diff options
author | Diva Canto | 2012-09-20 19:50:57 -0700 |
---|---|---|
committer | Diva Canto | 2012-09-20 19:50:57 -0700 |
commit | e379566e6e3bed0d7001f099a5ea8dfd648d76cf (patch) | |
tree | d3c9877c5b0e24e3d56b5ee1029324efd05beff6 | |
parent | Merge branch 'master' of ssh://opensimulator.org/var/git/opensim (diff) | |
download | opensim-SC_OLD-e379566e6e3bed0d7001f099a5ea8dfd648d76cf.zip opensim-SC_OLD-e379566e6e3bed0d7001f099a5ea8dfd648d76cf.tar.gz opensim-SC_OLD-e379566e6e3bed0d7001f099a5ea8dfd648d76cf.tar.bz2 opensim-SC_OLD-e379566e6e3bed0d7001f099a5ea8dfd648d76cf.tar.xz |
Improvement over last commit: refactor the asset permissions code, so that it can be used by both the HG Asset Service and the simulator. Also renamed the config vars to something more intuitive
-rw-r--r-- | OpenSim/Framework/AssetPermissions.cs | 81 | ||||
-rw-r--r-- | OpenSim/Services/HypergridService/HGAssetService.cs | 63 | ||||
-rw-r--r-- | bin/Robust.HG.ini.example | 10 | ||||
-rw-r--r-- | bin/config-include/StandaloneCommon.ini.example | 10 |
4 files changed, 98 insertions, 66 deletions
diff --git a/OpenSim/Framework/AssetPermissions.cs b/OpenSim/Framework/AssetPermissions.cs new file mode 100644 index 0000000..d276def --- /dev/null +++ b/OpenSim/Framework/AssetPermissions.cs | |||
@@ -0,0 +1,81 @@ | |||
1 | using System; | ||
2 | using System.Collections.Generic; | ||
3 | using System.Reflection; | ||
4 | |||
5 | using Nini.Config; | ||
6 | using log4net; | ||
7 | |||
8 | using OpenMetaverse; | ||
9 | |||
10 | namespace OpenSim.Framework | ||
11 | { | ||
12 | public class AssetPermissions | ||
13 | { | ||
14 | private static readonly ILog m_log = | ||
15 | LogManager.GetLogger( | ||
16 | MethodBase.GetCurrentMethod().DeclaringType); | ||
17 | |||
18 | private bool[] m_DisallowExport, m_DisallowImport; | ||
19 | private string[] m_AssetTypeNames; | ||
20 | |||
21 | public AssetPermissions(IConfig config) | ||
22 | { | ||
23 | Type enumType = typeof(AssetType); | ||
24 | m_AssetTypeNames = Enum.GetNames(enumType); | ||
25 | for (int i = 0; i < m_AssetTypeNames.Length; i++) | ||
26 | m_AssetTypeNames[i] = m_AssetTypeNames[i].ToLower(); | ||
27 | int n = Enum.GetValues(enumType).Length; | ||
28 | m_DisallowExport = new bool[n]; | ||
29 | m_DisallowImport = new bool[n]; | ||
30 | |||
31 | LoadPermsFromConfig(config, "DisallowExport", m_DisallowExport); | ||
32 | LoadPermsFromConfig(config, "DisallowImport", m_DisallowImport); | ||
33 | |||
34 | } | ||
35 | |||
36 | private void LoadPermsFromConfig(IConfig assetConfig, string variable, bool[] bitArray) | ||
37 | { | ||
38 | string perms = assetConfig.GetString(variable, String.Empty); | ||
39 | string[] parts = perms.Split(new char[] { ',' }, StringSplitOptions.RemoveEmptyEntries); | ||
40 | foreach (string s in parts) | ||
41 | { | ||
42 | int index = Array.IndexOf(m_AssetTypeNames, s.Trim().ToLower()); | ||
43 | if (index >= 0) | ||
44 | bitArray[index] = true; | ||
45 | else | ||
46 | m_log.WarnFormat("[Asset Permissions]: Invalid AssetType {0}", s); | ||
47 | } | ||
48 | |||
49 | } | ||
50 | |||
51 | public bool AllowedExport(sbyte type) | ||
52 | { | ||
53 | string assetTypeName = ((AssetType)type).ToString(); | ||
54 | |||
55 | int index = Array.IndexOf(m_AssetTypeNames, assetTypeName.ToLower()); | ||
