OpenSim
/
OpenSimMirror
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

* First part of a series of patches 

* Intension is to provide a way to lock down script creation to administrators/gods only
* Defaults will remain as they are at the moment
0.6.1-post-fixes
Justin Clarke Casey 2008-11-13 18:52:16 +00:00
parent 219015d699
commit ef601d805a
4 changed files with 39 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
OpenSim/Region/Environment/Modules/World/Permissions/PermissionsModule.cs
View File

@ -142,7 +142,6 @@ namespace OpenSim.Region.Environment.Modules.World.Permissions
return; return;
m_allowGridGods = myConfig.GetBoolean("allow_grid_gods", false); m_allowGridGods = myConfig.GetBoolean("allow_grid_gods", false);
m_bypassPermissions = !myConfig.GetBoolean("serverside_object_permissions", true); m_bypassPermissions = !myConfig.GetBoolean("serverside_object_permissions", true);
m_RegionOwnerIsGod = myConfig.GetBoolean("region_owner_is_god", true); m_RegionOwnerIsGod = myConfig.GetBoolean("region_owner_is_god", true);
m_ParcelOwnerIsGod = myConfig.GetBoolean("parcel_owner_is_god", true); m_ParcelOwnerIsGod = myConfig.GetBoolean("parcel_owner_is_god", true);
@ -236,7 +235,7 @@ namespace OpenSim.Region.Environment.Modules.World.Permissions
protected void DebugPermissionInformation(string permissionCalled) protected void DebugPermissionInformation(string permissionCalled)
{ {
if (m_debugPermissions) if (m_debugPermissions)
m_log.Info("[PERMISSIONS]: " + permissionCalled + " was called from " + m_scene.RegionInfo.RegionName); m_log.Debug("[PERMISSIONS]: " + permissionCalled + " was called from " + m_scene.RegionInfo.RegionName);
} }
protected bool IsAdministrator(UUID user) protected bool IsAdministrator(UUID user)
@ -408,6 +407,14 @@ namespace OpenSim.Region.Environment.Modules.World.Permissions
return objectFlagsMask; return objectFlagsMask;
} }
/// <summary>
/// General permissions checks for any operation involving an object. These supplement more specific checks
/// implemented by callers.
/// </summary>
/// <param name="currentUser"></param>
/// <param name="objId"></param>
/// <param name="denyOnLocked"></param>
/// <returns></returns>
protected bool GenericObjectPermission(UUID currentUser, UUID objId, bool denyOnLocked) protected bool GenericObjectPermission(UUID currentUser, UUID objId, bool denyOnLocked)
{ {
// Default: deny // Default: deny
@ -425,7 +432,6 @@ namespace OpenSim.Region.Environment.Modules.World.Permissions
return false; return false;
} }
SceneObjectGroup group = (SceneObjectGroup)m_scene.Entities[objId]; SceneObjectGroup group = (SceneObjectGroup)m_scene.Entities[objId];
UUID objectOwner = group.OwnerID; UUID objectOwner = group.OwnerID;
@ -477,7 +483,6 @@ namespace OpenSim.Region.Environment.Modules.World.Permissions
return permission; return permission;
} }
#endregion #endregion
#region Generic Permissions #region Generic Permissions
@ -655,8 +660,7 @@ namespace OpenSim.Region.Environment.Modules.World.Permissions
{ {
m_log.ErrorFormat("[PERMISSIONS]: Could not find user {0} for edit notecard check", user); m_log.ErrorFormat("[PERMISSIONS]: Could not find user {0} for edit notecard check", user);
return false; return false;
} }
if (userInfo.RootFolder == null) if (userInfo.RootFolder == null)
return false; return false;
@ -1214,8 +1218,19 @@ namespace OpenSim.Region.Environment.Modules.World.Permissions
return true; return true;
} }
public bool CanCreateInventory(uint invType, UUID objectID, UUID userID) /// <summary>
/// Check whether the specified user is allowed to directly create the given inventory type in a prim's
/// inventory (e.g. the New Script button in the 1.21 Linden Lab client). This permission check does not
/// apply to existing items that are being dragged in to that prim's inventory.
/// </summary>
/// <param name="invType"></param>
/// <param name="objectID"></param>
/// <param name="userID"></param>
/// <returns></returns>
public bool CanCreateInventory(int invType, UUID objectID, UUID userID)
{ {
m_log.Debug("[PERMISSIONS]: CanCreateInventory called");
DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
if (m_bypassPermissions) return m_bypassPermissionsValue; if (m_bypassPermissions) return m_bypassPermissionsValue;

