diff options
author | Johan Berntsson | 2008-07-23 06:59:02 +0000 |
---|---|---|
committer | Johan Berntsson | 2008-07-23 06:59:02 +0000 |
commit | 344c9caeb671f3d9dab80f05d18a7dc9f3075bc1 (patch) | |
tree | 2c4d9fdd3d63384f009307f63eb6e0646e054593 /OpenSim/Grid/UserServer/UserManager.cs | |
parent | Enable LSL <-> C# source location mapping when reporing compiler errors to th... (diff) | |
download | opensim-SC_OLD-344c9caeb671f3d9dab80f05d18a7dc9f3075bc1.zip opensim-SC_OLD-344c9caeb671f3d9dab80f05d18a7dc9f3075bc1.tar.gz opensim-SC_OLD-344c9caeb671f3d9dab80f05d18a7dc9f3075bc1.tar.bz2 opensim-SC_OLD-344c9caeb671f3d9dab80f05d18a7dc9f3075bc1.tar.xz |
thanks lulurun for a security patch that blocks unathorized access to the inventory server (see http://opensimulator.org/wiki/Security_vulnerability_brought_by_non-check_inventory_service)
Diffstat (limited to 'OpenSim/Grid/UserServer/UserManager.cs')
-rw-r--r-- | OpenSim/Grid/UserServer/UserManager.cs | 39 |
1 files changed, 39 insertions, 0 deletions
diff --git a/OpenSim/Grid/UserServer/UserManager.cs b/OpenSim/Grid/UserServer/UserManager.cs index ff62d78..a43ade1 100644 --- a/OpenSim/Grid/UserServer/UserManager.cs +++ b/OpenSim/Grid/UserServer/UserManager.cs | |||
@@ -457,6 +457,45 @@ namespace OpenSim.Grid.UserServer | |||
457 | return response; | 457 | return response; |
458 | } | 458 | } |
459 | 459 | ||
460 | public XmlRpcResponse XmlRPCCheckAuthSession(XmlRpcRequest request) | ||
461 | { | ||
462 | XmlRpcResponse response = new XmlRpcResponse(); | ||
463 | Hashtable requestData = (Hashtable)request.Params[0]; | ||
464 | UserProfileData userProfile; | ||
465 | |||
466 | string authed = "FALSE"; | ||
467 | if (requestData.Contains("avatar_uuid") && requestData.Contains("session_id")) | ||
468 | { | ||
469 | LLUUID guess_aid = LLUUID.Zero; | ||
470 | LLUUID guess_sid = LLUUID.Zero; | ||
471 | |||
472 | Helpers.TryParse((string)requestData["avatar_uuid"], out guess_aid); | ||
473 | if (guess_aid == LLUUID.Zero) | ||
474 | { | ||
475 | return CreateUnknownUserErrorResponse(); | ||
476 | } | ||
477 | Helpers.TryParse((string)requestData["session_id"], out guess_sid); | ||
478 | if (guess_sid == LLUUID.Zero) | ||
479 | { | ||
480 | return CreateUnknownUserErrorResponse(); | ||
481 | } | ||
482 | userProfile = GetUserProfile(guess_aid); | ||
483 | if (userProfile != null && userProfile.CurrentAgent != null && userProfile.CurrentAgent.SessionID == guess_sid) | ||
484 | { | ||
485 | authed = "TRUE"; | ||
486 | } | ||
487 | m_log.InfoFormat("[UserManager]: CheckAuthSession TRUE for user {0}", guess_aid); | ||
488 | } | ||
489 | else | ||
490 | { | ||
491 | m_log.InfoFormat("[UserManager]: CheckAuthSession FALSE"); | ||
492 | return CreateUnknownUserErrorResponse(); | ||
493 | } | ||
494 | Hashtable responseData = new Hashtable(); | ||
495 | responseData["auth_session"] = authed; | ||
496 | response.Value = responseData; | ||
497 | return response; | ||
498 | } | ||
460 | 499 | ||
461 | public XmlRpcResponse XmlRpcResponseXmlRPCUpdateUserProfile(XmlRpcRequest request) | 500 | public XmlRpcResponse XmlRpcResponseXmlRPCUpdateUserProfile(XmlRpcRequest request) |
462 | { | 501 | { |