diff options
-rw-r--r-- | OpenSim/Framework/AssetPermissions.cs | 81 | ||||
-rw-r--r-- | OpenSim/Region/CoreModules/Framework/InventoryAccess/HGAssetMapper.cs | 2 | ||||
-rw-r--r-- | OpenSim/Region/CoreModules/ServiceConnectorsOut/Asset/HGAssetBroker.cs | 23 | ||||
-rw-r--r-- | OpenSim/Services/HypergridService/HGAssetService.cs | 65 | ||||
-rw-r--r-- | bin/Robust.HG.ini.example | 10 | ||||
-rw-r--r-- | bin/config-include/GridCommon.ini.example | 20 | ||||
-rw-r--r-- | bin/config-include/StandaloneCommon.ini.example | 10 |
7 files changed, 135 insertions, 76 deletions
diff --git a/OpenSim/Framework/AssetPermissions.cs b/OpenSim/Framework/AssetPermissions.cs new file mode 100644 index 0000000..d276def --- /dev/null +++ b/OpenSim/Framework/AssetPermissions.cs | |||
@@ -0,0 +1,81 @@ | |||
1 | using System; | ||
2 | using System.Collections.Generic; | ||
3 | using System.Reflection; | ||
4 | |||
5 | using Nini.Config; | ||
6 | using log4net; | ||
7 | |||
8 | using OpenMetaverse; | ||
9 | |||
10 | namespace OpenSim.Framework | ||
11 | { | ||
12 | public class AssetPermissions | ||
13 | { | ||
14 | private static readonly ILog m_log = | ||
15 | LogManager.GetLogger( | ||
16 | MethodBase.GetCurrentMethod().DeclaringType); | ||
17 | |||
18 | private bool[] m_DisallowExport, m_DisallowImport; | ||
19 | private string[] m_AssetTypeNames; | ||
20 | |||
21 | public AssetPermissions(IConfig config) | ||
22 | { | ||
23 | Type enumType = typeof(AssetType); | ||
24 | m_AssetTypeNames = Enum.GetNames(enumType); | ||
25 | for (int i = 0; i < m_AssetTypeNames.Length; i++) | ||
26 | m_AssetTypeNames[i] = m_AssetTypeNames[i].ToLower(); | ||
27 | int n = Enum.GetValues(enumType).Length; | ||
28 | m_DisallowExport = new bool[n]; | ||
29 | m_DisallowImport = new bool[n]; | ||
30 | |||
31 | LoadPermsFromConfig(config, "DisallowExport", m_DisallowExport); | ||
32 | LoadPermsFromConfig(config, "DisallowImport", m_DisallowImport); | ||
33 | |||
34 | } | ||
35 | |||
36 | private void LoadPermsFromConfig(IConfig assetConfig, string variable, bool[] bitArray) | ||
37 | { | ||
38 | string perms = assetConfig.GetString(variable, String.Empty); | ||
39 | string[] parts = perms.Split(new char[] { ',' }, StringSplitOptions.RemoveEmptyEntries); | ||
40 | foreach (string s in parts) | ||
41 | { | ||
42 | int index = Array.IndexOf(m_AssetTypeNames, s.Trim().ToLower()); | ||
43 | if (index >= 0) | ||
44 | bitArray[index] = true; | ||
45 | else | ||
46 | m_log.WarnFormat("[Asset Permissions]: Invalid AssetType {0}", s); | ||
47 | } | ||
48 | |||
49 | } | ||
50 | |||
51 | public bool AllowedExport(sbyte type) | ||
52 | { | ||
53 | string assetTypeName = ((AssetType)type).ToString(); | ||
54 | |||
55 | int index = Array.IndexOf(m_AssetTypeNames, assetTypeName.ToLower()); | ||
56 | if (index >= 0 && m_DisallowExport[index]) | ||
57 | { | ||
58 | m_log.DebugFormat("[Asset Permissions]: Export denied: configuration does not allow export of AssetType {0}", assetTypeName); | ||
59 | return false; | ||
60 | } | ||
61 | |||
62 | return true; | ||
63 | } | ||
64 | |||
65 | public bool AllowedImport(sbyte type) | ||
66 | { | ||
67 | string assetTypeName = ((AssetType)type).ToString(); | ||
68 | |||
69 | int index = Array.IndexOf(m_AssetTypeNames, assetTypeName.ToLower()); | ||
70 | if (index >= 0 && m_DisallowImport[index]) | ||
71 | { | ||
72 | m_log.DebugFormat("[Asset Permissions]: Import denied: configuration does not allow import of AssetType {0}", assetTypeName); | ||
73 | return false; | ||
74 | } | ||
75 | |||
76 | return true; | ||
77 | } | ||
78 | |||
79 | |||
80 | } | ||
81 | } | ||
