aboutsummaryrefslogtreecommitdiffstatshomepage
diff options
context:
space:
mode:
authorMelanie Thielker2008-07-12 06:24:43 +0000
committerMelanie Thielker2008-07-12 06:24:43 +0000
commitf629fdb88d35d1c2f0a3ce97fdd7d9acdc25e11f (patch)
treec844e2aa064ef816bd2c5cb787af7812cbf04d5a
parentPasses prim physical status to mesher from physics plugins (diff)
downloadopensim-SC-f629fdb88d35d1c2f0a3ce97fdd7d9acdc25e11f.zip
opensim-SC-f629fdb88d35d1c2f0a3ce97fdd7d9acdc25e11f.tar.gz
opensim-SC-f629fdb88d35d1c2f0a3ce97fdd7d9acdc25e11f.tar.bz2
opensim-SC-f629fdb88d35d1c2f0a3ce97fdd7d9acdc25e11f.tar.xz
Patches #9143 and #9144 (Mantis #1723)
Changes the permissions module to make scripts permissive only when intended Adds security checks to asset transfers to prevent hacked clients fron requesting script sources. Adds security checks to llClientView to verify all aspects of ownership and permissions for inventory based script retrieval.
-rw-r--r--OpenSim/Framework/Communications/Cache/AssetCache.cs9
-rw-r--r--OpenSim/Region/ClientStack/LindenUDP/LLClientView.cs59
-rw-r--r--OpenSim/Region/Environment/Modules/World/Permissions/PermissionsModule.cs2
3 files changed, 68 insertions, 2 deletions
diff --git a/OpenSim/Framework/Communications/Cache/AssetCache.cs b/OpenSim/Framework/Communications/Cache/AssetCache.cs
index d0bcc98..90b0a10 100644
--- a/OpenSim/Framework/Communications/Cache/AssetCache.cs
+++ b/OpenSim/Framework/Communications/Cache/AssetCache.cs
@@ -445,7 +445,10 @@ namespace OpenSim.Framework.Communications.Cache
445 req.NumPackets = CalculateNumPackets(assetInf.Data); 445 req.NumPackets = CalculateNumPackets(assetInf.Data);
446 446
447 RequestedAssets.Remove(assetInf.FullID); 447 RequestedAssets.Remove(assetInf.FullID);
448 AssetRequests.Add(req); 448 // If it's a direct request for a script, drop it
449 // because it's a hacked client
450 if(req.AssetRequestSource != 2 || assetInf.Type != 10)
451 AssetRequests.Add(req);
449 } 452 }
450 } 453 }
451 } 454 }
@@ -609,6 +612,10 @@ namespace OpenSim.Framework.Communications.Cache
609 return; 612 return;
610 } 613 }
611 614
615 // Scripts cannot be retrieved by direct request
616 if (transferRequest.TransferInfo.SourceType == 2 && asset.Type == 10)
617 return;
618
612 // The asset is knosn to exist and is in our cache, so add it to the AssetRequests list 619 // The asset is knosn to exist and is in our cache, so add it to the AssetRequests list
613 AssetRequest req = new AssetRequest(); 620 AssetRequest req = new AssetRequest();
614 req.RequestUser = userInfo; 621 req.RequestUser = userInfo;
diff --git a/OpenSim/Region/ClientStack/LindenUDP/LLClientView.cs b/OpenSim/Region/ClientStack/LindenUDP/LLClientView.cs
index 8293319..7f95ddd 100644
--- a/OpenSim/Region/ClientStack/LindenUDP/LLClientView.cs
+++ b/OpenSim/Region/ClientStack/LindenUDP/LLClientView.cs
@@ -5110,6 +5110,65 @@ namespace OpenSim.Region.ClientStack.LindenUDP
5110 case PacketType.TransferRequest: 5110 case PacketType.TransferRequest:
5111 //Console.WriteLine("ClientView.ProcessPackets.cs:ProcessInPacket() - Got transfer request"); 5111 //Console.WriteLine("ClientView.ProcessPackets.cs:ProcessInPacket() - Got transfer request");
