aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/OpenSim/Framework/Communications/Cache
diff options
context:
space:
mode:
authorJohan Berntsson2008-07-23 06:59:02 +0000
committerJohan Berntsson2008-07-23 06:59:02 +0000
commit344c9caeb671f3d9dab80f05d18a7dc9f3075bc1 (patch)
tree2c4d9fdd3d63384f009307f63eb6e0646e054593 /OpenSim/Framework/Communications/Cache
parentEnable LSL <-> C# source location mapping when reporing compiler errors to th... (diff)
downloadopensim-SC-344c9caeb671f3d9dab80f05d18a7dc9f3075bc1.zip
opensim-SC-344c9caeb671f3d9dab80f05d18a7dc9f3075bc1.tar.gz
opensim-SC-344c9caeb671f3d9dab80f05d18a7dc9f3075bc1.tar.bz2
opensim-SC-344c9caeb671f3d9dab80f05d18a7dc9f3075bc1.tar.xz
thanks lulurun for a security patch that blocks unathorized access to the inventory server (see http://opensimulator.org/wiki/Security_vulnerability_brought_by_non-check_inventory_service)
Diffstat (limited to '')
-rw-r--r--OpenSim/Framework/Communications/Cache/CachedUserInfo.cs24
-rw-r--r--OpenSim/Framework/Communications/Cache/UserProfileCacheService.cs29
2 files changed, 45 insertions, 8 deletions
diff --git a/OpenSim/Framework/Communications/Cache/CachedUserInfo.cs b/OpenSim/Framework/Communications/Cache/CachedUserInfo.cs
index 4e57ead..c125976 100644
--- a/OpenSim/Framework/Communications/Cache/CachedUserInfo.cs
+++ b/OpenSim/Framework/Communications/Cache/CachedUserInfo.cs
@@ -87,6 +87,9 @@ namespace OpenSim.Framework.Communications.Cache
87 private IDictionary<LLUUID, IList<InventoryFolderImpl>> pendingCategorizationFolders 87 private IDictionary<LLUUID, IList<InventoryFolderImpl>> pendingCategorizationFolders
88 = new Dictionary<LLUUID, IList<InventoryFolderImpl>>(); 88 = new Dictionary<LLUUID, IList<InventoryFolderImpl>>();
89 89
90 private LLUUID m_session_id = LLUUID.Zero;
91 public LLUUID SessionID { get { return m_session_id; } }
92
90 /// <summary> 93 /// <summary>
91 /// Constructor 94 /// Constructor
92 /// </summary> 95 /// </summary>
@@ -98,6 +101,13 @@ namespace OpenSim.Framework.Communications.Cache
98 m_userProfile = userProfile; 101 m_userProfile = userProfile;
99 } 102 }
100 103
104 public CachedUserInfo(CommunicationsManager commsManager, UserProfileData userProfile, IClientAPI remoteClient)
105 {
106 m_commsManager = commsManager;
107 m_userProfile = userProfile;
108 m_session_id = remoteClient.SessionId;
109 }
110
101 /// <summary> 111 /// <summary>
102 /// This allows a request to be added to be processed once we receive a user's inventory 112 /// This allows a request to be added to be processed once we receive a user's inventory
103 /// from the inventory service. If we already have the inventory, the request 113 /// from the inventory service. If we already have the inventory, the request
@@ -325,7 +335,7 @@ namespace OpenSim.Framework.Communications.Cache
325 createdBaseFolder.Type = createdFolder.Type; 335 createdBaseFolder.Type = createdFolder.Type;
326 createdBaseFolder.Version = createdFolder.Version; 336 createdBaseFolder.Version = createdFolder.Version;
327 337
328 m_commsManager.InventoryService.AddFolder(createdBaseFolder); 338 m_commsManager.SecureInventoryService.AddFolder(createdBaseFolder, m_session_id);
329 339
330 return true; 340 return true;
331 } 341 }
@@ -379,7 +389,7 @@ namespace OpenSim.Framework.Communications.Cache
379 baseFolder.Type = (short)type; 389 baseFolder.Type = (short)type;
380 baseFolder.Version = RootFolder.Version; 390 baseFolder.Version = RootFolder.Version;
381 391
382 m_commsManager.InventoryService.UpdateFolder(baseFolder); 392 m_commsManager.SecureInventoryService.UpdateFolder(baseFolder, m_session_id);
383 393
384 InventoryFolderImpl folder = RootFolder.FindFolder(folderID); 394 InventoryFolderImpl folder = RootFolder.FindFolder(folderID);
385 if (folder != null) 395 if (folder != null)
@@ -421,7 +431,7 @@ namespace OpenSim.Framework.Communications.Cache
421 baseFolder.ID = folderID; 431 baseFolder.ID = folderID;
422 baseFolder.ParentID = parentID; 432 baseFolder.ParentID = parentID;
423 433
424 m_commsManager.InventoryService.MoveFolder(baseFolder); 434 m_commsManager.SecureInventoryService.MoveFolder(baseFolder, m_session_id);
