From 854a8b91723afb98dc29dbd3afacaa895e58ea73 Mon Sep 17 00:00:00 2001 From: Melanie Thielker Date: Tue, 22 Jun 2010 17:35:00 +0200 Subject: Security fix: Allow only textures to be fetched using HTTP texture cap --- OpenSim/Region/CoreModules/Avatar/Assets/GetTextureModule.cs | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/OpenSim/Region/CoreModules/Avatar/Assets/GetTextureModule.cs b/OpenSim/Region/CoreModules/Avatar/Assets/GetTextureModule.cs index f8e3d59..75efb79 100644 --- a/OpenSim/Region/CoreModules/Avatar/Assets/GetTextureModule.cs +++ b/OpenSim/Region/CoreModules/Avatar/Assets/GetTextureModule.cs @@ -131,6 +131,12 @@ namespace OpenSim.Region.CoreModules.Avatar.ObjectCaps if (texture != null) { + if (texture.Type != (sbyte)AssetType.Texture) + { + httpResponse.StatusCode = (int)System.Net.HttpStatusCode.NotFound; + httpResponse.Send(); + return null; + } SendTexture(httpRequest, httpResponse, texture); } else @@ -147,6 +153,12 @@ namespace OpenSim.Region.CoreModules.Avatar.ObjectCaps if (texture != null) { + if (texture.Type != (sbyte)AssetType.Texture) + { + httpResponse.StatusCode = (int)System.Net.HttpStatusCode.NotFound; + httpResponse.Send(); + return null; + } SendTexture(httpRequest, httpResponse, texture); } else -- cgit v1.1 From 68551675dfcd0e159185345e8cb7ac54b3530abf Mon Sep 17 00:00:00 2001 From: Melanie Thielker Date: Tue, 22 Jun 2010 02:33:20 +0200 Subject: Guard prioritizer agains null values as those produced by a bullet dying before it can be updated --- OpenSim/Region/Framework/Scenes/Prioritizer.cs | 3 +++ 1 file changed, 3 insertions(+) diff --git a/OpenSim/Region/Framework/Scenes/Prioritizer.cs b/OpenSim/Region/Framework/Scenes/Prioritizer.cs index 7b7677b..de3c360 100644 --- a/OpenSim/Region/Framework/Scenes/Prioritizer.cs +++ b/OpenSim/Region/Framework/Scenes/Prioritizer.cs @@ -52,6 +52,9 @@ namespace OpenSim.Region.Framework.Scenes public double GetUpdatePriority(IClientAPI client, ISceneEntity entity) { double priority = 0; + + if (entity == null) + return 100000; switch (m_scene.UpdatePrioritizationScheme) { -- cgit v1.1 From 1e1485de5b48248ffeec75e49e792b321164c547 Mon Sep 17 00:00:00 2001 From: John Hurliman Date: Tue, 22 Jun 2010 16:09:30 -0700 Subject: * Fixed SimianGrid map tile uploads not having any objects in the images --- .../SimianAuthenticationServiceConnector.cs | 2 ++ .../SimianGrid/SimianGridServiceConnector.cs | 32 +++++++++++++++++++--- 2 files changed, 30 insertions(+), 4 deletions(-) diff --git a/OpenSim/Services/Connectors/SimianGrid/SimianAuthenticationServiceConnector.cs b/OpenSim/Services/Connectors/SimianGrid/SimianAuthenticationServiceConnector.cs index 3c784f2..7a96a05 100644 --- a/OpenSim/Services/Connectors/SimianGrid/SimianAuthenticationServiceConnector.cs +++ b/OpenSim/Services/Connectors/SimianGrid/SimianAuthenticationServiceConnector.cs @@ -198,6 +198,8 @@ namespace OpenSim.Services.Connectors.SimianGrid if (!String.IsNullOrEmpty(identifier)) { // Add/update the md5hash identity + // TODO: Support salts when AddIdentity does + // TODO: Create an a1hash too for WebDAV logins requestArgs = new NameValueCollection { { "RequestMethod", "AddIdentity" }, diff --git a/OpenSim/Services/Connectors/SimianGrid/SimianGridServiceConnector.cs b/OpenSim/Services/Connectors/SimianGrid/SimianGridServiceConnector.cs index db9027a..bea8172 100644 --- a/OpenSim/Services/Connectors/SimianGrid/SimianGridServiceConnector.cs +++ b/OpenSim/Services/Connectors/SimianGrid/SimianGridServiceConnector.cs @@ -59,18 +59,35 @@ namespace OpenSim.Services.Connectors.SimianGrid MethodBase.GetCurrentMethod().DeclaringType); private string m_serverUrl = String.Empty; + private Dictionary m_scenes = new Dictionary(); #region ISharedRegionModule public Type ReplaceableInterface { get { return null; } } - public void RegionLoaded(Scene scene) { if (!String.IsNullOrEmpty(m_serverUrl)) { UploadMapTile(scene); } } + public