Changes the permissions module to make scripts permissive only when intended Adds security checks to asset transfers to prevent hacked clients fron requesting script sources. Adds security checks to llClientView to verify all aspects of ownership and permissions for inventory based script retrieval.0.6.0-stable
parent
13399ff439
commit
f629fdb88d
|
@ -445,7 +445,10 @@ namespace OpenSim.Framework.Communications.Cache
|
||||||
req.NumPackets = CalculateNumPackets(assetInf.Data);
|
req.NumPackets = CalculateNumPackets(assetInf.Data);
|
||||||
|
|
||||||
RequestedAssets.Remove(assetInf.FullID);
|
RequestedAssets.Remove(assetInf.FullID);
|
||||||
AssetRequests.Add(req);
|
// If it's a direct request for a script, drop it
|
||||||
|
// because it's a hacked client
|
||||||
|
if(req.AssetRequestSource != 2 || assetInf.Type != 10)
|
||||||
|
AssetRequests.Add(req);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -609,6 +612,10 @@ namespace OpenSim.Framework.Communications.Cache
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Scripts cannot be retrieved by direct request
|
||||||
|
if (transferRequest.TransferInfo.SourceType == 2 && asset.Type == 10)
|
||||||
|
return;
|
||||||
|
|
||||||
// The asset is knosn to exist and is in our cache, so add it to the AssetRequests list
|
// The asset is knosn to exist and is in our cache, so add it to the AssetRequests list
|
||||||
AssetRequest req = new AssetRequest();
|
AssetRequest req = new AssetRequest();
|
||||||
req.RequestUser = userInfo;
|
req.RequestUser = userInfo;
|
||||||
|
|
|
@ -5110,6 +5110,65 @@ namespace OpenSim.Region.ClientStack.LindenUDP
|
||||||
case PacketType.TransferRequest:
|
case PacketType.TransferRequest:
|
||||||
//Console.WriteLine("ClientView.ProcessPackets.cs:ProcessInPacket() - Got transfer request");
|
//Console.WriteLine("ClientView.ProcessPackets.cs:ProcessInPacket() - Got transfer request");
|
||||||
TransferRequestPacket transfer = (TransferRequestPacket)Pack;
|
TransferRequestPacket transfer = (TransferRequestPacket)Pack;
|
||||||
|
// Validate inventory transfers
|
||||||
|
// Has to be done here, because AssetCache can't do it
|
||||||
|
//
|
||||||
|
if (transfer.TransferInfo.SourceType == 3)
|
||||||
|
{
|
||||||
|
LLUUID taskID = null;
|
||||||
|
LLUUID itemID = null;
|
||||||
|
LLUUID requestID = null;
|
||||||
|
taskID = new LLUUID(transfer.TransferInfo.Params, 48);
|
||||||
|
itemID = new LLUUID(transfer.TransferInfo.Params, 64);
|
||||||
|
requestID = new LLUUID(transfer.TransferInfo.Params, 80);
|
||||||
|
if (!(((Scene)m_scene).ExternalChecks.ExternalChecksBypassPermissions()))
|
||||||
|
{
|
||||||
|
if(taskID != LLUUID.Zero) // Prim
|
||||||
|
{
|
||||||
|
SceneObjectPart part = ((Scene)m_scene).GetSceneObjectPart(taskID);
|
||||||
|
if(part == null)
|
||||||
|
break;
|
||||||
|
|
||||||
|
if(part.OwnerID != AgentId)
|
||||||
|
break;
|
||||||
|
|
||||||
|
if((part.OwnerMask & (uint)PermissionMask.Modify) == 0)
|
||||||
|
break;
|
||||||
|
|
||||||
|
TaskInventoryItem ti = part.GetInventoryItem(itemID);
|
||||||
|
if(ti == null)
|
||||||
|
break;
|
||||||
|
|
||||||
|
if(ti.OwnerID != AgentId)
|
||||||
|
break;
|
||||||
|
|
||||||
|
if((ti.OwnerMask & ((uint)PermissionMask.Modify| (uint)PermissionMask.Copy | (uint)PermissionMask.Transfer)) != ((uint)PermissionMask.Modify| (uint)PermissionMask.Copy | (uint)PermissionMask.Transfer))
|
||||||
|
break;
|
||||||
|
|
||||||
|
if(ti.AssetID != requestID)
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
else // Agent
|
||||||
|
{
|
||||||
|
CachedUserInfo userInfo = ((Scene)m_scene).CommsManager.UserProfileCacheService.GetUserDetails(AgentId);
|
||||||
|
if(userInfo == null)
|
||||||
|
break;
|
||||||
|
|
||||||
|
if(userInfo.RootFolder == null)
|
||||||
|
break;
|
||||||
|
|
||||||
|
InventoryItemBase assetRequestItem = userInfo.RootFolder.FindItem(itemID);
|
||||||
|
if(assetRequestItem == null)
|
||||||
|
return;
|
||||||
|
|
||||||
|
if((assetRequestItem.CurrentPermissions & ((uint)PermissionMask.Modify| (uint)PermissionMask.Copy | (uint)PermissionMask.Transfer)) != ((uint)PermissionMask.Modify| (uint)PermissionMask.Copy | (uint)PermissionMask.Transfer))
|
||||||
|
break;
|
||||||
|
if(assetRequestItem.AssetID != requestID)
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
m_assetCache.AddAssetRequest(this, transfer);
|
m_assetCache.AddAssetRequest(this, transfer);
|
||||||
/* RequestAsset = OnRequestAsset;
|
/* RequestAsset = OnRequestAsset;
|
||||||
if (RequestAsset != null)
|
if (RequestAsset != null)
|
||||||
|
|
|
@ -602,7 +602,7 @@ namespace OpenSim.Region.Environment.Modules.World.Permissions
|
||||||
DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
|
DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
|
||||||
if (m_bypassPermissions) return m_bypassPermissionsValue;
|
if (m_bypassPermissions) return m_bypassPermissionsValue;
|
||||||
|
|
||||||
return true;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
private bool CanEditNotecard(LLUUID notecard, LLUUID objectID, LLUUID user, Scene scene)
|
private bool CanEditNotecard(LLUUID notecard, LLUUID objectID, LLUUID user, Scene scene)
|
||||||
|
|
Loading…
Reference in New Issue