diff options
author | Melanie Thielker | 2008-07-12 06:24:43 +0000 |
---|---|---|
committer | Melanie Thielker | 2008-07-12 06:24:43 +0000 |
commit | f629fdb88d35d1c2f0a3ce97fdd7d9acdc25e11f (patch) | |
tree | c844e2aa064ef816bd2c5cb787af7812cbf04d5a /OpenSim/Framework | |
parent | Passes prim physical status to mesher from physics plugins (diff) | |
download | opensim-SC-f629fdb88d35d1c2f0a3ce97fdd7d9acdc25e11f.zip opensim-SC-f629fdb88d35d1c2f0a3ce97fdd7d9acdc25e11f.tar.gz opensim-SC-f629fdb88d35d1c2f0a3ce97fdd7d9acdc25e11f.tar.bz2 opensim-SC-f629fdb88d35d1c2f0a3ce97fdd7d9acdc25e11f.tar.xz |
Patches #9143 and #9144 (Mantis #1723)
Changes the permissions module to make scripts permissive only when intended
Adds security checks to asset transfers to prevent hacked clients fron
requesting script sources.
Adds security checks to llClientView to verify all aspects of ownership
and permissions for inventory based script retrieval.
Diffstat (limited to 'OpenSim/Framework')
-rw-r--r-- | OpenSim/Framework/Communications/Cache/AssetCache.cs | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/OpenSim/Framework/Communications/Cache/AssetCache.cs b/OpenSim/Framework/Communications/Cache/AssetCache.cs index d0bcc98..90b0a10 100644 --- a/OpenSim/Framework/Communications/Cache/AssetCache.cs +++ b/OpenSim/Framework/Communications/Cache/AssetCache.cs | |||
@@ -445,7 +445,10 @@ namespace OpenSim.Framework.Communications.Cache | |||
445 | req.NumPackets = CalculateNumPackets(assetInf.Data); | 445 | req.NumPackets = CalculateNumPackets(assetInf.Data); |
446 | 446 | ||
447 | RequestedAssets.Remove(assetInf.FullID); | 447 | RequestedAssets.Remove(assetInf.FullID); |
448 | AssetRequests.Add(req); | 448 | // If it's a direct request for a script, drop it |
449 | // because it's a hacked client | ||
450 | if(req.AssetRequestSource != 2 || assetInf.Type != 10) | ||
451 | AssetRequests.Add(req); | ||
449 | } | 452 | } |
450 | } | 453 | } |
451 | } | 454 | } |
@@ -609,6 +612,10 @@ namespace OpenSim.Framework.Communications.Cache | |||
609 | return; | 612 | return; |
610 | } | 613 | } |
611 | 614 | ||
615 | // Scripts cannot be retrieved by direct request | ||
616 | if (transferRequest.TransferInfo.SourceType == 2 && asset.Type == 10) | ||
617 | return; | ||
618 | |||
612 | // The asset is knosn to exist and is in our cache, so add it to the AssetRequests list | 619 | // The asset is knosn to exist and is in our cache, so add it to the AssetRequests list |
613 | AssetRequest req = new AssetRequest(); | 620 | AssetRequest req = new AssetRequest(); |
614 | req.RequestUser = userInfo; | 621 | req.RequestUser = userInfo; |