From 6b0a3e981cc06e7935960a5a806222a2aa2126d9 Mon Sep 17 00:00:00 2001 From: UbitUmarov Date: Fri, 30 Jun 2017 22:04:56 +0100 Subject: put osGetAgentIP() in threat control with level Severe so it can be disabled even for inworld administrators as needed on some grids. rearrage the osslEnable.ini file segregating the funtions only listed for information --- .../Shared/Api/Implementation/OSSL_Api.cs | 16 +-- bin/config-include/osslEnable.ini | 116 +++++++++++---------- 2 files changed, 66 insertions(+), 66 deletions(-) diff --git a/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/OSSL_Api.cs b/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/OSSL_Api.cs index b84065f..1139579 100644 --- a/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/OSSL_Api.cs +++ b/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/OSSL_Api.cs @@ -452,7 +452,6 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api } } - if (!m_FunctionPerms[function].AllowedCreators.Contains(m_item.CreatorID)) return( String.Format("{0} permission denied. Script creator is not in the list of users allowed to execute this function and prim owner also has no permission.", @@ -1099,8 +1098,8 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api public string osGetAgentIP(string agent) { - CheckThreatLevel(); // user god is the restriction - if(!(World.Permissions.IsGod(m_host.OwnerID))) + CheckThreatLevel(ThreatLevel.Severe, "osGetAgentIP"); + if(!(World.Permissions.IsGod(m_host.OwnerID))) // user god always needed return ""; UUID avatarID = (UUID)agent; @@ -1115,6 +1114,7 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api // fall through case, just return nothing return ""; } + // Adam's super super custom animation functions public void osAvatarPlayAnimation(string avatar, string animation) { @@ -1131,13 +1131,7 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api if(!UUID.TryParse(avatar, out avatarID)) return; - if(!World.Entities.ContainsKey(avatarID)) - return; - - ScenePresence target = null; - if ((World.Entities[avatarID] is ScenePresence)) - target = (ScenePresence)World.Entities[avatarID]; - + ScenePresence target = World.GetScenePresence(avatarID); if (target == null) return; @@ -1417,7 +1411,7 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api public LSL_Vector osGetDrawStringSize(string contentType, string text, string fontName, int fontSize) { - CheckThreatLevel(ThreatLevel.VeryLow, "osGetDrawStringSize"); + CheckThreatLevel(); m_host.AddScriptLPS(1); LSL_Vector vec = new LSL_Vector(0,0,0); diff --git a/bin/config-include/osslEnable.ini b/bin/config-include/osslEnable.ini index 1d03f83..83d9756 100644 --- a/bin/config-include/osslEnable.ini +++ b/bin/config-include/osslEnable.ini @@ -31,7 +31,7 @@ ; higher threat level OSSL functions, as detailed later on. OSFunctionThreatLevel = VeryLow - ; Each of the OSSL functions can be enabled or disabled individually. + ; Some of the OSSL functions can be enabled or disabled individually. ; To disable, set the value to 'false'. ; To enable for everyone, set the value to 'true'. ; To enable for individuals or groups, set it to a comma separated list. This checks @@ -45,12 +45,10 @@ ; "PARCEL_OWNER" -- enable for parcel owner ; "PARCEL_GROUP_MEMBER" -- enable for any member of the parcel group ; uuid -- enable for specified ID (may be avatar or group ID) - - ; The OSSL function name is prepended with "Allow_" and it checks against - ; the owners of the containing prim. There can also be entries beginning with - ; 'Creators_". The 'Creators_" parameters can only be a list of UUIDs and it is - ; checked against the creator of the script itself. - + ; from this we can also create macros that can be include in the list as + ; ${XEngine|macroname} see examples below + + ; parcel macros ; Allowing ossl functions for anyone owning a parcel can be dangerous especially if ; a region is selling or otherwise giving away parcel ownership. By default, parcel ; ownership or group membership does not enable OSSL functions. Uncomment the @@ -62,69 +60,32 @@ ; osslParcelO = "PARCEL_OWNER," ; osslParcelOG = "PARCEL_GROUP_MEMBER,PARCEL_OWNER," - ; There are a block of functions for creating and controlling NPCs. + ; NPC macros + ; There are a block of macros to creating and controlling NPCs. ; These can be mis-used so limit use to those you can trust. - osslNPC = ${XEngine|osslParcelOG}ESTATE_MANAGER,ESTATE_OWNER - -; some ThreadLevel None functions no longer do level check. listed comment just to be visible + osslNPC = ${XEngine|osslParcelOG}ESTATE_MANAGER,ESTATE_OWNER - ; ThreatLevel None + ; The OSSL function name is prepended with "Allow_" and it checks against + ; the owners of the containing prim. There can also be entries beginning with + ; 'Creators_". The 'Creators_" parameters can only be a list of UUIDs and it is + ; checked against the creator of the script itself. -; Allow_osClearInertia() = true ; no level check -; Allow_osCheckODE = true ; no level check -; Allow_osCollisionSound = true ; no level check -; Allow_osDrawEllipse = true ; no level check -; Allow_osDrawFilledEllipse = true ; no level check -; Allow_osDrawFilledPolygon = true ; no level check -; Allow_osDrawFilledRectangle = true ; no level check -; Allow_osDrawResetTransform = true ; no level check -; Allow_osDrawRotationTransform = true ; no level check -; Allow_osDrawScaleTransform = true ; no level check -; Allow_osDrawTranslationTransform = true ; no level check -; Allow_osDrawImage = true ; no level check -; Allow_osDrawLine = true ; no level check -; Allow_osDrawPolygon = true ; no level check -; Allow_osDrawRectangle = true ; no level check -; Allow_osDrawText = true ; no level check -; Allow_osGetAgentIP = ---- ;restricted to Administrators (GOD) +; ************************************************* + + ; ThreatLevel None Allow_osGetAgents = ${XEngine|osslParcelOG}ESTATE_MANAGER,ESTATE_OWNER Allow_osGetAvatarList = ${XEngine|osslParcelOG}ESTATE_MANAGER,ESTATE_OWNER -; Allow_osGetCurrentSunHour = true ; no level check -; Allow_osGetPhysicsEngineName = true ; no level check Allow_osGetGender = true Allow_osGetHealth = true Allow_osGetHealRate = true -; Allow_osGetInertiaData = true ; no level check -; Allow_osGetInventoryDesc = true ; no level check -; Allow_osGetLinkNumber = true ; no level check -; Allow_osGetMapTexture = true ; no level check Allow_osGetNPCList = ${XEngine|osslParcelOG}ESTATE_MANAGER,ESTATE_OWNER -; Allow_osGetRegionSize = true ; no level check Allow_osGetRezzingObject = true -; Allow_osGetSunParam = true ; no level check -; Allow_osGetTerrainHeight = true ; no level check -; Allow_osIsNpc = true ; no level check -; Allow_osIsUUID = true ; no level check -; Allow_osList2Double = true ; no level check -; Allow_osMax = true ; no level check -; Allow_osMin = true ; no level check -; Allow_osMovePen = true ; no level check Allow_osNpcGetOwner = ${XEngine|osslNPC} Allow_osParseJSON = true Allow_osParseJSONNew = true -; Allow_osSetInertia = true ; no level check -; Allow_osSetInertiaAsBox = true ; no level check -; Allow_osSetInertiaAsSphere = true ; no level check -; Allow_osSetInertiaAsCylinder = true ; no level check -; Allow_osSetFontName = true ; no level check -; Allow_osSetFontSize = true ; no level check -; Allow_osSetPenCap = true ; no level check -; Allow_osSetPenColor = true ; no level check -; Allow_osSetPenSize = true ; no level check Allow_osSetSunParam = ${XEngine|osslParcelOG}ESTATE_MANAGER,ESTATE_OWNER Allow_osTeleportOwner = ${XEngine|osslParcelOG}ESTATE_MANAGER,ESTATE_OWNER Allow_osWindActiveModelPluginName = true -; Allow_osVolumeDetect = true ; no level check ; ThreatLevel Nuisance Allow_osSetEstateSunSettings = ESTATE_MANAGER,ESTATE_OWNER @@ -134,7 +95,6 @@ Allow_osEjectFromGroup = ${XEngine|osslParcelOG}ESTATE_MANAGER,ESTATE_OWNER Allow_osForceBreakAllLinks = ${XEngine|osslParcelOG}ESTATE_MANAGER,ESTATE_OWNER Allow_osForceBreakLink = ${XEngine|osslParcelOG}ESTATE_MANAGER,ESTATE_OWNER - Allow_osGetDrawStringSize = true Allow_osGetWindParam = true Allow_osInviteToGroup = ${XEngine|osslParcelOG}ESTATE_MANAGER,ESTATE_OWNER Allow_osReplaceString = true @@ -258,3 +218,49 @@ Allow_osTeleportAgent = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER Allow_osTeleportObject = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER +; funtions ThreatLevel Severe with aditional internal restrictions + Allow_osGetAgentIP = true ; always restricted to Administrators (true or false to disable) + +; avaiable funtions out of Threat level control (for reference only) +; Allow_osClearInertia = true +; Allow_osCheckODE = true +; Allow_osCollisionSound = true +; Allow_osDrawEllipse = true +; Allow_osDrawFilledEllipse = true +; Allow_osDrawFilledPolygon = true +; Allow_osDrawFilledRectangle = true +; Allow_osDrawResetTransform = true +; Allow_osDrawRotationTransform = true +; Allow_osDrawScaleTransform = true +; Allow_osDrawTranslationTransform = true +; Allow_osDrawImage = true +; Allow_osDrawLine = true +; Allow_osDrawPolygon = true +; Allow_osDrawRectangle = true +; Allow_osDrawText = true +; Allow_osGetCurrentSunHour = true +; Allow_osGetPhysicsEngineName = true +; Allow_osGetInertiaData = true +; Allow_osGetInventoryDesc = true +; Allow_osGetLinkNumber = true +; Allow_osGetMapTexture = true +; Allow_osGetRegionSize = true +; Allow_osGetSunParam = true +; Allow_osGetTerrainHeight = true +; Allow_osGetDrawStringSize = true +; Allow_osIsNpc = true +; Allow_osIsUUID = true +; Allow_osList2Double = true +; Allow_osMax = true +; Allow_osMin = true +; Allow_osMovePen = true +; Allow_osSetInertia = true +; Allow_osSetInertiaAsBox = true +; Allow_osSetInertiaAsSphere = true +; Allow_osSetInertiaAsCylinder = true +; Allow_osSetFontName = true +; Allow_osSetFontSize = true +; Allow_osSetPenCap = true +; Allow_osSetPenColor = true +; Allow_osSetPenSize = true +; Allow_osVolumeDetect = true -- cgit v1.1