aboutsummaryrefslogtreecommitdiffstatshomepage
diff options
context:
space:
mode:
authorMelanie Thielker2010-07-14 16:21:55 +0200
committerDiva Canto2010-07-14 10:22:56 -0700
commit67417f647876e32bc9464c5ec76740437cc49b46 (patch)
tree7a236b7a782873d8e3ee9ecf7e7d7f1f5f32ead0
parentFix obvious bug in XInventoryService.GetFolderItems() which was preventing th... (diff)
downloadopensim-SC-67417f647876e32bc9464c5ec76740437cc49b46.zip
opensim-SC-67417f647876e32bc9464c5ec76740437cc49b46.tar.gz
opensim-SC-67417f647876e32bc9464c5ec76740437cc49b46.tar.bz2
opensim-SC-67417f647876e32bc9464c5ec76740437cc49b46.tar.xz
Fix a permissions issue
-rw-r--r--OpenSim/Region/Framework/Scenes/Scene.Inventory.cs104
-rw-r--r--OpenSim/Region/Framework/Scenes/SceneObjectGroup.Inventory.cs18
2 files changed, 101 insertions, 21 deletions
diff --git a/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs b/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs
index 2ccb5dd..f58e27e 100644
--- a/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs
+++ b/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs
@@ -384,29 +384,105 @@ namespace OpenSim.Region.Framework.Scenes
384 384
385 if (Permissions.PropagatePermissions() && recipient != senderId) 385 if (Permissions.PropagatePermissions() && recipient != senderId)
386 { 386 {
387 // First, make sore base is limited to the next perms 387 // Trying to do this right this time. This is evil. If
388 itemCopy.BasePermissions = item.BasePermissions & (item.NextPermissions | (uint)PermissionMask.Move); 388 // you believe in Good, go elsewhere. Vampires and other
389 // By default, current equals base 389 // evil creatores only beyond this point. You have been
390 itemCopy.CurrentPermissions = itemCopy.BasePermissions & item.CurrentPermissions; 390 // warned.
391 391
392 // If this is an object, replace current perms 392 // We're going to mask a lot of things by the next perms
393 // with folded perms 393 // Tweak the next perms to be nicer to our data
394 //
395 // In this mask, all the bits we do NOT want to mess
396 // with are set. These are:
397 //
398 // Transfer
399 // Copy
400 // Modufy
401 uint permsMask = ~ ((uint)PermissionMask.Copy |
402 (uint)PermissionMask.Transfer |
403 (uint)PermissionMask.Modify);
404
405 // Now, reduce the next perms to the mask bits
406 // relevant to the operation
407 uint nextPerms = permsMask | (item.NextPermissions &
408 ((uint)PermissionMask.Copy |
409 (uint)PermissionMask.Transfer |
410 (uint)PermissionMask.Modify));
411
412 // nextPerms now has all bits set, except for the actual
413 // next permission bits.
414
415 // This checks for no mod, no copy, no trans.
416 // This indicates an error or messed up item. Do it like
417 // SL and assume trans
418 if (nextPerms == permsMask)
419 nextPerms |= (uint)PermissionMask.Transfer;
420
421 // Inventory owner perms are the logical AND of the
422 // folded perms and the root prim perms, however, if
423 // the root prim is mod, the inventory perms will be
424 // mod. This happens on "take" and is of little concern
425 // here, save for preventing escalation
426
427 // This hack ensures that items previously permalocked
428 // get unlocked when they're passed or rezzed
429 uint basePerms = item.BasePermissions |
430 (uint)PermissionMask.Move;
431 uint ownerPerms = item.CurrentPermissions;
432
433 // If this is an object, root prim perms may be more
434 // permissive than folded perms. Use folded perms as
435 // a mask
394 if (item.InvType == (int)InventoryType.Object) 436 if (item.InvType == (int)InventoryType.Object)
395 { 437 {
396 itemCopy.CurrentPermissions &= ~(uint)(PermissionMask.Copy | PermissionMask.Modify | PermissionMask.Transfer); 438 // Create a safe mask for the current perms
397 itemCopy.CurrentPermissions |= (item.CurrentPermissions & 7) << 13; 439 uint foldedPerms = (item.CurrentPermissions & 7) << 13;
440 foldedPerms |= permsMask;
441
442 bool isRootMod = (item.CurrentPermissions &
443 (uint)PermissionMask.Modify) != 0 ?
444 true : false;
445
446 // Mask the owner perms to the folded perms
447 ownerPerms &= foldedPerms;
448 basePerms &= foldedPerms;
449
450 // If the root was mod, let the mask reflect that
451 // We also need to adjust the base here, because
452 // we should be able to edit in-inventory perms
453 // for the root prim, if it's mod.
