More HG2.0: Added permission policies in HGAsset Service based on asset types. The policies are given in the config. This is only half of the story. The other half, pertaining to exports/imports made by the sim, will be done next.
parent
967d42d393
commit
3089b6d824
|
@ -93,6 +93,7 @@ namespace OpenSim.Region.CoreModules.Framework.InventoryAccess
|
||||||
if (!url.EndsWith("/") && !url.EndsWith("="))
|
if (!url.EndsWith("/") && !url.EndsWith("="))
|
||||||
url = url + "/";
|
url = url + "/";
|
||||||
|
|
||||||
|
bool success = true;
|
||||||
// See long comment in AssetCache.AddAsset
|
// See long comment in AssetCache.AddAsset
|
||||||
if (!asset.Temporary || asset.Local)
|
if (!asset.Temporary || asset.Local)
|
||||||
{
|
{
|
||||||
|
@ -103,14 +104,7 @@ namespace OpenSim.Region.CoreModules.Framework.InventoryAccess
|
||||||
// not having a global naming infrastructure
|
// not having a global naming infrastructure
|
||||||
AssetBase asset1 = new AssetBase(asset.FullID, asset.Name, asset.Type, asset.Metadata.CreatorID);
|
AssetBase asset1 = new AssetBase(asset.FullID, asset.Name, asset.Type, asset.Metadata.CreatorID);
|
||||||
Copy(asset, asset1);
|
Copy(asset, asset1);
|
||||||
try
|
|
||||||
{
|
|
||||||
asset1.ID = url + asset.ID;
|
asset1.ID = url + asset.ID;
|
||||||
}
|
|
||||||
catch
|
|
||||||
{
|
|
||||||
m_log.Warn("[HG ASSET MAPPER]: Oops.");
|
|
||||||
}
|
|
||||||
|
|
||||||
AdjustIdentifiers(asset1.Metadata);
|
AdjustIdentifiers(asset1.Metadata);
|
||||||
if (asset1.Metadata.Type == (sbyte)AssetType.Object)
|
if (asset1.Metadata.Type == (sbyte)AssetType.Object)
|
||||||
|
@ -118,10 +112,16 @@ namespace OpenSim.Region.CoreModules.Framework.InventoryAccess
|
||||||
else
|
else
|
||||||
asset1.Data = asset.Data;
|
asset1.Data = asset.Data;
|
||||||
|
|
||||||
m_scene.AssetService.Store(asset1);
|
string id = m_scene.AssetService.Store(asset1);
|
||||||
|
if (id == UUID.Zero.ToString())
|
||||||
|
{
|
||||||
|
m_log.DebugFormat("[HG ASSET MAPPER]: Asset server {0} did not accept {1}", url, asset.ID);
|
||||||
|
success = false;
|
||||||
|
}
|
||||||
|
else
|
||||||
m_log.DebugFormat("[HG ASSET MAPPER]: Posted copy of asset {0} from local asset server to {1}", asset1.ID, url);
|
m_log.DebugFormat("[HG ASSET MAPPER]: Posted copy of asset {0} from local asset server to {1}", asset1.ID, url);
|
||||||
}
|
}
|
||||||
return true;
|
return success;
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
m_log.Warn("[HG ASSET MAPPER]: Tried to post asset to remote server, but asset not in local cache.");
|
m_log.Warn("[HG ASSET MAPPER]: Tried to post asset to remote server, but asset not in local cache.");
|
||||||
|
@ -259,16 +259,20 @@ namespace OpenSim.Region.CoreModules.Framework.InventoryAccess
|
||||||
Dictionary<UUID, AssetType> ids = new Dictionary<UUID, AssetType>();
|
Dictionary<UUID, AssetType> ids = new Dictionary<UUID, AssetType>();
|
||||||
HGUuidGatherer uuidGatherer = new HGUuidGatherer(this, m_scene.AssetService, string.Empty);
|
HGUuidGatherer uuidGatherer = new HGUuidGatherer(this, m_scene.AssetService, string.Empty);
|
||||||
uuidGatherer.GatherAssetUuids(asset.FullID, (AssetType)asset.Type, ids);
|
uuidGatherer.GatherAssetUuids(asset.FullID, (AssetType)asset.Type, ids);
|
||||||
|
bool success = false;
|
||||||
foreach (UUID uuid in ids.Keys)
|
foreach (UUID uuid in ids.Keys)
|
||||||
{
|
{
|
||||||
asset = m_scene.AssetService.Get(uuid.ToString());
|
asset = m_scene.AssetService.Get(uuid.ToString());
|
||||||
if (asset == null)
|
if (asset == null)
|
||||||
m_log.DebugFormat("[HG ASSET MAPPER]: Could not find asset {0}", uuid);
|
m_log.DebugFormat("[HG ASSET MAPPER]: Could not find asset {0}", uuid);
|
||||||
else
|
else
|
||||||
PostAsset(userAssetURL, asset);
|
success = PostAsset(userAssetURL, asset);
|
||||||
}
|
}
|
||||||
|
|
||||||
// maybe all pieces got there...
|
// maybe all pieces got there...
