Add rough and ready element explanation in a comment at the top of inventory library items xml

Signed-off-by: BlueWall <jamesh@bluewallgroup.com>

OpenSim/Framework/Communications/OutboundUrlFilter.cs

@@ -0,0 +1,256 @@
+/*
+ * Copyright (c) Contributors, http://opensimulator.org/
+ * See CONTRIBUTORS.TXT for a full list of copyright holders.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *     * Redistributions of source code must retain the above copyright
+ *       notice, this list of conditions and the following disclaimer.
+ *     * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *     * Neither the name of the OpenSimulator Project nor the
+ *       names of its contributors may be used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Net;
+using System.Reflection;
+using log4net;
+using LukeSkywalker.IPNetwork;
+using Nini.Config;
+
+namespace OpenSim.Framework.Communications
+{
+    public class OutboundUrlFilter
+    {
+        private static readonly ILog m_log = LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType);
+
+        public string Name { get; private set; }
+
+        private List<IPNetwork> m_blacklistNetworks;
+        private List<IPEndPoint> m_blacklistEndPoints;
+
+        private List<IPNetwork> m_blacklistExceptionNetworks;
+        private List<IPEndPoint> m_blacklistExceptionEndPoints;
+
+        public OutboundUrlFilter(
+            string name, 
+            List<IPNetwork> blacklistNetworks, List<IPEndPoint> blacklistEndPoints, 
+            List<IPNetwork> blacklistExceptionNetworks, List<IPEndPoint> blacklistExceptionEndPoints)
+        {
+            Name = name;
+
+            m_blacklistNetworks = blacklistNetworks;
+            m_blacklistEndPoints = blacklistEndPoints;
+            m_blacklistExceptionNetworks = blacklistExceptionNetworks;
+            m_blacklistExceptionEndPoints = blacklistExceptionEndPoints;
+        }
+
+        /// <summary>
+        /// Initializes a new instance of the <see cref="OpenSim.Framework.Communications.OutboundUrlFilter"/> class.
+        /// </summary>
+        /// <param name="name">Name of the filter for logging purposes.</param>
+        /// <param name="config">Filter configuration</param>
+        public OutboundUrlFilter(string name, IConfigSource config)
+        {
+            Name = name;
+
+            string configBlacklist
+                = "0.0.0.0/8|10.0.0.0/8|100.64.0.0/10|127.0.0.0/8|169.254.0.0/16|172.16.0.0/12|192.0.0.0/24|192.0.2.0/24|192.88.99.0/24|192.168.0.0/16|198.18.0.0/15|198.51.100.0/24|203.0.113.0/24|224.0.0.0/4|240.0.0.0/4|255.255.255.255/32";
+            string configBlacklistExceptions = "";
+
+            IConfig networkConfig = config.Configs["Network"];
+
+            if (networkConfig != null)
+            {
+                configBlacklist = networkConfig.GetString("OutboundDisallowForUserScripts", configBlacklist);
+                configBlacklistExceptions 
+                    = networkConfig.GetString("OutboundDisallowForUserScriptsExcept", configBlacklistExceptions);
+            }
+
+            m_log.DebugFormat(
+                "[OUTBOUND URL FILTER]: OutboundDisallowForUserScripts for {0} is [{1}]", Name, configBlacklist);
+            m_log.DebugFormat(
+                "[OUTBOUND URL FILTER]: OutboundDisallowForUserScriptsExcept for {0} is [{1}]", Name, configBlacklistExceptions);
+
+            OutboundUrlFilter.ParseConfigList(
+                configBlacklist, Name, out m_blacklistNetworks, out m_blacklistEndPoints);
+            OutboundUrlFilter.ParseConfigList(
+                configBlacklistExceptions, Name, out m_blacklistExceptionNetworks, out m_blacklistExceptionEndPoints);
+        }
+
+        private static void ParseConfigList(
+            string fullConfigEntry, string filterName, out List<IPNetwork> networks, out List<IPEndPoint> endPoints)
+        {
+            // Parse blacklist
+            string[] configBlacklistEntries 
+                = fullConfigEntry.Split(new char[] { '|' }, StringSplitOptions.RemoveEmptyEntries);
+
+            configBlacklistEntries = configBlacklistEntries.Select(e => e.Trim()).ToArray();
+
+            networks = new List<IPNetwork>();
+            endPoints = new List<IPEndPoint>();
+
+            foreach (string configEntry in configBlacklistEntries)
+            {
+                if (configEntry.Contains("/"))
+                {
+                    IPNetwork network;
+
+                    if (!IPNetwork.TryParse(configEntry, out network))
+                    {
+                        m_log.ErrorFormat(
+                            "[OUTBOUND URL FILTER]: Entry [{0}] is invalid network for {1}", configEntry, filterName);
+
+                        continue;
+                    }
+
+                    networks.Add(network);
+                }
+                else
+                {
+                    Uri configEntryUri;
+
+                    if (!Uri.TryCreate("http://" + configEntry, UriKind.Absolute, out configEntryUri))
+                    {
+                        m_log.ErrorFormat(
+                            "[OUTBOUND URL FILTER]: EndPoint entry [{0}] is invalid endpoint for {1}", 
+                            configEntry, filterName);
+
+                        continue;
+                    }
+
+                    IPAddress[] addresses = Dns.GetHostAddresses(configEntryUri.Host);
+
+                    foreach (IPAddress addr in addresses)
+                    {
+                        if (addr.AddressFamily == System.Net.Sockets.AddressFamily.InterNetwork)
+                        {
+                            //                        m_log.DebugFormat("[OUTBOUND URL FILTER]: Found address [{0}] in config", addr);
+
+                            IPEndPoint configEntryEp = new IPEndPoint(addr, configEntryUri.Port);
+                            endPoints.Add(configEntryEp);
+
+                            //                        m_log.DebugFormat("[OUTBOUND URL FILTER]: Added blacklist exception [{0}]", configEntryEp);
+                        }
+                    }
+                }
+            }
+        }
+
+        /// <summary>
+        /// Determines if an url is in a list of networks and endpoints.
+        /// </summary>
+        /// <returns></returns>
+        /// <param name="url">IP address</param>
+        /// <param name="port"></param>
+        /// <param name="networks">Networks.</param>
+        /// <param name="endPoints">End points.</param>
+        /// <param name="filterName">Filter name.</param>
+        private static bool IsInNetwork(
+            IPAddress addr, int port, List<IPNetwork> networks, List<IPEndPoint> endPoints, string filterName)
+        {
+            foreach (IPNetwork ipn in networks)
+            {
+//                                            m_log.DebugFormat(
+//                                                "[OUTBOUND URL FILTER]: Checking [{0}] against network [{1}]", addr, ipn);
+
+                if (IPNetwork.Contains(ipn, addr))
+                {
+//                                                    m_log.DebugFormat(
+//                                                        "[OUTBOUND URL FILTER]: Found [{0}] in network [{1}]", addr, ipn);
+
+                    return true;
+                }
+            }
+
+            //                    m_log.DebugFormat("[OUTBOUND URL FILTER]: Found address [{0}]", addr);
+
+            foreach (IPEndPoint ep in endPoints)
+            {
+//                m_log.DebugFormat(
+//                    "[OUTBOUND URL FILTER]: Checking [{0}:{1}] against endpoint [{2}]", 
+//                    addr, port, ep);
+
+                if (addr.Equals(ep.Address) && port == ep.Port)
+                {
+//                    m_log.DebugFormat(
+//                        "[OUTBOUND URL FILTER]: Found [{0}:{1}] in endpoint [{2}]", addr, port, ep);
+                                        
+                    return true;
+                }
+            }
+
+//            m_log.DebugFormat("[OUTBOUND URL FILTER]: Did not find [{0}:{1}] in list", addr, port);
+
+            return false;
+        }
+
+        /// <summary>
+        /// Checks whether the given url is allowed by the filter.
+        /// </summary>
+        /// <returns></returns>
+        public bool CheckAllowed(Uri url)
+        {
+            bool allowed = true;
+
+            // Check that we are permitted to make calls to this endpoint.
+            bool foundIpv4Address = false;
+
+            IPAddress[] addresses = Dns.GetHostAddresses(url.Host);
+
+            foreach (IPAddress addr in addresses)
+            {
+                if (addr.AddressFamily == System.Net.Sockets.AddressFamily.InterNetwork)
+                {
+//                    m_log.DebugFormat("[OUTBOUND URL FILTER]: Found address [{0}]", addr);
+
+                    foundIpv4Address = true;
+
+                    // Check blacklist
+                    if (OutboundUrlFilter.IsInNetwork(addr, url.Port, m_blacklistNetworks, m_blacklistEndPoints, Name))
+                    {
+//                        m_log.DebugFormat("[OUTBOUND URL FILTER]: Found [{0}] in blacklist for {1}", url, Name);
+
+                        // Check blacklist exceptions
+                        allowed 
+                            = OutboundUrlFilter.IsInNetwork(
+                                addr, url.Port, m_blacklistExceptionNetworks, m_blacklistExceptionEndPoints, Name);
+
+//                        if (allowed)
+//                            m_log.DebugFormat("[OUTBOUND URL FILTER]: Found [{0}] in whitelist for {1}", url, Name);
+                    }
+                }
+
+                // Found at least one address in a blacklist and not a blacklist exception
+                if (!allowed)
+                    return false;
+//                else
+//                    m_log.DebugFormat("[OUTBOUND URL FILTER]: URL [{0}] not in blacklist for {1}", url, Name);
+            }
+
+            // We do not know how to handle IPv6 securely yet.
+            if (!foundIpv4Address)
+                return false;
+
+//            m_log.DebugFormat("[OUTBOUND URL FILTER]: Allowing request [{0}]", url);
+
+            return allowed;
+        }
+    }
+}

