OpenSim
/
OpenSimMirror
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

add OSSL option PermissionErrortoOwner (true or false). if true ossl functions permission errors will only be sent to prim owner, defaul false: send all around

0.9.1.0-post-fixes
UbitUmarov 2019-10-16 00:08:45 +01:00
parent 77126cee00
commit d79d7e228a
4 changed files with 153 additions and 113 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

216
OpenSim/Region/ScriptEngine/Shared/Api/Implementation/OSSL_Api.cs
View File

@ -146,6 +146,7 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
protected ISoundModule m_SoundModule = null; protected ISoundModule m_SoundModule = null;
internal IConfig m_osslconfig; internal IConfig m_osslconfig;
internal TimeZoneInfo PSTTimeZone = null; internal TimeZoneInfo PSTTimeZone = null;
internal bool m_PermissionErrortoOwner = false;
public void Initialize( public void Initialize(
IScriptEngine scriptEngine, SceneObjectPart host, TaskInventoryItem item) IScriptEngine scriptEngine, SceneObjectPart host, TaskInventoryItem item)
@ -167,10 +168,10 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
// m_log.Warn("[OSSL] OSSL FUNCTIONS ENABLED"); // m_log.Warn("[OSSL] OSSL FUNCTIONS ENABLED");
} }
m_ScriptDelayFactor = m_PermissionErrortoOwner = m_osslconfig.GetBoolean("PermissionErrorToOwner", m_PermissionErrortoOwner);
m_ScriptEngine.Config.GetFloat("ScriptDelayFactor", 1.0f);
m_ScriptDistanceFactor = m_ScriptDelayFactor = m_ScriptEngine.Config.GetFloat("ScriptDelayFactor", 1.0f);
m_ScriptEngine.Config.GetFloat("ScriptDistanceLimitFactor", 1.0f); m_ScriptDistanceFactor = m_ScriptEngine.Config.GetFloat("ScriptDistanceLimitFactor", 1.0f);
string risk = m_osslconfig.GetString("OSFunctionThreatLevel", "VeryLow"); string risk = m_osslconfig.GetString("OSFunctionThreatLevel", "VeryLow");
switch (risk) switch (risk)
@ -286,7 +287,7 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
{ {
m_host.AddScriptLPS(1); m_host.AddScriptLPS(1);
if (!m_OSFunctionsEnabled) if (!m_OSFunctionsEnabled)
OSSLError("permission denied. All OS functions are disabled."); // throws OSSLError("permission denied. All unsafe OSSL funtions disabled"); // throws
} }
// Returns if the function is allowed. Throws a script exception if not allowed. // Returns if the function is allowed. Throws a script exception if not allowed.
@ -294,17 +295,24 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
{ {
m_host.AddScriptLPS(1); m_host.AddScriptLPS(1);
if (!m_OSFunctionsEnabled) if (!m_OSFunctionsEnabled)
OSSLError(String.Format("{0} permission denied. All OS functions are disabled.", function)); // throws {
if (m_PermissionErrortoOwner)
throw new ScriptException("(OWNER)OSSL Permission Error: All unsafe OSSL funtions disabled");
else
throw new ScriptException("OSSL Permission Error: All unsafe OSSL funtions disabled");
}
string reasonWhyNot = CheckThreatLevelTest(level, function); string reasonWhyNot = CheckThreatLevelTest(level, function);
if (!String.IsNullOrEmpty(reasonWhyNot)) if (!String.IsNullOrEmpty(reasonWhyNot))
{ {
OSSLError(reasonWhyNot); if (m_PermissionErrortoOwner)
throw new ScriptException("(OWNER)OSSL Permission Error: " + reasonWhyNot);
else
throw new ScriptException("OSSL Permission Error: " + reasonWhyNot);
} }
} }
// Check to see if function is allowed. Returns an empty string if function permitted
// Check to see if function is allowed. Returns an empty string if function permitted // or a string explaining why this function can't be used.
// or a string explaining why this function can't be used.
private string CheckThreatLevelTest(ThreatLevel level, string function) private string CheckThreatLevelTest(ThreatLevel level, string function)
{ {
if (!m_FunctionPerms.ContainsKey(function)) if (!m_FunctionPerms.ContainsKey(function))
@ -386,107 +394,107 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
{ {
// Allow / disallow by threat level // Allow / disallow by threat level
if (level > m_MaxThreatLevel) if (level > m_MaxThreatLevel)
return return String.Empty;
String.Format( return String.Format(
"{0} permission denied. Allowed threat level is {1} but function threat level is {2}.", "{0} permission denied. Allowed threat level is {1} but function threat level is {2}.",
function, m_MaxThreatLevel, level); function, m_MaxThreatLevel, level);
} }
else
if(m_FunctionPerms[function].AllowedOwners.Count == 0 && m_FunctionPerms[function].AllowedCreators.Count == 0)
return String.Format("{0} disabled in region configuration", function);
if (m_FunctionPerms[function].AllowedOwners.Contains(UUID.Zero)) // always allowed
return String.Empty;
if (m_FunctionPerms[function].AllowedOwners.Contains(m_host.OwnerID))
{ {
