From ba3491c76e2d7cc7187a025dccd782790929f0b7 Mon Sep 17 00:00:00 2001 From: "Justin Clark-Casey (justincc)" Date: Thu, 12 Jan 2012 19:06:46 +0000 Subject: [PATCH] Add permissions checks for owned avatars to all other osNpc* functions. This is being done outside the npc module since the check is meaningless for region module callers, who can fake any id that they like. --- .../Region/Framework/Interfaces/INPCModule.cs | 2 +- .../OptionalModules/World/NPC/NPCModule.cs | 5 +- .../Shared/Api/Implementation/OSSL_Api.cs | 70 +++++++++++++------ 3 files changed, 52 insertions(+), 25 deletions(-) diff --git a/OpenSim/Region/Framework/Interfaces/INPCModule.cs b/OpenSim/Region/Framework/Interfaces/INPCModule.cs index 3ec1bda71f..c50e734c18 100644 --- a/OpenSim/Region/Framework/Interfaces/INPCModule.cs +++ b/OpenSim/Region/Framework/Interfaces/INPCModule.cs @@ -125,7 +125,7 @@ namespace OpenSim.Region.Framework.Interfaces /// The UUID of the NPC /// /// True if the operation succeeded, false if there was no such agent or the agent was not an NPC - bool DeleteNPC(UUID agentID, UUID CallerID, Scene scene); + bool DeleteNPC(UUID agentID, Scene scene); /// /// Get the owner of a NPC diff --git a/OpenSim/Region/OptionalModules/World/NPC/NPCModule.cs b/OpenSim/Region/OptionalModules/World/NPC/NPCModule.cs index 8f9b513b9b..d90309f66f 100644 --- a/OpenSim/Region/OptionalModules/World/NPC/NPCModule.cs +++ b/OpenSim/Region/OptionalModules/World/NPC/NPCModule.cs @@ -266,16 +266,13 @@ namespace OpenSim.Region.OptionalModules.World.NPC return UUID.Zero; } - public bool DeleteNPC(UUID agentID, UUID callerID, Scene scene) + public bool DeleteNPC(UUID agentID, Scene scene) { lock (m_avatars) { NPCAvatar av; if (m_avatars.TryGetValue(agentID, out av)) { - if (!CheckPermissions(av, callerID)); - return false; - scene.RemoveClient(agentID, false); m_avatars.Remove(agentID); diff --git a/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/OSSL_Api.cs b/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/OSSL_Api.cs index 1d7a2105ac..509bbecde9 100644 --- a/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/OSSL_Api.cs +++ b/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/OSSL_Api.cs @@ -2173,6 +2173,9 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api if (!UUID.TryParse(npc.m_string, out npcId)) return; + if (!npcModule.CheckPermissions(npcId, m_host.OwnerID)) + return; + string appearanceSerialized = LoadNotecard(notecard); OSDMap appearanceOsd = (OSDMap)OSDParser.DeserializeLLSDXml(appearanceSerialized); // OSD a = OSDParser.DeserializeLLSDXml(appearanceSerialized); @@ -2196,7 +2199,7 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api if (!UUID.TryParse(npc.m_string, out npcId)) return new LSL_Vector(0, 0, 0); - if (!npcModule.IsNPC(npcId, m_host.ParentGroup.Scene)) + if (!npcModule.CheckPermissions(npcId, m_host.OwnerID)) return new LSL_Vector(0, 0, 0); Vector3 pos = World.GetScenePresence(npcId).AbsolutePosition; @@ -2216,6 +2219,9 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api UUID npcId; if (!UUID.TryParse(npc.m_string, out npcId)) return; + + if (!module.CheckPermissions(npcId, m_host.OwnerID)) + return; Vector3 pos = new Vector3((float) position.x, (float) position.y, (float) position.z); module.MoveToTarget(npcId, World, pos, false, true); @@ -2233,6 +2239,9 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api if (!UUID.TryParse(npc.m_string, out npcId)) return; + if (!module.CheckPermissions(npcId, m_host.OwnerID)) + return; + Vector3 pos = new Vector3((float)target.x, (float)target.y, (float)target.z); module.MoveToTarget( new