diff options
author | Johan Berntsson | 2008-07-23 07:27:11 +0000 |
---|---|---|
committer | Johan Berntsson | 2008-07-23 07:27:11 +0000 |
commit | 3b35332957e0d122cdd063ad14d3795856bcd8e5 (patch) | |
tree | 8fbabfa0cdb049fd9151f6cd887c6897e8d89604 /OpenSim/Framework | |
parent | thanks lulurun for a security patch that blocks unathorized access to the inv... (diff) | |
download | opensim-SC-3b35332957e0d122cdd063ad14d3795856bcd8e5.zip opensim-SC-3b35332957e0d122cdd063ad14d3795856bcd8e5.tar.gz opensim-SC-3b35332957e0d122cdd063ad14d3795856bcd8e5.tar.bz2 opensim-SC-3b35332957e0d122cdd063ad14d3795856bcd8e5.tar.xz |
adding files that were not included in r5589
Diffstat (limited to 'OpenSim/Framework')
-rw-r--r-- | OpenSim/Framework/Communications/ISecureInventoryService.cs | 125 | ||||
-rw-r--r-- | OpenSim/Framework/Servers/RestSessionService.cs | 223 |
2 files changed, 348 insertions, 0 deletions
diff --git a/OpenSim/Framework/Communications/ISecureInventoryService.cs b/OpenSim/Framework/Communications/ISecureInventoryService.cs new file mode 100644 index 0000000..0e7861a --- /dev/null +++ b/OpenSim/Framework/Communications/ISecureInventoryService.cs | |||
@@ -0,0 +1,125 @@ | |||
1 | /* | ||
2 | * Copyright (c) Contributors, http://opensimulator.org/ | ||
3 | * See CONTRIBUTORS.TXT for a full list of copyright holders. | ||
4 | * | ||
5 | * Redistribution and use in source and binary forms, with or without | ||
6 | * modification, are permitted provided that the following conditions are met: | ||
7 | * * Redistributions of source code must retain the above copyright | ||
8 | * notice, this list of conditions and the following disclaimer. | ||
9 | * * Redistributions in binary form must reproduce the above copyright | ||
10 | * notice, this list of conditions and the following disclaimer in the | ||
11 | * documentation and/or other materials provided with the distribution. | ||
12 | * * Neither the name of the OpenSim Project nor the | ||
13 | * names of its contributors may be used to endorse or promote products | ||
14 | * derived from this software without specific prior written permission. | ||
15 | * | ||
16 | * THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY | ||
17 | * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED | ||
18 | * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE | ||
19 | * DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY | ||
20 | * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES | ||
21 | * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
22 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND | ||
23 | * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | ||
24 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS | ||
25 | * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | ||
26 | */ | ||
27 | |||
28 | using System.Collections.Generic; | ||
29 | using libsecondlife; | ||
30 | using OpenSim.Framework.Communications.Cache; | ||
31 | |||
32 | namespace OpenSim.Framework.Communications | ||
33 | { | ||
34 | |||
35 | /// <summary> | ||
36 | /// Defines all the operations one can perform on a user's inventory. | ||
37 | /// </summary> | ||
38 | public interface ISecureInventoryService | ||
39 | { | ||
40 | string Host | ||
41 | { | ||
42 | get; | ||
43 | } | ||
44 | /// <summary> | ||
45 | /// Request the inventory for a user. This is an asynchronous operation that will call the callback when the | ||
46 | /// inventory has been received | ||
47 | /// </summary> | ||
48 | /// <param name="userID"></param> | ||
49 | /// <param name="callback"></param> | ||
50 | void RequestInventoryForUser(LLUUID userID, LLUUID session_id, InventoryReceiptCallback callback); | ||
51 | |||
52 | /// <summary> | ||
53 | /// Add a new folder to the user's inventory | ||
54 | /// </summary> | ||
55 | /// <param name="folder"></param> | ||
