aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/OpenSim/Grid/InventoryServer/GridInventoryService.cs
diff options
context:
space:
mode:
authorJohan Berntsson2008-07-23 06:59:02 +0000
committerJohan Berntsson2008-07-23 06:59:02 +0000
commit344c9caeb671f3d9dab80f05d18a7dc9f3075bc1 (patch)
tree2c4d9fdd3d63384f009307f63eb6e0646e054593 /OpenSim/Grid/InventoryServer/GridInventoryService.cs
parentEnable LSL <-> C# source location mapping when reporing compiler errors to th... (diff)
downloadopensim-SC-344c9caeb671f3d9dab80f05d18a7dc9f3075bc1.zip
opensim-SC-344c9caeb671f3d9dab80f05d18a7dc9f3075bc1.tar.gz
opensim-SC-344c9caeb671f3d9dab80f05d18a7dc9f3075bc1.tar.bz2
opensim-SC-344c9caeb671f3d9dab80f05d18a7dc9f3075bc1.tar.xz
thanks lulurun for a security patch that blocks unathorized access to the inventory server (see http://opensimulator.org/wiki/Security_vulnerability_brought_by_non-check_inventory_service)
Diffstat (limited to '')
-rw-r--r--OpenSim/Grid/InventoryServer/GridInventoryService.cs41
1 files changed, 41 insertions, 0 deletions
diff --git a/OpenSim/Grid/InventoryServer/GridInventoryService.cs b/OpenSim/Grid/InventoryServer/GridInventoryService.cs
index 5388263..78f33a3 100644
--- a/OpenSim/Grid/InventoryServer/GridInventoryService.cs
+++ b/OpenSim/Grid/InventoryServer/GridInventoryService.cs
@@ -26,12 +26,15 @@
26 */ 26 */
27 27
28using System; 28using System;
29using System.Collections;
29using System.Collections.Generic; 30using System.Collections.Generic;
30using System.Reflection; 31using System.Reflection;
31using System.Threading; 32using System.Threading;
33using System.Net;
32 34
33using libsecondlife; 35using libsecondlife;
34using log4net; 36using log4net;
37using Nwc.XmlRpc;
35 38
36using OpenSim.Framework; 39using OpenSim.Framework;
37using OpenSim.Framework.Communications; 40using OpenSim.Framework.Communications;
@@ -46,6 +49,44 @@ namespace OpenSim.Grid.InventoryServer
46 private static readonly ILog m_log 49 private static readonly ILog m_log
47 = LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType); 50 = LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType);
48 51
52 private string m_userserver_url;
53
54 public GridInventoryService(string userserver_url)
55 {
56 m_userserver_url = userserver_url;
57 }
58
59 public bool CheckTrustSource(IPEndPoint peer)
60 {
61 m_log.InfoFormat("[GRID AGENT INVENTORY]: checking trusted source {0}", peer.ToString());
62 UriBuilder ub = new UriBuilder(m_userserver_url);
63 if (ub.Host == peer.Address.ToString())
64 {
65 return true;
66 }
67 return false;
68 }
69
70 public bool CheckAuthSession(string session_id, string avatar_id)
71 {
72 m_log.InfoFormat("[GRID AGENT INVENTORY]: checking authed session {0} {1}", session_id, avatar_id);
73 Hashtable requestData = new Hashtable();
74 requestData["avatar_uuid"] = avatar_id;
75 requestData["session_id"] = session_id;
76 ArrayList SendParams = new ArrayList();
77 SendParams.Add(requestData);
78 XmlRpcRequest UserReq = new XmlRpcRequest("check_auth_session", SendParams);
79 XmlRpcResponse UserResp = UserReq.Send(m_userserver_url, 3000);
80
81 Hashtable responseData = (Hashtable)UserResp.Value;
82
83 if (responseData.ContainsKey("auth_session") && responseData["auth_session"].ToString() == "TRUE")
84 {
85 return true;
86 }
87 return false;
88 }
89
49 public override void RequestInventoryForUser(LLUUID userID, InventoryReceiptCallback callback) 90 public override void RequestInventoryForUser(LLUUID userID, InventoryReceiptCallback callback)
50 { 91 {
51 } 92 }