|
||||||
|
if (!success)
|
||||||
|
m_log.DebugFormat("[HG ASSET MAPPER]: Problems posting item {0} to asset server {1}", assetID, userAssetURL);
|
||||||
|
else
|
||||||
m_log.DebugFormat("[HG ASSET MAPPER]: Successfully posted item {0} to asset server {1}", assetID, userAssetURL);
|
m_log.DebugFormat("[HG ASSET MAPPER]: Successfully posted item {0} to asset server {1}", assetID, userAssetURL);
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -58,6 +58,9 @@ namespace OpenSim.Services.HypergridService
|
||||||
|
|
||||||
private UserAccountCache m_Cache;
|
private UserAccountCache m_Cache;
|
||||||
|
|
||||||
|
private bool[] m_DisallowGET, m_DisallowPOST;
|
||||||
|
private string[] m_AssetTypeNames;
|
||||||
|
|
||||||
public HGAssetService(IConfigSource config, string configName) : base(config, configName)
|
public HGAssetService(IConfigSource config, string configName) : base(config, configName)
|
||||||
{
|
{
|
||||||
m_log.Debug("[HGAsset Service]: Starting");
|
m_log.Debug("[HGAsset Service]: Starting");
|
||||||
|
@ -80,6 +83,34 @@ namespace OpenSim.Services.HypergridService
|
||||||
m_HomeURL = assetConfig.GetString("HomeURI", m_HomeURL);
|
m_HomeURL = assetConfig.GetString("HomeURI", m_HomeURL);
|
||||||
|
|
||||||
m_Cache = UserAccountCache.CreateUserAccountCache(m_UserAccountService);
|
m_Cache = UserAccountCache.CreateUserAccountCache(m_UserAccountService);
|
||||||
|
|
||||||
|
// Permissions
|
||||||
|
Type enumType = typeof(AssetType);
|
||||||
|
m_AssetTypeNames = Enum.GetNames(enumType);
|
||||||
|
for (int i = 0; i < m_AssetTypeNames.Length; i++)
|
||||||
|
m_AssetTypeNames[i] = m_AssetTypeNames[i].ToLower();
|
||||||
|
int n = Enum.GetValues(enumType).Length;
|
||||||
|
m_DisallowGET = new bool[n];
|
||||||
|
m_DisallowPOST = new bool[n];
|
||||||
|
|
||||||
|
LoadPermsFromConfig(assetConfig, "DisallowGET", m_DisallowGET);
|
||||||
|
LoadPermsFromConfig(assetConfig, "DisallowPOST", m_DisallowPOST);
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
private void LoadPermsFromConfig(IConfig assetConfig, string variable, bool[] bitArray)
|
||||||
|
{
|
||||||
|
string perms = assetConfig.GetString(variable, String.Empty);
|
||||||
|
string[] parts = perms.Split(new char[] {','}, StringSplitOptions.RemoveEmptyEntries);
|
||||||
|
foreach (string s in parts)
|
||||||
|
{
|
||||||
|
int index = Array.IndexOf(m_AssetTypeNames, s.Trim().ToLower());
|
||||||
|
if (index >= 0)
|
||||||
|
bitArray[index] = true;
|
||||||
|
else
|
||||||
|
m_log.WarnFormat("[HGAsset Service]: Invalid AssetType {0}", s);
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
#region IAssetService overrides
|
#region IAssetService overrides
|
||||||
|
@ -90,6 +121,9 @@ namespace OpenSim.Services.HypergridService
|
||||||
if (asset == null)
|
if (asset == null)
|
||||||
return null;
|
return null;
|
||||||
|
|
||||||
|
if (!AllowedGet(asset.Type))
|
||||||
|
return null;
|
||||||
|
|
||||||
if (asset.Metadata.Type == (sbyte)AssetType.Object)
|
if (asset.Metadata.Type == (sbyte)AssetType.Object)
|
||||||
asset.Data = AdjustIdentifiers(asset.Data); ;
|
asset.Data = AdjustIdentifiers(asset.Data); ;
|
||||||
|
|
||||||
|
@ -112,16 +146,27 @@ namespace OpenSim.Services.HypergridService
|
||||||
|
|
||||||
public override byte[] GetData(string id)
|
public override byte[] GetData(string id)
|
||||||
{
|
{
|
||||||
byte[] data = base.GetData(id);
|
AssetBase asset = Get(id);
|
||||||
|
|
||||||
if (data == null)
|
if (asset == null)
|
||||||
return null;
|
return null;
|
||||||
|
|
||||||
return AdjustIdentifiers(data);
|
if (!AllowedGet(asset.Type))
|
||||||
|
return null;
|
||||||
|
|
||||||
|
return asset.Data;
|
||||||
}
|
}
|
||||||
|
|
||||||
//public virtual bool Get(string id, Object sender, AssetRetrieved handler)
|
//public virtual bool Get(string id, Object sender, AssetRetrieved handler)
|
||||||
|
|
||||||
|
public override string Store(AssetBase asset)
|
||||||
|
{
|
||||||
|
if (!AllowedPost(asset.Type))
|
||||||
|
return UUID.Zero.ToString();
