Thank you, thomax, for a patch to provide finer-grained access control to
scripting. Fixes Mantis #28620.6.6-post-fixes
parent
d3ae3d7e72
commit
9f932a4205
|
@ -87,6 +87,11 @@ namespace OpenSim.Region.CoreModules.World.Permissions
|
|||
/// permissions are not being bypassed. This overrides normal permissions.-
|
||||
/// </value>
|
||||
private UserSet m_allowedScriptEditors = UserSet.All;
|
||||
|
||||
private Dictionary<string, bool> GrantLSL = new Dictionary<string, bool>();
|
||||
private Dictionary<string, bool> GrantCS = new Dictionary<string, bool>();
|
||||
private Dictionary<string, bool> GrantVB = new Dictionary<string, bool>();
|
||||
private Dictionary<string, bool> GrantJS = new Dictionary<string, bool>();
|
||||
|
||||
#endregion
|
||||
|
||||
|
@ -143,6 +148,7 @@ namespace OpenSim.Region.CoreModules.World.Permissions
|
|||
m_scene.Permissions.OnRezObject += CanRezObject; //MAYBE FULLY IMPLEMENTED
|
||||
m_scene.Permissions.OnRunConsoleCommand += CanRunConsoleCommand;
|
||||
m_scene.Permissions.OnRunScript += CanRunScript; //NOT YET IMPLEMENTED
|
||||
m_scene.Permissions.OnCompileScript += CanCompileScript;
|
||||
m_scene.Permissions.OnSellParcel += CanSellParcel;
|
||||
m_scene.Permissions.OnTakeObject += CanTakeObject;
|
||||
m_scene.Permissions.OnTakeCopyObject += CanTakeCopyObject;
|
||||
|
@ -184,6 +190,40 @@ namespace OpenSim.Region.CoreModules.World.Permissions
|
|||
"debug permissions <true / false>",
|
||||
"Enable permissions debugging",
|
||||
HandleDebugPermissions);
|
||||
|
||||
|
||||
string grant = myConfig.GetString("GrantLSL","");
|
||||
if(grant.Length > 0) {
|
||||
foreach (string uuidl in grant.Split(',')) {
|
||||
string uuid = uuidl.Trim(" \t".ToCharArray());
|
||||
GrantLSL.Add(uuid, true);
|
||||
}
|
||||
}
|
||||
|
||||
grant = myConfig.GetString("GrantCS","");
|
||||
if(grant.Length > 0) {
|
||||
foreach (string uuidl in grant.Split(',')) {
|
||||
string uuid = uuidl.Trim(" \t".ToCharArray());
|
||||
GrantCS.Add(uuid, true);
|
||||
}
|
||||
}
|
||||
|
||||
grant = myConfig.GetString("GrantVB","");
|
||||
if(grant.Length > 0) {
|
||||
foreach (string uuidl in grant.Split(',')) {
|
||||
string uuid = uuidl.Trim(" \t".ToCharArray());
|
||||
GrantVB.Add(uuid, true);
|
||||
}
|
||||
}
|
||||
|
||||
grant = myConfig.GetString("GrantJS","");
|
||||
if(grant.Length > 0) {
|
||||
foreach (string uuidl in grant.Split(',')) {
|
||||
string uuid = uuidl.Trim(" \t".ToCharArray());
|
||||
GrantJS.Add(uuid, true);
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
public void HandleBypassPermissions(string module, string[] args)
|
||||
|
@ -1584,5 +1624,34 @@ namespace OpenSim.Region.CoreModules.World.Permissions
|
|||
|
||||
return GenericParcelPermission(client.AgentId, parcel);
|
||||
}
|
||||
|
||||
private bool CanCompileScript(UUID ownerUUID, int scriptType, Scene scene) {
|
||||
//m_log.DebugFormat("check if {0} is allowed to compile {1}", ownerUUID, scriptType);
|
||||
switch(scriptType) {
|
||||
case 0:
|
||||
if(GrantLSL.Count == 0 || GrantLSL.ContainsKey(ownerUUID.ToString())) {
|
||||
return(true);
|
||||
}
|
||||
break;
|
||||
case 1:
|
||||
if(GrantCS.Count == 0 || GrantCS.ContainsKey(ownerUUID.ToString())) {
|
||||
return(true);
|
||||
}
|
||||
break;
|
||||
case 2:
|
||||
if(GrantVB.Count == 0 || GrantVB.ContainsKey(ownerUUID.ToString())) {
|
||||
return(true);
|
||||
}
|
||||
break;
|
||||
case 3:
|
||||
if(GrantJS.Count == 0 || GrantJS.ContainsKey(ownerUUID.ToString())) {
|
||||
return(true);
|
||||
}
|
||||
break;
|
||||
}
|
||||
return(false);
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
}
|
||||
|
|
|
@ -56,6 +56,7 @@ namespace OpenSim.Region.Framework.Scenes
|
|||
public delegate bool EditScriptHandler(UUID script, UUID objectID, UUID user, Scene scene);
|
||||
public delegate bool EditNotecardHandler(UUID notecard, UUID objectID, UUID user, Scene scene);
|
||||
public delegate bool RunScriptHandler(UUID script, UUID objectID, UUID user, Scene scene);
|
||||
public delegate bool CompileScriptHandler(UUID ownerUUID, int scriptType, Scene scene);
