| Commit message (Collapse) | Author | Files | Lines |
|
inventory server (see http://opensimulator.org/wiki/Security_vulnerability_brought_by_non-check_inventory_service)
|
|
track a packet and if it hasn't been acked within a set time, trigger a IClientAPI event, that the application/scene can handle. Currently only terrain packet tracking is finished, Tracking for initial Prim packets (first full update for a prim) is being worked on. Future improvements would be to make it a more generic packet tracker with callback delegates instead of events.
Add a test event handler (which would fire after a minute if a terrain packet hadn't been acked) to scene to handle the OnUnackedTerrain event, which currently just resends the terrain patch.
The idea of this packet tracking is for the region level application to be able to know if the client stack gave up on sending a packet.
|
|
Prevent an exception caused by inventory server fetch requests
|
|
Changes the permissions module to make scripts permissive only when intended
Adds security checks to asset transfers to prevent hacked clients fron
requesting script sources.
Adds security checks to llClientView to verify all aspects of ownership
and permissions for inventory based script retrieval.
|
|
being done by the lower database layers
|
|
|
|
|
|
|
|
parameters and avoid an exception if the wrong number of parameters are supplied
|
|
UserManager.UpdateUserProfile(UserProfileData).
Adding UpdateUserProfile(UserProfileData) to IUserService interface.
Adding RemoteAdminPlugin.XmlRpcUpdateUserAccountMethod(...) to provide
a remote update capability.
|
|
|
|
* Migration should be automatic on sqlite and mysql
* Migration is not automatic on mssql, you will need to drop the invType column manually
* Migration should be fine, but as for any db change, I would recommend making sure you have backups before moving past this revision
|
|
cache. Bandaid until we rethink the caches a bit more.
|
|
|
|
And reverted CachedUserInfo back to revision 5262.
I don't think most of the inventory problems that people are reporting are due to these, but its easier to deal with one set of potential problems at a time, and I'm not going to get any time in the week to work on this anyway.
|
|
|
|
in the loginservice
|
|
|
|
|
|
Fixes IAvatarService for grid and standalone modes
|
|
The Login service should now read/create new inventory on the inventory server that is set in a users profile.
Also added "Add-InventoryHost" console command to add a support for a new server to a region.
So it would be good if someone could test this. Set up the grid as normal, but then also run extra inventory server on a different computer (well actually it just has to be on a different network hostname, so one using "http://localhost:8004" and one using "http://127.0.0.1:8005" should work) then you need to manually edit the user profile database to set the new servers url in a user's "userInventoryURI" field.
Then on a region server, use the Add-InventoryHost to add the new server url (always include the full url, including http, but don't add a final /)
Login with that account and see if the inventory works.
Of course these needs to be made more user friendly.
|
|
and moved them into a IAvatarService
Although "out of the box", there is no actual functional change to behavior
|
|
TODO next is to make the login server read/write a users inventory from the correct server (the inventory url set in a userprofile)
On the region side, although not tested with multiple servers it should work if that inventory url was set, and the inventory servers urls have been added to the CommunicationsManager, using CommunicationsManager.AddInventoryService(string hostUrl)
|
|
* commented out [Obsolete(....)] attributes where no replacement feature
was available: if we want to attribute code that we think needs to be
reworked, we should define a new attribute and use that instead
(together with a little tool to retrieve all the attributed code then)
* commenting out unused variables
|
|
|
|
Fixes:
- Wearable icon and name sreset to default on copy/paste
- Cache is not updated when renaming/moving folders
- Partial refactor to make inventory less dependen on AssetBase having a "Name" field
- Add llGiveInventoryList() function
|
|
|
|
levels
* This currently has various bugs which are more to do with the way its been hacked together than the feature itself (e.g. on save-oar, ghost prims will appear of the saved
contained items). These will be found and eliminated in subsequent patches.
* Not yet ready for use
|
|
* This includes problems such as connection failures and timeouts. It does not include 'asset not found' replies from the asset service.
|
|
content are images and use .jp2 for the file extension.
|
|
level rather than in the GridAssetClient
* this is to enable logging of asset request exceptions soon
|
|
currently not actually used
|
|
* Implemented a hack so regions beyond the 10,000m range will show the map without having to click on the map before they'll start to show. The hack shows regions around the one you're in, but it won't show the one you're in.. you still need to click on the map to get that (not sure why yet). Additionally, the map still only shows pictures for regions that are hosted on the same instance (no change).
|
|
to allow the InventoryServer to work with MSSQL..
|
|
clear-assets command is used on the region console
* stop waiting for garbage collection when GC total memory used is requested, in case the periodic request of this lags the sim
|
|
|
|
having reached the intermediate level of .NET's XmlSudoku, i've
now figured out how to do deserialization using different
XmlSerializers (this stuff begins to grow on me, sigh).
[still not used code, work-in-progress]
* adding convenience property on OSHttpRequest.cs (from awebb)
|
|
having spent the last couple of days wrestling with .NET XmlSerializer
and trying to get it to do what is required by XMPP (RFC 3920 & 3921)
this is the preliminary result of that wrestling (you should see the
other guy!): XmppSerializer allows us to serialize Xmpp stanza (and
theoretically deserialize [or reify] them), XmppWriter helps avoiding
various gratuitous crap added in by off-the-shelf XmlSerializer.
this is currently not used anywhere but the plan is to use it for
at least an XMPPBridgeModule.
|
|
|
|
related.
|
|
* User tries to log-in but is already logged in. Userserver will send message to simulator user was in to log the user out there.
* From the UserServer, admin types 'logoff-user firstname lastname message'.
* Some regions may not get the message because they're not updated yet.
|
|
|
|
* Looks up UUIDNames for script time and colliders in a separate thread.
* Hopefully this'll allow you to look at top scripts on a region that has a lot of scripts without crashing your client thread.
|
|
|
|
If a request is made for an asset which is not in the cache yet,
but has already been requested by something else, queue up the
callbacks on that requester instead of swamping the asset server
with multiple requests for the same asset.
|
|
|
|
fully in the region console
|
|
|
|
provide OSHttpRequest and OSHttpResponse to our REST handler.
also, this adds proper RestPlugin.IsGod() checking against the X-OpenSim-Godkey
HTTP request header.
last, i added XML doc comments to RestPlugin.cs
|
|
Fix spelling typo (Thanks ChrisDown for pointing this out)
|