From 9f932a42057b4a9cd4517c90007a7c31c98277c6 Mon Sep 17 00:00:00 2001 From: Melanie Thielker Date: Fri, 5 Jun 2009 09:47:42 +0000 Subject: Thank you, thomax, for a patch to provide finer-grained access control to scripting. Fixes Mantis #2862 --- .../World/Permissions/PermissionsModule.cs | 69 ++++++++++++++++++++++ .../Region/Framework/Scenes/Scene.Permissions.cs | 20 +++++++ .../ScriptEngine/DotNetEngine/ScriptManager.cs | 2 +- .../Region/ScriptEngine/Interfaces/ICompiler.cs | 3 +- .../ScriptEngine/Shared/CodeTools/Compiler.cs | 10 +++- OpenSim/Region/ScriptEngine/XEngine/XEngine.cs | 2 +- 6 files changed, 102 insertions(+), 4 deletions(-) (limited to 'OpenSim/Region') diff --git a/OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs b/OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs index 6b46176..9298380 100644 --- a/OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs +++ b/OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs @@ -87,6 +87,11 @@ namespace OpenSim.Region.CoreModules.World.Permissions /// permissions are not being bypassed. This overrides normal permissions.- /// private UserSet m_allowedScriptEditors = UserSet.All; + + private Dictionary GrantLSL = new Dictionary(); + private Dictionary GrantCS = new Dictionary(); + private Dictionary GrantVB = new Dictionary(); + private Dictionary GrantJS = new Dictionary(); #endregion @@ -143,6 +148,7 @@ namespace OpenSim.Region.CoreModules.World.Permissions m_scene.Permissions.OnRezObject += CanRezObject; //MAYBE FULLY IMPLEMENTED m_scene.Permissions.OnRunConsoleCommand += CanRunConsoleCommand; m_scene.Permissions.OnRunScript += CanRunScript; //NOT YET IMPLEMENTED + m_scene.Permissions.OnCompileScript += CanCompileScript; m_scene.Permissions.OnSellParcel += CanSellParcel; m_scene.Permissions.OnTakeObject += CanTakeObject; m_scene.Permissions.OnTakeCopyObject += CanTakeCopyObject; @@ -184,6 +190,40 @@ namespace OpenSim.Region.CoreModules.World.Permissions "debug permissions ", "Enable permissions debugging", HandleDebugPermissions); + + + string grant = myConfig.GetString("GrantLSL",""); + if(grant.Length > 0) { + foreach (string uuidl in grant.Split(',')) { + string uuid = uuidl.Trim(" \t".ToCharArray()); + GrantLSL.Add(uuid, true); + } + } + + grant = myConfig.GetString("GrantCS",""); + if(grant.Length > 0) { + foreach (string uuidl in grant.Split(',')) { + string uuid = uuidl.Trim(" \t".ToCharArray()); + GrantCS.Add(uuid, true); + } + } + + grant = myConfig.GetString("GrantVB",""); + if(grant.Length > 0) { + foreach (string uuidl in grant.Split(',')) { + string uuid = uuidl.Trim(" \t".ToCharArray()); + GrantVB.Add(uuid, true); + } + } + + grant = myConfig.GetString("GrantJS",""); + if(grant.Length > 0) { + foreach (string uuidl in grant.Split(',')) { + string uuid = uuidl.Trim(" \t".ToCharArray()); + GrantJS.Add(uuid, true); + } + } + } public void HandleBypassPermissions(string module, string[] args) @@ -1584,5 +1624,34 @@ namespace OpenSim.Region.CoreModules.World.Permissions return GenericParcelPermission(client.AgentId, parcel); } + + private bool CanCompileScript(UUID ownerUUID, int scriptType, Scene scene) { + //m_log.DebugFormat("check if {0} is allowed to compile {1}", ownerUUID, scriptType); + switch(scriptType) { + case 0: + if(GrantLSL.Count == 0 || GrantLSL.ContainsKey(ownerUUID.ToString())) { + return(true); + } + break; + case 1: + if(GrantCS.Count == 0 || GrantCS.ContainsKey(ownerUUID.ToString())) { + return(true); + } + break; + case 2: + if(GrantVB.Count == 0 || GrantVB.ContainsKey(ownerUUID.ToString())) { + return(true); + } + break; + case 3: + if(GrantJS.Count == 0 || GrantJS.ContainsKey(ownerUUID.ToString())) { + return(true); + } + break; + } + return(false); + } + + } } diff --git a/OpenSim/Region/Framework/Scenes/Scene.Permissions.cs b/OpenSim/Region/Framework/Scenes/Scene.Permissions.cs index ab5f264..d0da618 100644 --- a/OpenSim/Region/Framework/Scenes/Scene.Permissions.cs +++ b/OpenSim/Region/Framework/Scenes/Scene.Permissions.cs @@ -56,6 +56,7 @@ namespace OpenSim.Region.Framework.Scenes public delegate bool EditScriptHandler(UUID script, UUID objectID, UUID user, Scene scene); public delegate bool EditNotecardHandler(UUID notecard, UUID objectID, UUID user, Scene scene); public delegate bool RunScriptHandler(UUID script, UUID objectID, UUID user, Scene scene); + public delegate bool CompileScriptHandler(UUID ownerUUID, int