OpenSim
/
OpenSimMirror
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

add OSSL option PermissionErrortoOwner (true or false). if true ossl functions permission errors will only be sent to prim owner, defaul false: send all around

0.9.1.0-post-fixes
UbitUmarov 2019-10-16 00:08:45 +01:00
parent 77126cee00
commit d79d7e228a
4 changed files with 153 additions and 113 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

216
OpenSim/Region/ScriptEngine/Shared/Api/Implementation/OSSL_Api.cs
View File

@ -146,6 +146,7 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
protected ISoundModule m_SoundModule = null;
internal IConfig m_osslconfig;
internal TimeZoneInfo PSTTimeZone = null;
internal bool m_PermissionErrortoOwner = false;
public void Initialize(
IScriptEngine scriptEngine, SceneObjectPart host, TaskInventoryItem item)
@ -167,10 +168,10 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
// m_log.Warn("[OSSL] OSSL FUNCTIONS ENABLED");
}
m_ScriptDelayFactor =
m_ScriptEngine.Config.GetFloat("ScriptDelayFactor", 1.0f);
m_ScriptDistanceFactor =
m_ScriptEngine.Config.GetFloat("ScriptDistanceLimitFactor", 1.0f);
m_PermissionErrortoOwner = m_osslconfig.GetBoolean("PermissionErrorToOwner", m_PermissionErrortoOwner);
m_ScriptDelayFactor = m_ScriptEngine.Config.GetFloat("ScriptDelayFactor", 1.0f);
m_ScriptDistanceFactor = m_ScriptEngine.Config.GetFloat("ScriptDistanceLimitFactor", 1.0f);
string risk = m_osslconfig.GetString("OSFunctionThreatLevel", "VeryLow");
switch (risk)
@ -286,7 +287,7 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
{
m_host.AddScriptLPS(1);
if (!m_OSFunctionsEnabled)
OSSLError("permission denied. All OS functions are disabled."); // throws
OSSLError("permission denied. All unsafe OSSL funtions disabled"); // throws
}
// Returns if the function is allowed. Throws a script exception if not allowed.
@ -294,17 +295,24 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
{
m_host.AddScriptLPS(1);
if (!m_OSFunctionsEnabled)
OSSLError(String.Format("{0} permission denied. All OS functions are disabled.", function)); // throws
{
if (m_PermissionErrortoOwner)
throw new ScriptException("(OWNER)OSSL Permission Error: All unsafe OSSL funtions disabled");
else
throw new ScriptException("OSSL Permission Error: All unsafe OSSL funtions disabled");
}
string reasonWhyNot = CheckThreatLevelTest(level, function);
if (!String.IsNullOrEmpty(reasonWhyNot))
{
OSSLError(reasonWhyNot);
if (m_PermissionErrortoOwner)
throw new ScriptException("(OWNER)OSSL Permission Error: " + reasonWhyNot);
else
throw new ScriptException("OSSL Permission Error: " + reasonWhyNot);
}
}
// Check to see if function is allowed. Returns an empty string if function permitted
// or a string explaining why this function can't be used.
// Check to see if function is allowed. Returns an empty string if function permitted
// or a string explaining why this function can't be used.
private string CheckThreatLevelTest(ThreatLevel level, string function)
{
if (!m_FunctionPerms.ContainsKey(function))
@ -386,107 +394,107 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
{
// Allow / disallow by threat level
if (level > m_MaxThreatLevel)
return
String.Format(
return String.Empty;
return String.Format(
"{0} permission denied. Allowed threat level is {1} but function threat level is {2}.",
function, m_MaxThreatLevel, level);
}
else
if(m_FunctionPerms[function].AllowedOwners.Count == 0 && m_FunctionPerms[function].AllowedCreators.Count == 0)
return String.Format("{0} disabled in region configuration", function);
if (m_FunctionPerms[function].AllowedOwners.Contains(UUID.Zero)) // always allowed
return String.Empty;
if (m_FunctionPerms[function].AllowedOwners.Contains(m_host.OwnerID))
{
if (!m_FunctionPerms[function].AllowedOwners.Contains(UUID.Zero))
// prim owner is in the list of allowed owners
return String.Empty;
}
UUID ownerID = m_item.OwnerID;
//Only Parcelowners may use the function
if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("PARCEL_OWNER"))
{
ILandObject land = World.LandChannel.GetLandObject(m_host.AbsolutePosition);
if (land.LandData.OwnerID == ownerID)
{
// Not anyone. Do detailed checks
if (m_FunctionPerms[function].AllowedOwners.Contains(m_host.OwnerID))
