Upstream changes through 9/5, 2024 (#91)

* also add default uuid zero string to mysql and pgsql pbr entries * add llDerezObject(..) * update ScriptSyntax * Postgresql Fixes: region store, mutelist and generic table handler. Signed-off-by: UbitUmarov <[email protected]> * Fix wrong primary key on telehub spawn points. With the RegionUUID being created as a unique primary key only one spawn point could be created. Replaced the primary key with one using multiple columns to guarantee that each spawn point occupies a unique space in the region. Signed-off-by: UbitUmarov <[email protected]> * Fix region data loading to prevent deletion of telehub spawnpoints Signed-off-by: UbitUmarov <[email protected]> * Adding missing 'regionextra' table and associated handlers to the PgSQL adapter. Signed-off-by: UbitUmarov <[email protected]> * viewers now are sending a useless flood of agent updates. Ignore some * fix shared group object item modify permission check * Add llGetNotecardLineSync * a few changes to llGetNotecardLineSync * minor cleanup * fix typo * improve script cpu time resolution specially on windows * catch some possible null refs * mantis 9135: avoid null ref * another null ref, thx Tampa * another typo, thx Tampa * verify vivox requests * Basic implementation of SSL selfsigned certificates creation and renewal Allows selfsigned certificates creation and renewal for local and external use. When enabled, will create a folder SSL\ and 2 sub folders SSL\ssl\ and SSL\src\. Next creates and store an RSA private key in SSL\src\ and the derived selfsigned certificates in SSL\ssl\ folder. Is also possible to renew the certificate on every server restart if CertRenewOnStartup is set to true. Note: The SSL related params in the network section was adapted to be user friendly and allow the usage just by uncommenting the SSL params in both sections and a password change. * Add selfsigned certificates support to Robust and osGetLinkInventoryKeys plus some fixes * Revert some default params and fixes to SSL support * a few changes. in same cases http/https can't be determined. possible both need to be present, possible with http a redir to https. TODO * ... in same cases http/https can't be determined. possible both need to be present, possible with http a redir to https. TODO * fixed check of EnableSelfsignedCertSupport option * Upstream changes through Aug 26, 2024 * mantis 9159: ignore spaces in z on cast string to vector * mantis 9159: same on rotation s * mantis 9158: allow it on prim inv to non-mod prim inventory if same owner and allowdrop was set on target * Address CodeQL feedback "variable may be null" --------- Signed-off-by: UbitUmarov <[email protected]> Co-authored-by: UbitUmarov <[email protected]> Co-authored-by: BlueWall <[email protected]> Co-authored-by: Sue Cripter <[email protected]> Co-authored-by: Adil El Farissi <[email protected]>
OpenSim-NGC · Sep 5, 2024 · 07a56b4 · 07a56b4
1 parent 8b2a567
commit 07a56b4
Show file tree

Hide file tree

Showing 24 changed files with 389 additions and 121 deletions.
diff --git a/Makefile b/Makefile
diff --git a/OpenSim/Data/MySQL/Resources/RegionStore.migrations b/OpenSim/Data/MySQL/Resources/RegionStore.migrations
@@ -569,7 +569,6 @@ ALTER TABLE `regionsettings` ADD COLUMN `TerrainPBR4` varchar(36) NOT NULL DEFAU
 COMMIT;
 
 :VERSION 67         #----- Add allow unsit and scripted sit only
-
 BEGIN;
 ALTER TABLE `prims`
 	ADD COLUMN `AllowUnsit` TINYINT(3) NULL DEFAULT '1',

diff --git a/OpenSim/Data/PGSQL/PGSQLSimulationData.cs b/OpenSim/Data/PGSQL/PGSQLSimulationData.cs
@@ -983,9 +983,9 @@ ON CONFLICT ("regionUUID")
                         command.Parameters.AddRange(CreateRegionSettingParameters(regionSettings));
                         command.ExecuteNonQuery();
                         command.Transaction.Commit();
-            }
+                    }
                     catch (Exception e)
-            {
+                    {
                         Console.WriteLine(e);
                         command.Transaction.Rollback();
                         throw;