void RegionLoaded(Scene scene) { } public void PostInitialise() { } public void Close() { } public SimianGridServiceConnector() { } public string Name { get { return "SimianGridServiceConnector"; } } - public void AddRegion(Scene scene) { if (!String.IsNullOrEmpty(m_serverUrl)) { scene.RegisterModuleInterface(this); } } - public void RemoveRegion(Scene scene) { if (!String.IsNullOrEmpty(m_serverUrl)) { scene.UnregisterModuleInterface(this); } } + public void AddRegion(Scene scene) + { + // Every shared region module has to maintain an indepedent list of + // currently running regions + lock (m_scenes) + m_scenes[scene.RegionInfo.RegionID] = scene; + + if (!String.IsNullOrEmpty(m_serverUrl)) + scene.RegisterModuleInterface(this); + } + public void RemoveRegion(Scene scene) + { + lock (m_scenes) + m_scenes.Remove(scene.RegionInfo.RegionID); + + if (!String.IsNullOrEmpty(m_serverUrl)) + scene.UnregisterModuleInterface(this); + } #endregion ISharedRegionModule @@ -105,6 +122,13 @@ namespace OpenSim.Services.Connectors.SimianGrid public string RegisterRegion(UUID scopeID, GridRegion regionInfo) { + // Generate and upload our map tile in PNG format to the SimianGrid AddMapTile service + Scene scene; + if (m_scenes.TryGetValue(regionInfo.RegionID, out scene)) + UploadMapTile(scene); + else + m_log.Warn("Registering region " + regionInfo.RegionName + " (" + regionInfo.RegionID + ") that we are not tracking"); + Vector3d minPosition = new Vector3d(regionInfo.RegionLocX, regionInfo.RegionLocY, 0.0); Vector3d maxPosition = minPosition + new Vector3d(Constants.RegionSize, Constants.RegionSize, 4096.0); @@ -430,7 +454,7 @@ namespace OpenSim.Services.Connectors.SimianGrid if (!String.IsNullOrEmpty(errorMessage)) { m_log.WarnFormat("[SIMIAN GRID CONNECTOR]: Failed to store {0} byte PNG map tile for {1}: {2}", - pngData.Length, scene.RegionInfo.RegionName, errorMessage); + pngData.Length, scene.RegionInfo.RegionName, errorMessage.Replace('\n', ' ')); } } -- cgit v1.1 From c96a6940a9b1d1e00bbaeff8ee9113435848e151 Mon Sep 17 00:00:00 2001 From: John Hurliman Date: Tue, 22 Jun 2010 16:11:36 -0700 Subject: Line ending fix --- .../Shared/Api/Implementation/LSL_Api.cs | 28 +++++++++++----------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/LSL_Api.cs b/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/LSL_Api.cs index 86d0c30..1feb153 100644 --- a/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/LSL_Api.cs +++ b/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/LSL_Api.cs @@ -6516,15 +6516,15 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api if (cut.y > 1f) { cut.y = 1f; - } - if (cut.y - cut.x < 0.05f) - { - cut.x = cut.y - 0.05f; - if (cut.x < 0.0f) - { - cut.x = 0.0f; - cut.y = 0.05f; - } + } + if (cut.y - cut.x < 0.05f) + { + cut.x = cut.y - 0.05f; + if (cut.x < 0.0f) + { + cut.x = 0.0f; + cut.y = 0.05f; + } } shapeBlock.ProfileBegin = (ushort)(50000 * cut.x); shapeBlock.ProfileEnd = (ushort)(50000 * (1 - cut.y)); @@ -6722,11 +6722,11 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api } if (profilecut.y - profilecut.x < 0.05f) { - profilecut.x = profilecut.y - 0.05f; - if (profilecut.x < 0.0f) - { - profilecut.x = 0.0f; - profilecut.y = 0.05f; + profilecut.x = profilecut.y - 0.05f; + if (profilecut.x < 0.0f) + { + profilecut.x = 0.0f; + profilecut.y = 0.05f; } } shapeBlock.ProfileBegin = (ushort)(50000 * profilecut.x); -- cgit v1.1 From 8c56f04f820d97e59d093500f1a8e6795061fbf3 Mon Sep 17 00:00:00 2001 From: Justin Clark-Casey (justincc) Date: Wed, 23 Jun 2010 01:21:49 +0100 Subject: add new [RemoteAdmin] settings from Snoopy's create/update, etc user patch to OpenSim.ini.exmaple Also tidies up and comments some existing entries --- bin/OpenSim.ini.example | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/bin/OpenSim.ini.example b/bin/OpenSim.ini.example index aab1a58..f4d9a18 