if (!m_FunctionPerms[function].AllowedOwners.Contains(UUID.Zero)) // prim owner is in the list of allowed owners
return String.Empty;
}
UUID ownerID = m_item.OwnerID;
//Only Parcelowners may use the function
if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("PARCEL_OWNER"))
{
ILandObject land = World.LandChannel.GetLandObject(m_host.AbsolutePosition);
if (land.LandData.OwnerID == ownerID)
{ {
// Not anyone. Do detailed checks return String.Empty;
if (m_FunctionPerms[function].AllowedOwners.Contains(m_host.OwnerID))
{
// prim owner is in the list of allowed owners
return String.Empty;
}
UUID ownerID = m_item.OwnerID;
//OSSL only may be used if object is in the same group as the parcel
if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("PARCEL_GROUP_MEMBER"))
{
ILandObject land = World.LandChannel.GetLandObject(m_host.AbsolutePosition);
if (land.LandData.GroupID == m_item.GroupID && land.LandData.GroupID != UUID.Zero)
{
return String.Empty;
}
}
//Only Parcelowners may use the function
if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("PARCEL_OWNER"))
{
ILandObject land = World.LandChannel.GetLandObject(m_host.AbsolutePosition);
if (land.LandData.OwnerID == ownerID)
{
return String.Empty;
}
}
//Only Estate Managers may use the function
if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("ESTATE_MANAGER"))
{
//Only Estate Managers may use the function
if (World.RegionInfo.EstateSettings.IsEstateManagerOrOwner(ownerID) && World.RegionInfo.EstateSettings.EstateOwner != ownerID)
{
return String.Empty;
}
}
//Only regionowners may use the function
if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("ESTATE_OWNER"))
{
if (World.RegionInfo.EstateSettings.EstateOwner == ownerID)
{
return String.Empty;
}
}
//Only grid gods may use the function
if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("GRID_GOD"))
{
if (World.Permissions.IsGridGod(ownerID))
{
return String.Empty;
}
}
//Any god may use the function
if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("GOD"))
{
if (World.Permissions.IsAdministrator(ownerID))
{
return String.Empty;
}
}
//Only active gods may use the function
if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("ACTIVE_GOD"))
{
ScenePresence sp = World.GetScenePresence(ownerID);
if (sp != null && !sp.IsDeleted && sp.IsGod)
{
return String.Empty;
}
}
if (!m_FunctionPerms[function].AllowedCreators.Contains(m_item.CreatorID))
return(
String.Format("{0} permission denied. Script creator is not in the list of users allowed to execute this function and prim owner also has no permission.",
function));
if (m_item.CreatorID != ownerID)
{
if ((m_item.CurrentPermissions & (uint)PermissionMask.Modify) != 0)
return String.Format("{0} permission denied. Script permissions error.", function);
}
} }
} }
//OSSL only may be used if object is in the same group as the parcel
if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("PARCEL_GROUP_MEMBER"))
{
ILandObject land = World.LandChannel.GetLandObject(m_host.AbsolutePosition);
if (land.LandData.GroupID == m_item.GroupID && land.LandData.GroupID != UUID.Zero)
{
return String.Empty;
}
}
//Only Estate Managers may use the function
if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("ESTATE_MANAGER"))
{
//Only Estate Managers may use the function
if (World.RegionInfo.EstateSettings.IsEstateManagerOrOwner(ownerID) && World.RegionInfo.EstateSettings.EstateOwner != ownerID)
{
return String.Empty;
}
}
//Only regionowners may use the function
if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("ESTATE_OWNER"))
{
if (World.RegionInfo.EstateSettings.EstateOwner == ownerID)
{
return String.Empty;
}
}
//Only grid gods may use the function
if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("GRID_GOD"))
{
if (World.Permissions.IsGridGod(ownerID))
{
return String.Empty;
}
}
//Any god may use the function
if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("GOD"))
{
if (World.Permissions.IsAdministrator(ownerID))
{
return String.Empty;
}
}
//Only active gods may use the function
if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("ACTIVE_GOD"))
{
ScenePresence sp = World.GetScenePresence(ownerID);
if (sp != null && !sp.IsDeleted && sp.IsGod)
{
return String.Empty;
}
}
if (!m_FunctionPerms[function].AllowedCreators.Contains(m_item.CreatorID))
return(
String.Format("{0} permission denied. Script creator is not in the list of users allowed to execute this function and prim owner also has no permission.",
function));
if (m_item.CreatorID != ownerID)
{
if ((m_item.CurrentPermissions & (uint)PermissionMask.Modify) != 0)
return String.Format("{0} permission denied. Script creator is not prim owner.", function);
}
return String.Empty; return String.Empty;
} }

