Add more granularity and a risk asessment system to the OSSL API in XEngine.

Adds the fix from Mantis #2197 in it's new form.
Stage one of the scripting security changes, more to come.
0.6.0-stable
Melanie Thielker 2008-09-15 15:25:48 +00:00
parent 4d88246a3f
commit 2eac6c17f4
2 changed files with 254 additions and 60 deletions

View File

@ -40,6 +40,61 @@ using TPFlags = OpenSim.Framework.Constants.TeleportFlags;
namespace OpenSim.Region.ScriptEngine.Shared.Api namespace OpenSim.Region.ScriptEngine.Shared.Api
{ {
//////////////////////////////////////////////////////////////
//
// Level description
//
// None - Function is no threat at all. It doesn't constitute
// an threat to either users or the system and has no
// known side effects
//
// Nuisance - Abuse of this command can cause a nuisance to the
// region operator, such as log message spew
//
// VeryLow - Extreme levels ob abuse of this function can cause
// impaired functioning of the region, or very gullible
// users can be tricked into experiencing harmless effects
//
// Low - Intentional abuse can cause crashes or malfunction
// under certain circumstances, which can easily be rectified,
// or certain users can be tricked into certain situations
// in an avoidable manner.
//
// Moderate - Intentional abuse can cause denial of service and crashes
// with potential of data or state loss, or trusting users
// can be tricked into embarrassing or uncomfortable
// situationsa.
//
// High - Casual abuse can cause impaired functionality or temporary
// denial of service conditions. Intentional abuse can easily
// cause crashes with potential data loss, or can be used to
// trick experienced and cautious users into unwanted situations,
// or changes global data permanently and without undo ability
//
// VeryHigh - Even normal use may, depending on the number of instances,
// or frequency of use, result in severe service impairment
// or crash with loss of data, or can be used to cause
// unwanted or harmful effects on users without giving the
// user a means to avoid it.
//
// Severe - Even casual use is a danger to region stability, or function
// allows console or OS command execution, or function allows
// taking money without consent, or allows deletion or
// modification of user data, or allows the compromise of
// sensitive data by design.
public enum ThreatLevel
{
None = 0,
Nuisance = 1,
VeryLow = 2,
Low = 3,
Moderate = 4,
High = 5,
VeryHigh = 6,
Severe = 7
};
[Serializable] [Serializable]
public class OSSL_Api : MarshalByRefObject, IOSSL_Api, IScriptApi public class OSSL_Api : MarshalByRefObject, IOSSL_Api, IScriptApi
{ {
@ -47,7 +102,8 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
internal SceneObjectPart m_host; internal SceneObjectPart m_host;
internal uint m_localID; internal uint m_localID;
internal UUID m_itemID; internal UUID m_itemID;
internal AsyncCommandManager AsyncCommands = null; internal bool m_OSFunctionsEnabled = false;
internal ThreatLevel m_MaxThreatLevel = ThreatLevel.VeryLow;
internal float m_ScriptDelayFactor = 1.0f; internal float m_ScriptDelayFactor = 1.0f;
internal float m_ScriptDistanceFactor = 1.0f; internal float m_ScriptDistanceFactor = 1.0f;
@ -58,16 +114,41 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
m_localID = localID; m_localID = localID;
m_itemID = itemID; m_itemID = itemID;
IConfigSource config = new IniConfigSource(Application.iniFilePath); if (m_ScriptEngine.Config.GetBoolean("AllowOSFunctions", false))
if (config.Configs["XEngine"] == null) m_OSFunctionsEnabled = true;
config.AddConfig("XEngine");
m_ScriptDelayFactor = config.Configs["XEngine"]. m_ScriptDelayFactor =
GetFloat("ScriptDelayFactor", 1.0f); m_ScriptEngine.Config.GetFloat("ScriptDelayFactor", 1.0f);
