diff options
author | Johan Berntsson | 2008-07-23 06:59:02 +0000 |
---|---|---|
committer | Johan Berntsson | 2008-07-23 06:59:02 +0000 |
commit | 344c9caeb671f3d9dab80f05d18a7dc9f3075bc1 (patch) | |
tree | 2c4d9fdd3d63384f009307f63eb6e0646e054593 /OpenSim/Grid/InventoryServer/GridInventoryService.cs | |
parent | Enable LSL <-> C# source location mapping when reporing compiler errors to th... (diff) | |
download | opensim-SC-344c9caeb671f3d9dab80f05d18a7dc9f3075bc1.zip opensim-SC-344c9caeb671f3d9dab80f05d18a7dc9f3075bc1.tar.gz opensim-SC-344c9caeb671f3d9dab80f05d18a7dc9f3075bc1.tar.bz2 opensim-SC-344c9caeb671f3d9dab80f05d18a7dc9f3075bc1.tar.xz |
thanks lulurun for a security patch that blocks unathorized access to the inventory server (see http://opensimulator.org/wiki/Security_vulnerability_brought_by_non-check_inventory_service)
Diffstat (limited to 'OpenSim/Grid/InventoryServer/GridInventoryService.cs')
-rw-r--r-- | OpenSim/Grid/InventoryServer/GridInventoryService.cs | 41 |
1 files changed, 41 insertions, 0 deletions
diff --git a/OpenSim/Grid/InventoryServer/GridInventoryService.cs b/OpenSim/Grid/InventoryServer/GridInventoryService.cs index 5388263..78f33a3 100644 --- a/OpenSim/Grid/InventoryServer/GridInventoryService.cs +++ b/OpenSim/Grid/InventoryServer/GridInventoryService.cs | |||
@@ -26,12 +26,15 @@ | |||
26 | */ | 26 | */ |
27 | 27 | ||
28 | using System; | 28 | using System; |
29 | using System.Collections; | ||
29 | using System.Collections.Generic; | 30 | using System.Collections.Generic; |
30 | using System.Reflection; | 31 | using System.Reflection; |
31 | using System.Threading; | 32 | using System.Threading; |
33 | using System.Net; | ||
32 | 34 | ||
33 | using libsecondlife; | 35 | using libsecondlife; |
34 | using log4net; | 36 | using log4net; |
37 | using Nwc.XmlRpc; | ||
35 | 38 | ||
36 | using OpenSim.Framework; | 39 | using OpenSim.Framework; |
37 | using OpenSim.Framework.Communications; | 40 | using OpenSim.Framework.Communications; |
@@ -46,6 +49,44 @@ namespace OpenSim.Grid.InventoryServer | |||
46 | private static readonly ILog m_log | 49 | private static readonly ILog m_log |
47 | = LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType); | 50 | = LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType); |
48 | 51 | ||
52 | private string m_userserver_url; | ||
53 | |||
54 | public GridInventoryService(string userserver_url) | ||
55 | { | ||
56 | m_userserver_url = userserver_url; | ||
57 | } | ||
58 | |||
59 | public bool CheckTrustSource(IPEndPoint peer) | ||
60 | { | ||
61 | m_log.InfoFormat("[GRID AGENT INVENTORY]: checking trusted source {0}", peer.ToString()); | ||
62 | UriBuilder ub = new UriBuilder(m_userserver_url); | ||
63 | if (ub.Host == peer.Address.ToString()) | ||
64 | { | ||
65 | return true; | ||
66 | } | ||
67 | return false; | ||
68 | } | ||
69 | |||
70 | public bool CheckAuthSession(string session_id, string avatar_id) | ||
71 | { | ||
72 | m_log.InfoFormat("[GRID AGENT INVENTORY]: checking authed session {0} {1}", session_id, avatar_id); | ||
73 | Hashtable requestData = new Hashtable(); | ||
74 | requestData["avatar_uuid"] = avatar_id; | ||
75 | requestData["session_id"] = session_id; | ||
76 | ArrayList SendParams = new ArrayList(); | ||
77 | SendParams.Add(requestData); | ||
78 | XmlRpcRequest UserReq = new XmlRpcRequest("check_auth_session", SendParams); | ||
79 | XmlRpcResponse UserResp = UserReq.Send(m_userserver_url, 3000); | ||
80 | |||
81 | Hashtable responseData = (Hashtable)UserResp.Value; | ||
82 | |||
83 | if (responseData.ContainsKey("auth_session") && responseData["auth_session"].ToString() == "TRUE") | ||
84 | { | ||
85 | return true; | ||
86 | } | ||
87 | return false; | ||
88 | } | ||
89 | |||
49 | public override void RequestInventoryForUser(LLUUID userID, InventoryReceiptCallback callback) | 90 | public override void RequestInventoryForUser(LLUUID userID, InventoryReceiptCallback callback) |
50 | { | 91 | { |
51 | } | 92 | } |