From aba078c93f4966cf6be10fc02228323843b9249e Mon Sep 17 00:00:00 2001 From: Melanie Date: Sun, 14 Oct 2012 17:32:46 +0200 Subject: Fix perms when linking an object. Set root part perms to the perms of the link set to make the build floater behave consistently. Fixes permissions exploit introduced on 23 August. --- .../Avatar/InstantMessage/MessageTransferModule.cs | 2 +- OpenSim/Region/Framework/Scenes/Scene.Inventory.cs | 6 +++++ OpenSim/Region/Framework/Scenes/SceneGraph.cs | 2 ++ .../Region/Framework/Scenes/SceneObjectGroup.cs | 7 ++++++ OpenSim/Region/Framework/Scenes/SceneObjectPart.cs | 28 +++++++++++----------- 5 files changed, 30 insertions(+), 15 deletions(-) diff --git a/OpenSim/Region/CoreModules/Avatar/InstantMessage/MessageTransferModule.cs b/OpenSim/Region/CoreModules/Avatar/InstantMessage/MessageTransferModule.cs index e962624..edd9707 100644 --- a/OpenSim/Region/CoreModules/Avatar/InstantMessage/MessageTransferModule.cs +++ b/OpenSim/Region/CoreModules/Avatar/InstantMessage/MessageTransferModule.cs @@ -181,7 +181,7 @@ namespace OpenSim.Region.CoreModules.Avatar.InstantMessage } } - //m_log.DebugFormat("[INSTANT MESSAGE]: Delivering IM to {0} via XMLRPC", im.toAgentID); + m_log.DebugFormat("[INSTANT MESSAGE]: Delivering IM to {0} via XMLRPC", im.toAgentID); SendGridInstantMessageViaXMLRPC(im, result); } diff --git a/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs b/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs index dd9210f..ff8589a 100644 --- a/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs +++ b/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs @@ -2503,6 +2503,12 @@ namespace OpenSim.Region.Framework.Scenes } m_sceneGraph.LinkObjects(root, children); + + ScenePresence sp; + if (TryGetScenePresence(agentId, out sp)) + { + root.SendPropertiesToClient(sp.ControllingClient); + } } private string PermissionString(uint permissions) diff --git a/OpenSim/Region/Framework/Scenes/SceneGraph.cs b/OpenSim/Region/Framework/Scenes/SceneGraph.cs index e29b2c1..af13b46 100644 --- a/OpenSim/Region/Framework/Scenes/SceneGraph.cs +++ b/OpenSim/Region/Framework/Scenes/SceneGraph.cs @@ -1849,6 +1849,7 @@ namespace OpenSim.Region.Framework.Scenes SceneObjectGroupsByLocalPartID[part.LocalId] = parentGroup; } + parentGroup.AdjustChildPrimPermissions(); parentGroup.HasGroupChanged = true; parentGroup.ProcessBackup(m_parentScene.SimulationDataService, true); parentGroup.ScheduleGroupForFullUpdate(); @@ -1989,6 +1990,7 @@ namespace OpenSim.Region.Framework.Scenes // return unless the root is deleted. This will remove them // from the database. They will be rewritten immediately, // minus the rows for the unlinked child prims. + g.AdjustChildPrimPermissions(); m_parentScene.SimulationDataService.RemoveObject(g.UUID, m_parentScene.RegionInfo.RegionID); g.TriggerScriptChangedEvent(Changed.LINK); g.HasGroupChanged = true; // Persist diff --git a/OpenSim/Region/Framework/Scenes/SceneObjectGroup.cs b/OpenSim/Region/Framework/Scenes/SceneObjectGroup.cs index 9dd6639..053bfb4 100644 --- a/OpenSim/Region/Framework/Scenes/SceneObjectGroup.cs +++ b/OpenSim/Region/Framework/Scenes/SceneObjectGroup.cs @@ -3410,11 +3410,18 @@ namespace OpenSim.Region.Framework.Scenes public void AdjustChildPrimPermissions() { + uint newOwnerMask = (uint)PermissionMask.All & 0xfffffff8; // Mask folded bits + uint foldedPerms = RootPart.OwnerMask & 3; + ForEachPart(part => { + newOwnerMask &= part.BaseMask; if (part != RootPart) part.ClonePermissions(RootPart); }); + + RootPart.OwnerMask = newOwnerMask | foldedPerms; + RootPart.ScheduleFullUpdate(); } public void UpdatePermissions(UUID AgentID, byte field, uint localID, diff --git a/OpenSim/Region/Framework/Scenes/SceneObjectPart.cs b/OpenSim/Region/Framework/Scenes/SceneObjectPart.cs index c2d4764..3274cbd 100644 --- a/OpenSim/Region/Framework/Scenes/SceneObjectPart.cs +++ b/OpenSim/Region/Framework/Scenes/SceneObjectPart.cs @@ -4497,20 +4497,20 @@ namespace OpenSim.Region.Framework.Scenes { bool update = false; - if (BaseMask != source.BaseMask || - OwnerMask != source.OwnerMask || - GroupMask != source.GroupMask || - EveryoneMask != source.EveryoneMask || - NextOwnerMask != source.NextOwnerMask) - update = true; - - BaseMask = source.BaseMask; - OwnerMask = source.OwnerMask; - GroupMask = source.GroupMask; - EveryoneMask = source.EveryoneMask; - NextOwnerMask = source.NextOwnerMask; - - if (update) + uint prevOwnerMask = OwnerMask; + uint prevGroupMask = GroupMask; + uint prevEveryoneMask = EveryoneMask; + uint prevNextOwnerMask = NextOwnerMask; + + OwnerMask = source.OwnerMask & BaseMask; + GroupMask = source.GroupMask & BaseMask; + EveryoneMask = source.EveryoneMask & BaseMask; + NextOwnerMask = source.NextOwnerMask & BaseMask; + + if (OwnerMask != prevOwnerMask || + GroupMask != prevGroupMask || + EveryoneMask != prevEveryoneMask || + NextOwnerMask != prevNextOwnerMask) SendFullUpdateToAllClients(); } -- cgit v1.1