diff --git a/OpenSim/Framework/Servers/HttpServer/BaseHttpServer.cs b/OpenSim/Framework/Servers/HttpServer/BaseHttpServer.cs
@@ -308,7 +308,7 @@ public bool CheckSSLCertHost(string hostname)
 
             if(htype == UriHostNameType.Unknown || htype == UriHostNameType.Basic)
                 return false;
-            if(htype == UriHostNameType.Dns)
+            if(htype == UriHostNameType.Dns || htype == UriHostNameType.IPv4)
             {
                 foreach(string name in m_certNames)
                 {

diff --git a/OpenSim/Framework/Util.cs b/OpenSim/Framework/Util.cs
@@ -56,6 +56,7 @@
 using Amib.Threading;
 using System.Collections.Concurrent;
 using System.Net.Http;
+using System.Security.Cryptography.X509Certificates;
 
 namespace OpenSim.Framework
 {
@@ -1098,14 +1099,18 @@ public static List<UUID> GetUUIDsOnData(byte[] s, int indx, int len)
         /// Is the platform Windows?
         /// </summary>
         /// <returns>true if so, false otherwise</returns>
+        [MethodImpl(MethodImplOptions.AggressiveInlining)]
         public static bool IsWindows()
         {
+            return RuntimeInformation.IsOSPlatform(OSPlatform.Windows);
+            /*
             PlatformID platformId = Environment.OSVersion.Platform;
 
             return (platformId == PlatformID.Win32NT
                 || platformId == PlatformID.Win32S
                 || platformId == PlatformID.Win32Windows
                 || platformId == PlatformID.WinCE);
+            */
         }
 
         public static bool LoadArchSpecificWindowsDll(string libraryName)
@@ -1480,6 +1485,71 @@ private static ReadOnlySpan<char> AESDecryptString(ReadOnlySpan<char> secret, Re
             return streamReader.ReadToEnd();
         }
 
+        [MethodImpl(MethodImplOptions.AggressiveInlining)]
+        public static void CreateOrUpdateSelfsignedCert(string certFileName, string certHostName, string certHostIp, string certPassword)
+        {
+            CreateOrUpdateSelfsignedCertificate(certFileName, certHostName, certHostIp, certPassword);
+        }
+
+        /// <summary>
+        /// Create or renew an SSL selfsigned certificate using the parameters set in the startup section of OpenSim.ini
+        /// </summary>
+        /// <param name="certFileName">The certificate file name.</param>
+        /// <param name="certHostName">The certificate host DNS name (CN).</param>
+        /// <param name="certHostIp">The certificate host IP address.</param>
+        /// <param name="certPassword">The certificate password.</param>
+        private static void CreateOrUpdateSelfsignedCertificate(string certFileName, string certHostName, string certHostIp, string certPassword)
+        {
+            SubjectAlternativeNameBuilder san = new();
+            san.AddDnsName(certHostName);
+            san.AddIpAddress(IPAddress.Parse(certHostIp));
+
+            // What OpenSim check (CN).
+            X500DistinguishedName dn = new($"CN={certHostName}");
+
+            using (RSA rsa = RSA.Create(2048))
+            {
+                CertificateRequest request = new(dn, rsa, HashAlgorithmName.SHA256,RSASignaturePadding.Pkcs1);
+
+                // (Optional)...
+                request.CertificateExtensions.Add(
+                new X509KeyUsageExtension(X509KeyUsageFlags.DataEncipherment | X509KeyUsageFlags.KeyEncipherment | X509KeyUsageFlags.DigitalSignature , false));
+
+                // (Optional) SSL Server Authentication...
+                request.CertificateExtensions.Add(
+                new X509EnhancedKeyUsageExtension(
+                    new OidCollection { new Oid("1.3.6.1.5.5.7.3.1") }, false));
+
+                request.CertificateExtensions.Add(san.Build());
+
+                X509Certificate2 certificate = request.CreateSelfSigned(new DateTimeOffset(DateTime.UtcNow), new DateTimeOffset(DateTime.UtcNow.AddDays(3650)));
+
+                string privateKey = Convert.ToBase64String(rsa.ExportRSAPrivateKey(), Base64FormattingOptions.InsertLineBreaks);
+
+                // Create the SSL folder and sub folders if not exists.
+                if (!Directory.Exists("SSL\\src\\"))
+                    Directory.CreateDirectory("SSL\\src\\");
+
+                if (!Directory.Exists("SSL\\ssl\\"))
+                    Directory.CreateDirectory("SSL\\ssl\\");
+
+                // Store the RSA key in SSL\src\
+                File.WriteAllText($"SSL\\src\\{certFileName}.txt", privateKey);
+
+                // Export and store the .pfx and .p12 certificates in SSL\ssl\.
+                // Note: Pfx is a Pkcs12 certificate and both files work for OpenSim.
+                byte[] pfxCertBytes = string.IsNullOrEmpty(certPassword) 
+                                    ? certificate.Export(X509ContentType.Pfx) 
+                                    : certificate.Export(X509ContentType.Pfx, certPassword);
+                File.WriteAllBytes($"SSL\\ssl\\{certFileName}.pfx", pfxCertBytes);
+
+                byte[] p12CertBytes = string.IsNullOrEmpty(certPassword) 
+                                    ? certificate.Export(X509ContentType.Pkcs12) 
+                                    : certificate.Export(X509ContentType.Pkcs12, certPassword);
+                File.WriteAllBytes($"SSL\\ssl\\{certFileName}.p12", p12CertBytes);
+            }
+        }
+
         public static int fast_distance2d(int x, int y)
         {
             x = Math.Abs(x);
@@ -3034,6 +3104,39 @@ public static bool TryParseHttpRange(string header, out int start, out int end)
             return false;
         }
 
