Thank you, thomax, for a patch to provide finer-grained access control to

scripting.
Fixes Mantis #2862
0.6.6-post-fixes
Melanie Thielker 2009-06-05 09:47:42 +00:00
parent d3ae3d7e72
commit 9f932a4205
6 changed files with 102 additions and 4 deletions

View File

@ -88,6 +88,11 @@ namespace OpenSim.Region.CoreModules.World.Permissions
/// </value>
private UserSet m_allowedScriptEditors = UserSet.All;
private Dictionary<string, bool> GrantLSL = new Dictionary<string, bool>();
private Dictionary<string, bool> GrantCS = new Dictionary<string, bool>();
private Dictionary<string, bool> GrantVB = new Dictionary<string, bool>();
private Dictionary<string, bool> GrantJS = new Dictionary<string, bool>();
#endregion
#region IRegionModule Members
@ -143,6 +148,7 @@ namespace OpenSim.Region.CoreModules.World.Permissions
m_scene.Permissions.OnRezObject += CanRezObject; //MAYBE FULLY IMPLEMENTED
m_scene.Permissions.OnRunConsoleCommand += CanRunConsoleCommand;
m_scene.Permissions.OnRunScript += CanRunScript; //NOT YET IMPLEMENTED
m_scene.Permissions.OnCompileScript += CanCompileScript;
m_scene.Permissions.OnSellParcel += CanSellParcel;
m_scene.Permissions.OnTakeObject += CanTakeObject;
m_scene.Permissions.OnTakeCopyObject += CanTakeCopyObject;
@ -184,6 +190,40 @@ namespace OpenSim.Region.CoreModules.World.Permissions
"debug permissions <true / false>",
"Enable permissions debugging",
HandleDebugPermissions);
string grant = myConfig.GetString("GrantLSL","");
if(grant.Length > 0) {
foreach (string uuidl in grant.Split(',')) {
string uuid = uuidl.Trim(" \t".ToCharArray());
GrantLSL.Add(uuid, true);
}
}
grant = myConfig.GetString("GrantCS","");
if(grant.Length > 0) {
foreach (string uuidl in grant.Split(',')) {
string uuid = uuidl.Trim(" \t".ToCharArray());
GrantCS.Add(uuid, true);
}
}
grant = myConfig.GetString("GrantVB","");
if(grant.Length > 0) {
foreach (string uuidl in grant.Split(',')) {
string uuid = uuidl.Trim(" \t".ToCharArray());
GrantVB.Add(uuid, true);
}
}
grant = myConfig.GetString("GrantJS","");
if(grant.Length > 0) {
foreach (string uuidl in grant.Split(',')) {
string uuid = uuidl.Trim(" \t".ToCharArray());
GrantJS.Add(uuid, true);
}
}
}
public void HandleBypassPermissions(string module, string[] args)
@ -1584,5 +1624,34 @@ namespace OpenSim.Region.CoreModules.World.Permissions
return GenericParcelPermission(client.AgentId, parcel);
}
private bool CanCompileScript(UUID ownerUUID, int scriptType, Scene scene) {
//m_log.DebugFormat("check if {0} is allowed to compile {1}", ownerUUID, scriptType);
switch(scriptType) {
case 0:
if(GrantLSL.Count == 0 || GrantLSL.ContainsKey(ownerUUID.ToString())) {
return(true);
}
break;
case 1:
if(GrantCS.Count == 0 || GrantCS.ContainsKey(ownerUUID.ToString())) {
return(true);
}
break;
case 2:
if(GrantVB.Count == 0 || GrantVB.ContainsKey(ownerUUID.ToString())) {
return(true);
}
break;
case 3:
if(GrantJS.Count == 0 || GrantJS.ContainsKey(ownerUUID.ToString())) {
return(true);
}
break;
}
return(false);
}
}
}

