123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513 |
- /*
- * Copyright (c) Contributors, http://opensimulator.org/
- * See CONTRIBUTORS.TXT for a full list of copyright holders.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- * * Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * * Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * * Neither the name of the OpenSimulator Project nor the
- * names of its contributors may be used to endorse or promote products
- * derived from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
- * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY
- * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
- using System;
- using System.CodeDom.Compiler;
- using System.Collections;
- using System.Collections.Generic;
- using System.Diagnostics;
- using System.IO;
- using System.Reflection;
- using System.Security;
- using System.Security.Permissions;
- using System.Security.Policy;
- using System.Text;
- using log4net;
- using Microsoft.CSharp;
- using Nini.Config;
- using OpenMetaverse;
- using OpenSim.Framework;
- using OpenSim.Region.Framework.Interfaces;
- using OpenSim.Region.Framework.Scenes;
- namespace OpenSim.Region.OptionalModules.Scripting.Minimodule
- {
- public class MRMModule : IRegionModule, IMRMModule
- {
- private static readonly ILog m_log = LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType);
- private Scene m_scene;
-
- private readonly Dictionary<UUID,MRMBase> m_scripts = new Dictionary<UUID, MRMBase>();
- private readonly Dictionary<Type,object> m_extensions = new Dictionary<Type, object>();
- private static readonly CSharpCodeProvider CScodeProvider = new CSharpCodeProvider();
- private readonly MicroScheduler m_microthreads = new MicroScheduler();
- private IConfig m_config;
- public void RegisterExtension<T>(T instance)
- {
- m_extensions[typeof (T)] = instance;
- }
- public void Initialise(Scene scene, IConfigSource source)
- {
- if (source.Configs["MRM"] != null)
- {
- m_config = source.Configs["MRM"];
- if (source.Configs["MRM"].GetBoolean("Enabled", false))
- {
- m_log.Info("[MRM] Enabling MRM Module");
- m_scene = scene;
-
- // when hidden, we don't listen for client initiated script events
- // only making the MRM engine available for region modules
- if (!source.Configs["MRM"].GetBoolean("Hidden", false))
- {
- scene.EventManager.OnRezScript += EventManager_OnRezScript;
- scene.EventManager.OnStopScript += EventManager_OnStopScript;
- }
-
- scene.EventManager.OnFrame += EventManager_OnFrame;
- scene.RegisterModuleInterface<IMRMModule>(this);
- }
- else
- {
- m_log.Info("[MRM] Disabled MRM Module (Disabled in ini)");
- }
- }
- else
- {
- m_log.Info("[MRM] Disabled MRM Module (Default disabled)");
- }
- }
- void EventManager_OnStopScript(uint localID, UUID itemID)
- {
- if (m_scripts.ContainsKey(itemID))
- {
- m_scripts[itemID].Stop();
- }
- }
- void EventManager_OnFrame()
- {
- m_microthreads.Tick(1000);
- }
- static string ConvertMRMKeywords(string script)
- {
- script = script.Replace("microthreaded void ", "IEnumerable");
- script = script.Replace("relax;", "yield return null;");
- return script;
- }
- /// <summary>
- /// Create an AppDomain that contains policy restricting code to execute
- /// with only the permissions granted by a named permission set
- /// </summary>
- /// <param name="permissionSetName">name of the permission set to restrict to</param>
- /// <param name="appDomainName">'friendly' name of the appdomain to be created</param>
