diff options
author | Johan Berntsson | 2008-07-23 06:59:02 +0000 |
---|---|---|
committer | Johan Berntsson | 2008-07-23 06:59:02 +0000 |
commit | 344c9caeb671f3d9dab80f05d18a7dc9f3075bc1 (patch) | |
tree | 2c4d9fdd3d63384f009307f63eb6e0646e054593 /OpenSim/Framework/Communications | |
parent | Enable LSL <-> C# source location mapping when reporing compiler errors to th... (diff) | |
download | opensim-SC-344c9caeb671f3d9dab80f05d18a7dc9f3075bc1.zip opensim-SC-344c9caeb671f3d9dab80f05d18a7dc9f3075bc1.tar.gz opensim-SC-344c9caeb671f3d9dab80f05d18a7dc9f3075bc1.tar.bz2 opensim-SC-344c9caeb671f3d9dab80f05d18a7dc9f3075bc1.tar.xz |
thanks lulurun for a security patch that blocks unathorized access to the inventory server (see http://opensimulator.org/wiki/Security_vulnerability_brought_by_non-check_inventory_service)
Diffstat (limited to 'OpenSim/Framework/Communications')
3 files changed, 51 insertions, 8 deletions
diff --git a/OpenSim/Framework/Communications/Cache/CachedUserInfo.cs b/OpenSim/Framework/Communications/Cache/CachedUserInfo.cs index 4e57ead..c125976 100644 --- a/OpenSim/Framework/Communications/Cache/CachedUserInfo.cs +++ b/OpenSim/Framework/Communications/Cache/CachedUserInfo.cs | |||
@@ -87,6 +87,9 @@ namespace OpenSim.Framework.Communications.Cache | |||
87 | private IDictionary<LLUUID, IList<InventoryFolderImpl>> pendingCategorizationFolders | 87 | private IDictionary<LLUUID, IList<InventoryFolderImpl>> pendingCategorizationFolders |
88 | = new Dictionary<LLUUID, IList<InventoryFolderImpl>>(); | 88 | = new Dictionary<LLUUID, IList<InventoryFolderImpl>>(); |
89 | 89 | ||
90 | private LLUUID m_session_id = LLUUID.Zero; | ||
91 | public LLUUID SessionID { get { return m_session_id; } } | ||
92 | |||
90 | /// <summary> | 93 | /// <summary> |
91 | /// Constructor | 94 | /// Constructor |
92 | /// </summary> | 95 | /// </summary> |
@@ -98,6 +101,13 @@ namespace OpenSim.Framework.Communications.Cache | |||
98 | m_userProfile = userProfile; | 101 | m_userProfile = userProfile; |
99 | } | 102 | } |
100 | 103 | ||
104 | public CachedUserInfo(CommunicationsManager commsManager, UserProfileData userProfile, IClientAPI remoteClient) | ||
105 | { | ||
106 | m_commsManager = commsManager; | ||
107 | m_userProfile = userProfile; | ||
108 | m_session_id = remoteClient.SessionId; | ||
109 | } | ||
110 | |||
101 | /// <summary> | 111 | /// <summary> |
102 | /// This allows a request to be added to be processed once we receive a user's inventory | 112 | /// This allows a request to be added to be processed once we receive a user's inventory |
103 | /// from the inventory service. If we already have the inventory, the request | 113 | /// from the inventory service. If we already have the inventory, the request |
@@ -325,7 +335,7 @@ namespace OpenSim.Framework.Communications.Cache | |||
325 | createdBaseFolder.Type = createdFolder.Type; | 335 | createdBaseFolder.Type = createdFolder.Type; |
326 | createdBaseFolder.Version = createdFolder.Version; | 336 | createdBaseFolder.Version = createdFolder.Version; |
327 | 337 | ||
328 | m_commsManager.InventoryService.AddFolder(createdBaseFolder); | 338 | m_commsManager.SecureInventoryService.AddFolder(createdBaseFolder, m_session_id); |
329 | 339 | ||
330 | return true; | 340 | return true; |
331 | } | 341 | } |
@@ -379,7 +389,7 @@ namespace OpenSim.Framework.Communications.Cache | |||