View File

@ -56,6 +56,7 @@ namespace OpenSim.Region.Framework.Scenes
public delegate bool EditScriptHandler(UUID script, UUID objectID, UUID user, Scene scene);
public delegate bool EditNotecardHandler(UUID notecard, UUID objectID, UUID user, Scene scene);
public delegate bool RunScriptHandler(UUID script, UUID objectID, UUID user, Scene scene);
public delegate bool CompileScriptHandler(UUID ownerUUID, int scriptType, Scene scene);
public delegate bool StartScriptHandler(UUID script, UUID user, Scene scene);
public delegate bool StopScriptHandler(UUID script, UUID user, Scene scene);
public delegate bool ResetScriptHandler(UUID prim, UUID script, UUID user, Scene scene);
@ -113,6 +114,7 @@ namespace OpenSim.Region.Framework.Scenes
public event EditScriptHandler OnEditScript;
public event EditNotecardHandler OnEditNotecard;
public event RunScriptHandler OnRunScript;
public event CompileScriptHandler OnCompileScript;
public event StartScriptHandler OnStartScript;
public event StopScriptHandler OnStopScript;
public event ResetScriptHandler OnResetScript;
@ -510,6 +512,24 @@ namespace OpenSim.Region.Framework.Scenes
#endregion
#region COMPILE SCRIPT (When Script needs to get (re)compiled)
public bool CanCompileScript(UUID ownerUUID, int scriptType)
{
CompileScriptHandler handler = OnCompileScript;
if (handler != null)
{
Delegate[] list = handler.GetInvocationList();
foreach (CompileScriptHandler h in list)
{
if (h(ownerUUID, scriptType, m_scene) == false)
return false;
}
}
return true;
}
#endregion
#region START SCRIPT (When Script run box is Checked after placed in object)
public bool CanStartScript(UUID script, UUID user)
{

View File

@ -153,7 +153,7 @@ namespace OpenSim.Region.ScriptEngine.DotNetEngine
// Compile (We assume LSL)
CompiledScriptFile =
LSLCompiler.PerformScriptCompile(Script,
assetID.ToString());
assetID.ToString(), taskInventoryItem.OwnerID);
if (presence != null && (!postOnRez))
presence.ControllingClient.SendAgentAlertMessage(

View File

@ -27,13 +27,14 @@
using System;
using System.Collections.Generic;
using OpenMetaverse;
using Nini.Config;
namespace OpenSim.Region.ScriptEngine.Interfaces
{
public interface ICompiler
{
string PerformScriptCompile(string source, string asset);
string PerformScriptCompile(string source, string asset, UUID ownerID);
string[] GetWarnings();
Dictionary<KeyValuePair<int, int>, KeyValuePair<int, int>>
LineMap();

View File

@ -37,6 +37,7 @@ using Microsoft.VisualBasic;
using log4net;
using OpenSim.Region.Framework.Interfaces;
using OpenSim.Region.ScriptEngine.Interfaces;
using OpenMetaverse;
namespace OpenSim.Region.ScriptEngine.Shared.CodeTools
{
@ -263,7 +264,7 @@ namespace OpenSim.Region.ScriptEngine.Shared.CodeTools
/// </summary>
/// <param name="Script">LSL script</param>
/// <returns>Filename to .dll assembly</returns>
public string PerformScriptCompile(string Script, string asset)
public string PerformScriptCompile(string Script, string asset, UUID ownerUUID)
{
m_positionMap = null;
m_warnings.Clear();
@ -341,6 +342,13 @@ namespace OpenSim.Region.ScriptEngine.Shared.CodeTools
throw new Exception(errtext);
}
if(m_scriptEngine.World.Permissions.CanCompileScript(ownerUUID, (int)l) == false) {
// Not allowed to compile to this language!
string errtext = String.Empty;
errtext += ownerUUID + " is not in list of allowed users for this scripting language. Script will not be executed!";
throw new Exception(errtext);
}
string compileScript = Script;
if (l == enumCompileType.lsl)

View File

@ -579,7 +579,7 @@ namespace OpenSim.Region.ScriptEngine.XEngine
lock (m_AddingAssemblies)
{
assembly = m_Compiler.PerformScriptCompile(script,
assetID.ToString());
assetID.ToString(), item.OwnerID);
if (!m_AddingAssemblies.ContainsKey(assembly)) {
m_AddingAssemblies[assembly] = 1;
} else {