From 9090a907692e7deaafd79150bf6482507be86d55 Mon Sep 17 00:00:00 2001 From: Adam Frisby Date: Sun, 16 Aug 2009 03:48:16 +1000 Subject: * Beginnings of a Security Credential system in MRM. This will eventually lead to trusted execution of untrusted MRMs. --- .../Scripting/Minimodule/ISecurityCredential.cs | 7 +++++++ .../Scripting/Minimodule/MRMModule.cs | 10 ++++++++-- .../Scripting/Minimodule/ObjectAccessor.cs | 22 +++++++++++++--------- .../Scripting/Minimodule/SOPObject.cs | 9 +++++++++ .../Scripting/Minimodule/SecurityCredential.cs | 21 +++++++++++++++++++++ .../OptionalModules/Scripting/Minimodule/World.cs | 6 ++++-- 6 files changed, 62 insertions(+), 13 deletions(-) create mode 100644 OpenSim/Region/OptionalModules/Scripting/Minimodule/ISecurityCredential.cs create mode 100644 OpenSim/Region/OptionalModules/Scripting/Minimodule/SecurityCredential.cs (limited to 'OpenSim/Region/OptionalModules/Scripting') diff --git a/OpenSim/Region/OptionalModules/Scripting/Minimodule/ISecurityCredential.cs b/OpenSim/Region/OptionalModules/Scripting/Minimodule/ISecurityCredential.cs new file mode 100644 index 0000000..464723e --- /dev/null +++ b/OpenSim/Region/OptionalModules/Scripting/Minimodule/ISecurityCredential.cs @@ -0,0 +1,7 @@ +namespace OpenSim.Region.OptionalModules.Scripting.Minimodule +{ + public interface ISecurityCredential + { + ISocialEntity owner { get; } + } +} \ No newline at end of file diff --git a/OpenSim/Region/OptionalModules/Scripting/Minimodule/MRMModule.cs b/OpenSim/Region/OptionalModules/Scripting/Minimodule/MRMModule.cs index 5ed9af3..0cc7930 100644 --- a/OpenSim/Region/OptionalModules/Scripting/Minimodule/MRMModule.cs +++ b/OpenSim/Region/OptionalModules/Scripting/Minimodule/MRMModule.cs @@ -166,8 +166,14 @@ namespace OpenSim.Region.OptionalModules.Scripting.Minimodule public void GetGlobalEnvironment(uint localID, out IWorld world, out IHost host) { - world = new World(m_scene); - host = new Host(new SOPObject(m_scene, localID), m_scene, new ExtensionHandler(m_extensions), m_microthreads); + // UUID should be changed to object owner. + UUID owner = m_scene.RegionInfo.MasterAvatarAssignedUUID; + SEUser securityUser = new SEUser(owner, "Name Unassigned"); + SecurityCredential creds = new SecurityCredential(securityUser); + + world = new World(m_scene, creds); + host = new Host(new SOPObject(m_scene, localID, creds), m_scene, new ExtensionHandler(m_extensions), + m_microthreads); } public void InitializeMRM(MRMBase mmb, uint localID, UUID itemID) diff --git a/OpenSim/Region/OptionalModules/Scripting/Minimodule/ObjectAccessor.cs b/OpenSim/Region/OptionalModules/Scripting/Minimodule/ObjectAccessor.cs index 4638ad0..6ba5ccf 100644 --- a/OpenSim/Region/OptionalModules/Scripting/Minimodule/ObjectAccessor.cs +++ b/OpenSim/Region/OptionalModules/Scripting/Minimodule/ObjectAccessor.cs @@ -40,10 +40,12 @@ namespace OpenSim.Region.OptionalModules.Scripting.Minimodule { private readonly Scene m_scene; private readonly IEnumerator m_sogEnum; + private readonly ISecurityCredential m_security; - public IObjEnum(Scene scene) + public IObjEnum(Scene scene, ISecurityCredential security) { m_scene = scene; + m_security = security; m_sogEnum = m_scene.Entities.GetAllByType().GetEnumerator(); } @@ -66,7 +68,7 @@ namespace OpenSim.Region.OptionalModules.Scripting.Minimodule { get { - return new SOPObject(m_scene, m_sogEnum.Current.LocalId); + return new SOPObject(m_scene, m_sogEnum.Current.LocalId, m_security); } } @@ -79,17 +81,19 @@ namespace OpenSim.Region.OptionalModules.Scripting.Minimodule public class ObjectAccessor : System.MarshalByRefObject, IObjectAccessor { private readonly Scene m_scene; + private readonly ISecurityCredential m_security; - public ObjectAccessor(Scene scene) + public ObjectAccessor(Scene scene, ISecurityCredential security) { m_scene = scene; + m_security = security; } public IObject this[int index] { get { - return new SOPObject(m_scene, m_scene.Entities[(uint)index].LocalId); + return new SOPObject(m_scene, m_scene.Entities[(uint)index].LocalId, m_security); } } @@ -97,7 +101,7 @@ namespace OpenSim.Region.OptionalModules.Scripting.Minimodule { get { - return new SOPObject(m_scene, m_scene.Entities[index].LocalId); + return new SOPObject(m_scene, m_scene.Entities[index].LocalId, m_security); } } @@ -105,7 +109,7 @@ namespace OpenSim.Region.OptionalModules.Scripting.Minimodule { get { - return new SOPObject(m_scene, m_scene.Entities[index].LocalId); + return new SOPObject(m_scene, m_scene.Entities[index].LocalId, m_security); } } @@ -117,20 +121,20 @@ namespace OpenSim.Region.OptionalModules.Scripting.Minimodule public IObject Create(Vector3 position, Quaternion rotation) { - SceneObjectGroup sog = m_scene.AddNewPrim(m_scene.RegionInfo.MasterAvatarAssignedUUID, + SceneObjectGroup sog = m_scene.AddNewPrim(m_security.owner.GlobalID, UUID.Zero, position, rotation, PrimitiveBaseShape.CreateBox()); - IObject ret = new SOPObject(m_scene, sog.LocalId); + IObject ret = new SOPObject(m_scene, sog.LocalId, m_security); return ret; } public IEnumerator GetEnumerator() { - return new IObjEnum(m_scene); + return new IObjEnum(m_scene, m_security); } IEnumerator IEnumerable.GetEnumerator() diff --git a/OpenSim/Region/OptionalModules/Scripting/Minimodule/SOPObject.cs b/OpenSim/Region/OptionalModules/Scripting/Minimodule/SOPObject.cs index bc26389..fa9ef53 100644 --- a/OpenSim/Region/OptionalModules/Scripting/Minimodule/SOPObject.cs +++ b/OpenSim/Region/OptionalModules/Scripting/Minimodule/SOPObject.cs @@ -42,13 +42,22 @@ namespace OpenSim.Region.OptionalModules.Scripting.Minimodule { private readonly Scene m_rootScene; private readonly uint m_localID; + private readonly ISecurityCredential m_security; + [Obsolete("Replace with 'credential' constructor [security]")] public SOPObject(Scene rootScene, uint localID) { m_rootScene = rootScene; m_localID = localID; } + public SOPObject(Scene rootScene, uint localID, ISecurityCredential credential) + { + m_rootScene = rootScene; + m_localID = localID; + m_security = credential; + } + /// /// This needs to run very, very quickly. /// It is utilized in nearly every property and method. diff --git a/OpenSim/Region/OptionalModules/Scripting/Minimodule/SecurityCredential.cs b/OpenSim/Region/OptionalModules/Scripting/Minimodule/SecurityCredential.cs new file mode 100644 index 0000000..bd4440c --- /dev/null +++ b/OpenSim/Region/OptionalModules/Scripting/Minimodule/SecurityCredential.cs @@ -0,0 +1,21 @@ +using System; +using System.Collections.Generic; +using System.Text; + +namespace OpenSim.Region.OptionalModules.Scripting.Minimodule +{ + class SecurityCredential : ISecurityCredential + { + private readonly ISocialEntity m_owner; + + public SecurityCredential(ISocialEntity m_owner) + { + this.m_owner = m_owner; + } + + public ISocialEntity owner + { + get { return m_owner; } + } + } +} diff --git a/OpenSim/Region/OptionalModules/Scripting/Minimodule/World.cs b/OpenSim/Region/OptionalModules/Scripting/Minimodule/World.cs index 1ec4a33..a34684f 100644 --- a/OpenSim/Region/OptionalModules/Scripting/Minimodule/World.cs +++ b/OpenSim/Region/OptionalModules/Scripting/Minimodule/World.cs @@ -37,15 +37,17 @@ namespace OpenSim.Region.OptionalModules.Scripting.Minimodule public class World : System.MarshalByRefObject, IWorld, IWorldAudio { private readonly Scene m_internalScene; + private readonly ISecurityCredential m_security; private readonly Heightmap m_heights; private readonly ObjectAccessor m_objs; - public World(Scene internalScene) + public World(Scene internalScene, ISecurityCredential securityCredential) { + m_security = securityCredential; m_internalScene = internalScene; m_heights = new Heightmap(m_internalScene); - m_objs = new ObjectAccessor(m_internalScene); + m_objs = new ObjectAccessor(m_internalScene, securityCredential); } #region Events -- cgit v1.1 From 9d9fcac0386ba6adc7a1f6c08f82bd5c0b6cd1d2 Mon Sep 17 00:00:00 2001 From: Jeff Ames Date: Fri, 14 Aug 2009 17:16:41 +0900 Subject: Misc cleanup. --- .../Region/OptionalModules/Scripting/Minimodule/Interfaces/IObject.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'OpenSim/Region/OptionalModules/Scripting') diff --git a/OpenSim/Region/OptionalModules/Scripting/Minimodule/Interfaces/IObject.cs b/OpenSim/Region/OptionalModules/Scripting/Minimodule/Interfaces/IObject.cs index 6415250..19f7210 100644 --- a/OpenSim/Region/OptionalModules/Scripting/Minimodule/Interfaces/IObject.cs +++ b/OpenSim/Region/OptionalModules/Scripting/Minimodule/Interfaces/IObject.cs @@ -212,6 +212,6 @@ namespace OpenSim.Region.OptionalModules.Scripting.Minimodule bool Bright { get; set; } // SetPrimParms(FULLBRIGHT) double Bloom { get; set; } // SetPrimParms(GLOW) bool Shiny { get; set; } // SetPrimParms(SHINY) - bool BumpMap { get; set; } // SetPrimParms(BUMPMAP) [DEPRECIATE IN FAVOUR OF UUID?] + bool BumpMap { get; set; } // SetPrimParms(BUMPMAP) [DEPRECATE IN FAVOUR OF UUID?] } } -- cgit v1.1 From 2b630470b064bc4d0fe84210839409f3c7bf5823 Mon Sep 17 00:00:00 2001 From: Jeff Ames Date: Sun, 16 Aug 2009 17:30:13 +0900 Subject: Add copyright headers. Formatting cleanup. --- .../Scripting/Minimodule/ISecurityCredential.cs | 27 ++++++++++++++++++++ .../Scripting/Minimodule/SecurityCredential.cs | 29 +++++++++++++++++++++- 2 files changed, 55 insertions(+), 1 deletion(-) (limited to 'OpenSim/Region/OptionalModules/Scripting') diff --git a/OpenSim/Region/OptionalModules/Scripting/Minimodule/ISecurityCredential.cs b/OpenSim/Region/OptionalModules/Scripting/Minimodule/ISecurityCredential.cs index 464723e..7e084d8 100644 --- a/OpenSim/Region/OptionalModules/Scripting/Minimodule/ISecurityCredential.cs +++ b/OpenSim/Region/OptionalModules/Scripting/Minimodule/ISecurityCredential.cs @@ -1,3 +1,30 @@ +/* + * Copyright (c) Contributors, http://opensimulator.org/ + * See CONTRIBUTORS.TXT for a full list of copyright holders. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * * Neither the name of the OpenSimulator Project nor the + * names of its contributors may be used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY + * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY + * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND + * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + namespace OpenSim.Region.OptionalModules.Scripting.Minimodule { public interface ISecurityCredential diff --git a/OpenSim/Region/OptionalModules/Scripting/Minimodule/SecurityCredential.cs b/OpenSim/Region/OptionalModules/Scripting/Minimodule/SecurityCredential.cs index bd4440c..cbcd137 100644 --- a/OpenSim/Region/OptionalModules/Scripting/Minimodule/SecurityCredential.cs +++ b/OpenSim/Region/OptionalModules/Scripting/Minimodule/SecurityCredential.cs @@ -1,4 +1,31 @@ -using System; +/* + * Copyright (c) Contributors, http://opensimulator.org/ + * See CONTRIBUTORS.TXT for a full list of copyright holders. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * * Neither the name of the OpenSimulator Project nor the + * names of its contributors may be used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY + * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY + * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND + * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +using System; using System.Collections.Generic; using System.Text; -- cgit v1.1 From 975c49a399d2822b93496d7abea8587c9f8c7af4 Mon Sep 17 00:00:00 2001 From: Adam Frisby Date: Sun, 16 Aug 2009 21:20:45 +1000 Subject: * [MRM] Implements permission checks on IObject implementations in SOPObject.cs. Does not implement security on IObjectInventory yet. --- .../Scripting/Minimodule/ISecurityCredential.cs | 2 + .../Scripting/Minimodule/SOPObject.cs | 86 +++++++++++++++++++--- .../Scripting/Minimodule/SecurityCredential.cs | 13 ++++ 3 files changed, 92 insertions(+), 9 deletions(-) (limited to 'OpenSim/Region/OptionalModules/Scripting') diff --git a/OpenSim/Region/OptionalModules/Scripting/Minimodule/ISecurityCredential.cs b/OpenSim/Region/OptionalModules/Scripting/Minimodule/ISecurityCredential.cs index 464723e..e6878d1 100644 --- a/OpenSim/Region/OptionalModules/Scripting/Minimodule/ISecurityCredential.cs +++ b/OpenSim/Region/OptionalModules/Scripting/Minimodule/ISecurityCredential.cs @@ -3,5 +3,7 @@ namespace OpenSim.Region.OptionalModules.Scripting.Minimodule public interface ISecurityCredential { ISocialEntity owner { get; } + bool CanEditObject(IObject target); + bool CanEditTerrain(int x, int y); } } \ No newline at end of file diff --git a/OpenSim/Region/OptionalModules/Scripting/Minimodule/SOPObject.cs b/OpenSim/Region/OptionalModules/Scripting/Minimodule/SOPObject.cs index fa9ef53..674c9e0 100644 --- a/OpenSim/Region/OptionalModules/Scripting/Minimodule/SOPObject.cs +++ b/OpenSim/Region/OptionalModules/Scripting/Minimodule/SOPObject.cs @@ -27,6 +27,7 @@ using System; using System.Collections.Generic; +using System.Security; using OpenMetaverse; using OpenMetaverse.Packets; using OpenSim.Framework; @@ -68,6 +69,15 @@ namespace OpenSim.Region.OptionalModules.Scripting.Minimodule return m_rootScene.GetSceneObjectPart(m_localID); } + private bool CanEdit() + { + if(!m_security.CanEditObject(this)) + { + throw new SecurityException("Insufficient Permission to edit object with UUID [" + GetSOP().UUID + "]"); + } + return true; + } + #region OnTouch private event OnTouchDelegate _OnTouch; @@ -139,13 +149,21 @@ namespace OpenSim.Region.OptionalModules.Scripting.Minimodule public string Name { get { return GetSOP().Name; } - set { GetSOP().Name = value; } + set + { + if (CanEdit()) + GetSOP().Name = value; + } } public string Description { get { return GetSOP().Description; } - set { GetSOP().Description = value; } + set + { + if (CanEdit()) + GetSOP().Description = value; + } } public IObject[] Children @@ -169,7 +187,7 @@ namespace OpenSim.Region.OptionalModules.Scripting.Minimodule public IObject Root { - get { return new SOPObject(m_rootScene, GetSOP().ParentGroup.RootPart.LocalId); } + get { return new SOPObject(m_rootScene, GetSOP().ParentGroup.RootPart.LocalId, m_security); } } public IObjectMaterial[] Materials @@ -191,7 +209,11 @@ namespace OpenSim.Region.OptionalModules.Scripting.Minimodule public Vector3 Scale { get { return GetSOP().Scale; } - set { GetSOP().Scale = value; } + set + { + if (CanEdit()) + GetSOP().Scale = value; + } } public Quaternion WorldRotation @@ -211,15 +233,24 @@ namespace OpenSim.Region.OptionalModules.Scripting.Minimodule get { return GetSOP().AbsolutePosition; } set { - SceneObjectPart pos = GetSOP(); - pos.UpdateOffSet(value - pos.AbsolutePosition); + if (CanEdit()) + { + SceneObjectPart pos = GetSOP(); + pos.UpdateOffSet(value - pos.AbsolutePosition); + } } } public Vector3 OffsetPosition { get { return GetSOP().OffsetPosition; } - set { GetSOP().OffsetPosition = value; } + set + { + if (CanEdit()) + { + GetSOP().OffsetPosition = value; + } + } } public Vector3 SitTarget @@ -319,8 +350,10 @@ namespace OpenSim.Region.OptionalModules.Scripting.Minimodule public void Say(string msg) { - SceneObjectPart sop = GetSOP(); + if (!CanEdit()) + return; + SceneObjectPart sop = GetSOP(); m_rootScene.SimChat(msg, ChatTypeEnum.Say, sop.AbsolutePosition, sop.Name, sop.UUID, false); } @@ -512,6 +545,9 @@ namespace OpenSim.Region.OptionalModules.Scripting.Minimodule } set { + if (!CanEdit()) + return; + GetSOP().PhysActor.RotationalVelocity = new PhysicsVector(value.X, value.Y, value.Z); } } @@ -525,6 +561,9 @@ namespace OpenSim.Region.OptionalModules.Scripting.Minimodule } set { + if (!CanEdit()) + return; + GetSOP().PhysActor.Velocity = new PhysicsVector(value.X, value.Y, value.Z); } } @@ -538,6 +577,9 @@ namespace OpenSim.Region.OptionalModules.Scripting.Minimodule } set { + if (!CanEdit()) + return; + GetSOP().PhysActor.Torque = new PhysicsVector(value.X, value.Y, value.Z); } } @@ -560,27 +602,44 @@ namespace OpenSim.Region.OptionalModules.Scripting.Minimodule } set { + if (!CanEdit()) + return; + GetSOP().PhysActor.Force = new PhysicsVector(value.X, value.Y, value.Z); } } public bool FloatOnWater { - set { GetSOP().PhysActor.FloatOnWater = value; } + set + { + if (!CanEdit()) + return; + GetSOP().PhysActor.FloatOnWater = value; + } } public void AddForce(Vector3 force, bool pushforce) { + if (!CanEdit()) + return; + GetSOP().PhysActor.AddForce(new PhysicsVector(force.X, force.Y, force.Z), pushforce); } public void AddAngularForce(Vector3 force, bool pushforce) { + if (!CanEdit()) + return; + GetSOP().PhysActor.AddAngularForce(new PhysicsVector(force.X, force.Y, force.Z), pushforce); } public void SetMomentum(Vector3 momentum) { + if (!CanEdit()) + return; + GetSOP().PhysActor.SetMomentum(new PhysicsVector(momentum.X, momentum.Y, momentum.Z)); } @@ -595,6 +654,9 @@ namespace OpenSim.Region.OptionalModules.Scripting.Minimodule