56 | /// <returns>true if the folder was successfully added</returns> | ||
57 | bool AddFolder(InventoryFolderBase folder, LLUUID session_id); | ||
58 | |||
59 | /// <summary> | ||
60 | /// Update a folder in the user's inventory | ||
61 | /// </summary> | ||
62 | /// <param name="folder"></param> | ||
63 | /// <returns>true if the folder was successfully updated</returns> | ||
64 | bool UpdateFolder(InventoryFolderBase folder, LLUUID session_id); | ||
65 | |||
66 | /// <summary> | ||
67 | /// Move an inventory folder to a new location | ||
68 | /// </summary> | ||
69 | /// <param name="folder">A folder containing the details of the new location</param> | ||
70 | /// <returns>true if the folder was successfully moved</returns> | ||
71 | bool MoveFolder(InventoryFolderBase folder, LLUUID session_id); | ||
72 | |||
73 | /// <summary> | ||
74 | /// Purge an inventory folder of all its items and subfolders. | ||
75 | /// </summary> | ||
76 | /// <param name="folder"></param> | ||
77 | /// <returns>true if the folder was successfully purged</returns> | ||
78 | bool PurgeFolder(InventoryFolderBase folder, LLUUID session_id); | ||
79 | |||
80 | /// <summary> | ||
81 | /// Add a new item to the user's inventory | ||
82 | /// </summary> | ||
83 | /// <param name="item"></param> | ||
84 | /// <returns>true if the item was successfully added</returns> | ||
85 | bool AddItem(InventoryItemBase item, LLUUID session_id); | ||
86 | |||
87 | /// <summary> | ||
88 | /// Update an item in the user's inventory | ||
89 | /// </summary> | ||
90 | /// <param name="item"></param> | ||
91 | /// <returns>true if the item was successfully updated</returns> | ||
92 | bool UpdateItem(InventoryItemBase item, LLUUID session_id); | ||
93 | |||
94 | /// <summary> | ||
95 | /// Delete an item from the user's inventory | ||
96 | /// </summary> | ||
97 | /// <param name="item"></param> | ||
98 | /// <returns>true if the item was successfully deleted</returns> | ||
99 | bool DeleteItem(InventoryItemBase item, LLUUID session_id); | ||
100 | |||
101 | /// <summary> | ||
102 | /// Create a new inventory for the given user. | ||
103 | /// </summary> | ||
104 | /// <param name="user"></param> | ||
105 | /// <returns>true if the inventory was successfully created, false otherwise</returns> | ||
106 | bool CreateNewUserInventory(LLUUID user); | ||
107 | |||
108 | bool HasInventoryForUser(LLUUID userID); | ||
109 | |||
110 | /// <summary> | ||
111 | /// Retrieve the root inventory folder for the given user. | ||
112 | /// </summary> | ||
113 | /// <param name="userID"></param> | ||
114 | /// <returns>null if no root folder was found</returns> | ||
115 | InventoryFolderBase RequestRootFolder(LLUUID userID); | ||
116 | |||
117 | /// <summary> | ||
118 | /// Returns a list of all the folders in a given user's inventory. | ||
119 | /// </summary> | ||
120 | /// <param name="userId"></param> | ||
121 | /// <returns>A flat list of the user's inventory folder tree, | ||
122 | /// null if there is no inventory for this user</returns> | ||
123 | List<InventoryFolderBase> GetInventorySkeleton(LLUUID userId); | ||
124 | } | ||
125 | } | ||
diff --git a/OpenSim/Framework/Servers/RestSessionService.cs b/OpenSim/Framework/Servers/RestSessionService.cs new file mode 100644 index 0000000..3c79844 --- /dev/null +++ b/OpenSim/Framework/Servers/RestSessionService.cs | |||
@@ -0,0 +1,223 @@ | |||
1 | using System; | ||
2 | using System.IO; | ||
3 | using System.Net; | ||
4 | using System.Collections.Generic; | ||
5 | using System.Text; | ||
6 | using System.Xml; | ||
7 | using System.Xml.Serialization; | ||
8 | |||
9 | namespace OpenSim.Framework.Servers | ||
10 | { | ||
11 | public class RestSessionObject<TRequest> | ||
12 | { | ||
13 | private string sid; | ||
14 | private string aid; | ||
15 | private TRequest request_body; | ||
16 | |||
17 | public string SessionID | ||
18 | { | ||
19 | get { return sid; } | ||