m_ScriptDistanceFactor = config.Configs["XEngine"]. m_ScriptDistanceFactor =
GetFloat("ScriptDistanceLimitFactor", 1.0f); m_ScriptEngine.Config.GetFloat("ScriptDistanceLimitFactor", 1.0f);
AsyncCommands = (AsyncCommandManager)ScriptEngine.AsyncCommands; string risk = m_ScriptEngine.Config.GetString("OSFunctionThreatLevel", "VeryLow");
switch (risk)
{
case "None":
m_MaxThreatLevel = ThreatLevel.None;
break;
case "VeryLow":
m_MaxThreatLevel = ThreatLevel.VeryLow;
break;
case "Low":
m_MaxThreatLevel = ThreatLevel.Low;
break;
case "Moderate":
m_MaxThreatLevel = ThreatLevel.Moderate;
break;
case "High":
m_MaxThreatLevel = ThreatLevel.High;
break;
case "VeryHigh":
m_MaxThreatLevel = ThreatLevel.VeryHigh;
break;
case "Severe":
m_MaxThreatLevel = ThreatLevel.Severe;
break;
default:
break;
}
} }
// //
@ -84,6 +165,22 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
return lease; return lease;
} }
public Scene World
{
get { return m_ScriptEngine.World; }
}
internal void OSSLError(string msg)
{
throw new Exception("OSSL Runtime Error: " + msg);
}
protected void CheckThreatLevel(ThreatLevel level, string function)
{
if (level > m_MaxThreatLevel)
throw new Exception("Threat level too high - "+function);
}
protected void ScriptSleep(int delay) protected void ScriptSleep(int delay)
{ {
delay = (int)((float)delay * m_ScriptDelayFactor); delay = (int)((float)delay * m_ScriptDelayFactor);
@ -98,11 +195,12 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
public int osTerrainSetHeight(int x, int y, double val) public int osTerrainSetHeight(int x, int y, double val)
{ {
if (!m_ScriptEngine.Config.GetBoolean("AllowOSFunctions", false)) if (!m_OSFunctionsEnabled)
{ {
OSSLError("osTerrainSetHeight: permission denied"); OSSLError("osTerrainSetHeight: permission denied");
return 0; return 0;
} }
CheckThreatLevel(ThreatLevel.High, "osTerrainSetHeight");
m_host.AddScriptLPS(1); m_host.AddScriptLPS(1);
if (x > 255 || x < 0 || y > 255 || y < 0) if (x > 255 || x < 0 || y > 255 || y < 0)
@ -121,11 +219,12 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
public double osTerrainGetHeight(int x, int y) public double osTerrainGetHeight(int x, int y)
{ {
if (!m_ScriptEngine.Config.GetBoolean("AllowOSFunctions", false)) if (!m_OSFunctionsEnabled)
{ {
OSSLError("osTerrainGetHeight: permission denied"); OSSLError("osTerrainGetHeight: permission denied");
return 0.0; return 0.0;
} }
CheckThreatLevel(ThreatLevel.None, "osTerrainGetHeight");
m_host.AddScriptLPS(1); m_host.AddScriptLPS(1);
if (x > 255 || x < 0 || y > 255 || y < 0) if (x > 255 || x < 0 || y > 255 || y < 0)
@ -136,11 +235,18 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
public int osRegionRestart(double seconds) public int osRegionRestart(double seconds)
{ {
if (!m_ScriptEngine.Config.GetBoolean("AllowOSFunctions", false)) if (!m_OSFunctionsEnabled)
{ {
OSSLError("osRegionRestart: permission denied"); OSSLError("osRegionRestart: permission denied");
return 0; return 0;
} }
// This is High here because region restart is not reliable
// it may result in the region staying down or becoming
// unstable. This should be changed to Low or VeryLow once
// The underlying functionality is fixed, since the security
// as such is sound
//
CheckThreatLevel(ThreatLevel.High, "osRegionRestart");
m_host.AddScriptLPS(1); m_host.AddScriptLPS(1);
if (World.ExternalChecks.ExternalChecksCanIssueEstateCommand(m_host.OwnerID, false)) if (World.ExternalChecks.ExternalChecksCanIssueEstateCommand(m_host.OwnerID, false))
@ -156,24 +262,35 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
public void osRegionNotice(string msg) public void osRegionNotice(string msg)
{ {