get { return m_sculptMap; } set { + if (!CanEdit()) + return; + m_sculptMap = value; SetPrimitiveSculpted(SculptMap, (byte) SculptType); } @@ -607,6 +669,9 @@ namespace OpenSim.Region.OptionalModules.Scripting.Minimodule get { return m_sculptType; } set { + if(!CanEdit()) + return; + m_sculptType = value; SetPrimitiveSculpted(SculptMap, (byte) SculptType); } @@ -663,6 +728,9 @@ namespace OpenSim.Region.OptionalModules.Scripting.Minimodule public void Play(UUID asset, double volume) { + if (!CanEdit()) + return; + GetSOP().SendSound(asset.ToString(), volume, true, 0); } diff --git a/OpenSim/Region/OptionalModules/Scripting/Minimodule/SecurityCredential.cs b/OpenSim/Region/OptionalModules/Scripting/Minimodule/SecurityCredential.cs index bd4440c..771bc8b 100644 --- a/OpenSim/Region/OptionalModules/Scripting/Minimodule/SecurityCredential.cs +++ b/OpenSim/Region/OptionalModules/Scripting/Minimodule/SecurityCredential.cs @@ -1,12 +1,15 @@ using System; using System.Collections.Generic; using System.Text; +using OpenMetaverse; +using OpenSim.Region.Framework.Scenes; namespace OpenSim.Region.OptionalModules.Scripting.Minimodule { class SecurityCredential : ISecurityCredential { private readonly ISocialEntity m_owner; + private readonly Scene m_scene; public SecurityCredential(ISocialEntity m_owner) { @@ -17,5 +20,15 @@ namespace OpenSim.Region.OptionalModules.Scripting.Minimodule { get { return m_owner; } } + + public bool CanEditObject(IObject target) + { + return m_scene.Permissions.CanEditObject(target.GlobalID, m_owner.GlobalID); + } + + public bool CanEditTerrain(int x, int y) + { + return m_scene.Permissions.CanTerraformLand(m_owner.GlobalID, new Vector3(x, y, 0)); + } } } -- cgit v1.1 From 8621dc405e2f0f1ea81baa52ec124d8b362a2abf Mon Sep 17 00:00:00 2001 From: Adam Frisby Date: Sun, 16 Aug 2009 21:23:39 +1000 Subject: * Fixes potential NulRef in MRM Security Checks. --- OpenSim/Region/OptionalModules/Scripting/Minimodule/MRMModule.cs | 2 +- .../OptionalModules/Scripting/Minimodule/SecurityCredential.cs | 5 +++-- 2 files changed, 4 insertions(+), 3 deletions(-) (limited to 'OpenSim/Region/OptionalModules/Scripting') diff --git a/OpenSim/Region/OptionalModules/Scripting/Minimodule/MRMModule.cs b/OpenSim/Region/OptionalModules/Scripting/Minimodule/MRMModule.cs index 0cc7930..6daae29 100644 --- a/OpenSim/Region/OptionalModules/Scripting/Minimodule/MRMModule.cs +++ b/OpenSim/Region/OptionalModules/Scripting/Minimodule/MRMModule.cs @@ -169,7 +169,7 @@ namespace OpenSim.Region.OptionalModules.Scripting.Minimodule // UUID should be changed to object owner. UUID owner = m_scene.RegionInfo.MasterAvatarAssignedUUID; SEUser securityUser = new SEUser(owner, "Name Unassigned"); - SecurityCredential creds = new SecurityCredential(securityUser); + SecurityCredential creds = new SecurityCredential(securityUser, m_scene); world = new World(m_scene, creds); host = new Host(new SOPObject(m_scene, localID, creds), m_scene, new ExtensionHandler(m_extensions), diff --git a/OpenSim/Region/OptionalModules/Scripting/Minimodule/SecurityCredential.cs b/OpenSim/Region/OptionalModules/Scripting/Minimodule/SecurityCredential.cs index 6e350b9..bc7f6cb 100644 --- a/OpenSim/Region/OptionalModules/Scripting/Minimodule/SecurityCredential.cs +++ b/OpenSim/Region/OptionalModules/Scripting/Minimodule/SecurityCredential.cs @@ -1,4 +1,4 @@ -/* +/* * Copyright (c) Contributors, http://opensimulator.org/ * See CONTRIBUTORS.TXT for a full list of copyright holders. * @@ -38,9 +38,10 @@ namespace OpenSim.Region.OptionalModules.Scripting.Minimodule private readonly ISocialEntity m_owner; private readonly Scene m_scene; - public SecurityCredential(ISocialEntity m_owner) + public SecurityCredential(ISocialEntity m_owner, Scene m_scene) { this.m_owner = m_owner; + this.m_scene = m_scene; } public ISocialEntity owner -- cgit v1.1 From adae13cd185b17b4644f2d939b1970aab309097a Mon Sep 17 00:00:00 2001 From: Adam Frisby Date: Sun, 16 Aug 2009 21:36:33 +1000 Subject: * [MRM] Added permission checks to MRM Events (ie, requires edit permission to bind to OnTouch) --- .../OptionalModules/Scripting/Minimodule/SOPObject.cs | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) (limited to 'OpenSim/Region/OptionalModules/Scripting') diff --git a/OpenSim/Region/OptionalModules/Scripting/Minimodule/SOPObject.cs b/OpenSim/Region/OptionalModules/Scripting/Minimodule/SOPObject.cs index 674c9e0..2e3ed3c 100644 --- a/OpenSim/Region/OptionalModules/Scripting/Minimodule/SOPObject.cs +++ b/OpenSim/Region/OptionalModules/Scripting/Minimodule/SOPObject.cs @@ -87,14 +87,17 @@ namespace OpenSim.Region.OptionalModules.Scripting.Minimodule { add { - if (!_OnTouchActive) + if (CanEdit()) { - GetSOP().Flags |= PrimFlags.Touch; - _OnTouchActive = true; - m_rootScene.EventManager.OnObjectGrab += EventManager_OnObjectGrab; + if (!