Add more granularity and a risk asessment system to the OSSL API in XEngine.
Adds the fix from Mantis #2197 in it's new form. Stage one of the scripting security changes, more to come.0.6.0-stable
parent
4d88246a3f
commit
2eac6c17f4
|
@ -40,6 +40,61 @@ using TPFlags = OpenSim.Framework.Constants.TeleportFlags;
|
||||||
|
|
||||||
namespace OpenSim.Region.ScriptEngine.Shared.Api
|
namespace OpenSim.Region.ScriptEngine.Shared.Api
|
||||||
{
|
{
|
||||||
|
//////////////////////////////////////////////////////////////
|
||||||
|
//
|
||||||
|
// Level description
|
||||||
|
//
|
||||||
|
// None - Function is no threat at all. It doesn't constitute
|
||||||
|
// an threat to either users or the system and has no
|
||||||
|
// known side effects
|
||||||
|
//
|
||||||
|
// Nuisance - Abuse of this command can cause a nuisance to the
|
||||||
|
// region operator, such as log message spew
|
||||||
|
//
|
||||||
|
// VeryLow - Extreme levels ob abuse of this function can cause
|
||||||
|
// impaired functioning of the region, or very gullible
|
||||||
|
// users can be tricked into experiencing harmless effects
|
||||||
|
//
|
||||||
|
// Low - Intentional abuse can cause crashes or malfunction
|
||||||
|
// under certain circumstances, which can easily be rectified,
|
||||||
|
// or certain users can be tricked into certain situations
|
||||||
|
// in an avoidable manner.
|
||||||
|
//
|
||||||
|
// Moderate - Intentional abuse can cause denial of service and crashes
|
||||||
|
// with potential of data or state loss, or trusting users
|
||||||
|
// can be tricked into embarrassing or uncomfortable
|
||||||
|
// situationsa.
|
||||||
|
//
|
||||||
|
// High - Casual abuse can cause impaired functionality or temporary
|
||||||
|
// denial of service conditions. Intentional abuse can easily
|
||||||
|
// cause crashes with potential data loss, or can be used to
|
||||||
|
// trick experienced and cautious users into unwanted situations,
|
||||||
|
// or changes global data permanently and without undo ability
|
||||||
|
//
|
||||||
|
// VeryHigh - Even normal use may, depending on the number of instances,
|
||||||
|
// or frequency of use, result in severe service impairment
|
||||||
|
// or crash with loss of data, or can be used to cause
|
||||||
|
// unwanted or harmful effects on users without giving the
|
||||||
|
// user a means to avoid it.
|
||||||
|
//
|
||||||
|
// Severe - Even casual use is a danger to region stability, or function
|
||||||
|
// allows console or OS command execution, or function allows
|
||||||
|
// taking money without consent, or allows deletion or
|
||||||
|
// modification of user data, or allows the compromise of
|
||||||
|
// sensitive data by design.
|
||||||
|
|
||||||
|
public enum ThreatLevel
|
||||||
|
{
|
||||||
|
None = 0,
|
||||||
|
Nuisance = 1,
|
||||||
|
VeryLow = 2,
|
||||||
|
Low = 3,
|
||||||
|
Moderate = 4,
|
||||||
|
High = 5,
|
||||||
|
VeryHigh = 6,
|
||||||
|
Severe = 7
|
||||||
|
};
|
||||||
|
|
||||||
[Serializable]
|
[Serializable]
|
||||||
public class OSSL_Api : MarshalByRefObject, IOSSL_Api, IScriptApi
|
public class OSSL_Api : MarshalByRefObject, IOSSL_Api, IScriptApi
|
||||||
{
|
{
|
||||||
|
@ -47,7 +102,8 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
|
||||||
internal SceneObjectPart m_host;
|
internal SceneObjectPart m_host;
|
||||||
internal uint m_localID;
|
internal uint m_localID;
|
||||||
internal UUID m_itemID;
|
internal UUID m_itemID;
|
||||||
internal AsyncCommandManager AsyncCommands = null;
|
internal bool m_OSFunctionsEnabled = false;
|
||||||
|
internal ThreatLevel m_MaxThreatLevel = ThreatLevel.VeryLow;
|
||||||
internal float m_ScriptDelayFactor = 1.0f;
|
internal float m_ScriptDelayFactor = 1.0f;
|
||||||
internal float m_ScriptDistanceFactor = 1.0f;
|
internal float m_ScriptDistanceFactor = 1.0f;
|
||||||
|
|
||||||
|
@ -58,16 +114,41 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
|
||||||
m_localID = localID;
|
m_localID = localID;
|
||||||
m_itemID = itemID;
|
m_itemID = itemID;
|
||||||
|
|
||||||
IConfigSource config = new IniConfigSource(Application.iniFilePath);
|
if (m_ScriptEngine.Config.GetBoolean("AllowOSFunctions", false))
|
||||||
if (config.Configs["XEngine"] == null)
|
m_OSFunctionsEnabled = true;
|
||||||
config.AddConfig("XEngine");
|
|
||||||
|
|
||||||
m_ScriptDelayFactor = config.Configs["XEngine"].
|
m_ScriptDelayFactor =
|
||||||
GetFloat("ScriptDelayFactor", 1.0f);
|
m_ScriptEngine.Config.GetFloat("ScriptDelayFactor", 1.0f);
|
||||||
m_ScriptDistanceFactor = config.Configs["XEngine"].