if (!m_ScriptEngine.Config.GetBoolean("AllowOSFunctions", false)) if (!m_OSFunctionsEnabled)
{ {
OSSLError("osRegionNotice: permission denied"); OSSLError("osRegionNotice: permission denied");
return; return;
} }
// This implementation provides absolutely no security
// It's high griefing potential makes this classification
// necessary
//
CheckThreatLevel(ThreatLevel.VeryHigh, "osRegionNotice");
m_host.AddScriptLPS(1); m_host.AddScriptLPS(1);
World.SendGeneralAlert(msg); World.SendGeneralAlert(msg);
} }
public void osSetRot(UUID target, Quaternion rotation) public void osSetRot(UUID target, Quaternion rotation)
{ {
if (!m_ScriptEngine.Config.GetBoolean("AllowOSFunctions", false)) if (!m_OSFunctionsEnabled)
{ {
OSSLError("osSetRot: permission denied"); OSSLError("osSetRot: permission denied");
return; return;
} }
// This function has no security. It can be used to destroy
// arbitrary builds the user would normally have no rights to
//
CheckThreatLevel(ThreatLevel.VeryHigh, "osSetRot");
m_host.AddScriptLPS(1); m_host.AddScriptLPS(1);
if (World.Entities.ContainsKey(target)) if (World.Entities.ContainsKey(target))
{ {
@ -188,12 +305,17 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
public string osSetDynamicTextureURL(string dynamicID, string contentType, string url, string extraParams, public string osSetDynamicTextureURL(string dynamicID, string contentType, string url, string extraParams,
int timer) int timer)
{ {
if (!m_ScriptEngine.Config.GetBoolean("AllowOSFunctions", false)) if (!m_OSFunctionsEnabled)
{ {
OSSLError("osSetDynamicTextureURL: permission denied"); OSSLError("osSetDynamicTextureURL: permission denied");
return String.Empty; return String.Empty;
} }
// This may be upgraded depending on the griefing or DOS
// potential, or guarded with a delay
//
CheckThreatLevel(ThreatLevel.VeryLow, "osSetDynamicTextureURL");
m_host.AddScriptLPS(1); m_host.AddScriptLPS(1);
if (dynamicID == String.Empty) if (dynamicID == String.Empty)
{ {
@ -214,12 +336,14 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
public string osSetDynamicTextureURLBlend(string dynamicID, string contentType, string url, string extraParams, public string osSetDynamicTextureURLBlend(string dynamicID, string contentType, string url, string extraParams,
int timer, int alpha) int timer, int alpha)
{ {
if (!m_ScriptEngine.Config.GetBoolean("AllowOSFunctions", false)) if (!m_OSFunctionsEnabled)
{ {
OSSLError("osSetDynamicTextureURLBlend: permission denied"); OSSLError("osSetDynamicTextureURLBlend: permission denied");
return String.Empty; return String.Empty;
} }
CheckThreatLevel(ThreatLevel.VeryLow, "osSetDynamicTextureURLBlend");
m_host.AddScriptLPS(1); m_host.AddScriptLPS(1);
if (dynamicID == String.Empty) if (dynamicID == String.Empty)
{ {
@ -240,12 +364,14 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
public string osSetDynamicTextureData(string dynamicID, string contentType, string data, string extraParams, public string osSetDynamicTextureData(string dynamicID, string contentType, string data, string extraParams,
int timer) int timer)
{ {
if (!m_ScriptEngine.Config.GetBoolean("AllowOSFunctions", false)) if (!m_OSFunctionsEnabled)
{ {
OSSLError("osSetDynamicTextureData: permission denied"); OSSLError("osSetDynamicTextureData: permission denied");
return String.Empty; return String.Empty;
} }
CheckThreatLevel(ThreatLevel.VeryLow, "osSetDynamicTextureData");
m_host.AddScriptLPS(1); m_host.AddScriptLPS(1);
if (dynamicID == String.Empty) if (dynamicID == String.Empty)
{ {
@ -273,12 +399,14 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
public string osSetDynamicTextureDataBlend(string dynamicID, string contentType, string data, string extraParams, public string osSetDynamicTextureDataBlend(string dynamicID, string contentType, string data, string extraParams,