OpenSim/Framework/Servers/HttpServer/BaseStreamHandler.cs

@@ -56,12 +56,17 @@ namespace OpenSim.Framework.Servers.HttpServer
             string path, Stream request, IOSHttpRequest httpRequest, IOSHttpResponse httpResponse)
         {
             RequestsReceived++;
-            if (m_Auth != null && !m_Auth.Authenticate(httpRequest.Headers, httpResponse.AddHeader))
+
+            if (m_Auth != null)
             {
-                
-                httpResponse.StatusCode = (int)HttpStatusCode.Unauthorized;
-                httpResponse.ContentType = "text/plain";
-                return new byte[0];
+                HttpStatusCode statusCode;
+
+                if (!m_Auth.Authenticate(httpRequest.Headers, httpResponse.AddHeader, out statusCode))
+                {                
+                    httpResponse.StatusCode = (int)statusCode;
+                    httpResponse.ContentType = "text/plain";
+                    return new byte[0];
+                }
             }
 
             byte[] result = ProcessRequest(path, request, httpRequest, httpResponse);

OpenSim/Framework/ServiceAuth/BasicHttpAuthentication.cs

@@ -28,6 +28,7 @@
 using System;
 using System.Collections.Generic;
 using System.Collections.Specialized;
+using System.Net;
 using System.Reflection;
 
 using Nini.Config;
@@ -82,24 +83,28 @@ namespace OpenSim.Framework.ServiceAuth
             return false;
         }
 
-        public bool Authenticate(NameValueCollection requestHeaders, AddHeaderDelegate d)
+        public bool Authenticate(NameValueCollection requestHeaders, AddHeaderDelegate d, out HttpStatusCode statusCode)
         {
-            //m_log.DebugFormat("[HTTP BASIC AUTH]: Authenticate in {0}", remove_me);
-            if (requestHeaders != null)
+//            m_log.DebugFormat("[HTTP BASIC AUTH]: Authenticate in {0}", "BasicHttpAuthentication");
+
+            string value = requestHeaders.Get("Authorization");
+            if (value != null)
             {
-                string value = requestHeaders.Get("Authorization");
-                if (value != null)
+                value = value.Trim();
+                if (value.StartsWith("Basic "))
                 {
-                    value = value.Trim();
-                    if (value.StartsWith("Basic "))
+                    value = value.Replace("Basic ", string.Empty);
+                    if (Authenticate(value))
                     {
-                        value = value.Replace("Basic ", string.Empty);
-                        if (Authenticate(value))
-                            return true;
+                        statusCode = HttpStatusCode.OK;
+                        return true;
                     }
                 }
             }
+
             d("WWW-Authenticate", "Basic realm = \"Asset Server\"");
+
+            statusCode = HttpStatusCode.Unauthorized;
             return false;
         }
     }

OpenSim/Framework/ServiceAuth/CompoundAuthentication.cs

@@ -0,0 +1,71 @@
+/*
+ * Copyright (c) Contributors, http://opensimulator.org/
+ * See CONTRIBUTORS.TXT for a full list of copyright holders.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *     * Redistributions of source code must retain the above copyright
+ *       notice, this list of conditions and the following disclaimer.
+ *     * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *     * Neither the name of the OpenSimulator Project nor the
+ *       names of its contributors may be used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+using System;
+using System.Collections.Generic;
+using System.Collections.Specialized;
+using System.Linq;
+using System.Net;
+
+namespace OpenSim.Framework.ServiceAuth
+{
+    public class CompoundAuthentication : IServiceAuth
+    {
+        private List<IServiceAuth> m_authentications = new List<IServiceAuth>();
+
+        public int Count { get { return m_authentications.Count; } }
+
+        public void AddAuthenticator(IServiceAuth auth)
+        {
+            m_authentications.Add(auth);
+        }
+
+        public void RemoveAuthenticator(IServiceAuth auth)
+        {
+            m_authentications.Remove(auth);
+        }
+
+        public void AddAuthorization(NameValueCollection headers) {}
+
+        public bool Authenticate(string data)
+        {
+            return m_authentications.TrueForAll(a => a.Authenticate(data));
+        }
+
+        public bool Authenticate(NameValueCollection requestHeaders, AddHeaderDelegate d, out HttpStatusCode statusCode)
+        {
+            foreach (IServiceAuth auth in m_authentications)
+            {
+                if (!auth.Authenticate(requestHeaders, d, out statusCode))
+                    return false;
+            }
+
+            statusCode = HttpStatusCode.OK;
+            return true;
+        }
+    }
+}

