aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/OpenSim/Region
diff options
context:
space:
mode:
authorAdam Frisby2009-08-17 02:25:00 +1000
committerAdam Frisby2009-08-17 02:25:00 +1000
commitfa921ec147cae620f3126c01b1db94a8f6e90c7e (patch)
treeba819f4a3bceadde3bf44ba00621057e101ae6a5 /OpenSim/Region
parent* Implements ISecurityCredential member on SPAvatar, SPAvatarAttachment (diff)
downloadopensim-SC_OLD-fa921ec147cae620f3126c01b1db94a8f6e90c7e.zip
opensim-SC_OLD-fa921ec147cae620f3126c01b1db94a8f6e90c7e.tar.gz
opensim-SC_OLD-fa921ec147cae620f3126c01b1db94a8f6e90c7e.tar.bz2
opensim-SC_OLD-fa921ec147cae620f3126c01b1db94a8f6e90c7e.tar.xz
* Implements AppDomain Security for MRM Scripts.
* Added permissionLevel attribute to [MRM] section in OpenSim.ini. Default is 'Internet', however may be any of the following (case sensitive), FullTrust, SkipVerification, Execution, Nothing, LocalIntranet, Internet, Everything. For previous functionality, set to FullTrust or Execution.
Diffstat (limited to 'OpenSim/Region')
-rw-r--r--OpenSim/Region/OptionalModules/Scripting/Minimodule/MRMModule.cs103
1 files changed, 101 insertions, 2 deletions
diff --git a/OpenSim/Region/OptionalModules/Scripting/Minimodule/MRMModule.cs b/OpenSim/Region/OptionalModules/Scripting/Minimodule/MRMModule.cs
index 6daae29..9042e0d 100644
--- a/OpenSim/Region/OptionalModules/Scripting/Minimodule/MRMModule.cs
+++ b/OpenSim/Region/OptionalModules/Scripting/Minimodule/MRMModule.cs
@@ -27,9 +27,14 @@
27 27
28using System; 28using System;
29using System.CodeDom.Compiler; 29using System.CodeDom.Compiler;
30using System.Collections;
30using System.Collections.Generic; 31using System.Collections.Generic;
32using System.Diagnostics;
31using System.IO; 33using System.IO;
32using System.Reflection; 34using System.Reflection;
35using System.Security;
36using System.Security.Permissions;
37using System.Security.Policy;
33using System.Text; 38using System.Text;
34using log4net; 39using log4net;
35using Microsoft.CSharp; 40using Microsoft.CSharp;
@@ -54,6 +59,9 @@ namespace OpenSim.Region.OptionalModules.Scripting.Minimodule
54 59
55 private readonly MicroScheduler m_microthreads = new MicroScheduler(); 60 private readonly MicroScheduler m_microthreads = new MicroScheduler();
56 61
62
63 private IConfig m_config;
64
57 public void RegisterExtension<T>(T instance) 65 public void RegisterExtension<T>(T instance)
58 { 66 {
59 m_extensions[typeof (T)] = instance; 67 m_extensions[typeof (T)] = instance;
@@ -63,6 +71,8 @@ namespace OpenSim.Region.OptionalModules.Scripting.Minimodule
63 { 71 {
64 if (source.Configs["MRM"] != null) 72 if (source.Configs["MRM"] != null)
65 { 73 {
74 m_config = source.Configs["MRM"];
75
66 if (source.Configs["MRM"].GetBoolean("Enabled", false)) 76 if (source.Configs["MRM"].GetBoolean("Enabled", false))
67 { 77 {
68 m_log.Info("[MRM] Enabling MRM Module"); 78 m_log.Info("[MRM] Enabling MRM Module");
@@ -112,6 +122,91 @@ namespace OpenSim.Region.OptionalModules.Scripting.Minimodule
112 return script; 122 return script;
113 } 123 }
114 124
125 /// <summary>
126 /// Create an AppDomain that contains policy restricting code to execute
127 /// with only the permissions granted by a named permission set
128 /// </summary>
129 /// <param name="permissionSetName">name of the permission set to restrict to</param>
130 /// <param name="appDomainName">'friendly' name of the appdomain to be created</param>
131 /// <exception cref="ArgumentNullException">
132 /// if <paramref name="permissionSetName"/> is null
133 /// </exception>
134 /// <exception cref="ArgumentOutOfRangeException">
135 /// if <paramref name="permissionSetName"/> is empty
136 /// </exception>
137 /// <returns>AppDomain with a restricted security policy</returns>
138 /// <remarks>Substantial portions of this function from: http://blogs.msdn.com/shawnfa/archive/2004/10/25/247379.aspx