int timer, int alpha) int timer, int alpha)
{ {
if (!m_ScriptEngine.Config.GetBoolean("AllowOSFunctions", false)) if (!m_OSFunctionsEnabled)
{ {
OSSLError("osSetDynamicTextureDataBlend: permission denied"); OSSLError("osSetDynamicTextureDataBlend: permission denied");
return String.Empty; return String.Empty;
} }
CheckThreatLevel(ThreatLevel.VeryLow, "osSetDynamicTextureDataBlend");
m_host.AddScriptLPS(1); m_host.AddScriptLPS(1);
if (dynamicID == String.Empty) if (dynamicID == String.Empty)
{ {
@ -306,8 +434,14 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
public bool osConsoleCommand(string command) public bool osConsoleCommand(string command)
{ {
m_host.AddScriptLPS(1); m_host.AddScriptLPS(1);
if (m_ScriptEngine.Config.GetBoolean("AllowosConsoleCommand", false)) if (!m_OSFunctionsEnabled)
{ {
OSSLError("osConsoleCommand: permission denied");
return false;
}
CheckThreatLevel(ThreatLevel.Severe, "osConsoleCommand");
if (World.ExternalChecks.ExternalChecksCanRunConsoleCommand(m_host.OwnerID)) if (World.ExternalChecks.ExternalChecksCanRunConsoleCommand(m_host.OwnerID))
{ {
MainConsole.Instance.RunCommand(command); MainConsole.Instance.RunCommand(command);
@ -315,16 +449,17 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
} }
return false; return false;
} }
return false;
}
public void osSetPrimFloatOnWater(int floatYN) public void osSetPrimFloatOnWater(int floatYN)
{ {
if (!m_ScriptEngine.Config.GetBoolean("AllowOSFunctions", false)) if (!m_OSFunctionsEnabled)
{ {
OSSLError("osSetPrimFloatOnWater: permission denied"); OSSLError("osSetPrimFloatOnWater: permission denied");
return; return;
} }
CheckThreatLevel(ThreatLevel.VeryLow, "osSetPrimFloatOnWater");
m_host.AddScriptLPS(1); m_host.AddScriptLPS(1);
if (m_host.ParentGroup != null) if (m_host.ParentGroup != null)
{ {
@ -338,6 +473,16 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
// Teleport functions // Teleport functions
public void osTeleportAgent(string agent, string regionName, LSL_Types.Vector3 position, LSL_Types.Vector3 lookat) public void osTeleportAgent(string agent, string regionName, LSL_Types.Vector3 position, LSL_Types.Vector3 lookat)
{ {
if (!m_OSFunctionsEnabled)
{
OSSLError("osTeleportAgent: permission denied");
return;
}
// High because there is no security check. High griefer potential
//
CheckThreatLevel(ThreatLevel.High, "osTeleportAgent");
m_host.AddScriptLPS(1); m_host.AddScriptLPS(1);
UUID agentId = new UUID(); UUID agentId = new UUID();
if (UUID.TryParse(agent, out agentId)) if (UUID.TryParse(agent, out agentId))
@ -351,7 +496,7 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
World.RequestTeleportLocation(presence.ControllingClient, regionName, World.RequestTeleportLocation(presence.ControllingClient, regionName,
new Vector3((float)position.x, (float)position.y, (float)position.z), new Vector3((float)position.x, (float)position.y, (float)position.z),
new Vector3((float)lookat.x, (float)lookat.y, (float)lookat.z), (uint)TPFlags.ViaLocation); new Vector3((float)lookat.x, (float)lookat.y, (float)lookat.z), (uint)TPFlags.ViaLocation);
// ScriptSleep(5000); ScriptSleep(5000);
} }
} }
} }
@ -365,12 +510,14 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
// Adam's super super custom animation functions // Adam's super super custom animation functions
public void osAvatarPlayAnimation(string avatar, string animation) public void osAvatarPlayAnimation(string avatar, string animation)
{ {
if (!m_ScriptEngine.Config.GetBoolean("AllowOSFunctions", false)) if (!m_OSFunctionsEnabled)
{ {
OSSLError("osAvatarPlayAnimation: permission denied"); OSSLError("osAvatarPlayAnimation: permission denied");
