From a5e6d36f98dfbd5c6f5144ec950c6c9a1d8584f3 Mon Sep 17 00:00:00 2001 From: "Justin Clark-Casey (justincc)" Date: Wed, 4 Mar 2015 16:52:05 +0000 Subject: [PATCH] Make private services forbid llHTTPRequest() calls by rejecting HTTP calls that have the X-SecondLife-Shard header --- .../Server/Handlers/Asset/AssetServerDeleteHandler.cs | 7 +++++++ OpenSim/Server/Handlers/Asset/AssetServerGetHandler.cs | 7 +++++++ OpenSim/Server/Handlers/Asset/AssetServerPostHandler.cs | 7 +++++++ .../Handlers/Asset/Tests/AssetServerPostHandlerTests.cs | 4 ++-- .../Authentication/AuthenticationServerPostHandler.cs | 7 +++++++ .../Authorization/AuthorizationServerPostHandler.cs | 7 +++++++ .../Server/Handlers/Avatar/AvatarServerPostHandler.cs | 7 +++++++ .../Server/Handlers/Friends/FriendsServerPostHandler.cs | 7 +++++++ OpenSim/Server/Handlers/Grid/GridServerPostHandler.cs | 7 +++++++ .../Handlers/GridUser/GridUserServerPostHandler.cs | 7 +++++++ .../Server/Handlers/Inventory/XInventoryInConnector.cs | 8 ++++++++ OpenSim/Server/Handlers/Map/MapAddServerConnector.cs | 9 +++++++++ .../Handlers/Presence/PresenceServerPostHandler.cs | 7 +++++++ .../UserAccounts/UserAccountServerPostHandler.cs | 7 +++++++ 14 files changed, 96 insertions(+), 2 deletions(-) diff --git a/OpenSim/Server/Handlers/Asset/AssetServerDeleteHandler.cs b/OpenSim/Server/Handlers/Asset/AssetServerDeleteHandler.cs index 941b97d2f0..220b95feb4 100644 --- a/OpenSim/Server/Handlers/Asset/AssetServerDeleteHandler.cs +++ b/OpenSim/Server/Handlers/Asset/AssetServerDeleteHandler.cs @@ -73,6 +73,13 @@ namespace OpenSim.Server.Handlers.Asset protected override byte[] ProcessRequest(string path, Stream request, IOSHttpRequest httpRequest, IOSHttpResponse httpResponse) { + if (httpRequest.Headers["X-SecondLife-Shard"] != null) + { + httpResponse.StatusCode = (int)HttpStatusCode.Forbidden; + httpResponse.ContentType = "text/plain"; + return new byte[0]; + } + bool result = false; string[] p = SplitParams(path); diff --git a/OpenSim/Server/Handlers/Asset/AssetServerGetHandler.cs b/OpenSim/Server/Handlers/Asset/AssetServerGetHandler.cs index 8b23a832ac..6d1b44ea8e 100644 --- a/OpenSim/Server/Handlers/Asset/AssetServerGetHandler.cs +++ b/OpenSim/Server/Handlers/Asset/AssetServerGetHandler.cs @@ -57,6 +57,13 @@ namespace OpenSim.Server.Handlers.Asset protected override byte[] ProcessRequest(string path, Stream request, IOSHttpRequest httpRequest, IOSHttpResponse httpResponse) { + if (httpRequest.Headers["X-SecondLife-Shard"] != null) + { + httpResponse.StatusCode = (int)HttpStatusCode.Forbidden; + httpResponse.ContentType = "text/plain"; + return new byte[0]; + } + byte[] result = new byte[0]; string[] p = SplitParams(path); diff --git a/OpenSim/Server/Handlers/Asset/AssetServerPostHandler.cs b/OpenSim/Server/Handlers/Asset/AssetServerPostHandler.cs index 8eebc61609..6a8ade4c30 100644 --- a/OpenSim/Server/Handlers/Asset/AssetServerPostHandler.cs +++ b/OpenSim/Server/Handlers/Asset/AssetServerPostHandler.cs @@ -57,6 +57,13 @@ namespace OpenSim.Server.Handlers.Asset protected override byte[] ProcessRequest(string path, Stream request, IOSHttpRequest httpRequest, IOSHttpResponse