_OnTouchActive) + { + GetSOP().Flags |= PrimFlags.Touch; + _OnTouchActive = true; + m_rootScene.EventManager.OnObjectGrab += EventManager_OnObjectGrab; + } + + _OnTouch += value; } - - _OnTouch += value; } remove { -- cgit v1.1 From b28e82654150edd0ef21fc8361c023a99186d658 Mon Sep 17 00:00:00 2001 From: Adam Frisby Date: Sun, 16 Aug 2009 21:41:57 +1000 Subject: * Implements ISecurityCredential on all uses of SOPObject.cs except Avatar Attachments. --- OpenSim/Region/OptionalModules/Scripting/Minimodule/SOPObject.cs | 2 +- OpenSim/Region/OptionalModules/Scripting/Minimodule/World.cs | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'OpenSim/Region/OptionalModules/Scripting') diff --git a/OpenSim/Region/OptionalModules/Scripting/Minimodule/SOPObject.cs b/OpenSim/Region/OptionalModules/Scripting/Minimodule/SOPObject.cs index 2e3ed3c..bdc7a15 100644 --- a/OpenSim/Region/OptionalModules/Scripting/Minimodule/SOPObject.cs +++ b/OpenSim/Region/OptionalModules/Scripting/Minimodule/SOPObject.cs @@ -181,7 +181,7 @@ namespace OpenSim.Region.OptionalModules.Scripting.Minimodule int i = 0; foreach (KeyValuePair pair in my.ParentGroup.Children) { - rets[i++] = new SOPObject(m_rootScene, pair.Value.LocalId); + rets[i++] = new SOPObject(m_rootScene, pair.Value.LocalId, m_security); } return rets; diff --git a/OpenSim/Region/OptionalModules/Scripting/Minimodule/World.cs b/OpenSim/Region/OptionalModules/Scripting/Minimodule/World.cs index a34684f..497ca39 100644 --- a/OpenSim/Region/OptionalModules/Scripting/Minimodule/World.cs +++ b/OpenSim/Region/OptionalModules/Scripting/Minimodule/World.cs @@ -146,7 +146,7 @@ namespace OpenSim.Region.OptionalModules.Scripting.Minimodule if (chat.Sender == null && chat.SenderObject != null) { ChatEventArgs e = new ChatEventArgs(); - e.Sender = new SOPObject(m_internalScene, ((SceneObjectPart) chat.SenderObject).LocalId); + e.Sender = new SOPObject(m_internalScene, ((SceneObjectPart) chat.SenderObject).LocalId, m_security); e.Text = chat.Message; _OnChat(this, e); -- cgit v1.1 From c2be3edd2d8cb2aabb5040d14167c2bed7c4635c Mon Sep 17 00:00:00 2001 From: Adam Frisby Date: Sun, 16 Aug 2009 21:49:53 +1000 Subject: * Refactor: Moves IAvatarAttachment into IAvatarAttachment.cs instead of IAvatar.cs --- .../Scripting/Minimodule/Interfaces/IAvatar.cs | 13 ------------- .../Scripting/Minimodule/Interfaces/IAvatarAttachment.cs | 15 +++++++++++++++ 2 files changed, 15 insertions(+), 13 deletions(-) create mode 100644 OpenSim/Region/OptionalModules/Scripting/Minimodule/Interfaces/IAvatarAttachment.cs (limited to 'OpenSim/Region/OptionalModules/Scripting') diff --git a/OpenSim/Region/OptionalModules/Scripting/Minimodule/Interfaces/IAvatar.cs b/OpenSim/Region/OptionalModules/Scripting/Minimodule/Interfaces/IAvatar.cs index 849e3ca..03c1e95 100644 --- a/OpenSim/Region/OptionalModules/Scripting/Minimodule/Interfaces/IAvatar.cs +++ b/OpenSim/Region/OptionalModules/Scripting/Minimodule/Interfaces/IAvatar.cs @@ -32,19 +32,6 @@ using OpenMetaverse; namespace OpenSim.Region.OptionalModules.Scripting.Minimodule { - public interface IAvatarAttachment - { - //// - /// Describes where on the avatar the attachment is located - /// - int Location { get ; } - - //// - /// Accessor to the rez'ed asset, representing the attachment - /// - IObject Asset { get; } - } - public interface IAvatar : IEntity { //// diff --git a/OpenSim/Region/OptionalModules/Scripting/Minimodule/Interfaces/IAvatarAttachment.cs b/OpenSim/Region/OptionalModules/Scripting/Minimodule/Interfaces/IAvatarAttachment.cs new file mode 100644 index 0000000..22b4605 --- /dev/null +++ b/OpenSim/Region/OptionalModules/Scripting/Minimodule/Interfaces/IAvatarAttachment.cs @@ -0,0 +1,15 @@ +namespace OpenSim.Region.OptionalModules.Scripting.Minimodule +{ + public interface IAvatarAttachment + { + //// + /// Describes where on the avatar the attachment is located + /// + int Location { get ; } + + //// + /// Accessor to the rez'ed asset, representing the attachment + /// + IObject Asset { get; } + } +} \ No newline at end of file -- cgit v1.1 From cbd454d69231598daf6748070fb5f0baace61c59 Mon Sep 17 00:00:00 2001 From: Adam Frisby Date: Sun, 16 Aug 2009 22:01:18 +1000 Subject: * Implements ISecurityCredential member on SPAvatar, SPAvatarAttachment * Disables 'event not used' warning for IRCClientView; cuts OpenSim total warnings back. --- OpenSim/Region/OptionalModules/Scripting/Minimodule/SOPObject.cs | 2 +- OpenSim/Region/OptionalModules/Scripting/Minimodule/SPAvatar.cs | 8 ++++++-- .../OptionalModules/Scripting/Minimodule/SPAvatarAttachment.cs | 7 +++++-- OpenSim/Region/OptionalModules/Scripting/Minimodule/World.cs | 6 +++--- 4 files changed, 15 insertions(+), 8 deletions(-) (limited to 'OpenSim/Region/OptionalModules/Scripting') diff --git a/OpenSim/Region/OptionalModules/Scripting/Minimodule/SOPObject.cs b/OpenSim/Region/OptionalModules/Scripting/Minimodule/SOPObject.cs index bdc7a15..35b0a0f 100644 --- a/OpenSim/Region/OptionalModules/Scripting/Minimodule/SOPObject.cs +++ b/OpenSim/Region/OptionalModules/Scripting/Minimodule/SOPObject.cs @@ -117,7 +117,7 @@ namespace OpenSim.Region.OptionalModules.Scripting.Minimodule if (_OnTouchActive && m_localID == localID) { TouchEventArgs e = new TouchEventArgs(); - e.Avatar = new SPAvatar(m_rootScene, remoteClient.AgentId); + e.Avatar = new SPAvatar(m_rootScene, remoteClient.AgentId, m_security); e.TouchBiNormal = surfaceArgs.Binormal; e.TouchMaterialIndex = surfaceArgs.FaceIndex; e.TouchNormal = surfaceArgs.Normal; diff --git a/OpenSim/Region/OptionalModules/Scripting/Minimodule/SPAvatar.cs b/OpenSim/Region/OptionalModules/Scripting/Minimodule/SPAvatar.cs index ce2d339..4600836 100644 --- a/OpenSim/Region/OptionalModules/Scripting/Minimodule/SPAvatar.cs +++ b/OpenSim/Region/OptionalModules/Scripting/Minimodule/SPAvatar.cs @@ -42,11 +42,13 @@ namespace OpenSim.Region.OptionalModules.Scripting.Minimodule { private readonly Scene m_rootScene; private readonly UUID m_ID; + private readonly ISecurityCredential m_security; //private static readonly ILog m_log = LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType); - public SPAvatar(Scene scene, UUID ID) + public SPAvatar(Scene scene, UUID ID, ISecurityCredential security) { m_rootScene = scene; + m_security = security; m_ID = ID; } @@ -84,7 +86,9 @@ namespace