return; return;
} }
CheckThreatLevel(ThreatLevel.VeryHigh, "osAvatarPlayAnimation");
m_host.AddScriptLPS(1); m_host.AddScriptLPS(1);
if (World.Entities.ContainsKey(avatar) && World.Entities[avatar] is ScenePresence) if (World.Entities.ContainsKey(avatar) && World.Entities[avatar] is ScenePresence)
{ {
@ -381,12 +528,14 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
public void osAvatarStopAnimation(string avatar, string animation) public void osAvatarStopAnimation(string avatar, string animation)
{ {
if (!m_ScriptEngine.Config.GetBoolean("AllowOSFunctions", false)) if (!m_OSFunctionsEnabled)
{ {
OSSLError("osAvatarStopAnimation: permission denied"); OSSLError("osAvatarStopAnimation: permission denied");
return; return;
} }
CheckThreatLevel(ThreatLevel.VeryHigh, "osAvatarStopAnimation");
m_host.AddScriptLPS(1); m_host.AddScriptLPS(1);
if (World.Entities.ContainsKey(avatar) && World.Entities[avatar] is ScenePresence) if (World.Entities.ContainsKey(avatar) && World.Entities[avatar] is ScenePresence)
{ {
@ -398,12 +547,14 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
//Texture draw functions //Texture draw functions
public string osMovePen(string drawList, int x, int y) public string osMovePen(string drawList, int x, int y)
{ {
if (!m_ScriptEngine.Config.GetBoolean("AllowOSFunctions", false)) if (!m_OSFunctionsEnabled)
{ {
OSSLError("osMovePen: permission denied"); OSSLError("osMovePen: permission denied");
return String.Empty; return String.Empty;
} }
CheckThreatLevel(ThreatLevel.None, "osMovePen");
m_host.AddScriptLPS(1); m_host.AddScriptLPS(1);
drawList += "MoveTo " + x + "," + y + ";"; drawList += "MoveTo " + x + "," + y + ";";
return drawList; return drawList;
@ -411,12 +562,14 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
public string osDrawLine(string drawList, int startX, int startY, int endX, int endY) public string osDrawLine(string drawList, int startX, int startY, int endX, int endY)
{ {
if (!m_ScriptEngine.Config.GetBoolean("AllowOSFunctions", false)) if (!m_OSFunctionsEnabled)
{ {
OSSLError("osDrawLine: permission denied"); OSSLError("osDrawLine: permission denied");
return String.Empty; return String.Empty;
} }
CheckThreatLevel(ThreatLevel.None, "osDrawLine");
m_host.AddScriptLPS(1); m_host.AddScriptLPS(1);
drawList += "MoveTo "+ startX+","+ startY +"; LineTo "+endX +","+endY +"; "; drawList += "MoveTo "+ startX+","+ startY +"; LineTo "+endX +","+endY +"; ";
return drawList; return drawList;
@ -424,12 +577,14 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
public string osDrawLine(string drawList, int endX, int endY) public string osDrawLine(string drawList, int endX, int endY)
{ {
if (!m_ScriptEngine.Config.GetBoolean("AllowOSFunctions", false)) if (!m_OSFunctionsEnabled)
{ {
OSSLError("osDrawLine: permission denied"); OSSLError("osDrawLine: permission denied");
return String.Empty; return String.Empty;
} }
CheckThreatLevel(ThreatLevel.None, "osDrawLine");
m_host.AddScriptLPS(1); m_host.AddScriptLPS(1);
drawList += "LineTo " + endX + "," + endY + "; "; drawList += "LineTo " + endX + "," + endY + "; ";
return drawList; return drawList;
@ -437,12 +592,14 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
public string osDrawText(string drawList, string text) public string osDrawText(string drawList, string text)
{ {
if (!m_ScriptEngine.Config.GetBoolean("AllowOSFunctions", false)) if (!m_OSFunctionsEnabled)
{ {
OSSLError("osDrawText: permission denied"); OSSLError("osDrawText: permission denied");
return String.Empty; return String.Empty;
} }
CheckThreatLevel(ThreatLevel.None, "osDrawText");
m_host.AddScriptLPS(1); m_host.AddScriptLPS(1);
drawList += "Text " + text + "; "; drawList += "Text " + text + "; ";