379 | baseFolder.Type = (short)type; | 389 | baseFolder.Type = (short)type; |
380 | baseFolder.Version = RootFolder.Version; | 390 | baseFolder.Version = RootFolder.Version; |
381 | 391 | ||
382 | m_commsManager.InventoryService.UpdateFolder(baseFolder); | 392 | m_commsManager.SecureInventoryService.UpdateFolder(baseFolder, m_session_id); |
383 | 393 | ||
384 | InventoryFolderImpl folder = RootFolder.FindFolder(folderID); | 394 | InventoryFolderImpl folder = RootFolder.FindFolder(folderID); |
385 | if (folder != null) | 395 | if (folder != null) |
@@ -421,7 +431,7 @@ namespace OpenSim.Framework.Communications.Cache | |||
421 | baseFolder.ID = folderID; | 431 | baseFolder.ID = folderID; |
422 | baseFolder.ParentID = parentID; | 432 | baseFolder.ParentID = parentID; |
423 | 433 | ||
424 | m_commsManager.InventoryService.MoveFolder(baseFolder); | 434 | m_commsManager.SecureInventoryService.MoveFolder(baseFolder, m_session_id); |
425 | 435 | ||
426 | InventoryFolderImpl folder = RootFolder.FindFolder(folderID); | 436 | InventoryFolderImpl folder = RootFolder.FindFolder(folderID); |
427 | if (folder != null) | 437 | if (folder != null) |
@@ -468,7 +478,7 @@ namespace OpenSim.Framework.Communications.Cache | |||
468 | purgedBaseFolder.Type = purgedFolder.Type; | 478 | purgedBaseFolder.Type = purgedFolder.Type; |
469 | purgedBaseFolder.Version = purgedFolder.Version; | 479 | purgedBaseFolder.Version = purgedFolder.Version; |
470 | 480 | ||
471 | m_commsManager.InventoryService.PurgeFolder(purgedBaseFolder); | 481 | m_commsManager.SecureInventoryService.PurgeFolder(purgedBaseFolder, m_session_id); |
472 | 482 | ||
473 | purgedFolder.Purge(); | 483 | purgedFolder.Purge(); |
474 | 484 | ||
@@ -505,7 +515,7 @@ namespace OpenSim.Framework.Communications.Cache | |||
505 | item.Folder = RootFolder.ID; | 515 | item.Folder = RootFolder.ID; |
506 | } | 516 | } |
507 | ItemReceive(item); | 517 | ItemReceive(item); |
508 | m_commsManager.InventoryService.AddItem(item); | 518 | m_commsManager.SecureInventoryService.AddItem(item, m_session_id); |
509 | } | 519 | } |
510 | else | 520 | else |
511 | { | 521 | { |
@@ -525,7 +535,7 @@ namespace OpenSim.Framework.Communications.Cache | |||
525 | { | 535 | { |
526 | if (HasInventory) | 536 | if (HasInventory) |
527 | { | 537 | { |
528 | m_commsManager.InventoryService.UpdateItem(item); | 538 | m_commsManager.SecureInventoryService.UpdateItem(item, m_session_id); |
529 | } | 539 | } |
530 | else | 540 | else |
531 | { | 541 | { |
@@ -564,7 +574,7 @@ namespace OpenSim.Framework.Communications.Cache | |||
564 | 574 | ||
565 | if (RootFolder.DeleteItem(item.ID)) | 575 | if (RootFolder.DeleteItem(item.ID)) |
566 | { | 576 | { |
567 | return m_commsManager.InventoryService.DeleteItem(item); | 577 | return m_commsManager.SecureInventoryService.DeleteItem(item, m_session_id); |
568 | } | 578 | } |
569 | } | 579 | } |
570 | else | 580 | else |
diff --git a/OpenSim/Framework/Communications/Cache/UserProfileCacheService.cs b/OpenSim/Framework/Communications/Cache/UserProfileCacheService.cs index 0040718..e22dff6 100644 --- a/OpenSim/Framework/Communications/Cache/UserProfileCacheService.cs +++ b/OpenSim/Framework/Communications/Cache/UserProfileCacheService.cs | |||
@@ -63,6 +63,33 @@ namespace OpenSim.Framework.Communications.Cache | |||