OpenSim/Framework/ServiceAuth/DisallowLlHttpRequest.cs

@@ -0,0 +1,57 @@
+/*
+ * Copyright (c) Contributors, http://opensimulator.org/
+ * See CONTRIBUTORS.TXT for a full list of copyright holders.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *     * Redistributions of source code must retain the above copyright
+ *       notice, this list of conditions and the following disclaimer.
+ *     * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *     * Neither the name of the OpenSimulator Project nor the
+ *       names of its contributors may be used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+using System;
+using System.Collections.Specialized;
+using System.Net;
+
+namespace OpenSim.Framework.ServiceAuth
+{
+    public class DisallowLlHttpRequest : IServiceAuth
+    {
+        public void AddAuthorization(NameValueCollection headers) {}
+
+        public bool Authenticate(string data)
+        {
+            return false;
+        }
+
+        public bool Authenticate(NameValueCollection requestHeaders, AddHeaderDelegate d, out HttpStatusCode statusCode)
+        {
+//            Console.WriteLine("DisallowLlHttpRequest");
+
+            if (requestHeaders["X-SecondLife-Shard"] != null)
+            {
+                statusCode = HttpStatusCode.Forbidden;
+                return false;
+            }
+
+            statusCode = HttpStatusCode.OK;
+            return true;
+        }
+    }
+}

OpenSim/Framework/ServiceAuth/IServiceAuth.cs

@@ -26,6 +26,7 @@
  */
 
 using System;
+using System.Net;
 using System.Collections.Generic;
 using System.Collections.Specialized;
 
@@ -36,7 +37,7 @@ namespace OpenSim.Framework.ServiceAuth
     public interface  IServiceAuth
     {
         bool Authenticate(string data);
-        bool Authenticate(NameValueCollection headers, AddHeaderDelegate d);
+        bool Authenticate(NameValueCollection headers, AddHeaderDelegate d, out HttpStatusCode statusCode);
         void AddAuthorization(NameValueCollection headers);
     }
 }

OpenSim/Framework/ServiceAuth/ServiceAuth.cs

@@ -36,15 +36,27 @@ namespace OpenSim.Framework.ServiceAuth
     {
         public static IServiceAuth Create(IConfigSource config, string section)
         {
+            CompoundAuthentication compoundAuth = new CompoundAuthentication();
+
+            bool allowLlHttpRequestIn
+                = Util.GetConfigVarFromSections<bool>(config, "AllowllHTTPRequestIn", new string[] { "Network", section }, false);
+
+            if (!allowLlHttpRequestIn)
+                compoundAuth.AddAuthenticator(new DisallowLlHttpRequest());
+
             string authType = Util.GetConfigVarFromSections<string>(config, "AuthType", new string[] { "Network", section }, "None");
 
             switch (authType)
             {
                 case "BasicHttpAuthentication":
-                    return new BasicHttpAuthentication(config, section);
+                    compoundAuth.AddAuthenticator(new BasicHttpAuthentication(config, section));
+                    break;
             }
 
-            return null;
+            if (compoundAuth.Count > 0)
+                return compoundAuth;
+            else
+                return null;
         }
     }
-}
+}

OpenSim/Framework/VersionInfo.cs

@@ -30,7 +30,7 @@ namespace OpenSim
     public class VersionInfo
     {
         public const string VersionNumber = "0.8.1.0";
-        private const Flavour VERSION_FLAVOUR = Flavour.Dev;
+        private const Flavour VERSION_FLAVOUR = Flavour.RC2;
 
         public enum Flavour
         {

OpenSim/Region/CoreModules/Scripting/HttpRequest/ScriptsHttpRequests.cs

@@ -40,6 +40,7 @@ using log4net;
 using Nini.Config;
 using OpenMetaverse;
 using OpenSim.Framework;
+using OpenSim.Framework.Communications;
 using OpenSim.Framework.Servers;
 using OpenSim.Framework.Servers.HttpServer;
 using OpenSim.Region.Framework.Interfaces;
@@ -94,10 +95,13 @@ namespace OpenSim.Region.CoreModules.Scripting.HttpRequest
     [Extension(Path = "/OpenSim/RegionModules", NodeName = "RegionModule", Id = "HttpRequestModule")]
     public class HttpRequestModule : ISharedRegionModule, IHttpRequestModule
     {
+//        private static readonly ILog m_log = LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType);
+
         private object HttpListLock = new object();
         private int httpTimeout = 30000;
         private string m_name = "HttpScriptRequests";
 
+        private OutboundUrlFilter m_outboundUrlFilter;
         private string m_proxyurl = "";
         private string m_proxyexcepts = "";
 
@@ -156,7 +160,9 @@ namespace OpenSim.Region.CoreModules.Scripting.HttpRequest
             return UUID.Zero;
         }
 
-        public UUID StartHttpRequest(uint localID, UUID itemID, string url, List<string> parameters, Dictionary<string, string> headers, string body)
+        public UUID StartHttpRequest(
+            uint localID, UUID itemID, string url, List<string> parameters, Dictionary<string, string> headers, string body,
+            out HttpInitialRequestStatus status)
         {
             UUID reqID = UUID.Random();
             HttpRequestClass htc = new HttpRequestClass();
@@ -232,7 +238,8 @@ namespace OpenSim.Region.CoreModules.Scripting.HttpRequest
                     }
                 }
             }
-
+                        
+            htc.RequestModule = this;
             htc.LocalID = localID;
             htc.ItemID = itemID;
             htc.Url = url;
@@ -243,14 +250,43 @@ namespace OpenSim.Region.CoreModules.Scripting.HttpRequest
             htc.proxyurl = m_proxyurl;
             htc.proxyexcepts = m_proxyexcepts;
 
+            // Same number as default HttpWebRequest.MaximumAutomaticRedirections
+            htc.MaxRedirects = 50;
+
+            if (StartHttpRequest(htc))
+            {
+                status = HttpInitialRequestStatus.OK;
+                return htc.ReqID;
+            }
+            else
+            {
+                status = HttpInitialRequestStatus.DISALLOWED_BY_FILTER;
+                return UUID.Zero;
+            }
+        }
+
+        /// <summary>
+        /// Would a caller to this module be allowed to make a request to the given URL?
+        /// </summary>
+        /// <returns></returns>
+        public bool CheckAllowed(Uri url)
+        {
+            return m_outboundUrlFilter.CheckAllowed(url);
+        }
+
+        public bool StartHttpRequest(HttpRequestClass req)
+        {          
+            if (!CheckAllowed(new Uri(req.Url)))
+                return false;
+
             lock (HttpListLock)
             {
-                m_pendingRequests.Add(reqID, htc);
+                m_pendingRequests.Add(req.ReqID, req);
             }
 