return drawList; return drawList;
@ -450,12 +607,14 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
public string osDrawEllipse(string drawList, int width, int height) public string osDrawEllipse(string drawList, int width, int height)
{ {
if (!m_ScriptEngine.Config.GetBoolean("AllowOSFunctions", false)) if (!m_OSFunctionsEnabled)
{ {
OSSLError("osDrawEllipse: permission denied"); OSSLError("osDrawEllipse: permission denied");
return String.Empty; return String.Empty;
} }
CheckThreatLevel(ThreatLevel.None, "osDrawEllipse");
m_host.AddScriptLPS(1); m_host.AddScriptLPS(1);
drawList += "Ellipse " + width + "," + height + "; "; drawList += "Ellipse " + width + "," + height + "; ";
return drawList; return drawList;
@ -463,12 +622,14 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
public string osDrawRectangle(string drawList, int width, int height) public string osDrawRectangle(string drawList, int width, int height)
{ {
if (!m_ScriptEngine.Config.GetBoolean("AllowOSFunctions", false)) if (!m_OSFunctionsEnabled)
{ {
OSSLError("osDrawRectangle: permission denied"); OSSLError("osDrawRectangle: permission denied");
return String.Empty; return String.Empty;
} }
CheckThreatLevel(ThreatLevel.None, "osDrawRectangle");
m_host.AddScriptLPS(1); m_host.AddScriptLPS(1);
drawList += "Rectangle " + width + "," + height + "; "; drawList += "Rectangle " + width + "," + height + "; ";
return drawList; return drawList;
@ -476,12 +637,14 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
public string osDrawFilledRectangle(string drawList, int width, int height) public string osDrawFilledRectangle(string drawList, int width, int height)
{ {
if (!m_ScriptEngine.Config.GetBoolean("AllowOSFunctions", false)) if (!m_OSFunctionsEnabled)
{ {
OSSLError("osDrawFilledRectangle: permission denied"); OSSLError("osDrawFilledRectangle: permission denied");
return String.Empty; return String.Empty;
} }
CheckThreatLevel(ThreatLevel.None, "osDrawFilledRectangle");
m_host.AddScriptLPS(1); m_host.AddScriptLPS(1);
drawList += "FillRectangle " + width + "," + height + "; "; drawList += "FillRectangle " + width + "," + height + "; ";
return drawList; return drawList;
@ -489,12 +652,14 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
public string osSetFontSize(string drawList, int fontSize) public string osSetFontSize(string drawList, int fontSize)
{ {
if (!m_ScriptEngine.Config.GetBoolean("AllowOSFunctions", false)) if (!m_OSFunctionsEnabled)
{ {
OSSLError("osSetFontSize: permission denied"); OSSLError("osSetFontSize: permission denied");
return String.Empty; return String.Empty;
} }
CheckThreatLevel(ThreatLevel.None, "osSetFontSize");
m_host.AddScriptLPS(1); m_host.AddScriptLPS(1);
drawList += "FontSize "+ fontSize +"; "; drawList += "FontSize "+ fontSize +"; ";
return drawList; return drawList;
@ -502,12 +667,14 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
public string osSetPenSize(string drawList, int penSize) public string osSetPenSize(string drawList, int penSize)
{ {
if (!m_ScriptEngine.Config.GetBoolean("AllowOSFunctions", false)) if (!m_OSFunctionsEnabled)
{ {
OSSLError("osSetPenSize: permission denied"); OSSLError("osSetPenSize: permission denied");
return String.Empty; return String.Empty;
} }
CheckThreatLevel(ThreatLevel.None, "osSetPenSize");
m_host.AddScriptLPS(1); m_host.AddScriptLPS(1);
drawList += "PenSize " + penSize + "; "; drawList += "PenSize " + penSize + "; ";
return drawList; return drawList;
@ -515,12 +682,14 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
public string osSetPenColour(string drawList, string colour) public string osSetPenColour(string drawList, string colour)
{ {
if (!m_ScriptEngine.Config.GetBoolean("AllowOSFunctions", false)) if (!m_OSFunctionsEnabled)