100644 --- a/bin/OpenSim.ini.example +++ b/bin/OpenSim.ini.example @@ -597,21 +597,19 @@ ; Set this to a nonzero value to have remote admin use a different port port = 0 + ; This password is required to make any XMLRPC call (should be set as the "password" parameter) access_password = unknown ; set this variable to true if you want the create_region XmlRpc ; call to unconditionally enable voice on all parcels for a newly ; created region [default: false] - create_region_enable_voice = false ; set this variable to false if you want the create_region XmlRpc ; call to create all regions as private per default (can be ; overridden in the XmlRpc call) [default: true] - create_region_public = false - ; the create_region XmlRpc call uses region_file_template to generate ; the file name of newly create regions (if they are created ; persistent). the parameter available are: @@ -620,7 +618,6 @@ ; {2} - region UUID ; {3} - region port ; {4} - region name with " ", ":", "/" mapped to "_" - region_file_template = "{0}x{1}-{2}.xml" ; we can limit the number of regions that XmlRpcCreateRegion will @@ -635,6 +632,18 @@ ; if this parameter is not specified but enabled = true, all methods will be available enabled_methods = all + ; specify the default appearance for an avatar created through the remote admin interface + ; This will only take effect is the file specified by the default_appearance setting below exists + ;default_male = Default Male + ;default_female = Default Female + + ; update appearance copies inventory items and wearables of default avatars. if this value is false + ; (default), just worn assets are copied to the Clothes folder; if true, all Clothes and Bodyparts + ; subfolders are copied. the receiver will wear the same items the default avatar did wear. + ;copy_folders = false + + ; path to default appearance XML file that specifies the look of the default avatars + ;default_appearance = default_appearance.xml [RestPlugins] ; Change this to true to enable REST Plugins. This must be true if you wish to use -- cgit v1.1 From c404c5fb5405eac24cc8b7cd402eb8d8fb0ff0cf Mon Sep 17 00:00:00 2001 From: Melanie Date: Wed, 23 Jun 2010 21:14:28 +0100 Subject: Thank you, Snoopy, for a patch to reduce sim script startup CPU usage --- .../Framework/Scenes/SceneObjectPartInventory.cs | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/OpenSim/Region/Framework/Scenes/SceneObjectPartInventory.cs b/OpenSim/Region/Framework/Scenes/SceneObjectPartInventory.cs index 866bb6e..3a8f168 100644 --- a/OpenSim/Region/Framework/Scenes/SceneObjectPartInventory.cs +++ b/OpenSim/Region/Framework/Scenes/SceneObjectPartInventory.cs @@ -31,6 +31,7 @@ using System.IO; using System.Collections.Generic; using System.Collections; using System.Reflection; +using System.Threading; using OpenMetaverse; using log4net; using OpenSim.Framework; @@ -200,6 +201,7 @@ namespace OpenSim.Region.Framework.Scenes if ((int)InventoryType.LSL == item.InvType) { CreateScriptInstance(item, startParam, postOnRez, engine, stateSource); + Thread.Sleep(10); // workaround for Mono cpu utilization > 100% bug } } } @@ -257,7 +259,7 @@ namespace OpenSim.Region.Framework.Scenes // m_log.InfoFormat( // "[PRIM INVENTORY]: " + // "Starting script {0}, {1} in prim {2}, {3}", - // item.Name, item.ItemID, Name, UUID); + // item.Name, item.ItemID, m_part.Name, m_part.UUID); if (!m_part.ParentGroup.Scene.Permissions.CanRunScript(item.ItemID, m_part.UUID, item.OwnerID)) return; @@ -293,20 +295,20 @@ namespace OpenSim.Region.Framework.Scenes } else { - if (m_part.ParentGroup.m_savedScriptState != null) - RestoreSavedScriptState(item.OldItemID, item.ItemID); - lock (m_items) { + if (m_part.ParentGroup.m_savedScriptState != null) + RestoreSavedScriptState(item.OldItemID, item.ItemID); + m_items[item.ItemID].PermsMask = 0; m_items[item.ItemID].PermsGranter = UUID.Zero; + + string script = Utils.BytesToString(asset.Data); + m_part.ParentGroup.Scene.EventManager.TriggerRezScript( + m_part.LocalId, item.ItemID, script, startParam, postOnRez, engine, stateSource); + m_part.ParentGroup.AddActiveScriptCount(1); + m_part.ScheduleFullUpdate(); } - - string script = Utils.BytesToString(asset.Data); - m_part.ParentGroup.Scene.EventManager.TriggerRezScript( - m_part.LocalId, item.ItemID, script, startParam, postOnRez, engine, stateSource); - m_part.ParentGroup.AddActiveScriptCount(1); - m_part.ScheduleFullUpdate(); } } } -- cgit v1.1 From 5a071dc7986c5e262d9e9513b07fc59797724e55 Mon Sep 17 00:00:00 2001 From: Melanie Date: Thu, 24 Jun 2010 03:24:38 +0100 Subject: Move loading of parcels to before script start. Scripts using parcel functions can fail if no land is loaded --- OpenSim/Region/Application/OpenSimBase.cs | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/OpenSim/Region/Application/OpenSimBase.cs b/OpenSim/Region/Application/OpenSimBase.cs index 83be61e..f535fe8 100644 --- a/OpenSim/Region/Application/OpenSimBase.cs +++ b/OpenSim/Region/Application/OpenSimBase.cs @@ -367,13 +367,13 @@ namespace OpenSim Environment.Exit(1); } + scene.loadAllLandObjectsFromStorage(regionInfo.originRegionID); + scene.EventManager.TriggerParcelPrimCountUpdate(); + // We need to do this after we've initialized the // scripting engines. scene.CreateScriptInstances(); - scene.loadAllLandObjectsFromStorage(regionInfo.originRegionID); - scene.EventManager.TriggerParcelPrimCountUpdate(); - m_sceneManager.Add(scene); if (m_autoCreateClientStack) -- cgit v1.1 From 6848465ae24f2069c2cc3e67ff317ad2d085f5cb Mon Sep 17 00:00:00 2001 From: John Hurliman Date: Thu, 24 Jun 2010 13:43:38 -0700 Subject: * SimianAssetServiceConnector Delete() was expecting the wrong type of response, reporting false errors * Fixed a typo in a WebUtil error message --- OpenSim/Framework/WebUtil.cs | 2 +- .../SimianGrid/SimianAssetServiceConnector.cs | 29 ++++++++++++++++------ 2 files changed, 23 insertions(+), 8 deletions(-) diff --git a/OpenSim/Framework/WebUtil.cs b/OpenSim/Framework/WebUtil.cs index 94862a6..e20866e 100644 --- a/OpenSim/Framework/WebUtil.cs +++ b/OpenSim/Framework/WebUtil.cs @@ -114,7 +114,7 @@ namespace OpenSim.Framework } catch (Exception ex) { - m_log.Warn("GET from URL " + url + " failed: " + ex.Message); + m_log.Warn(httpVerb + " on URL " + url + " failed: " + ex.Message); errorMessage = ex.Message; } diff --git a/OpenSim/Services/Connectors/SimianGrid/SimianAssetServiceConnector.cs b/OpenSim/Services/Connectors/SimianGrid/SimianAssetServiceConnector.cs index 3fdee9c..34bb8b3 100644 --- a/OpenSim/Services/Connectors/SimianGrid/SimianAssetServiceConnector.cs +++ b/OpenSim/Services/Connectors/SimianGrid/SimianAssetServiceConnector.cs @@ -371,18 +371,33 @@ namespace OpenSim.Services.Connectors.SimianGrid /// public bool Delete(string id) { + string errorMessage = String.Empty; + string url = m_serverUrl + id; + if (m_cache != null) m_cache.Expire(id); - string url = m_serverUrl + id; + try + { + HttpWebRequest request = (HttpWebRequest)HttpWebRequest.Create(url); + request.Method = "DELETE"; - OSDMap response = WebUtil.ServiceRequest(url, "DELETE"); - if (response["Success"].AsBoolean()) - return true; - else - m_log.Warn("[SIMIAN ASSET CONNECTOR]: Failed to delete asset " + id + " from the asset service"); + using (HttpWebResponse response = (HttpWebResponse)request.GetResponse()) + { + if (response.StatusCode != HttpStatusCode.NoContent) + { + m_log.Warn("[SIMIAN ASSET CONNECTOR]: Unexpected response when deleting asset " + url + ": " + + response.StatusCode + " (" + response.StatusDescription + ")"); + } + } - return false; + return true; + } + catch (Exception ex) + { + m_log.Warn("[SIMIAN ASSET CONNECTOR]: Failed to delete asset " + id + " from the asset service: " + ex.Message); + return false; + } } #endregion IAssetService -- cgit v1.1