpenSim.ini.example +++ b/bin/OpenSim.ini.example | |||
@@ -111,6 +111,7 @@ | |||
111 | ;permissionmodules = "DefaultPermissionsModule" | 111 | ;permissionmodules = "DefaultPermissionsModule" |
112 | serverside_object_permissions = false | 112 | serverside_object_permissions = false |
113 | allow_grid_gods = false | 113 | allow_grid_gods = false |
114 | |||
114 | ; This allows somne control over permissions | 115 | ; This allows somne control over permissions |
115 | ; please note that this still doesn't duplicate SL, and is not intended to | 116 | ; please note that this still doesn't duplicate SL, and is not intended to |
116 | ;region_owner_is_god = true | 117 | ;region_owner_is_god = true |
@@ -212,6 +213,7 @@ | |||
212 | ; user_send_key and user_recv_key, too | 213 | ; user_send_key and user_recv_key, too |
213 | messaging_server_url = "http://127.0.0.1:8006" | 214 | messaging_server_url = "http://127.0.0.1:8006" |
214 | 215 | ||
216 | |||
215 | [ClientStack.LindenUDP] | 217 | [ClientStack.LindenUDP] |
216 | ; This is the multiplier applied to all client throttles for outgoing UDP network data | 218 | ; This is the multiplier applied to all client throttles for outgoing UDP network data |
217 | ; If it is set to 1, then we obey the throttle settings as given to us by the client. If it is set to 3, for example, then we | 219 | ; If it is set to 1, then we obey the throttle settings as given to us by the client. If it is set to 3, for example, then we |
@@ -432,6 +434,7 @@ | |||
432 | dump-line-size=32 | 434 | dump-line-size=32 |
433 | flush-on-error=true | 435 | flush-on-error=true |
434 | 436 | ||
437 | |||
435 | ; Uncomment the following for IRC bridge | 438 | ; Uncomment the following for IRC bridge |
436 | ; experimental, so if it breaks... keep both parts... yada yada | 439 | ; experimental, so if it breaks... keep both parts... yada yada |
437 | ; also, not good error detection when it fails | 440 | ; also, not good error detection when it fails |