{ {
OSSLError("osSetPenColour: permission denied"); OSSLError("osSetPenColour: permission denied");
return String.Empty; return String.Empty;
} }
CheckThreatLevel(ThreatLevel.None, "osSetPenColour");
m_host.AddScriptLPS(1); m_host.AddScriptLPS(1);
drawList += "PenColour " + colour + "; "; drawList += "PenColour " + colour + "; ";
return drawList; return drawList;
@ -528,12 +697,14 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
public string osDrawImage(string drawList, int width, int height, string imageUrl) public string osDrawImage(string drawList, int width, int height, string imageUrl)
{ {
if (!m_ScriptEngine.Config.GetBoolean("AllowOSFunctions", false)) if (!m_OSFunctionsEnabled)
{ {
OSSLError("osDrawImage: permission denied"); OSSLError("osDrawImage: permission denied");
return String.Empty; return String.Empty;
} }
CheckThreatLevel(ThreatLevel.None, "osDrawImage");
m_host.AddScriptLPS(1); m_host.AddScriptLPS(1);
drawList +="Image " +width + "," + height+ ","+ imageUrl +"; " ; drawList +="Image " +width + "," + height+ ","+ imageUrl +"; " ;
return drawList; return drawList;
@ -541,23 +712,32 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
public void osSetStateEvents(int events) public void osSetStateEvents(int events)
{ {
if (!m_ScriptEngine.Config.GetBoolean("AllowOSFunctions", false)) if (!m_OSFunctionsEnabled)
{ {
OSSLError("osSetStateEvents: permission denied"); OSSLError("osSetStateEvents: permission denied");
return; return;
} }
// This function is a hack. There is no reason for it's existence
// anymore, since state events now work properly.
// It was probably added as a crutch or debugging aid, and
// should be removed
//
CheckThreatLevel(ThreatLevel.High, "osSetStateEvents");
m_host.SetScriptEvents(m_itemID, events); m_host.SetScriptEvents(m_itemID, events);
} }
public void osSetRegionWaterHeight(double height) public void osSetRegionWaterHeight(double height)
{ {
if (!m_ScriptEngine.Config.GetBoolean("AllowOSFunctions", false)) if (!m_OSFunctionsEnabled)
{ {
OSSLError("osSetRegionWaterHeight: permission denied"); OSSLError("osSetRegionWaterHeight: permission denied");
return; return;
} }
CheckThreatLevel(ThreatLevel.High, "osSetRegionWaterHeight");
m_host.AddScriptLPS(1); m_host.AddScriptLPS(1);
//Check to make sure that the script's owner is the estate manager/master //Check to make sure that the script's owner is the estate manager/master
//World.Permissions.GenericEstatePermission( //World.Permissions.GenericEstatePermission(
@ -569,12 +749,19 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
public double osList2Double(LSL_Types.list src, int index) public double osList2Double(LSL_Types.list src, int index)
{ {
if (!m_ScriptEngine.Config.GetBoolean("AllowOSFunctions", false)) if (!m_OSFunctionsEnabled)
{ {
OSSLError("osList2Double: permission denied"); OSSLError("osList2Double: permission denied");
return 0.0; return 0.0;
} }
// There is really no double type in OSSL. C# and other
// have one, but the current implementation of LSL_Types.list
// is not allowed to contain any.
// This really should be removed.
//
CheckThreatLevel(ThreatLevel.None, "osList2Double");
m_host.AddScriptLPS(1); m_host.AddScriptLPS(1);
if (index < 0) if (index < 0)
{ {
@ -589,12 +776,16 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
public void osSetParcelMediaURL(string url) public void osSetParcelMediaURL(string url)
{ {
if (!m_ScriptEngine.Config.GetBoolean("AllowOSFunctions", false)) if (!m_OSFunctionsEnabled)
{ {
OSSLError("osSetParcelMediaURL: permission denied"); OSSLError("osSetParcelMediaURL: permission denied");
return; return;
} }
// What actually is the difference to the LL function?