24
OpenSim/Region/Environment/Scenes/Scene.Inventory.cs
View File

@ -799,11 +799,9 @@ namespace OpenSim.Region.Environment.Scenes
if (agentTransactions != null) if (agentTransactions != null)
{ {
agentTransactions.HandleItemCreationFromTransaction( agentTransactions.HandleItemCreationFromTransaction(
remoteClient, transactionID, folderID, callbackID, description, remoteClient, transactionID, folderID, callbackID, description,
name, invType, assetType, wearableType, nextOwnerMask); name, invType, assetType, wearableType, nextOwnerMask);
} }
} }
} }
@ -1002,7 +1000,6 @@ namespace OpenSim.Region.Environment.Scenes
/// <param name="itemID"></param> /// <param name="itemID"></param>
public void MoveTaskInventoryItem(IClientAPI remoteClient, UUID folderId, SceneObjectPart part, UUID itemId) public void MoveTaskInventoryItem(IClientAPI remoteClient, UUID folderId, SceneObjectPart part, UUID itemId)
{ {
InventoryItemBase agentItem = CreateAgentInventoryItemFromTask(remoteClient.AgentId, part, itemId); InventoryItemBase agentItem = CreateAgentInventoryItemFromTask(remoteClient.AgentId, part, itemId);
if (agentItem == null) if (agentItem == null)
@ -1316,17 +1313,17 @@ namespace OpenSim.Region.Environment.Scenes
} }
/// <summary> /// <summary>
/// Rez a script into a prim's inventory /// Rez a script into a prim's inventory, either ex nihilo or from an existing avatar inventory
/// </summary> /// </summary>
/// <param name="remoteClient"></param> /// <param name="remoteClient"></param>
/// <param name="itemID"> </param> /// <param name="itemID"> </param>
/// <param name="localID"></param> /// <param name="localID"></param>
public void RezScript(IClientAPI remoteClient, InventoryItemBase itemBase, UUID transactionID, uint localID) public void RezScript(IClientAPI remoteClient, InventoryItemBase itemBase, UUID transactionID, uint localID)
{ {
UUID itemID=itemBase.ID; UUID itemID = itemBase.ID;
UUID copyID = UUID.Random(); UUID copyID = UUID.Random();
if (itemID != UUID.Zero) if (itemID != UUID.Zero) // transferred from an avatar inventory to the prim's pinventory
{ {
CachedUserInfo userInfo = CommsManager.UserProfileCacheService.GetUserDetails(remoteClient.AgentId); CachedUserInfo userInfo = CommsManager.UserProfileCacheService.GetUserDetails(remoteClient.AgentId);
@ -1378,9 +1375,9 @@ namespace OpenSim.Region.Environment.Scenes
} }
} }
} }
else // If the itemID is zero then the script has been rezzed directly in an object's inventory else // script has been rezzed directly into a prim's inventory
{ {
SceneObjectPart part=GetSceneObjectPart(itemBase.Folder); SceneObjectPart part = GetSceneObjectPart(itemBase.Folder);
if (part == null) if (part == null)
return; return;
@ -1389,11 +1386,14 @@ namespace OpenSim.Region.Environment.Scenes
if ((part.OwnerMask & (uint)PermissionMask.Modify) == 0) if ((part.OwnerMask & (uint)PermissionMask.Modify) == 0)
return; return;
if (!ExternalChecks.ExternalChecksCanCreateInventory(itemBase.InvType, part.UUID, remoteClient.AgentId))
return;
AssetBase asset = CreateAsset(itemBase.Name, itemBase.Description, (sbyte)itemBase.AssetType, Encoding.ASCII.GetBytes("default\n{\n state_entry()\n {\n llSay(0, \"Script running\");\n }\n}")); AssetBase asset = CreateAsset(itemBase.Name, itemBase.Description, (sbyte)itemBase.AssetType, Encoding.ASCII.GetBytes("default\n{\n state_entry()\n {\n llSay(0, \"Script running\");\n }\n}"));
AssetCache.AddAsset(asset); AssetCache.AddAsset(asset);
TaskInventoryItem taskItem=new TaskInventoryItem(); TaskInventoryItem taskItem = new TaskInventoryItem();
taskItem.ResetIDs(itemBase.Folder); taskItem.ResetIDs(itemBase.Folder);
taskItem.ParentID = itemBase.Folder; taskItem.ParentID = itemBase.Folder;