UUID(npc.m_string), @@ -2254,7 +2263,7 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api if (!UUID.TryParse(npc.m_string, out npcId)) return new LSL_Rotation(Quaternion.Identity.X, Quaternion.Identity.Y, Quaternion.Identity.Z, Quaternion.Identity.W); - if (!npcModule.IsNPC(npcId, m_host.ParentGroup.Scene)) + if (!npcModule.CheckPermissions(npcId, m_host.OwnerID)) return new LSL_Rotation(Quaternion.Identity.X, Quaternion.Identity.Y, Quaternion.Identity.Z, Quaternion.Identity.W); ScenePresence sp = World.GetScenePresence(npcId); @@ -2277,7 +2286,7 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api if (!UUID.TryParse(npc.m_string, out npcId)) return; - if (!npcModule.IsNPC(npcId, m_host.ParentGroup.Scene)) + if (!npcModule.CheckPermissions(npcId, m_host.OwnerID)) return; ScenePresence sp = World.GetScenePresence(npcId); @@ -2291,7 +2300,14 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api INPCModule module = World.RequestModuleInterface(); if (module != null) - module.StopMoveToTarget(new UUID(npc.m_string), World); + { + UUID npcId = new UUID(npc.m_string); + + if (!module.CheckPermissions(npcId, m_host.OwnerID)) + return; + + module.StopMoveToTarget(npcId, World); + } } public void osNpcSay(LSL_Key npc, string message) @@ -2301,7 +2317,12 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api INPCModule module = World.RequestModuleInterface(); if (module != null) { - module.Say(new UUID(npc.m_string), World, message); + UUID npcId = new UUID(npc.m_string); + + if (!module.CheckPermissions(npcId, m_host.OwnerID)) + return; + + module.Say(npcId, World, message); } } @@ -2312,7 +2333,12 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api INPCModule module = World.RequestModuleInterface(); if (module != null) { - module.Sit(new UUID(npc.m_string), new UUID(target.m_string), World); + UUID npcId = new UUID(npc.m_string); + + if (!module.CheckPermissions(npcId, m_host.OwnerID)) + return; + + module.Sit(npcId, new UUID(target.m_string), World); } } @@ -2323,7 +2349,12 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api INPCModule module = World.RequestModuleInterface(); if (module != null) { - module.Stand(new UUID(npc.m_string), World); + UUID npcId = new UUID(npc.m_string); + + if (!module.CheckPermissions(npcId, m_host.OwnerID)) + return; + + module.Stand(npcId, World); } } @@ -2334,7 +2365,12 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api INPCModule module = World.RequestModuleInterface(); if (module != null) { - module.DeleteNPC(new UUID(npc.m_string), m_host.OwnerID, World); + UUID npcId = new UUID(npc.m_string); + + if (!module.CheckPermissions(npcId, m_host.OwnerID)) + return; + + module.DeleteNPC(npcId, World); } } @@ -2346,12 +2382,9 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api if (module != null) { UUID npcID = new UUID(npc.m_string); - if (module.IsNPC(npcID, m_host.ParentGroup.Scene)) - { - UUID ownerID = module.GetOwner(npcID); - if (ownerID == UUID.Zero || ownerID == m_host.OwnerID) - AvatarPlayAnimation(npcID.ToString(), animation); - } + + if (module.CheckPermissions(npcID, m_host.OwnerID)) + AvatarPlayAnimation(npcID.ToString(), animation); } } @@ -2363,12 +2396,9 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api if (module != null) { UUID npcID = new UUID(npc.m_string); - if (module.IsNPC(npcID, m_host.ParentGroup.Scene)) - { - UUID ownerID = module.GetOwner(npcID); - if (ownerID == UUID.Zero || ownerID == m_host.OwnerID) - AvatarStopAnimation(npcID.ToString(), animation); - } + + if (module.CheckPermissions(npcID, m_host.OwnerID)) + AvatarPlayAnimation(npcID.ToString(), animation); } }