{
// prim owner is in the list of allowed owners
return String.Empty;
}
UUID ownerID = m_item.OwnerID;
//OSSL only may be used if object is in the same group as the parcel
if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("PARCEL_GROUP_MEMBER"))
{
ILandObject land = World.LandChannel.GetLandObject(m_host.AbsolutePosition);
if (land.LandData.GroupID == m_item.GroupID && land.LandData.GroupID != UUID.Zero)
{
return String.Empty;
}
}
//Only Parcelowners may use the function
if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("PARCEL_OWNER"))
{
ILandObject land = World.LandChannel.GetLandObject(m_host.AbsolutePosition);
if (land.LandData.OwnerID == ownerID)
{
return String.Empty;
}
}
//Only Estate Managers may use the function
if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("ESTATE_MANAGER"))
{
//Only Estate Managers may use the function
if (World.RegionInfo.EstateSettings.IsEstateManagerOrOwner(ownerID) && World.RegionInfo.EstateSettings.EstateOwner != ownerID)
{
return String.Empty;
}
}
//Only regionowners may use the function
if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("ESTATE_OWNER"))
{
if (World.RegionInfo.EstateSettings.EstateOwner == ownerID)
{
return String.Empty;
}
}
//Only grid gods may use the function
if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("GRID_GOD"))
{
if (World.Permissions.IsGridGod(ownerID))
{
return String.Empty;
}
}
//Any god may use the function
if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("GOD"))
{
if (World.Permissions.IsAdministrator(ownerID))
{
return String.Empty;
}
}
//Only active gods may use the function
if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("ACTIVE_GOD"))
{
ScenePresence sp = World.GetScenePresence(ownerID);
if (sp != null && !sp.IsDeleted && sp.IsGod)
{
return String.Empty;
}
}
if (!m_FunctionPerms[function].AllowedCreators.Contains(m_item.CreatorID))
return(
String.Format("{0} permission denied. Script creator is not in the list of users allowed to execute this function and prim owner also has no permission.",
function));
if (m_item.CreatorID != ownerID)
{
if ((m_item.CurrentPermissions & (uint)PermissionMask.Modify) != 0)
return String.Format("{0} permission denied. Script permissions error.", function);
}
return String.Empty;
}
}
//OSSL only may be used if object is in the same group as the parcel
if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("PARCEL_GROUP_MEMBER"))
{
ILandObject land = World.LandChannel.GetLandObject(m_host.AbsolutePosition);
if (land.LandData.GroupID == m_item.GroupID && land.LandData.GroupID != UUID.Zero)
{
return String.Empty;
}
}
//Only Estate Managers may use the function
if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("ESTATE_MANAGER"))
{
//Only Estate Managers may use the function
if (World.RegionInfo.EstateSettings.IsEstateManagerOrOwner(ownerID) && World.RegionInfo.EstateSettings.EstateOwner != ownerID)
{
return String.Empty;
}
}
//Only regionowners may use the function
if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("ESTATE_OWNER"))
{
if (World.RegionInfo.EstateSettings.EstateOwner == ownerID)
{
return String.Empty;
}
}
//Only grid gods may use the function
if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("GRID_GOD"))
{
if (World.Permissions.IsGridGod(ownerID))
{
return String.Empty;
}
}
//Any god may use the function
if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("GOD"))
{
if (World.Permissions.IsAdministrator(ownerID))
{
return String.Empty;
}
}
//Only active gods may use the function
if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("ACTIVE_GOD"))
{
ScenePresence sp = World.GetScenePresence(ownerID);
if (sp != null && !sp.IsDeleted && sp.IsGod)
{
return String.Empty;
}
}
if (!m_FunctionPerms[function].AllowedCreators.Contains(m_item.CreatorID))
return(
String.Format("{0} permission denied. Script creator is not in the list of users allowed to execute this function and prim owner also has no permission.",
function));
if (m_item.CreatorID != ownerID)
{
if ((m_item.CurrentPermissions & (uint)PermissionMask.Modify) != 0)
return String.Format("{0} permission denied. Script creator is not prim owner.", function);
}
return String.Empty;
}