4
OpenSim/Region/Environment/Scenes/SceneExternalChecks.cs
View File

@ -1070,7 +1070,7 @@ namespace OpenSim.Region.Environment.Scenes
#endregion #endregion
public delegate bool CanCreateInventory(uint invType, UUID objectID, UUID userID); public delegate bool CanCreateInventory(int invType, UUID objectID, UUID userID);
private List<CanCreateInventory> CanCreateInventoryCheckFunctions = new List<CanCreateInventory>(); private List<CanCreateInventory> CanCreateInventoryCheckFunctions = new List<CanCreateInventory>();
public void addCheckCanCreateInventory(CanCreateInventory delegateFunc) public void addCheckCanCreateInventory(CanCreateInventory delegateFunc)
@ -1085,7 +1085,7 @@ namespace OpenSim.Region.Environment.Scenes
CanCreateInventoryCheckFunctions.Remove(delegateFunc); CanCreateInventoryCheckFunctions.Remove(delegateFunc);
} }
public bool ExternalChecksCanCreateInventory(uint invType, UUID objectID, UUID userID) public bool ExternalChecksCanCreateInventory(int invType, UUID objectID, UUID userID)
{ {
foreach (CanCreateInventory check in CanCreateInventoryCheckFunctions) foreach (CanCreateInventory check in CanCreateInventoryCheckFunctions)
{ {

3
bin/OpenSim.ini.example
View File

@ -111,6 +111,7 @@
;permissionmodules = "DefaultPermissionsModule" ;permissionmodules = "DefaultPermissionsModule"
serverside_object_permissions = false serverside_object_permissions = false
allow_grid_gods = false allow_grid_gods = false
; This allows somne control over permissions ; This allows somne control over permissions
; please note that this still doesn't duplicate SL, and is not intended to ; please note that this still doesn't duplicate SL, and is not intended to
;region_owner_is_god = true ;region_owner_is_god = true
@ -212,6 +213,7 @@
; user_send_key and user_recv_key, too ; user_send_key and user_recv_key, too
messaging_server_url = "http://127.0.0.1:8006" messaging_server_url = "http://127.0.0.1:8006"
[ClientStack.LindenUDP] [ClientStack.LindenUDP]
; This is the multiplier applied to all client throttles for outgoing UDP network data ; This is the multiplier applied to all client throttles for outgoing UDP network data
; If it is set to 1, then we obey the throttle settings as given to us by the client. If it is set to 3, for example, then we ; If it is set to 1, then we obey the throttle settings as given to us by the client. If it is set to 3, for example, then we
@ -432,6 +434,7 @@
dump-line-size=32 dump-line-size=32
flush-on-error=true flush-on-error=true
; Uncomment the following for IRC bridge ; Uncomment the following for IRC bridge
; experimental, so if it breaks... keep both parts... yada yada ; experimental, so if it breaks... keep both parts... yada yada
; also, not good error detection when it fails ; also, not good error detection when it fails