From 24a997eb7ccb59f2c7bbc52cd1ddb9a7801e6aac Mon Sep 17 00:00:00 2001 From: Melanie Date: Thu, 30 Dec 2010 20:57:56 +0100 Subject: Add MessageKey to section Messaging, a key that prevents injection of IM from external sources --- .../Avatar/InstantMessage/MessageTransferModule.cs | 31 +++++++++++++++++----- 1 file changed, 25 insertions(+), 6 deletions(-) (limited to 'OpenSim/Region/CoreModules/Avatar/InstantMessage') diff --git a/OpenSim/Region/CoreModules/Avatar/InstantMessage/MessageTransferModule.cs b/OpenSim/Region/CoreModules/Avatar/InstantMessage/MessageTransferModule.cs index 2f8bcd7..0d5401b 100644 --- a/OpenSim/Region/CoreModules/Avatar/InstantMessage/MessageTransferModule.cs +++ b/OpenSim/Region/CoreModules/Avatar/InstantMessage/MessageTransferModule.cs @@ -47,6 +47,7 @@ namespace OpenSim.Region.CoreModules.Avatar.InstantMessage private static readonly ILog m_log = LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType); private bool m_Enabled = false; + protected string m_MessageKey = String.Empty; protected List m_Scenes = new List(); protected Dictionary m_UserRegionMap = new Dictionary(); @@ -66,14 +67,17 @@ namespace OpenSim.Region.CoreModules.Avatar.InstantMessage public virtual void Initialise(IConfigSource config) { IConfig cnf = config.Configs["Messaging"]; - if (cnf != null && cnf.GetString( - "MessageTransferModule", "MessageTransferModule") != - "MessageTransferModule") + if (cnf != null) { - m_log.Debug("[MESSAGE TRANSFER]: Disabled by configuration"); - return; - } + if (cnf.GetString("MessageTransferModule", + "MessageTransferModule") != "MessageTransferModule") + { + return; + } + m_MessageKey = cnf.GetString("MessageKey", String.Empty); + } + m_log.Debug("[MESSAGE TRANSFER]: Module enabled"); m_Enabled = true; } @@ -250,6 +254,19 @@ namespace OpenSim.Region.CoreModules.Avatar.InstantMessage && requestData.ContainsKey("position_z") && requestData.ContainsKey("region_id") && requestData.ContainsKey("binary_bucket")) { + if (m_MessageKey != String.Empty) + { + XmlRpcResponse error_resp = new XmlRpcResponse(); + Hashtable error_respdata = new Hashtable(); + error_respdata["success"] = "FALSE"; + error_resp.Value = error_respdata; + + if (!requestData.Contains("message_key")) + return error_resp; + if (m_MessageKey != (string)requestData["message_key"]) + return error_resp; + } + // Do the easy way of validating the UUIDs UUID.TryParse((string)requestData["from_agent_id"], out fromAgentID); UUID.TryParse((string)requestData["to_agent_id"], out toAgentID); @@ -681,6 +698,8 @@ namespace OpenSim.Region.CoreModules.Avatar.InstantMessage gim["position_z"] = msg.Position.Z.ToString(); gim["region_id"] = msg.RegionID.ToString(); gim["binary_bucket"] = Convert.ToBase64String(msg.binaryBucket,Base64FormattingOptions.None); + if (m_MessageKey != String.Empty) + gim["message_key"] = m_MessageKey; return gim; } -- cgit v1.1