20 | set { sid = value; } | ||
21 | } | ||
22 | |||
23 | public string AvatarID | ||
24 | { | ||
25 | get { return aid; } | ||
26 | set { aid = value; } | ||
27 | } | ||
28 | |||
29 | public TRequest Body | ||
30 | { | ||
31 | get { return request_body; } | ||
32 | set { request_body = value; } | ||
33 | } | ||
34 | } | ||
35 | |||
36 | public class SynchronousRestSessionObjectPoster<TRequest, TResponse> | ||
37 | { | ||
38 | public static TResponse BeginPostObject(string verb, string requestUrl, TRequest obj, string sid, string aid) | ||
39 | { | ||
40 | RestSessionObject<TRequest> sobj = new RestSessionObject<TRequest>(); | ||
41 | sobj.SessionID = sid; | ||
42 | sobj.AvatarID = aid; | ||
43 | sobj.Body = obj; | ||
44 | |||
45 | Type type = typeof(RestSessionObject<TRequest>); | ||
46 | |||
47 | WebRequest request = WebRequest.Create(requestUrl); | ||
48 | request.Method = verb; | ||
49 | request.ContentType = "text/xml"; | ||
50 | |||
51 | MemoryStream buffer = new MemoryStream(); | ||
52 | |||
53 | XmlWriterSettings settings = new XmlWriterSettings(); | ||
54 | settings.Encoding = Encoding.UTF8; | ||
55 | |||
56 | using (XmlWriter writer = XmlWriter.Create(buffer, settings)) | ||
57 | { | ||
58 | XmlSerializer serializer = new XmlSerializer(type); | ||
59 | serializer.Serialize(writer, sobj); | ||
60 | writer.Flush(); | ||
61 | } | ||
62 | |||
63 | int length = (int)buffer.Length; | ||
64 | request.ContentLength = length; | ||
65 | |||
66 | Stream requestStream = request.GetRequestStream(); | ||
67 | requestStream.Write(buffer.ToArray(), 0, length); | ||
68 | TResponse deserial = default(TResponse); | ||
69 | using (WebResponse resp = request.GetResponse()) | ||
70 | { | ||
71 | XmlSerializer deserializer = new XmlSerializer(typeof(TResponse)); | ||
72 | deserial = (TResponse)deserializer.Deserialize(resp.GetResponseStream()); | ||
73 | } | ||
74 | return deserial; | ||
75 | } | ||
76 | } | ||
77 | |||
78 | public class RestSessionObjectPosterResponse<TRequest, TResponse> | ||
79 | { | ||
80 | |||
81 | public ReturnResponse<TResponse> ResponseCallback; | ||
82 | |||
83 | public void BeginPostObject(string requestUrl, TRequest obj, string sid, string aid) | ||
84 | { | ||
85 | BeginPostObject("POST", requestUrl, obj, sid, aid); | ||
86 | } | ||
87 | |||
88 | public void BeginPostObject(string verb, string requestUrl, TRequest obj, string sid, string aid) | ||
89 | { | ||
90 | RestSessionObject<TRequest> sobj = new RestSessionObject<TRequest>(); | ||
91 | sobj.SessionID = sid; | ||
92 | sobj.AvatarID = aid; | ||
93 | sobj.Body = obj; | ||
94 | |||
95 | Type type = typeof(RestSessionObject<TRequest>); | ||
96 | |||
97 | WebRequest request = WebRequest.Create(requestUrl); | ||
98 | request.Method = verb; | ||
99 | request.ContentType = "text/xml"; | ||
100 | |||
101 | MemoryStream buffer = new MemoryStream(); | ||
102 | |||
103 | XmlWriterSettings settings = new XmlWriterSettings(); | ||
104 | settings.Encoding = Encoding.UTF8; | ||
105 | |||
106 | using (XmlWriter writer = XmlWriter.Create(buffer, settings)) | ||
107 | { | ||
108 | XmlSerializer serializer = new XmlSerializer(type); | ||
109 | serializer.Serialize(writer, sobj); | ||
110 | writer.Flush(); | ||
111 | } | ||
112 | |||
113 | int length = (int)buffer.Length; | ||
114 | request.ContentLength = length; | ||
115 | |||
116 | Stream requestStream = request.GetRequestStream(); | ||
117 | requestStream.Write(buffer.ToArray(), 0, length); | ||
118 | // IAsyncResult result = request.BeginGetResponse(AsyncCallback, request); | ||
119 | request.BeginGetResponse(AsyncCallback, request); | ||
120 | } | ||
121 | |||
122 | private void AsyncCallback(IAsyncResult result) | ||
123 | { | ||
124 | WebRequest request = (WebRequest)result.AsyncState; | ||
125 | using (WebResponse resp = request.EndGetResponse(result)) | ||
126 | { | ||
127 | TResponse deserial; | ||