21
OpenSim/Region/ScriptEngine/Shared/Instance/ScriptInstance.cs
View File

@ -928,17 +928,30 @@ namespace OpenSim.Region.ScriptEngine.Shared.Instance
{ {
try try
{ {
if(e.InnerException != null && e.InnerException is ScriptException) if(e.InnerException != null && e.InnerException is ScriptException)
{ {
string text = e.InnerException.Message + bool toowner = false;
"(script: " + ScriptName + string text = e.InnerException.Message;
if(text.StartsWith("(OWNER)"))
{
text = text.Substring(7);
toowner = true;
}
text += "(script: " + ScriptName +
" event: " + data.EventName + " event: " + data.EventName +
" primID:" + Part.UUID.ToString() + " primID:" + Part.UUID.ToString() +
" at " + Part.AbsolutePosition + ")"; " at " + Part.AbsolutePosition + ")";
if (text.Length > 1000) if (text.Length > 1000)
text = text.Substring(0, 1000); text = text.Substring(0, 1000);
Engine.World.SimChat(Utils.StringToBytes(text), if (toowner)
{
ScenePresence sp = Engine.World.GetScenePresence(Part.OwnerID);
if (sp != null && !sp.IsNPC)
Engine.World.SimChatToAgent(Part.OwnerID, Utils.StringToBytes(text), 0x7FFFFFFF, Part.AbsolutePosition,
Part.Name, Part.UUID, false);
}
else
Engine.World.SimChat(Utils.StringToBytes(text),
ChatTypeEnum.DebugChannel, 2147483647, ChatTypeEnum.DebugChannel, 2147483647,
Part.AbsolutePosition, Part.AbsolutePosition,
Part.Name, Part.UUID, false); Part.Name, Part.UUID, false);

24
OpenSim/Region/ScriptEngine/YEngine/XMRInstRun.cs
View File

@ -539,10 +539,18 @@ namespace OpenSim.Region.ScriptEngine.Yengine
private void SendScriptErrorMessage(Exception e, ScriptEventCode ev) private void SendScriptErrorMessage(Exception e, ScriptEventCode ev)
{ {
StringBuilder msg = new StringBuilder(); StringBuilder msg = new StringBuilder();
bool toowner = false;
msg.Append("YEngine: "); msg.Append("YEngine: ");
if (e.Message != null) if (e.Message != null)
msg.Append(e.Message); {
string text = e.Message;
if (text.StartsWith("(OWNER)"))
{
text = text.Substring(7);
toowner = true;
}
msg.Append(text);
}
msg.Append(" (script: "); msg.Append(" (script: ");
msg.Append(m_Item.Name); msg.Append(m_Item.Name);
@ -563,8 +571,16 @@ namespace OpenSim.Region.ScriptEngine.Yengine
if (msgst.Length > 1000) if (msgst.Length > 1000)
msgst = msgst.Substring(0, 1000); msgst = msgst.Substring(0, 1000);
m_Engine.World.SimChat(Utils.StringToBytes(msgst), if (toowner)
ChatTypeEnum.DebugChannel, 2147483647, {
ScenePresence sp = m_Engine.World.GetScenePresence(m_Part.OwnerID);
if (sp != null && !sp.IsNPC)
m_Engine.World.SimChatToAgent(m_Part.OwnerID, Utils.StringToBytes(msgst), 0x7FFFFFFF, m_Part.AbsolutePosition,
m_Part.Name, m_Part.UUID, false);
}
else
m_Engine.World.SimChat(Utils.StringToBytes(msgst),
ChatTypeEnum.DebugChannel, 0x7FFFFFFF,
m_Part.AbsolutePosition, m_Part.AbsolutePosition,
m_Part.Name, m_Part.UUID, false); m_Part.Name, m_Part.UUID, false);
m_log.Debug(string.Format( m_log.Debug(string.Format(

5
bin/config-include/osslEnable.ini
View File

@ -16,6 +16,9 @@
; The setting enable_windlight = true must also be enabled in the [LightShare] section. ; The setting enable_windlight = true must also be enabled in the [LightShare] section.
AllowLightShareFunctions = true AllowLightShareFunctions = true
; Send function permission error to owner if true, to all if false
PermissionErrorToOwner = false
; Function Threat level ; Function Threat level
; Several functions have a predefined threat level, one of: None, VeryLow, Low, Moderate, High, VeryHigh, Severe. ; Several functions have a predefined threat level, one of: None, VeryLow, Low, Moderate, High, VeryHigh, Severe.
; See http://opensimulator.org/wiki/Threat_level for more information on these levels. ; See http://opensimulator.org/wiki/Threat_level for more information on these levels.
@ -64,7 +67,7 @@
; The threat level also can be replaced by lines of the form ; The threat level also can be replaced by lines of the form
; Creators__FunctionName = comma separated list of UUIDs ; Creators__FunctionName = comma separated list of UUIDs
; this will enable the function for users that are creators and owners of the prim ; this will enable the function for users that are the script creators and owners of the prim
; ************************************************* ; *************************************************