Changes osFunction permissions again. Allow_ with a list of UUIDs now again
refers to prim OWNERS. A new option set, Creators_, is added to allow selection by script creator. For existing installs, this means no functional change. The warning from my prior commit doesn't apply anymore.soprefactor
Melanie Thielker
Melanie
parent
bfcac0ede8
commit
f1a1d7a521
|
|
@ -105,6 +105,18 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
|
||||||
// modification of user data, or allows the compromise of
|
// modification of user data, or allows the compromise of
|
||||||
// sensitive data by design.
|
// sensitive data by design.
|
||||||
|
|
||||||
|
class FunctionPerms
|
||||||
|
{
|
||||||
|
public List<UUID> AllowedCreators;
|
||||||
|
public List<UUID> AllowedOwners;
|
||||||
|
|
||||||
|
public FunctionPerms()
|
||||||
|
{
|
||||||
|
AllowedCreators = new List<UUID>();
|
||||||
|
AllowedOwners = new List<UUID>();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
[Serializable]
|
[Serializable]
|
||||||
public class OSSL_Api : MarshalByRefObject, IOSSL_Api, IScriptApi
|
public class OSSL_Api : MarshalByRefObject, IOSSL_Api, IScriptApi
|
||||||
{
|
{
|
||||||
|
|
@ -117,7 +129,7 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
|
||||||
internal ThreatLevel m_MaxThreatLevel = ThreatLevel.VeryLow;
|
internal ThreatLevel m_MaxThreatLevel = ThreatLevel.VeryLow;
|
||||||
internal float m_ScriptDelayFactor = 1.0f;
|
internal float m_ScriptDelayFactor = 1.0f;
|
||||||
internal float m_ScriptDistanceFactor = 1.0f;
|
internal float m_ScriptDistanceFactor = 1.0f;
|
||||||
internal Dictionary<string, List<UUID> > m_FunctionPerms = new Dictionary<string, List<UUID> >();
|
internal Dictionary<string, FunctionPerms > m_FunctionPerms = new Dictionary<string, FunctionPerms >();
|
||||||
|
|
||||||
public void Initialize(IScriptEngine ScriptEngine, SceneObjectPart host, uint localID, UUID itemID)
|
public void Initialize(IScriptEngine ScriptEngine, SceneObjectPart host, uint localID, UUID itemID)
|
||||||
{
|
{
|
||||||
|
|
@ -217,31 +229,33 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
|
||||||
|
|
||||||
if (!m_FunctionPerms.ContainsKey(function))
|
if (!m_FunctionPerms.ContainsKey(function))
|
||||||
{
|
{
|
||||||
string perm = m_ScriptEngine.Config.GetString("Allow_" + function, "");
|
FunctionPerms perms = new FunctionPerms();
|
||||||
if (perm == "")
|
m_FunctionPerms[function] = perms;
|
||||||
|
|
||||||
|
string ownerPerm = m_ScriptEngine.Config.GetString("Allow_" + function, "");
|
||||||
|
string creatorPerm = m_ScriptEngine.Config.GetString("Creators_" + function, "");
|
||||||
|
if (ownerPerm == "" && creatorPerm == "")
|
||||||
{
|
{
|
||||||
m_FunctionPerms[function] = null; // a null value is default
|
// Default behavior
|
||||||
|
perms.AllowedOwners = null;
|
||||||
|
perms.AllowedCreators = null;
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
bool allowed;
|
bool allowed;
|
||||||
|
|
||||||
if (bool.TryParse(perm, out allowed))
|
if (bool.TryParse(ownerPerm, out allowed))
|
||||||
{
|
{
|
||||||
// Boolean given
|
// Boolean given
|
||||||
if (allowed)
|
if (allowed)
|
||||||
{
|
{
|
||||||
m_FunctionPerms[function] = new List<UUID>();
|
// Allow globally
|
||||||
m_FunctionPerms[function].Add(UUID.Zero);
|
perms.AllowedOwners.Add(UUID.Zero);
|
||||||
}
|
}
|
||||||
else
|
|
||||||
m_FunctionPerms[function] = new List<UUID>(); // Empty list = none
|
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
m_FunctionPerms[function] = new List<UUID>();
|
string[] ids = ownerPerm.Split(new char[] {','});
|
||||||
|
|
||||||
string[] ids = perm.Split(new char[] {','});
|
|
||||||
foreach (string id in ids)
|
foreach (string id in ids)
|
||||||
{
|
{
|
||||||
string current = id.Trim();
|
string current = id.Trim();
|
||||||
|
|
@ -250,7 +264,20 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