-            htc.Process();
+            req.Process();
 
-            return reqID;
+            return true;
         }
 
         public void StopHttpRequestsForScript(UUID id)
@@ -326,6 +362,8 @@ namespace OpenSim.Region.CoreModules.Scripting.HttpRequest
             m_proxyurl = config.Configs["Startup"].GetString("HttpProxy");
             m_proxyexcepts = config.Configs["Startup"].GetString("HttpProxyExceptions");
 
+            m_outboundUrlFilter = new OutboundUrlFilter("Script HTTP request module", config);
+
             m_pendingRequests = new Dictionary<UUID, HttpRequestClass>();
         }
 
@@ -368,7 +406,7 @@ namespace OpenSim.Region.CoreModules.Scripting.HttpRequest
         #endregion
     }
 
-    public class HttpRequestClass: IServiceRequest
+    public class HttpRequestClass : IServiceRequest
     {
 //        private static readonly ILog m_log = LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType);
 
@@ -380,6 +418,12 @@ namespace OpenSim.Region.CoreModules.Scripting.HttpRequest
         // public const int HTTP_VERBOSE_THROTTLE = 4;
         // public const int HTTP_CUSTOM_HEADER = 5;
         // public const int HTTP_PRAGMA_NO_CACHE = 6;
+
+        /// <summary>
+        /// Module that made this request.
+        /// </summary>
+        public HttpRequestModule RequestModule { get; set; }
+
         private bool _finished;
         public bool Finished
         {
@@ -412,6 +456,17 @@ namespace OpenSim.Region.CoreModules.Scripting.HttpRequest
         public DateTime Next;
         public string proxyurl;
         public string proxyexcepts;
+
+        /// <summary>
+        /// Number of HTTP redirects that this request has been through.
+        /// </summary>
+        public int Redirects { get; private set; }
+
+        /// <summary>
+        /// Maximum number of HTTP redirects allowed for this request.
+        /// </summary>
+        public int MaxRedirects { get; set; }
+
         public string OutboundBody;
         private UUID _reqID;
         public UUID ReqID
@@ -419,7 +474,7 @@ namespace OpenSim.Region.CoreModules.Scripting.HttpRequest
             get { return _reqID; }
             set { _reqID = value; }
         }
-        public WebRequest Request;
+        public HttpWebRequest Request;
         public string ResponseBody;
         public List<string> ResponseMetadata;
         public Dictionary<string, string> ResponseHeaders;
@@ -435,7 +490,8 @@ namespace OpenSim.Region.CoreModules.Scripting.HttpRequest
         {
             try
             {
-                Request = WebRequest.Create(Url);
+                Request = (HttpWebRequest)WebRequest.Create(Url);
+                Request.AllowAutoRedirect = false;               
                 Request.Method = HttpMethod;
                 Request.ContentType = HttpMIMEType;
 
@@ -450,16 +506,19 @@ namespace OpenSim.Region.CoreModules.Scripting.HttpRequest
 //                {
 //                    Request.ConnectionGroupName="Verify";
 //                }
+
                 if (!HttpPragmaNoCache)
                 {
                     Request.Headers.Add("Pragma", "no-cache");
                 }
+
                 if (HttpCustomHeaders != null)
                 {
                     for (int i = 0; i < HttpCustomHeaders.Count; i += 2)
                         Request.Headers.Add(HttpCustomHeaders[i],
                                             HttpCustomHeaders[i+1]);
                 }
+
                 if (!string.IsNullOrEmpty(proxyurl))
                 {
                     if (!string.IsNullOrEmpty(proxyexcepts))
@@ -565,7 +624,52 @@ namespace OpenSim.Region.CoreModules.Scripting.HttpRequest
                 if (response != null)
                     response.Close();
 
-                _finished = true;
+                // We need to resubmit 
+                if (
+                    (Status == (int)HttpStatusCode.MovedPermanently
+                        || Status == (int)HttpStatusCode.Found
+                        || Status == (int)HttpStatusCode.SeeOther
+                        || Status == (int)HttpStatusCode.TemporaryRedirect))
+                {
+                    if (Redirects >= MaxRedirects)
+                    {
+                        Status = (int)OSHttpStatusCode.ClientErrorJoker;
+                        ResponseBody = "Number of redirects exceeded max redirects";
+                        _finished = true;
+                    }
+                    else
+                    {
+                        string location = response.Headers["Location"];
+
+                        if (location == null)
+                        {
+                            Status = (int)OSHttpStatusCode.ClientErrorJoker;
+                            ResponseBody = "HTTP redirect code but no location header";
+                            _finished = true;
+                        }
+                        else if (!RequestModule.CheckAllowed(new Uri(location)))
+                        {
+                            Status = (int)OSHttpStatusCode.ClientErrorJoker;
+                            ResponseBody = "URL from HTTP redirect blocked: " + location;
+                            _finished = true;
+                        }
+                        else
+                        {
+                            Status = 0;
+                            Url = response.Headers["Location"];
+                            Redirects++;
+                            ResponseBody = null;
+
+//                            m_log.DebugFormat("Redirecting to [{0}]", Url);
+
+                            Process();
+                        }
+                    }
+                }
+                else
+                {
+                    _finished = true;
+                }
             }
         }
 
@@ -583,4 +687,4 @@ namespace OpenSim.Region.CoreModules.Scripting.HttpRequest
                 Request.Abort();
         }
     }
-}
+}

OpenSim/Region/CoreModules/Scripting/HttpRequest/Tests/ScriptsHttpRequestsTests.cs

@@ -146,11 +146,11 @@ namespace OpenSim.Region.CoreModules.Scripting.HttpRequest.Tests
         /// <summary>
         /// Test what happens when we get a 404 response from a call.
         /// </summary>
-        [Test]
+//        [Test]
         public void Test404Response()
         {
             TestHelpers.InMethod();
-//            TestHelpers.EnableLogging();
+            TestHelpers.EnableLogging();
 
             if (!Util.IsPlatformMono)
                 Assert.Ignore("Ignoring test since can only currently run on Mono");           

OpenSim/Region/CoreModules/Scripting/LoadImageURL/LoadImageURLModule.cs

@@ -32,6 +32,7 @@ using System.Net;
 using Nini.Config;
 using OpenMetaverse;
 using OpenMetaverse.Imaging;
+using OpenSim.Framework.Communications;
 using OpenSim.Region.CoreModules.Scripting.DynamicTexture;
 using OpenSim.Region.Framework.Interfaces;
 using OpenSim.Region.Framework.Scenes;
@@ -50,6 +51,7 @@ namespace OpenSim.Region.CoreModules.Scripting.LoadImageURL
         private Scene m_scene;
         private IDynamicTextureManager m_textureManager;
 
