3 files changed, 130 insertions, 4 deletions
diff --git a/OpenSim/Region/OptionalModules/Scripting/Minimodule/Interfaces/IAvatarAttachment.cs b/OpenSim/Region/OptionalModules/Scripting/Minimodule/Interfaces/IAvatarAttachment.cs
index 22b4605..1993948 100644
--- a/OpenSim/Region/OptionalModules/Scripting/Minimodule/Interfaces/IAvatarAttachment.cs
+++ b/OpenSim/Region/OptionalModules/Scripting/Minimodule/Interfaces/IAvatarAttachment.cs
@@ -1,3 +1,30 @@
+/*
+ * Copyright (c) Contributors, http://opensimulator.org/
+ * See CONTRIBUTORS.TXT for a full list of copyright holders.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *     * Redistributions of source code must retain the above copyright
+ *       notice, this list of conditions and the following disclaimer.
+ *     * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *     * Neither the name of the OpenSimulator Project nor the
+ *       names of its contributors may be used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
 namespace OpenSim.Region.OptionalModules.Scripting.Minimodule
 {
    public interface IAvatarAttachment
diff --git a/OpenSim/Region/OptionalModules/Scripting/Minimodule/MRMModule.cs b/OpenSim/Region/OptionalModules/Scripting/Minimodule/MRMModule.cs
index 6daae29..9042e0d 100644
--- a/OpenSim/Region/OptionalModules/Scripting/Minimodule/MRMModule.cs
+++ b/OpenSim/Region/OptionalModules/Scripting/Minimodule/MRMModule.cs
@@ -27,9 +27,14 @@
 using System;
 using System.CodeDom.Compiler;
+using System.Collections;
 using System.Collections.Generic;
+using System.Diagnostics;
 using System.IO;
 using System.Reflection;
+using System.Security;
+using System.Security.Permissions;
+using System.Security.Policy;
 using System.Text;
 using log4net;
 using Microsoft.CSharp;
@@ -54,6 +59,9 @@ namespace OpenSim.Region.OptionalModules.Scripting.Minimodule
        private readonly MicroScheduler m_microthreads = new MicroScheduler();
+        private IConfig m_config;
        public void RegisterExtension<T>(T instance)
        {
            m_extensions[typeof (T)] = instance;
@@ -63,6 +71,8 @@ namespace OpenSim.Region.OptionalModules.Scripting.Minimodule
        {
            if (source.Configs["MRM"] != null)
            {
+                m_config = source.Configs["MRM"];
                if (source.Configs["MRM"].GetBoolean("Enabled", false))
                {
                    m_log.Info("[MRM] Enabling MRM Module");
@@ -112,6 +122,91 @@ namespace OpenSim.Region.OptionalModules.Scripting.Minimodule
            return script;
        }
+        /// <summary>
+        /// Create an AppDomain that contains policy restricting code to execute
+        /// with only the permissions granted by a named permission set
+        /// </summary>
+        /// <param name="permissionSetName">name of the permission set to restrict to</param>
+        /// <param name="appDomainName">'friendly' name of the appdomain to be created</param>
+        /// <exception cref="ArgumentNullException">
+        /// if <paramref name="permissionSetName"/> is null
+        /// </exception>
+        /// <exception cref="ArgumentOutOfRangeException">
+        /// if <paramref name="permissionSetName"/> is empty
+        /// </exception>
+        /// <returns>AppDomain with a restricted security policy</returns>
+        /// <remarks>Substantial portions of this function from: http://blogs.msdn.com/shawnfa/archive/2004/10/25/247379.aspx
+        /// Valid permissionSetName values are:     
+        /// * FullTrust
+        /// * SkipVerification
+        /// * Execution
+        /// * Nothing
+        /// * LocalIntranet
+        /// * Internet
+        /// * Everything
+        /// </remarks>
+        public static AppDomain CreateRestrictedDomain(string permissionSetName, string appDomainName)
