diff --git a/OpenSim/Framework/AssetPermissions.cs b/OpenSim/Framework/AssetPermissions.cs new file mode 100644 index 0000000000..d276def389 --- /dev/null +++ b/OpenSim/Framework/AssetPermissions.cs @@ -0,0 +1,81 @@ +using System; +using System.Collections.Generic; +using System.Reflection; + +using Nini.Config; +using log4net; + +using OpenMetaverse; + +namespace OpenSim.Framework +{ + public class AssetPermissions + { + private static readonly ILog m_log = + LogManager.GetLogger( + MethodBase.GetCurrentMethod().DeclaringType); + + private bool[] m_DisallowExport, m_DisallowImport; + private string[] m_AssetTypeNames; + + public AssetPermissions(IConfig config) + { + Type enumType = typeof(AssetType); + m_AssetTypeNames = Enum.GetNames(enumType); + for (int i = 0; i < m_AssetTypeNames.Length; i++) + m_AssetTypeNames[i] = m_AssetTypeNames[i].ToLower(); + int n = Enum.GetValues(enumType).Length; + m_DisallowExport = new bool[n]; + m_DisallowImport = new bool[n]; + + LoadPermsFromConfig(config, "DisallowExport", m_DisallowExport); + LoadPermsFromConfig(config, "DisallowImport", m_DisallowImport); + + } + + private void LoadPermsFromConfig(IConfig assetConfig, string variable, bool[] bitArray) + { + string perms = assetConfig.GetString(variable, String.Empty); + string[] parts = perms.Split(new char[] { ',' }, StringSplitOptions.RemoveEmptyEntries); + foreach (string s in parts) + { + int index = Array.IndexOf(m_AssetTypeNames, s.Trim().ToLower()); + if (index >= 0) + bitArray[index] = true; + else + m_log.WarnFormat("[Asset Permissions]: Invalid AssetType {0}", s); + } + + } + + public bool AllowedExport(sbyte type) + { + string assetTypeName = ((AssetType)type).ToString(); + + int index = Array.IndexOf(m_AssetTypeNames, assetTypeName.ToLower()); + if (index >= 0 && m_DisallowExport[index]) + { + m_log.DebugFormat("[Asset Permissions]: Export denied: configuration does not allow export of AssetType {0}", assetTypeName); + return false; + } + + return true; + } + + public bool AllowedImport(sbyte type) + { + string assetTypeName = ((AssetType)type).ToString(); + + int index = Array.IndexOf(m_AssetTypeNames, assetTypeName.ToLower()); + if (index >= 0 && m_DisallowImport[index]) + { + m_log.DebugFormat("[Asset Permissions]: Import denied: configuration does not allow import of AssetType {0}", assetTypeName); + return false; + } + + return true; + } + + + } +} diff --git a/OpenSim/Services/HypergridService/HGAssetService.cs b/OpenSim/Services/HypergridService/HGAssetService.cs index d6541c425d..f1275a0ed6 100644 --- a/OpenSim/Services/HypergridService/HGAssetService.cs +++ b/OpenSim/Services/HypergridService/HGAssetService.cs @@ -58,8 +58,7 @@ namespace OpenSim.Services.HypergridService private UserAccountCache m_Cache; - private bool[] m_DisallowGET, m_DisallowPOST; - private string[] m_AssetTypeNames; + private AssetPermissions m_AssetPerms; public HGAssetService(IConfigSource config, string configName) : base(config, configName) { @@ -85,31 +84,7 @@ namespace OpenSim.Services.HypergridService m_Cache = UserAccountCache.CreateUserAccountCache(m_UserAccountService); // Permissions - Type enumType = typeof(AssetType); - m_AssetTypeNames = Enum.GetNames(enumType); - for (int i = 0; i < m_AssetTypeNames.Length; i++) - m_AssetTypeNames[i] = m_AssetTypeNames[i].ToLower(); - int n = Enum.GetValues(enumType).Length; - m_DisallowGET = new bool[n]; - m_DisallowPOST = new bool[n]; - - LoadPermsFromConfig(assetConfig, "DisallowGET", m_DisallowGET); - LoadPermsFromConfig(assetConfig, "DisallowPOST", m_DisallowPOST); - - } - - private void LoadPermsFromConfig(IConfig assetConfig, string variable, bool[] bitArray) - { - string perms = assetConfig.GetString(variable, String.Empty); - string[] parts = perms.Split(new char[] {','}, StringSplitOptions.RemoveEmptyEntries); - foreach (string s in parts) - { - int index = Array.IndexOf(m_AssetTypeNames, s.Trim().ToLower()); - if (index >= 0) - bitArray[index] = true; - else - m_log.WarnFormat("[HGAsset Service]: Invalid AssetType {0}", s); - } + m_AssetPerms = new AssetPermissions(assetConfig); } @@ -121,7 +96,7 @@ namespace OpenSim.Services.HypergridService if (asset == null) return null; - if (!AllowedGet(asset.Type)) + if (!m_AssetPerms.AllowedExport(asset.Type)) return null; if (asset.Metadata.Type == (sbyte)AssetType.Object) @@ -151,7 +126,7 @@ namespace OpenSim.Services.HypergridService if (asset == null) return null; - if (!AllowedGet(asset.Type)) + if (!m_AssetPerms.AllowedExport(asset.Type)) return null; return asset.Data; @@ -161,7 +136,7 @@ namespace OpenSim.Services.HypergridService public override string Store(AssetBase asset) { - if (!AllowedPost(asset.Type)) + if (!m_AssetPerms.AllowedImport(asset.Type)) return UUID.Zero.ToString(); return base.Store(asset); @@ -175,34 +150,6 @@ namespace OpenSim.Services.HypergridService #endregion - protected bool AllowedGet(sbyte type) - { - string assetTypeName = ((AssetType)type).ToString(); - - int index = Array.IndexOf(m_AssetTypeNames, assetTypeName.ToLower()); - if (index >= 0 && m_DisallowGET[index]) - { - m_log.DebugFormat("[HGAsset Service]: GET denied: service does not allow export of AssetType {0}", assetTypeName); - return false; - } - - return true; - } - - protected bool AllowedPost(sbyte type) - { - string assetTypeName = ((AssetType)type).ToString(); - - int index = Array.IndexOf(m_AssetTypeNames, assetTypeName.ToLower()); - if (index >= 0 && m_DisallowPOST[index]) - { - m_log.DebugFormat("[HGAsset Service]: POST denied: service does not allow import of AssetType {0}", assetTypeName); - return false; - } - - return true; - } - protected void AdjustIdentifiers(AssetMetadata meta) { if (meta == null || m_Cache == null) diff --git a/bin/Robust.HG.ini.example b/bin/Robust.HG.ini.example index 8218b14d4d..399779d091 100644 --- a/bin/Robust.HG.ini.example +++ b/bin/Robust.HG.ini.example @@ -437,15 +437,17 @@ ServiceConnectors = "8003/OpenSim.Server.Handlers.dll:AssetServiceConnector,8003 UserAccountsService = "OpenSim.Services.UserAccountService.dll:UserAccountService" HomeURI = "http://127.0.0.1:8002" - ;; The asset types that other grids can get from / post to this service. + ;; The asset types that this service can export to / import from other grids. + ;; Comma separated. ;; Valid values are all the asset types in OpenMetaverse.AssetType, namely: - ;; Unknown, Texture, Sound, CallingCard, Landmark, Clothing, Object, Notecard, LSLText, LSLBytecode, TextureTGA, Bodypart, SoundWAV, ImageTGA, ImageJPEG, Animation, Gesture, Mesh + ;; Unknown, Texture, Sound, CallingCard, Landmark, Clothing, Object, Notecard, LSLText, + ;; LSLBytecode, TextureTGA, Bodypart, SoundWAV, ImageTGA, ImageJPEG, Animation, Gesture, Mesh ;; ;; Leave blank or commented if you don't want to apply any restrictions. ;; A more strict, but still reasonable, policy may be to disallow the exchange ;; of scripts, like so: - ; DisallowGET ="LSLText" - ; DisallowPOST ="LSLBytecode" + ; DisallowExport ="LSLText" + ; DisallowImport ="LSLBytecode" [HGFriendsService] LocalServiceModule = "OpenSim.Services.HypergridService.dll:HGFriendsService" diff --git a/bin/config-include/StandaloneCommon.ini.example b/bin/config-include/StandaloneCommon.ini.example index d8ecba8d11..d5eb50d467 100644 --- a/bin/config-include/StandaloneCommon.ini.example +++ b/bin/config-include/StandaloneCommon.ini.example @@ -53,15 +53,17 @@ [HGAssetService] HomeURI = "http://127.0.0.1:9000" - ;; The asset types that other grids can get from / post to this service. + ;; The asset types that this service can export to / import from other grids. + ;; Comma separated. ;; Valid values are all the asset types in OpenMetaverse.AssetType, namely: - ;; Unknown, Texture, Sound, CallingCard, Landmark, Clothing, Object, Notecard, LSLText, LSLBytecode, TextureTGA, Bodypart, SoundWAV, ImageTGA, ImageJPEG, Animation, Gesture, Mesh + ;; Unknown, Texture, Sound, CallingCard, Landmark, Clothing, Object, Notecard, LSLText, + ;; LSLBytecode, TextureTGA, Bodypart, SoundWAV, ImageTGA, ImageJPEG, Animation, Gesture, Mesh ;; ;; Leave blank or commented if you don't want to apply any restrictions. ;; A more strict, but still reasonable, policy may be to disallow the exchange ;; of scripts, like so: - ; DisallowGET ="LSLText" - ; DisallowPOST ="LSLBytecode" + ; DisallowExport ="LSLText" + ; DisallowImport ="LSLBytecode" [HGInventoryAccessModule]