425 435
426 InventoryFolderImpl folder = RootFolder.FindFolder(folderID); 436 InventoryFolderImpl folder = RootFolder.FindFolder(folderID);
427 if (folder != null) 437 if (folder != null)
@@ -468,7 +478,7 @@ namespace OpenSim.Framework.Communications.Cache
468 purgedBaseFolder.Type = purgedFolder.Type; 478 purgedBaseFolder.Type = purgedFolder.Type;
469 purgedBaseFolder.Version = purgedFolder.Version; 479 purgedBaseFolder.Version = purgedFolder.Version;
470 480
471 m_commsManager.InventoryService.PurgeFolder(purgedBaseFolder); 481 m_commsManager.SecureInventoryService.PurgeFolder(purgedBaseFolder, m_session_id);
472 482
473 purgedFolder.Purge(); 483 purgedFolder.Purge();
474 484
@@ -505,7 +515,7 @@ namespace OpenSim.Framework.Communications.Cache
505 item.Folder = RootFolder.ID; 515 item.Folder = RootFolder.ID;
506 } 516 }
507 ItemReceive(item); 517 ItemReceive(item);
508 m_commsManager.InventoryService.AddItem(item); 518 m_commsManager.SecureInventoryService.AddItem(item, m_session_id);
509 } 519 }
510 else 520 else
511 { 521 {
@@ -525,7 +535,7 @@ namespace OpenSim.Framework.Communications.Cache
525 { 535 {
526 if (HasInventory) 536 if (HasInventory)
527 { 537 {
528 m_commsManager.InventoryService.UpdateItem(item); 538 m_commsManager.SecureInventoryService.UpdateItem(item, m_session_id);
529 } 539 }
530 else 540 else
531 { 541 {
@@ -564,7 +574,7 @@ namespace OpenSim.Framework.Communications.Cache
564 574
565 if (RootFolder.DeleteItem(item.ID)) 575 if (RootFolder.DeleteItem(item.ID))
566 { 576 {
567 return m_commsManager.InventoryService.DeleteItem(item); 577 return m_commsManager.SecureInventoryService.DeleteItem(item, m_session_id);
568 } 578 }
569 } 579 }
570 else 580 else
diff --git a/OpenSim/Framework/Communications/Cache/UserProfileCacheService.cs b/OpenSim/Framework/Communications/Cache/UserProfileCacheService.cs
index 0040718..e22dff6 100644
--- a/OpenSim/Framework/Communications/Cache/UserProfileCacheService.cs
+++ b/OpenSim/Framework/Communications/Cache/UserProfileCacheService.cs
@@ -63,6 +63,33 @@ namespace OpenSim.Framework.Communications.Cache
63 /// A new user has moved into a region in this instance so retrieve their profile from the user service. 63 /// A new user has moved into a region in this instance so retrieve their profile from the user service.
64 /// </summary> 64 /// </summary>
65 /// <param name="userID"></param> 65 /// <param name="userID"></param>
66 public void AddNewUser(IClientAPI remoteClient)
67 {
68 // Potential fix - Multithreading issue.
69 lock (m_userProfiles)
70 {
71 if (!m_userProfiles.ContainsKey(remoteClient.AgentId))
72 {
73 UserProfileData userProfile = m_commsManager.UserService.GetUserProfile(remoteClient.AgentId);
74 CachedUserInfo userInfo = new CachedUserInfo(m_commsManager, userProfile, remoteClient);
75
76 if (userInfo.UserProfile != null)
77 {
78 // The inventory for the user will be populated when they actually enter the scene
79 m_userProfiles.Add(remoteClient.AgentId, userInfo);
80 }
81 else
82 {
83 m_log.ErrorFormat("[USER CACHE]: User profile for user {0} not found.", remoteClient.AgentId);
84 }
85 }
86 }
87 }
88
89 /// <summary>
90 /// A new user has moved into a region in this instance so retrieve their profile from the user service.
91 /// </summary>
92 /// <param name="userID"></param>
66 public void AddNewUser(LLUUID userID) 93 public void AddNewUser(LLUUID userID)
67 { 94 {
68 // Potential fix - Multithreading issue. 95 // Potential fix - Multithreading issue.
@@ -119,7 +146,7 @@ namespace OpenSim.Framework.Communications.Cache
119 CachedUserInfo userInfo = GetUserDetails(userID); 146 CachedUserInfo userInfo = GetUserDetails(userID);
120 if (userInfo != null) 147 if (userInfo != null)
121 { 148 {
122 m_commsManager.InventoryService.RequestInventoryForUser(userID, userInfo.InventoryReceive); 149 m_commsManager.SecureInventoryService.RequestInventoryForUser(userID, userInfo.SessionID, userInfo.InventoryReceive);
123 //IInventoryServices invService = userInfo.GetInventoryService(); 150 //IInventoryServices invService = userInfo.GetInventoryService();
124 //if (invService != null) 151 //if (invService != null)
125 //{ 152 //{