From ba3491c76e2d7cc7187a025dccd782790929f0b7 Mon Sep 17 00:00:00 2001
From: Justin Clark-Casey (justincc)
Date: Thu, 12 Jan 2012 19:06:46 +0000
Subject: Add permissions checks for owned avatars to all other osNpc*
functions.
This is being done outside the npc module since the check is meaningless for region module callers, who can fake any id that they like.
---
OpenSim/Region/Framework/Interfaces/INPCModule.cs | 2 +-
.../Region/OptionalModules/World/NPC/NPCModule.cs | 5 +-
.../Shared/Api/Implementation/OSSL_Api.cs | 70 +++++++++++++++-------
3 files changed, 52 insertions(+), 25 deletions(-)
diff --git a/OpenSim/Region/Framework/Interfaces/INPCModule.cs b/OpenSim/Region/Framework/Interfaces/INPCModule.cs
index 3ec1bda..c50e734 100644
--- a/OpenSim/Region/Framework/Interfaces/INPCModule.cs
+++ b/OpenSim/Region/Framework/Interfaces/INPCModule.cs
@@ -125,7 +125,7 @@ namespace OpenSim.Region.Framework.Interfaces
/// The UUID of the NPC
///
/// True if the operation succeeded, false if there was no such agent or the agent was not an NPC
- bool DeleteNPC(UUID agentID, UUID CallerID, Scene scene);
+ bool DeleteNPC(UUID agentID, Scene scene);
///
/// Get the owner of a NPC
diff --git a/OpenSim/Region/OptionalModules/World/NPC/NPCModule.cs b/OpenSim/Region/OptionalModules/World/NPC/NPCModule.cs
index 8f9b513..d90309f 100644
--- a/OpenSim/Region/OptionalModules/World/NPC/NPCModule.cs
+++ b/OpenSim/Region/OptionalModules/World/NPC/NPCModule.cs
@@ -266,16 +266,13 @@ namespace OpenSim.Region.OptionalModules.World.NPC
return UUID.Zero;
}
- public bool DeleteNPC(UUID agentID, UUID callerID, Scene scene)
+ public bool DeleteNPC(UUID agentID, Scene scene)
{
lock (m_avatars)
{
NPCAvatar av;
if (m_avatars.TryGetValue(agentID, out av))
{
- if (!CheckPermissions(av, callerID));
- return false;
-
scene.RemoveClient(agentID, false);
m_avatars.Remove(agentID);
diff --git a/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/OSSL_Api.cs b/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/OSSL_Api.cs
index 1d7a210..509bbec 100644
--- a/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/OSSL_Api.cs
+++ b/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/OSSL_Api.cs
@@ -2173,6 +2173,9 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
if (!UUID.TryParse(npc.m_string, out npcId))
return;
+ if (!npcModule.CheckPermissions(npcId, m_host.OwnerID))
+ return;
+
string appearanceSerialized = LoadNotecard(notecard);
OSDMap appearanceOsd = (OSDMap)OSDParser.DeserializeLLSDXml(appearanceSerialized);
// OSD a = OSDParser.DeserializeLLSDXml(appearanceSerialized);
@@ -2196,7 +2199,7 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
if (!UUID.TryParse(npc.m_string, out npcId))
return new LSL_Vector(0, 0, 0);
- if (!npcModule.IsNPC(npcId, m_host.ParentGroup.Scene))
+ if (!npcModule.CheckPermissions(npcId, m_host.OwnerID))
return new LSL_Vector(0, 0, 0);
Vector3 pos = World.GetScenePresence(npcId).AbsolutePosition;
@@ -2216,6 +2219,9 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
UUID npcId;
if (!UUID.TryParse(npc.m_string, out npcId))
return;
+
+ if (!module.CheckPermissions(npcId, m_host.OwnerID))
+ return;
Vector3 pos = new Vector3((float) position.x, (float) position.y, (float) position.z);
module.MoveToTarget(npcId, World, pos, false, true);
@@ -2233,6 +2239,9 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
if (!UUID.TryParse(npc.m_string, out npcId))
return;
+ if (!module.CheckPermissions(npcId, m_host.OwnerID))
+ return;
+
Vector3 pos = new Vector3((float)target.x, (float)target.y, (float)target.z);
module.MoveToTarget(
new UUID(npc.m_string),