|
m_ScriptDistanceFactor =
|
||||||
GetFloat("ScriptDistanceLimitFactor", 1.0f);
|
m_ScriptEngine.Config.GetFloat("ScriptDistanceLimitFactor", 1.0f);
|
||||||
|
|
||||||
AsyncCommands = (AsyncCommandManager)ScriptEngine.AsyncCommands;
|
string risk = m_ScriptEngine.Config.GetString("OSFunctionThreatLevel", "VeryLow");
|
||||||
|
switch (risk)
|
||||||
|
{
|
||||||
|
case "None":
|
||||||
|
m_MaxThreatLevel = ThreatLevel.None;
|
||||||
|
break;
|
||||||
|
case "VeryLow":
|
||||||
|
m_MaxThreatLevel = ThreatLevel.VeryLow;
|
||||||
|
break;
|
||||||
|
case "Low":
|
||||||
|
m_MaxThreatLevel = ThreatLevel.Low;
|
||||||
|
break;
|
||||||
|
case "Moderate":
|
||||||
|
m_MaxThreatLevel = ThreatLevel.Moderate;
|
||||||
|
break;
|
||||||
|
case "High":
|
||||||
|
m_MaxThreatLevel = ThreatLevel.High;
|
||||||
|
break;
|
||||||
|
case "VeryHigh":
|
||||||
|
m_MaxThreatLevel = ThreatLevel.VeryHigh;
|
||||||
|
break;
|
||||||
|
case "Severe":
|
||||||
|
m_MaxThreatLevel = ThreatLevel.Severe;
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
break;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
//
|
//
|
||||||
|
@ -84,6 +165,22 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
|
||||||
return lease;
|
return lease;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public Scene World
|
||||||
|
{
|
||||||
|
get { return m_ScriptEngine.World; }
|
||||||
|
}
|
||||||
|
|
||||||
|
internal void OSSLError(string msg)
|
||||||
|
{
|
||||||
|
throw new Exception("OSSL Runtime Error: " + msg);
|
||||||
|
}
|
||||||
|
|
||||||
|
protected void CheckThreatLevel(ThreatLevel level, string function)
|
||||||
|
{
|
||||||
|
if (level > m_MaxThreatLevel)
|
||||||
|
throw new Exception("Threat level too high - "+function);
|
||||||
|
}
|
||||||
|
|
||||||
protected void ScriptSleep(int delay)
|
protected void ScriptSleep(int delay)
|
||||||
{
|
{
|
||||||
delay = (int)((float)delay * m_ScriptDelayFactor);
|
delay = (int)((float)delay * m_ScriptDelayFactor);
|
||||||
|
@ -98,11 +195,12 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
|
||||||
|
|
||||||
public int osTerrainSetHeight(int x, int y, double val)
|
public int osTerrainSetHeight(int x, int y, double val)
|
||||||
{
|
{
|
||||||
if (!m_ScriptEngine.Config.GetBoolean("AllowOSFunctions", false))
|
if (!m_OSFunctionsEnabled)
|
||||||
{
|
{
|
||||||
OSSLError("osTerrainSetHeight: permission denied");
|
OSSLError("osTerrainSetHeight: permission denied");
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
CheckThreatLevel(ThreatLevel.High, "osTerrainSetHeight");
|
||||||
|
|
||||||
m_host.AddScriptLPS(1);
|
m_host.AddScriptLPS(1);
|
||||||
if (x > 255 || x < 0 || y > 255 || y < 0)
|
if (x > 255 || x < 0 || y > 255 || y < 0)
|
||||||
|
@ -121,11 +219,12 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
|
||||||
|
|
||||||
public double osTerrainGetHeight(int x, int y)
|
public double osTerrainGetHeight(int x, int y)
|
||||||
{
|
{
|
||||||
if (!m_ScriptEngine.Config.GetBoolean("AllowOSFunctions", false))
|
if (!m_OSFunctionsEnabled)
|
||||||
{
|
{
|
||||||
OSSLError("osTerrainGetHeight: permission denied");
|
OSSLError("osTerrainGetHeight: permission denied");
|
||||||
return 0.0;
|
return 0.0;
|
||||||
}
|
}
|
||||||
|
CheckThreatLevel(ThreatLevel.None, "osTerrainGetHeight");
|
||||||
|
|
||||||
m_host.AddScriptLPS(1);
|
m_host.AddScriptLPS(1);
|
||||||
if (x > 255 || x < 0 || y > 255 || y < 0)
|
if (x > 255 || x < 0 || y > 255 || y < 0)
|
||||||
|
@ -136,11 +235,18 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
|
||||||
|
|
||||||
public int osRegionRestart(double seconds)
|
public int osRegionRestart(double seconds)
|
||||||
{
|
{
|
||||||
if (!m_ScriptEngine.Config.GetBoolean("AllowOSFunctions", false))
|
if (!m_OSFunctionsEnabled)
|
||||||
{
|
{
|
||||||
OSSLError("osRegionRestart: permission denied");
|
OSSLError("osRegionRestart: permission denied");
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
// This is High here because region restart is not reliable
|
||||||
|
// it may result in the region staying down or becoming
|
||||||
|
// unstable. This should be changed to Low or VeryLow once
|
||||||
|
// The underlying functionality is fixed, since the security
|
||||||
|
// as such is sound
|
||||||
|
//
|
||||||
|
CheckThreatLevel(ThreatLevel.High, "osRegionRestart");
|
||||||
|
|
||||||
m_host.AddScriptLPS(1);
|
m_host.AddScriptLPS(1);
|
||||||
if (World.ExternalChecks.ExternalChecksCanIssueEstateCommand(m_host.OwnerID, false))
|
if (World.ExternalChecks.ExternalChecksCanIssueEstateCommand(m_host.OwnerID, false))
|
||||||
|
@ -156,24 +262,35 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
|
||||||
|
|
||||||