- /// <exception cref="ArgumentNullException">
- /// if <paramref name="permissionSetName"/> is null
- /// </exception>
- /// <exception cref="ArgumentOutOfRangeException">
- /// if <paramref name="permissionSetName"/> is empty
- /// </exception>
- /// <returns>AppDomain with a restricted security policy</returns>
- /// <remarks>Substantial portions of this function from: http://blogs.msdn.com/shawnfa/archive/2004/10/25/247379.aspx
- /// Valid permissionSetName values are:
- /// * FullTrust
- /// * SkipVerification
- /// * Execution
- /// * Nothing
- /// * LocalIntranet
- /// * Internet
- /// * Everything
- /// </remarks>
- public static AppDomain CreateRestrictedDomain(string permissionSetName, string appDomainName)
- {
- if (permissionSetName == null)
- throw new ArgumentNullException("permissionSetName");
- if (permissionSetName.Length == 0)
- throw new ArgumentOutOfRangeException("permissionSetName", permissionSetName,
- "Cannot have an empty permission set name");
- // Default to all code getting nothing
- PolicyStatement emptyPolicy = new PolicyStatement(new PermissionSet(PermissionState.None));
- UnionCodeGroup policyRoot = new UnionCodeGroup(new AllMembershipCondition(), emptyPolicy);
- bool foundName = false;
- PermissionSet setIntersection = new PermissionSet(PermissionState.Unrestricted);
- // iterate over each policy level
- IEnumerator levelEnumerator = SecurityManager.PolicyHierarchy();
- while (levelEnumerator.MoveNext())
- {
- PolicyLevel level = levelEnumerator.Current as PolicyLevel;
- // if this level has defined a named permission set with the
- // given name, then intersect it with what we've retrieved
- // from all the previous levels
- if (level != null)
- {
- PermissionSet levelSet = level.GetNamedPermissionSet(permissionSetName);
- if (levelSet != null)
- {
- foundName = true;
- if (setIntersection != null)
- setIntersection = setIntersection.Intersect(levelSet);
- }
- }
- }
- // Intersect() can return null for an empty set, so convert that
- // to an empty set object. Also return an empty set if we didn't find
- // the named permission set we were looking for
- if (setIntersection == null || !foundName)
- setIntersection = new PermissionSet(PermissionState.None);
- else
- setIntersection = new NamedPermissionSet(permissionSetName, setIntersection);
- // if no named permission sets were found, return an empty set,
- // otherwise return the set that was found
- PolicyStatement permissions = new PolicyStatement(setIntersection);
- policyRoot.AddChild(new UnionCodeGroup(new AllMembershipCondition(), permissions));
- // create an AppDomain policy level for the policy tree
- PolicyLevel appDomainLevel = PolicyLevel.CreateAppDomainLevel();
- appDomainLevel.RootCodeGroup = policyRoot;
- // create an AppDomain where this policy will be in effect
- string domainName = appDomainName;
- AppDomain restrictedDomain = AppDomain.CreateDomain(domainName);
- restrictedDomain.SetAppDomainPolicy(appDomainLevel);
- return restrictedDomain;
- }
- void EventManager_OnRezScript(uint localID, UUID itemID, string script, int startParam, bool postOnRez, string engine, int stateSource)
- {
- if (script.StartsWith("//MRM:C#"))
- {
- if (m_config.GetBoolean("OwnerOnly", true))
- if (m_scene.GetSceneObjectPart(localID).OwnerID != m_scene.RegionInfo.MasterAvatarAssignedUUID
- || m_scene.GetSceneObjectPart(localID).CreatorID != m_scene.RegionInfo.MasterAvatarAssignedUUID)
- return;