56 | if (index >= 0 && m_DisallowExport[index]) | ||
57 | { | ||
58 | m_log.DebugFormat("[Asset Permissions]: Export denied: configuration does not allow export of AssetType {0}", assetTypeName); | ||
59 | return false; | ||
60 | } | ||
61 | |||
62 | return true; | ||
63 | } | ||
64 | |||
65 | public bool AllowedImport(sbyte type) | ||
66 | { | ||
67 | string assetTypeName = ((AssetType)type).ToString(); | ||
68 | |||
69 | int index = Array.IndexOf(m_AssetTypeNames, assetTypeName.ToLower()); | ||
70 | if (index >= 0 && m_DisallowImport[index]) | ||
71 | { | ||
72 | m_log.DebugFormat("[Asset Permissions]: Import denied: configuration does not allow import of AssetType {0}", assetTypeName); | ||
73 | return false; | ||
74 | } | ||
75 | |||
76 | return true; | ||
77 | } | ||
78 | |||
79 | |||
80 | } | ||
81 | } | ||
diff --git a/OpenSim/Services/HypergridService/HGAssetService.cs b/OpenSim/Services/HypergridService/HGAssetService.cs index d6541c4..f1275a0 100644 --- a/OpenSim/Services/HypergridService/HGAssetService.cs +++ b/OpenSim/Services/HypergridService/HGAssetService.cs | |||
@@ -58,8 +58,7 @@ namespace OpenSim.Services.HypergridService | |||
58 | 58 | ||
59 | private UserAccountCache m_Cache; | 59 | private UserAccountCache m_Cache; |
60 | 60 | ||
61 | private bool[] m_DisallowGET, m_DisallowPOST; | 61 | private AssetPermissions m_AssetPerms; |
62 | private string[] m_AssetTypeNames; | ||
63 | 62 | ||
64 | public HGAssetService(IConfigSource config, string configName) : base(config, configName) | 63 | public HGAssetService(IConfigSource config, string configName) : base(config, configName) |
65 | { | 64 | { |
@@ -85,31 +84,7 @@ namespace OpenSim.Services.HypergridService | |||
85 | m_Cache = UserAccountCache.CreateUserAccountCache(m_UserAccountService); | 84 | m_Cache = UserAccountCache.CreateUserAccountCache(m_UserAccountService); |
86 | 85 | ||
87 | // Permissions | 86 | // Permissions |
88 | Type enumType = typeof(AssetType); | 87 | m_AssetPerms = new AssetPermissions(assetConfig); |
89 | m_AssetTypeNames = Enum.GetNames(enumType); | ||
90 | for (int i = 0; i < m_AssetTypeNames.Length; i++) | ||
91 | m_AssetTypeNames[i] = m_AssetTypeNames[i].ToLower(); | ||
92 | int n = Enum.GetValues(enumType).Length; | ||
93 | m_DisallowGET = new bool[n]; | ||
94 | m_DisallowPOST = new bool[n]; | ||
95 | |||
96 | LoadPermsFromConfig(assetConfig, "DisallowGET", m_DisallowGET); | ||
97 | LoadPermsFromConfig(assetConfig, "DisallowPOST", m_DisallowPOST); | ||
98 | |||
99 | } | ||
100 | |||
101 | private void LoadPermsFromConfig(IConfig assetConfig, string variable, bool[] bitArray) | ||
102 | { | ||
103 | string perms = assetConfig.GetString(variable, String.Empty); | ||
104 | string[] parts = perms.Split(new char[] {','}, StringSplitOptions.RemoveEmptyEntries); | ||
105 | foreach (string s in parts) | ||
106 | { | ||
107 | int index = Array.IndexOf(m_AssetTypeNames, s.Trim().ToLower()); | ||
108 | if (index >= 0) | ||
109 | bitArray[index] = true; | ||
110 | else | ||
111 | m_log.WarnFormat("[HGAsset Service]: Invalid AssetType {0}", s); | ||
112 | } | ||
113 | 88 | ||
114 | } | 89 | } |
115 | 90 | ||
@@ -121,7 +96,7 @@ namespace OpenSim.Services.HypergridService | |||
