aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/OpenSim/Grid/UserServer
diff options
context:
space:
mode:
authorJohan Berntsson2008-07-23 06:59:02 +0000
committerJohan Berntsson2008-07-23 06:59:02 +0000
commit344c9caeb671f3d9dab80f05d18a7dc9f3075bc1 (patch)
tree2c4d9fdd3d63384f009307f63eb6e0646e054593 /OpenSim/Grid/UserServer
parentEnable LSL <-> C# source location mapping when reporing compiler errors to th... (diff)
downloadopensim-SC-344c9caeb671f3d9dab80f05d18a7dc9f3075bc1.zip
opensim-SC-344c9caeb671f3d9dab80f05d18a7dc9f3075bc1.tar.gz
opensim-SC-344c9caeb671f3d9dab80f05d18a7dc9f3075bc1.tar.bz2
opensim-SC-344c9caeb671f3d9dab80f05d18a7dc9f3075bc1.tar.xz
thanks lulurun for a security patch that blocks unathorized access to the inventory server (see http://opensimulator.org/wiki/Security_vulnerability_brought_by_non-check_inventory_service)
Diffstat (limited to 'OpenSim/Grid/UserServer')
-rw-r--r--OpenSim/Grid/UserServer/Main.cs1
-rw-r--r--OpenSim/Grid/UserServer/UserManager.cs39
2 files changed, 40 insertions, 0 deletions
diff --git a/OpenSim/Grid/UserServer/Main.cs b/OpenSim/Grid/UserServer/Main.cs
index c7011a9..30a41f4 100644
--- a/OpenSim/Grid/UserServer/Main.cs
+++ b/OpenSim/Grid/UserServer/Main.cs
@@ -142,6 +142,7 @@ namespace OpenSim.Grid.UserServer
142 m_httpServer.AddXmlRPCHandler("update_user_current_region", m_userManager.XmlRPCAtRegion); 142 m_httpServer.AddXmlRPCHandler("update_user_current_region", m_userManager.XmlRPCAtRegion);
143 m_httpServer.AddXmlRPCHandler("logout_of_simulator", m_userManager.XmlRPCLogOffUserMethodUUID); 143 m_httpServer.AddXmlRPCHandler("logout_of_simulator", m_userManager.XmlRPCLogOffUserMethodUUID);
144 m_httpServer.AddXmlRPCHandler("get_agent_by_uuid", m_userManager.XmlRPCGetAgentMethodUUID); 144 m_httpServer.AddXmlRPCHandler("get_agent_by_uuid", m_userManager.XmlRPCGetAgentMethodUUID);
145 m_httpServer.AddXmlRPCHandler("check_auth_session", m_userManager.XmlRPCCheckAuthSession);
145 // Message Server ---> User Server 146 // Message Server ---> User Server
146 m_httpServer.AddXmlRPCHandler("register_messageserver", m_messagesService.XmlRPCRegisterMessageServer); 147 m_httpServer.AddXmlRPCHandler("register_messageserver", m_messagesService.XmlRPCRegisterMessageServer);
147 m_httpServer.AddXmlRPCHandler("agent_change_region", m_messagesService.XmlRPCUserMovedtoRegion); 148 m_httpServer.AddXmlRPCHandler("agent_change_region", m_messagesService.XmlRPCUserMovedtoRegion);
diff --git a/OpenSim/Grid/UserServer/UserManager.cs b/OpenSim/Grid/UserServer/UserManager.cs
index ff62d78..a43ade1 100644
--- a/OpenSim/Grid/UserServer/UserManager.cs
+++ b/OpenSim/Grid/UserServer/UserManager.cs
@@ -457,6 +457,45 @@ namespace OpenSim.Grid.UserServer
457 return response; 457 return response;
458 } 458 }
459 459
460 public XmlRpcResponse XmlRPCCheckAuthSession(XmlRpcRequest request)
461 {
462 XmlRpcResponse response = new XmlRpcResponse();
463 Hashtable requestData = (Hashtable)request.Params[0];
464 UserProfileData userProfile;
465
466 string authed = "FALSE";
467 if (requestData.Contains("avatar_uuid") && requestData.Contains("session_id"))
468 {
469 LLUUID guess_aid = LLUUID.Zero;
470 LLUUID guess_sid = LLUUID.Zero;
471
472 Helpers.TryParse((string)requestData["avatar_uuid"], out guess_aid);
473 if (guess_aid == LLUUID.Zero)
474 {
475 return CreateUnknownUserErrorResponse();
476 }
477 Helpers.TryParse((string)requestData["session_id"], out guess_sid);
478 if (guess_sid == LLUUID.Zero)
479 {
480 return CreateUnknownUserErrorResponse();
481 }
482 userProfile = GetUserProfile(guess_aid);
483 if (userProfile != null && userProfile.CurrentAgent != null && userProfile.CurrentAgent.SessionID == guess_sid)
484 {
485 authed = "TRUE";
486 }
487 m_log.InfoFormat("[UserManager]: CheckAuthSession TRUE for user {0}", guess_aid);
488 }
489 else
490 {
491 m_log.InfoFormat("[UserManager]: CheckAuthSession FALSE");
492 return CreateUnknownUserErrorResponse();
493 }
494 Hashtable responseData = new Hashtable();
495 responseData["auth_session"] = authed;
496 response.Value = responseData;
497 return response;
498 }
460 499
461 public XmlRpcResponse XmlRpcResponseXmlRPCUpdateUserProfile(XmlRpcRequest request) 500 public XmlRpcResponse XmlRpcResponseXmlRPCUpdateUserProfile(XmlRpcRequest request)
462 { 501 {