From 3255335c42ff348465d235a3ccf9558d0d6d414b Mon Sep 17 00:00:00 2001
From: Justin Clark-Casey (justincc)
Date: Wed, 4 Mar 2015 17:51:11 +0000
Subject: Make private services forbid llHTTPRequest() calls by rejecting those
 that have the X-SecondLife-Shard header.

If you need to enable this, set AllowHttpRequestIn = true in [Network] for all private services or individual [*Service] sections.
---
 .../Framework/ServiceAuth/DisallowLlHttpRequest.cs | 57 ++++++++++++++++++++++
 1 file changed, 57 insertions(+)
 create mode 100644 OpenSim/Framework/ServiceAuth/DisallowLlHttpRequest.cs

(limited to 'OpenSim/Framework/ServiceAuth/DisallowLlHttpRequest.cs')

diff --git a/OpenSim/Framework/ServiceAuth/DisallowLlHttpRequest.cs b/OpenSim/Framework/ServiceAuth/DisallowLlHttpRequest.cs
new file mode 100644
index 0000000..1e1ee56
--- /dev/null
+++ b/OpenSim/Framework/ServiceAuth/DisallowLlHttpRequest.cs
@@ -0,0 +1,57 @@
+/*
+ * Copyright (c) Contributors, http://opensimulator.org/
+ * See CONTRIBUTORS.TXT for a full list of copyright holders.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *     * Redistributions of source code must retain the above copyright
+ *       notice, this list of conditions and the following disclaimer.
+ *     * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *     * Neither the name of the OpenSimulator Project nor the
+ *       names of its contributors may be used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+using System;
+using System.Collections.Specialized;
+using System.Net;
+
+namespace OpenSim.Framework.ServiceAuth
+{
+    public class DisallowLlHttpRequest : IServiceAuth
+    {
+        public void AddAuthorization(NameValueCollection headers) {}
+
+        public bool Authenticate(string data)
+        {
+            return false;
+        }
+
+        public bool Authenticate(NameValueCollection requestHeaders, AddHeaderDelegate d, out HttpStatusCode statusCode)
+        {
+//            Console.WriteLine("DisallowLlHttpRequest");
+
+            if (requestHeaders["X-SecondLife-Shard"] != null)
+            {
+                statusCode = HttpStatusCode.Forbidden;
+                return false;
+            }
+
+            statusCode = HttpStatusCode.OK;
+            return true;
+        }
+    }
+}
\ No newline at end of file
-- 
cgit v1.1


From eda09d87635683d92d1661f6bbedf678c879c08f Mon Sep 17 00:00:00 2001
From: Justin Clark-Casey (justincc)
Date: Mon, 16 Mar 2015 23:40:34 +0000
Subject: Fix XBakes simulator-side authentication regression failure

Unlike the other connectors, XBakes uses a service auth retrieved from ServiceAuth.Create() and not code inherited from BaseServiceConnector.
Fixes regression from 7d3bafd5 (Wed 4 Mar 2015) where the new CompoundAuthenticator did not implement IServiceAuth.AddAuthorization()
---
 OpenSim/Framework/ServiceAuth/DisallowLlHttpRequest.cs | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'OpenSim/Framework/ServiceAuth/DisallowLlHttpRequest.cs')

diff --git a/OpenSim/Framework/ServiceAuth/DisallowLlHttpRequest.cs b/OpenSim/Framework/ServiceAuth/DisallowLlHttpRequest.cs
index 1e1ee56..e0c413b 100644
--- a/OpenSim/Framework/ServiceAuth/DisallowLlHttpRequest.cs
+++ b/OpenSim/Framework/ServiceAuth/DisallowLlHttpRequest.cs
@@ -33,6 +33,8 @@ namespace OpenSim.Framework.ServiceAuth
 {
     public class DisallowLlHttpRequest : IServiceAuth
     {
+        public string Name { get { return "DisallowllHTTPRequest"; } }
+
         public void AddAuthorization(NameValueCollection headers) {}
 
         public bool Authenticate(string data)
-- 
cgit v1.1