Changes osFunction permissions again. Allow_ with a list of UUIDs now again

refers to prim OWNERS. A new option set, Creators_, is added to allow
selection by script creator. For existing installs, this means no functional
change. The warning from my prior commit doesn't apply anymore.
soprefactor
Melanie Thielker 2010-05-30 15:46:54 +02:00 committed by Melanie
parent bfcac0ede8
commit f1a1d7a521
2 changed files with 58 additions and 17 deletions

View File

@ -105,6 +105,18 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
// modification of user data, or allows the compromise of // modification of user data, or allows the compromise of
// sensitive data by design. // sensitive data by design.
class FunctionPerms
{
public List<UUID> AllowedCreators;
public List<UUID> AllowedOwners;
public FunctionPerms()
{
AllowedCreators = new List<UUID>();
AllowedOwners = new List<UUID>();
}
}
[Serializable] [Serializable]
public class OSSL_Api : MarshalByRefObject, IOSSL_Api, IScriptApi public class OSSL_Api : MarshalByRefObject, IOSSL_Api, IScriptApi
{ {
@ -117,7 +129,7 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
internal ThreatLevel m_MaxThreatLevel = ThreatLevel.VeryLow; internal ThreatLevel m_MaxThreatLevel = ThreatLevel.VeryLow;
internal float m_ScriptDelayFactor = 1.0f; internal float m_ScriptDelayFactor = 1.0f;
internal float m_ScriptDistanceFactor = 1.0f; internal float m_ScriptDistanceFactor = 1.0f;
internal Dictionary<string, List<UUID> > m_FunctionPerms = new Dictionary<string, List<UUID> >(); internal Dictionary<string, FunctionPerms > m_FunctionPerms = new Dictionary<string, FunctionPerms >();
public void Initialize(IScriptEngine ScriptEngine, SceneObjectPart host, uint localID, UUID itemID) public void Initialize(IScriptEngine ScriptEngine, SceneObjectPart host, uint localID, UUID itemID)
{ {
@ -217,31 +229,33 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
if (!m_FunctionPerms.ContainsKey(function)) if (!m_FunctionPerms.ContainsKey(function))
{ {
string perm = m_ScriptEngine.Config.GetString("Allow_" + function, ""); FunctionPerms perms = new FunctionPerms();
if (perm == "") m_FunctionPerms[function] = perms;
string ownerPerm = m_ScriptEngine.Config.GetString("Allow_" + function, "");
string creatorPerm = m_ScriptEngine.Config.GetString("Creators_" + function, "");
if (ownerPerm == "" && creatorPerm == "")
{ {
m_FunctionPerms[function] = null; // a null value is default // Default behavior
perms.AllowedOwners = null;
perms.AllowedCreators = null;
} }
else else
{ {
bool allowed; bool allowed;
if (bool.TryParse(perm, out allowed)) if (bool.TryParse(ownerPerm, out allowed))
{ {
// Boolean given // Boolean given
if (allowed) if (allowed)
{ {
m_FunctionPerms[function] = new List<UUID>(); // Allow globally
m_FunctionPerms[function].Add(UUID.Zero); perms.AllowedOwners.Add(UUID.Zero);
} }
else
m_FunctionPerms[function] = new List<UUID>(); // Empty list = none
} }
else else
{ {
m_FunctionPerms[function] = new List<UUID>(); string[] ids = ownerPerm.Split(new char[] {','});
string[] ids = perm.Split(new char[] {','});
foreach (string id in ids) foreach (string id in ids)
{ {
string current = id.Trim(); string current = id.Trim();
@ -250,7 +264,20 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
if (UUID.TryParse(current, out uuid)) if (UUID.TryParse(current, out uuid))
{ {
if (uuid != UUID.Zero) if (uuid != UUID.Zero)
m_FunctionPerms[function].Add(uuid); perms.AllowedOwners.Add(uuid);
}
}
ids = creatorPerm.Split(new char[] {','});
foreach (string id in ids)
{
string current = id.Trim();
UUID uuid;
if (UUID.TryParse(current, out uuid))
{
if (uuid != UUID.Zero)
perms.AllowedCreators.Add(uuid);
} }
} }
} }
@ -266,8 +293,9 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
// //
// To allow use by anyone, the list contains UUID.Zero // To allow use by anyone, the list contains UUID.Zero
// //
if (m_FunctionPerms[function] == null) // No list = true if (m_FunctionPerms[function].AllowedOwners == null)
{ {
// Allow / disallow by threat level
if (level > m_MaxThreatLevel) if (level > m_MaxThreatLevel)
OSSLError( OSSLError(
String.Format( String.Format(
@ -276,8 +304,15 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
} }
else else
{ {
if (!m_FunctionPerms[function].Contains(UUID.Zero)) if (!m_FunctionPerms[function].AllowedOwners.Contains(UUID.Zero))
{ {
// Not anyone. Do detailed checks
if (m_FunctionPerms[function].AllowedOwners.Contains(m_host.OwnerID))
{
// prim owner is in the list of allowed owners
return;
}
TaskInventoryItem ti = m_host.Inventory.GetInventoryItem(m_itemID); TaskInventoryItem ti = m_host.Inventory.GetInventoryItem(m_itemID);
if (ti == null) if (ti == null)
{ {
@ -285,9 +320,9 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
String.Format("{0} permission error. Can't find script in prim inventory.", String.Format("{0} permission error. Can't find script in prim inventory.",
function)); function));
} }
if (!m_FunctionPerms[function].Contains(ti.CreatorID)) if (!m_FunctionPerms[function].AllowedCreators.Contains(ti.CreatorID))
OSSLError( OSSLError(
String.Format("{0} permission denied. Script creator is not in the list of users allowed to execute this function.", String.Format("{0} permission denied. Script creator is not in the list of users allowed to execute this function and prim owner also has no permission.",
function)); function));
if (ti.CreatorID != ti.OwnerID) if (ti.CreatorID != ti.OwnerID)
{ {

View File

@ -979,6 +979,12 @@
; Comma separated list of UUIDS allows the function for that list of UUIDS ; Comma separated list of UUIDS allows the function for that list of UUIDS
; Allow_osSetRegionWaterHeight = 888760cb-a3cf-43ac-8ea4-8732fd3ee2bb ; Allow_osSetRegionWaterHeight = 888760cb-a3cf-43ac-8ea4-8732fd3ee2bb
; You can also use script creators as the uuid
; Creators_osSetRegionWaterHeight = <uuid>, ...
; If both Allow_ and Creators_ are given, effective permissions
; are the union of the two.
; Allow for llCreateLink and llBreakLink to work without asking for permission ; Allow for llCreateLink and llBreakLink to work without asking for permission
; only enable this in a trusted environment otherwise you may be subject to hijacking ; only enable this in a trusted environment otherwise you may be subject to hijacking
; AutomaticLinkPermission = false ; AutomaticLinkPermission = false