1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
|
/**
* @file llcommandhandler.cpp
* @brief Central registry for text-driven "commands", most of
* which manipulate user interface. For example, the command
* "agent (uuid) about" will open the UI for an avatar's profile.
*
* $LicenseInfo:firstyear=2007&license=viewergpl$
*
* Copyright (c) 2007-2009, Linden Research, Inc.
*
* Second Life Viewer Source Code
* The source code in this file ("Source Code") is provided by Linden Lab
* to you under the terms of the GNU General Public License, version 2.0
* ("GPL"), unless you have obtained a separate licensing agreement
* ("Other License"), formally executed by you and Linden Lab. Terms of
* the GPL can be found in doc/GPL-license.txt in this distribution, or
* online at http://secondlifegrid.net/programs/open_source/licensing/gplv2
*
* There are special exceptions to the terms and conditions of the GPL as
* it is applied to this Source Code. View the full text of the exception
* in the file doc/FLOSS-exception.txt in this software distribution, or
* online at
* http://secondlifegrid.net/programs/open_source/licensing/flossexception
*
* By copying, modifying or distributing this software, you acknowledge
* that you have read and understood your obligations described above,
* and agree to abide by those obligations.
*
* ALL LINDEN LAB SOURCE CODE IS PROVIDED "AS IS." LINDEN LAB MAKES NO
* WARRANTIES, EXPRESS, IMPLIED OR OTHERWISE, REGARDING ITS ACCURACY,
* COMPLETENESS OR PERFORMANCE.
* $/LicenseInfo$
*/
#include "llviewerprecompiledheaders.h"
#include "llcommandhandler.h"
#include "llnotificationsutil.h"
// system includes
#include <boost/tokenizer.hpp>
#define THROTTLE_PERIOD 15 // required secs between throttled commands
//---------------------------------------------------------------------------
// Underlying registry for command handlers, not directly accessible.
//---------------------------------------------------------------------------
struct LLCommandHandlerInfo
{
LLCommandHandler::EUntrustedAccess mUntrustedBrowserAccess;
LLCommandHandler* mHandler; // safe, all of these are static objects
};
class LLCommandHandlerRegistry
{
public:
static LLCommandHandlerRegistry& instance();
void add(const char* cmd,
LLCommandHandler::EUntrustedAccess untrusted_access,
LLCommandHandler* handler);
bool dispatch(const std::string& cmd,
const LLSD& params,
const LLSD& query_map,
LLMediaCtrl* web,
bool trusted_browser);
private:
std::map<std::string, LLCommandHandlerInfo> mMap;
};
// static
LLCommandHandlerRegistry& LLCommandHandlerRegistry::instance()
{
// Force this to be initialized on first call, because we're going
// to be adding items to the std::map before main() and we can't
// rely on a global being initialized in the right order.
static LLCommandHandlerRegistry instance;
return instance;
}
void LLCommandHandlerRegistry::add(const char* cmd,
LLCommandHandler::EUntrustedAccess untrusted_access,
LLCommandHandler* handler)
{
LLCommandHandlerInfo info;
info.mUntrustedBrowserAccess = untrusted_access;
info.mHandler = handler;
mMap[cmd] = info;
}
bool LLCommandHandlerRegistry::dispatch(const std::string& cmd,
const LLSD& params,
const LLSD& query_map,
LLMediaCtrl* web,
bool trusted_browser)
{
static bool slurl_blocked = false;
static bool slurl_throttled = false;
static F64 last_throttle_time = 0.0;
F64 cur_time = 0.0;
std::map<std::string, LLCommandHandlerInfo>::iterator it = mMap.find(cmd);
if (it == mMap.end()) return false;
const LLCommandHandlerInfo& info = it->second;
if (!trusted_browser)
{
switch (info.mUntrustedBrowserAccess)
{
case LLCommandHandler::UNTRUSTED_ALLOW:
// fall through and let the command be handled
break;
case LLCommandHandler::UNTRUSTED_BLOCK:
// block request from external browser, but report as
// "handled" because it was well formatted.
LL_WARNS_ONCE("SLURL") << "Blocked SLURL command from untrusted browser" << LL_ENDL;
if (! slurl_blocked)
{
LLNotificationsUtil::add("BlockedSLURL");
slurl_blocked = true;
}
return true;
case LLCommandHandler::UNTRUSTED_THROTTLE:
cur_time = LLTimer::getElapsedSeconds();
if (cur_time < last_throttle_time + THROTTLE_PERIOD)
{
// block request from external browser if it happened
// within THROTTLE_PERIOD secs of the last command
LL_WARNS_ONCE("SLURL") << "Throttled SLURL command from untrusted browser" << LL_ENDL;
if (! slurl_throttled)
{
LLNotificationsUtil::add("ThrottledSLURL");
slurl_throttled = true;
}
return true;
}
last_throttle_time = cur_time;
break;
}
}
if (!info.mHandler) return false;
return info.mHandler->handle(params, query_map, web);
}
//---------------------------------------------------------------------------
// Automatic registration of commands, runs before main()
//---------------------------------------------------------------------------
LLCommandHandler::LLCommandHandler(const char* cmd,
EUntrustedAccess untrusted_access)
{
LLCommandHandlerRegistry::instance().add(cmd, untrusted_access, this);
}
LLCommandHandler::~LLCommandHandler()
{
// Don't care about unregistering these, all the handlers
// should be static objects.
}
//---------------------------------------------------------------------------
// Public interface
//---------------------------------------------------------------------------
// static
bool LLCommandDispatcher::dispatch(const std::string& cmd,
const LLSD& params,
const LLSD& query_map,
LLMediaCtrl* web,
bool trusted_browser)
{
return LLCommandHandlerRegistry::instance().dispatch(
cmd, params, query_map, web, trusted_browser);
}
|