scriptType, Scene scene); public delegate bool StartScriptHandler(UUID script, UUID user, Scene scene); public delegate bool StopScriptHandler(UUID script, UUID user, Scene scene); public delegate bool ResetScriptHandler(UUID prim, UUID script, UUID user, Scene scene); @@ -113,6 +114,7 @@ namespace OpenSim.Region.Framework.Scenes public event EditScriptHandler OnEditScript; public event EditNotecardHandler OnEditNotecard; public event RunScriptHandler OnRunScript; + public event CompileScriptHandler OnCompileScript; public event StartScriptHandler OnStartScript; public event StopScriptHandler OnStopScript; public event ResetScriptHandler OnResetScript; @@ -510,6 +512,24 @@ namespace OpenSim.Region.Framework.Scenes #endregion + #region COMPILE SCRIPT (When Script needs to get (re)compiled) + public bool CanCompileScript(UUID ownerUUID, int scriptType) + { + CompileScriptHandler handler = OnCompileScript; + if (handler != null) + { + Delegate[] list = handler.GetInvocationList(); + foreach (CompileScriptHandler h in list) + { + if (h(ownerUUID, scriptType, m_scene) == false) + return false; + } + } + return true; + } + + #endregion + #region START SCRIPT (When Script run box is Checked after placed in object) public bool CanStartScript(UUID script, UUID user) { diff --git a/OpenSim/Region/ScriptEngine/DotNetEngine/ScriptManager.cs b/OpenSim/Region/ScriptEngine/DotNetEngine/ScriptManager.cs index 9897267..15d6c2c 100644 --- a/OpenSim/Region/ScriptEngine/DotNetEngine/ScriptManager.cs +++ b/OpenSim/Region/ScriptEngine/DotNetEngine/ScriptManager.cs @@ -153,7 +153,7 @@ namespace OpenSim.Region.ScriptEngine.DotNetEngine // Compile (We assume LSL) CompiledScriptFile = LSLCompiler.PerformScriptCompile(Script, - assetID.ToString()); + assetID.ToString(), taskInventoryItem.OwnerID); if (presence != null && (!postOnRez)) presence.ControllingClient.SendAgentAlertMessage( diff --git a/OpenSim/Region/ScriptEngine/Interfaces/ICompiler.cs b/OpenSim/Region/ScriptEngine/Interfaces/ICompiler.cs index 1bba878..2fd819d 100644 --- a/OpenSim/Region/ScriptEngine/Interfaces/ICompiler.cs +++ b/OpenSim/Region/ScriptEngine/Interfaces/ICompiler.cs @@ -27,13 +27,14 @@ using System; using System.Collections.Generic; +using OpenMetaverse; using Nini.Config; namespace OpenSim.Region.ScriptEngine.Interfaces { public interface ICompiler { - string PerformScriptCompile(string source, string asset); + string PerformScriptCompile(string source, string asset, UUID ownerID); string[] GetWarnings(); Dictionary, KeyValuePair> LineMap(); diff --git a/OpenSim/Region/ScriptEngine/Shared/CodeTools/Compiler.cs b/OpenSim/Region/ScriptEngine/Shared/CodeTools/Compiler.cs index fcb3339..911da5b 100644 --- a/OpenSim/Region/ScriptEngine/Shared/CodeTools/Compiler.cs +++ b/OpenSim/Region/ScriptEngine/Shared/CodeTools/Compiler.cs @@ -37,6 +37,7 @@ using Microsoft.VisualBasic; using log4net; using OpenSim.Region.Framework.Interfaces; using OpenSim.Region.ScriptEngine.Interfaces; +using OpenMetaverse; namespace OpenSim.Region.ScriptEngine.Shared.CodeTools { @@ -263,7 +264,7 @@ namespace OpenSim.Region.ScriptEngine.Shared.CodeTools /// /// LSL script /// Filename to .dll assembly - public string PerformScriptCompile(string Script, string asset) + public string PerformScriptCompile(string Script, string asset, UUID ownerUUID) { m_positionMap = null; m_warnings.Clear(); @@ -341,6 +342,13 @@ namespace OpenSim.Region.ScriptEngine.Shared.CodeTools throw new Exception(errtext); } + if(m_scriptEngine.World.Permissions.CanCompileScript(ownerUUID, (int)l) == false) { + // Not allowed to compile to this language! + string errtext = String.Empty; + errtext += ownerUUID + " is not in list of allowed users for this scripting language. Script will not be executed!"; + throw new Exception(errtext); + } + string compileScript = Script; if (l == enumCompileType.lsl) diff --git a/OpenSim/Region/ScriptEngine/XEngine/XEngine.cs b/OpenSim/Region/ScriptEngine/XEngine/XEngine.cs index cfabda1..34f8145 100644 --- a/OpenSim/Region/ScriptEngine/XEngine/XEngine.cs +++ b/OpenSim/Region/ScriptEngine/XEngine/XEngine.cs @@ -579,7 +579,7 @@ namespace OpenSim.Region.ScriptEngine.XEngine lock (m_AddingAssemblies) { assembly = m_Compiler.PerformScriptCompile(script, - assetID.ToString()); + assetID.ToString(), item.OwnerID); if (!m_AddingAssemblies.ContainsKey(assembly)) { m_AddingAssemblies[assembly] = 1; } else { -- cgit v1.1