//
CheckThreatLevel(ThreatLevel.VeryLow, "osSetParcelMediaURL");
m_host.AddScriptLPS(1); m_host.AddScriptLPS(1);
UUID landowner = World.GetLandOwner(m_host.AbsolutePosition.X, m_host.AbsolutePosition.Y); UUID landowner = World.GetLandOwner(m_host.AbsolutePosition.X, m_host.AbsolutePosition.Y);
@ -611,24 +802,21 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
World.SetLandMediaURL(m_host.AbsolutePosition.X, m_host.AbsolutePosition.Y, url); World.SetLandMediaURL(m_host.AbsolutePosition.X, m_host.AbsolutePosition.Y, url);
} }
public Scene World
{
get { return m_ScriptEngine.World; }
}
internal void OSSLError(string msg)
{
throw new Exception("OSSL Runtime Error: " + msg);
}
public string osGetScriptEngineName() public string osGetScriptEngineName()
{ {
if (!m_ScriptEngine.Config.GetBoolean("AllowOSFunctions", false)) if (!m_OSFunctionsEnabled)
{ {
OSSLError("osGetScriptEngineName: permission denied"); OSSLError("osGetScriptEngineName: permission denied");
return ""; return "";
} }
// This gets a "high" because knowing the engine may be used
// to exploit engine-specific bugs or induce usage patterns
// that trigger engine-specific failures.
// Besides, public grid users aren't supposed to know.
//
CheckThreatLevel(ThreatLevel.High, "osGetScriptEngineName");
m_host.AddScriptLPS(1); m_host.AddScriptLPS(1);
int scriptEngineNameIndex = 0; int scriptEngineNameIndex = 0;
@ -657,12 +845,18 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
//for testing purposes only //for testing purposes only
public void osSetParcelMediaTime(double time) public void osSetParcelMediaTime(double time)
{ {
if (!m_ScriptEngine.Config.GetBoolean("AllowOSFunctions", false)) if (!m_OSFunctionsEnabled)
{ {
OSSLError("osSetParcelMediaTime: permission denied"); OSSLError("osSetParcelMediaTime: permission denied");
return; return;
} }
// This gets very high because I have no idea what it does.
// If someone knows, please adjust. If it;s no longer needed,
// please remove.
//
CheckThreatLevel(ThreatLevel.VeryHigh, "osSetParcelMediaTime");
m_host.AddScriptLPS(1); m_host.AddScriptLPS(1);
World.ParcelMediaSetTime((float)time); World.ParcelMediaSetTime((float)time);

View File

@ -677,6 +677,8 @@ AllowedCompilers = lsl,vb,js,cs
CompileWithDebugInformation = true CompileWithDebugInformation = true
; Allow the use of os* functions (some are dangerous) ; Allow the use of os* functions (some are dangerous)
AllowOSFunctions = false AllowOSFunctions = false
; Threat level to allow, one of None, VeryLow, Low, Moderate, High, VeryHigh, Severe
OSFunctionThreatLevel = VeryLow
; Interval (s) between background save of script states ; Interval (s) between background save of script states
SaveInterval = 120 SaveInterval = 120
; Interval (s) between maintenance runs (0 = disable) ; Interval (s) between maintenance runs (0 = disable)
@ -685,8 +687,6 @@ MaintenanceInterval = 10
EventLimit = 30 EventLimit = 30
; If a script overruns it's event limit, kill the script? ; If a script overruns it's event limit, kill the script?
KillTimedOutScripts = false KillTimedOutScripts = false
; Allow OS console command functionality (VERY DANGEROUS!!)
AllowosConsoleCommand = false
; Sets the multiplier for the scripting delays ; Sets the multiplier for the scripting delays
ScriptDelayFactor = 1.0 ScriptDelayFactor = 1.0
; The factor the 10 m distances llimits are multiplied by ; The factor the 10 m distances llimits are multiplied by