From 3089b6d824f1d4eb25ba12c5fd037153fdc92e1e Mon Sep 17 00:00:00 2001 From: Diva Canto Date: Thu, 20 Sep 2012 15:49:22 -0700 Subject: More HG2.0: Added permission policies in HGAsset Service based on asset types. The policies are given in the config. This is only half of the story. The other half, pertaining to exports/imports made by the sim, will be done next. --- .../Services/HypergridService/HGAssetService.cs | 79 +++++++++++++++++++++- 1 file changed, 76 insertions(+), 3 deletions(-) (limited to 'OpenSim/Services/HypergridService') diff --git a/OpenSim/Services/HypergridService/HGAssetService.cs b/OpenSim/Services/HypergridService/HGAssetService.cs index db98166..d6541c4 100644 --- a/OpenSim/Services/HypergridService/HGAssetService.cs +++ b/OpenSim/Services/HypergridService/HGAssetService.cs @@ -58,6 +58,9 @@ namespace OpenSim.Services.HypergridService private UserAccountCache m_Cache; + private bool[] m_DisallowGET, m_DisallowPOST; + private string[] m_AssetTypeNames; + public HGAssetService(IConfigSource config, string configName) : base(config, configName) { m_log.Debug("[HGAsset Service]: Starting"); @@ -80,6 +83,34 @@ namespace OpenSim.Services.HypergridService m_HomeURL = assetConfig.GetString("HomeURI", m_HomeURL); m_Cache = UserAccountCache.CreateUserAccountCache(m_UserAccountService); + + // Permissions + Type enumType = typeof(AssetType); + m_AssetTypeNames = Enum.GetNames(enumType); + for (int i = 0; i < m_AssetTypeNames.Length; i++) + m_AssetTypeNames[i] = m_AssetTypeNames[i].ToLower(); + int n = Enum.GetValues(enumType).Length; + m_DisallowGET = new bool[n]; + m_DisallowPOST = new bool[n]; + + LoadPermsFromConfig(assetConfig, "DisallowGET", m_DisallowGET); + LoadPermsFromConfig(assetConfig, "DisallowPOST", m_DisallowPOST); + + } + + private void LoadPermsFromConfig(IConfig assetConfig, string variable, bool[] bitArray) + { + string perms = assetConfig.GetString(variable, String.Empty); + string[] parts = perms.Split(new char[] {','}, StringSplitOptions.RemoveEmptyEntries); + foreach (string s in parts) + { + int index = Array.IndexOf(m_AssetTypeNames, s.Trim().ToLower()); + if (index >= 0) + bitArray[index] = true; + else + m_log.WarnFormat("[HGAsset Service]: Invalid AssetType {0}", s); + } + } #region IAssetService overrides @@ -90,6 +121,9 @@ namespace OpenSim.Services.HypergridService if (asset == null) return null; + if (!AllowedGet(asset.Type)) + return null; + if (asset.Metadata.Type == (sbyte)AssetType.Object) asset.Data = AdjustIdentifiers(asset.Data); ; @@ -112,16 +146,27 @@ namespace OpenSim.Services.HypergridService public override byte[] GetData(string id) { - byte[] data = base.GetData(id); + AssetBase asset = Get(id); - if (data == null) + if (asset == null) return null; - return AdjustIdentifiers(data); + if (!AllowedGet(asset.Type)) + return null; + + return asset.Data; } //public virtual bool Get(string id, Object sender, AssetRetrieved handler) + public override string Store(AssetBase asset) + { + if (!AllowedPost(asset.Type)) + return UUID.Zero.ToString(); + + return base.Store(asset); + } + public override bool Delete(string id) { // NOGO @@ -130,6 +175,34 @@ namespace OpenSim.Services.HypergridService #endregion + protected bool AllowedGet(sbyte type) + { + string assetTypeName = ((AssetType)type).ToString(); + + int index = Array.IndexOf(m_AssetTypeNames, assetTypeName.ToLower()); + if (index >= 0 && m_DisallowGET[index]) + { + m_log.DebugFormat("[HGAsset Service]: GET denied: service does not allow export of AssetType {0}", assetTypeName); + return false; + } + + return true; + } + + protected bool AllowedPost(sbyte type) + { + string assetTypeName = ((AssetType)type).ToString(); + + int index = Array.IndexOf(m_AssetTypeNames, assetTypeName.ToLower()); + if (index >= 0 && m_DisallowPOST[index]) + { + m_log.DebugFormat("[HGAsset Service]: POST denied: service does not allow import of AssetType {0}", assetTypeName); + return false; + } + + return true; + } + protected void AdjustIdentifiers(AssetMetadata meta) { if (meta == null || m_Cache == null) -- cgit v1.1