public void osRegionNotice(string msg)
|
public void osRegionNotice(string msg)
|
||||||
{
|
{
|
||||||
if (!m_ScriptEngine.Config.GetBoolean("AllowOSFunctions", false))
|
if (!m_OSFunctionsEnabled)
|
||||||
{
|
{
|
||||||
OSSLError("osRegionNotice: permission denied");
|
OSSLError("osRegionNotice: permission denied");
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// This implementation provides absolutely no security
|
||||||
|
// It's high griefing potential makes this classification
|
||||||
|
// necessary
|
||||||
|
//
|
||||||
|
CheckThreatLevel(ThreatLevel.VeryHigh, "osRegionNotice");
|
||||||
|
|
||||||
m_host.AddScriptLPS(1);
|
m_host.AddScriptLPS(1);
|
||||||
World.SendGeneralAlert(msg);
|
World.SendGeneralAlert(msg);
|
||||||
}
|
}
|
||||||
|
|
||||||
public void osSetRot(UUID target, Quaternion rotation)
|
public void osSetRot(UUID target, Quaternion rotation)
|
||||||
{
|
{
|
||||||
if (!m_ScriptEngine.Config.GetBoolean("AllowOSFunctions", false))
|
if (!m_OSFunctionsEnabled)
|
||||||
{
|
{
|
||||||
OSSLError("osSetRot: permission denied");
|
OSSLError("osSetRot: permission denied");
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// This function has no security. It can be used to destroy
|
||||||
|
// arbitrary builds the user would normally have no rights to
|
||||||
|
//
|
||||||
|
CheckThreatLevel(ThreatLevel.VeryHigh, "osSetRot");
|
||||||
|
|
||||||
m_host.AddScriptLPS(1);
|
m_host.AddScriptLPS(1);
|
||||||
if (World.Entities.ContainsKey(target))
|
if (World.Entities.ContainsKey(target))
|
||||||
{
|
{
|
||||||
|
@ -188,12 +305,17 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
|
||||||
public string osSetDynamicTextureURL(string dynamicID, string contentType, string url, string extraParams,
|
public string osSetDynamicTextureURL(string dynamicID, string contentType, string url, string extraParams,
|
||||||
int timer)
|
int timer)
|
||||||
{
|
{
|
||||||
if (!m_ScriptEngine.Config.GetBoolean("AllowOSFunctions", false))
|
if (!m_OSFunctionsEnabled)
|
||||||
{
|
{
|
||||||
OSSLError("osSetDynamicTextureURL: permission denied");
|
OSSLError("osSetDynamicTextureURL: permission denied");
|
||||||
return String.Empty;
|
return String.Empty;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// This may be upgraded depending on the griefing or DOS
|
||||||
|
// potential, or guarded with a delay
|
||||||
|
//
|
||||||
|
CheckThreatLevel(ThreatLevel.VeryLow, "osSetDynamicTextureURL");
|
||||||
|
|
||||||
m_host.AddScriptLPS(1);
|
m_host.AddScriptLPS(1);
|
||||||
if (dynamicID == String.Empty)
|
if (dynamicID == String.Empty)
|
||||||
{
|
{
|
||||||
|
@ -214,12 +336,14 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
|
||||||
public string osSetDynamicTextureURLBlend(string dynamicID, string contentType, string url, string extraParams,
|
public string osSetDynamicTextureURLBlend(string dynamicID, string contentType, string url, string extraParams,
|
||||||
int timer, int alpha)
|
int timer, int alpha)
|
||||||
{
|
{
|
||||||
if (!m_ScriptEngine.Config.GetBoolean("AllowOSFunctions", false))
|
if (!m_OSFunctionsEnabled)
|
||||||
{
|
{
|
||||||
OSSLError("osSetDynamicTextureURLBlend: permission denied");
|
OSSLError("osSetDynamicTextureURLBlend: permission denied");
|
||||||
return String.Empty;
|
return String.Empty;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
CheckThreatLevel(ThreatLevel.VeryLow, "osSetDynamicTextureURLBlend");
|
||||||
|
|
||||||
m_host.AddScriptLPS(1);
|
m_host.AddScriptLPS(1);
|
||||||
if (dynamicID == String.Empty)
|
if (dynamicID == String.Empty)
|
||||||
{
|
{
|
||||||
|
@ -240,12 +364,14 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
|
||||||
public string osSetDynamicTextureData(string dynamicID, string contentType, string data, string extraParams,
|
public string osSetDynamicTextureData(string dynamicID, string contentType, string data, string extraParams,
|
||||||
int timer)
|
int timer)
|
||||||
{
|
{
|
||||||
if (!m_ScriptEngine.Config.GetBoolean("AllowOSFunctions", false))
|
if (!m_OSFunctionsEnabled)
|
||||||
{
|
{
|
||||||
OSSLError("osSetDynamicTextureData: permission denied");
|
OSSLError("osSetDynamicTextureData: permission denied");
|
||||||
return String.Empty;
|
return String.Empty;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
CheckThreatLevel(ThreatLevel.VeryLow, "osSetDynamicTextureData");
|
||||||
|
|
||||||
m_host.AddScriptLPS(1);
|
m_host.AddScriptLPS(1);
|
||||||
if (dynamicID == String.Empty)
|
if (dynamicID == String.Empty)
|
||||||
{
|
{
|
||||||
|
@ -273,12 +399,14 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
|
||||||
public string osSetDynamicTextureDataBlend(string dynamicID, string contentType, string data, string extraParams,
|
public string osSetDynamicTextureDataBlend(string dynamicID, string contentType, string data, string extraParams,
|
||||||
int timer, int alpha)
|
int timer, int alpha)
|
||||||
{
|
{
|
||||||
if (!m_ScriptEngine.Config.GetBoolean("AllowOSFunctions", false))
|
if (!m_OSFunctionsEnabled)
|
||||||
{
|
{
|
||||||
OSSLError("osSetDynamicTextureDataBlend: permission denied");
|
OSSLError("osSetDynamicTextureDataBlend: permission denied");
|
||||||
return String.Empty;
|
return String.Empty;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
CheckThreatLevel(ThreatLevel.VeryLow, "osSetDynamicTextureDataBlend");
|
||||||
|
|
||||||
m_host.AddScriptLPS(1);
|
m_host.AddScriptLPS(1);
|
||||||
if (dynamicID == String.Empty)
|
if (dynamicID == String.Empty)
|
||||||
{
|
{
|
||||||
|
@ -306,8 +434,14 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
|
||||||
public bool osConsoleCommand(string command)
|
public bool osConsoleCommand(string command)
|
||||||
{
|
{
|
||||||
m_host.AddScriptLPS(1);
|
m_host.AddScriptLPS(1);
|
||||||
if (m_ScriptEngine.Config.GetBoolean("AllowosConsoleCommand", false))
|
if (!m_OSFunctionsEnabled)
|
||||||
{
|
{
|
||||||
|
OSSLError("osConsoleCommand: permission denied");
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
CheckThreatLevel(ThreatLevel.Severe, "osConsoleCommand");
|
||||||
|
|
||||||
if (World.ExternalChecks.ExternalChecksCanRunConsoleCommand(m_host.OwnerID))
|
if (World.ExternalChecks.ExternalChecksCanRunConsoleCommand(m_host.OwnerID))
|
||||||
{
|
{
|
||||||
MainConsole.Instance.RunCommand(command);
|
MainConsole.Instance.RunCommand(command);
|
||||||
|
@ -315,16 +449,17 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
|
||||||
}
|
}
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
return false;
|
|
||||||
}
|
|
||||||
public void osSetPrimFloatOnWater(int floatYN)
|
public void osSetPrimFloatOnWater(int floatYN)
|
||||||
{
|
{
|
||||||
if (!m_ScriptEngine.Config.GetBoolean("AllowOSFunctions", false))
|
if (!m_OSFunctionsEnabled)
|
||||||
{
|
{
|
||||||
OSSLError("osSetPrimFloatOnWater: permission denied");
|
OSSLError("osSetPrimFloatOnWater: permission denied");
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
CheckThreatLevel(ThreatLevel.VeryLow, "osSetPrimFloatOnWater");
|
||||||
|
|
||||||
m_host.AddScriptLPS(1);
|
m_host.AddScriptLPS(1);
|
||||||
if (m_host.ParentGroup != null)
|
if (m_host.ParentGroup != null)
|
||||||
{
|
{
|
||||||
|
@ -338,6 +473,16 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
|
||||||
// Teleport functions
|
// Teleport functions
|
||||||
public void osTeleportAgent(string agent, string regionName, LSL_Types.Vector3 position, LSL_Types.Vector3 lookat)
|
public void osTeleportAgent(string agent, string regionName, LSL_Types.Vector3 position, LSL_Types.Vector3 lookat)
|
||||||
{
|
{
|
||||||
|
if (!m_OSFunctionsEnabled)
|
||||||
|
{
|
||||||
|
OSSLError("osTeleportAgent: permission denied");
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
// High because there is no security check. High griefer potential
|
||||||
|
//
|
||||||
|
CheckThreatLevel(ThreatLevel.High, "osTeleportAgent");
|
||||||
|
|
||||||
m_host.AddScriptLPS(1);
|
m_host.AddScriptLPS(1);
|
||||||
UUID agentId = new UUID();
|
UUID agentId = new UUID();
|
||||||
if (UUID.TryParse(agent, out agentId))
|
if (UUID.TryParse(agent, out agentId))
|
||||||
|
@ -351,7 +496,7 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
|
||||||
World.RequestTeleportLocation(presence.ControllingClient, regionName,
|
World.RequestTeleportLocation(presence.ControllingClient, regionName,
|
||||||
new Vector3((float)position.x, (float)position.y, (float)position.z),
|
new Vector3((float)position.x, (float)position.y, (float)position.z),
|
||||||
new Vector3((float)lookat.x, (float)lookat.y, (float)lookat.z), (uint)TPFlags.ViaLocation);
|
new Vector3((float)lookat.x, (float)lookat.y, (float)lookat.z), (uint)TPFlags.ViaLocation);
|
||||||
// ScriptSleep(5000);
|
ScriptSleep(5000);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -365,12 +510,14 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
|
||||||
// Adam's super super custom animation functions
|
// Adam's super super custom animation functions
|
||||||
public void osAvatarPlayAnimation(string avatar, string animation)
|
public void osAvatarPlayAnimation(string avatar, string animation)
|
||||||
{
|
{
|
||||||
if (!m_ScriptEngine.Config.GetBoolean("AllowOSFunctions", false))
|
if (!m_OSFunctionsEnabled)
|
||||||
{
|
{
|
||||||
OSSLError("osAvatarPlayAnimation: permission denied");
|
OSSLError("osAvatarPlayAnimation: permission denied");
