OpenSim
/
OpenSimMirror
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Make private services forbid llHTTPRequest() calls by rejecting HTTP calls that have the X-SecondLife-Shard header

0.7.6.3
Justin Clark-Casey (justincc) 2015-03-04 16:52:05 +00:00
parent 7995c3037a
commit a5e6d36f98
14 changed files with 96 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
OpenSim/Server/Handlers/Asset/AssetServerDeleteHandler.cs
View File

@ -73,6 +73,13 @@ namespace OpenSim.Server.Handlers.Asset
protected override byte[] ProcessRequest(string path, Stream request, protected override byte[] ProcessRequest(string path, Stream request,
IOSHttpRequest httpRequest, IOSHttpResponse httpResponse) IOSHttpRequest httpRequest, IOSHttpResponse httpResponse)
{ {
if (httpRequest.Headers["X-SecondLife-Shard"] != null)
{
httpResponse.StatusCode = (int)HttpStatusCode.Forbidden;
httpResponse.ContentType = "text/plain";
return new byte[0];
}
bool result = false; bool result = false;
string[] p = SplitParams(path); string[] p = SplitParams(path);

7
OpenSim/Server/Handlers/Asset/AssetServerGetHandler.cs
View File

@ -57,6 +57,13 @@ namespace OpenSim.Server.Handlers.Asset
protected override byte[] ProcessRequest(string path, Stream request, protected override byte[] ProcessRequest(string path, Stream request,
IOSHttpRequest httpRequest, IOSHttpResponse httpResponse) IOSHttpRequest httpRequest, IOSHttpResponse httpResponse)
{ {
if (httpRequest.Headers["X-SecondLife-Shard"] != null)
{
httpResponse.StatusCode = (int)HttpStatusCode.Forbidden;
httpResponse.ContentType = "text/plain";
return new byte[0];
}
byte[] result = new byte[0]; byte[] result = new byte[0];
string[] p = SplitParams(path); string[] p = SplitParams(path);

7
OpenSim/Server/Handlers/Asset/AssetServerPostHandler.cs
View File

@ -57,6 +57,13 @@ namespace OpenSim.Server.Handlers.Asset
protected override byte[] ProcessRequest(string path, Stream request, protected override byte[] ProcessRequest(string path, Stream request,
IOSHttpRequest httpRequest, IOSHttpResponse httpResponse) IOSHttpRequest httpRequest, IOSHttpResponse httpResponse)
{ {
if (httpRequest.Headers["X-SecondLife-Shard"] != null)
{
httpResponse.StatusCode = (int)HttpStatusCode.Forbidden;
httpResponse.ContentType = "text/plain";
return new byte[0];
}
AssetBase asset; AssetBase asset;
XmlSerializer xs = new XmlSerializer(typeof (AssetBase)); XmlSerializer xs = new XmlSerializer(typeof (AssetBase));

4
OpenSim/Server/Handlers/Asset/Tests/AssetServerPostHandlerTests.cs
View File

@ -76,7 +76,7 @@ namespace OpenSim.Server.Handlers.Asset.Test
} }
buffer.Position = 0; buffer.Position = 0;
asph.Handle(null, buffer, null, null); asph.Handle(null, buffer, new TestOSHttpRequest(), null);
AssetBase retrievedAsset = assetService.Get(assetId.ToString()); AssetBase retrievedAsset = assetService.Get(assetId.ToString());
@ -102,7 +102,7 @@ namespace OpenSim.Server.Handlers.Asset.Test
buffer.Position = 0; buffer.Position = 0;
TestOSHttpResponse response = new TestOSHttpResponse(); TestOSHttpResponse response = new TestOSHttpResponse();
asph.Handle(null, buffer, null, response); asph.Handle(null, buffer, new TestOSHttpRequest(), response);
Assert.That(response.StatusCode, Is.EqualTo((int)HttpStatusCode.BadRequest)); Assert.That(response.StatusCode, Is.EqualTo((int)HttpStatusCode.BadRequest));
} }

7
OpenSim/Server/Handlers/Authentication/AuthenticationServerPostHandler.cs
View File

@ -73,6 +73,13 @@ namespace OpenSim.Server.Handlers.Authentication
protected override byte[] ProcessRequest(string path, Stream request, protected override byte[] ProcessRequest(string path, Stream request,
IOSHttpRequest httpRequest, IOSHttpResponse httpResponse) IOSHttpRequest httpRequest, IOSHttpResponse httpResponse)
{ {
if (httpRequest.Headers["X-SecondLife-Shard"] != null)
{
httpResponse.StatusCode = (int)HttpStatusCode.Forbidden;
httpResponse.ContentType = "text/plain";
return new byte[0];
}
string[] p = SplitParams(path); string[] p = SplitParams(path);
if (p.Length > 0) if (p.Length > 0)

