diff options
| author | Melanie Thielker | 2017-01-13 23:47:26 +0000 |
|---|---|---|
| committer | Melanie Thielker | 2017-01-13 23:47:26 +0000 |
| commit | da51edb5fe117b96d2a3761a3b735776c8cb05cb (patch) | |
| tree | 2cdae3825abcda8e26fbd6cbe343a28433c51ca1 /OpenSim/Region/Framework | |
| parent | Merge branch 'master' of opensimulator.org:/var/git/opensim (diff) | |
| download | opensim-SC-da51edb5fe117b96d2a3761a3b735776c8cb05cb.zip opensim-SC-da51edb5fe117b96d2a3761a3b735776c8cb05cb.tar.gz opensim-SC-da51edb5fe117b96d2a3761a3b735776c8cb05cb.tar.bz2 opensim-SC-da51edb5fe117b96d2a3761a3b735776c8cb05cb.tar.xz | |
Fix the new permissions error introduced with the inventory fix
The fix to allow setting perms in inventory accidentally caused folded
permissions to be used as a mask for the next owner perms. The current
solution isn't optimal but better than anything else we have had.
Legacy objects may experience a net loss of permissions if trying to
set their perms in inventory, this is deemed preferable to the prior
privilege escalation possibility. New items will handle properly.
Diffstat (limited to '')
| -rw-r--r-- | OpenSim/Region/Framework/Scenes/Scene.Inventory.cs | 34 |
1 files changed, 24 insertions, 10 deletions
diff --git a/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs b/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs index cb06540..0d09cef 100644 --- a/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs +++ b/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs | |||
| @@ -647,7 +647,8 @@ namespace OpenSim.Region.Framework.Scenes | |||
| 647 | // Modify | 647 | // Modify |
| 648 | uint permsMask = ~ ((uint)PermissionMask.Copy | | 648 | uint permsMask = ~ ((uint)PermissionMask.Copy | |
| 649 | (uint)PermissionMask.Transfer | | 649 | (uint)PermissionMask.Transfer | |
| 650 | (uint)PermissionMask.Modify); | 650 | (uint)PermissionMask.Modify | |
| 651 | (uint)PermissionMask.Export); | ||
| 651 | 652 | ||
| 652 | // Now, reduce the next perms to the mask bits | 653 | // Now, reduce the next perms to the mask bits |
| 653 | // relevant to the operation | 654 | // relevant to the operation |
| @@ -677,6 +678,23 @@ namespace OpenSim.Region.Framework.Scenes | |||
| 677 | (uint)PermissionMask.Move; | 678 | (uint)PermissionMask.Move; |
| 678 | uint ownerPerms = item.CurrentPermissions; | 679 | uint ownerPerms = item.CurrentPermissions; |
| 679 | 680 | ||
| 681 | // These will be applied to the root prim at next rez. | ||
| 682 | // The legacy slam bit (bit 3) and folded permission (bits 0-2) | ||
| 683 | // are preserved due to the above mangling | ||
| 684 | ownerPerms &= nextPerms; | ||
| 685 | |||
| 686 | // Mask the base permissions. This is a conservative | ||
| 687 | // approach altering only the three main perms | ||
| 688 | basePerms &= nextPerms; | ||
| 689 | |||
| 690 | // Mask out the folded portion of the base mask. | ||
| 691 | // While the owner mask carries the actual folded | ||
| 692 | // permissions, the base mask carries the original | ||
| 693 | // base mask, before masking with the folded perms. | ||
| 694 | // We need this later for rezzing. | ||
| 695 | basePerms &= ~(uint)PermissionMask.FoldedMask; | ||
| 696 | basePerms |= ((basePerms >> 13) & 7) | (((basePerms & (uint)PermissionMask.Export) != 0) ? (uint)PermissionMask.FoldedExport : 0); | ||
| 697 | |||
| 680 | // If this is an object, root prim perms may be more | 698 | // If this is an object, root prim perms may be more |
| 681 | // permissive than folded perms. Use folded perms as | 699 | // permissive than folded perms. Use folded perms as |
| 682 | // a mask | 700 | // a mask |
| @@ -684,6 +702,9 @@ namespace OpenSim.Region.Framework.Scenes | |||
| 684 | { | 702 | { |
| 685 | // Create a safe mask for the current perms | 703 | // Create a safe mask for the current perms |
| 686 | uint foldedPerms = (item.CurrentPermissions & 7) << 13; | 704 | uint foldedPerms = (item.CurrentPermissions & 7) << 13; |
| 705 | if ((item.CurrentPermissions & (uint)PermissionMask.FoldedExport) != 0) | ||
| 706 | foldedPerms |= (uint)PermissionMask.Export; | ||
| 707 | |||
| 687 | foldedPerms |= permsMask; | 708 | foldedPerms |= permsMask; |
| 688 | 709 | ||
| 689 | bool isRootMod = (item.CurrentPermissions & | 710 | bool isRootMod = (item.CurrentPermissions & |
| @@ -691,6 +712,8 @@ namespace OpenSim.Region.Framework.Scenes | |||
| 691 | true : false; | 712 | true : false; |
| 692 | 713 | ||
| 693 | // Mask the owner perms to the folded perms | 714 | // Mask the owner perms to the folded perms |
| 715 | // Note that this is only to satisfy the viewer. | ||
| 716 | // The effect of this will be reversed on rez. | ||
| 694 | ownerPerms &= foldedPerms; | 717 | ownerPerms &= foldedPerms; |
| 695 | basePerms &= foldedPerms; | 718 | basePerms &= foldedPerms; |
| 696 | 719 | ||
| @@ -705,15 +728,6 @@ namespace OpenSim.Region.Framework.Scenes | |||
| 705 | } | 728 | } |
| 706 | } | 729 | } |
| 707 | 730 | ||
| 708 | // These will be applied to the root prim at next rez. | ||
| 709 | // The slam bit (bit 3) and folded permission (bits 0-2) | ||
| 710 | // are preserved due to the above mangling | ||
| 711 | ownerPerms &= nextPerms; | ||
| 712 | |||
| 713 | // Mask the base permissions. This is a conservative | ||
| 714 | // approach altering only the three main perms | ||
| 715 | basePerms &= nextPerms; | ||
| 716 | |||
| 717 | // Assign to the actual item. Make sure the slam bit is | 731 | // Assign to the actual item. Make sure the slam bit is |
| 718 | // set, if it wasn't set before. | 732 | // set, if it wasn't set before. |
| 719 | itemCopy.BasePermissions = basePerms; | 733 | itemCopy.BasePermissions = basePerms; |