aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/OpenSim/Grid/UserServer/UserManager.cs
diff options
context:
space:
mode:
authorJohan Berntsson2008-07-23 06:59:02 +0000
committerJohan Berntsson2008-07-23 06:59:02 +0000
commit344c9caeb671f3d9dab80f05d18a7dc9f3075bc1 (patch)
tree2c4d9fdd3d63384f009307f63eb6e0646e054593 /OpenSim/Grid/UserServer/UserManager.cs
parentEnable LSL <-> C# source location mapping when reporing compiler errors to th... (diff)
downloadopensim-SC-344c9caeb671f3d9dab80f05d18a7dc9f3075bc1.zip
opensim-SC-344c9caeb671f3d9dab80f05d18a7dc9f3075bc1.tar.gz
opensim-SC-344c9caeb671f3d9dab80f05d18a7dc9f3075bc1.tar.bz2
opensim-SC-344c9caeb671f3d9dab80f05d18a7dc9f3075bc1.tar.xz
thanks lulurun for a security patch that blocks unathorized access to the inventory server (see http://opensimulator.org/wiki/Security_vulnerability_brought_by_non-check_inventory_service)
Diffstat (limited to '')
-rw-r--r--OpenSim/Grid/UserServer/UserManager.cs39
1 files changed, 39 insertions, 0 deletions
diff --git a/OpenSim/Grid/UserServer/UserManager.cs b/OpenSim/Grid/UserServer/UserManager.cs
index ff62d78..a43ade1 100644
--- a/OpenSim/Grid/UserServer/UserManager.cs
+++ b/OpenSim/Grid/UserServer/UserManager.cs
@@ -457,6 +457,45 @@ namespace OpenSim.Grid.UserServer
457 return response; 457 return response;
458 } 458 }
459 459
460 public XmlRpcResponse XmlRPCCheckAuthSession(XmlRpcRequest request)
461 {
462 XmlRpcResponse response = new XmlRpcResponse();
463 Hashtable requestData = (Hashtable)request.Params[0];
464 UserProfileData userProfile;
465
466 string authed = "FALSE";
467 if (requestData.Contains("avatar_uuid") && requestData.Contains("session_id"))
468 {
469 LLUUID guess_aid = LLUUID.Zero;
470 LLUUID guess_sid = LLUUID.Zero;
471
472 Helpers.TryParse((string)requestData["avatar_uuid"], out guess_aid);
473 if (guess_aid == LLUUID.Zero)
474 {
475 return CreateUnknownUserErrorResponse();
476 }
477 Helpers.TryParse((string)requestData["session_id"], out guess_sid);
478 if (guess_sid == LLUUID.Zero)
479 {
480 return CreateUnknownUserErrorResponse();
481 }
482 userProfile = GetUserProfile(guess_aid);
483 if (userProfile != null && userProfile.CurrentAgent != null && userProfile.CurrentAgent.SessionID == guess_sid)
484 {
485 authed = "TRUE";
486 }
487 m_log.InfoFormat("[UserManager]: CheckAuthSession TRUE for user {0}", guess_aid);
488 }
489 else
490 {
491 m_log.InfoFormat("[UserManager]: CheckAuthSession FALSE");
492 return CreateUnknownUserErrorResponse();
493 }
494 Hashtable responseData = new Hashtable();
495 responseData["auth_session"] = authed;
496 response.Value = responseData;
497 return response;
498 }
460 499
461 public XmlRpcResponse XmlRpcResponseXmlRPCUpdateUserProfile(XmlRpcRequest request) 500 public XmlRpcResponse XmlRpcResponseXmlRPCUpdateUserProfile(XmlRpcRequest request)
462 { 501 {