OpenSim.Region.OptionalModules.Scripting.Minimodule foreach (DictionaryEntry element in internalAttachments) { Hashtable attachInfo = (Hashtable)element.Value; - attachments.Add(new SPAvatarAttachment(m_rootScene, this, (int)element.Key, new UUID((string)attachInfo["item"]), new UUID((string)attachInfo["asset"]))); + attachments.Add(new SPAvatarAttachment(m_rootScene, this, (int) element.Key, + new UUID((string) attachInfo["item"]), + new UUID((string) attachInfo["asset"]), m_security)); } } diff --git a/OpenSim/Region/OptionalModules/Scripting/Minimodule/SPAvatarAttachment.cs b/OpenSim/Region/OptionalModules/Scripting/Minimodule/SPAvatarAttachment.cs index 9b684fe..570459a 100644 --- a/OpenSim/Region/OptionalModules/Scripting/Minimodule/SPAvatarAttachment.cs +++ b/OpenSim/Region/OptionalModules/Scripting/Minimodule/SPAvatarAttachment.cs @@ -39,10 +39,13 @@ namespace OpenSim.Region.OptionalModules.Scripting.Minimodule private readonly int m_location; //private readonly UUID m_itemId; private readonly UUID m_assetId; + + private readonly ISecurityCredential m_security; - public SPAvatarAttachment(Scene rootScene, IAvatar self, int location, UUID itemId, UUID assetId) + public SPAvatarAttachment(Scene rootScene, IAvatar self, int location, UUID itemId, UUID assetId, ISecurityCredential security) { m_rootScene = rootScene; + m_security = security; //m_parent = self; m_location = location; //m_itemId = itemId; @@ -55,7 +58,7 @@ namespace OpenSim.Region.OptionalModules.Scripting.Minimodule { get { - return new SOPObject(m_rootScene, m_rootScene.GetSceneObjectPart(m_assetId).LocalId); + return new SOPObject(m_rootScene, m_rootScene.GetSceneObjectPart(m_assetId).LocalId, m_security); } } } diff --git a/OpenSim/Region/OptionalModules/Scripting/Minimodule/World.cs b/OpenSim/Region/OptionalModules/Scripting/Minimodule/World.cs index 497ca39..da5ea0d 100644 --- a/OpenSim/Region/OptionalModules/Scripting/Minimodule/World.cs +++ b/OpenSim/Region/OptionalModules/Scripting/Minimodule/World.cs @@ -86,7 +86,7 @@ namespace OpenSim.Region.OptionalModules.Scripting.Minimodule if (_OnNewUser != null) { NewUserEventArgs e = new NewUserEventArgs(); - e.Avatar = new SPAvatar(m_internalScene, presence.UUID); + e.Avatar = new SPAvatar(m_internalScene, presence.UUID, m_security); _OnNewUser(this, e); } } @@ -156,7 +156,7 @@ namespace OpenSim.Region.OptionalModules.Scripting.Minimodule if (chat.Sender != null && chat.SenderObject == null) { ChatEventArgs e = new ChatEventArgs(); - e.Sender = new SPAvatar(m_internalScene, chat.SenderUUID); + e.Sender = new SPAvatar(m_internalScene, chat.SenderUUID, m_security); e.Text = chat.Message; _OnChat(this, e); @@ -209,7 +209,7 @@ namespace OpenSim.Region.OptionalModules.Scripting.Minimodule for (int i = 0; i < ents.Count; i++) { EntityBase ent = ents[i]; - rets[i] = new SPAvatar(m_internalScene, ent.UUID); + rets[i] = new SPAvatar(m_internalScene, ent.UUID, m_security); } return rets; -- cgit v1.1 From fa921ec147cae620f3126c01b1db94a8f6e90c7e Mon Sep 17 00:00:00 2001 From: Adam Frisby Date: Mon, 17 Aug 2009 02:25:00 +1000 Subject: * Implements AppDomain Security for MRM Scripts. * Added permissionLevel attribute to [MRM] section in OpenSim.ini. Default is 'Internet', however may be any of the following (case sensitive), FullTrust, SkipVerification, Execution, Nothing, LocalIntranet, Internet, Everything. For previous functionality, set to FullTrust or Execution. --- .../Scripting/Minimodule/MRMModule.cs | 103 ++++++++++++++++++++- 1 file changed, 101 insertions(+), 2 deletions(-) (limited to 'OpenSim/Region/OptionalModules/Scripting') diff --git a/OpenSim/Region/OptionalModules/Scripting/Minimodule/MRMModule.cs b/OpenSim/Region/OptionalModules/Scripting/Minimodule/MRMModule.cs index 6daae29..9042e0d 100644 --- a/OpenSim/Region/OptionalModules/Scripting/Minimodule/MRMModule.cs +++ b/OpenSim/Region/OptionalModules/Scripting/Minimodule/MRMModule.cs @@ -27,9 +27,14 @@ using System; using System.CodeDom.Compiler; +using System.Collections; using System.Collections.Generic; +using System.Diagnostics; using System.IO; using System.Reflection; +using System.Security; +using System.Security.Permissions; +using System.Security.Policy; using System.Text; using log4net; using Microsoft.CSharp; @@ -54,6 +59,9 @@ namespace OpenSim.Region.OptionalModules.Scripting.Minimodule private readonly MicroScheduler m_microthreads = new MicroScheduler(); + + private IConfig m_config; + public void RegisterExtension(T instance) { m_extensions[typeof (T)] = instance; @@ -63,6 +71,8 @@ namespace OpenSim.Region.OptionalModules.Scripting.Minimodule { if (source.Configs["MRM"] != null) { + m_config = source.Configs["MRM"]; + if (source.Configs["MRM"].GetBoolean("Enabled", false)) { m_log.Info("[MRM] Enabling MRM Module"); @@ -112,6 +122,91 @@ namespace OpenSim.Region.OptionalModules.Scripting.Minimodule return script; } + /// + /// Create an AppDomain that contains policy restricting code to execute + /// with only the permissions granted by a named permission set + /// + /// name of the permission set to restrict to + /// 'friendly' name of the appdomain to be created + /// + /// if is null + /// + /// + /// if is empty + /// + /// AppDomain with a restricted security policy + /// Substantial portions of this function from: http://blogs.msdn.com/shawnfa/archive/2004/10/25/247379.aspx + /// Valid permissionSetName values are: + /// * FullTrust + /// * SkipVerification + /// * Execution + /// * Nothing + /// * LocalIntranet + /// * Internet + /// * Everything + /// + public static AppDomain