diff options
author | Johan Berntsson | 2008-07-23 06:59:02 +0000 |
---|---|---|
committer | Johan Berntsson | 2008-07-23 06:59:02 +0000 |
commit | 344c9caeb671f3d9dab80f05d18a7dc9f3075bc1 (patch) | |
tree | 2c4d9fdd3d63384f009307f63eb6e0646e054593 /OpenSim/Framework/Communications/Cache/CachedUserInfo.cs | |
parent | Enable LSL <-> C# source location mapping when reporing compiler errors to th... (diff) | |
download | opensim-SC-344c9caeb671f3d9dab80f05d18a7dc9f3075bc1.zip opensim-SC-344c9caeb671f3d9dab80f05d18a7dc9f3075bc1.tar.gz opensim-SC-344c9caeb671f3d9dab80f05d18a7dc9f3075bc1.tar.bz2 opensim-SC-344c9caeb671f3d9dab80f05d18a7dc9f3075bc1.tar.xz |
thanks lulurun for a security patch that blocks unathorized access to the inventory server (see http://opensimulator.org/wiki/Security_vulnerability_brought_by_non-check_inventory_service)
Diffstat (limited to '')
-rw-r--r-- | OpenSim/Framework/Communications/Cache/CachedUserInfo.cs | 24 |
1 files changed, 17 insertions, 7 deletions
diff --git a/OpenSim/Framework/Communications/Cache/CachedUserInfo.cs b/OpenSim/Framework/Communications/Cache/CachedUserInfo.cs index 4e57ead..c125976 100644 --- a/OpenSim/Framework/Communications/Cache/CachedUserInfo.cs +++ b/OpenSim/Framework/Communications/Cache/CachedUserInfo.cs | |||
@@ -87,6 +87,9 @@ namespace OpenSim.Framework.Communications.Cache | |||
87 | private IDictionary<LLUUID, IList<InventoryFolderImpl>> pendingCategorizationFolders | 87 | private IDictionary<LLUUID, IList<InventoryFolderImpl>> pendingCategorizationFolders |
88 | = new Dictionary<LLUUID, IList<InventoryFolderImpl>>(); | 88 | = new Dictionary<LLUUID, IList<InventoryFolderImpl>>(); |
89 | 89 | ||
90 | private LLUUID m_session_id = LLUUID.Zero; | ||
91 | public LLUUID SessionID { get { return m_session_id; } } | ||
92 | |||
90 | /// <summary> | 93 | /// <summary> |
91 | /// Constructor | 94 | /// Constructor |
92 | /// </summary> | 95 | /// </summary> |
@@ -98,6 +101,13 @@ namespace OpenSim.Framework.Communications.Cache | |||
98 | m_userProfile = userProfile; | 101 | m_userProfile = userProfile; |
99 | } | 102 | } |
100 | 103 | ||
104 | public CachedUserInfo(CommunicationsManager commsManager, UserProfileData userProfile, IClientAPI remoteClient) | ||
105 | { | ||
106 | m_commsManager = commsManager; | ||
107 | m_userProfile = userProfile; | ||
108 | m_session_id = remoteClient.SessionId; | ||
109 | } | ||
110 | |||
101 | /// <summary> | 111 | /// <summary> |
102 | /// This allows a request to be added to be processed once we receive a user's inventory | 112 | /// This allows a request to be added to be processed once we receive a user's inventory |
103 | /// from the inventory service. If we already have the inventory, the request | 113 | /// from the inventory service. If we already have the inventory, the request |
@@ -325,7 +335,7 @@ namespace OpenSim.Framework.Communications.Cache | |||
325 | createdBaseFolder.Type = createdFolder.Type; | 335 | createdBaseFolder.Type = createdFolder.Type; |
326 | createdBaseFolder.Version = createdFolder.Version; | 336 | createdBaseFolder.Version = createdFolder.Version; |
327 | 337 | ||
