Thank you, thomax, for a patch to provide finer-grained access control to

scripting.
Fixes Mantis #2862
0.6.6-post-fixes
Melanie Thielker 2009-06-05 09:47:42 +00:00
parent d3ae3d7e72
commit 9f932a4205
6 changed files with 102 additions and 4 deletions

View File

@ -87,6 +87,11 @@ namespace OpenSim.Region.CoreModules.World.Permissions
/// permissions are not being bypassed. This overrides normal permissions.- /// permissions are not being bypassed. This overrides normal permissions.-
/// </value> /// </value>
private UserSet m_allowedScriptEditors = UserSet.All; private UserSet m_allowedScriptEditors = UserSet.All;
private Dictionary<string, bool> GrantLSL = new Dictionary<string, bool>();
private Dictionary<string, bool> GrantCS = new Dictionary<string, bool>();
private Dictionary<string, bool> GrantVB = new Dictionary<string, bool>();
private Dictionary<string, bool> GrantJS = new Dictionary<string, bool>();
#endregion #endregion
@ -143,6 +148,7 @@ namespace OpenSim.Region.CoreModules.World.Permissions
m_scene.Permissions.OnRezObject += CanRezObject; //MAYBE FULLY IMPLEMENTED m_scene.Permissions.OnRezObject += CanRezObject; //MAYBE FULLY IMPLEMENTED
m_scene.Permissions.OnRunConsoleCommand += CanRunConsoleCommand; m_scene.Permissions.OnRunConsoleCommand += CanRunConsoleCommand;
m_scene.Permissions.OnRunScript += CanRunScript; //NOT YET IMPLEMENTED m_scene.Permissions.OnRunScript += CanRunScript; //NOT YET IMPLEMENTED
m_scene.Permissions.OnCompileScript += CanCompileScript;
m_scene.Permissions.OnSellParcel += CanSellParcel; m_scene.Permissions.OnSellParcel += CanSellParcel;
m_scene.Permissions.OnTakeObject += CanTakeObject; m_scene.Permissions.OnTakeObject += CanTakeObject;
m_scene.Permissions.OnTakeCopyObject += CanTakeCopyObject; m_scene.Permissions.OnTakeCopyObject += CanTakeCopyObject;
@ -184,6 +190,40 @@ namespace OpenSim.Region.CoreModules.World.Permissions
"debug permissions <true / false>", "debug permissions <true / false>",
"Enable permissions debugging", "Enable permissions debugging",
HandleDebugPermissions); HandleDebugPermissions);
string grant = myConfig.GetString("GrantLSL","");
if(grant.Length > 0) {
foreach (string uuidl in grant.Split(',')) {
string uuid = uuidl.Trim(" \t".ToCharArray());
GrantLSL.Add(uuid, true);
}
}
grant = myConfig.GetString("GrantCS","");
if(grant.Length > 0) {
foreach (string uuidl in grant.Split(',')) {
string uuid = uuidl.Trim(" \t".ToCharArray());
GrantCS.Add(uuid, true);
}
}
grant = myConfig.GetString("GrantVB","");
if(grant.Length > 0) {
foreach (string uuidl in grant.Split(',')) {
string uuid = uuidl.Trim(" \t".ToCharArray());
GrantVB.Add(uuid, true);
}
}
grant = myConfig.GetString("GrantJS","");
if(grant.Length > 0) {
foreach (string uuidl in grant.Split(',')) {
string uuid = uuidl.Trim(" \t".ToCharArray());
GrantJS.Add(uuid, true);
}
}
} }
public void HandleBypassPermissions(string module, string[] args) public void HandleBypassPermissions(string module, string[] args)
@ -1584,5 +1624,34 @@ namespace OpenSim.Region.CoreModules.World.Permissions
return GenericParcelPermission(client.AgentId, parcel); return GenericParcelPermission(client.AgentId, parcel);
} }
private bool CanCompileScript(UUID ownerUUID, int scriptType, Scene scene) {
//m_log.DebugFormat("check if {0} is allowed to compile {1}", ownerUUID, scriptType);
switch(scriptType) {
case 0:
if(GrantLSL.Count == 0 || GrantLSL.ContainsKey(ownerUUID.ToString())) {
return(true);
}
break;
case 1:
if(GrantCS.Count == 0 || GrantCS.ContainsKey(ownerUUID.ToString())) {
return(true);
}
break;
case 2:
if(GrantVB.Count == 0 || GrantVB.ContainsKey(ownerUUID.ToString())) {
return(true);
}
break;
case 3:
if(GrantJS.Count == 0 || GrantJS.ContainsKey(ownerUUID.ToString())) {
return(true);
}
break;
}
return(false);
}
} }
} }