CreateRestrictedDomain(string permissionSetName, string appDomainName) + { + if (permissionSetName == null) + throw new ArgumentNullException("permissionSetName"); + if (permissionSetName.Length == 0) + throw new ArgumentOutOfRangeException("permissionSetName", permissionSetName, + "Cannot have an empty permission set name"); + + // Default to all code getting nothing + PolicyStatement emptyPolicy = new PolicyStatement(new PermissionSet(PermissionState.None)); + UnionCodeGroup policyRoot = new UnionCodeGroup(new AllMembershipCondition(), emptyPolicy); + + bool foundName = false; + PermissionSet setIntersection = new PermissionSet(PermissionState.Unrestricted); + + // iterate over each policy level + IEnumerator levelEnumerator = SecurityManager.PolicyHierarchy(); + while (levelEnumerator.MoveNext()) + { + PolicyLevel level = levelEnumerator.Current as PolicyLevel; + + // if this level has defined a named permission set with the + // given name, then intersect it with what we've retrieved + // from all the previous levels + if (level != null) + { + PermissionSet levelSet = level.GetNamedPermissionSet(permissionSetName); + if (levelSet != null) + { + foundName = true; + if (setIntersection != null) + setIntersection = setIntersection.Intersect(levelSet); + } + } + } + + // Intersect() can return null for an empty set, so convert that + // to an empty set object. Also return an empty set if we didn't find + // the named permission set we were looking for + if (setIntersection == null || !foundName) + setIntersection = new PermissionSet(PermissionState.None); + else + setIntersection = new NamedPermissionSet(permissionSetName, setIntersection); + + // if no named permission sets were found, return an empty set, + // otherwise return the set that was found + PolicyStatement permissions = new PolicyStatement(setIntersection); + policyRoot.AddChild(new UnionCodeGroup(new AllMembershipCondition(), permissions)); + + // create an AppDomain policy level for the policy tree + PolicyLevel appDomainLevel = PolicyLevel.CreateAppDomainLevel(); + appDomainLevel.RootCodeGroup = policyRoot; + + // create an AppDomain where this policy will be in effect + string domainName = appDomainName; + AppDomain restrictedDomain = AppDomain.CreateDomain(domainName); + restrictedDomain.SetAppDomainPolicy(appDomainLevel); + + return restrictedDomain; + } + + void EventManager_OnRezScript(uint localID, UUID itemID, string script, int startParam, bool postOnRez, string engine, int stateSource) { if (script.StartsWith("//MRM:C#")) @@ -125,9 +220,13 @@ namespace OpenSim.Region.OptionalModules.Scripting.Minimodule try { - m_log.Info("[MRM] Found C# MRM"); + m_log.Info("[MRM] Found C# MRM - Starting in AppDomain with " + m_config.GetString("permissionLevel", "Internet") + "-level security."); + + string domainName = UUID.Random().ToString(); + AppDomain target = CreateRestrictedDomain(m_config.GetString("permissionLevel", "Internet"), + domainName); - MRMBase mmb = (MRMBase)AppDomain.CurrentDomain.CreateInstanceFromAndUnwrap( + MRMBase mmb = (MRMBase) target.CreateInstanceFromAndUnwrap( CompileFromDotNetText(script, itemID.ToString()), "OpenSim.MiniModule"); -- cgit v1.1 From 58d2775ff29c1a4faa26302515c7a6cbd8bdb764 Mon Sep 17 00:00:00 2001 From: Jeff Ames Date: Mon, 17 Aug 2009 02:05:12 +0900 Subject: Add copyright header. Formatting cleanup. --- .../Minimodule/Interfaces/IAvatarAttachment.cs | 27 ++++++++++++++++++++++ .../Scripting/Minimodule/SOPObject.cs | 4 ++-- 2 files changed, 29 insertions(+), 2 deletions(-) (limited to 'OpenSim/Region/OptionalModules/Scripting') diff --git a/OpenSim/Region/OptionalModules/Scripting/Minimodule/Interfaces/IAvatarAttachment.cs b/OpenSim/Region/OptionalModules/Scripting/Minimodule/Interfaces/IAvatarAttachment.cs index 22b4605..1993948 100644 --- a/OpenSim/Region/OptionalModules/Scripting/Minimodule/Interfaces/IAvatarAttachment.cs +++ b/OpenSim/Region/OptionalModules/Scripting/Minimodule/Interfaces/IAvatarAttachment.cs @@ -1,3 +1,30 @@ +/* + * Copyright (c) Contributors, http://opensimulator.org/ + * See CONTRIBUTORS.TXT for a full list of copyright holders. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * * Neither the name of the OpenSimulator Project nor the + * names of its contributors may be used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY + * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY + * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND + * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + namespace OpenSim.Region.OptionalModules.Scripting.Minimodule { public interface IAvatarAttachment diff --git a/OpenSim/Region/OptionalModules/Scripting/Minimodule/SOPObject.cs b/OpenSim/Region/OptionalModules/Scripting/Minimodule/SOPObject.cs index 35b0a0f..292e345 100644 --- a/OpenSim/Region/OptionalModules/Scripting/Minimodule/SOPObject.cs +++ b/OpenSim/Region/OptionalModules/Scripting/Minimodule/SOPObject.cs @@ -71,7 +71,7 @@ namespace OpenSim.Region.OptionalModules.Scripting.Minimodule private bool CanEdit() { - if(!m_security.CanEditObject(this)) + if (!m_security.CanEditObject(this)) { throw new SecurityException("Insufficient Permission to edit object with UUID [" + GetSOP().UUID + "]"); } @@ -672,7 +672,7 @@ namespace OpenSim.Region.OptionalModules.Scripting.Minimodule get { return m_sculptType; } set { - if(!CanEdit()) + if (!CanEdit()) return; m_sculptType = value; -- cgit v1.1 From 8c101d24dfc48ae20ddf963e51b07b43019930ea Mon Sep 17 00:00:00 2001 From: Adam Frisby Date: Tue, 18 Aug 2009 00:23:02 +1000 Subject: * Implementing a bunch of Unimplemented MRM