httpResponse) { + if (httpRequest.Headers["X-SecondLife-Shard"] != null) + { + httpResponse.StatusCode = (int)HttpStatusCode.Forbidden; + httpResponse.ContentType = "text/plain"; + return new byte[0]; + } + AssetBase asset; XmlSerializer xs = new XmlSerializer(typeof (AssetBase)); diff --git a/OpenSim/Server/Handlers/Asset/Tests/AssetServerPostHandlerTests.cs b/OpenSim/Server/Handlers/Asset/Tests/AssetServerPostHandlerTests.cs index 427fa1674d..6731a29fc3 100644 --- a/OpenSim/Server/Handlers/Asset/Tests/AssetServerPostHandlerTests.cs +++ b/OpenSim/Server/Handlers/Asset/Tests/AssetServerPostHandlerTests.cs @@ -76,7 +76,7 @@ namespace OpenSim.Server.Handlers.Asset.Test } buffer.Position = 0; - asph.Handle(null, buffer, null, null); + asph.Handle(null, buffer, new TestOSHttpRequest(), null); AssetBase retrievedAsset = assetService.Get(assetId.ToString()); @@ -102,7 +102,7 @@ namespace OpenSim.Server.Handlers.Asset.Test buffer.Position = 0; TestOSHttpResponse response = new TestOSHttpResponse(); - asph.Handle(null, buffer, null, response); + asph.Handle(null, buffer, new TestOSHttpRequest(), response); Assert.That(response.StatusCode, Is.EqualTo((int)HttpStatusCode.BadRequest)); } diff --git a/OpenSim/Server/Handlers/Authentication/AuthenticationServerPostHandler.cs b/OpenSim/Server/Handlers/Authentication/AuthenticationServerPostHandler.cs index 16e011aaea..417f0650d2 100644 --- a/OpenSim/Server/Handlers/Authentication/AuthenticationServerPostHandler.cs +++ b/OpenSim/Server/Handlers/Authentication/AuthenticationServerPostHandler.cs @@ -73,6 +73,13 @@ namespace OpenSim.Server.Handlers.Authentication protected override byte[] ProcessRequest(string path, Stream request, IOSHttpRequest httpRequest, IOSHttpResponse httpResponse) { + if (httpRequest.Headers["X-SecondLife-Shard"] != null) + { + httpResponse.StatusCode = (int)HttpStatusCode.Forbidden; + httpResponse.ContentType = "text/plain"; + return new byte[0]; + } + string[] p = SplitParams(path); if (p.Length > 0) diff --git a/OpenSim/Server/Handlers/Authorization/AuthorizationServerPostHandler.cs b/OpenSim/Server/Handlers/Authorization/AuthorizationServerPostHandler.cs index c9b4e9b0d2..98b893da76 100644 --- a/OpenSim/Server/Handlers/Authorization/AuthorizationServerPostHandler.cs +++ b/OpenSim/Server/Handlers/Authorization/AuthorizationServerPostHandler.cs @@ -57,6 +57,13 @@ namespace OpenSim.Server.Handlers.Authorization protected override byte[] ProcessRequest(string path, Stream request, IOSHttpRequest httpRequest, IOSHttpResponse httpResponse) { + if (httpRequest.Headers["X-SecondLife-Shard"] != null) + { + httpResponse.StatusCode = (int)HttpStatusCode.Forbidden; + httpResponse.ContentType = "text/plain"; + return new byte[0]; + } + XmlSerializer xs = new XmlSerializer(typeof (AuthorizationRequest)); AuthorizationRequest Authorization = (AuthorizationRequest) xs.Deserialize(request); diff --git a/OpenSim/Server/Handlers/Avatar/AvatarServerPostHandler.cs b/OpenSim/Server/Handlers/Avatar/AvatarServerPostHandler.cs index d6bbb8fc4e..c8d6c1793a 100644 --- a/OpenSim/Server/Handlers/Avatar/AvatarServerPostHandler.cs +++ b/OpenSim/Server/Handlers/Avatar/AvatarServerPostHandler.cs @@ -59,6 +59,13 @@ namespace OpenSim.Server.Handlers.Avatar protected override byte[] ProcessRequest(string path, Stream requestData, IOSHttpRequest httpRequest, IOSHttpResponse httpResponse) { + if (httpRequest.Headers["X-SecondLife-Shard"] != null) + { + httpResponse.StatusCode = (int)HttpStatusCode.Forbidden; + httpResponse.ContentType = "text/plain"; + return new byte[0]; + } + StreamReader sr = new StreamReader(requestData); string body = sr.ReadToEnd(); sr.Close(); diff --git a/OpenSim/Server/Handlers/Friends/FriendsServerPostHandler.cs b/OpenSim/Server/Handlers/Friends/FriendsServerPostHandler.cs index ca0a24c36f..61c246e5c5 100644 --- a/OpenSim/Server/Handlers/Friends/FriendsServerPostHandler.cs +++ b/OpenSim/Server/Handlers/Friends/FriendsServerPostHandler.cs @@ -60,6 +60,13 @@ namespace OpenSim.Server.Handlers.Friends protected override byte[] ProcessRequest(string path, Stream requestData, IOSHttpRequest httpRequest, IOSHttpResponse httpResponse) { + if (httpRequest.Headers["X-SecondLife-Shard"] != null) + { + httpResponse.StatusCode = (int)HttpStatusCode.Forbidden; + httpResponse.ContentType = "text/plain"; + return new byte[0]; + } + StreamReader sr = new StreamReader(requestData); string body = sr.ReadToEnd(); sr.Close(); diff --git a/OpenSim/Server/Handlers/Grid/GridServerPostHandler.cs b/OpenSim/Server/Handlers/Grid/GridServerPostHandler.cs index c63b4093c5..a6ad8bed6f 100644 --- a/OpenSim/Server/Handlers/Grid/GridServerPostHandler.cs +++ b/OpenSim/Server/Handlers/Grid/GridServerPostHandler.cs @@ -60,6 +60,13 @@ namespace OpenSim.Server.Handlers.Grid protected override byte[] ProcessRequest(string path, Stream requestData, IOSHttpRequest httpRequest, IOSHttpResponse httpResponse) { + if (httpRequest.Headers["X-SecondLife-Shard"] != null) + { + httpResponse.StatusCode = (int)HttpStatusCode.Forbidden; + httpResponse.ContentType = "text/plain"; + return new byte[0]; + } + StreamReader sr = new StreamReader(requestData); string body = sr.ReadToEnd(); sr.Close(); diff --git a/OpenSim/Server/Handlers/GridUser/GridUserServerPostHandler.cs b/OpenSim/Server/Handlers/GridUser/GridUserServerPostHandler.cs index 0b98e9a12b..5cd00eb34b 100644 --- a/OpenSim/Server/Handlers/GridUser/GridUserServerPostHandler.cs +++ b/OpenSim/Server/Handlers/GridUser/GridUserServerPostHandler.cs @@ -59,6 +59,13 @@ namespace OpenSim.Server.Handlers.GridUser protected override byte[] ProcessRequest(string path, Stream requestData, IOSHttpRequest httpRequest, IOSHttpResponse httpResponse) { + if (httpRequest.Headers["X-SecondLife-Shard"] != null) + { + httpResponse.StatusCode = (int)HttpStatusCode.Forbidden; + httpResponse.ContentType = "text/plain"; + return new byte[0]; + } + StreamReader sr = new StreamReader(requestData); string body = sr.ReadToEnd(); sr.Close(); diff --git a/OpenSim/Server/Handlers/Inventory/XInventoryInConnector.cs b/OpenSim/Server/Handlers/Inventory/XInventoryInConnector.cs index 0d7c13669c..2e0333b107 100644 --- a/OpenSim/Server/Handlers/Inventory/XInventoryInConnector.cs +++ b/OpenSim/Server/Handlers/Inventory/XInventoryInConnector.cs @@ -26,6 +26,7 @@ */ using System; +using System.Net; using System.Reflection; using System.Text; using System.Xml; @@ -90,6 +91,13 @@ namespace OpenSim.Server.Handlers.Asset protected override byte[] ProcessRequest(string path, Stream requestData, IOSHttpRequest httpRequest, IOSHttpResponse httpResponse) { + if (httpRequest.Headers["X-SecondLife-Shard"] != null) + { + httpResponse.StatusCode = (int)HttpStatusCode.Forbidden; + httpResponse.ContentType = "text/plain"; + return new byte[0]; + } + StreamReader sr = new StreamReader(requestData); string body = sr.ReadToEnd(); sr.Close(); diff --git a/OpenSim/Server/Handlers/Map/MapAddServerConnector.cs b/OpenSim/Server/Handlers/Map/MapAddServerConnector.cs index d438fc7487..2cdf4f6953 100644 --- a/OpenSim/Server/Handlers/Map/MapAddServerConnector.cs +++ b/OpenSim/Server/Handlers/Map/MapAddServerConnector.cs @@ -28,6 +28,7 @@ using System; using System.Collections.Generic; using System.IO; +using System.Net; using System.Reflection; using System.Xml; @@ -102,6 +103,14 @@ namespace OpenSim.Server.Handlers.MapImage protected override byte[] ProcessRequest(string path, Stream requestData, IOSHttpRequest httpRequest, IOSHttpResponse httpResponse) { // m_log.DebugFormat("[MAP SERVICE IMAGE HANDLER]: Received {0}", path); + + if (httpRequest.Headers["X-SecondLife-Shard"] != null) + { + httpResponse.StatusCode = (int)HttpStatusCode.Forbidden; + httpResponse.ContentType = "text/plain"; + return new byte[0]; + } + StreamReader sr = new StreamReader(requestData); string body = sr.ReadToEnd(); sr.Close(); diff --git a/OpenSim/Server/Handlers/Presence/PresenceServerPostHandler.cs b/OpenSim/Server/Handlers/Presence/PresenceServerPostHandler.cs index abb4b19642..1b59babefa 100644 --- a/OpenSim/Server/Handlers/Presence/PresenceServerPostHandler.cs +++ b/OpenSim/Server/Handlers/Presence/PresenceServerPostHandler.cs @@ -59,6 +59,13 @@ namespace OpenSim.Server.Handlers.Presence protected override byte[] ProcessRequest(string path, Stream requestData, IOSHttpRequest httpRequest, IOSHttpResponse httpResponse) { + if (httpRequest.Headers["X-SecondLife-Shard"] != null) + { + httpResponse.StatusCode = (int)HttpStatusCode.Forbidden; + httpResponse.ContentType = "text/plain"; + return new byte[0]; + } + StreamReader sr = new StreamReader(requestData); string body = sr.ReadToEnd(); sr.Close(); diff --git a/OpenSim/Server/Handlers/UserAccounts/UserAccountServerPostHandler.cs b/OpenSim/Server/Handlers/UserAccounts/UserAccountServerPostHandler.cs index 24c9de6a9d..0bd4b03023 100644 --- a/OpenSim/Server/Handlers/UserAccounts/UserAccountServerPostHandler.cs +++ b/OpenSim/Server/Handlers/UserAccounts/UserAccountServerPostHandler.cs @@ -71,6 +71,13 @@ namespace OpenSim.Server.Handlers.UserAccounts protected override byte[] ProcessRequest(string path, Stream requestData, IOSHttpRequest httpRequest, IOSHttpResponse httpResponse) { + if (httpRequest.Headers["X-SecondLife-Shard"] != null) + { + httpResponse.StatusCode = (int)HttpStatusCode.Forbidden; + httpResponse.ContentType = "text/plain"; + return new byte[0]; + } + StreamReader sr = new StreamReader(requestData); string body = sr.ReadToEnd(); sr.Close();