diff --git a/OpenSim/Region/CoreModules/Framework/InventoryAccess/HGAssetMapper.cs b/OpenSim/Region/CoreModules/Framework/InventoryAccess/HGAssetMapper.cs index fcecbbc..144cc87 100644 --- a/OpenSim/Region/CoreModules/Framework/InventoryAccess/HGAssetMapper.cs +++ b/OpenSim/Region/CoreModules/Framework/InventoryAccess/HGAssetMapper.cs | |||
@@ -113,7 +113,7 @@ namespace OpenSim.Region.CoreModules.Framework.InventoryAccess | |||
113 | asset1.Data = asset.Data; | 113 | asset1.Data = asset.Data; |
114 | 114 | ||
115 | string id = m_scene.AssetService.Store(asset1); | 115 | string id = m_scene.AssetService.Store(asset1); |
116 | if (id == UUID.Zero.ToString()) | 116 | if (id == string.Empty) |
117 | { | 117 | { |
118 | m_log.DebugFormat("[HG ASSET MAPPER]: Asset server {0} did not accept {1}", url, asset.ID); | 118 | m_log.DebugFormat("[HG ASSET MAPPER]: Asset server {0} did not accept {1}", url, asset.ID); |
119 | success = false; | 119 | success = false; |
diff --git a/OpenSim/Region/CoreModules/ServiceConnectorsOut/Asset/HGAssetBroker.cs b/OpenSim/Region/CoreModules/ServiceConnectorsOut/Asset/HGAssetBroker.cs index 008465f..0456852 100644 --- a/OpenSim/Region/CoreModules/ServiceConnectorsOut/Asset/HGAssetBroker.cs +++ b/OpenSim/Region/CoreModules/ServiceConnectorsOut/Asset/HGAssetBroker.cs | |||
@@ -56,6 +56,8 @@ namespace OpenSim.Region.CoreModules.ServiceConnectorsOut.Asset | |||
56 | 56 | ||
57 | private bool m_Enabled = false; | 57 | private bool m_Enabled = false; |
58 | 58 | ||
59 | private AssetPermissions m_AssetPerms; | ||
60 | |||
59 | public Type ReplaceableInterface | 61 | public Type ReplaceableInterface |
60 | { | 62 | { |
61 | get { return null; } | 63 | get { return null; } |
@@ -128,6 +130,9 @@ namespace OpenSim.Region.CoreModules.ServiceConnectorsOut.Asset | |||
128 | if (m_LocalAssetServiceURI != string.Empty) | 130 | if (m_LocalAssetServiceURI != string.Empty) |
129 | m_LocalAssetServiceURI = m_LocalAssetServiceURI.Trim('/'); | 131 | m_LocalAssetServiceURI = m_LocalAssetServiceURI.Trim('/'); |
130 | 132 | ||
133 | IConfig hgConfig = source.Configs["HGAssetService"]; | ||
134 | m_AssetPerms = new AssetPermissions(hgConfig); | ||
135 | |||
131 | m_Enabled = true; | 136 | m_Enabled = true; |
132 | m_log.Info("[HG ASSET CONNECTOR]: HG asset broker enabled"); | 137 | m_log.Info("[HG ASSET CONNECTOR]: HG asset broker enabled"); |
133 | } | 138 | } |
@@ -206,14 +211,11 @@ namespace OpenSim.Region.CoreModules.ServiceConnectorsOut.Asset | |||
206 | asset = m_HGService.Get(id); | 211 | asset = m_HGService.Get(id); |
207 | if (asset != null) | 212 | if (asset != null) |
208 | { | 213 | { |
209 | // Now store it locally | 214 | // Now store it locally, if allowed |
210 | // For now, let me just do it for textures and scripts | 215 | if (m_AssetPerms.AllowedImport(asset.Type)) |
211 | if (((AssetType)asset.Type == AssetType.Texture) || | ||
212 | ((AssetType)asset.Type == AssetType.LSLBytecode) || | ||
213 | ((AssetType)asset.Type == AssetType.LSLText)) | ||
214 | { | ||
215 | m_GridService.Store(asset); | 216 | m_GridService.Store(asset); |
216 | } | 217 | else |
218 | return null; | ||
217 | } | 219 | } |
218 | } | 220 | } |
219 | else | 221 | else |
@@ -328,7 +330,12 @@ namespace OpenSim.Region.CoreModules.ServiceConnectorsOut.Asset | |||
328 | 330 | ||
329 | string id = string.Empty; | 331 | string id = string.Empty; |
330 | if (IsHG(asset.ID)) | 332 | if (IsHG(asset.ID)) |
331 | id = m_HGService.Store(asset); | 333 | { |
334 | if (m_AssetPerms.AllowedExport(asset.Type)) | ||
335 | id = m_HGService.Store(asset); | ||
336 | else | ||
337 | return String.Empty; | ||
