diff options
Diffstat (limited to 'OpenSim/Region/OptionalModules/Scripting/Minimodule/MRMModule.cs')
-rw-r--r-- | OpenSim/Region/OptionalModules/Scripting/Minimodule/MRMModule.cs | 135 |
1 files changed, 127 insertions, 8 deletions
diff --git a/OpenSim/Region/OptionalModules/Scripting/Minimodule/MRMModule.cs b/OpenSim/Region/OptionalModules/Scripting/Minimodule/MRMModule.cs index 5ed9af3..bf523dd 100644 --- a/OpenSim/Region/OptionalModules/Scripting/Minimodule/MRMModule.cs +++ b/OpenSim/Region/OptionalModules/Scripting/Minimodule/MRMModule.cs | |||
@@ -27,9 +27,14 @@ | |||
27 | 27 | ||
28 | using System; | 28 | using System; |
29 | using System.CodeDom.Compiler; | 29 | using System.CodeDom.Compiler; |
30 | using System.Collections; | ||
30 | using System.Collections.Generic; | 31 | using System.Collections.Generic; |
32 | using System.Diagnostics; | ||
31 | using System.IO; | 33 | using System.IO; |
32 | using System.Reflection; | 34 | using System.Reflection; |
35 | using System.Security; | ||
36 | using System.Security.Permissions; | ||
37 | using System.Security.Policy; | ||
33 | using System.Text; | 38 | using System.Text; |
34 | using log4net; | 39 | using log4net; |
35 | using Microsoft.CSharp; | 40 | using Microsoft.CSharp; |
@@ -54,6 +59,9 @@ namespace OpenSim.Region.OptionalModules.Scripting.Minimodule | |||
54 | 59 | ||
55 | private readonly MicroScheduler m_microthreads = new MicroScheduler(); | 60 | private readonly MicroScheduler m_microthreads = new MicroScheduler(); |
56 | 61 | ||
62 | |||
63 | private IConfig m_config; | ||
64 | |||
57 | public void RegisterExtension<T>(T instance) | 65 | public void RegisterExtension<T>(T instance) |
58 | { | 66 | { |
59 | m_extensions[typeof (T)] = instance; | 67 | m_extensions[typeof (T)] = instance; |
@@ -63,6 +71,8 @@ namespace OpenSim.Region.OptionalModules.Scripting.Minimodule | |||
63 | { | 71 | { |
64 | if (source.Configs["MRM"] != null) | 72 | if (source.Configs["MRM"] != null) |
65 | { | 73 | { |
74 | m_config = source.Configs["MRM"]; | ||
75 | |||
66 | if (source.Configs["MRM"].GetBoolean("Enabled", false)) | 76 | if (source.Configs["MRM"].GetBoolean("Enabled", false)) |
67 | { | 77 | { |
68 | m_log.Info("[MRM] Enabling MRM Module"); | 78 | m_log.Info("[MRM] Enabling MRM Module"); |
@@ -112,25 +122,128 @@ namespace OpenSim.Region.OptionalModules.Scripting.Minimodule | |||
112 | return script; | 122 | return script; |
113 | } | 123 | } |
114 | 124 | ||
125 | /// <summary> | ||
126 | /// Create an AppDomain that contains policy restricting code to execute | ||
127 | /// with only the permissions granted by a named permission set | ||
128 | /// </summary> | ||
129 | /// <param name="permissionSetName">name of the permission set to restrict to</param> | ||
130 | /// <param name="appDomainName">'friendly' name of the appdomain to be created</param> | ||
131 | /// <exception cref="ArgumentNullException"> | ||
132 | /// if <paramref name="permissionSetName"/> is null | ||
133 | /// </exception> | ||
134 | /// <exception cref="ArgumentOutOfRangeException"> | ||
135 | /// if <paramref name="permissionSetName"/> is empty | ||
136 | /// </exception> | ||
137 | /// <returns>AppDomain with a restricted security policy</returns> | ||
138 | /// <remarks>Substantial portions of this function from: http://blogs.msdn.com/shawnfa/archive/2004/10/25/247379.aspx | ||
139 | /// Valid permissionSetName values are: | ||