21
OpenSim/Region/ScriptEngine/Shared/Instance/ScriptInstance.cs
View File

@ -928,17 +928,30 @@ namespace OpenSim.Region.ScriptEngine.Shared.Instance
{
try
{
if(e.InnerException != null && e.InnerException is ScriptException)
{
string text = e.InnerException.Message +
"(script: " + ScriptName +
bool toowner = false;
string text = e.InnerException.Message;
if(text.StartsWith("(OWNER)"))
{
text = text.Substring(7);
toowner = true;
}
text += "(script: " + ScriptName +
" event: " + data.EventName +
" primID:" + Part.UUID.ToString() +
" at " + Part.AbsolutePosition + ")";
if (text.Length > 1000)
text = text.Substring(0, 1000);
Engine.World.SimChat(Utils.StringToBytes(text),
if (toowner)
{
ScenePresence sp = Engine.World.GetScenePresence(Part.OwnerID);
if (sp != null && !sp.IsNPC)
Engine.World.SimChatToAgent(Part.OwnerID, Utils.StringToBytes(text), 0x7FFFFFFF, Part.AbsolutePosition,
Part.Name, Part.UUID, false);
}
else
Engine.World.SimChat(Utils.StringToBytes(text),
ChatTypeEnum.DebugChannel, 2147483647,
Part.AbsolutePosition,
Part.Name, Part.UUID, false);

24
OpenSim/Region/ScriptEngine/YEngine/XMRInstRun.cs
View File

@ -539,10 +539,18 @@ namespace OpenSim.Region.ScriptEngine.Yengine
private void SendScriptErrorMessage(Exception e, ScriptEventCode ev)
{
StringBuilder msg = new StringBuilder();
bool toowner = false;
msg.Append("YEngine: ");
if (e.Message != null)
msg.Append(e.Message);
{
string text = e.Message;
if (text.StartsWith("(OWNER)"))
{
text = text.Substring(7);
toowner = true;
}
msg.Append(text);
}
msg.Append(" (script: ");
msg.Append(m_Item.Name);
@ -563,8 +571,16 @@ namespace OpenSim.Region.ScriptEngine.Yengine
if (msgst.Length > 1000)
msgst = msgst.Substring(0, 1000);
m_Engine.World.SimChat(Utils.StringToBytes(msgst),
ChatTypeEnum.DebugChannel, 2147483647,
if (toowner)
{
ScenePresence sp = m_Engine.World.GetScenePresence(m_Part.OwnerID);
if (sp != null && !sp.IsNPC)
m_Engine.World.SimChatToAgent(m_Part.OwnerID, Utils.StringToBytes(msgst), 0x7FFFFFFF, m_Part.AbsolutePosition,
m_Part.Name, m_Part.UUID, false);
}
else
m_Engine.World.SimChat(Utils.StringToBytes(msgst),
ChatTypeEnum.DebugChannel, 0x7FFFFFFF,
m_Part.AbsolutePosition,
m_Part.Name, m_Part.UUID, false);
m_log.Debug(string.Format(

5
bin/config-include/osslEnable.ini
View File

@ -16,6 +16,9 @@
; The setting enable_windlight = true must also be enabled in the [LightShare] section.
AllowLightShareFunctions = true
; Send function permission error to owner if true, to all if false
PermissionErrorToOwner = false
; Function Threat level
; Several functions have a predefined threat level, one of: None, VeryLow, Low, Moderate, High, VeryHigh, Severe.
; See http://opensimulator.org/wiki/Threat_level for more information on these levels.
@ -64,7 +67,7 @@
; The threat level also can be replaced by lines of the form
; Creators__FunctionName = comma separated list of UUIDs
; this will enable the function for users that are creators and owners of the prim
; this will enable the function for users that are the script creators and owners of the prim
; *************************************************