diff options
author | Justin Clark-Casey (justincc) | 2012-01-12 19:06:46 +0000 |
---|---|---|
committer | Justin Clark-Casey (justincc) | 2012-01-12 19:06:46 +0000 |
commit | ba3491c76e2d7cc7187a025dccd782790929f0b7 (patch) | |
tree | da28906958e7a557b8fd3f7b8cf86fe1a80d50f7 | |
parent | Merge branch 'master' of ssh://opensimulator.org/var/git/opensim (diff) | |
download | opensim-SC_OLD-ba3491c76e2d7cc7187a025dccd782790929f0b7.zip opensim-SC_OLD-ba3491c76e2d7cc7187a025dccd782790929f0b7.tar.gz opensim-SC_OLD-ba3491c76e2d7cc7187a025dccd782790929f0b7.tar.bz2 opensim-SC_OLD-ba3491c76e2d7cc7187a025dccd782790929f0b7.tar.xz |
Add permissions checks for owned avatars to all other osNpc* functions.
This is being done outside the npc module since the check is meaningless for region module callers, who can fake any id that they like.
3 files changed, 52 insertions, 25 deletions
diff --git a/OpenSim/Region/Framework/Interfaces/INPCModule.cs b/OpenSim/Region/Framework/Interfaces/INPCModule.cs index 3ec1bda..c50e734 100644 --- a/OpenSim/Region/Framework/Interfaces/INPCModule.cs +++ b/OpenSim/Region/Framework/Interfaces/INPCModule.cs | |||
@@ -125,7 +125,7 @@ namespace OpenSim.Region.Framework.Interfaces | |||
125 | /// <param name="agentID">The UUID of the NPC</param> | 125 | /// <param name="agentID">The UUID of the NPC</param> |
126 | /// <param name="scene"></param> | 126 | /// <param name="scene"></param> |
127 | /// <returns>True if the operation succeeded, false if there was no such agent or the agent was not an NPC</returns> | 127 | /// <returns>True if the operation succeeded, false if there was no such agent or the agent was not an NPC</returns> |
128 | bool DeleteNPC(UUID agentID, UUID CallerID, Scene scene); | 128 | bool DeleteNPC(UUID agentID, Scene scene); |
129 | 129 | ||
130 | /// <summary> | 130 | /// <summary> |
131 | /// Get the owner of a NPC | 131 | /// Get the owner of a NPC |
diff --git a/OpenSim/Region/OptionalModules/World/NPC/NPCModule.cs b/OpenSim/Region/OptionalModules/World/NPC/NPCModule.cs index 8f9b513..d90309f 100644 --- a/OpenSim/Region/OptionalModules/World/NPC/NPCModule.cs +++ b/OpenSim/Region/OptionalModules/World/NPC/NPCModule.cs | |||
@@ -266,16 +266,13 @@ namespace OpenSim.Region.OptionalModules.World.NPC | |||
266 | return UUID.Zero; | 266 | return UUID.Zero; |
267 | } | 267 | } |
268 | 268 | ||
269 | public bool DeleteNPC(UUID agentID, UUID callerID, Scene scene) | 269 | public bool DeleteNPC(UUID agentID, Scene scene) |
270 | { | 270 | { |
271 | lock (m_avatars) | 271 | lock (m_avatars) |
272 | { | 272 | { |
273 | NPCAvatar av; | 273 | NPCAvatar av; |
274 | if (m_avatars.TryGetValue(agentID, out av)) | 274 | if (m_avatars.TryGetValue(agentID, out av)) |
275 | { | 275 | { |
276 | if (!CheckPermissions(av, callerID)); | ||
277 | return false; | ||
278 | |||
279 | scene.RemoveClient(agentID, false); | 276 | scene.RemoveClient(agentID, false); |
280 | m_avatars.Remove(agentID); | 277 | m_avatars.Remove(agentID); |
281 | 278 | ||
diff --git a/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/OSSL_Api.cs b/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/OSSL_Api.cs index 1d7a210..509bbec 100644 --- a/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/OSSL_Api.cs +++ b/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/OSSL_Api.cs | |||
@@ -2173,6 +2173,9 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api | |||
2173 | if (!UUID.TryParse(npc.m_string, out npcId)) | 2173 | if (!UUID.TryParse(npc.m_string, out npcId)) |
2174 | return; | 2174 | return; |
2175 | 2175 | ||
2176 | if (!npcModule.CheckPermissions(npcId, m_host.OwnerID)) | ||
2177 | return; | ||
2178 | |||
2176 | string appearanceSerialized = LoadNotecard(notecard); | 2179 | string appearanceSerialized = LoadNotecard(notecard); |
2177 | OSDMap appearanceOsd = (OSDMap)OSDParser.DeserializeLLSDXml(appearanceSerialized); | 2180 | OSDMap appearanceOsd = (OSDMap)OSDParser.DeserializeLLSDXml(appearanceSerialized); |
2178 | // OSD a = OSDParser.DeserializeLLSDXml(appearanceSerialized); | 2181 | // OSD a = OSDParser.DeserializeLLSDXml(appearanceSerialized); |