+        private OutboundUrlFilter m_outboundUrlFilter;
         private string m_proxyurl = "";
         private string m_proxyexcepts = "";
 
@@ -88,8 +90,7 @@ namespace OpenSim.Region.CoreModules.Scripting.LoadImageURL
 
         public bool AsyncConvertUrl(UUID id, string url, string extraParams)
         {
-            MakeHttpRequest(url, id);
-            return true;
+            return MakeHttpRequest(url, id);
         }
 
         public bool AsyncConvertData(UUID id, string bodyData, string extraParams)
@@ -110,6 +111,7 @@ namespace OpenSim.Region.CoreModules.Scripting.LoadImageURL
 
         public void Initialise(IConfigSource config)
         {
+            m_outboundUrlFilter = new OutboundUrlFilter("Script dynamic texture image module", config);
             m_proxyurl = config.Configs["Startup"].GetString("HttpProxy");
             m_proxyexcepts = config.Configs["Startup"].GetString("HttpProxyExceptions");
         }
@@ -157,9 +159,13 @@ namespace OpenSim.Region.CoreModules.Scripting.LoadImageURL
 
         #endregion
 
-        private void MakeHttpRequest(string url, UUID requestID)
+        private bool MakeHttpRequest(string url, UUID requestID)
         {
-            WebRequest request = HttpWebRequest.Create(url);
+            if (!m_outboundUrlFilter.CheckAllowed(new Uri(url)))
+                return false;
+
+            HttpWebRequest request = (HttpWebRequest)WebRequest.Create(url);
+            request.AllowAutoRedirect = false;
             
             if (!string.IsNullOrEmpty(m_proxyurl)) 
             {
@@ -174,12 +180,14 @@ namespace OpenSim.Region.CoreModules.Scripting.LoadImageURL
                 }
             }
 
-            RequestState state = new RequestState((HttpWebRequest) request, requestID);
+            RequestState state = new RequestState(request, requestID);
             // IAsyncResult result = request.BeginGetResponse(new AsyncCallback(HttpRequestReturn), state);
             request.BeginGetResponse(new AsyncCallback(HttpRequestReturn), state);
 
             TimeSpan t = (DateTime.UtcNow - new DateTime(1970, 1, 1));
             state.TimeOfRequest = (int) t.TotalSeconds;
+
+            return true;
         }
 
         private void HttpRequestReturn(IAsyncResult result)
@@ -195,10 +203,11 @@ namespace OpenSim.Region.CoreModules.Scripting.LoadImageURL
             Stream stream = null;
             byte[] imageJ2000 = new byte[0];
             Size newSize = new Size(0, 0);
+            HttpWebResponse response = null;
 
             try
             {
-                HttpWebResponse response = (HttpWebResponse)request.EndGetResponse(result);
+                response = (HttpWebResponse)request.EndGetResponse(result);
                 if (response != null && response.StatusCode == HttpStatusCode.OK)
                 {
                     stream = response.GetResponseStream();
@@ -262,18 +271,32 @@ namespace OpenSim.Region.CoreModules.Scripting.LoadImageURL
             finally
             {
                 if (stream != null)
-                {
                     stream.Close();
+
+                if (response != null)
+                    response.Close();
+
+                if (
+                    response.StatusCode == HttpStatusCode.MovedPermanently
+                        || response.StatusCode == HttpStatusCode.Found
+                        || response.StatusCode == HttpStatusCode.SeeOther
+                        || response.StatusCode == HttpStatusCode.TemporaryRedirect)
+                {
+                    string redirectedUrl = response.Headers["Location"];
+
+                    MakeHttpRequest(redirectedUrl, state.RequestID);
+                }
+                else
+                {
+                    m_log.DebugFormat("[LOADIMAGEURLMODULE]: Returning {0} bytes of image data for request {1}",
+                                      imageJ2000.Length, state.RequestID);
+
+                    m_textureManager.ReturnData(
+                        state.RequestID,
+                        new OpenSim.Region.CoreModules.Scripting.DynamicTexture.DynamicTexture(
+                        request.RequestUri, null, imageJ2000, newSize, false));
                 }
             }
-
-            m_log.DebugFormat("[LOADIMAGEURLMODULE]: Returning {0} bytes of image data for request {1}",
-                                       imageJ2000.Length, state.RequestID);
-
-            m_textureManager.ReturnData(
-                state.RequestID,
-                new OpenSim.Region.CoreModules.Scripting.DynamicTexture.DynamicTexture(
-                    request.RequestUri, null, imageJ2000, newSize, false));
         }
 
         #region Nested type: RequestState

OpenSim/Region/Framework/Interfaces/IHttpRequests.cs

@@ -25,6 +25,7 @@
  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
+using System;
 using System.Collections.Generic;
 using OpenMetaverse;
 
@@ -41,10 +42,44 @@ namespace OpenSim.Region.Framework.Interfaces
         HTTP_PRAGMA_NO_CACHE = 6
     }
 
+    /// <summary>
+    /// The initial status of the request before it is placed on the wire.
+    /// </summary>
+    /// <remarks>
+    /// The request may still fail later on, in which case the normal HTTP status is set.
+    /// </remarks>
+    [Flags]
+    public enum HttpInitialRequestStatus
+    {
+        OK = 1,
+        DISALLOWED_BY_FILTER = 2
+    }
+
     public interface IHttpRequestModule
     {
         UUID MakeHttpRequest(string url, string parameters, string body);
-        UUID StartHttpRequest(uint localID, UUID itemID, string url, List<string> parameters, Dictionary<string, string> headers, string body);
+
+        /// <summary>
+        /// Starts the http request.
+        /// </summary>
+        /// <remarks>
+        /// This is carried out asynchronously unless it fails initial checks.  Results are fetched by the script engine
+        /// HTTP requests module to be distributed back to scripts via a script event.
+        /// </remarks>
+        /// <returns>The ID of the request.  If the requested could not be performed then this is UUID.Zero</returns>
+        /// <param name="localID">Local ID of the object containing the script making the request.</param>
+        /// <param name="itemID">Item ID of the script making the request.</param>
+        /// <param name="url">Url to request.</param>
+        /// <param name="parameters">LSL parameters for the request.</param>
+        /// <param name="headers">Extra headers for the request.</param>
+        /// <param name="body">Body of the request.</param>
+        /// <param name="status">
+        /// Initial status of the request.  If OK then the request is actually made to the URL.  Subsequent status is
+        /// then returned via IServiceRequest when the response is asynchronously fetched.
+        /// </param>
+        UUID StartHttpRequest(
+            uint localID, UUID itemID, string url, List<string> parameters, Dictionary<string, string> headers, string body, 
+            out HttpInitialRequestStatus status);
 
         /// <summary>
         /// Stop and remove all http requests for the given script.