121 | if (asset == null) | 96 | if (asset == null) |
122 | return null; | 97 | return null; |
123 | 98 | ||
124 | if (!AllowedGet(asset.Type)) | 99 | if (!m_AssetPerms.AllowedExport(asset.Type)) |
125 | return null; | 100 | return null; |
126 | 101 | ||
127 | if (asset.Metadata.Type == (sbyte)AssetType.Object) | 102 | if (asset.Metadata.Type == (sbyte)AssetType.Object) |
@@ -151,7 +126,7 @@ namespace OpenSim.Services.HypergridService | |||
151 | if (asset == null) | 126 | if (asset == null) |
152 | return null; | 127 | return null; |
153 | 128 | ||
154 | if (!AllowedGet(asset.Type)) | 129 | if (!m_AssetPerms.AllowedExport(asset.Type)) |
155 | return null; | 130 | return null; |
156 | 131 | ||
157 | return asset.Data; | 132 | return asset.Data; |
@@ -161,7 +136,7 @@ namespace OpenSim.Services.HypergridService | |||
161 | 136 | ||
162 | public override string Store(AssetBase asset) | 137 | public override string Store(AssetBase asset) |
163 | { | 138 | { |
164 | if (!AllowedPost(asset.Type)) | 139 | if (!m_AssetPerms.AllowedImport(asset.Type)) |
165 | return UUID.Zero.ToString(); | 140 | return UUID.Zero.ToString(); |
166 | 141 | ||
167 | return base.Store(asset); | 142 | return base.Store(asset); |
@@ -175,34 +150,6 @@ namespace OpenSim.Services.HypergridService | |||
175 | 150 | ||
176 | #endregion | 151 | #endregion |
177 | 152 | ||
178 | protected bool AllowedGet(sbyte type) | ||
179 | { | ||
180 | string assetTypeName = ((AssetType)type).ToString(); | ||
181 | |||
182 | int index = Array.IndexOf(m_AssetTypeNames, assetTypeName.ToLower()); | ||
183 | if (index >= 0 && m_DisallowGET[index]) | ||
184 | { | ||
185 | m_log.DebugFormat("[HGAsset Service]: GET denied: service does not allow export of AssetType {0}", assetTypeName); | ||
186 | return false; | ||
187 | } | ||
188 | |||
189 | return true; | ||
190 | } | ||
191 | |||
192 | protected bool AllowedPost(sbyte type) | ||
193 | { | ||
194 | string assetTypeName = ((AssetType)type).ToString(); | ||
195 | |||
196 | int index = Array.IndexOf(m_AssetTypeNames, assetTypeName.ToLower()); | ||
197 | if (index >= 0 && m_DisallowPOST[index]) | ||
198 | { | ||
199 | m_log.DebugFormat("[HGAsset Service]: POST denied: service does not allow import of AssetType {0}", assetTypeName); | ||
200 | return false; | ||
201 | } | ||
202 | |||
203 | return true; | ||
204 | } | ||
205 | |||
206 | protected void AdjustIdentifiers(AssetMetadata meta) | 153 | protected void AdjustIdentifiers(AssetMetadata meta) |
207 | { | 154 | { |
208 | if (meta == null || m_Cache == null) | 155 | if (meta == null || m_Cache == null) |
diff --git a/bin/Robust.HG.ini.example b/bin/Robust.HG.ini.example index 8218b14..399779d 100644 --- a/bin/Robust.HG.ini.example +++ b/bin/Robust.HG.ini.example | |||
@@ -437,15 +437,17 @@ ServiceConnectors = "8003/OpenSim.Server.Handlers.dll:AssetServiceConnector,8003 | |||
437 | UserAccountsService = "OpenSim.Services.UserAccountService.dll:UserAccountService" | 437 | UserAccountsService = "OpenSim.Services.UserAccountService.dll:UserAccountService" |
438 | HomeURI = "http://127.0.0.1:8002" | 438 | HomeURI = "http://127.0.0.1:8002" |
439 | 439 | ||
440 | ;; The asset types that other grids can get from / post to this service. | 440 | ;; The asset types that this service can export to / import from other grids. |
