aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/OpenSim/Framework
diff options
context:
space:
mode:
authorJohan Berntsson2008-07-23 07:27:11 +0000
committerJohan Berntsson2008-07-23 07:27:11 +0000
commit3b35332957e0d122cdd063ad14d3795856bcd8e5 (patch)
tree8fbabfa0cdb049fd9151f6cd887c6897e8d89604 /OpenSim/Framework
parentthanks lulurun for a security patch that blocks unathorized access to the inv... (diff)
downloadopensim-SC_OLD-3b35332957e0d122cdd063ad14d3795856bcd8e5.zip
opensim-SC_OLD-3b35332957e0d122cdd063ad14d3795856bcd8e5.tar.gz
opensim-SC_OLD-3b35332957e0d122cdd063ad14d3795856bcd8e5.tar.bz2
opensim-SC_OLD-3b35332957e0d122cdd063ad14d3795856bcd8e5.tar.xz
adding files that were not included in r5589
Diffstat (limited to 'OpenSim/Framework')
-rw-r--r--OpenSim/Framework/Communications/ISecureInventoryService.cs125
-rw-r--r--OpenSim/Framework/Servers/RestSessionService.cs223
2 files changed, 348 insertions, 0 deletions
diff --git a/OpenSim/Framework/Communications/ISecureInventoryService.cs b/OpenSim/Framework/Communications/ISecureInventoryService.cs
new file mode 100644
index 0000000..0e7861a
--- /dev/null
+++ b/OpenSim/Framework/Communications/ISecureInventoryService.cs
@@ -0,0 +1,125 @@
1/*
2 * Copyright (c) Contributors, http://opensimulator.org/
3 * See CONTRIBUTORS.TXT for a full list of copyright holders.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions are met:
7 * * Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer.
9 * * Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the
11 * documentation and/or other materials provided with the distribution.
12 * * Neither the name of the OpenSim Project nor the
13 * names of its contributors may be used to endorse or promote products
14 * derived from this software without specific prior written permission.
15 *
16 * THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY
17 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
18 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
19 * DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY
20 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
21 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
22 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
23 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
24 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
25 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26 */
27
28using System.Collections.Generic;
29using libsecondlife;
30using OpenSim.Framework.Communications.Cache;
31
32namespace OpenSim.Framework.Communications
33{
34
35 /// <summary>
36 /// Defines all the operations one can perform on a user's inventory.
37 /// </summary>
38 public interface ISecureInventoryService
39 {
40 string Host
41 {
42 get;
43 }
44 /// <summary>
45 /// Request the inventory for a user. This is an asynchronous operation that will call the callback when the
46 /// inventory has been received
47 /// </summary>
48 /// <param name="userID"></param>
49 /// <param name="callback"></param>
50 void RequestInventoryForUser(LLUUID userID, LLUUID session_id, InventoryReceiptCallback callback);
51
52 /// <summary>
53 /// Add a new folder to the user's inventory
54 /// </summary>
55 /// <param name="folder"></param>
56 /// <returns>true if the folder was successfully added</returns>
57 bool AddFolder(InventoryFolderBase folder, LLUUID session_id);
58
59 /// <summary>
60 /// Update a folder in the user's inventory
61 /// </summary>
62 /// <param name="folder"></param>
63 /// <returns>true if the folder was successfully updated</returns>
64 bool UpdateFolder(InventoryFolderBase folder, LLUUID session_id);
65
66 /// <summary>
67 /// Move an inventory folder to a new location
68 /// </summary>
69 /// <param name="folder">A folder containing the details of the new location</param>
70 /// <returns>true if the folder was successfully moved</returns>
71 bool MoveFolder(InventoryFolderBase folder, LLUUID session_id);
72
73 /// <summary>
74 /// Purge an inventory folder of all its items and subfolders.
75 /// </summary>
76 /// <param name="folder"></param>
77 /// <returns>true if the folder was successfully purged</returns>
78 bool PurgeFolder(InventoryFolderBase folder, LLUUID session_id);
79
80 /// <summary>
81 /// Add a new item to the user's inventory
82 /// </summary>
83 /// <param name="item"></param>
84 /// <returns>true if the item was successfully added</returns>
85 bool AddItem(InventoryItemBase item, LLUUID session_id);
86
87 /// <summary>
88 /// Update an item in the user's inventory
89 /// </summary>
90 /// <param name="item"></param>
91 /// <returns>true if the item was successfully updated</returns>
92 bool UpdateItem(InventoryItemBase item, LLUUID session_id);
93
94 /// <summary>
95 /// Delete an item from the user's inventory
96 /// </summary>
97 /// <param name="item"></param>
98 /// <returns>true if the item was successfully deleted</returns>
99 bool DeleteItem(InventoryItemBase item, LLUUID session_id);
100
101 /// <summary>
102 /// Create a new inventory for the given user.