View File

@ -56,6 +56,7 @@ namespace OpenSim.Region.Framework.Scenes
public delegate bool EditScriptHandler(UUID script, UUID objectID, UUID user, Scene scene); public delegate bool EditScriptHandler(UUID script, UUID objectID, UUID user, Scene scene);
public delegate bool EditNotecardHandler(UUID notecard, UUID objectID, UUID user, Scene scene); public delegate bool EditNotecardHandler(UUID notecard, UUID objectID, UUID user, Scene scene);
public delegate bool RunScriptHandler(UUID script, UUID objectID, UUID user, Scene scene); public delegate bool RunScriptHandler(UUID script, UUID objectID, UUID user, Scene scene);
public delegate bool CompileScriptHandler(UUID ownerUUID, int scriptType, Scene scene);
public delegate bool StartScriptHandler(UUID script, UUID user, Scene scene); public delegate bool StartScriptHandler(UUID script, UUID user, Scene scene);
public delegate bool StopScriptHandler(UUID script, UUID user, Scene scene); public delegate bool StopScriptHandler(UUID script, UUID user, Scene scene);
public delegate bool ResetScriptHandler(UUID prim, UUID script, UUID user, Scene scene); public delegate bool ResetScriptHandler(UUID prim, UUID script, UUID user, Scene scene);
@ -113,6 +114,7 @@ namespace OpenSim.Region.Framework.Scenes
public event EditScriptHandler OnEditScript; public event EditScriptHandler OnEditScript;
public event EditNotecardHandler OnEditNotecard; public event EditNotecardHandler OnEditNotecard;
public event RunScriptHandler OnRunScript; public event RunScriptHandler OnRunScript;
public event CompileScriptHandler OnCompileScript;
public event StartScriptHandler OnStartScript; public event StartScriptHandler OnStartScript;
public event StopScriptHandler OnStopScript; public event StopScriptHandler OnStopScript;
public event ResetScriptHandler OnResetScript; public event ResetScriptHandler OnResetScript;
@ -510,6 +512,24 @@ namespace OpenSim.Region.Framework.Scenes
#endregion #endregion
#region COMPILE SCRIPT (When Script needs to get (re)compiled)
public bool CanCompileScript(UUID ownerUUID, int scriptType)
{
CompileScriptHandler handler = OnCompileScript;
if (handler != null)
{
Delegate[] list = handler.GetInvocationList();
foreach (CompileScriptHandler h in list)
{
if (h(ownerUUID, scriptType, m_scene) == false)
return false;
}
}
return true;
}
#endregion
#region START SCRIPT (When Script run box is Checked after placed in object) #region START SCRIPT (When Script run box is Checked after placed in object)
public bool CanStartScript(UUID script, UUID user) public bool CanStartScript(UUID script, UUID user)
{ {

View File

@ -153,7 +153,7 @@ namespace OpenSim.Region.ScriptEngine.DotNetEngine
// Compile (We assume LSL) // Compile (We assume LSL)
CompiledScriptFile = CompiledScriptFile =
LSLCompiler.PerformScriptCompile(Script, LSLCompiler.PerformScriptCompile(Script,
assetID.ToString()); assetID.ToString(), taskInventoryItem.OwnerID);
if (presence != null && (!postOnRez)) if (presence != null && (!postOnRez))
presence.ControllingClient.SendAgentAlertMessage( presence.ControllingClient.SendAgentAlertMessage(

View File

@ -27,13 +27,14 @@
using System; using System;
using System.Collections.Generic; using System.Collections.Generic;
using OpenMetaverse;
using Nini.Config; using Nini.Config;
namespace OpenSim.Region.ScriptEngine.Interfaces namespace OpenSim.Region.ScriptEngine.Interfaces
{ {
public interface ICompiler public interface ICompiler
{ {
string PerformScriptCompile(string source, string asset); string PerformScriptCompile(string source, string asset, UUID ownerID);
string[] GetWarnings(); string[] GetWarnings();
Dictionary<KeyValuePair<int, int>, KeyValuePair<int, int>> Dictionary<KeyValuePair<int, int>, KeyValuePair<int, int>>
LineMap(); LineMap();

View File

@ -37,6 +37,7 @@ using Microsoft.VisualBasic;
using log4net; using log4net;
using OpenSim.Region.Framework.Interfaces; using OpenSim.Region.Framework.Interfaces;
using OpenSim.Region.ScriptEngine.Interfaces; using OpenSim.Region.ScriptEngine.Interfaces;
using OpenMetaverse;
namespace OpenSim.Region.ScriptEngine.Shared.CodeTools namespace OpenSim.Region.ScriptEngine.Shared.CodeTools
{ {
@ -263,7 +264,7 @@ namespace OpenSim.Region.ScriptEngine.Shared.CodeTools
/// </summary> /// </summary>
/// <param name="Script">LSL script</param> /// <param name="Script">LSL script</param>
/// <returns>Filename to .dll assembly</returns> /// <returns>Filename to .dll assembly</returns>
public string PerformScriptCompile(string Script, string asset) public string PerformScriptCompile(string Script, string asset, UUID ownerUUID)
{ {
m_positionMap = null; m_positionMap = null;
m_warnings.Clear(); m_warnings.Clear();
@ -341,6 +342,13 @@ namespace OpenSim.Region.ScriptEngine.Shared.CodeTools
throw new Exception(errtext); throw new Exception(errtext);
} }
if(m_scriptEngine.World.Permissions.CanCompileScript(ownerUUID, (int)l) == false) {
// Not allowed to compile to this language!
string errtext = String.Empty;
errtext += ownerUUID + " is not in list of allowed users for this scripting language. Script will not be executed!";
throw new Exception(errtext);
}
string compileScript = Script; string compileScript = Script;
if (l == enumCompileType.lsl) if (l == enumCompileType.lsl)

View File

@ -579,7 +579,7 @@ namespace OpenSim.Region.ScriptEngine.XEngine
lock (m_AddingAssemblies) lock (m_AddingAssemblies)
{ {
assembly = m_Compiler.PerformScriptCompile(script, assembly = m_Compiler.PerformScriptCompile(script,
assetID.ToString()); assetID.ToString(), item.OwnerID);
if (!m_AddingAssemblies.ContainsKey(assembly)) { if (!m_AddingAssemblies.ContainsKey(assembly)) {
m_AddingAssemblies[assembly] = 1; m_AddingAssemblies[assembly] = 1;
} else { } else {