aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/OpenSim/Framework/ServiceAuth/BasicHttpAuthentication.cs
diff options
context:
space:
mode:
authorJustin Clark-Casey (justincc)2015-03-04 17:51:11 +0000
committerJustin Clark-Casey (justincc)2015-03-04 18:27:51 +0000
commit3255335c42ff348465d235a3ccf9558d0d6d414b (patch)
tree5537a8bb51ef79f1b42a0a29e167da939630f434 /OpenSim/Framework/ServiceAuth/BasicHttpAuthentication.cs
parentAdd outbound URL filter to llHttpRequest() and osSetDynamicTextureURL*() scri... (diff)
downloadopensim-SC-3255335c42ff348465d235a3ccf9558d0d6d414b.zip
opensim-SC-3255335c42ff348465d235a3ccf9558d0d6d414b.tar.gz
opensim-SC-3255335c42ff348465d235a3ccf9558d0d6d414b.tar.bz2
opensim-SC-3255335c42ff348465d235a3ccf9558d0d6d414b.tar.xz
Make private services forbid llHTTPRequest() calls by rejecting those that have the X-SecondLife-Shard header.
If you need to enable this, set AllowHttpRequestIn = true in [Network] for all private services or individual [*Service] sections.
Diffstat (limited to '')
-rw-r--r--OpenSim/Framework/ServiceAuth/BasicHttpAuthentication.cs25
1 files changed, 15 insertions, 10 deletions
diff --git a/OpenSim/Framework/ServiceAuth/BasicHttpAuthentication.cs b/OpenSim/Framework/ServiceAuth/BasicHttpAuthentication.cs
index b3d64e1..3c13bbf 100644
--- a/OpenSim/Framework/ServiceAuth/BasicHttpAuthentication.cs
+++ b/OpenSim/Framework/ServiceAuth/BasicHttpAuthentication.cs
@@ -28,6 +28,7 @@
28using System; 28using System;
29using System.Collections.Generic; 29using System.Collections.Generic;
30using System.Collections.Specialized; 30using System.Collections.Specialized;
31using System.Net;
31using System.Reflection; 32using System.Reflection;
32 33
33using Nini.Config; 34using Nini.Config;
@@ -82,24 +83,28 @@ namespace OpenSim.Framework.ServiceAuth
82 return false; 83 return false;
83 } 84 }
84 85
85 public bool Authenticate(NameValueCollection requestHeaders, AddHeaderDelegate d) 86 public bool Authenticate(NameValueCollection requestHeaders, AddHeaderDelegate d, out HttpStatusCode statusCode)
86 { 87 {
87 //m_log.DebugFormat("[HTTP BASIC AUTH]: Authenticate in {0}", remove_me); 88// m_log.DebugFormat("[HTTP BASIC AUTH]: Authenticate in {0}", "BasicHttpAuthentication");
88 if (requestHeaders != null) 89
90 string value = requestHeaders.Get("Authorization");
91 if (value != null)
89 { 92 {
90 string value = requestHeaders.Get("Authorization"); 93 value = value.Trim();
91 if (value != null) 94 if (value.StartsWith("Basic "))
92 { 95 {
93 value = value.Trim(); 96 value = value.Replace("Basic ", string.Empty);
94 if (value.StartsWith("Basic ")) 97 if (Authenticate(value))
95 { 98 {
96 value = value.Replace("Basic ", string.Empty); 99 statusCode = HttpStatusCode.OK;
97 if (Authenticate(value)) 100 return true;
98 return true;
99 } 101 }
100 } 102 }
101 } 103 }
104
102 d("WWW-Authenticate", "Basic realm = \"Asset Server\""); 105 d("WWW-Authenticate", "Basic realm = \"Asset Server\"");
106
107 statusCode = HttpStatusCode.Unauthorized;
103 return false; 108 return false;
104 } 109 }
105 } 110 }