OpenSim
/
OpenSimMirror
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Change the semantics of the Allow_* os function control. Omitting a function 

causes defautlt behavior. "true" now means usable unconditionally, "false"
means disabled, and a list of UUIDs restricts it.
This changes SECURITY! If you used "true" here before, you shoudl review
your setup!
0.6.1-post-fixes
Melanie Thielker 2008-11-17 04:23:03 +00:00
parent 840ef17b8d
commit 928d003bf5
2 changed files with 37 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
OpenSim/Region/ScriptEngine/Shared/Api/Implementation/OSSL_Api.cs
View File

@ -187,14 +187,23 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
if (!m_FunctionPerms.ContainsKey(function)) if (!m_FunctionPerms.ContainsKey(function))
{ {
string perm = m_ScriptEngine.Config.GetString("Allow_"+function, "true"); string perm = m_ScriptEngine.Config.GetString("Allow_"+function, "");
if (perm == "")
{
m_FunctionPerms[function] = null; // a null value is default
}
else
{
bool allowed; bool allowed;
if (bool.TryParse(perm, out allowed)) if (bool.TryParse(perm, out allowed))
{ {
// Boolean given // Boolean given
if (allowed) if (allowed)
m_FunctionPerms[function] = null; // a null value is all {
m_FunctionPerms[function] = new List<UUID>();
m_FunctionPerms[function].Add(UUID.Zero);
}
else else
m_FunctionPerms[function] = new List<UUID>(); // Empty list = none m_FunctionPerms[function] = new List<UUID>(); // Empty list = none
} }
@ -210,11 +219,13 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
if (UUID.TryParse(current, out uuid)) if (UUID.TryParse(current, out uuid))
{ {
if (uuid != uuid.Zero)
m_FunctionPerms[function].Add(uuid); m_FunctionPerms[function].Add(uuid);
} }
} }
} }
} }
}
// If the list is null, then the value was true / undefined // If the list is null, then the value was true / undefined
// Threat level governs permissions in this case // Threat level governs permissions in this case
@ -223,17 +234,22 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
// to use that particular function. False causes an empty // to use that particular function. False causes an empty
// list and therefore means "no one" // list and therefore means "no one"
// //
// To allow use by anyone, the list contains UUID.Zero
//
if (m_FunctionPerms[function] == null) // No list = true if (m_FunctionPerms[function] == null) // No list = true
{ {
if (level > m_MaxThreatLevel) if (level > m_MaxThreatLevel)
throw new Exception("Threat level too high - "+function); throw new Exception("Threat level too high - "+function);
} }
else else
{
if (!m_FunctionPerms[function].Contains(UUID.Zero))
{ {
if (!m_FunctionPerms[function].Contains(m_host.OwnerID)) if (!m_FunctionPerms[function].Contains(m_host.OwnerID))
throw new Exception("Threat level too high - "+function); throw new Exception("Threat level too high - "+function);
} }
} }
}
protected void ScriptSleep(int delay) protected void ScriptSleep(int delay)
{ {

3
bin/OpenSim.ini.example
View File

@ -835,8 +835,9 @@
; OS Functions enable/disable ; OS Functions enable/disable
; For each function, you can add one line, as shown ; For each function, you can add one line, as shown
; The default for all functions allows them if below threat level
; true is the default for all functions, and allows them if below threat level ; true allows the use of the function unconditionally
; Allow_osSetRegionWaterHeight = true ; Allow_osSetRegionWaterHeight = true
; false disables the function completely ; false disables the function completely