@@ -2196,7 +2199,7 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api | |||
2196 | if (!UUID.TryParse(npc.m_string, out npcId)) | 2199 | if (!UUID.TryParse(npc.m_string, out npcId)) |
2197 | return new LSL_Vector(0, 0, 0); | 2200 | return new LSL_Vector(0, 0, 0); |
2198 | 2201 | ||
2199 | if (!npcModule.IsNPC(npcId, m_host.ParentGroup.Scene)) | 2202 | if (!npcModule.CheckPermissions(npcId, m_host.OwnerID)) |
2200 | return new LSL_Vector(0, 0, 0); | 2203 | return new LSL_Vector(0, 0, 0); |
2201 | 2204 | ||
2202 | Vector3 pos = World.GetScenePresence(npcId).AbsolutePosition; | 2205 | Vector3 pos = World.GetScenePresence(npcId).AbsolutePosition; |
@@ -2216,6 +2219,9 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api | |||
2216 | UUID npcId; | 2219 | UUID npcId; |
2217 | if (!UUID.TryParse(npc.m_string, out npcId)) | 2220 | if (!UUID.TryParse(npc.m_string, out npcId)) |
2218 | return; | 2221 | return; |
2222 | |||
2223 | if (!module.CheckPermissions(npcId, m_host.OwnerID)) | ||
2224 | return; | ||
2219 | 2225 | ||
2220 | Vector3 pos = new Vector3((float) position.x, (float) position.y, (float) position.z); | 2226 | Vector3 pos = new Vector3((float) position.x, (float) position.y, (float) position.z); |
2221 | module.MoveToTarget(npcId, World, pos, false, true); | 2227 | module.MoveToTarget(npcId, World, pos, false, true); |
@@ -2233,6 +2239,9 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api | |||
2233 | if (!UUID.TryParse(npc.m_string, out npcId)) | 2239 | if (!UUID.TryParse(npc.m_string, out npcId)) |
2234 | return; | 2240 | return; |
2235 | 2241 | ||
2242 | if (!module.CheckPermissions(npcId, m_host.OwnerID)) | ||
2243 | return; | ||
2244 | |||
2236 | Vector3 pos = new Vector3((float)target.x, (float)target.y, (float)target.z); | 2245 | Vector3 pos = new Vector3((float)target.x, (float)target.y, (float)target.z); |
2237 | module.MoveToTarget( | 2246 | module.MoveToTarget( |
2238 | new UUID(npc.m_string), | 2247 | new UUID(npc.m_string), |
@@ -2254,7 +2263,7 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api | |||
2254 | if (!UUID.TryParse(npc.m_string, out npcId)) | 2263 | if (!UUID.TryParse(npc.m_string, out npcId)) |
2255 | return new LSL_Rotation(Quaternion.Identity.X, Quaternion.Identity.Y, Quaternion.Identity.Z, Quaternion.Identity.W); | 2264 | return new LSL_Rotation(Quaternion.Identity.X, Quaternion.Identity.Y, Quaternion.Identity.Z, Quaternion.Identity.W); |
2256 | 2265 | ||
2257 | if (!npcModule.IsNPC(npcId, m_host.ParentGroup.Scene)) | 2266 | if (!npcModule.CheckPermissions(npcId, m_host.OwnerID)) |
2258 | return new LSL_Rotation(Quaternion.Identity.X, Quaternion.Identity.Y, Quaternion.Identity.Z, Quaternion.Identity.W); | 2267 | return new LSL_Rotation(Quaternion.Identity.X, Quaternion.Identity.Y, Quaternion.Identity.Z, Quaternion.Identity.W); |
2259 | 2268 | ||
2260 | ScenePresence sp = World.GetScenePresence(npcId); | 2269 | ScenePresence sp = World.GetScenePresence(npcId); |
@@ -2277,7 +2286,7 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api | |||
2277 | if (!UUID.TryParse(npc.m_string, out npcId)) | 2286 | if (!UUID.TryParse(npc.m_string, out npcId)) |
2278 | return; | 2287 | return; |
2279 | 2288 | ||
2280 | if (!npcModule.IsNPC(npcId, m_host.ParentGroup.Scene)) | 2289 | if (!npcModule.CheckPermissions(npcId, m_host.OwnerID)) |
2281 | return; | 2290 | return; |
2282 | 2291 | ||
2283 | ScenePresence sp = World.GetScenePresence(npcId); | 2292 | ScenePresence sp = World.GetScenePresence(npcId); |
@@ -2291,7 +2300,14 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api | |||
2291 | 2300 | ||
2292 | INPCModule module = World.RequestModuleInterface<INPCModule>(); | 2301 | INPCModule module = World.RequestModuleInterface<INPCModule>(); |
2293 | if (module != null) | 2302 | if (module != null) |
2294 | module.StopMoveToTarget(new UUID(npc.m_string), World); | 2303 | { |
2304 | UUID npcId = new UUID(npc.m_string); | ||
2305 | |||
2306 | if (!module.CheckPermissions(npcId, m_host.OwnerID)) | ||
2307 | return; | ||
2308 | |||
2309 | module.StopMoveToTarget(npcId, World); | ||
2310 | } | ||
