diff options
author | Johan Berntsson | 2008-07-23 06:59:02 +0000 |
---|---|---|
committer | Johan Berntsson | 2008-07-23 06:59:02 +0000 |
commit | 344c9caeb671f3d9dab80f05d18a7dc9f3075bc1 (patch) | |
tree | 2c4d9fdd3d63384f009307f63eb6e0646e054593 /OpenSim/Grid/UserServer | |
parent | Enable LSL <-> C# source location mapping when reporing compiler errors to th... (diff) | |
download | opensim-SC-344c9caeb671f3d9dab80f05d18a7dc9f3075bc1.zip opensim-SC-344c9caeb671f3d9dab80f05d18a7dc9f3075bc1.tar.gz opensim-SC-344c9caeb671f3d9dab80f05d18a7dc9f3075bc1.tar.bz2 opensim-SC-344c9caeb671f3d9dab80f05d18a7dc9f3075bc1.tar.xz |
thanks lulurun for a security patch that blocks unathorized access to the inventory server (see http://opensimulator.org/wiki/Security_vulnerability_brought_by_non-check_inventory_service)
Diffstat (limited to 'OpenSim/Grid/UserServer')
-rw-r--r-- | OpenSim/Grid/UserServer/Main.cs | 1 | ||||
-rw-r--r-- | OpenSim/Grid/UserServer/UserManager.cs | 39 |
2 files changed, 40 insertions, 0 deletions
diff --git a/OpenSim/Grid/UserServer/Main.cs b/OpenSim/Grid/UserServer/Main.cs index c7011a9..30a41f4 100644 --- a/OpenSim/Grid/UserServer/Main.cs +++ b/OpenSim/Grid/UserServer/Main.cs | |||
@@ -142,6 +142,7 @@ namespace OpenSim.Grid.UserServer | |||
142 | m_httpServer.AddXmlRPCHandler("update_user_current_region", m_userManager.XmlRPCAtRegion); | 142 | m_httpServer.AddXmlRPCHandler("update_user_current_region", m_userManager.XmlRPCAtRegion); |
143 | m_httpServer.AddXmlRPCHandler("logout_of_simulator", m_userManager.XmlRPCLogOffUserMethodUUID); | 143 | m_httpServer.AddXmlRPCHandler("logout_of_simulator", m_userManager.XmlRPCLogOffUserMethodUUID); |
144 | m_httpServer.AddXmlRPCHandler("get_agent_by_uuid", m_userManager.XmlRPCGetAgentMethodUUID); | 144 | m_httpServer.AddXmlRPCHandler("get_agent_by_uuid", m_userManager.XmlRPCGetAgentMethodUUID); |
145 | m_httpServer.AddXmlRPCHandler("check_auth_session", m_userManager.XmlRPCCheckAuthSession); | ||
145 | // Message Server ---> User Server | 146 | // Message Server ---> User Server |
146 | m_httpServer.AddXmlRPCHandler("register_messageserver", m_messagesService.XmlRPCRegisterMessageServer); | 147 | m_httpServer.AddXmlRPCHandler("register_messageserver", m_messagesService.XmlRPCRegisterMessageServer); |
147 | m_httpServer.AddXmlRPCHandler("agent_change_region", m_messagesService.XmlRPCUserMovedtoRegion); | 148 | m_httpServer.AddXmlRPCHandler("agent_change_region", m_messagesService.XmlRPCUserMovedtoRegion); |
diff --git a/OpenSim/Grid/UserServer/UserManager.cs b/OpenSim/Grid/UserServer/UserManager.cs index ff62d78..a43ade1 100644 --- a/OpenSim/Grid/UserServer/UserManager.cs +++ b/OpenSim/Grid/UserServer/UserManager.cs | |||
@@ -457,6 +457,45 @@ namespace OpenSim.Grid.UserServer | |||
457 | return response; | 457 | return response; |
458 | } | 458 | } |
459 | 459 | ||
460 | public XmlRpcResponse XmlRPCCheckAuthSession(XmlRpcRequest request) | ||
461 | { | ||
462 | XmlRpcResponse response = new XmlRpcResponse(); | ||
463 | Hashtable requestData = (Hashtable)request.Params[0]; | ||
464 | UserProfileData userProfile; | ||
465 | |||
466 | string authed = "FALSE"; | ||
467 | if (requestData.Contains("avatar_uuid") && requestData.Contains("session_id")) | ||
468 | { | ||
469 | LLUUID guess_aid = LLUUID.Zero; | ||
470 | LLUUID guess_sid = LLUUID.Zero; | ||
471 | |||
472 | Helpers.TryParse((string)requestData["avatar_uuid"], out guess_aid); | ||
473 | if (guess_aid == LLUUID.Zero) | ||
474 | { | ||
475 | return CreateUnknownUserErrorResponse(); | ||
476 | } | ||
477 | Helpers.TryParse((string)requestData["session_id"], out guess_sid); | ||
478 | if (guess_sid == LLUUID.Zero) | ||
479 | { | ||
480 | return CreateUnknownUserErrorResponse(); | ||
481 | } | ||
482 | userProfile = GetUserProfile(guess_aid); | ||
483 | if (userProfile != null && userProfile.CurrentAgent != null && userProfile.CurrentAgent.SessionID == guess_sid) | ||
484 | { | ||
485 | authed = "TRUE"; | ||
486 | } | ||
487 | m_log.InfoFormat("[UserManager]: CheckAuthSession TRUE for user {0}", guess_aid); | ||
488 | } | ||
489 | else | ||
490 | { | ||
491 | m_log.InfoFormat("[UserManager]: CheckAuthSession FALSE"); | ||
492 | return CreateUnknownUserErrorResponse(); | ||
493 | } | ||
494 | Hashtable responseData = new Hashtable(); | ||
495 | responseData["auth_session"] = authed; | ||
496 | response.Value = responseData; | ||
497 | return response; | ||
498 | } | ||
460 | 499 | ||
461 | public XmlRpcResponse XmlRpcResponseXmlRPCUpdateUserProfile(XmlRpcRequest request) | 500 | public XmlRpcResponse XmlRpcResponseXmlRPCUpdateUserProfile(XmlRpcRequest request) |
462 | { | 501 | { |