|
||||||
if (UUID.TryParse(current, out uuid))
|
if (UUID.TryParse(current, out uuid))
|
||||||
{
|
{
|
||||||
if (uuid != UUID.Zero)
|
if (uuid != UUID.Zero)
|
||||||
m_FunctionPerms[function].Add(uuid);
|
perms.AllowedOwners.Add(uuid);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
ids = creatorPerm.Split(new char[] {','});
|
||||||
|
foreach (string id in ids)
|
||||||
|
{
|
||||||
|
string current = id.Trim();
|
||||||
|
UUID uuid;
|
||||||
|
|
||||||
|
if (UUID.TryParse(current, out uuid))
|
||||||
|
{
|
||||||
|
if (uuid != UUID.Zero)
|
||||||
|
perms.AllowedCreators.Add(uuid);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -266,8 +293,9 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
|
||||||
//
|
//
|
||||||
// To allow use by anyone, the list contains UUID.Zero
|
// To allow use by anyone, the list contains UUID.Zero
|
||||||
//
|
//
|
||||||
if (m_FunctionPerms[function] == null) // No list = true
|
if (m_FunctionPerms[function].AllowedOwners == null)
|
||||||
{
|
{
|
||||||
|
// Allow / disallow by threat level
|
||||||
if (level > m_MaxThreatLevel)
|
if (level > m_MaxThreatLevel)
|
||||||
OSSLError(
|
OSSLError(
|
||||||
String.Format(
|
String.Format(
|
||||||
|
|
@ -276,8 +304,15 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
if (!m_FunctionPerms[function].Contains(UUID.Zero))
|
if (!m_FunctionPerms[function].AllowedOwners.Contains(UUID.Zero))
|
||||||
{
|
{
|
||||||
|
// Not anyone. Do detailed checks
|
||||||
|
if (m_FunctionPerms[function].AllowedOwners.Contains(m_host.OwnerID))
|
||||||
|
{
|
||||||
|
// prim owner is in the list of allowed owners
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
TaskInventoryItem ti = m_host.Inventory.GetInventoryItem(m_itemID);
|
TaskInventoryItem ti = m_host.Inventory.GetInventoryItem(m_itemID);
|
||||||
if (ti == null)
|
if (ti == null)
|
||||||
{
|
{
|
||||||
|
|
@ -285,9 +320,9 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
|
||||||
String.Format("{0} permission error. Can't find script in prim inventory.",
|
String.Format("{0} permission error. Can't find script in prim inventory.",
|
||||||
function));
|
function));
|
||||||
}
|
}
|
||||||
if (!m_FunctionPerms[function].Contains(ti.CreatorID))
|
if (!m_FunctionPerms[function].AllowedCreators.Contains(ti.CreatorID))
|
||||||
OSSLError(
|
OSSLError(
|
||||||
String.Format("{0} permission denied. Script creator is not in the list of users allowed to execute this function.",
|
String.Format("{0} permission denied. Script creator is not in the list of users allowed to execute this function and prim owner also has no permission.",
|
||||||
function));
|
function));
|
||||||
if (ti.CreatorID != ti.OwnerID)
|
if (ti.CreatorID != ti.OwnerID)
|
||||||
{
|
{
|
||||||
|
|
|
||||||
|
|
@ -979,6 +979,12 @@
|
||||||
; Comma separated list of UUIDS allows the function for that list of UUIDS
|
; Comma separated list of UUIDS allows the function for that list of UUIDS
|
||||||
; Allow_osSetRegionWaterHeight = 888760cb-a3cf-43ac-8ea4-8732fd3ee2bb
|
; Allow_osSetRegionWaterHeight = 888760cb-a3cf-43ac-8ea4-8732fd3ee2bb
|
||||||
|
|
||||||
|
; You can also use script creators as the uuid
|
||||||
|
; Creators_osSetRegionWaterHeight = <uuid>, ...
|
||||||
|
|
||||||
|
; If both Allow_ and Creators_ are given, effective permissions
|
||||||
|
; are the union of the two.
|
||||||
|
|
||||||
; Allow for llCreateLink and llBreakLink to work without asking for permission
|
; Allow for llCreateLink and llBreakLink to work without asking for permission
|
||||||
; only enable this in a trusted environment otherwise you may be subject to hijacking
|
; only enable this in a trusted environment otherwise you may be subject to hijacking
|
||||||
; AutomaticLinkPermission = false
|
; AutomaticLinkPermission = false
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue