diff --git a/OpenSim/Framework/Communications/Cache/AssetCache.cs b/OpenSim/Framework/Communications/Cache/AssetCache.cs index d0bcc98b02..90b0a1055c 100644 --- a/OpenSim/Framework/Communications/Cache/AssetCache.cs +++ b/OpenSim/Framework/Communications/Cache/AssetCache.cs @@ -445,7 +445,10 @@ namespace OpenSim.Framework.Communications.Cache req.NumPackets = CalculateNumPackets(assetInf.Data); RequestedAssets.Remove(assetInf.FullID); - AssetRequests.Add(req); + // If it's a direct request for a script, drop it + // because it's a hacked client + if(req.AssetRequestSource != 2 || assetInf.Type != 10) + AssetRequests.Add(req); } } } @@ -609,6 +612,10 @@ namespace OpenSim.Framework.Communications.Cache return; } + // Scripts cannot be retrieved by direct request + if (transferRequest.TransferInfo.SourceType == 2 && asset.Type == 10) + return; + // The asset is knosn to exist and is in our cache, so add it to the AssetRequests list AssetRequest req = new AssetRequest(); req.RequestUser = userInfo; diff --git a/OpenSim/Region/ClientStack/LindenUDP/LLClientView.cs b/OpenSim/Region/ClientStack/LindenUDP/LLClientView.cs index 8293319d44..7f95ddd7e6 100644 --- a/OpenSim/Region/ClientStack/LindenUDP/LLClientView.cs +++ b/OpenSim/Region/ClientStack/LindenUDP/LLClientView.cs @@ -5110,6 +5110,65 @@ namespace OpenSim.Region.ClientStack.LindenUDP case PacketType.TransferRequest: //Console.WriteLine("ClientView.ProcessPackets.cs:ProcessInPacket() - Got transfer request"); TransferRequestPacket transfer = (TransferRequestPacket)Pack; + // Validate inventory transfers + // Has to be done here, because AssetCache can't do it + // + if (transfer.TransferInfo.SourceType == 3) + { + LLUUID taskID = null; + LLUUID itemID = null; + LLUUID requestID = null; + taskID = new LLUUID(transfer.TransferInfo.Params, 48); + itemID = new LLUUID(transfer.TransferInfo.Params, 64); + requestID = new LLUUID(transfer.TransferInfo.Params, 80); + if (!(((Scene)m_scene).ExternalChecks.ExternalChecksBypassPermissions())) + { + if(taskID != LLUUID.Zero) // Prim + { + SceneObjectPart part = ((Scene)m_scene).GetSceneObjectPart(taskID); + if(part == null) + break; + + if(part.OwnerID != AgentId) + break; + + if((part.OwnerMask & (uint)PermissionMask.Modify) == 0) + break; + + TaskInventoryItem ti = part.GetInventoryItem(itemID); + if(ti == null) + break; + + if(ti.OwnerID != AgentId) + break; + + if((ti.OwnerMask & ((uint)PermissionMask.Modify| (uint)PermissionMask.Copy | (uint)PermissionMask.Transfer)) != ((uint)PermissionMask.Modify| (uint)PermissionMask.Copy | (uint)PermissionMask.Transfer)) + break; + + if(ti.AssetID != requestID) + break; + } + else // Agent + { + CachedUserInfo userInfo = ((Scene)m_scene).CommsManager.UserProfileCacheService.GetUserDetails(AgentId); + if(userInfo == null) + break; + + if(userInfo.RootFolder == null) + break; + + InventoryItemBase assetRequestItem = userInfo.RootFolder.FindItem(itemID); + if(assetRequestItem == null) + return; + + if((assetRequestItem.CurrentPermissions & ((uint)PermissionMask.Modify| (uint)PermissionMask.Copy | (uint)PermissionMask.Transfer)) != ((uint)PermissionMask.Modify| (uint)PermissionMask.Copy | (uint)PermissionMask.Transfer)) + break; + if(assetRequestItem.AssetID != requestID) + break; + } + } + } + m_assetCache.AddAssetRequest(this, transfer); /* RequestAsset = OnRequestAsset; if (RequestAsset != null) diff --git a/OpenSim/Region/Environment/Modules/World/Permissions/PermissionsModule.cs b/OpenSim/Region/Environment/Modules/World/Permissions/PermissionsModule.cs index f5714089b0..41bb61051f 100644 --- a/OpenSim/Region/Environment/Modules/World/Permissions/PermissionsModule.cs +++ b/OpenSim/Region/Environment/Modules/World/Permissions/PermissionsModule.cs @@ -602,7 +602,7 @@ namespace OpenSim.Region.Environment.Modules.World.Permissions DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); if (m_bypassPermissions) return m_bypassPermissionsValue; - return true; + return false; } private bool CanEditNotecard(LLUUID notecard, LLUUID objectID, LLUUID user, Scene scene)