338 | } | ||
332 | else | 339 | else |
333 | id = m_GridService.Store(asset); | 340 | id = m_GridService.Store(asset); |
334 | 341 | ||
diff --git a/OpenSim/Services/HypergridService/HGAssetService.cs b/OpenSim/Services/HypergridService/HGAssetService.cs index d6541c4..84dec8d 100644 --- a/OpenSim/Services/HypergridService/HGAssetService.cs +++ b/OpenSim/Services/HypergridService/HGAssetService.cs | |||
@@ -58,8 +58,7 @@ namespace OpenSim.Services.HypergridService | |||
58 | 58 | ||
59 | private UserAccountCache m_Cache; | 59 | private UserAccountCache m_Cache; |
60 | 60 | ||
61 | private bool[] m_DisallowGET, m_DisallowPOST; | 61 | private AssetPermissions m_AssetPerms; |
62 | private string[] m_AssetTypeNames; | ||
63 | 62 | ||
64 | public HGAssetService(IConfigSource config, string configName) : base(config, configName) | 63 | public HGAssetService(IConfigSource config, string configName) : base(config, configName) |
65 | { | 64 | { |
@@ -85,31 +84,7 @@ namespace OpenSim.Services.HypergridService | |||
85 | m_Cache = UserAccountCache.CreateUserAccountCache(m_UserAccountService); | 84 | m_Cache = UserAccountCache.CreateUserAccountCache(m_UserAccountService); |
86 | 85 | ||
87 | // Permissions | 86 | // Permissions |
88 | Type enumType = typeof(AssetType); | 87 | m_AssetPerms = new AssetPermissions(assetConfig); |
89 | m_AssetTypeNames = Enum.GetNames(enumType); | ||
90 | for (int i = 0; i < m_AssetTypeNames.Length; i++) | ||
91 | m_AssetTypeNames[i] = m_AssetTypeNames[i].ToLower(); | ||
92 | int n = Enum.GetValues(enumType).Length; | ||
93 | m_DisallowGET = new bool[n]; | ||
94 | m_DisallowPOST = new bool[n]; | ||
95 | |||
96 | LoadPermsFromConfig(assetConfig, "DisallowGET", m_DisallowGET); | ||
97 | LoadPermsFromConfig(assetConfig, "DisallowPOST", m_DisallowPOST); | ||
98 | |||
99 | } | ||
100 | |||
101 | private void LoadPermsFromConfig(IConfig assetConfig, string variable, bool[] bitArray) | ||
102 | { | ||
103 | string perms = assetConfig.GetString(variable, String.Empty); | ||
104 | string[] parts = perms.Split(new char[] {','}, StringSplitOptions.RemoveEmptyEntries); | ||
105 | foreach (string s in parts) | ||
106 | { | ||
107 | int index = Array.IndexOf(m_AssetTypeNames, s.Trim().ToLower()); | ||
108 | if (index >= 0) | ||
109 | bitArray[index] = true; | ||
110 | else | ||
111 | m_log.WarnFormat("[HGAsset Service]: Invalid AssetType {0}", s); | ||
112 | } | ||
113 | 88 | ||
114 | } | 89 | } |
115 | 90 | ||
@@ -121,7 +96,7 @@ namespace OpenSim.Services.HypergridService | |||
121 | if (asset == null) | 96 | if (asset == null) |
122 | return null; | 97 | return null; |
123 | 98 | ||
124 | if (!AllowedGet(asset.Type)) | 99 | if (!m_AssetPerms.AllowedExport(asset.Type)) |
125 | return null; | 100 | return null; |
126 | 101 | ||
127 | if (asset.Metadata.Type == (sbyte)AssetType.Object) | 102 | if (asset.Metadata.Type == (sbyte)AssetType.Object) |
@@ -151,7 +126,7 @@ namespace OpenSim.Services.HypergridService | |||
151 | if (asset == null) | 126 | if (asset == null) |
152 | return null; | 127 | return null; |
153 | 128 | ||
154 | if (!AllowedGet(asset.Type)) | 129 | if (!m_AssetPerms.AllowedExport(asset.Type)) |
155 | return null; | 130 | return null; |
156 | 131 | ||
157 | return asset.Data; | 132 | return asset.Data; |
@@ -161,8 +136,8 @@ namespace OpenSim.Services.HypergridService | |||
161 | 136 | ||
162 | public override string Store(AssetBase asset) | 137 | public override string Store(AssetBase asset) |
163 | { | 138 | { |
164 | if (!AllowedPost(asset.Type)) | 139 | if (!m_AssetPerms.AllowedImport(asset.Type)) |
