aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/OpenSim/Region/Framework
diff options
context:
space:
mode:
authorJustin Clark-Casey (justincc)2015-03-04 17:43:00 +0000
committerJustin Clark-Casey (justincc)2015-03-04 18:27:50 +0000
commit7d3bafd5abf22f5c1ea3c3d8918d9b8177693bda (patch)
treee50126a4e6c23ac747bf0842774538dc731d2d85 /OpenSim/Region/Framework
parentusability fixes for LSL API (diff)
downloadopensim-SC-7d3bafd5abf22f5c1ea3c3d8918d9b8177693bda.zip
opensim-SC-7d3bafd5abf22f5c1ea3c3d8918d9b8177693bda.tar.gz
opensim-SC-7d3bafd5abf22f5c1ea3c3d8918d9b8177693bda.tar.bz2
opensim-SC-7d3bafd5abf22f5c1ea3c3d8918d9b8177693bda.tar.xz
Add outbound URL filter to llHttpRequest() and osSetDynamicTextureURL*() script functions.
This is to address an issue where HTTP script functions could make calls to localhost and other endpoints inside the simulator's LAN. By default, calls to all private addresses are now blocked as per http://en.wikipedia.org/wiki/Reserved_IP_addresses If you require exceptions to this, configure [Network] OutboundDisallowForUserScriptsExcept in OpenSim.ini
Diffstat (limited to '')
-rw-r--r--OpenSim/Region/Framework/Interfaces/IHttpRequests.cs37
1 files changed, 36 insertions, 1 deletions
diff --git a/OpenSim/Region/Framework/Interfaces/IHttpRequests.cs b/OpenSim/Region/Framework/Interfaces/IHttpRequests.cs
index 113dcd7..124504c 100644
--- a/OpenSim/Region/Framework/Interfaces/IHttpRequests.cs
+++ b/OpenSim/Region/Framework/Interfaces/IHttpRequests.cs
@@ -25,6 +25,7 @@
25 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 25 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26 */ 26 */
27 27
28using System;
28using System.Collections.Generic; 29using System.Collections.Generic;
29using OpenMetaverse; 30using OpenMetaverse;
30 31
@@ -41,10 +42,44 @@ namespace OpenSim.Region.Framework.Interfaces
41 HTTP_PRAGMA_NO_CACHE = 6 42 HTTP_PRAGMA_NO_CACHE = 6
42 } 43 }
43 44
45 /// <summary>
46 /// The initial status of the request before it is placed on the wire.
47 /// </summary>
48 /// <remarks>
49 /// The request may still fail later on, in which case the normal HTTP status is set.
50 /// </remarks>
51 [Flags]
52 public enum HttpInitialRequestStatus
53 {
54 OK = 1,
55 DISALLOWED_BY_FILTER = 2
56 }
57
44 public interface IHttpRequestModule 58 public interface IHttpRequestModule
45 { 59 {
46 UUID MakeHttpRequest(string url, string parameters, string body); 60 UUID MakeHttpRequest(string url, string parameters, string body);
47 UUID StartHttpRequest(uint localID, UUID itemID, string url, List<string> parameters, Dictionary<string, string> headers, string body); 61
62 /// <summary>
63 /// Starts the http request.
64 /// </summary>
65 /// <remarks>
66 /// This is carried out asynchronously unless it fails initial checks. Results are fetched by the script engine
67 /// HTTP requests module to be distributed back to scripts via a script event.
68 /// </remarks>
69 /// <returns>The ID of the request. If the requested could not be performed then this is UUID.Zero</returns>
70 /// <param name="localID">Local ID of the object containing the script making the request.</param>
71 /// <param name="itemID">Item ID of the script making the request.</param>
72 /// <param name="url">Url to request.</param>
73 /// <param name="parameters">LSL parameters for the request.</param>
74 /// <param name="headers">Extra headers for the request.</param>
75 /// <param name="body">Body of the request.</param>
76 /// <param name="status">
77 /// Initial status of the request. If OK then the request is actually made to the URL. Subsequent status is
78 /// then returned via IServiceRequest when the response is asynchronously fetched.
79 /// </param>
80 UUID StartHttpRequest(
81 uint localID, UUID itemID, string url, List<string> parameters, Dictionary<string, string> headers, string body,
82 out HttpInitialRequestStatus status);
48 83
49 /// <summary> 84 /// <summary>
50 /// Stop and remove all http requests for the given script. 85 /// Stop and remove all http requests for the given script.