+        {
+            if (permissionSetName == null)
+                throw new ArgumentNullException("permissionSetName");
+            if (permissionSetName.Length == 0)
+                throw new ArgumentOutOfRangeException("permissionSetName", permissionSetName,
+                                                      "Cannot have an empty permission set name");
+            // Default to all code getting nothing
+            PolicyStatement emptyPolicy = new PolicyStatement(new PermissionSet(PermissionState.None));
+            UnionCodeGroup policyRoot = new UnionCodeGroup(new AllMembershipCondition(), emptyPolicy);
+            bool foundName = false;
+            PermissionSet setIntersection = new PermissionSet(PermissionState.Unrestricted);
+            // iterate over each policy level
+            IEnumerator levelEnumerator = SecurityManager.PolicyHierarchy();
+            while (levelEnumerator.MoveNext())
+            {
+                PolicyLevel level = levelEnumerator.Current as PolicyLevel;
+                // if this level has defined a named permission set with the
+                // given name, then intersect it with what we've retrieved
+                // from all the previous levels
+                if (level != null)
+                {
+                    PermissionSet levelSet = level.GetNamedPermissionSet(permissionSetName);
+                    if (levelSet != null)
+                    {
+                        foundName = true;
+                        if (setIntersection != null)
+                            setIntersection = setIntersection.Intersect(levelSet);
+                    }
+                }
+            }
+            // Intersect() can return null for an empty set, so convert that
+            // to an empty set object. Also return an empty set if we didn't find
+            // the named permission set we were looking for
+            if (setIntersection == null || !foundName)
+                setIntersection = new PermissionSet(PermissionState.None);
+            else
+                setIntersection = new NamedPermissionSet(permissionSetName, setIntersection);
+            // if no named permission sets were found, return an empty set,
+            // otherwise return the set that was found
+            PolicyStatement permissions = new PolicyStatement(setIntersection);
+            policyRoot.AddChild(new UnionCodeGroup(new AllMembershipCondition(), permissions));
+            // create an AppDomain policy level for the policy tree
+            PolicyLevel appDomainLevel = PolicyLevel.CreateAppDomainLevel();
+            appDomainLevel.RootCodeGroup = policyRoot;
+            // create an AppDomain where this policy will be in effect
+            string domainName = appDomainName;
+            AppDomain restrictedDomain = AppDomain.CreateDomain(domainName);
+            restrictedDomain.SetAppDomainPolicy(appDomainLevel);
+            return restrictedDomain;
+        }
        void EventManager_OnRezScript(uint localID, UUID itemID, string script, int startParam, bool postOnRez, string engine, int stateSource)
        {
            if (script.StartsWith("//MRM:C#"))
@@ -125,9 +220,13 @@ namespace OpenSim.Region.OptionalModules.Scripting.Minimodule
                try
                {
-                    m_log.Info("[MRM] Found C# MRM");
+                    m_log.Info("[MRM] Found C# MRM - Starting in AppDomain with " + m_config.GetString("permissionLevel", "Internet") + "-level security.");
+                    string domainName = UUID.Random().ToString();
+                    AppDomain target = CreateRestrictedDomain(m_config.GetString("permissionLevel", "Internet"),
+                                                              domainName);