+        [DllImport("winmm.dll")]
+        private static extern uint timeBeginPeriod(uint period);
+
+        [MethodImpl(MethodImplOptions.AggressiveInlining)]
+        public static void TimeBeginPeriod(uint period)
+        {
+            if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
+                timeBeginPeriod(period);
+        }
+
+        [DllImport("winmm.dll")]
+        private static extern uint timeEndPeriod(uint period);
+
+        [MethodImpl(MethodImplOptions.AggressiveInlining)]
+        public static void TimeEndPeriod(uint period)
+        {
+            if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
+                timeEndPeriod(period);
+        }
+
+        [MethodImpl(MethodImplOptions.AggressiveInlining)]
+        public static void ThreadSleep(int period)
+        {
+            if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
+            {
+                timeEndPeriod(1);
+                Thread.Sleep(period);
+                timeEndPeriod(1);
+            }
+            else
+                Thread.Sleep(period);
+        }
+
         /// <summary>
         /// Used to trigger an early library load on Windows systems.
         /// </summary>

diff --git a/OpenSim/Region/Application/ConfigurationLoader.cs b/OpenSim/Region/Application/ConfigurationLoader.cs
@@ -285,7 +285,7 @@ bool IsUri(string file)
             Uri configUri;
 
             return Uri.TryCreate(file, UriKind.Absolute,
-                    out configUri) && configUri.Scheme == Uri.UriSchemeHttp;
+                    out configUri) && (configUri.Scheme == Uri.UriSchemeHttp || configUri.Scheme == Uri.UriSchemeHttps);
         }
 