- script = ConvertMRMKeywords(script);
- try
- {
- AppDomain target;
- if (m_config.GetBoolean("Sandboxed", true))
- {
- m_log.Info("[MRM] Found C# MRM - Starting in AppDomain with " +
- m_config.GetString("SandboxLevel", "Internet") + "-level security.");
- string domainName = UUID.Random().ToString();
- target = CreateRestrictedDomain(m_config.GetString("SandboxLevel", "Internet"),
- domainName);
- }
- else
- {
- m_log.Info("[MRM] Found C# MRM - Starting in current AppDomain");
- m_log.Warn(
- "[MRM] Security Risk: AppDomain is run in current context. Use only in trusted environments.");
- target = AppDomain.CurrentDomain;
- }
- m_log.Info("[MRM] Unwrapping into target AppDomain");
- MRMBase mmb = (MRMBase) target.CreateInstanceFromAndUnwrap(
- CompileFromDotNetText(script, itemID.ToString()),
- "OpenSim.MiniModule");
- m_log.Info("[MRM] Initialising MRM Globals");
- InitializeMRM(mmb, localID, itemID);
- m_scripts[itemID] = mmb;
- m_log.Info("[MRM] Starting MRM");
- mmb.Start();
- }
- catch (UnauthorizedAccessException e)
- {
- m_log.Error("[MRM] UAE " + e.Message);
- m_log.Error("[MRM] " + e.StackTrace);
- if (e.InnerException != null)
- m_log.Error("[MRM] " + e.InnerException);
- m_scene.ForEachClient(delegate(IClientAPI user)
- {
- user.SendAlertMessage(
- "MRM UnAuthorizedAccess: " + e);
- });
- }
- catch (Exception e)
- {
- m_log.Info("[MRM] Error: " + e);
- m_scene.ForEachClient(delegate(IClientAPI user)
- {
- user.SendAlertMessage(
- "Compile error while building MRM script, check OpenSim console for more information.");
- });
- }
- }
- }
- public void GetGlobalEnvironment(uint localID, out IWorld world, out IHost host)
- {
- // UUID should be changed to object owner.
- UUID owner = m_scene.RegionInfo.MasterAvatarAssignedUUID;
- SEUser securityUser = new SEUser(owner, "Name Unassigned");
- SecurityCredential creds = new SecurityCredential(securityUser, m_scene);
- world = new World(m_scene, creds);
- host = new Host(new SOPObject(m_scene, localID, creds), m_scene, new ExtensionHandler(m_extensions),
- m_microthreads);
- }
- public void InitializeMRM(MRMBase mmb, uint localID, UUID itemID)
- {
- m_log.Info("[MRM] Created MRM Instance");
- IWorld world;
- IHost host;
- GetGlobalEnvironment(localID, out world, out host);
- mmb.InitMiniModule(world, host, itemID);
- }
- public void PostInitialise()
- {
-
- }
- public void Close()
- {
- foreach (KeyValuePair<UUID, MRMBase> pair in m_scripts)
- {
- pair.Value.Stop();
- }
- }
- public string Name
- {
- get { return "MiniRegionModule"; }
- }
- public bool IsSharedModule
- {
- get { return false; }
- }
- /// <summary>
- /// Stolen from ScriptEngine Common
- /// </summary>
- /// <param name="Script"></param>
- /// <param name="uuid">Unique ID for this module</param>
- /// <returns></returns>
- internal string CompileFromDotNetText(string Script, string uuid)
- {
- m_log.Info("MRM 1");
- const string ext = ".cs";
- const string FilePrefix = "MiniModule";
- // Output assembly name
- string OutFile = Path.Combine("MiniModules", Path.Combine(
- m_scene.RegionInfo.RegionID.ToString(),
- FilePrefix + "_compiled_" + uuid + "_" +
- Util.RandomClass.Next(9000) + ".dll"));
- // Create Directories for Assemblies
- if (!Directory.Exists("MiniModules"))
- Directory.CreateDirectory("MiniModules");
- string tmp = Path.Combine("MiniModules", m_scene.RegionInfo.RegionID.ToString());
- if (!Directory.Exists(tmp))
- Directory.CreateDirectory(tmp);
- m_log.Info("MRM 2");
- try
- {
- File.Delete(OutFile);