-                    MRMBase mmb = (MRMBase)AppDomain.CurrentDomain.CreateInstanceFromAndUnwrap(
+                    MRMBase mmb = (MRMBase) target.CreateInstanceFromAndUnwrap(
                                                CompileFromDotNetText(script, itemID.ToString()),
                                                "OpenSim.MiniModule");
diff --git a/OpenSim/Region/OptionalModules/Scripting/Minimodule/SOPObject.cs b/OpenSim/Region/OptionalModules/Scripting/Minimodule/SOPObject.cs
index 35b0a0f..292e345 100644
--- a/OpenSim/Region/OptionalModules/Scripting/Minimodule/SOPObject.cs
+++ b/OpenSim/Region/OptionalModules/Scripting/Minimodule/SOPObject.cs
@@ -71,7 +71,7 @@ namespace OpenSim.Region.OptionalModules.Scripting.Minimodule
        private bool CanEdit()
        {
-            if(!m_security.CanEditObject(this))
+            if (!m_security.CanEditObject(this))
            {
                throw new SecurityException("Insufficient Permission to edit object with UUID [" + GetSOP().UUID + "]");
            }
@@ -672,7 +672,7 @@ namespace OpenSim.Region.OptionalModules.Scripting.Minimodule
            get { return m_sculptType; }
            set
            {
-                if(!CanEdit())
+                if (!CanEdit())
                    return;
                m_sculptType = value;

diff --git a/OpenSim/Region/OptionalModules/Scripting/Minimodule/Interfaces/IAvatarAttachment.cs b/OpenSim/Region/OptionalModules/Scripting/Minimodule/Interfaces/IAvatarAttachment.cs index 22b4605..1993948 100644 --- a/OpenSim/Region/OptionalModules/Scripting/Minimodule/Interfaces/IAvatarAttachment.cs +++ b/OpenSim/Region/OptionalModules/Scripting/Minimodule/Interfaces/IAvatarAttachment.cs
@@ -1,3 +1,30 @@
		1	/*
		2	* Copyright (c) Contributors, http://opensimulator.org/
		3	* See CONTRIBUTORS.TXT for a full list of copyright holders.
		4	*
		5	* Redistribution and use in source and binary forms, with or without
		6	* modification, are permitted provided that the following conditions are met:
		7	* * Redistributions of source code must retain the above copyright
		8	* notice, this list of conditions and the following disclaimer.
		9	* * Redistributions in binary form must reproduce the above copyright
		10	* notice, this list of conditions and the following disclaimer in the
		11	* documentation and/or other materials provided with the distribution.
		12	* * Neither the name of the OpenSimulator Project nor the
		13	* names of its contributors may be used to endorse or promote products
		14	* derived from this software without specific prior written permission.
		15	*
		16	* THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY
		17	* EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
		18	* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
		19	* DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY
		20	* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
		21	* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
		22	* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
		23	* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
		24	* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
		25	* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
		26	*/
		27
1	namespace OpenSim.Region.OptionalModules.Scripting.Minimodule	28	namespace OpenSim.Region.OptionalModules.Scripting.Minimodule
2	{	29	{
3	public interface IAvatarAttachment	30	public interface IAvatarAttachment


diff --git a/OpenSim/Region/OptionalModules/Scripting/Minimodule/MRMModule.cs b/OpenSim/Region/OptionalModules/Scripting/Minimodule/MRMModule.cs index 6daae29..9042e0d 100644 --- a/OpenSim/Region/OptionalModules/Scripting/Minimodule/MRMModule.cs +++ b/OpenSim/Region/OptionalModules/Scripting/Minimodule/MRMModule.cs
@@ -27,9 +27,14 @@
27		27