7
OpenSim/Server/Handlers/Authorization/AuthorizationServerPostHandler.cs
View File

@ -57,6 +57,13 @@ namespace OpenSim.Server.Handlers.Authorization
protected override byte[] ProcessRequest(string path, Stream request, protected override byte[] ProcessRequest(string path, Stream request,
IOSHttpRequest httpRequest, IOSHttpResponse httpResponse) IOSHttpRequest httpRequest, IOSHttpResponse httpResponse)
{ {
if (httpRequest.Headers["X-SecondLife-Shard"] != null)
{
httpResponse.StatusCode = (int)HttpStatusCode.Forbidden;
httpResponse.ContentType = "text/plain";
return new byte[0];
}
XmlSerializer xs = new XmlSerializer(typeof (AuthorizationRequest)); XmlSerializer xs = new XmlSerializer(typeof (AuthorizationRequest));
AuthorizationRequest Authorization = (AuthorizationRequest) xs.Deserialize(request); AuthorizationRequest Authorization = (AuthorizationRequest) xs.Deserialize(request);

7
OpenSim/Server/Handlers/Avatar/AvatarServerPostHandler.cs
View File

@ -59,6 +59,13 @@ namespace OpenSim.Server.Handlers.Avatar
protected override byte[] ProcessRequest(string path, Stream requestData, protected override byte[] ProcessRequest(string path, Stream requestData,
IOSHttpRequest httpRequest, IOSHttpResponse httpResponse) IOSHttpRequest httpRequest, IOSHttpResponse httpResponse)
{ {
if (httpRequest.Headers["X-SecondLife-Shard"] != null)
{
httpResponse.StatusCode = (int)HttpStatusCode.Forbidden;
httpResponse.ContentType = "text/plain";
return new byte[0];
}
StreamReader sr = new StreamReader(requestData); StreamReader sr = new StreamReader(requestData);
string body = sr.ReadToEnd(); string body = sr.ReadToEnd();
sr.Close(); sr.Close();

7
OpenSim/Server/Handlers/Friends/FriendsServerPostHandler.cs
View File

@ -60,6 +60,13 @@ namespace OpenSim.Server.Handlers.Friends
protected override byte[] ProcessRequest(string path, Stream requestData, protected override byte[] ProcessRequest(string path, Stream requestData,
IOSHttpRequest httpRequest, IOSHttpResponse httpResponse) IOSHttpRequest httpRequest, IOSHttpResponse httpResponse)
{ {
if (httpRequest.Headers["X-SecondLife-Shard"] != null)
{
httpResponse.StatusCode = (int)HttpStatusCode.Forbidden;
httpResponse.ContentType = "text/plain";
return new byte[0];
}
StreamReader sr = new StreamReader(requestData); StreamReader sr = new StreamReader(requestData);
string body = sr.ReadToEnd(); string body = sr.ReadToEnd();
sr.Close(); sr.Close();

7
OpenSim/Server/Handlers/Grid/GridServerPostHandler.cs
View File

@ -60,6 +60,13 @@ namespace OpenSim.Server.Handlers.Grid
protected override byte[] ProcessRequest(string path, Stream requestData, protected override byte[] ProcessRequest(string path, Stream requestData,
IOSHttpRequest httpRequest, IOSHttpResponse httpResponse) IOSHttpRequest httpRequest, IOSHttpResponse httpResponse)
{ {
if (httpRequest.Headers["X-SecondLife-Shard"] != null)
{
httpResponse.StatusCode = (int)HttpStatusCode.Forbidden;
httpResponse.ContentType = "text/plain";
return new byte[0];
}
StreamReader sr = new StreamReader(requestData); StreamReader sr = new StreamReader(requestData);
string body = sr.ReadToEnd(); string body = sr.ReadToEnd();
sr.Close(); sr.Close();

7
OpenSim/Server/Handlers/GridUser/GridUserServerPostHandler.cs
View File

@ -59,6 +59,13 @@ namespace OpenSim.Server.Handlers.GridUser
protected override byte[] ProcessRequest(string path, Stream requestData, protected override byte[] ProcessRequest(string path, Stream requestData,
IOSHttpRequest httpRequest, IOSHttpResponse httpResponse) IOSHttpRequest httpRequest, IOSHttpResponse httpResponse)
{ {
if (httpRequest.Headers["X-SecondLife-Shard"] != null)
{
httpResponse.StatusCode = (int)HttpStatusCode.Forbidden;
httpResponse.ContentType = "text/plain";
return new byte[0];
}
StreamReader sr = new StreamReader(requestData); StreamReader sr = new StreamReader(requestData);
string body = sr.ReadToEnd(); string body = sr.ReadToEnd();
sr.Close(); sr.Close();