2295 | } | 2311 | } |
2296 | 2312 | ||
2297 | public void osNpcSay(LSL_Key npc, string message) | 2313 | public void osNpcSay(LSL_Key npc, string message) |
@@ -2301,7 +2317,12 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api | |||
2301 | INPCModule module = World.RequestModuleInterface<INPCModule>(); | 2317 | INPCModule module = World.RequestModuleInterface<INPCModule>(); |
2302 | if (module != null) | 2318 | if (module != null) |
2303 | { | 2319 | { |
2304 | module.Say(new UUID(npc.m_string), World, message); | 2320 | UUID npcId = new UUID(npc.m_string); |
2321 | |||
2322 | if (!module.CheckPermissions(npcId, m_host.OwnerID)) | ||
2323 | return; | ||
2324 | |||
2325 | module.Say(npcId, World, message); | ||
2305 | } | 2326 | } |
2306 | } | 2327 | } |
2307 | 2328 | ||
@@ -2312,7 +2333,12 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api | |||
2312 | INPCModule module = World.RequestModuleInterface<INPCModule>(); | 2333 | INPCModule module = World.RequestModuleInterface<INPCModule>(); |
2313 | if (module != null) | 2334 | if (module != null) |
2314 | { | 2335 | { |
2315 | module.Sit(new UUID(npc.m_string), new UUID(target.m_string), World); | 2336 | UUID npcId = new UUID(npc.m_string); |
2337 | |||
2338 | if (!module.CheckPermissions(npcId, m_host.OwnerID)) | ||
2339 | return; | ||
2340 | |||
2341 | module.Sit(npcId, new UUID(target.m_string), World); | ||
2316 | } | 2342 | } |
2317 | } | 2343 | } |
2318 | 2344 | ||
@@ -2323,7 +2349,12 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api | |||
2323 | INPCModule module = World.RequestModuleInterface<INPCModule>(); | 2349 | INPCModule module = World.RequestModuleInterface<INPCModule>(); |
2324 | if (module != null) | 2350 | if (module != null) |
2325 | { | 2351 | { |
2326 | module.Stand(new UUID(npc.m_string), World); | 2352 | UUID npcId = new UUID(npc.m_string); |
2353 | |||
2354 | if (!module.CheckPermissions(npcId, m_host.OwnerID)) | ||
2355 | return; | ||
2356 | |||
2357 | module.Stand(npcId, World); | ||
2327 | } | 2358 | } |
2328 | } | 2359 | } |
2329 | 2360 | ||
@@ -2334,7 +2365,12 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api | |||
2334 | INPCModule module = World.RequestModuleInterface<INPCModule>(); | 2365 | INPCModule module = World.RequestModuleInterface<INPCModule>(); |
2335 | if (module != null) | 2366 | if (module != null) |
2336 | { | 2367 | { |
2337 | module.DeleteNPC(new UUID(npc.m_string), m_host.OwnerID, World); | 2368 | UUID npcId = new UUID(npc.m_string); |
2369 | |||
2370 | if (!module.CheckPermissions(npcId, m_host.OwnerID)) | ||
2371 | return; | ||
2372 | |||
2373 | module.DeleteNPC(npcId, World); | ||
2338 | } | 2374 | } |
2339 | } | 2375 | } |
2340 | 2376 | ||
@@ -2346,12 +2382,9 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api | |||
2346 | if (module != null) | 2382 | if (module != null) |
2347 | { | 2383 | { |
2348 | UUID npcID = new UUID(npc.m_string); | 2384 | UUID npcID = new UUID(npc.m_string); |
2349 | if (module.IsNPC(npcID, m_host.ParentGroup.Scene)) | 2385 | |
2350 | { | 2386 | if (module.CheckPermissions(npcID, m_host.OwnerID)) |
2351 | UUID ownerID = module.GetOwner(npcID); | 2387 | AvatarPlayAnimation(npcID.ToString(), animation); |
2352 | if (ownerID == UUID.Zero || ownerID == m_host.OwnerID) | ||
2353 | AvatarPlayAnimation(npcID.ToString(), animation); | ||
2354 | } | ||
2355 | } | 2388 | } |
2356 | } | 2389 | } |
2357 | 2390 | ||
@@ -2363,12 +2396,9 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api | |||
2363 | if (module != null) | 2396 | if (module != null) |
2364 | { | 2397 | { |
2365 | UUID npcID = new UUID(npc.m_string); | 2398 | UUID npcID = new UUID(npc.m_string); |
2366 | if (module.IsNPC(npcID, m_host.ParentGroup.Scene)) | 2399 | |
2367 | { | 2400 | if (module.CheckPermissions(npcID, m_host.OwnerID)) |
2368 | UUID ownerID = module.GetOwner(npcID); | 2401 | AvatarPlayAnimation(npcID.ToString(), animation); |
2369 | if (ownerID == UUID.Zero || ownerID == m_host.OwnerID) | ||
2370 | AvatarStopAnimation(npcID.ToString(), animation); | ||
2371 | } | ||
2372 | } | 2402 | } |
2373 | } | 2403 | } |
2374 | 2404 | ||