28	using System;	28	using System;
29	using System.CodeDom.Compiler;	29	using System.CodeDom.Compiler;
		30	using System.Collections;
30	using System.Collections.Generic;	31	using System.Collections.Generic;
		32	using System.Diagnostics;
31	using System.IO;	33	using System.IO;
32	using System.Reflection;	34	using System.Reflection;
		35	using System.Security;
		36	using System.Security.Permissions;
		37	using System.Security.Policy;
33	using System.Text;	38	using System.Text;
34	using log4net;	39	using log4net;
35	using Microsoft.CSharp;	40	using Microsoft.CSharp;
@@ -54,6 +59,9 @@ namespace OpenSim.Region.OptionalModules.Scripting.Minimodule
54		59
55	private readonly MicroScheduler m_microthreads = new MicroScheduler();	60	private readonly MicroScheduler m_microthreads = new MicroScheduler();
56		61
		62
		63	private IConfig m_config;
		64
57	public void RegisterExtension<T>(T instance)	65	public void RegisterExtension<T>(T instance)
58	{	66	{
59	m_extensions[typeof (T)] = instance;	67	m_extensions[typeof (T)] = instance;
@@ -63,6 +71,8 @@ namespace OpenSim.Region.OptionalModules.Scripting.Minimodule
63	{	71	{
64	if (source.Configs["MRM"] != null)	72	if (source.Configs["MRM"] != null)
65	{	73	{
		74	m_config = source.Configs["MRM"];
		75
66	if (source.Configs["MRM"].GetBoolean("Enabled", false))	76	if (source.Configs["MRM"].GetBoolean("Enabled", false))
67	{	77	{
68	m_log.Info("[MRM] Enabling MRM Module");	78	m_log.Info("[MRM] Enabling MRM Module");
@@ -112,6 +122,91 @@ namespace OpenSim.Region.OptionalModules.Scripting.Minimodule
112	return script;	122	return script;
113	}	123	}
114		124
		125	/// <summary>
		126	/// Create an AppDomain that contains policy restricting code to execute
		127	/// with only the permissions granted by a named permission set
		128	/// </summary>
		129	/// <param name="permissionSetName">name of the permission set to restrict to</param>
		130	/// <param name="appDomainName">'friendly' name of the appdomain to be created</param>
		131	/// <exception cref="ArgumentNullException">
		132	/// if <paramref name="permissionSetName"/> is null
		133	/// </exception>
		134	/// <exception cref="ArgumentOutOfRangeException">
		135	/// if <paramref name="permissionSetName"/> is empty
		136	/// </exception>
		137	/// <returns>AppDomain with a restricted security policy</returns>
		138	/// <remarks>Substantial portions of this function from: http://blogs.msdn.com/shawnfa/archive/2004/10/25/247379.aspx
		139	/// Valid permissionSetName values are:
		140	/// * FullTrust
		141	/// * SkipVerification
		142	/// * Execution
		143	/// * Nothing
		144	/// * LocalIntranet
		145	/// * Internet
		146	/// * Everything
		147	/// </remarks>
		148	public static AppDomain CreateRestrictedDomain(string permissionSetName, string appDomainName)
		149	{
		150	if (permissionSetName == null)
		151	throw new ArgumentNullException("permissionSetName");
		152	if (permissionSetName.Length == 0)
		153	throw new ArgumentOutOfRangeException("permissionSetName", permissionSetName,
		154	"Cannot have an empty permission set name");
		155
		156	// Default to all code getting nothing
		157	PolicyStatement emptyPolicy = new PolicyStatement(new PermissionSet(PermissionState.None));
		158	UnionCodeGroup policyRoot = new UnionCodeGroup(new AllMembershipCondition(), emptyPolicy);
		159
		160	bool foundName = false;
		161	PermissionSet setIntersection = new PermissionSet(PermissionState.Unrestricted);
		162
		163	// iterate over each policy level
		164	IEnumerator levelEnumerator = SecurityManager.PolicyHierarchy();
		165	while (levelEnumerator.MoveNext())
		166	{
		167	PolicyLevel level = levelEnumerator.Current as PolicyLevel;
		168
		169	// if this level has defined a named permission set with the
		170	// given name, then intersect it with what we've retrieved