328 | m_commsManager.InventoryService.AddFolder(createdBaseFolder); | 338 | m_commsManager.SecureInventoryService.AddFolder(createdBaseFolder, m_session_id); |
329 | 339 | ||
330 | return true; | 340 | return true; |
331 | } | 341 | } |
@@ -379,7 +389,7 @@ namespace OpenSim.Framework.Communications.Cache | |||
379 | baseFolder.Type = (short)type; | 389 | baseFolder.Type = (short)type; |
380 | baseFolder.Version = RootFolder.Version; | 390 | baseFolder.Version = RootFolder.Version; |
381 | 391 | ||
382 | m_commsManager.InventoryService.UpdateFolder(baseFolder); | 392 | m_commsManager.SecureInventoryService.UpdateFolder(baseFolder, m_session_id); |
383 | 393 | ||
384 | InventoryFolderImpl folder = RootFolder.FindFolder(folderID); | 394 | InventoryFolderImpl folder = RootFolder.FindFolder(folderID); |
385 | if (folder != null) | 395 | if (folder != null) |
@@ -421,7 +431,7 @@ namespace OpenSim.Framework.Communications.Cache | |||
421 | baseFolder.ID = folderID; | 431 | baseFolder.ID = folderID; |
422 | baseFolder.ParentID = parentID; | 432 | baseFolder.ParentID = parentID; |
423 | 433 | ||
424 | m_commsManager.InventoryService.MoveFolder(baseFolder); | 434 | m_commsManager.SecureInventoryService.MoveFolder(baseFolder, m_session_id); |
425 | 435 | ||
426 | InventoryFolderImpl folder = RootFolder.FindFolder(folderID); | 436 | InventoryFolderImpl folder = RootFolder.FindFolder(folderID); |
427 | if (folder != null) | 437 | if (folder != null) |
@@ -468,7 +478,7 @@ namespace OpenSim.Framework.Communications.Cache | |||
468 | purgedBaseFolder.Type = purgedFolder.Type; | 478 | purgedBaseFolder.Type = purgedFolder.Type; |
469 | purgedBaseFolder.Version = purgedFolder.Version; | 479 | purgedBaseFolder.Version = purgedFolder.Version; |
470 | 480 | ||
471 | m_commsManager.InventoryService.PurgeFolder(purgedBaseFolder); | 481 | m_commsManager.SecureInventoryService.PurgeFolder(purgedBaseFolder, m_session_id); |
472 | 482 | ||
473 | purgedFolder.Purge(); | 483 | purgedFolder.Purge(); |
474 | 484 | ||
@@ -505,7 +515,7 @@ namespace OpenSim.Framework.Communications.Cache | |||
505 | item.Folder = RootFolder.ID; | 515 | item.Folder = RootFolder.ID; |
506 | } | 516 | } |
507 | ItemReceive(item); | 517 | ItemReceive(item); |
508 | m_commsManager.InventoryService.AddItem(item); | 518 | m_commsManager.SecureInventoryService.AddItem(item, m_session_id); |
509 | } | 519 | } |
510 | else | 520 | else |
511 | { | 521 | { |
@@ -525,7 +535,7 @@ namespace OpenSim.Framework.Communications.Cache | |||
525 | { | 535 | { |
526 | if (HasInventory) | 536 | if (HasInventory) |
527 | { | 537 | { |
528 | m_commsManager.InventoryService.UpdateItem(item); | 538 | m_commsManager.SecureInventoryService.UpdateItem(item, m_session_id); |
529 | } | 539 | } |
530 | else | 540 | else |
531 | { | 541 | { |
@@ -564,7 +574,7 @@ namespace OpenSim.Framework.Communications.Cache | |||
564 | 574 | ||
565 | if (RootFolder.DeleteItem(item.ID)) | 575 | if (RootFolder.DeleteItem(item.ID)) |
566 | { | 576 | { |
567 | return m_commsManager.InventoryService.DeleteItem(item); | 577 | return m_commsManager.SecureInventoryService.DeleteItem(item, m_session_id); |
568 | } | 578 | } |
569 | } | 579 | } |
570 | else | 580 | else |