diff options
author | Justin Clark-Casey (justincc) | 2015-03-04 17:51:11 +0000 |
---|---|---|
committer | Justin Clark-Casey (justincc) | 2015-03-04 18:27:51 +0000 |
commit | 3255335c42ff348465d235a3ccf9558d0d6d414b (patch) | |
tree | 5537a8bb51ef79f1b42a0a29e167da939630f434 /OpenSim/Framework/ServiceAuth/BasicHttpAuthentication.cs | |
parent | Add outbound URL filter to llHttpRequest() and osSetDynamicTextureURL*() scri... (diff) | |
download | opensim-SC-3255335c42ff348465d235a3ccf9558d0d6d414b.zip opensim-SC-3255335c42ff348465d235a3ccf9558d0d6d414b.tar.gz opensim-SC-3255335c42ff348465d235a3ccf9558d0d6d414b.tar.bz2 opensim-SC-3255335c42ff348465d235a3ccf9558d0d6d414b.tar.xz |
Make private services forbid llHTTPRequest() calls by rejecting those that have the X-SecondLife-Shard header.
If you need to enable this, set AllowHttpRequestIn = true in [Network] for all private services or individual [*Service] sections.
Diffstat (limited to '')
-rw-r--r-- | OpenSim/Framework/ServiceAuth/BasicHttpAuthentication.cs | 25 |
1 files changed, 15 insertions, 10 deletions
diff --git a/OpenSim/Framework/ServiceAuth/BasicHttpAuthentication.cs b/OpenSim/Framework/ServiceAuth/BasicHttpAuthentication.cs index b3d64e1..3c13bbf 100644 --- a/OpenSim/Framework/ServiceAuth/BasicHttpAuthentication.cs +++ b/OpenSim/Framework/ServiceAuth/BasicHttpAuthentication.cs | |||
@@ -28,6 +28,7 @@ | |||
28 | using System; | 28 | using System; |
29 | using System.Collections.Generic; | 29 | using System.Collections.Generic; |
30 | using System.Collections.Specialized; | 30 | using System.Collections.Specialized; |
31 | using System.Net; | ||
31 | using System.Reflection; | 32 | using System.Reflection; |
32 | 33 | ||
33 | using Nini.Config; | 34 | using Nini.Config; |
@@ -82,24 +83,28 @@ namespace OpenSim.Framework.ServiceAuth | |||
82 | return false; | 83 | return false; |
83 | } | 84 | } |
84 | 85 | ||
85 | public bool Authenticate(NameValueCollection requestHeaders, AddHeaderDelegate d) | 86 | public bool Authenticate(NameValueCollection requestHeaders, AddHeaderDelegate d, out HttpStatusCode statusCode) |
86 | { | 87 | { |
87 | //m_log.DebugFormat("[HTTP BASIC AUTH]: Authenticate in {0}", remove_me); | 88 | // m_log.DebugFormat("[HTTP BASIC AUTH]: Authenticate in {0}", "BasicHttpAuthentication"); |
88 | if (requestHeaders != null) | 89 | |
90 | string value = requestHeaders.Get("Authorization"); | ||
91 | if (value != null) | ||
89 | { | 92 | { |
90 | string value = requestHeaders.Get("Authorization"); | 93 | value = value.Trim(); |
91 | if (value != null) | 94 | if (value.StartsWith("Basic ")) |
92 | { | 95 | { |
93 | value = value.Trim(); | 96 | value = value.Replace("Basic ", string.Empty); |
94 | if (value.StartsWith("Basic ")) | 97 | if (Authenticate(value)) |
95 | { | 98 | { |
96 | value = value.Replace("Basic ", string.Empty); | 99 | statusCode = HttpStatusCode.OK; |
97 | if (Authenticate(value)) | 100 | return true; |
98 | return true; | ||
99 | } | 101 | } |
100 | } | 102 | } |
101 | } | 103 | } |
104 | |||
102 | d("WWW-Authenticate", "Basic realm = \"Asset Server\""); | 105 | d("WWW-Authenticate", "Basic realm = \"Asset Server\""); |
106 | |||
107 | statusCode = HttpStatusCode.Unauthorized; | ||
103 | return false; | 108 | return false; |
104 | } | 109 | } |
105 | } | 110 | } |