diff options
| author | Johan Berntsson | 2008-07-23 06:59:02 +0000 |
|---|---|---|
| committer | Johan Berntsson | 2008-07-23 06:59:02 +0000 |
| commit | 344c9caeb671f3d9dab80f05d18a7dc9f3075bc1 (patch) | |
| tree | 2c4d9fdd3d63384f009307f63eb6e0646e054593 /OpenSim/Grid/UserServer/UserManager.cs | |
| parent | Enable LSL <-> C# source location mapping when reporing compiler errors to th... (diff) | |
| download | opensim-SC_OLD-344c9caeb671f3d9dab80f05d18a7dc9f3075bc1.zip opensim-SC_OLD-344c9caeb671f3d9dab80f05d18a7dc9f3075bc1.tar.gz opensim-SC_OLD-344c9caeb671f3d9dab80f05d18a7dc9f3075bc1.tar.bz2 opensim-SC_OLD-344c9caeb671f3d9dab80f05d18a7dc9f3075bc1.tar.xz | |
thanks lulurun for a security patch that blocks unathorized access to the inventory server (see http://opensimulator.org/wiki/Security_vulnerability_brought_by_non-check_inventory_service)
Diffstat (limited to '')
| -rw-r--r-- | OpenSim/Grid/UserServer/UserManager.cs | 39 |
1 files changed, 39 insertions, 0 deletions
diff --git a/OpenSim/Grid/UserServer/UserManager.cs b/OpenSim/Grid/UserServer/UserManager.cs index ff62d78..a43ade1 100644 --- a/OpenSim/Grid/UserServer/UserManager.cs +++ b/OpenSim/Grid/UserServer/UserManager.cs | |||
| @@ -457,6 +457,45 @@ namespace OpenSim.Grid.UserServer | |||
| 457 | return response; | 457 | return response; |
| 458 | } | 458 | } |
| 459 | 459 | ||
| 460 | public XmlRpcResponse XmlRPCCheckAuthSession(XmlRpcRequest request) | ||
| 461 | { | ||
| 462 | XmlRpcResponse response = new XmlRpcResponse(); | ||
| 463 | Hashtable requestData = (Hashtable)request.Params[0]; | ||
| 464 | UserProfileData userProfile; | ||
| 465 | |||
| 466 | string authed = "FALSE"; | ||
| 467 | if (requestData.Contains("avatar_uuid") && requestData.Contains("session_id")) | ||
| 468 | { | ||
| 469 | LLUUID guess_aid = LLUUID.Zero; | ||
| 470 | LLUUID guess_sid = LLUUID.Zero; | ||
| 471 | |||
| 472 | Helpers.TryParse((string)requestData["avatar_uuid"], out guess_aid); | ||
| 473 | if (guess_aid == LLUUID.Zero) | ||
| 474 | { | ||
| 475 | return CreateUnknownUserErrorResponse(); | ||
| 476 | } | ||
| 477 | Helpers.TryParse((string)requestData["session_id"], out guess_sid); | ||
| 478 | if (guess_sid == LLUUID.Zero) | ||
| 479 | { | ||
| 480 | return CreateUnknownUserErrorResponse(); | ||
| 481 | } | ||
| 482 | userProfile = GetUserProfile(guess_aid); | ||
| 483 | if (userProfile != null && userProfile.CurrentAgent != null && userProfile.CurrentAgent.SessionID == guess_sid) | ||
| 484 | { | ||
| 485 | authed = "TRUE"; | ||
| 486 | } | ||
| 487 | m_log.InfoFormat("[UserManager]: CheckAuthSession TRUE for user {0}", guess_aid); | ||
| 488 | } | ||
| 489 | else | ||
| 490 | { | ||
| 491 | m_log.InfoFormat("[UserManager]: CheckAuthSession FALSE"); | ||
| 492 | return CreateUnknownUserErrorResponse(); | ||
| 493 | } | ||
| 494 | Hashtable responseData = new Hashtable(); | ||
| 495 | responseData["auth_session"] = authed; | ||
| 496 | response.Value = responseData; | ||
| 497 | return response; | ||
| 498 | } | ||
| 460 | 499 | ||
| 461 | public XmlRpcResponse XmlRpcResponseXmlRPCUpdateUserProfile(XmlRpcRequest request) | 500 | public XmlRpcResponse XmlRpcResponseXmlRPCUpdateUserProfile(XmlRpcRequest request) |
| 462 | { | 501 | { |