103 /// </summary>
104 /// <param name="user"></param>
105 /// <returns>true if the inventory was successfully created, false otherwise</returns>
106 bool CreateNewUserInventory(LLUUID user);
107
108 bool HasInventoryForUser(LLUUID userID);
109
110 /// <summary>
111 /// Retrieve the root inventory folder for the given user.
112 /// </summary>
113 /// <param name="userID"></param>
114 /// <returns>null if no root folder was found</returns>
115 InventoryFolderBase RequestRootFolder(LLUUID userID);
116
117 /// <summary>
118 /// Returns a list of all the folders in a given user's inventory.
119 /// </summary>
120 /// <param name="userId"></param>
121 /// <returns>A flat list of the user's inventory folder tree,
122 /// null if there is no inventory for this user</returns>
123 List<InventoryFolderBase> GetInventorySkeleton(LLUUID userId);
124 }
125}
diff --git a/OpenSim/Framework/Servers/RestSessionService.cs b/OpenSim/Framework/Servers/RestSessionService.cs
new file mode 100644
index 0000000..3c79844
--- /dev/null
+++ b/OpenSim/Framework/Servers/RestSessionService.cs
@@ -0,0 +1,223 @@
1using System;
2using System.IO;
3using System.Net;
4using System.Collections.Generic;
5using System.Text;
6using System.Xml;
7using System.Xml.Serialization;
8
9namespace OpenSim.Framework.Servers
10{
11 public class RestSessionObject<TRequest>
12 {
13 private string sid;
14 private string aid;
15 private TRequest request_body;
16
17 public string SessionID
18 {
19 get { return sid; }
20 set { sid = value; }
21 }
22
23 public string AvatarID
24 {
25 get { return aid; }
26 set { aid = value; }
27 }
28
29 public TRequest Body
30 {
31 get { return request_body; }
32 set { request_body = value; }
33 }
34 }
35
36 public class SynchronousRestSessionObjectPoster<TRequest, TResponse>
37 {
38 public static TResponse BeginPostObject(string verb, string requestUrl, TRequest obj, string sid, string aid)
39 {
40 RestSessionObject<TRequest> sobj = new RestSessionObject<TRequest>();
41 sobj.SessionID = sid;
42 sobj.AvatarID = aid;
43 sobj.Body = obj;
44
45 Type type = typeof(RestSessionObject<TRequest>);
46
47 WebRequest request = WebRequest.Create(requestUrl);
48 request.Method = verb;
49 request.ContentType = "text/xml";
50
51 MemoryStream buffer = new MemoryStream();
52
53 XmlWriterSettings settings = new XmlWriterSettings();
54 settings.Encoding = Encoding.UTF8;
55
56 using (XmlWriter writer = XmlWriter.Create(buffer, settings))
57 {
58 XmlSerializer serializer = new XmlSerializer(type);
59 serializer.Serialize(writer, sobj);
60 writer.Flush();
61 }
62
63 int length = (int)buffer.Length;
64 request.ContentLength = length;
65
66 Stream requestStream = request.GetRequestStream();
67 requestStream.Write(buffer.ToArray(), 0, length);
68 TResponse deserial = default(TResponse);
69 using (WebResponse resp = request.GetResponse())
70 {
71 XmlSerializer deserializer = new XmlSerializer(typeof(TResponse));
72 deserial = (TResponse)deserializer.Deserialize(resp.GetResponseStream());
73 }
74 return deserial;
75 }
76 }
77
78 public class RestSessionObjectPosterResponse<TRequest, TResponse>
79 {
80
81 public ReturnResponse<TResponse> ResponseCallback;
82
83 public void BeginPostObject(string requestUrl, TRequest obj, string sid, string aid)
84 {
85 BeginPostObject("POST", requestUrl, obj, sid, aid);
86 }
87
88 public void BeginPostObject(string verb, string requestUrl, TRequest obj, string sid, string aid)
89 {
90 RestSessionObject<TRequest> sobj = new RestSessionObject<TRequest>();
91 sobj.SessionID = sid;
92 sobj.AvatarID = aid;
93 sobj.Body = obj;
94
95 Type type = typeof(RestSessionObject<TRequest>);
96
97 WebRequest request = WebRequest.Create(requestUrl);
98 request.Method = verb;
99 request.ContentType = "text/xml";
100
101 MemoryStream buffer = new MemoryStream();
102
103 XmlWriterSettings settings = new XmlWriterSettings();
104 settings.Encoding = Encoding.UTF8;
105
106 using (XmlWriter writer = XmlWriter.Create(buffer, settings))
107 {
108 XmlSerializer serializer = new XmlSerializer(type);
109 serializer.Serialize(writer, sobj);
110 writer.Flush();
111 }
112
113 int length = (int)buffer.Length;
114 request.ContentLength = length;
115
116 Stream requestStream = request.GetRequestStream();
117 requestStream.Write(buffer.ToArray(), 0, length);
118 // IAsyncResult result = request.BeginGetResponse(AsyncCallback, request);
119 request.BeginGetResponse(AsyncCallback, request);
120 }
121
122 private void AsyncCallback(IAsyncResult result)
123 {
124 WebRequest request = (WebRequest)result.AsyncState;
125 using (WebResponse resp = request.EndGetResponse(result))
126 {
127 TResponse deserial;
128 XmlSerializer deserializer = new XmlSerializer(typeof(TResponse));
129 Stream stream = resp.GetResponseStream();
130
131 // This is currently a bad debug stanza since it gobbles us the response...