140 | /// * FullTrust | ||
141 | /// * SkipVerification | ||
142 | /// * Execution | ||
143 | /// * Nothing | ||
144 | /// * LocalIntranet | ||
145 | /// * Internet | ||
146 | /// * Everything | ||
147 | /// </remarks> | ||
148 | public static AppDomain CreateRestrictedDomain(string permissionSetName, string appDomainName) | ||
149 | { | ||
150 | if (permissionSetName == null) | ||
151 | throw new ArgumentNullException("permissionSetName"); | ||
152 | if (permissionSetName.Length == 0) | ||
153 | throw new ArgumentOutOfRangeException("permissionSetName", permissionSetName, | ||
154 | "Cannot have an empty permission set name"); | ||
155 | |||
156 | // Default to all code getting nothing | ||
157 | PolicyStatement emptyPolicy = new PolicyStatement(new PermissionSet(PermissionState.None)); | ||
158 | UnionCodeGroup policyRoot = new UnionCodeGroup(new AllMembershipCondition(), emptyPolicy); | ||
159 | |||
160 | bool foundName = false; | ||
161 | PermissionSet setIntersection = new PermissionSet(PermissionState.Unrestricted); | ||
162 | |||
163 | // iterate over each policy level | ||
164 | IEnumerator levelEnumerator = SecurityManager.PolicyHierarchy(); | ||
165 | while (levelEnumerator.MoveNext()) | ||
166 | { | ||
167 | PolicyLevel level = levelEnumerator.Current as PolicyLevel; | ||
168 | |||
169 | // if this level has defined a named permission set with the | ||
170 | // given name, then intersect it with what we've retrieved | ||
171 | // from all the previous levels | ||
172 | if (level != null) | ||
173 | { | ||
174 | PermissionSet levelSet = level.GetNamedPermissionSet(permissionSetName); | ||
175 | if (levelSet != null) | ||
176 | { | ||
177 | foundName = true; | ||
178 | if (setIntersection != null) | ||
179 | setIntersection = setIntersection.Intersect(levelSet); | ||
180 | } | ||
181 | } | ||
182 | } | ||
183 | |||
184 | // Intersect() can return null for an empty set, so convert that | ||
185 | // to an empty set object. Also return an empty set if we didn't find | ||
186 | // the named permission set we were looking for | ||
187 | if (setIntersection == null || !foundName) | ||
188 | setIntersection = new PermissionSet(PermissionState.None); | ||
189 | else | ||
190 | setIntersection = new NamedPermissionSet(permissionSetName, setIntersection); | ||
191 | |||
192 | // if no named permission sets were found, return an empty set, | ||
193 | // otherwise return the set that was found | ||
194 | PolicyStatement permissions = new PolicyStatement(setIntersection); | ||
195 | policyRoot.AddChild(new UnionCodeGroup(new AllMembershipCondition(), permissions)); | ||
196 | |||
197 | // create an AppDomain policy level for the policy tree | ||
198 | PolicyLevel appDomainLevel = PolicyLevel.CreateAppDomainLevel(); | ||
199 | appDomainLevel.RootCodeGroup = policyRoot; | ||
200 | |||
201 | // create an AppDomain where this policy will be in effect | ||
202 | string domainName = appDomainName; | ||
203 | AppDomain restrictedDomain = AppDomain.CreateDomain(domainName); | ||
204 | restrictedDomain.SetAppDomainPolicy(appDomainLevel); | ||
205 | |||
206 | return restrictedDomain; | ||
207 | } | ||
208 | |||
209 | |||
115 | void EventManager_OnRezScript(uint localID, UUID itemID, string script, int startParam, bool postOnRez, string engine, int stateSource) | 210 | void EventManager_OnRezScript(uint localID, UUID itemID, string script, int startParam, bool postOnRez, string engine, int stateSource) |
116 | { | 211 | { |
117 | if (script.StartsWith("//MRM:C#")) | 212 | if (script.StartsWith("//MRM:C#")) |
118 | { | 213 | { |
119 | if (m_scene.GetSceneObjectPart(localID).OwnerID != m_scene.RegionInfo.MasterAvatarAssignedUUID | 214 | if (m_config.GetBoolean("OwnerOnly", true)) |
120 | || | 215 | if (m_scene.GetSceneObjectPart(localID).OwnerID != m_scene.RegionInfo.MasterAvatarAssignedUUID |
121 | m_scene.GetSceneObjectPart(localID).CreatorID != m_scene.RegionInfo.MasterAvatarAssignedUUID) | 216 | || m_scene.GetSceneObjectPart(localID).CreatorID != m_scene.RegionInfo.MasterAvatarAssignedUUID) |
122 | return; | 217 | return; |
123 | 218 | ||
124 | script = ConvertMRMKeywords(script); | 219 | script = ConvertMRMKeywords(script); |
125 | 220 | ||
126 | try | 221 | try |
127 | { | 222 | { |
128 | m_log.Info("[MRM] Found C# MRM"); | 223 | AppDomain target; |
224 | if (m_config.GetBoolean("Sandboxed", true)) | ||
225 | { | ||
226 | m_log.Info("[MRM] Found C# MRM - Starting in AppDomain with " + | ||
227 | m_config.GetString("SandboxLevel", "Internet") + "-level security."); | ||
228 | |||
229 | string domainName = UUID.Random().ToString(); | ||
230 | target = CreateRestrictedDomain(m_config.GetString("SandboxLevel", "Internet"), | ||
231 | domainName); | ||
232 | } | ||
233 | else | ||
234 | { | ||
235 | m_log.Info("[MRM] Found C# MRM - Starting in current AppDomain"); | ||
236 | m_log.Warn( | ||
237 | "[MRM] Security Risk: AppDomain is run in current context. Use only in trusted environments."); | ||
238 | target = AppDomain.CurrentDomain; | ||
239 | } | ||
129 | 240 | ||
130 | MRMBase mmb = (MRMBase)AppDomain.CurrentDomain.CreateInstanceFromAndUnwrap( | 241 | m_log.Info("[MRM] Unwrapping into target AppDomain"); |
242 | MRMBase mmb = (MRMBase) target.CreateInstanceFromAndUnwrap( | ||
131 | CompileFromDotNetText(script, itemID.ToString()), | 243 | CompileFromDotNetText(script, itemID.ToString()), |
132 | "OpenSim.MiniModule"); | 244 | "OpenSim.MiniModule"); |
133 | 245 | ||
246 | m_log.Info("[MRM] Initialising MRM Globals"); | ||
134 | InitializeMRM(mmb, localID, itemID); | 247 | InitializeMRM(mmb, localID, itemID); |
135 | 248 | ||
136 | m_scripts[itemID] = mmb; | 249 | m_scripts[itemID] = mmb; |
@@ -166,8 +279,14 @@ namespace OpenSim.Region.OptionalModules.Scripting.Minimodule | |||
166 | 279 | ||
167 | public void GetGlobalEnvironment(uint localID, out IWorld world, out IHost host) | 280 | public void GetGlobalEnvironment(uint localID, out IWorld world, out IHost host) |
168 | { | 281 | { |
169 | world = new World(m_scene); | 282 | // UUID should be changed to object owner. |
170 | host = new Host(new SOPObject(m_scene, localID), m_scene, new ExtensionHandler(m_extensions), m_microthreads); | 283 | UUID owner = m_scene.RegionInfo.MasterAvatarAssignedUUID; |
284 | SEUser securityUser = new SEUser(owner, "Name Unassigned"); | ||
285 | SecurityCredential creds = new SecurityCredential(securityUser, m_scene); | ||
286 | |||
287 | world = new World(m_scene, creds); | ||
288 | host = new Host(new SOPObject(m_scene, localID, creds), m_scene, new ExtensionHandler(m_extensions), | ||
289 | m_microthreads); | ||
171 | } | 290 | } |
172 | 291 | ||
173 | public void InitializeMRM(MRMBase mmb, uint localID, UUID itemID) | 292 | public void InitializeMRM(MRMBase mmb, uint localID, UUID itemID) |