Fix the new permissions error introduced with the inventory fix

The fix to allow setting perms in inventory accidentally caused folded
permissions to be used as a mask for the next owner perms. The current
solution isn't optimal but better than anything else we have had.
Legacy objects may experience a net loss of permissions if trying to
set their perms in inventory, this is deemed preferable to the prior
privilege escalation possibility. New items will handle properly.

2 files changed, 46 insertions, 17 deletions

diff --git a/OpenSim/Region/CoreModules/Framework/InventoryAccess/InventoryAccessModule.cs b/OpenSim/Region/CoreModules/Framework/InventoryAccess/InventoryAccessModule.cs
index 0104823..f8a2c2e 100644
--- a/OpenSim/Region/CoreModules/Framework/InventoryAccess/InventoryAccessModule.cs
+++ b/OpenSim/Region/CoreModules/Framework/InventoryAccess/InventoryAccessModule.cs
@@ -1124,7 +1124,7 @@ namespace OpenSim.Region.CoreModules.Framework.InventoryAccess
 //                    rootPart.OwnerID, item.Owner, item.CurrentPermissions);
 
                 if ((rootPart.OwnerID != item.Owner) ||
-                    (item.CurrentPermissions & 16) != 0 ||
+                    (item.CurrentPermissions & 8) != 0 ||
                     (item.Flags & (uint)InventoryItemFlags.ObjectSlamPerm) != 0)
                 {
                     //Need to kill the for sale here
@@ -1142,22 +1142,37 @@ namespace OpenSim.Region.CoreModules.Framework.InventoryAccess
                             part.RezzerID = item.Owner;
                             part.Inventory.ChangeInventoryOwner(item.Owner);
 
-                            // This applies the base mask from the item as the next
-                            // permissions for the object. This is correct because the
-                            // giver's base mask was masked by the giver's next owner
-                            // mask, so the base mask equals the original next owner mask.
-                            part.NextOwnerMask = item.BasePermissions;
+                            // Reconstruct the original item's base permissions. They
+                            // can be found in the lower (folded) bits.
+                            if ((item.BasePermissions & (uint)PermissionMask.FoldedMask) != 0)
+                            {
+                                // We have permissions stored there so use them
+                                part.NextOwnerMask = ((item.BasePermissions & 7) << 13);
+                                if ((item.BasePermissions & (uint)PermissionMask.FoldedExport) != 0)
+                                    part.NextOwnerMask |= (uint)PermissionMask.Export;
+                                part.NextOwnerMask |= (uint)PermissionMask.Move;
+                            }
+                            else
+                            {
+                                // This is a legacy object and we can't avoid the issues that
+                                // caused perms loss or escalation before, treat it the legacy
+                                // way.
+                                part.NextOwnerMask = item.NextPermissions;
+                            }
                         }
 
                         so.ApplyNextOwnerPermissions();
 
                         // In case the user has changed flags on a received item
                         // we have to apply those changes after the slam. Else we
-                        // get a net loss of permissions
+                        // get a net loss of permissions.
+                        // On legacy objects, this opts for a loss of permissions rather
+                        // than the previous handling that allowed escalation.
                         foreach (SceneObjectPart part in so.Parts)
                         {
                             if ((item.Flags & (uint)InventoryItemFlags.ObjectHasMultipleItems) == 0)
                             {
+                                part.GroupMask = item.GroupPermissions & part.BaseMask;
                                 part.EveryoneMask = item.EveryOnePermissions & part.BaseMask;
                                 part.NextOwnerMask = item.NextPermissions & part.BaseMask;
                             }
diff --git a/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs b/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs
index cb06540..0d09cef 100644
--- a/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs
+++ b/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs
@@ -647,7 +647,8 @@ namespace OpenSim.Region.Framework.Scenes
                 // Modify
                 uint permsMask = ~ ((uint)PermissionMask.Copy |
                                     (uint)PermissionMask.Transfer |
-                                    (uint)PermissionMask.Modify);
+                                    (uint)PermissionMask.Modify |
+                                    (uint)PermissionMask.Export);
 
                 // Now, reduce the next perms to the mask bits
                 // relevant to the operation
@@ -677,6 +678,23 @@ namespace OpenSim.Region.Framework.Scenes
                                 (uint)PermissionMask.Move;
                 uint ownerPerms = item.CurrentPermissions;
 
+                // These will be applied to the root prim at next rez.
+                // The legacy slam bit (bit 3) and folded permission (bits 0-2)
+                // are preserved due to the above mangling
+                ownerPerms &= nextPerms;
+
+                // Mask the base permissions. This is a conservative
+                // approach altering only the three main perms
+                basePerms &= nextPerms;
+
+                // Mask out the folded portion of the base mask.
+                // While the owner mask carries the actual folded
+                // permissions, the base mask carries the original
+                // base mask, before masking with the folded perms.
+                // We need this later for rezzing.
+                basePerms &= ~(uint)PermissionMask.FoldedMask;
+                basePerms |= ((basePerms >> 13) & 7) | (((basePerms & (uint)PermissionMask.Export) != 0) ? (uint)PermissionMask.FoldedExport : 0);
+
                 // If this is an object, root prim perms may be more
                 // permissive than folded perms. Use folded perms as
                 // a mask
@@ -684,6 +702,9 @@ namespace OpenSim.Region.Framework.Scenes
                 {
                     // Create a safe mask for the current perms
                     uint foldedPerms = (item.CurrentPermissions & 7) << 13;
+                    if ((item.CurrentPermissions & (uint)PermissionMask.FoldedExport) != 0)
+                        foldedPerms |= (uint)PermissionMask.Export;
+
                     foldedPerms |= permsMask;
 
                     bool isRootMod = (item.CurrentPermissions &
@@ -691,6 +712,8 @@ namespace OpenSim.Region.Framework.Scenes
                                       true : false;
 
                     // Mask the owner perms to the folded perms
+                    // Note that this is only to satisfy the viewer.
+                    // The effect of this will be reversed on rez.
                     ownerPerms &= foldedPerms;
                     basePerms &= foldedPerms;
 
@@ -705,15 +728,6 @@ namespace OpenSim.Region.Framework.Scenes
                     }
                 }
 
-                // These will be applied to the root prim at next rez.
-                // The slam bit (bit 3) and folded permission (bits 0-2)
-                // are preserved due to the above mangling
-                ownerPerms &= nextPerms;
-
-                // Mask the base permissions. This is a conservative
-                // approach altering only the three main perms
-                basePerms &= nextPerms;
-
                 // Assign to the actual item. Make sure the slam bit is
                 // set, if it wasn't set before.
                 itemCopy.BasePermissions = basePerms;