1 files changed, 128 insertions, 36 deletions
diff --git a/indra/newview/llcommandhandler.cpp b/indra/newview/llcommandhandler.cpp
index 422c94ade5..360ba080ac 100644
--- a/indra/newview/llcommandhandler.cpp
+++ b/indra/newview/llcommandhandler.cpp
@@ -4,46 +4,47 @@
  * which manipulate user interface.  For example, the command
  * "agent (uuid) about" will open the UI for an avatar's profile.
  *
- * $LicenseInfo:firstyear=2007&license=viewergpl$
- * 
- * Copyright (c) 2007-2009, Linden Research, Inc.
- * 
+ * $LicenseInfo:firstyear=2007&license=viewerlgpl$
  * Second Life Viewer Source Code
- * The source code in this file ("Source Code") is provided by Linden Lab
- * to you under the terms of the GNU General Public License, version 2.0
- * ("GPL"), unless you have obtained a separate licensing agreement
- * ("Other License"), formally executed by you and Linden Lab.  Terms of
- * the GPL can be found in doc/GPL-license.txt in this distribution, or
- * online at http://secondlifegrid.net/programs/open_source/licensing/gplv2
+ * Copyright (C) 2010, Linden Research, Inc.
  * 
- * There are special exceptions to the terms and conditions of the GPL as
- * it is applied to this Source Code. View the full text of the exception
- * in the file doc/FLOSS-exception.txt in this software distribution, or
- * online at
- * http://secondlifegrid.net/programs/open_source/licensing/flossexception
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License only.
  * 
- * By copying, modifying or distributing this software, you acknowledge
- * that you have read and understood your obligations described above,
- * and agree to abide by those obligations.
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
  * 
- * ALL LINDEN LAB SOURCE CODE IS PROVIDED "AS IS." LINDEN LAB MAKES NO
- * WARRANTIES, EXPRESS, IMPLIED OR OTHERWISE, REGARDING ITS ACCURACY,
- * COMPLETENESS OR PERFORMANCE.
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+ * 
+ * Linden Research, Inc., 945 Battery Street, San Francisco, CA  94111  USA
  * $/LicenseInfo$
  */
 #include "llviewerprecompiledheaders.h"
 
 #include "llcommandhandler.h"
+#include "llnotificationsutil.h"
+#include "llcommanddispatcherlistener.h"
+#include "stringize.h"
 
 // system includes
 #include <boost/tokenizer.hpp>
 
+#define THROTTLE_PERIOD    15    // required secs between throttled commands
+
+static LLCommandDispatcherListener sCommandDispatcherListener;
+
 //---------------------------------------------------------------------------
 // Underlying registry for command handlers, not directly accessible.
 //---------------------------------------------------------------------------
 struct LLCommandHandlerInfo
 {
-	bool mRequireTrustedBrowser;
+	LLCommandHandler::EUntrustedAccess mUntrustedBrowserAccess;
 	LLCommandHandler* mHandler;	// safe, all of these are static objects
 };
 
@@ -51,14 +52,17 @@ class LLCommandHandlerRegistry
 {
 public:
 	static LLCommandHandlerRegistry& instance();
-	void add(const char* cmd, bool require_trusted_browser, LLCommandHandler* handler);
+	void add(const char* cmd,
+			 LLCommandHandler::EUntrustedAccess untrusted_access,
+			 LLCommandHandler* handler);
 	bool dispatch(const std::string& cmd,
 				  const LLSD& params,
 				  const LLSD& query_map,
-				  LLWebBrowserCtrl* web,
+				  LLMediaCtrl* web,
 				  bool trusted_browser);
 
 private:
+	friend LLSD LLCommandDispatcher::enumerate();
 	std::map<std::string, LLCommandHandlerInfo> mMap;
 };
 
@@ -72,10 +76,12 @@ LLCommandHandlerRegistry& LLCommandHandlerRegistry::instance()
 	return instance;
 }
 
-void LLCommandHandlerRegistry::add(const char* cmd, bool require_trusted_browser, LLCommandHandler* handler)
+void LLCommandHandlerRegistry::add(const char* cmd,
+								   LLCommandHandler::EUntrustedAccess untrusted_access,
+								   LLCommandHandler* handler)
 {
 	LLCommandHandlerInfo info;
-	info.mRequireTrustedBrowser = require_trusted_browser;
+	info.mUntrustedBrowserAccess = untrusted_access;
 	info.mHandler = handler;
 
