diff options
author | Johan Berntsson | 2008-07-23 06:59:02 +0000 |
---|---|---|
committer | Johan Berntsson | 2008-07-23 06:59:02 +0000 |
commit | 344c9caeb671f3d9dab80f05d18a7dc9f3075bc1 (patch) | |
tree | 2c4d9fdd3d63384f009307f63eb6e0646e054593 /OpenSim/Grid/InventoryServer/Main.cs | |
parent | Enable LSL <-> C# source location mapping when reporing compiler errors to th... (diff) | |
download | opensim-SC-344c9caeb671f3d9dab80f05d18a7dc9f3075bc1.zip opensim-SC-344c9caeb671f3d9dab80f05d18a7dc9f3075bc1.tar.gz opensim-SC-344c9caeb671f3d9dab80f05d18a7dc9f3075bc1.tar.bz2 opensim-SC-344c9caeb671f3d9dab80f05d18a7dc9f3075bc1.tar.xz |
thanks lulurun for a security patch that blocks unathorized access to the inventory server (see http://opensimulator.org/wiki/Security_vulnerability_brought_by_non-check_inventory_service)
Diffstat (limited to '')
-rw-r--r-- | OpenSim/Grid/InventoryServer/Main.cs | 39 |
1 files changed, 20 insertions, 19 deletions
diff --git a/OpenSim/Grid/InventoryServer/Main.cs b/OpenSim/Grid/InventoryServer/Main.cs index 2ab1916..138aa1a 100644 --- a/OpenSim/Grid/InventoryServer/Main.cs +++ b/OpenSim/Grid/InventoryServer/Main.cs | |||
@@ -70,7 +70,8 @@ namespace OpenSim.Grid.InventoryServer | |||
70 | 70 | ||
71 | m_config = new InventoryConfig(LogName, (Path.Combine(Util.configDir(), "InventoryServer_Config.xml"))); | 71 | m_config = new InventoryConfig(LogName, (Path.Combine(Util.configDir(), "InventoryServer_Config.xml"))); |
72 | 72 | ||
73 | m_inventoryService = new GridInventoryService(); | 73 | //m_inventoryService = new GridInventoryService(); |
74 | m_inventoryService = new GridInventoryService(m_config.UserServerURL); | ||
74 | m_inventoryService.AddPlugin(m_config.DatabaseProvider, m_config.DatabaseConnect); | 75 | m_inventoryService.AddPlugin(m_config.DatabaseProvider, m_config.DatabaseConnect); |
75 | 76 | ||
76 | m_log.Info("[" + LogName + "]: Starting HTTP server ..."); | 77 | m_log.Info("[" + LogName + "]: Starting HTTP server ..."); |
@@ -85,36 +86,36 @@ namespace OpenSim.Grid.InventoryServer | |||
85 | protected void AddHttpHandlers() | 86 | protected void AddHttpHandlers() |
86 | { | 87 | { |
87 | m_httpServer.AddStreamHandler( | 88 | m_httpServer.AddStreamHandler( |
88 | new RestDeserialiseHandler<Guid, InventoryCollection>( | 89 | new RestDeserialiseSecureHandler<Guid, InventoryCollection>( |
89 | "POST", "/GetInventory/", m_inventoryService.GetUserInventory)); | 90 | "POST", "/GetInventory/", m_inventoryService.GetUserInventory, m_inventoryService.CheckAuthSession)); |
90 | 91 | ||
91 | m_httpServer.AddStreamHandler( | 92 | m_httpServer.AddStreamHandler( |
92 | new RestDeserialiseHandler<Guid, bool>( | 93 | new RestDeserialiseTrustedHandler<Guid, bool>( |
93 | "POST", "/CreateInventory/", m_inventoryService.CreateUsersInventory)); | 94 | "POST", "/CreateInventory/", m_inventoryService.CreateUsersInventory, m_inventoryService.CheckTrustSource)); |
94 | 95 | ||
95 | m_httpServer.AddStreamHandler( | 96 | m_httpServer.AddStreamHandler( |
96 | new RestDeserialiseHandler<InventoryFolderBase, bool>( | 97 | new RestDeserialiseSecureHandler<InventoryFolderBase, bool>( |
97 | "POST", "/NewFolder/", m_inventoryService.AddFolder)); | 98 | "POST", "/NewFolder/", m_inventoryService.AddFolder, m_inventoryService.CheckAuthSession)); |