8
OpenSim/Server/Handlers/Inventory/XInventoryInConnector.cs
View File

@ -26,6 +26,7 @@
*/ */
using System; using System;
using System.Net;
using System.Reflection; using System.Reflection;
using System.Text; using System.Text;
using System.Xml; using System.Xml;
@ -90,6 +91,13 @@ namespace OpenSim.Server.Handlers.Asset
protected override byte[] ProcessRequest(string path, Stream requestData, protected override byte[] ProcessRequest(string path, Stream requestData,
IOSHttpRequest httpRequest, IOSHttpResponse httpResponse) IOSHttpRequest httpRequest, IOSHttpResponse httpResponse)
{ {
if (httpRequest.Headers["X-SecondLife-Shard"] != null)
{
httpResponse.StatusCode = (int)HttpStatusCode.Forbidden;
httpResponse.ContentType = "text/plain";
return new byte[0];
}
StreamReader sr = new StreamReader(requestData); StreamReader sr = new StreamReader(requestData);
string body = sr.ReadToEnd(); string body = sr.ReadToEnd();
sr.Close(); sr.Close();

9
OpenSim/Server/Handlers/Map/MapAddServerConnector.cs
View File

@ -28,6 +28,7 @@
using System; using System;
using System.Collections.Generic; using System.Collections.Generic;
using System.IO; using System.IO;
using System.Net;
using System.Reflection; using System.Reflection;
using System.Xml; using System.Xml;
@ -102,6 +103,14 @@ namespace OpenSim.Server.Handlers.MapImage
protected override byte[] ProcessRequest(string path, Stream requestData, IOSHttpRequest httpRequest, IOSHttpResponse httpResponse) protected override byte[] ProcessRequest(string path, Stream requestData, IOSHttpRequest httpRequest, IOSHttpResponse httpResponse)
{ {
// m_log.DebugFormat("[MAP SERVICE IMAGE HANDLER]: Received {0}", path); // m_log.DebugFormat("[MAP SERVICE IMAGE HANDLER]: Received {0}", path);
if (httpRequest.Headers["X-SecondLife-Shard"] != null)
{
httpResponse.StatusCode = (int)HttpStatusCode.Forbidden;
httpResponse.ContentType = "text/plain";
return new byte[0];
}
StreamReader sr = new StreamReader(requestData); StreamReader sr = new StreamReader(requestData);
string body = sr.ReadToEnd(); string body = sr.ReadToEnd();
sr.Close(); sr.Close();

7
OpenSim/Server/Handlers/Presence/PresenceServerPostHandler.cs
View File

@ -59,6 +59,13 @@ namespace OpenSim.Server.Handlers.Presence
protected override byte[] ProcessRequest(string path, Stream requestData, protected override byte[] ProcessRequest(string path, Stream requestData,
IOSHttpRequest httpRequest, IOSHttpResponse httpResponse) IOSHttpRequest httpRequest, IOSHttpResponse httpResponse)
{ {
if (httpRequest.Headers["X-SecondLife-Shard"] != null)
{
httpResponse.StatusCode = (int)HttpStatusCode.Forbidden;
httpResponse.ContentType = "text/plain";
return new byte[0];
}
StreamReader sr = new StreamReader(requestData); StreamReader sr = new StreamReader(requestData);
string body = sr.ReadToEnd(); string body = sr.ReadToEnd();
sr.Close(); sr.Close();

7
OpenSim/Server/Handlers/UserAccounts/UserAccountServerPostHandler.cs
View File

@ -71,6 +71,13 @@ namespace OpenSim.Server.Handlers.UserAccounts
protected override byte[] ProcessRequest(string path, Stream requestData, protected override byte[] ProcessRequest(string path, Stream requestData,
IOSHttpRequest httpRequest, IOSHttpResponse httpResponse) IOSHttpRequest httpRequest, IOSHttpResponse httpResponse)
{ {
if (httpRequest.Headers["X-SecondLife-Shard"] != null)
{
httpResponse.StatusCode = (int)HttpStatusCode.Forbidden;
httpResponse.ContentType = "text/plain";
return new byte[0];
}
StreamReader sr = new StreamReader(requestData); StreamReader sr = new StreamReader(requestData);
string body = sr.ReadToEnd(); string body = sr.ReadToEnd();
sr.Close(); sr.Close();