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
CheckThreatLevel(ThreatLevel.VeryHigh, "osAvatarPlayAnimation");
|
||||||
|
|
||||||
m_host.AddScriptLPS(1);
|
m_host.AddScriptLPS(1);
|
||||||
if (World.Entities.ContainsKey(avatar) && World.Entities[avatar] is ScenePresence)
|
if (World.Entities.ContainsKey(avatar) && World.Entities[avatar] is ScenePresence)
|
||||||
{
|
{
|
||||||
|
@ -381,12 +528,14 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
|
||||||
|
|
||||||
public void osAvatarStopAnimation(string avatar, string animation)
|
public void osAvatarStopAnimation(string avatar, string animation)
|
||||||
{
|
{
|
||||||
if (!m_ScriptEngine.Config.GetBoolean("AllowOSFunctions", false))
|
if (!m_OSFunctionsEnabled)
|
||||||
{
|
{
|
||||||
OSSLError("osAvatarStopAnimation: permission denied");
|
OSSLError("osAvatarStopAnimation: permission denied");
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
CheckThreatLevel(ThreatLevel.VeryHigh, "osAvatarStopAnimation");
|
||||||
|
|
||||||
m_host.AddScriptLPS(1);
|
m_host.AddScriptLPS(1);
|
||||||
if (World.Entities.ContainsKey(avatar) && World.Entities[avatar] is ScenePresence)
|
if (World.Entities.ContainsKey(avatar) && World.Entities[avatar] is ScenePresence)
|
||||||
{
|
{
|
||||||
|
@ -398,12 +547,14 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
|
||||||
//Texture draw functions
|
//Texture draw functions
|
||||||
public string osMovePen(string drawList, int x, int y)
|
public string osMovePen(string drawList, int x, int y)
|
||||||
{
|
{
|
||||||
if (!m_ScriptEngine.Config.GetBoolean("AllowOSFunctions", false))
|
if (!m_OSFunctionsEnabled)
|
||||||
{
|
{
|
||||||
OSSLError("osMovePen: permission denied");
|
OSSLError("osMovePen: permission denied");
|
||||||
return String.Empty;
|
return String.Empty;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
CheckThreatLevel(ThreatLevel.None, "osMovePen");
|
||||||
|
|
||||||
m_host.AddScriptLPS(1);
|
m_host.AddScriptLPS(1);
|
||||||
drawList += "MoveTo " + x + "," + y + ";";
|
drawList += "MoveTo " + x + "," + y + ";";
|
||||||
return drawList;
|
return drawList;
|
||||||
|
@ -411,12 +562,14 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
|
||||||
|
|
||||||
public string osDrawLine(string drawList, int startX, int startY, int endX, int endY)
|
public string osDrawLine(string drawList, int startX, int startY, int endX, int endY)
|
||||||
{
|
{
|
||||||
if (!m_ScriptEngine.Config.GetBoolean("AllowOSFunctions", false))
|
if (!m_OSFunctionsEnabled)
|
||||||
{
|
{
|
||||||
OSSLError("osDrawLine: permission denied");
|
OSSLError("osDrawLine: permission denied");
|
||||||
return String.Empty;
|
return String.Empty;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
CheckThreatLevel(ThreatLevel.None, "osDrawLine");
|
||||||
|
|
||||||
m_host.AddScriptLPS(1);
|
m_host.AddScriptLPS(1);
|
||||||
drawList += "MoveTo "+ startX+","+ startY +"; LineTo "+endX +","+endY +"; ";
|
drawList += "MoveTo "+ startX+","+ startY +"; LineTo "+endX +","+endY +"; ";
|
||||||
return drawList;
|
return drawList;
|
||||||
|
@ -424,12 +577,14 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
|
||||||
|
|
||||||
public string osDrawLine(string drawList, int endX, int endY)
|
public string osDrawLine(string drawList, int endX, int endY)
|
||||||
{
|
{
|
||||||
if (!m_ScriptEngine.Config.GetBoolean("AllowOSFunctions", false))
|
if (!m_OSFunctionsEnabled)
|
||||||
{
|
{
|
||||||
OSSLError("osDrawLine: permission denied");
|
OSSLError("osDrawLine: permission denied");
|
||||||
return String.Empty;
|
return String.Empty;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
CheckThreatLevel(ThreatLevel.None, "osDrawLine");
|
||||||
|
|
||||||
m_host.AddScriptLPS(1);
|
m_host.AddScriptLPS(1);
|
||||||
drawList += "LineTo " + endX + "," + endY + "; ";
|
drawList += "LineTo " + endX + "," + endY + "; ";
|
||||||
return drawList;
|
return drawList;
|
||||||
|
@ -437,12 +592,14 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
|
||||||
|
|
||||||
public string osDrawText(string drawList, string text)
|
public string osDrawText(string drawList, string text)
|
||||||
{
|
{
|
||||||
if (!m_ScriptEngine.Config.GetBoolean("AllowOSFunctions", false))
|
if (!m_OSFunctionsEnabled)
|
||||||
{
|
{
|
||||||
OSSLError("osDrawText: permission denied");
|
OSSLError("osDrawText: permission denied");
|
||||||
return String.Empty;
|
return String.Empty;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
CheckThreatLevel(ThreatLevel.None, "osDrawText");
|
||||||
|
|
||||||
m_host.AddScriptLPS(1);
|
m_host.AddScriptLPS(1);
|
||||||
drawList += "Text " + text + "; ";
|
drawList += "Text " + text + "; ";
|
||||||
return drawList;
|
return drawList;