98 | 99 | ||
99 | m_httpServer.AddStreamHandler( | 100 | m_httpServer.AddStreamHandler( |
100 | new RestDeserialiseHandler<InventoryFolderBase, bool>( | 101 | new RestDeserialiseSecureHandler<InventoryFolderBase, bool>( |
101 | "POST", "/UpdateFolder/", m_inventoryService.UpdateFolder)); | 102 | "POST", "/UpdateFolder/", m_inventoryService.UpdateFolder, m_inventoryService.CheckAuthSession)); |
102 | 103 | ||
103 | m_httpServer.AddStreamHandler( | 104 | m_httpServer.AddStreamHandler( |
104 | new RestDeserialiseHandler<InventoryFolderBase, bool>( | 105 | new RestDeserialiseSecureHandler<InventoryFolderBase, bool>( |
105 | "POST", "/MoveFolder/", m_inventoryService.MoveFolder)); | 106 | "POST", "/MoveFolder/", m_inventoryService.MoveFolder, m_inventoryService.CheckAuthSession)); |
106 | 107 | ||
107 | m_httpServer.AddStreamHandler( | 108 | m_httpServer.AddStreamHandler( |
108 | new RestDeserialiseHandler<InventoryFolderBase, bool>( | 109 | new RestDeserialiseSecureHandler<InventoryFolderBase, bool>( |
109 | "POST", "/PurgeFolder/", m_inventoryService.PurgeFolder)); | 110 | "POST", "/PurgeFolder/", m_inventoryService.PurgeFolder, m_inventoryService.CheckAuthSession)); |
110 | 111 | ||
111 | m_httpServer.AddStreamHandler( | 112 | m_httpServer.AddStreamHandler( |
112 | new RestDeserialiseHandler<InventoryItemBase, bool>( | 113 | new RestDeserialiseSecureHandler<InventoryItemBase, bool>( |
113 | "POST", "/NewItem/", m_inventoryService.AddItem)); | 114 | "POST", "/NewItem/", m_inventoryService.AddItem, m_inventoryService.CheckAuthSession)); |
114 | 115 | ||
115 | m_httpServer.AddStreamHandler( | 116 | m_httpServer.AddStreamHandler( |
116 | new RestDeserialiseHandler<InventoryItemBase, bool>( | 117 | new RestDeserialiseSecureHandler<InventoryItemBase, bool>( |
117 | "POST", "/DeleteItem/", m_inventoryService.DeleteItem)); | 118 | "POST", "/DeleteItem/", m_inventoryService.DeleteItem, m_inventoryService.CheckAuthSession)); |
118 | 119 | ||
119 | // WARNING: Root folders no longer just delivers the root and immediate child folders (e.g | 120 | // WARNING: Root folders no longer just delivers the root and immediate child folders (e.g |
120 | // system folders such as Objects, Textures), but it now returns the entire inventory skeleton. | 121 | // system folders such as Objects, Textures), but it now returns the entire inventory skeleton. |
@@ -122,8 +123,8 @@ namespace OpenSim.Grid.InventoryServer | |||
122 | // (e.g. any http request not found is automatically treated as an xmlrpc request) make it easier | 123 | // (e.g. any http request not found is automatically treated as an xmlrpc request) make it easier |
123 | // to do this for now. | 124 | // to do this for now. |
124 | m_httpServer.AddStreamHandler( | 125 | m_httpServer.AddStreamHandler( |
125 | new RestDeserialiseHandler<Guid, List<InventoryFolderBase>> | 126 | new RestDeserialiseTrustedHandler<Guid, List<InventoryFolderBase>> |
126 | ("POST", "/RootFolders/", m_inventoryService.GetInventorySkeleton)); | 127 | ("POST", "/RootFolders/", m_inventoryService.GetInventorySkeleton, m_inventoryService.CheckTrustSource)); |
127 | } | 128 | } |
128 | 129 | ||
129 | private void Work() | 130 | private void Work() |