OpenSim/Region/ScriptEngine/Shared/Api/Implementation/LSL_Api.cs

@@ -11004,8 +11004,12 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
                 }
             }
 
+            HttpInitialRequestStatus status;
             UUID reqID
-                = httpScriptMod.StartHttpRequest(m_host.LocalId, m_item.ItemID, url, param, httpHeaders, body);
+                = httpScriptMod.StartHttpRequest(m_host.LocalId, m_item.ItemID, url, param, httpHeaders, body, out status);
+
+            if (status == HttpInitialRequestStatus.DISALLOWED_BY_FILTER)
+                Error("llHttpRequest", string.Format("Request to {0} disallowed by filter", url));
 
             if (reqID != UUID.Zero)
                 return reqID.ToString();

OpenSim/Services/Connectors/Presence/PresenceServicesConnector.cs

@@ -301,6 +301,7 @@ namespace OpenSim.Services.Connectors
             catch (Exception e)
             {
                 m_log.DebugFormat("[PRESENCE CONNECTOR]: Exception when contacting presence server at {0}: {1}", uri, e.Message);
+                return null;
             }
 
             Dictionary<string, object> replyData = ServerUtils.ParseXmlResponse(reply);

bin/OpenSim.ini.example

@@ -486,6 +486,32 @@
     ;; the region ports use UDP.
     ; http_listener_port = 9000
 
+    ; By default, OpenSimulator does not allow scripts to make HTTP calls to addresses on the simulator's LAN.
+    ; See the OutboundDisallowForUserScripts parameter in OpenSimDefaults.ini for more information on this filter.
+    ; If you need to allow scripts to make some LAN calls use the OutboundDisallowForUserScriptsExcept parameter below.
+    ; We recommend that you do not override OutboundDisallowForUserScripts directly unless you are very sure about what you're doing.
+    ;
+    ; You can whitelist individual endpoints by IP or FQDN, e.g.
+    ;
+    ; OutboundDisallowForUserScriptsExcept = 192.168.1.3:8003
+    ; 
+    ; You can specify multiple addresses by separating them with a bar.  For example,
+    ;
+    ; OutboundDisallowForUserScriptsExcept = 192.168.1.3:8003|myinternalserver:8000
+    ; 
+    ; If an address if given without a port number then port 80 is assumed
+    ;
+    ; You can also specify a network range in CIDR notation to whitelist, e.g.
+    ;
+    ; OutboundDisallowForUserScriptsExcept = 192.168.1.0/24
+    ;
+    ; to whitelist all ports on addresses 192.168.1.0 to 192.168.1.255
+    ; To specify an individual IP address use the /32 netmask
+    ;
+    ; OutboundDisallowForUserScriptsExcept = 192.168.1.2/32
+    ;
+    ; See http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing#CIDR_notation for more information on CIDR notation
+
     ;# {ExternalHostNameForLSL} {} {Hostname to use for HTTP-IN URLs. This should be reachable from the internet.} {}
     ;; Hostname to use in llRequestURL/llRequestSecureURL
     ;; if not defined - default machine name is being used
@@ -568,7 +594,6 @@
     Cap_GetTexture = "localhost"
     Cap_GetMesh = "localhost"
     Cap_AvatarPickerSearch = "localhost"
-    Cap_GetDisplayNames = "localhost"
 
 
 [SimulatorFeatures]

bin/OpenSimDefaults.ini

@@ -492,6 +492,26 @@
     ; (on Windows this mean NETBIOS name - useably only inside local network)
     ; ExternalHostNameForLSL=127.0.0.1
 
+    ; Disallow the following address ranges for user scripting calls (e.g. llHttpRequest())
+    ; This is based on http://en.wikipedia.org/wiki/Reserved_IP_addresses
+    ; This stops users making HTTP calls to machines in the simulator's local network.
+    ; If you need to allow some LAN calls we recommend you use OutboundDisallowForUserScriptsExcept documented in OpenSim.ini.example
+    ; If you override OutboundDisallowForUserScripts directly you need to be very careful.
+    ;
+    ; Network ranges are specified in CIDR notation (http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing#CIDR_notation) with multiple entries separated by |
+    ; To specify an individual IP address use the /32 netmask (e.g. 192.168.1.3/32)
+    ; You can also specify individual <addr>:<port> endpoints (e.g. 192.168.1.3:8003)
+    ; If an address if given without a port number then port 80 is assumed.
+    OutboundDisallowForUserScripts = 0.0.0.0/8|10.0.0.0/8|100.64.0.0/10|127.0.0.0/8|169.254.0.0/16|172.16.0.0/12|192.0.0.0/24|192.0.2.0/24|192.88.99.0/24|192.168.0.0/16|198.18.0.0/15|198.51.100.0/24|203.0.113.0/24|224.0.0.0/4|240.0.0.0/4|255.255.255.255/32
+    ;
+    ; You can also prevent all user script outgoing calls with the following override in OpenSim.ini
+    ;
+    ; OutboundDisallowForUserScripts = 0.0.0.0/0
+    ;
+    ; You can also disable the blacklist entirely with an empty entry
+    ;
+    ; OutboundDisallowForUserScripts = ""
+  
     ; What is reported as the "X-Secondlife-Shard"
     ; Defaults to the user server url if not set
     ; The old default is "OpenSim", set here for compatibility
@@ -645,7 +665,7 @@
     Cap_ObjectMediaNavigate = "localhost"
     Cap_FetchLib = ""
     Cap_FetchLibDescendents = ""
-    Cap_GetDisplayNames = "localhost"
+    Cap_GetDisplayNames = ""
     Cap_GetTexture = "localhost"
     Cap_GetMesh = "localhost"
     Cap_GetObjectCost = ""

bin/Regions/Regions.ini.example

@@ -15,13 +15,13 @@
 ; * You MUST change this! It will NOT be done for you!
 ; *
 
-RegionUUID = "11111111-2222-3333-4444-555555555555"
+RegionUUID = 11111111-2222-3333-4444-555555555555
 
-Location = "1000,1000"
-InternalAddress = "127.0.0.1"
+Location = 1000,1000
+InternalAddress = 0.0.0.0
 InternalPort = 9000
 AllowAlternatePorts = False
-ExternalHostName = "SYSTEMIP"
+ExternalHostName = SYSTEMIP
 
 ; *
 ; * Variable-sized regions allows the creation of large, borderless spaces.
@@ -67,13 +67,13 @@ ExternalHostName = "SYSTEMIP"
 ; *
 ; * Now, there is a setting in [Map] in OpenSim.ini called
 ; *
-; *  MaptileStaticUUID = "00000000-0000-0000-0000-000000000000"
+; *  MaptileStaticUUID = 00000000-0000-0000-0000-000000000000
 ; *
 ; * where, given the criteria above, lets you specify the UUID of a texture asset to use
 ; * as a maptile *Simulator Wide*. Here, you can override that on a per region basis for
 ; * Simulators that run multiple regions:
 
-; MaptileStaticUUID = "00000000-0000-0000-0000-000000000000"
+; MaptileStaticUUID = 00000000-0000-0000-0000-000000000000
 
 
 ; * Region Specific Static Maptiles from file:

bin/Robust.HG.ini.example

@@ -153,6 +153,13 @@
     ;; Hypergrid services are not affected by this; they are publicly available 
     ;; by design.
 