         /// <summary>

diff --git a/OpenSim/Region/Application/OpenSimBase.cs b/OpenSim/Region/Application/OpenSimBase.cs
@@ -352,7 +352,25 @@ protected override void Initialize()
             IConfig startupConfig = Config.Configs["Startup"];
             if (startupConfig == null || startupConfig.GetBoolean("JobEngineEnabled", true))
                 WorkManager.JobEngine.Start();
-
+
+            // Sure is not the right place for this but do the job...
+            // Must always be called before (all) / the HTTP servers starting for the Certs creation or renewals.
+            if (startupConfig is not null)
+            {
+                if (startupConfig.GetBoolean("EnableSelfsignedCertSupport", false))
+                {
+                    if(!File.Exists("SSL\\ssl\\"+ startupConfig.GetString("CertFileName") +".p12") || startupConfig.GetBoolean("CertRenewOnStartup"))
+                    {               
+                        Util.CreateOrUpdateSelfsignedCert(
+                            string.IsNullOrEmpty(startupConfig.GetString("CertFileName")) ? "OpenSim" : startupConfig.GetString("CertFileName"),
+                            string.IsNullOrEmpty(startupConfig.GetString("CertHostName")) ? "localhost" : startupConfig.GetString("CertHostName"),
+                            string.IsNullOrEmpty(startupConfig.GetString("CertHostIp")) ? "127.0.0.1" : startupConfig.GetString("CertHostIp"),
+                            string.IsNullOrEmpty(startupConfig.GetString("CertPassword")) ? string.Empty : startupConfig.GetString("CertPassword")
+                        );
+                    }
+                }
+            }
+
             if(m_networkServersInfo.HttpUsesSSL)
             {
                 m_httpServerSSL = true;

diff --git a/OpenSim/Region/CoreModules/Scripting/LSLHttp/UrlModule.cs b/OpenSim/Region/CoreModules/Scripting/LSLHttp/UrlModule.cs
@@ -92,6 +92,7 @@ public class UrlModule : ISharedRegionModule, IUrlModule
         protected bool m_enabled = false;
         protected string m_ErrorStr;
         protected uint m_HttpsPort = 0;
+        protected uint m_HttpPort = 0;
         protected IHttpServer m_HttpServer = null;
         protected IHttpServer m_HttpsServer = null;
 
@@ -134,6 +135,8 @@ public void Initialise(IConfigSource config)
 
                 bool ssl_enabled = config.Configs["Network"].GetBoolean("https_listener", false);
 
+                m_HttpPort = (uint)config.Configs["Network"].GetInt("http_listener_port", 9000);
+
                 if (ssl_enabled)
                     m_HttpsPort = (uint)config.Configs["Network"].GetInt("https_port", (int)m_HttpsPort);
             }
@@ -180,7 +183,7 @@ public void AddRegion(Scene scene)
             {
                 // There can only be one
                 //
-                m_HttpServer = MainServer.Instance;
+                m_HttpServer = MainServer.GetHttpServer(m_HttpPort);
                 //
                 // We can use the https if it is enabled
                 if (m_HttpsPort > 0)

diff --git a/OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs b/OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs
@@ -2336,9 +2336,7 @@ private bool CanDoObjectInvToObjectInv(TaskInventoryItem item, SceneObjectPart s
                     return false;
             }
 
-            bool notSameOwner = srcsog.OwnerID.NotEqual(destsog.OwnerID);
-
-            if(notSameOwner)
+            if(srcsog.OwnerID.NotEqual(destsog.OwnerID))
             {
                 if((itperms & (uint)PermissionMask.Transfer) == 0)
                     return false;
@@ -2350,7 +2348,8 @@ private bool CanDoObjectInvToObjectInv(TaskInventoryItem item, SceneObjectPart s
             }
             else
             {
-                if((destsogEffectiveOwnerPerms & (uint)PermissionMask.Modify) == 0)
+                if((destsogEffectiveOwnerPerms & (uint)PermissionMask.Modify) == 0 &&
+                     (destsog.RootPart.GetEffectiveObjectFlags() & (uint)PrimFlags.AllowInventoryDrop) == 0)
                     return false;
             }
-Original file line number
+Diff line change
@@ Expand Up @@
     COMMIT;
     :VERSION 67         #----- Add allow unsit and scripted sit only
     BEGIN;
     ALTER TABLE `prims`
     	ADD COLUMN `AllowUnsit` TINYINT(3) NULL DEFAULT '1',
@@ Expand Down @@