@@ -2254,7 +2263,7 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
if (!UUID.TryParse(npc.m_string, out npcId))
return new LSL_Rotation(Quaternion.Identity.X, Quaternion.Identity.Y, Quaternion.Identity.Z, Quaternion.Identity.W);
- if (!npcModule.IsNPC(npcId, m_host.ParentGroup.Scene))
+ if (!npcModule.CheckPermissions(npcId, m_host.OwnerID))
return new LSL_Rotation(Quaternion.Identity.X, Quaternion.Identity.Y, Quaternion.Identity.Z, Quaternion.Identity.W);
ScenePresence sp = World.GetScenePresence(npcId);
@@ -2277,7 +2286,7 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
if (!UUID.TryParse(npc.m_string, out npcId))
return;
- if (!npcModule.IsNPC(npcId, m_host.ParentGroup.Scene))
+ if (!npcModule.CheckPermissions(npcId, m_host.OwnerID))
return;
ScenePresence sp = World.GetScenePresence(npcId);
@@ -2291,7 +2300,14 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
INPCModule module = World.RequestModuleInterface();
if (module != null)
- module.StopMoveToTarget(new UUID(npc.m_string), World);
+ {
+ UUID npcId = new UUID(npc.m_string);
+
+ if (!module.CheckPermissions(npcId, m_host.OwnerID))
+ return;
+
+ module.StopMoveToTarget(npcId, World);
+ }
}
public void osNpcSay(LSL_Key npc, string message)
@@ -2301,7 +2317,12 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
INPCModule module = World.RequestModuleInterface();
if (module != null)
{
- module.Say(new UUID(npc.m_string), World, message);
+ UUID npcId = new UUID(npc.m_string);
+
+ if (!module.CheckPermissions(npcId, m_host.OwnerID))
+ return;
+
+ module.Say(npcId, World, message);
}
}
@@ -2312,7 +2333,12 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
INPCModule module = World.RequestModuleInterface();
if (module != null)
{
- module.Sit(new UUID(npc.m_string), new UUID(target.m_string), World);
+ UUID npcId = new UUID(npc.m_string);
+
+ if (!module.CheckPermissions(npcId, m_host.OwnerID))
+ return;
+
+ module.Sit(npcId, new UUID(target.m_string), World);
}
}
@@ -2323,7 +2349,12 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
INPCModule module = World.RequestModuleInterface();
if (module != null)
{
- module.Stand(new UUID(npc.m_string), World);
+ UUID npcId = new UUID(npc.m_string);
+
+ if (!module.CheckPermissions(npcId, m_host.OwnerID))
+ return;
+
+ module.Stand(npcId, World);
}
}
@@ -2334,7 +2365,12 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
INPCModule module = World.RequestModuleInterface();
if (module != null)
{
- module.DeleteNPC(new UUID(npc.m_string), m_host.OwnerID, World);
+ UUID npcId = new UUID(npc.m_string);
+
+ if (!module.CheckPermissions(npcId, m_host.OwnerID))
+ return;
+
+ module.DeleteNPC(npcId, World);
}
}
@@ -2346,12 +2382,9 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
if (module != null)
{
UUID npcID = new UUID(npc.m_string);
- if (module.IsNPC(npcID, m_host.ParentGroup.Scene))
- {
- UUID ownerID = module.GetOwner(npcID);
- if (ownerID == UUID.Zero || ownerID == m_host.OwnerID)
- AvatarPlayAnimation(npcID.ToString(), animation);
- }
+
+ if (module.CheckPermissions(npcID, m_host.OwnerID))
+ AvatarPlayAnimation(npcID.ToString(), animation);
}
}
@@ -2363,12 +2396,9 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
if (module != null)
{
UUID npcID = new UUID(npc.m_string);
- if (module.IsNPC(npcID, m_host.ParentGroup.Scene))
- {
- UUID ownerID = module.GetOwner(npcID);
- if (ownerID == UUID.Zero || ownerID == m_host.OwnerID)
- AvatarStopAnimation(npcID.ToString(), animation);
- }
+
+ if (module.CheckPermissions(npcID, m_host.OwnerID))
+ AvatarPlayAnimation(npcID.ToString(), animation);
}
}
--
cgit v1.1