 	mMap[cmd] = info;
@@ -84,18 +90,52 @@ void LLCommandHandlerRegistry::add(const char* cmd, bool require_trusted_browser
 bool LLCommandHandlerRegistry::dispatch(const std::string& cmd,
 										const LLSD& params,
 										const LLSD& query_map,
-										LLWebBrowserCtrl* web,
+										LLMediaCtrl* web,
 										bool trusted_browser)
 {
+	static bool slurl_blocked = false;
+	static bool slurl_throttled = false;
+	static F64 last_throttle_time = 0.0;
+	F64 cur_time = 0.0;
 	std::map<std::string, LLCommandHandlerInfo>::iterator it = mMap.find(cmd);
 	if (it == mMap.end()) return false;
 	const LLCommandHandlerInfo& info = it->second;
-	if (!trusted_browser && info.mRequireTrustedBrowser)
+	if (!trusted_browser)
 	{
-		// block request from external browser, but report as
-		// "handled" because it was well formatted.
-		LL_WARNS_ONCE("SLURL") << "Blocked SLURL command from untrusted browser" << LL_ENDL;
-		return true;
+		switch (info.mUntrustedBrowserAccess)
+		{
+		case LLCommandHandler::UNTRUSTED_ALLOW:
+			// fall through and let the command be handled
+			break;
+
+		case LLCommandHandler::UNTRUSTED_BLOCK:
+			// block request from external browser, but report as
+			// "handled" because it was well formatted.
+			LL_WARNS_ONCE("SLURL") << "Blocked SLURL command from untrusted browser" << LL_ENDL;
+			if (! slurl_blocked)
+			{
+				LLNotificationsUtil::add("BlockedSLURL");
+				slurl_blocked = true;
+			}
+			return true;
+
+		case LLCommandHandler::UNTRUSTED_THROTTLE:
+			cur_time = LLTimer::getElapsedSeconds();
+			if (cur_time < last_throttle_time + THROTTLE_PERIOD)
+			{
+				// block request from external browser if it happened
+				// within THROTTLE_PERIOD secs of the last command
+				LL_WARNS_ONCE("SLURL") << "Throttled SLURL command from untrusted browser" << LL_ENDL;
+				if (! slurl_throttled)
+				{
+					LLNotificationsUtil::add("ThrottledSLURL");
+					slurl_throttled = true;
+				}
+				return true;
+			}
+			last_throttle_time = cur_time;
+			break;
+		}
 	}
 	if (!info.mHandler) return false;
 	return info.mHandler->handle(params, query_map, web);
@@ -106,10 +146,9 @@ bool LLCommandHandlerRegistry::dispatch(const std::string& cmd,
 //---------------------------------------------------------------------------
 
 LLCommandHandler::LLCommandHandler(const char* cmd,
-								   bool require_trusted_browser)
+								   EUntrustedAccess untrusted_access)
 {
-	LLCommandHandlerRegistry::instance().add(
-			cmd, require_trusted_browser, this);
+	LLCommandHandlerRegistry::instance().add(cmd, untrusted_access, this);
 }
 
 LLCommandHandler::~LLCommandHandler()
@@ -126,9 +165,62 @@ LLCommandHandler::~LLCommandHandler()
 bool LLCommandDispatcher::dispatch(const std::string& cmd,
 								   const LLSD& params,
 								   const LLSD& query_map,
-								   LLWebBrowserCtrl* web,
+								   LLMediaCtrl* web,
 								   bool trusted_browser)
 {
 	return LLCommandHandlerRegistry::instance().dispatch(
 		cmd, params, query_map, web, trusted_browser);
 }
+
+static std::string lookup(LLCommandHandler::EUntrustedAccess value);
+
+LLSD LLCommandDispatcher::enumerate()
+{
+	LLSD response;
+	LLCommandHandlerRegistry& registry(LLCommandHandlerRegistry::instance());
+	for (std::map<std::string, LLCommandHandlerInfo>::const_iterator chi(registry.mMap.begin()),
+																	 chend(registry.mMap.end());
+		 chi != chend; ++chi)
+	{
+		LLSD info;
+		info["untrusted"] = chi->second.mUntrustedBrowserAccess;
+		info["untrusted_str"] = lookup(chi->second.mUntrustedBrowserAccess);
+		response[chi->first] = info;
+	}
+	return response;
+}
+
+/*------------------------------ lookup stuff ------------------------------*/
+struct symbol_info
+{
+	const char* name;
+	LLCommandHandler::EUntrustedAccess value;
+};
+
+#define ent(SYMBOL)										\
+	{													\
+		#SYMBOL + 28, /* skip "LLCommandHandler::UNTRUSTED_" prefix */	\
+		SYMBOL											\
+	}
+
+symbol_info symbols[] =
+{
+	ent(LLCommandHandler::UNTRUSTED_ALLOW),		  // allow commands from untrusted browsers
+	ent(LLCommandHandler::UNTRUSTED_BLOCK),		  // ignore commands from untrusted browsers
+	ent(LLCommandHandler::UNTRUSTED_THROTTLE)	  // allow untrusted, but only a few per min.
+};
+
+#undef ent
+
+static std::string lookup(LLCommandHandler::EUntrustedAccess value)
+{
+	for (symbol_info *sii(symbols), *siend(symbols + (sizeof(symbols)/sizeof(symbols[0])));
+		 sii != siend; ++sii)
+	{
+		if (sii->value == value)
+		{
+			return sii->name;
+		}
+	}
+	return STRINGIZE("UNTRUSTED_" << value);
+}