454 if (isRootMod)
455 {
456 ownerPerms |= (uint)PermissionMask.Modify;
457 basePerms |= (uint)PermissionMask.Modify;
458 }
398 } 459 }
399 460
400 // Ensure there is no escalation 461 // These will be applied to the root prim at next rez.
401 itemCopy.CurrentPermissions &= (item.NextPermissions | (uint)PermissionMask.Move); 462 // The slam bit (bit 3) and folded permission (bits 0-2)
463 // are preserved due to the above mangling
464 ownerPerms &= nextPerms;
402 465
403 // Need slam bit on xfer 466 // Mask the base permissions. This is a conservative
404 itemCopy.CurrentPermissions |= 8; 467 // approach altering only the three main perms
468 basePerms &= nextPerms;
469
470 // Assign to the actual item. Make sure the slam bit is
471 // set, if it wasn't set before.
472 itemCopy.BasePermissions = basePerms;
473 itemCopy.CurrentPermissions = ownerPerms | 16; // Slam
405 474
406 itemCopy.NextPermissions = item.NextPermissions; 475 itemCopy.NextPermissions = item.NextPermissions;
407 476
408 itemCopy.EveryOnePermissions = 0; 477 // This preserves "everyone can move"
478 itemCopy.EveryOnePermissions = item.EveryOnePermissions &
479 nextPerms;
480
481 // Intentionally killing "share with group" here, as
482 // the recipient will not have the group this is
483 // set to
409 itemCopy.GroupPermissions = 0; 484 itemCopy.GroupPermissions = 0;
485
410 } 486 }
411 else 487 else
412 { 488 {
diff --git a/OpenSim/Region/Framework/Scenes/SceneObjectGroup.Inventory.cs b/OpenSim/Region/Framework/Scenes/SceneObjectGroup.Inventory.cs
index f7e46af..f96573d 100644
--- a/OpenSim/Region/Framework/Scenes/SceneObjectGroup.Inventory.cs
+++ b/OpenSim/Region/Framework/Scenes/SceneObjectGroup.Inventory.cs
@@ -281,7 +281,7 @@ namespace OpenSim.Region.Framework.Scenes
281 PermissionMask.Move | 281 PermissionMask.Move |
282 PermissionMask.Transfer) | 7; 282 PermissionMask.Transfer) | 7;
283 283
284 uint ownerMask = 0x7ffffff; 284 uint ownerMask = 0x7fffffff;
285 foreach (SceneObjectPart part in m_parts.Values) 285 foreach (SceneObjectPart part in m_parts.Values)
286 { 286 {
287 ownerMask &= part.OwnerMask; 287 ownerMask &= part.OwnerMask;
@@ -295,12 +295,16 @@ namespace OpenSim.Region.Framework.Scenes
295 if ((ownerMask & (uint)PermissionMask.Transfer) == 0) 295 if ((ownerMask & (uint)PermissionMask.Transfer) == 0)
296 perms &= ~(uint)PermissionMask.Transfer; 296 perms &= ~(uint)PermissionMask.Transfer;
297 297
298 if ((ownerMask & RootPart.NextOwnerMask & (uint)PermissionMask.Modify) == 0) 298 // If root prim permissions are applied here, this would screw
299 perms &= ~((uint)PermissionMask.Modify >> 13); 299 // with in-inventory manipulation of the next owner perms
300 if ((ownerMask & RootPart.NextOwnerMask & (uint)PermissionMask.Copy) == 0) 300 // in a major way. So, let's move this to the give itself.
301 perms &= ~((uint)PermissionMask.Copy >> 13); 301 // Yes. I know. Evil.
302 if ((ownerMask & RootPart.NextOwnerMask & (uint)PermissionMask.Transfer) == 0) 302// if ((ownerMask & RootPart.NextOwnerMask & (uint)PermissionMask.Modify) == 0)
303 perms &= ~((uint)PermissionMask.Transfer >> 13); 303// perms &= ~((uint)PermissionMask.Modify >> 13);
304// if ((ownerMask & RootPart.NextOwnerMask & (uint)PermissionMask.Copy) == 0)
305// perms &= ~((uint)PermissionMask.Copy >> 13);
306// if ((ownerMask & RootPart.NextOwnerMask & (uint)PermissionMask.Transfer) == 0)
307// perms &= ~((uint)PermissionMask.Transfer >> 13);
304 308
305 return perms; 309 return perms;
306 } 310 }