441 | ;; Comma separated. | ||
441 | ;; Valid values are all the asset types in OpenMetaverse.AssetType, namely: | 442 | ;; Valid values are all the asset types in OpenMetaverse.AssetType, namely: |
442 | ;; Unknown, Texture, Sound, CallingCard, Landmark, Clothing, Object, Notecard, LSLText, LSLBytecode, TextureTGA, Bodypart, SoundWAV, ImageTGA, ImageJPEG, Animation, Gesture, Mesh | 443 | ;; Unknown, Texture, Sound, CallingCard, Landmark, Clothing, Object, Notecard, LSLText, |
444 | ;; LSLBytecode, TextureTGA, Bodypart, SoundWAV, ImageTGA, ImageJPEG, Animation, Gesture, Mesh | ||
443 | ;; | 445 | ;; |
444 | ;; Leave blank or commented if you don't want to apply any restrictions. | 446 | ;; Leave blank or commented if you don't want to apply any restrictions. |
445 | ;; A more strict, but still reasonable, policy may be to disallow the exchange | 447 | ;; A more strict, but still reasonable, policy may be to disallow the exchange |
446 | ;; of scripts, like so: | 448 | ;; of scripts, like so: |
447 | ; DisallowGET ="LSLText" | 449 | ; DisallowExport ="LSLText" |
448 | ; DisallowPOST ="LSLBytecode" | 450 | ; DisallowImport ="LSLBytecode" |
449 | 451 | ||
450 | [HGFriendsService] | 452 | [HGFriendsService] |
451 | LocalServiceModule = "OpenSim.Services.HypergridService.dll:HGFriendsService" | 453 | LocalServiceModule = "OpenSim.Services.HypergridService.dll:HGFriendsService" |
diff --git a/bin/config-include/StandaloneCommon.ini.example b/bin/config-include/StandaloneCommon.ini.example index d8ecba8..d5eb50d 100644 --- a/bin/config-include/StandaloneCommon.ini.example +++ b/bin/config-include/StandaloneCommon.ini.example | |||
@@ -53,15 +53,17 @@ | |||
53 | [HGAssetService] | 53 | [HGAssetService] |
54 | HomeURI = "http://127.0.0.1:9000" | 54 | HomeURI = "http://127.0.0.1:9000" |
55 | 55 | ||
56 | ;; The asset types that other grids can get from / post to this service. | 56 | ;; The asset types that this service can export to / import from other grids. |
57 | ;; Comma separated. | ||
57 | ;; Valid values are all the asset types in OpenMetaverse.AssetType, namely: | 58 | ;; Valid values are all the asset types in OpenMetaverse.AssetType, namely: |
58 | ;; Unknown, Texture, Sound, CallingCard, Landmark, Clothing, Object, Notecard, LSLText, LSLBytecode, TextureTGA, Bodypart, SoundWAV, ImageTGA, ImageJPEG, Animation, Gesture, Mesh | 59 | ;; Unknown, Texture, Sound, CallingCard, Landmark, Clothing, Object, Notecard, LSLText, |
60 | ;; LSLBytecode, TextureTGA, Bodypart, SoundWAV, ImageTGA, ImageJPEG, Animation, Gesture, Mesh | ||
59 | ;; | 61 | ;; |
60 | ;; Leave blank or commented if you don't want to apply any restrictions. | 62 | ;; Leave blank or commented if you don't want to apply any restrictions. |
61 | ;; A more strict, but still reasonable, policy may be to disallow the exchange | 63 | ;; A more strict, but still reasonable, policy may be to disallow the exchange |
62 | ;; of scripts, like so: | 64 | ;; of scripts, like so: |
63 | ; DisallowGET ="LSLText" | 65 | ; DisallowExport ="LSLText" |
64 | ; DisallowPOST ="LSLBytecode" | 66 | ; DisallowImport ="LSLBytecode" |
65 | 67 | ||
66 | 68 | ||
67 | [HGInventoryAccessModule] | 69 | [HGInventoryAccessModule] |