|
||||||
|
@ -450,12 +607,14 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
|
||||||
|
|
||||||
public string osDrawEllipse(string drawList, int width, int height)
|
public string osDrawEllipse(string drawList, int width, int height)
|
||||||
{
|
{
|
||||||
if (!m_ScriptEngine.Config.GetBoolean("AllowOSFunctions", false))
|
if (!m_OSFunctionsEnabled)
|
||||||
{
|
{
|
||||||
OSSLError("osDrawEllipse: permission denied");
|
OSSLError("osDrawEllipse: permission denied");
|
||||||
return String.Empty;
|
return String.Empty;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
CheckThreatLevel(ThreatLevel.None, "osDrawEllipse");
|
||||||
|
|
||||||
m_host.AddScriptLPS(1);
|
m_host.AddScriptLPS(1);
|
||||||
drawList += "Ellipse " + width + "," + height + "; ";
|
drawList += "Ellipse " + width + "," + height + "; ";
|
||||||
return drawList;
|
return drawList;
|
||||||
|
@ -463,12 +622,14 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
|
||||||
|
|
||||||
public string osDrawRectangle(string drawList, int width, int height)
|
public string osDrawRectangle(string drawList, int width, int height)
|
||||||
{
|
{
|
||||||
if (!m_ScriptEngine.Config.GetBoolean("AllowOSFunctions", false))
|
if (!m_OSFunctionsEnabled)
|
||||||
{
|
{
|
||||||
OSSLError("osDrawRectangle: permission denied");
|
OSSLError("osDrawRectangle: permission denied");
|
||||||
return String.Empty;
|
return String.Empty;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
CheckThreatLevel(ThreatLevel.None, "osDrawRectangle");
|
||||||
|
|
||||||
m_host.AddScriptLPS(1);
|
m_host.AddScriptLPS(1);
|
||||||
drawList += "Rectangle " + width + "," + height + "; ";
|
drawList += "Rectangle " + width + "," + height + "; ";
|
||||||
return drawList;
|
return drawList;
|
||||||
|
@ -476,12 +637,14 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
|
||||||
|
|
||||||
public string osDrawFilledRectangle(string drawList, int width, int height)
|
public string osDrawFilledRectangle(string drawList, int width, int height)
|
||||||
{
|
{
|
||||||
if (!m_ScriptEngine.Config.GetBoolean("AllowOSFunctions", false))
|
if (!m_OSFunctionsEnabled)
|
||||||
{
|
{
|
||||||
OSSLError("osDrawFilledRectangle: permission denied");
|
OSSLError("osDrawFilledRectangle: permission denied");
|
||||||
return String.Empty;
|
return String.Empty;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
CheckThreatLevel(ThreatLevel.None, "osDrawFilledRectangle");
|
||||||
|
|
||||||
m_host.AddScriptLPS(1);
|
m_host.AddScriptLPS(1);
|
||||||
drawList += "FillRectangle " + width + "," + height + "; ";
|
drawList += "FillRectangle " + width + "," + height + "; ";
|
||||||
return drawList;
|
return drawList;
|
||||||
|
@ -489,12 +652,14 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
|
||||||
|
|
||||||
public string osSetFontSize(string drawList, int fontSize)
|
public string osSetFontSize(string drawList, int fontSize)
|
||||||
{
|
{
|
||||||
if (!m_ScriptEngine.Config.GetBoolean("AllowOSFunctions", false))
|
if (!m_OSFunctionsEnabled)
|
||||||
{
|
{
|
||||||
OSSLError("osSetFontSize: permission denied");
|
OSSLError("osSetFontSize: permission denied");
|
||||||
return String.Empty;
|
return String.Empty;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
CheckThreatLevel(ThreatLevel.None, "osSetFontSize");
|
||||||
|
|
||||||
m_host.AddScriptLPS(1);
|
m_host.AddScriptLPS(1);
|
||||||
drawList += "FontSize "+ fontSize +"; ";
|
drawList += "FontSize "+ fontSize +"; ";
|
||||||
return drawList;
|
return drawList;
|
||||||
|
@ -502,12 +667,14 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
|
||||||
|
|
||||||
public string osSetPenSize(string drawList, int penSize)
|
public string osSetPenSize(string drawList, int penSize)
|
||||||
{
|
{
|
||||||
if (!m_ScriptEngine.Config.GetBoolean("AllowOSFunctions", false))
|
if (!m_OSFunctionsEnabled)
|
||||||
{
|
{
|
||||||
OSSLError("osSetPenSize: permission denied");
|
OSSLError("osSetPenSize: permission denied");
|
||||||
return String.Empty;
|
return String.Empty;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
CheckThreatLevel(ThreatLevel.None, "osSetPenSize");
|
||||||
|
|
||||||
m_host.AddScriptLPS(1);
|
m_host.AddScriptLPS(1);
|
||||||
drawList += "PenSize " + penSize + "; ";
|
drawList += "PenSize " + penSize + "; ";
|
||||||
return drawList;
|
return drawList;
|
||||||
|
@ -515,12 +682,14 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
|
||||||
|
|
||||||
public string osSetPenColour(string drawList, string colour)
|
public string osSetPenColour(string drawList, string colour)
|
||||||
{
|
{
|
||||||
if (!m_ScriptEngine.Config.GetBoolean("AllowOSFunctions", false))
|
if (!m_OSFunctionsEnabled)