- }
- catch (UnauthorizedAccessException e)
- {
- throw new Exception("Unable to delete old existing " +
- "script-file before writing new. Compile aborted: " +
- e);
- }
- catch (IOException e)
- {
- throw new Exception("Unable to delete old existing " +
- "script-file before writing new. Compile aborted: " +
- e);
- }
- m_log.Info("MRM 3");
- // DEBUG - write source to disk
- string srcFileName = FilePrefix + "_source_" +
- Path.GetFileNameWithoutExtension(OutFile) + ext;
- try
- {
- File.WriteAllText(Path.Combine(Path.Combine(
- "MiniModules",
- m_scene.RegionInfo.RegionID.ToString()),
- srcFileName), Script);
- }
- catch (Exception ex) //NOTLEGIT - Should be just FileIOException
- {
- m_log.Error("[Compiler]: Exception while " +
- "trying to write script source to file \"" +
- srcFileName + "\": " + ex);
- }
- m_log.Info("MRM 4");
- // Do actual compile
- CompilerParameters parameters = new CompilerParameters();
- parameters.IncludeDebugInformation = true;
- string rootPath =
- Path.GetDirectoryName(AppDomain.CurrentDomain.BaseDirectory);
- List<string> libraries = new List<string>();
- string[] lines = Script.Split(new string[] {"\n"}, StringSplitOptions.RemoveEmptyEntries);
- foreach (string s in lines)
- {
- if (s.StartsWith("//@DEPENDS:"))
- {
- libraries.Add(s.Replace("//@DEPENDS:", ""));
- }
- }
- libraries.Add("OpenSim.Region.OptionalModules.dll");
- libraries.Add("OpenMetaverseTypes.dll");
- libraries.Add("log4net.dll");
- foreach (string library in libraries)
- {
- parameters.ReferencedAssemblies.Add(Path.Combine(rootPath, library));
- }
- parameters.GenerateExecutable = false;
- parameters.OutputAssembly = OutFile;
- parameters.IncludeDebugInformation = true;
- parameters.TreatWarningsAsErrors = false;
- m_log.Info("MRM 5");
- CompilerResults results = CScodeProvider.CompileAssemblyFromSource(
- parameters, Script);
- m_log.Info("MRM 6");
- int display = 5;
- if (results.Errors.Count > 0)
- {
- string errtext = String.Empty;
- foreach (CompilerError CompErr in results.Errors)
- {
- // Show 5 errors max
- //
- if (display <= 0)
- break;
- display--;
- string severity = "Error";
- if (CompErr.IsWarning)
- {
- severity = "Warning";
- }
- string text = CompErr.ErrorText;
- // The Second Life viewer's script editor begins
- // countingn lines and columns at 0, so we subtract 1.
- errtext += String.Format("Line ({0},{1}): {4} {2}: {3}\n",
- CompErr.Line - 1, CompErr.Column - 1,
- CompErr.ErrorNumber, text, severity);
- }
- if (!File.Exists(OutFile))
- {
- throw new Exception(errtext);
- }
- }
- m_log.Info("MRM 7");
- if (!File.Exists(OutFile))
- {
- string errtext = String.Empty;
- errtext += "No compile error. But not able to locate compiled file.";
- throw new Exception(errtext);
- }
- FileInfo fi = new FileInfo(OutFile);
- Byte[] data = new Byte[fi.Length];
- try
- {
- FileStream fs = File.Open(OutFile, FileMode.Open, FileAccess.Read);
- fs.Read(data, 0, data.Length);
- fs.Close();
- }
- catch (IOException)
- {
- string errtext = String.Empty;
- errtext += "No compile error. But not able to open file.";
- throw new Exception(errtext);
- }
- m_log.Info("MRM 8");
- // Convert to base64
- //
- string filetext = Convert.ToBase64String(data);
- ASCIIEncoding enc = new ASCIIEncoding();
- Byte[] buf = enc.GetBytes(filetext);
- m_log.Info("MRM 9");
- FileStream sfs = File.Create(OutFile + ".cil.b64");
- sfs.Write(buf, 0, buf.Length);
- sfs.Close();
- m_log.Info("MRM 10");
- return OutFile;
- }
- }
- }
|