165 | return UUID.Zero.ToString(); | 140 | return string.Empty; |
166 | 141 | ||
167 | return base.Store(asset); | 142 | return base.Store(asset); |
168 | } | 143 | } |
@@ -175,34 +150,6 @@ namespace OpenSim.Services.HypergridService | |||
175 | 150 | ||
176 | #endregion | 151 | #endregion |
177 | 152 | ||
178 | protected bool AllowedGet(sbyte type) | ||
179 | { | ||
180 | string assetTypeName = ((AssetType)type).ToString(); | ||
181 | |||
182 | int index = Array.IndexOf(m_AssetTypeNames, assetTypeName.ToLower()); | ||
183 | if (index >= 0 && m_DisallowGET[index]) | ||
184 | { | ||
185 | m_log.DebugFormat("[HGAsset Service]: GET denied: service does not allow export of AssetType {0}", assetTypeName); | ||
186 | return false; | ||
187 | } | ||
188 | |||
189 | return true; | ||
190 | } | ||
191 | |||
192 | protected bool AllowedPost(sbyte type) | ||
193 | { | ||
194 | string assetTypeName = ((AssetType)type).ToString(); | ||
195 | |||
196 | int index = Array.IndexOf(m_AssetTypeNames, assetTypeName.ToLower()); | ||
197 | if (index >= 0 && m_DisallowPOST[index]) | ||
198 | { | ||
199 | m_log.DebugFormat("[HGAsset Service]: POST denied: service does not allow import of AssetType {0}", assetTypeName); | ||
200 | return false; | ||
201 | } | ||
202 | |||
203 | return true; | ||
204 | } | ||
205 | |||
206 | protected void AdjustIdentifiers(AssetMetadata meta) | 153 | protected void AdjustIdentifiers(AssetMetadata meta) |
207 | { | 154 | { |
208 | if (meta == null || m_Cache == null) | 155 | if (meta == null || m_Cache == null) |
diff --git a/bin/Robust.HG.ini.example b/bin/Robust.HG.ini.example index 8218b14..afb3f6f 100644 --- a/bin/Robust.HG.ini.example +++ b/bin/Robust.HG.ini.example | |||
@@ -437,15 +437,17 @@ ServiceConnectors = "8003/OpenSim.Server.Handlers.dll:AssetServiceConnector,8003 | |||
437 | UserAccountsService = "OpenSim.Services.UserAccountService.dll:UserAccountService" | 437 | UserAccountsService = "OpenSim.Services.UserAccountService.dll:UserAccountService" |
438 | HomeURI = "http://127.0.0.1:8002" | 438 | HomeURI = "http://127.0.0.1:8002" |
439 | 439 | ||
440 | ;; The asset types that other grids can get from / post to this service. | 440 | ;; The asset types that this grid can export to / import from other grids. |
441 | ;; Comma separated. | ||
441 | ;; Valid values are all the asset types in OpenMetaverse.AssetType, namely: | 442 | ;; Valid values are all the asset types in OpenMetaverse.AssetType, namely: |
442 | ;; Unknown, Texture, Sound, CallingCard, Landmark, Clothing, Object, Notecard, LSLText, LSLBytecode, TextureTGA, Bodypart, SoundWAV, ImageTGA, ImageJPEG, Animation, Gesture, Mesh | 443 | ;; Unknown, Texture, Sound, CallingCard, Landmark, Clothing, Object, Notecard, LSLText, |
444 | ;; LSLBytecode, TextureTGA, Bodypart, SoundWAV, ImageTGA, ImageJPEG, Animation, Gesture, Mesh | ||
443 | ;; | 445 | ;; |
444 | ;; Leave blank or commented if you don't want to apply any restrictions. | 446 | ;; Leave blank or commented if you don't want to apply any restrictions. |
445 | ;; A more strict, but still reasonable, policy may be to disallow the exchange | 447 | ;; A more strict, but still reasonable, policy may be to disallow the exchange |
446 | ;; of scripts, like so: | 448 | ;; of scripts, like so: |
447 | ; DisallowGET ="LSLText" | 449 | ; DisallowExport ="LSLText" |
448 | ; DisallowPOST ="LSLBytecode" | 450 | ; DisallowImport ="LSLBytecode" |
449 | 451 | ||
450 | [HGFriendsService] | 452 | [HGFriendsService] |
451 | LocalServiceModule = "OpenSim.Services.HypergridService.dll:HGFriendsService" | 453 | LocalServiceModule = "OpenSim.Services.HypergridService.dll:HGFriendsService" |