|
||||||
{
|
{
|
||||||
OSSLError("osSetPenColour: permission denied");
|
OSSLError("osSetPenColour: permission denied");
|
||||||
return String.Empty;
|
return String.Empty;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
CheckThreatLevel(ThreatLevel.None, "osSetPenColour");
|
||||||
|
|
||||||
m_host.AddScriptLPS(1);
|
m_host.AddScriptLPS(1);
|
||||||
drawList += "PenColour " + colour + "; ";
|
drawList += "PenColour " + colour + "; ";
|
||||||
return drawList;
|
return drawList;
|
||||||
|
@ -528,12 +697,14 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
|
||||||
|
|
||||||
public string osDrawImage(string drawList, int width, int height, string imageUrl)
|
public string osDrawImage(string drawList, int width, int height, string imageUrl)
|
||||||
{
|
{
|
||||||
if (!m_ScriptEngine.Config.GetBoolean("AllowOSFunctions", false))
|
if (!m_OSFunctionsEnabled)
|
||||||
{
|
{
|
||||||
OSSLError("osDrawImage: permission denied");
|
OSSLError("osDrawImage: permission denied");
|
||||||
return String.Empty;
|
return String.Empty;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
CheckThreatLevel(ThreatLevel.None, "osDrawImage");
|
||||||
|
|
||||||
m_host.AddScriptLPS(1);
|
m_host.AddScriptLPS(1);
|
||||||
drawList +="Image " +width + "," + height+ ","+ imageUrl +"; " ;
|
drawList +="Image " +width + "," + height+ ","+ imageUrl +"; " ;
|
||||||
return drawList;
|
return drawList;
|
||||||
|
@ -541,23 +712,32 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
|
||||||
|
|
||||||
public void osSetStateEvents(int events)
|
public void osSetStateEvents(int events)
|
||||||
{
|
{
|
||||||
if (!m_ScriptEngine.Config.GetBoolean("AllowOSFunctions", false))
|
if (!m_OSFunctionsEnabled)
|
||||||
{
|
{
|
||||||
OSSLError("osSetStateEvents: permission denied");
|
OSSLError("osSetStateEvents: permission denied");
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// This function is a hack. There is no reason for it's existence
|
||||||
|
// anymore, since state events now work properly.
|
||||||
|
// It was probably added as a crutch or debugging aid, and
|
||||||
|
// should be removed
|
||||||
|
//
|
||||||
|
CheckThreatLevel(ThreatLevel.High, "osSetStateEvents");
|
||||||
|
|
||||||
m_host.SetScriptEvents(m_itemID, events);
|
m_host.SetScriptEvents(m_itemID, events);
|
||||||
}
|
}
|
||||||
|
|
||||||
public void osSetRegionWaterHeight(double height)
|
public void osSetRegionWaterHeight(double height)
|
||||||
{
|
{
|
||||||
if (!m_ScriptEngine.Config.GetBoolean("AllowOSFunctions", false))
|
if (!m_OSFunctionsEnabled)
|
||||||
{
|
{
|
||||||
OSSLError("osSetRegionWaterHeight: permission denied");
|
OSSLError("osSetRegionWaterHeight: permission denied");
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
CheckThreatLevel(ThreatLevel.High, "osSetRegionWaterHeight");
|
||||||
|
|
||||||
m_host.AddScriptLPS(1);
|
m_host.AddScriptLPS(1);
|
||||||
//Check to make sure that the script's owner is the estate manager/master
|
//Check to make sure that the script's owner is the estate manager/master
|
||||||
//World.Permissions.GenericEstatePermission(
|
//World.Permissions.GenericEstatePermission(
|
||||||
|
@ -569,12 +749,19 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
|
||||||
|
|
||||||
public double osList2Double(LSL_Types.list src, int index)
|
public double osList2Double(LSL_Types.list src, int index)
|
||||||
{
|
{
|
||||||
if (!m_ScriptEngine.Config.GetBoolean("AllowOSFunctions", false))
|
if (!m_OSFunctionsEnabled)
|
||||||
{
|
{
|
||||||
OSSLError("osList2Double: permission denied");
|
OSSLError("osList2Double: permission denied");
|
||||||
return 0.0;
|
return 0.0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// There is really no double type in OSSL. C# and other
|
||||||
|
// have one, but the current implementation of LSL_Types.list
|
||||||
|
// is not allowed to contain any.
|
||||||
|
// This really should be removed.
|
||||||
|
//
|
||||||
|
CheckThreatLevel(ThreatLevel.None, "osList2Double");
|
||||||
|
|
||||||
m_host.AddScriptLPS(1);
|
m_host.AddScriptLPS(1);
|
||||||
if (index < 0)
|
if (index < 0)
|
||||||
{
|
{
|
||||||
|
@ -589,12 +776,16 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
|
||||||
|
|
||||||
public void osSetParcelMediaURL(string url)
|
public void osSetParcelMediaURL(string url)
|
||||||
{
|
{
|
||||||
if (!m_ScriptEngine.Config.GetBoolean("AllowOSFunctions", false))
|
if (!m_OSFunctionsEnabled)
|
||||||
{
|
{
|
||||||
OSSLError("osSetParcelMediaURL: permission denied");
|
OSSLError("osSetParcelMediaURL: permission denied");
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// What actually is the difference to the LL function?