|
||||||
|
|
||||||
|
return base.Store(asset);
|
||||||
|
}
|
||||||
|
|
||||||
public override bool Delete(string id)
|
public override bool Delete(string id)
|
||||||
{
|
{
|
||||||
// NOGO
|
// NOGO
|
||||||
|
@ -130,6 +175,34 @@ namespace OpenSim.Services.HypergridService
|
||||||
|
|
||||||
#endregion
|
#endregion
|
||||||
|
|
||||||
|
protected bool AllowedGet(sbyte type)
|
||||||
|
{
|
||||||
|
string assetTypeName = ((AssetType)type).ToString();
|
||||||
|
|
||||||
|
int index = Array.IndexOf(m_AssetTypeNames, assetTypeName.ToLower());
|
||||||
|
if (index >= 0 && m_DisallowGET[index])
|
||||||
|
{
|
||||||
|
m_log.DebugFormat("[HGAsset Service]: GET denied: service does not allow export of AssetType {0}", assetTypeName);
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
protected bool AllowedPost(sbyte type)
|
||||||
|
{
|
||||||
|
string assetTypeName = ((AssetType)type).ToString();
|
||||||
|
|
||||||
|
int index = Array.IndexOf(m_AssetTypeNames, assetTypeName.ToLower());
|
||||||
|
if (index >= 0 && m_DisallowPOST[index])
|
||||||
|
{
|
||||||
|
m_log.DebugFormat("[HGAsset Service]: POST denied: service does not allow import of AssetType {0}", assetTypeName);
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
protected void AdjustIdentifiers(AssetMetadata meta)
|
protected void AdjustIdentifiers(AssetMetadata meta)
|
||||||
{
|
{
|
||||||
if (meta == null || m_Cache == null)
|
if (meta == null || m_Cache == null)
|
||||||
|
|
|
@ -437,6 +437,16 @@ ServiceConnectors = "8003/OpenSim.Server.Handlers.dll:AssetServiceConnector,8003
|
||||||
UserAccountsService = "OpenSim.Services.UserAccountService.dll:UserAccountService"
|
UserAccountsService = "OpenSim.Services.UserAccountService.dll:UserAccountService"
|
||||||
HomeURI = "http://127.0.0.1:8002"
|
HomeURI = "http://127.0.0.1:8002"
|
||||||
|
|
||||||
|
;; The asset types that other grids can get from / post to this service.
|
||||||
|
;; Valid values are all the asset types in OpenMetaverse.AssetType, namely:
|
||||||
|
;; Unknown, Texture, Sound, CallingCard, Landmark, Clothing, Object, Notecard, LSLText, LSLBytecode, TextureTGA, Bodypart, SoundWAV, ImageTGA, ImageJPEG, Animation, Gesture, Mesh
|
||||||
|
;;
|
||||||
|
;; Leave blank or commented if you don't want to apply any restrictions.
|
||||||
|
;; A more strict, but still reasonable, policy may be to disallow the exchange
|
||||||
|
;; of scripts, like so:
|
||||||
|
; DisallowGET ="LSLText"
|
||||||
|
; DisallowPOST ="LSLBytecode"
|
||||||
|
|
||||||
[HGFriendsService]
|
[HGFriendsService]
|
||||||
LocalServiceModule = "OpenSim.Services.HypergridService.dll:HGFriendsService"
|
LocalServiceModule = "OpenSim.Services.HypergridService.dll:HGFriendsService"
|
||||||
UserAgentService = "OpenSim.Services.HypergridService.dll:UserAgentService"
|
UserAgentService = "OpenSim.Services.HypergridService.dll:UserAgentService"
|
||||||
|
|
|
@ -53,6 +53,17 @@
|
||||||
[HGAssetService]
|
[HGAssetService]
|
||||||
HomeURI = "http://127.0.0.1:9000"
|
HomeURI = "http://127.0.0.1:9000"
|
||||||
|
|
||||||
|
;; The asset types that other grids can get from / post to this service.
|
||||||
|
;; Valid values are all the asset types in OpenMetaverse.AssetType, namely:
|
||||||
|
;; Unknown, Texture, Sound, CallingCard, Landmark, Clothing, Object, Notecard, LSLText, LSLBytecode, TextureTGA, Bodypart, SoundWAV, ImageTGA, ImageJPEG, Animation, Gesture, Mesh
|
||||||
|
;;
|
||||||
|
;; Leave blank or commented if you don't want to apply any restrictions.
|
||||||
|
;; A more strict, but still reasonable, policy may be to disallow the exchange
|
||||||
|
;; of scripts, like so:
|
||||||
|
; DisallowGET ="LSLText"
|
||||||
|
; DisallowPOST ="LSLBytecode"
|
||||||
|
|
||||||
|
|
||||||
[HGInventoryAccessModule]
|
[HGInventoryAccessModule]
|
||||||
HomeURI = "http://127.0.0.1:9000"
|
HomeURI = "http://127.0.0.1:9000"
|
||||||
Gatekeeper = "http://127.0.0.1:9000"
|
Gatekeeper = "http://127.0.0.1:9000"
|
||||||
|
|
Loading…
Reference in New Issue