|
||||
public delegate bool StartScriptHandler(UUID script, UUID user, Scene scene);
|
||||
public delegate bool StopScriptHandler(UUID script, UUID user, Scene scene);
|
||||
public delegate bool ResetScriptHandler(UUID prim, UUID script, UUID user, Scene scene);
|
||||
|
@ -113,6 +114,7 @@ namespace OpenSim.Region.Framework.Scenes
|
|||
public event EditScriptHandler OnEditScript;
|
||||
public event EditNotecardHandler OnEditNotecard;
|
||||
public event RunScriptHandler OnRunScript;
|
||||
public event CompileScriptHandler OnCompileScript;
|
||||
public event StartScriptHandler OnStartScript;
|
||||
public event StopScriptHandler OnStopScript;
|
||||
public event ResetScriptHandler OnResetScript;
|
||||
|
@ -510,6 +512,24 @@ namespace OpenSim.Region.Framework.Scenes
|
|||
|
||||
#endregion
|
||||
|
||||
#region COMPILE SCRIPT (When Script needs to get (re)compiled)
|
||||
public bool CanCompileScript(UUID ownerUUID, int scriptType)
|
||||
{
|
||||
CompileScriptHandler handler = OnCompileScript;
|
||||
if (handler != null)
|
||||
{
|
||||
Delegate[] list = handler.GetInvocationList();
|
||||
foreach (CompileScriptHandler h in list)
|
||||
{
|
||||
if (h(ownerUUID, scriptType, m_scene) == false)
|
||||
return false;
|
||||
}
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
#endregion
|
||||
|
||||
#region START SCRIPT (When Script run box is Checked after placed in object)
|
||||
public bool CanStartScript(UUID script, UUID user)
|
||||
{
|
||||
|
|
|
@ -153,7 +153,7 @@ namespace OpenSim.Region.ScriptEngine.DotNetEngine
|
|||
// Compile (We assume LSL)
|
||||
CompiledScriptFile =
|
||||
LSLCompiler.PerformScriptCompile(Script,
|
||||
assetID.ToString());
|
||||
assetID.ToString(), taskInventoryItem.OwnerID);
|
||||
|
||||
if (presence != null && (!postOnRez))
|
||||
presence.ControllingClient.SendAgentAlertMessage(
|
||||
|
|
|
@ -27,13 +27,14 @@
|
|||
|
||||
using System;
|
||||
using System.Collections.Generic;
|
||||
using OpenMetaverse;
|
||||
using Nini.Config;
|
||||
|
||||
namespace OpenSim.Region.ScriptEngine.Interfaces
|
||||
{
|
||||
public interface ICompiler
|
||||
{
|
||||
string PerformScriptCompile(string source, string asset);
|
||||
string PerformScriptCompile(string source, string asset, UUID ownerID);
|
||||
string[] GetWarnings();
|
||||
Dictionary<KeyValuePair<int, int>, KeyValuePair<int, int>>
|
||||
LineMap();
|
||||
|
|
|
@ -37,6 +37,7 @@ using Microsoft.VisualBasic;
|
|||
using log4net;
|
||||
using OpenSim.Region.Framework.Interfaces;
|
||||
using OpenSim.Region.ScriptEngine.Interfaces;
|
||||
using OpenMetaverse;
|
||||
|
||||
namespace OpenSim.Region.ScriptEngine.Shared.CodeTools
|
||||
{
|
||||
|
@ -263,7 +264,7 @@ namespace OpenSim.Region.ScriptEngine.Shared.CodeTools
|
|||
/// </summary>
|
||||
/// <param name="Script">LSL script</param>
|
||||
/// <returns>Filename to .dll assembly</returns>
|
||||
public string PerformScriptCompile(string Script, string asset)
|
||||
public string PerformScriptCompile(string Script, string asset, UUID ownerUUID)
|
||||
{
|
||||
m_positionMap = null;
|
||||
m_warnings.Clear();
|
||||
|
@ -341,6 +342,13 @@ namespace OpenSim.Region.ScriptEngine.Shared.CodeTools
|
|||
throw new Exception(errtext);
|
||||
}
|
||||
|
||||
if(m_scriptEngine.World.Permissions.CanCompileScript(ownerUUID, (int)l) == false) {
|
||||
// Not allowed to compile to this language!
|
||||
string errtext = String.Empty;
|
||||
errtext += ownerUUID + " is not in list of allowed users for this scripting language. Script will not be executed!";
|
||||
throw new Exception(errtext);
|
||||
}
|
||||
|
||||
string compileScript = Script;
|
||||
|
||||
if (l == enumCompileType.lsl)
|
||||
|
|
|
@ -579,7 +579,7 @@ namespace OpenSim.Region.ScriptEngine.XEngine
|
|||
lock (m_AddingAssemblies)
|
||||
{
|
||||
assembly = m_Compiler.PerformScriptCompile(script,
|
||||
assetID.ToString());
|
||||
assetID.ToString(), item.OwnerID);
|
||||
if (!m_AddingAssemblies.ContainsKey(assembly)) {
|
||||
m_AddingAssemblies[assembly] = 1;
|
||||
} else {
|
||||
|
|
Loading…
Reference in New Issue