diff --git a/bin/config-include/GridCommon.ini.example b/bin/config-include/GridCommon.ini.example index 8d7f6fc..79f7ed6 100644 --- a/bin/config-include/GridCommon.ini.example +++ b/bin/config-include/GridCommon.ini.example | |||
@@ -137,6 +137,26 @@ | |||
137 | ;; uncomment the next line. You may want to do this on sims that have licensed content. | 137 | ;; uncomment the next line. You may want to do this on sims that have licensed content. |
138 | ; OutboundPermission = False | 138 | ; OutboundPermission = False |
139 | 139 | ||
140 | [HGAssetService] | ||
141 | ; | ||
142 | ; === HG ONLY === | ||
143 | ; Change this to your server | ||
144 | ; accessible from other grids | ||
145 | ; | ||
146 | HomeURI = "http://mygridserver.com:8002" | ||
147 | |||
148 | ;; The asset types that this grid can export to / import from other grids. | ||
149 | ;; Comma separated. | ||
150 | ;; Valid values are all the asset types in OpenMetaverse.AssetType, namely: | ||
151 | ;; Unknown, Texture, Sound, CallingCard, Landmark, Clothing, Object, Notecard, LSLText, | ||
152 | ;; LSLBytecode, TextureTGA, Bodypart, SoundWAV, ImageTGA, ImageJPEG, Animation, Gesture, Mesh | ||
153 | ;; | ||
154 | ;; Leave blank or commented if you don't want to apply any restrictions. | ||
155 | ;; A more strict, but still reasonable, policy may be to disallow the exchange | ||
156 | ;; of scripts, like so: | ||
157 | ; DisallowExport ="LSLText" | ||
158 | ; DisallowImport ="LSLBytecode" | ||
159 | |||
140 | [HGFriendsModule] | 160 | [HGFriendsModule] |
141 | ; User level required to be able to send friendship invitations to foreign users | 161 | ; User level required to be able to send friendship invitations to foreign users |
142 | ;LevelHGFriends = 0; | 162 | ;LevelHGFriends = 0; |
diff --git a/bin/config-include/StandaloneCommon.ini.example b/bin/config-include/StandaloneCommon.ini.example index d8ecba8..048710a 100644 --- a/bin/config-include/StandaloneCommon.ini.example +++ b/bin/config-include/StandaloneCommon.ini.example | |||
@@ -53,15 +53,17 @@ | |||
53 | [HGAssetService] | 53 | [HGAssetService] |
54 | HomeURI = "http://127.0.0.1:9000" | 54 | HomeURI = "http://127.0.0.1:9000" |
55 | 55 | ||
56 | ;; The asset types that other grids can get from / post to this service. | 56 | ;; The asset types that this grid can export to / import from other grids. |
57 | ;; Comma separated. | ||
57 | ;; Valid values are all the asset types in OpenMetaverse.AssetType, namely: | 58 | ;; Valid values are all the asset types in OpenMetaverse.AssetType, namely: |
58 | ;; Unknown, Texture, Sound, CallingCard, Landmark, Clothing, Object, Notecard, LSLText, LSLBytecode, TextureTGA, Bodypart, SoundWAV, ImageTGA, ImageJPEG, Animation, Gesture, Mesh | 59 | ;; Unknown, Texture, Sound, CallingCard, Landmark, Clothing, Object, Notecard, LSLText, |
60 | ;; LSLBytecode, TextureTGA, Bodypart, SoundWAV, ImageTGA, ImageJPEG, Animation, Gesture, Mesh | ||
59 | ;; | 61 | ;; |
60 | ;; Leave blank or commented if you don't want to apply any restrictions. | 62 | ;; Leave blank or commented if you don't want to apply any restrictions. |
61 | ;; A more strict, but still reasonable, policy may be to disallow the exchange | 63 | ;; A more strict, but still reasonable, policy may be to disallow the exchange |
62 | ;; of scripts, like so: | 64 | ;; of scripts, like so: |
63 | ; DisallowGET ="LSLText" | 65 | ; DisallowExport ="LSLText" |
64 | ; DisallowPOST ="LSLBytecode" | 66 | ; DisallowImport ="LSLBytecode" |
65 | 67 | ||
66 | 68 | ||
67 | [HGInventoryAccessModule] | 69 | [HGInventoryAccessModule] |