diff options
| author | Melanie Thielker | 2010-05-30 13:46:05 +0200 |
|---|---|---|
| committer | Melanie Thielker | 2010-05-30 13:46:05 +0200 |
| commit | 59a536743354ffaa12b23378f559d2d59d7d5304 (patch) | |
| tree | 34153c133bde5761b7000789a1c9663cf46d8d38 /OpenSim/Region/ScriptEngine | |
| parent | Revert "Meta7 Communities : Authorization service added, skeleton, not yet fu... (diff) | |
| download | opensim-SC_OLD-59a536743354ffaa12b23378f559d2d59d7d5304.zip opensim-SC_OLD-59a536743354ffaa12b23378f559d2d59d7d5304.tar.gz opensim-SC_OLD-59a536743354ffaa12b23378f559d2d59d7d5304.tar.bz2 opensim-SC_OLD-59a536743354ffaa12b23378f559d2d59d7d5304.tar.xz | |
Changes OSSL Api permissions for the case of UUID list. In 0.6.9, the UUIDs
would be the IDs of the prim owners in whose prims these functions would
run. This changes it so the UUID is the SCRIPT CREATOR instead. Further,
osfunctions limited by uuid will not run if the creator and owner differ
and the owner has mod rights on the script.
There is still a danger in passing moodifiable scripts to others, as they
can insert a harmful function, then remove the mod rights to make it runnable.
As before, care needs to be taken, but where it was modable prims that were
the risk before, modable scripts are the weak spot now.
In cases where prim owner == script creator == script owner, nothing will
change.
Diffstat (limited to 'OpenSim/Region/ScriptEngine')
| -rw-r--r-- | OpenSim/Region/ScriptEngine/Shared/Api/Implementation/OSSL_Api.cs | 21 |
1 files changed, 18 insertions, 3 deletions
diff --git a/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/OSSL_Api.cs b/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/OSSL_Api.cs index 942e4ef..8cfa833 100644 --- a/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/OSSL_Api.cs +++ b/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/OSSL_Api.cs | |||
| @@ -278,10 +278,25 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api | |||
| 278 | { | 278 | { |
| 279 | if (!m_FunctionPerms[function].Contains(UUID.Zero)) | 279 | if (!m_FunctionPerms[function].Contains(UUID.Zero)) |
| 280 | { | 280 | { |
| 281 | if (!m_FunctionPerms[function].Contains(m_host.OwnerID)) | 281 | TaskInventoryItem ti = m_host.Inventory.GetInventoryItem(m_itemID); |
| 282 | if (ti == null) | ||
| 283 | { | ||
| 284 | OSSLError( | ||
| 285 | String.Format("{0} permission error. Can't find script in prim inventory.", | ||
| 286 | function)); | ||
| 287 | } | ||
| 288 | if (!m_FunctionPerms[function].Contains(ti.CreatorID)) | ||
| 282 | OSSLError( | 289 | OSSLError( |
| 283 | String.Format("{0} permission denied. Prim owner is not in the list of users allowed to execute this function.", | 290 | String.Format("{0} permission denied. Script creator is not in the list of users allowed to execute this function.", |
| 284 | function)); | 291 | function)); |
| 292 | if (ti.CreatorID != ti.OwnerID) | ||
| 293 | { | ||
| 294 | if ((ti.CurrentPermissions & (uint)PermissionMask.Modify) != 0) | ||
| 295 | OSSLError( | ||
| 296 | String.Format("{0} permission denied. Script permissions error.", | ||
| 297 | function)); | ||
| 298 | |||
| 299 | } | ||
| 285 | } | 300 | } |
| 286 | } | 301 | } |
| 287 | } | 302 | } |
| @@ -2141,4 +2156,4 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api | |||
| 2141 | } | 2156 | } |
| 2142 | } | 2157 | } |
| 2143 | } | 2158 | } |
| 2144 | } \ No newline at end of file | 2159 | } |