+    ;; By default, scripts are not allowed to call private services via llHttpRequest()
+    ;; Such calls are detected by the X-SecondLife-Shared HTTP header
+    ;; If you allow such calls you must be sure that they are restricted to very trusted scripters
+    ;; (remember scripts can also be in visiting avatar attachments).
+    ;; This can be overriden in individual private service sections if necessary
+    AllowllHTTPRequestIn = false
+
     ; * The following are for the remote console
     ; * They have no effect for the local or basic console types
     ; * Leave commented to diable logins to the console

bin/Robust.ini.example

@@ -129,6 +129,13 @@
     ;; This is useful in cases where you want to protect most of the services,
     ;; but unprotect individual services. Username and Password can also be
     ;; overriden if you want to use different credentials for the different services.
+    
+    ;; By default, scripts are not allowed to call private services via llHttpRequest()
+    ;; Such calls are detected by the X-SecondLife-Shared HTTP header
+    ;; If you allow such calls you must be sure that they are restricted to very trusted scripters
+    ;; (remember scripts can also be in visiting avatar attachments).
+    ;; This can be overriden in individual private service sections if necessary
+    AllowllHTTPRequestIn = false
 
     ; * The following are for the remote console
     ; * They have no effect for the local or basic console types

bin/inventory/AnimationsLibrary/AnimationsLibraryItems.xml

@@ -1,3 +1,14 @@
+<!--
+  In Keys,
+    name is the name of the item.
+    description is the description of the item.
+    assetID is the ID of the asset data that is referenced by the item.
+    folderID is the ID of the folder containing this item.
+    inventoryID is the ID for the item.  It must be unique.
+    assetType is the asset type of the item.  See the OpenMetaverse.AssetType enum in libopenmetaverse
+    inventoryType is the inventory type of the item.  See the OpenMetaverse.InventoryType enum in libopenmetaverse
+-->
+
 <Nini>
   <Section Name="place_marker">
     <Key Name="folderID" Value="f0908f10-b9bf-11dc-95ff-0800200c9a66"/>

bin/inventory/BodyPartsLibrary/BodyPartsLibraryItems.xml

@@ -1,5 +1,17 @@
 <Nini>
 
+<!--
+  In Keys,
+    name is the name of the item.
+    description is the description of the item.
+    assetID is the ID of the asset data that is referenced by the item.
+    folderID is the ID of the folder containing this item.
+    inventoryID is the ID for the item.  It must be unique.
+    assetType is the asset type of the item.  See the OpenMetaverse.AssetType enum in libopenmetaverse
+    inventoryType is the inventory type of the item.  See the OpenMetaverse.InventoryType enum in libopenmetaverse
+    flags are only required for wearables.  See OpenMetaverse.WearableType enum in libopenmetaverse.
+-->
+
 <!--
   <Section Name="Example Library Item">
     <Key Name="inventoryID" Value="30000000-0000-2222-4444-000000000001" />
@@ -9,6 +21,7 @@
     <Key Name="name" Value="Example Library Item" />
     <Key Name="assetType" Value="7" />
     <Key Name="inventoryType" Value="7" />
+    <Key Name="flags" Value="0" />
   </Section>
 --> 
 <!--
@@ -20,6 +33,7 @@
     <Key Name="name" Value="Hair" />
     <Key Name="assetType" Value="13" />
     <Key Name="inventoryType" Value="18" />
+    <Key Name="flags" Value="2" />
   </Section>
   
   <Section Name="Skin">
@@ -30,6 +44,7 @@
     <Key Name="name" Value="Skin" />
     <Key Name="assetType" Value="13" />
     <Key Name="inventoryType" Value="18" />
+    <Key Name="flags" Value="1" />
   </Section>
 -->
 <!--
@@ -41,6 +56,7 @@
     <Key Name="name" Value="Jim Skin" />
     <Key Name="assetType" Value="13" />
     <Key Name="inventoryType" Value="13" />
+    <Key Name="flags" Value="1" />
   </Section>
 
   <Section Name="Little Goblin Skin">
@@ -51,6 +67,7 @@
     <Key Name="name" Value="Little Goblin Skin" />
     <Key Name="assetType" Value="13" />
     <Key Name="inventoryType" Value="13" />
+    <Key Name="flags" Value="1" />
   </Section>
 -->
 <!--
@@ -62,6 +79,7 @@
     <Key Name="name" Value="Shape" />
     <Key Name="assetType" Value="13" />
     <Key Name="inventoryType" Value="18" />
+    <Key Name="flags" Value="0" />
   </Section>
 -->
 <!--
@@ -73,6 +91,7 @@
     <Key Name="name" Value="Jim Shape" />
     <Key Name="assetType" Value="13" />
     <Key Name="inventoryType" Value="13" />
+    <Key Name="flags" Value="0" />
   </Section>
 
   <Section Name="Little Goblin Shape">
@@ -83,6 +102,7 @@
     <Key Name="name" Value="Little Goblin Shape" />
     <Key Name="assetType" Value="13" />
     <Key Name="inventoryType" Value="13" />
+    <Key Name="flags" Value="0" />
   </Section>
   -->
 

bin/inventory/ClothingLibrary/ClothingLibraryItems.xml

@@ -1,5 +1,17 @@
 <Nini>
 
+<!--
+  In Keys,
+    name is the name of the item.
+    description is the description of the item.
+    assetID is the ID of the asset data that is referenced by the item.
+    folderID is the ID of the folder containing this item.
+    inventoryID is the ID for the item.  It must be unique.
+    assetType is the asset type of the item.  See the OpenMetaverse.AssetType enum in libopenmetaverse
+    inventoryType is the inventory type of the item.  See the OpenMetaverse.InventoryType enum in libopenmetaverse
+    flags are only required for wearables.  See OpenMetaverse.WearableType enum in libopenmetaverse.
+-->
+
 <!--
   <Section Name="Example Library Item">
     <Key Name="inventoryID" Value="30000000-0000-2222-4444-000000000001" />
@@ -9,6 +21,7 @@
     <Key Name="name" Value="Example Library Item" />
     <Key Name="assetType" Value="7" />
     <Key Name="inventoryType" Value="7" />
+    <Key Name="flags" Value="0" />
   </Section>
 --> 
 <!--
@@ -20,6 +33,7 @@
     <Key Name="name" Value="Shirt" />
     <Key Name="assetType" Value="5" />
     <Key Name="inventoryType" Value="18" />
+    <Key Name="flags" Value="4" />
   </Section>
 