63 | /// A new user has moved into a region in this instance so retrieve their profile from the user service. | 63 | /// A new user has moved into a region in this instance so retrieve their profile from the user service. |
64 | /// </summary> | 64 | /// </summary> |
65 | /// <param name="userID"></param> | 65 | /// <param name="userID"></param> |
66 | public void AddNewUser(IClientAPI remoteClient) | ||
67 | { | ||
68 | // Potential fix - Multithreading issue. | ||
69 | lock (m_userProfiles) | ||
70 | { | ||
71 | if (!m_userProfiles.ContainsKey(remoteClient.AgentId)) | ||
72 | { | ||
73 | UserProfileData userProfile = m_commsManager.UserService.GetUserProfile(remoteClient.AgentId); | ||
74 | CachedUserInfo userInfo = new CachedUserInfo(m_commsManager, userProfile, remoteClient); | ||
75 | |||
76 | if (userInfo.UserProfile != null) | ||
77 | { | ||
78 | // The inventory for the user will be populated when they actually enter the scene | ||
79 | m_userProfiles.Add(remoteClient.AgentId, userInfo); | ||
80 | } | ||
81 | else | ||
82 | { | ||
83 | m_log.ErrorFormat("[USER CACHE]: User profile for user {0} not found.", remoteClient.AgentId); | ||
84 | } | ||
85 | } | ||
86 | } | ||
87 | } | ||
88 | |||
89 | /// <summary> | ||
90 | /// A new user has moved into a region in this instance so retrieve their profile from the user service. | ||
91 | /// </summary> | ||
92 | /// <param name="userID"></param> | ||
66 | public void AddNewUser(LLUUID userID) | 93 | public void AddNewUser(LLUUID userID) |
67 | { | 94 | { |
68 | // Potential fix - Multithreading issue. | 95 | // Potential fix - Multithreading issue. |
@@ -119,7 +146,7 @@ namespace OpenSim.Framework.Communications.Cache | |||
119 | CachedUserInfo userInfo = GetUserDetails(userID); | 146 | CachedUserInfo userInfo = GetUserDetails(userID); |
120 | if (userInfo != null) | 147 | if (userInfo != null) |
121 | { | 148 | { |
122 | m_commsManager.InventoryService.RequestInventoryForUser(userID, userInfo.InventoryReceive); | 149 | m_commsManager.SecureInventoryService.RequestInventoryForUser(userID, userInfo.SessionID, userInfo.InventoryReceive); |
123 | //IInventoryServices invService = userInfo.GetInventoryService(); | 150 | //IInventoryServices invService = userInfo.GetInventoryService(); |
124 | //if (invService != null) | 151 | //if (invService != null) |
125 | //{ | 152 | //{ |
diff --git a/OpenSim/Framework/Communications/CommunicationsManager.cs b/OpenSim/Framework/Communications/CommunicationsManager.cs index 5be7334..8caeeb3 100644 --- a/OpenSim/Framework/Communications/CommunicationsManager.cs +++ b/OpenSim/Framework/Communications/CommunicationsManager.cs | |||
@@ -112,7 +112,13 @@ namespace OpenSim.Framework.Communications | |||
112 | 112 | ||
113 | protected List<IInventoryServices> m_inventoryServices = new List<IInventoryServices>(); | 113 | protected List<IInventoryServices> m_inventoryServices = new List<IInventoryServices>(); |
114 | // protected IInventoryServices m_inventoryService; | 114 | // protected IInventoryServices m_inventoryService; |
115 | protected ISecureInventoryService m_secureinventoryServices; | ||
115 | 116 | ||
117 | public ISecureInventoryService SecureInventoryService | ||
118 | { | ||
119 | get { return m_secureinventoryServices; } | ||
120 | } | ||
121 | |||
116 | public IInventoryServices InventoryService | 122 | public IInventoryServices InventoryService |
117 | { | 123 | { |
118 | get | 124 | get |