diff options
author | Melanie Thielker | 2008-07-12 06:24:43 +0000 |
---|---|---|
committer | Melanie Thielker | 2008-07-12 06:24:43 +0000 |
commit | f629fdb88d35d1c2f0a3ce97fdd7d9acdc25e11f (patch) | |
tree | c844e2aa064ef816bd2c5cb787af7812cbf04d5a | |
parent | Passes prim physical status to mesher from physics plugins (diff) | |
download | opensim-SC-f629fdb88d35d1c2f0a3ce97fdd7d9acdc25e11f.zip opensim-SC-f629fdb88d35d1c2f0a3ce97fdd7d9acdc25e11f.tar.gz opensim-SC-f629fdb88d35d1c2f0a3ce97fdd7d9acdc25e11f.tar.bz2 opensim-SC-f629fdb88d35d1c2f0a3ce97fdd7d9acdc25e11f.tar.xz |
Patches #9143 and #9144 (Mantis #1723)
Changes the permissions module to make scripts permissive only when intended
Adds security checks to asset transfers to prevent hacked clients fron
requesting script sources.
Adds security checks to llClientView to verify all aspects of ownership
and permissions for inventory based script retrieval.
3 files changed, 68 insertions, 2 deletions
diff --git a/OpenSim/Framework/Communications/Cache/AssetCache.cs b/OpenSim/Framework/Communications/Cache/AssetCache.cs index d0bcc98..90b0a10 100644 --- a/OpenSim/Framework/Communications/Cache/AssetCache.cs +++ b/OpenSim/Framework/Communications/Cache/AssetCache.cs | |||
@@ -445,7 +445,10 @@ namespace OpenSim.Framework.Communications.Cache | |||
445 | req.NumPackets = CalculateNumPackets(assetInf.Data); | 445 | req.NumPackets = CalculateNumPackets(assetInf.Data); |
446 | 446 | ||
447 | RequestedAssets.Remove(assetInf.FullID); | 447 | RequestedAssets.Remove(assetInf.FullID); |
448 | AssetRequests.Add(req); | 448 | // If it's a direct request for a script, drop it |
449 | // because it's a hacked client | ||
450 | if(req.AssetRequestSource != 2 || assetInf.Type != 10) | ||
451 | AssetRequests.Add(req); | ||
449 | } | 452 | } |
450 | } | 453 | } |
451 | } | 454 | } |
@@ -609,6 +612,10 @@ namespace OpenSim.Framework.Communications.Cache | |||
609 | return; | 612 | return; |
610 | } | 613 | } |
611 | 614 | ||
615 | // Scripts cannot be retrieved by direct request | ||
616 | if (transferRequest.TransferInfo.SourceType == 2 && asset.Type == 10) | ||
617 | return; | ||
618 | |||
612 | // The asset is knosn to exist and is in our cache, so add it to the AssetRequests list | 619 | // The asset is knosn to exist and is in our cache, so add it to the AssetRequests list |
613 | AssetRequest req = new AssetRequest(); | 620 | AssetRequest req = new AssetRequest(); |
614 | req.RequestUser = userInfo; | 621 | req.RequestUser = userInfo; |
diff --git a/OpenSim/Region/ClientStack/LindenUDP/LLClientView.cs b/OpenSim/Region/ClientStack/LindenUDP/LLClientView.cs index 8293319..7f95ddd 100644 --- a/OpenSim/Region/ClientStack/LindenUDP/LLClientView.cs +++ b/OpenSim/Region/ClientStack/LindenUDP/LLClientView.cs | |||
@@ -5110,6 +5110,65 @@ namespace OpenSim.Region.ClientStack.LindenUDP | |||
5110 | case PacketType.TransferRequest: | 5110 | case PacketType.TransferRequest: |
5111 | //Console.WriteLine("ClientView.ProcessPackets.cs:ProcessInPacket() - Got transfer request"); | 5111 | //Console.WriteLine("ClientView.ProcessPackets.cs:ProcessInPacket() - Got transfer request"); |
5112 | TransferRequestPacket transfer = (TransferRequestPacket)Pack; | 5112 | TransferRequestPacket transfer = (TransferRequestPacket)Pack; |
5113 | // Validate inventory transfers | ||
5114 | // Has to be done here, because AssetCache can't do it | ||
5115 | // | ||