5112 TransferRequestPacket transfer = (TransferRequestPacket)Pack; 5112 TransferRequestPacket transfer = (TransferRequestPacket)Pack;
5113 // Validate inventory transfers
5114 // Has to be done here, because AssetCache can't do it
5115 //
5116 if (transfer.TransferInfo.SourceType == 3)
5117 {
5118 LLUUID taskID = null;
5119 LLUUID itemID = null;
5120 LLUUID requestID = null;
5121 taskID = new LLUUID(transfer.TransferInfo.Params, 48);
5122 itemID = new LLUUID(transfer.TransferInfo.Params, 64);
5123 requestID = new LLUUID(transfer.TransferInfo.Params, 80);
5124 if (!(((Scene)m_scene).ExternalChecks.ExternalChecksBypassPermissions()))
5125 {
5126 if(taskID != LLUUID.Zero) // Prim
5127 {
5128 SceneObjectPart part = ((Scene)m_scene).GetSceneObjectPart(taskID);
5129 if(part == null)
5130 break;
5131
5132 if(part.OwnerID != AgentId)
5133 break;
5134
5135 if((part.OwnerMask & (uint)PermissionMask.Modify) == 0)
5136 break;
5137
5138 TaskInventoryItem ti = part.GetInventoryItem(itemID);
5139 if(ti == null)
5140 break;
5141
5142 if(ti.OwnerID != AgentId)
5143 break;
5144
5145 if((ti.OwnerMask & ((uint)PermissionMask.Modify| (uint)PermissionMask.Copy | (uint)PermissionMask.Transfer)) != ((uint)PermissionMask.Modify| (uint)PermissionMask.Copy | (uint)PermissionMask.Transfer))
5146 break;
5147
5148 if(ti.AssetID != requestID)
5149 break;
5150 }
5151 else // Agent
5152 {
5153 CachedUserInfo userInfo = ((Scene)m_scene).CommsManager.UserProfileCacheService.GetUserDetails(AgentId);
5154 if(userInfo == null)
5155 break;
5156
5157 if(userInfo.RootFolder == null)
5158 break;
5159
5160 InventoryItemBase assetRequestItem = userInfo.RootFolder.FindItem(itemID);
5161 if(assetRequestItem == null)
5162 return;
5163
5164 if((assetRequestItem.CurrentPermissions & ((uint)PermissionMask.Modify| (uint)PermissionMask.Copy | (uint)PermissionMask.Transfer)) != ((uint)PermissionMask.Modify| (uint)PermissionMask.Copy | (uint)PermissionMask.Transfer))
5165 break;
5166 if(assetRequestItem.AssetID != requestID)
5167 break;
5168 }
5169 }
5170 }
5171
5113 m_assetCache.AddAssetRequest(this, transfer); 5172 m_assetCache.AddAssetRequest(this, transfer);
5114 /* RequestAsset = OnRequestAsset; 5173 /* RequestAsset = OnRequestAsset;
5115 if (RequestAsset != null) 5174 if (RequestAsset != null)
diff --git a/OpenSim/Region/Environment/Modules/World/Permissions/PermissionsModule.cs b/OpenSim/Region/Environment/Modules/World/Permissions/PermissionsModule.cs
index f571408..41bb610 100644
--- a/OpenSim/Region/Environment/Modules/World/Permissions/PermissionsModule.cs
+++ b/OpenSim/Region/Environment/Modules/World/Permissions/PermissionsModule.cs
@@ -602,7 +602,7 @@ namespace OpenSim.Region.Environment.Modules.World.Permissions
602 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); 602 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
603 if (m_bypassPermissions) return m_bypassPermissionsValue; 603 if (m_bypassPermissions) return m_bypassPermissionsValue;
604 604
605 return true; 605 return false;
606 } 606 }
607 607
608 private bool CanEditNotecard(LLUUID notecard, LLUUID objectID, LLUUID user, Scene scene) 608 private bool CanEditNotecard(LLUUID notecard, LLUUID objectID, LLUUID user, Scene scene)