128 | XmlSerializer deserializer = new XmlSerializer(typeof(TResponse)); | ||
129 | Stream stream = resp.GetResponseStream(); | ||
130 | |||
131 | // This is currently a bad debug stanza since it gobbles us the response... | ||
132 | // StreamReader reader = new StreamReader(stream); | ||
133 | // m_log.DebugFormat("[REST OBJECT POSTER RESPONSE]: Received {0}", reader.ReadToEnd()); | ||
134 | |||
135 | deserial = (TResponse)deserializer.Deserialize(stream); | ||
136 | |||
137 | if (deserial != null && ResponseCallback != null) | ||
138 | { | ||
139 | ResponseCallback(deserial); | ||
140 | } | ||
141 | } | ||
142 | } | ||
143 | } | ||
144 | |||
145 | public delegate bool CheckIdentityMethod(string sid, string aid); | ||
146 | |||
147 | public class RestDeserialiseSecureHandler<TRequest, TResponse> : BaseRequestHandler, IStreamHandler | ||
148 | where TRequest : new() | ||
149 | { | ||
150 | private RestDeserialiseMethod<TRequest, TResponse> m_method; | ||
151 | private CheckIdentityMethod m_smethod; | ||
152 | |||
153 | public RestDeserialiseSecureHandler(string httpMethod, string path, RestDeserialiseMethod<TRequest, TResponse> method, CheckIdentityMethod smethod) | ||
154 | : base(httpMethod, path) | ||
155 | { | ||
156 | m_smethod = smethod; | ||
157 | m_method = method; | ||
158 | } | ||
159 | |||
160 | public void Handle(string path, Stream request, Stream responseStream, | ||
161 | OSHttpRequest httpRequest, OSHttpResponse httpResponse) | ||
162 | { | ||
163 | RestSessionObject<TRequest> deserial; | ||
164 | using (XmlTextReader xmlReader = new XmlTextReader(request)) | ||
165 | { | ||
166 | XmlSerializer deserializer = new XmlSerializer(typeof(RestSessionObject<TRequest>)); | ||
167 | deserial = (RestSessionObject<TRequest>)deserializer.Deserialize(xmlReader); | ||
168 | } | ||
169 | |||
170 | TResponse response = default(TResponse); | ||
171 | if (m_smethod(deserial.SessionID, deserial.AvatarID)) | ||
172 | { | ||
173 | response = m_method(deserial.Body); | ||
174 | } | ||
175 | |||
176 | using (XmlWriter xmlWriter = XmlTextWriter.Create(responseStream)) | ||
177 | { | ||
178 | XmlSerializer serializer = new XmlSerializer(typeof(TResponse)); | ||
179 | serializer.Serialize(xmlWriter, response); | ||
180 | } | ||
181 | } | ||
182 | } | ||
183 | |||
184 | public delegate bool CheckTrustedSourceMethod(IPEndPoint peer); | ||
185 | |||
186 | public class RestDeserialiseTrustedHandler<TRequest, TResponse> : BaseRequestHandler, IStreamHandler | ||
187 | where TRequest : new() | ||
188 | { | ||
189 | private RestDeserialiseMethod<TRequest, TResponse> m_method; | ||
190 | private CheckTrustedSourceMethod m_tmethod; | ||
191 | |||
192 | public RestDeserialiseTrustedHandler(string httpMethod, string path, RestDeserialiseMethod<TRequest, TResponse> method, CheckTrustedSourceMethod tmethod) | ||
193 | : base(httpMethod, path) | ||
194 | { | ||
195 | m_tmethod = tmethod; | ||
196 | m_method = method; | ||
197 | } | ||
198 | |||
199 | public void Handle(string path, Stream request, Stream responseStream, | ||
200 | OSHttpRequest httpRequest, OSHttpResponse httpResponse) | ||
201 | { | ||
202 | TRequest deserial; | ||
203 | using (XmlTextReader xmlReader = new XmlTextReader(request)) | ||
204 | { | ||
205 | XmlSerializer deserializer = new XmlSerializer(typeof(TRequest)); | ||
206 | deserial = (TRequest)deserializer.Deserialize(xmlReader); | ||
207 | } | ||
208 | |||
209 | TResponse response = default(TResponse); | ||
210 | if (m_tmethod(httpRequest.RemoteIPEndPoint)) | ||
211 | { | ||
212 | response = m_method(deserial); | ||
213 | } | ||
214 | |||
215 | using (XmlWriter xmlWriter = XmlTextWriter.Create(responseStream)) | ||
216 | { | ||
217 | XmlSerializer serializer = new XmlSerializer(typeof(TResponse)); | ||
218 | serializer.Serialize(xmlWriter, response); | ||
219 | } | ||
220 | } | ||
221 | } | ||
222 | |||
223 | } | ||