132 // StreamReader reader = new StreamReader(stream);
133 // m_log.DebugFormat("[REST OBJECT POSTER RESPONSE]: Received {0}", reader.ReadToEnd());
134
135 deserial = (TResponse)deserializer.Deserialize(stream);
136
137 if (deserial != null && ResponseCallback != null)
138 {
139 ResponseCallback(deserial);
140 }
141 }
142 }
143 }
144
145 public delegate bool CheckIdentityMethod(string sid, string aid);
146
147 public class RestDeserialiseSecureHandler<TRequest, TResponse> : BaseRequestHandler, IStreamHandler
148 where TRequest : new()
149 {
150 private RestDeserialiseMethod<TRequest, TResponse> m_method;
151 private CheckIdentityMethod m_smethod;
152
153 public RestDeserialiseSecureHandler(string httpMethod, string path, RestDeserialiseMethod<TRequest, TResponse> method, CheckIdentityMethod smethod)
154 : base(httpMethod, path)
155 {
156 m_smethod = smethod;
157 m_method = method;
158 }
159
160 public void Handle(string path, Stream request, Stream responseStream,
161 OSHttpRequest httpRequest, OSHttpResponse httpResponse)
162 {
163 RestSessionObject<TRequest> deserial;
164 using (XmlTextReader xmlReader = new XmlTextReader(request))
165 {
166 XmlSerializer deserializer = new XmlSerializer(typeof(RestSessionObject<TRequest>));
167 deserial = (RestSessionObject<TRequest>)deserializer.Deserialize(xmlReader);
168 }
169
170 TResponse response = default(TResponse);
171 if (m_smethod(deserial.SessionID, deserial.AvatarID))
172 {
173 response = m_method(deserial.Body);
174 }
175
176 using (XmlWriter xmlWriter = XmlTextWriter.Create(responseStream))
177 {
178 XmlSerializer serializer = new XmlSerializer(typeof(TResponse));
179 serializer.Serialize(xmlWriter, response);
180 }
181 }
182 }
183
184 public delegate bool CheckTrustedSourceMethod(IPEndPoint peer);
185
186 public class RestDeserialiseTrustedHandler<TRequest, TResponse> : BaseRequestHandler, IStreamHandler
187 where TRequest : new()
188 {
189 private RestDeserialiseMethod<TRequest, TResponse> m_method;
190 private CheckTrustedSourceMethod m_tmethod;
191
192 public RestDeserialiseTrustedHandler(string httpMethod, string path, RestDeserialiseMethod<TRequest, TResponse> method, CheckTrustedSourceMethod tmethod)
193 : base(httpMethod, path)
194 {
195 m_tmethod = tmethod;
196 m_method = method;
197 }
198
199 public void Handle(string path, Stream request, Stream responseStream,
200 OSHttpRequest httpRequest, OSHttpResponse httpResponse)
201 {
202 TRequest deserial;
203 using (XmlTextReader xmlReader = new XmlTextReader(request))
204 {
205 XmlSerializer deserializer = new XmlSerializer(typeof(TRequest));
206 deserial = (TRequest)deserializer.Deserialize(xmlReader);
207 }
208
209 TResponse response = default(TResponse);
210 if (m_tmethod(httpRequest.RemoteIPEndPoint))
211 {
212 response = m_method(deserial);
213 }
214
215 using (XmlWriter xmlWriter = XmlTextWriter.Create(responseStream))
216 {
217 XmlSerializer serializer = new XmlSerializer(typeof(TResponse));
218 serializer.Serialize(xmlWriter, response);
219 }
220 }
221 }
222
223}