   <Section Name="Pants">
@@ -30,6 +44,7 @@
     <Key Name="name" Value="Pants" />
     <Key Name="assetType" Value="5" />
     <Key Name="inventoryType" Value="18" />
+    <Key Name="flags" Value="5" />
   </Section>
 -->
 

bin/inventory/GesturesLibrary/GesturesLibraryItems.xml

@@ -1,3 +1,15 @@
+<!--
+  In Keys,
+    name is the name of the item.
+    description is the description of the item.
+    assetID is the ID of the asset data that is referenced by the item.
+    folderID is the ID of the folder containing this item.
+    inventoryID is the ID for the item.  It must be unique.
+    assetType is the asset type of the item.  See the OpenMetaverse.AssetType enum in libopenmetaverse
+    inventoryType is the inventory type of the item.  See the OpenMetaverse.InventoryType enum in libopenmetaverse
+    flags are only required for wearables.  See OpenMetaverse.WearableType enum in libopenmetaverse.
+-->
+
 <Nini>
 	<Section Name="can we move along?">
 		<Key Name="inventoryID" Value="9ffe3767-74fa-4c64-a046-18ccf50b9eac"/>

bin/inventory/LandmarksLibrary/LandmarksLibraryItems.xml

@@ -1,3 +1,15 @@
+<!--
+  In Keys,
+    name is the name of the item.
+    description is the description of the item.
+    assetID is the ID of the asset data that is referenced by the item.
+    folderID is the ID of the folder containing this item.
+    inventoryID is the ID for the item.  It must be unique.
+    assetType is the asset type of the item.  See the OpenMetaverse.AssetType enum in libopenmetaverse
+    inventoryType is the inventory type of the item.  See the OpenMetaverse.InventoryType enum in libopenmetaverse
+    flags are only required for wearables.  See OpenMetaverse.WearableType enum in libopenmetaverse.
+-->
+
 <Nini>
 
 <!--

bin/inventory/NotecardsLibrary/NotecardsLibraryItems.xml

@@ -1,3 +1,15 @@
+<!--
+  In Keys,
+    name is the name of the item.
+    description is the description of the item.
+    assetID is the ID of the asset data that is referenced by the item.
+    folderID is the ID of the folder containing this item.
+    inventoryID is the ID for the item.  It must be unique.
+    assetType is the asset type of the item.  See the OpenMetaverse.AssetType enum in libopenmetaverse
+    inventoryType is the inventory type of the item.  See the OpenMetaverse.InventoryType enum in libopenmetaverse
+    flags are only required for wearables.  See OpenMetaverse.WearableType enum in libopenmetaverse.
+-->
+
 <Nini>
 
 <!--

bin/inventory/ObjectsLibrary/ObjectsLibraryItems.xml

@@ -1,3 +1,15 @@
+<!--
+  In Keys,
+    name is the name of the item.
+    description is the description of the item.
+    assetID is the ID of the asset data that is referenced by the item.
+    folderID is the ID of the folder containing this item.
+    inventoryID is the ID for the item.  It must be unique.
+    assetType is the asset type of the item.  See the OpenMetaverse.AssetType enum in libopenmetaverse
+    inventoryType is the inventory type of the item.  See the OpenMetaverse.InventoryType enum in libopenmetaverse
+    flags are only required for wearables.  See OpenMetaverse.WearableType enum in libopenmetaverse.
+-->
+
 <Nini>
 
 <!--

bin/inventory/PhotosLibrary/PhotosLibraryItems.xml

@@ -1,3 +1,15 @@
+<!--
+  In Keys,
+    name is the name of the item.
+    description is the description of the item.
+    assetID is the ID of the asset data that is referenced by the item.
+    folderID is the ID of the folder containing this item.
+    inventoryID is the ID for the item.  It must be unique.
+    assetType is the asset type of the item.  See the OpenMetaverse.AssetType enum in libopenmetaverse
+    inventoryType is the inventory type of the item.  See the OpenMetaverse.InventoryType enum in libopenmetaverse
+    flags are only required for wearables.  See OpenMetaverse.WearableType enum in libopenmetaverse.
+-->
+
 <Nini>
 
 <!--

bin/inventory/ScriptsLibrary/ScriptsLibraryItems.xml

@@ -1,3 +1,15 @@
+<!--
+  In Keys,
+    name is the name of the item.
+    description is the description of the item.
+    assetID is the ID of the asset data that is referenced by the item.
+    folderID is the ID of the folder containing this item.
+    inventoryID is the ID for the item.  It must be unique.
+    assetType is the asset type of the item.  See the OpenMetaverse.AssetType enum in libopenmetaverse
+    inventoryType is the inventory type of the item.  See the OpenMetaverse.InventoryType enum in libopenmetaverse
+    flags are only required for wearables.  See OpenMetaverse.WearableType enum in libopenmetaverse.
+-->
+
 <Nini>
 
 <!--

bin/inventory/SoundsLibrary/SoundsLibraryItems.xml

@@ -1,3 +1,15 @@
+<!--
+  In Keys,
+    name is the name of the item.
+    description is the description of the item.
+    assetID is the ID of the asset data that is referenced by the item.
+    folderID is the ID of the folder containing this item.
+    inventoryID is the ID for the item.  It must be unique.
+    assetType is the asset type of the item.  See the OpenMetaverse.AssetType enum in libopenmetaverse
+    inventoryType is the inventory type of the item.  See the OpenMetaverse.InventoryType enum in libopenmetaverse
+    flags are only required for wearables.  See OpenMetaverse.WearableType enum in libopenmetaverse.
+-->
+
 <Nini>
 
 <!--

bin/inventory/TexturesLibrary/TexturesLibraryItems.xml

@@ -1,3 +1,15 @@
+<!--
+  In Keys,
+    name is the name of the item.
+    description is the description of the item.
+    assetID is the ID of the asset data that is referenced by the item.
+    folderID is the ID of the folder containing this item.
+    inventoryID is the ID for the item.  It must be unique.
+    assetType is the asset type of the item.  See the OpenMetaverse.AssetType enum in libopenmetaverse
+    inventoryType is the inventory type of the item.  See the OpenMetaverse.InventoryType enum in libopenmetaverse
+    flags are only required for wearables.  See OpenMetaverse.WearableType enum in libopenmetaverse.
+-->
+
 <Nini>
 
 <!--

prebuild.xml

@@ -593,6 +593,7 @@
 
       <ReferencePath>../../../bin/</ReferencePath>
       <Reference name="System"/>
+      <Reference name="System.Core"/>
       <Reference name="System.Xml"/>
       <Reference name="System.Web"/>
       <Reference name="OpenSim.Data"/>
@@ -607,6 +608,7 @@
       <Reference name="OpenMetaverse.StructuredData" path="../../../bin/"/>
       <!-- FIXME: The OpenMetaverse.dll reference can be dropped when the TransferRequestPacket reference is removed from the code -->
       <Reference name="OpenMetaverse" path="../../../bin/"/>
+      <Reference name="LukeSkywalker.IPNetwork" path="../../../bin/"/>
       <Reference name="Nini" path="../../../bin/"/>
       <Reference name="XMLRPC" path="../../../bin/"/>
       <Reference name="log4net" path="../../../bin/"/>