139 /// Valid permissionSetName values are:
140 /// * FullTrust
141 /// * SkipVerification
142 /// * Execution
143 /// * Nothing
144 /// * LocalIntranet
145 /// * Internet
146 /// * Everything
147 /// </remarks>
148 public static AppDomain CreateRestrictedDomain(string permissionSetName, string appDomainName)
149 {
150 if (permissionSetName == null)
151 throw new ArgumentNullException("permissionSetName");
152 if (permissionSetName.Length == 0)
153 throw new ArgumentOutOfRangeException("permissionSetName", permissionSetName,
154 "Cannot have an empty permission set name");
155
156 // Default to all code getting nothing
157 PolicyStatement emptyPolicy = new PolicyStatement(new PermissionSet(PermissionState.None));
158 UnionCodeGroup policyRoot = new UnionCodeGroup(new AllMembershipCondition(), emptyPolicy);
159
160 bool foundName = false;
161 PermissionSet setIntersection = new PermissionSet(PermissionState.Unrestricted);
162
163 // iterate over each policy level
164 IEnumerator levelEnumerator = SecurityManager.PolicyHierarchy();
165 while (levelEnumerator.MoveNext())
166 {
167 PolicyLevel level = levelEnumerator.Current as PolicyLevel;
168
169 // if this level has defined a named permission set with the
170 // given name, then intersect it with what we've retrieved
171 // from all the previous levels
172 if (level != null)
173 {
174 PermissionSet levelSet = level.GetNamedPermissionSet(permissionSetName);
175 if (levelSet != null)
176 {
177 foundName = true;
178 if (setIntersection != null)
179 setIntersection = setIntersection.Intersect(levelSet);
180 }
181 }
182 }
183
184 // Intersect() can return null for an empty set, so convert that
185 // to an empty set object. Also return an empty set if we didn't find
186 // the named permission set we were looking for
187 if (setIntersection == null || !foundName)
188 setIntersection = new PermissionSet(PermissionState.None);
189 else
190 setIntersection = new NamedPermissionSet(permissionSetName, setIntersection);
191
192 // if no named permission sets were found, return an empty set,
193 // otherwise return the set that was found
194 PolicyStatement permissions = new PolicyStatement(setIntersection);
195 policyRoot.AddChild(new UnionCodeGroup(new AllMembershipCondition(), permissions));
196
197 // create an AppDomain policy level for the policy tree
198 PolicyLevel appDomainLevel = PolicyLevel.CreateAppDomainLevel();
199 appDomainLevel.RootCodeGroup = policyRoot;
200
201 // create an AppDomain where this policy will be in effect
202 string domainName = appDomainName;
203 AppDomain restrictedDomain = AppDomain.CreateDomain(domainName);
204 restrictedDomain.SetAppDomainPolicy(appDomainLevel);
205
206 return restrictedDomain;
207 }
208
209
115 void EventManager_OnRezScript(uint localID, UUID itemID, string script, int startParam, bool postOnRez, string engine, int stateSource) 210 void EventManager_OnRezScript(uint localID, UUID itemID, string script, int startParam, bool postOnRez, string engine, int stateSource)
116 { 211 {
117 if (script.StartsWith("//MRM:C#")) 212 if (script.StartsWith("//MRM:C#"))
@@ -125,9 +220,13 @@ namespace OpenSim.Region.OptionalModules.Scripting.Minimodule
125 220
126 try 221 try
127 { 222 {
128 m_log.Info("[MRM] Found C# MRM"); 223 m_log.Info("[MRM] Found C# MRM - Starting in AppDomain with " + m_config.GetString("permissionLevel", "Internet") + "-level security.");
224
225 string domainName = UUID.Random().ToString();
226 AppDomain target = CreateRestrictedDomain(m_config.GetString("permissionLevel", "Internet"),
227 domainName);
129 228
130 MRMBase mmb = (MRMBase)AppDomain.CurrentDomain.CreateInstanceFromAndUnwrap( 229 MRMBase mmb = (MRMBase) target.CreateInstanceFromAndUnwrap(
131 CompileFromDotNetText(script, itemID.ToString()), 230 CompileFromDotNetText(script, itemID.ToString()),
132 "OpenSim.MiniModule"); 231 "OpenSim.MiniModule");
133 232