stubs. --- .../Scripting/Minimodule/SOPObjectMaterial.cs | 29 +++++++++++++++++++--- .../Scripting/Minimodule/SPAvatar.cs | 8 ++---- 2 files changed, 27 insertions(+), 10 deletions(-) (limited to 'OpenSim/Region/OptionalModules/Scripting') diff --git a/OpenSim/Region/OptionalModules/Scripting/Minimodule/SOPObjectMaterial.cs b/OpenSim/Region/OptionalModules/Scripting/Minimodule/SOPObjectMaterial.cs index 68f2f52..0cba6af 100644 --- a/OpenSim/Region/OptionalModules/Scripting/Minimodule/SOPObjectMaterial.cs +++ b/OpenSim/Region/OptionalModules/Scripting/Minimodule/SOPObjectMaterial.cs @@ -91,24 +91,45 @@ namespace OpenSim.Region.OptionalModules.Scripting.Minimodule public bool Bright { get { return GetTexface().Fullbright; } - set { throw new System.NotImplementedException(); } + set + { + Primitive.TextureEntry tex = m_parent.Shape.Textures; + Primitive.TextureEntryFace texface = tex.CreateFace((uint)m_face); + texface.Fullbright = value; + tex.FaceTextures[m_face] = texface; + m_parent.UpdateTexture(tex); + } } public double Bloom { get { return GetTexface().Glow; } - set { throw new System.NotImplementedException(); } + set + { + Primitive.TextureEntry tex = m_parent.Shape.Textures; + Primitive.TextureEntryFace texface = tex.CreateFace((uint)m_face); + texface.Glow = (float) value; + tex.FaceTextures[m_face] = texface; + m_parent.UpdateTexture(tex); + } } public bool Shiny { get { return GetTexface().Shiny != Shininess.None; } - set { throw new System.NotImplementedException(); } + set + { + Primitive.TextureEntry tex = m_parent.Shape.Textures; + Primitive.TextureEntryFace texface = tex.CreateFace((uint)m_face); + texface.Shiny = value ? Shininess.High : Shininess.None; + tex.FaceTextures[m_face] = texface; + m_parent.UpdateTexture(tex); + } } public bool BumpMap { - get { throw new System.NotImplementedException(); } + get { return GetTexface().Bump == Bumpiness.None; } set { throw new System.NotImplementedException(); } } } diff --git a/OpenSim/Region/OptionalModules/Scripting/Minimodule/SPAvatar.cs b/OpenSim/Region/OptionalModules/Scripting/Minimodule/SPAvatar.cs index 4600836..4427426 100644 --- a/OpenSim/Region/OptionalModules/Scripting/Minimodule/SPAvatar.cs +++ b/OpenSim/Region/OptionalModules/Scripting/Minimodule/SPAvatar.cs @@ -25,17 +25,13 @@ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -using System; -using System.Reflection; using System.Collections; using System.Collections.Generic; - +using System.Security; using OpenMetaverse; using OpenSim.Region.Framework.Scenes; using OpenSim.Region.Framework.Interfaces; -using log4net; - namespace OpenSim.Region.OptionalModules.Scripting.Minimodule { class SPAvatar : System.MarshalByRefObject, IAvatar @@ -60,7 +56,7 @@ namespace OpenSim.Region.OptionalModules.Scripting.Minimodule public string Name { get { return GetSP().Name; } - set { throw new InvalidOperationException("Avatar Names are a read-only property."); } + set { throw new SecurityException("Avatar Names are a read-only property."); } } public UUID GlobalID -- cgit v1.1 From 30c4aa55e6f18d153f164529a3435e44754c5352 Mon Sep 17 00:00:00 2001 From: Adam Frisby Date: Tue, 18 Aug 2009 00:58:42 +1000 Subject: Added additional configuration options for MRM Security. See OpenSim.ini.example under the [MRM] section. --- .../Scripting/Minimodule/MRMModule.cs | 30 ++++++++++++++++------ 1 file changed, 22 insertions(+), 8 deletions(-) (limited to 'OpenSim/Region/OptionalModules/Scripting') diff --git a/OpenSim/Region/OptionalModules/Scripting/Minimodule/MRMModule.cs b/OpenSim/Region/OptionalModules/Scripting/Minimodule/MRMModule.cs index 9042e0d..bf523dd 100644 --- a/OpenSim/Region/OptionalModules/Scripting/Minimodule/MRMModule.cs +++ b/OpenSim/Region/OptionalModules/Scripting/Minimodule/MRMModule.cs @@ -211,25 +211,39 @@ namespace OpenSim.Region.OptionalModules.Scripting.Minimodule { if (script.StartsWith("//MRM:C#")) { - if (m_scene.GetSceneObjectPart(localID).OwnerID != m_scene.RegionInfo.MasterAvatarAssignedUUID - || - m_scene.GetSceneObjectPart(localID).CreatorID != m_scene.RegionInfo.MasterAvatarAssignedUUID) - return; + if (m_config.GetBoolean("OwnerOnly", true)) + if (m_scene.GetSceneObjectPart(localID).OwnerID != m_scene.RegionInfo.MasterAvatarAssignedUUID + || m_scene.GetSceneObjectPart(localID).CreatorID != m_scene.RegionInfo.MasterAvatarAssignedUUID) + return; script = ConvertMRMKeywords(script); try { - m_log.Info("[MRM] Found C# MRM - Starting in AppDomain with " + m_config.GetString("permissionLevel", "Internet") + "-level security."); + AppDomain target; + if (m_config.GetBoolean("Sandboxed", true)) + { + m_log.Info("[MRM] Found C# MRM - Starting in AppDomain with " + + m_config.GetString("SandboxLevel", "Internet") + "-level security."); - string domainName = UUID.Random().ToString(); - AppDomain target = CreateRestrictedDomain(m_config.GetString("permissionLevel", "Internet"), - domainName); + string domainName = UUID.Random().ToString(); + target = CreateRestrictedDomain(m_config.GetString("SandboxLevel", "Internet"), + domainName); + } + else + { + m_log.Info("[MRM] Found C# MRM - Starting in current AppDomain"); + m_log.Warn( + "[MRM] Security Risk: AppDomain is run in current context. Use only in trusted environments."); + target = AppDomain.CurrentDomain; + } + m_log.Info("[MRM] Unwrapping into target AppDomain"); MRMBase mmb = (MRMBase) target.CreateInstanceFromAndUnwrap( CompileFromDotNetText(script, itemID.ToString()), "OpenSim.MiniModule"); + m_log.Info("[MRM] Initialising MRM Globals"); InitializeMRM(mmb, localID, itemID); m_scripts[itemID] = mmb; -- cgit v1.1