5116 | if (transfer.TransferInfo.SourceType == 3) | ||
5117 | { | ||
5118 | LLUUID taskID = null; | ||
5119 | LLUUID itemID = null; | ||
5120 | LLUUID requestID = null; | ||
5121 | taskID = new LLUUID(transfer.TransferInfo.Params, 48); | ||
5122 | itemID = new LLUUID(transfer.TransferInfo.Params, 64); | ||
5123 | requestID = new LLUUID(transfer.TransferInfo.Params, 80); | ||
5124 | if (!(((Scene)m_scene).ExternalChecks.ExternalChecksBypassPermissions())) | ||
5125 | { | ||
5126 | if(taskID != LLUUID.Zero) // Prim | ||
5127 | { | ||
5128 | SceneObjectPart part = ((Scene)m_scene).GetSceneObjectPart(taskID); | ||
5129 | if(part == null) | ||
5130 | break; | ||
5131 | |||
5132 | if(part.OwnerID != AgentId) | ||
5133 | break; | ||
5134 | |||
5135 | if((part.OwnerMask & (uint)PermissionMask.Modify) == 0) | ||
5136 | break; | ||
5137 | |||
5138 | TaskInventoryItem ti = part.GetInventoryItem(itemID); | ||
5139 | if(ti == null) | ||
5140 | break; | ||
5141 | |||
5142 | if(ti.OwnerID != AgentId) | ||
5143 | break; | ||
5144 | |||
5145 | if((ti.OwnerMask & ((uint)PermissionMask.Modify| (uint)PermissionMask.Copy | (uint)PermissionMask.Transfer)) != ((uint)PermissionMask.Modify| (uint)PermissionMask.Copy | (uint)PermissionMask.Transfer)) | ||
5146 | break; | ||
5147 | |||
5148 | if(ti.AssetID != requestID) | ||
5149 | break; | ||
5150 | } | ||
5151 | else // Agent | ||
5152 | { | ||
5153 | CachedUserInfo userInfo = ((Scene)m_scene).CommsManager.UserProfileCacheService.GetUserDetails(AgentId); | ||
5154 | if(userInfo == null) | ||
5155 | break; | ||
5156 | |||
5157 | if(userInfo.RootFolder == null) | ||
5158 | break; | ||
5159 | |||
5160 | InventoryItemBase assetRequestItem = userInfo.RootFolder.FindItem(itemID); | ||
5161 | if(assetRequestItem == null) | ||
5162 | return; | ||
5163 | |||
5164 | if((assetRequestItem.CurrentPermissions & ((uint)PermissionMask.Modify| (uint)PermissionMask.Copy | (uint)PermissionMask.Transfer)) != ((uint)PermissionMask.Modify| (uint)PermissionMask.Copy | (uint)PermissionMask.Transfer)) | ||
5165 | break; | ||
5166 | if(assetRequestItem.AssetID != requestID) | ||
5167 | break; | ||
5168 | } | ||
5169 | } | ||
5170 | } | ||
5171 | |||
5113 | m_assetCache.AddAssetRequest(this, transfer); | 5172 | m_assetCache.AddAssetRequest(this, transfer); |
5114 | /* RequestAsset = OnRequestAsset; | 5173 | /* RequestAsset = OnRequestAsset; |
5115 | if (RequestAsset != null) | 5174 | if (RequestAsset != null) |
diff --git a/OpenSim/Region/Environment/Modules/World/Permissions/PermissionsModule.cs b/OpenSim/Region/Environment/Modules/World/Permissions/PermissionsModule.cs index f571408..41bb610 100644 --- a/OpenSim/Region/Environment/Modules/World/Permissions/PermissionsModule.cs +++ b/OpenSim/Region/Environment/Modules/World/Permissions/PermissionsModule.cs | |||
@@ -602,7 +602,7 @@ namespace OpenSim.Region.Environment.Modules.World.Permissions | |||
602 | DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); | 602 | DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); |
603 | if (m_bypassPermissions) return m_bypassPermissionsValue; | 603 | if (m_bypassPermissions) return m_bypassPermissionsValue; |
604 | 604 | ||
605 | return true; | 605 | return false; |
606 | } | 606 | } |
607 | 607 | ||
608 | private bool CanEditNotecard(LLUUID notecard, LLUUID objectID, LLUUID user, Scene scene) | 608 | private bool CanEditNotecard(LLUUID notecard, LLUUID objectID, LLUUID user, Scene scene) |