		171	// from all the previous levels
		172	if (level != null)
		173	{
		174	PermissionSet levelSet = level.GetNamedPermissionSet(permissionSetName);
		175	if (levelSet != null)
		176	{
		177	foundName = true;
		178	if (setIntersection != null)
		179	setIntersection = setIntersection.Intersect(levelSet);
		180	}
		181	}
		182	}
		183
		184	// Intersect() can return null for an empty set, so convert that
		185	// to an empty set object. Also return an empty set if we didn't find
		186	// the named permission set we were looking for
		187	if (setIntersection == null \|\| !foundName)
		188	setIntersection = new PermissionSet(PermissionState.None);
		189	else
		190	setIntersection = new NamedPermissionSet(permissionSetName, setIntersection);
		191
		192	// if no named permission sets were found, return an empty set,
		193	// otherwise return the set that was found
		194	PolicyStatement permissions = new PolicyStatement(setIntersection);
		195	policyRoot.AddChild(new UnionCodeGroup(new AllMembershipCondition(), permissions));
		196
		197	// create an AppDomain policy level for the policy tree
		198	PolicyLevel appDomainLevel = PolicyLevel.CreateAppDomainLevel();
		199	appDomainLevel.RootCodeGroup = policyRoot;
		200
		201	// create an AppDomain where this policy will be in effect
		202	string domainName = appDomainName;
		203	AppDomain restrictedDomain = AppDomain.CreateDomain(domainName);
		204	restrictedDomain.SetAppDomainPolicy(appDomainLevel);
		205
		206	return restrictedDomain;
		207	}
		208
		209
115	void EventManager_OnRezScript(uint localID, UUID itemID, string script, int startParam, bool postOnRez, string engine, int stateSource)	210	void EventManager_OnRezScript(uint localID, UUID itemID, string script, int startParam, bool postOnRez, string engine, int stateSource)
116	{	211	{
117	if (script.StartsWith("//MRM:C#"))	212	if (script.StartsWith("//MRM:C#"))
@@ -125,9 +220,13 @@ namespace OpenSim.Region.OptionalModules.Scripting.Minimodule
125		220
126	try	221	try
127	{	222	{
128	m_log.Info("[MRM] Found C# MRM");	223	m_log.Info("[MRM] Found C# MRM - Starting in AppDomain with " + m_config.GetString("permissionLevel", "Internet") + "-level security.");
		224
		225	string domainName = UUID.Random().ToString();
		226	AppDomain target = CreateRestrictedDomain(m_config.GetString("permissionLevel", "Internet"),
		227	domainName);
129		228
130	MRMBase mmb = (MRMBase)AppDomain.CurrentDomain.CreateInstanceFromAndUnwrap(	229	MRMBase mmb = (MRMBase) target.CreateInstanceFromAndUnwrap(
131	CompileFromDotNetText(script, itemID.ToString()),	230	CompileFromDotNetText(script, itemID.ToString()),
132	"OpenSim.MiniModule");	231	"OpenSim.MiniModule");
133		232


diff --git a/OpenSim/Region/OptionalModules/Scripting/Minimodule/SOPObject.cs b/OpenSim/Region/OptionalModules/Scripting/Minimodule/SOPObject.cs index 35b0a0f..292e345 100644 --- a/OpenSim/Region/OptionalModules/Scripting/Minimodule/SOPObject.cs +++ b/OpenSim/Region/OptionalModules/Scripting/Minimodule/SOPObject.cs
@@ -71,7 +71,7 @@ namespace OpenSim.Region.OptionalModules.Scripting.Minimodule
71		71
72	private bool CanEdit()	72	private bool CanEdit()
73	{	73	{
74	if(!m_security.CanEditObject(this))	74	if (!m_security.CanEditObject(this))
75	{	75	{
76	throw new SecurityException("Insufficient Permission to edit object with UUID [" + GetSOP().UUID + "]");	76	throw new SecurityException("Insufficient Permission to edit object with UUID [" + GetSOP().UUID + "]");
77	}	77	}
@@ -672,7 +672,7 @@ namespace OpenSim.Region.OptionalModules.Scripting.Minimodule
672	get { return m_sculptType; }	672	get { return m_sculptType; }
673	set	673	set
674	{	674	{
675	if(!CanEdit())	675	if (!CanEdit())
676	return;	676	return;
677		677
678	m_sculptType = value;	678	m_sculptType = value;