|
||||||
|
//
|
||||||
|
CheckThreatLevel(ThreatLevel.VeryLow, "osSetParcelMediaURL");
|
||||||
|
|
||||||
m_host.AddScriptLPS(1);
|
m_host.AddScriptLPS(1);
|
||||||
UUID landowner = World.GetLandOwner(m_host.AbsolutePosition.X, m_host.AbsolutePosition.Y);
|
UUID landowner = World.GetLandOwner(m_host.AbsolutePosition.X, m_host.AbsolutePosition.Y);
|
||||||
|
|
||||||
|
@ -611,24 +802,21 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
|
||||||
World.SetLandMediaURL(m_host.AbsolutePosition.X, m_host.AbsolutePosition.Y, url);
|
World.SetLandMediaURL(m_host.AbsolutePosition.X, m_host.AbsolutePosition.Y, url);
|
||||||
}
|
}
|
||||||
|
|
||||||
public Scene World
|
|
||||||
{
|
|
||||||
get { return m_ScriptEngine.World; }
|
|
||||||
}
|
|
||||||
|
|
||||||
internal void OSSLError(string msg)
|
|
||||||
{
|
|
||||||
throw new Exception("OSSL Runtime Error: " + msg);
|
|
||||||
}
|
|
||||||
|
|
||||||
public string osGetScriptEngineName()
|
public string osGetScriptEngineName()
|
||||||
{
|
{
|
||||||
if (!m_ScriptEngine.Config.GetBoolean("AllowOSFunctions", false))
|
if (!m_OSFunctionsEnabled)
|
||||||
{
|
{
|
||||||
OSSLError("osGetScriptEngineName: permission denied");
|
OSSLError("osGetScriptEngineName: permission denied");
|
||||||
return "";
|
return "";
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// This gets a "high" because knowing the engine may be used
|
||||||
|
// to exploit engine-specific bugs or induce usage patterns
|
||||||
|
// that trigger engine-specific failures.
|
||||||
|
// Besides, public grid users aren't supposed to know.
|
||||||
|
//
|
||||||
|
CheckThreatLevel(ThreatLevel.High, "osGetScriptEngineName");
|
||||||
|
|
||||||
m_host.AddScriptLPS(1);
|
m_host.AddScriptLPS(1);
|
||||||
|
|
||||||
int scriptEngineNameIndex = 0;
|
int scriptEngineNameIndex = 0;
|
||||||
|
@ -657,12 +845,18 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
|
||||||
//for testing purposes only
|
//for testing purposes only
|
||||||
public void osSetParcelMediaTime(double time)
|
public void osSetParcelMediaTime(double time)
|
||||||
{
|
{
|
||||||
if (!m_ScriptEngine.Config.GetBoolean("AllowOSFunctions", false))
|
if (!m_OSFunctionsEnabled)
|
||||||
{
|
{
|
||||||
OSSLError("osSetParcelMediaTime: permission denied");
|
OSSLError("osSetParcelMediaTime: permission denied");
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// This gets very high because I have no idea what it does.
|
||||||
|
// If someone knows, please adjust. If it;s no longer needed,
|
||||||
|
// please remove.
|
||||||
|
//
|
||||||
|
CheckThreatLevel(ThreatLevel.VeryHigh, "osSetParcelMediaTime");
|
||||||
|
|
||||||
m_host.AddScriptLPS(1);
|
m_host.AddScriptLPS(1);
|
||||||
|
|
||||||
World.ParcelMediaSetTime((float)time);
|
World.ParcelMediaSetTime((float)time);
|
||||||
|
|
|
@ -677,6 +677,8 @@ AllowedCompilers = lsl,vb,js,cs
|
||||||
CompileWithDebugInformation = true
|
CompileWithDebugInformation = true
|
||||||
; Allow the use of os* functions (some are dangerous)
|
; Allow the use of os* functions (some are dangerous)
|
||||||
AllowOSFunctions = false
|
AllowOSFunctions = false
|
||||||
|
; Threat level to allow, one of None, VeryLow, Low, Moderate, High, VeryHigh, Severe
|
||||||
|
OSFunctionThreatLevel = VeryLow
|
||||||
; Interval (s) between background save of script states
|
; Interval (s) between background save of script states
|
||||||
SaveInterval = 120
|
SaveInterval = 120
|
||||||
; Interval (s) between maintenance runs (0 = disable)
|
; Interval (s) between maintenance runs (0 = disable)
|
||||||
|
@ -685,8 +687,6 @@ MaintenanceInterval = 10
|
||||||
EventLimit = 30
|
EventLimit = 30
|
||||||
; If a script overruns it's event limit, kill the script?
|
; If a script overruns it's event limit, kill the script?
|
||||||
KillTimedOutScripts = false
|
KillTimedOutScripts = false
|
||||||
; Allow OS console command functionality (VERY DANGEROUS!!)
|
|
||||||
AllowosConsoleCommand = false
|
|
||||||
; Sets the multiplier for the scripting delays
|
; Sets the multiplier for the scripting delays
|
||||||
ScriptDelayFactor = 1.0
|
ScriptDelayFactor = 1.0
|
||||||
; The factor the 10 m distances llimits are multiplied by
|
; The factor the 10 m distances llimits are multiplied by
|
||||||
|
|
Loading…
Reference in New Issue