From 89c1c5c35a7665315e66e46276d1b6066f3cf2b8 Mon Sep 17 00:00:00 2001 From: Melanie Thielker Date: Tue, 13 Jul 2010 20:40:23 +0200 Subject: Revamp the permissions propagation. This MAY mess up. Please test. Change the slam bit from 3 to 4. Assume the old slam bit is always set. The new slam bit is a "changed owner" bit, correcting a bug where an item passed from the creator to another with less than full perms, then back (sale test) would arrive back full perm. Lots of in-code docs. --- OpenSim/Region/Framework/Scenes/Scene.Inventory.cs | 134 +++++++++++++++------ 1 file changed, 99 insertions(+), 35 deletions(-) (limited to 'OpenSim/Region/Framework/Scenes/Scene.Inventory.cs') diff --git a/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs b/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs index 38a5456..5796194 100644 --- a/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs +++ b/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs @@ -280,6 +280,10 @@ namespace OpenSim.Region.Framework.Scenes public void UpdateInventoryItemAsset(IClientAPI remoteClient, UUID transactionID, UUID itemID, InventoryItemBase itemUpd) { + // This one will let people set next perms on items in agent + // inventory. Rut-Roh. Whatever. Make this secure. Yeah. + // + // Passing something to another avatar or a an object will already InventoryItemBase item = new InventoryItemBase(itemID, remoteClient.AgentId); item = InventoryService.GetItem(item); @@ -289,11 +293,9 @@ namespace OpenSim.Region.Framework.Scenes { item.Name = itemUpd.Name; item.Description = itemUpd.Description; - item.NextPermissions = itemUpd.NextPermissions; - item.CurrentPermissions |= 8; // Slam! - item.EveryOnePermissions = itemUpd.EveryOnePermissions; - item.GroupPermissions = itemUpd.GroupPermissions; - + item.NextPermissions = itemUpd.NextPermissions & item.BasePermissions; + item.EveryOnePermissions = itemUpd.EveryOnePermissions & item.BasePermissions; + item.GroupPermissions = itemUpd.GroupPermissions & item.BasePermissions; item.GroupID = itemUpd.GroupID; item.GroupOwned = itemUpd.GroupOwned; item.CreationDate = itemUpd.CreationDate; @@ -399,28 +401,96 @@ namespace OpenSim.Region.Framework.Scenes if (Permissions.PropagatePermissions() && recipient != senderId) { - // First, make sore base is limited to the next perms - itemCopy.BasePermissions = item.BasePermissions & (item.NextPermissions | (uint)PermissionMask.Move); - // By default, current equals base - itemCopy.CurrentPermissions = itemCopy.BasePermissions & item.CurrentPermissions; - - // If this is an object, replace current perms - // with folded perms + // Trying to do this right this time. This is evil. If + // you believe in Good, go elsewhere. Vampires and other + // evil creatores only beyond this point. You have been + // warned. + + // We're going to mask a lot of things by the next perms + // Tweak the next perms to be nicer to our data + // + // In this mask, all the bits we do NOT want to mess + // with are set. These are: + // + // Transfer + // Copy + // Modufy + uint permsMask = ~ ((uint)PermissionMask.Copy | + (uint)PermissionMask.Transfer | + (uint)PermissionMask.Modify); + + // Now, reduce the next perms to the mask bits + // relevant to the operation + uint nextPerms = permsMask | (item.NextPermissions & + ((uint)PermissionMask.Copy | + (uint)PermissionMask.Transfer | + (uint)PermissionMask.Modify)); + + // nextPerms now has all bits set, except for the actual + // next permission bits. + + // This checks for no mod, no copy, no trans. + // This indicates an error or messed up item. Do it like + // SL and assume trans + if (nextPerms == permsMask) + nextPerms |= (uint)PermissionMask.Transfer; + + // Inventory owner perms are the logical AND of the + // folded perms and the root prim perms, however, if + // the root prim is mod, the inventory perms will be + // mod. This happens on "take" and is of little concern + // here, save for preventing escalation + + // This hack ensures that items previously permalocked + // get unlocked when they're passed or rezzed + uint basePerms = item.BasePermissions | + (uint)PermissionMask.Move; + uint ownerPerms = item.CurrentPermissions; + + // Mask the base permissions. This is a conservative + // approach altering only the three main perms + basePerms &= nextPerms; + + // If this is an object, root prim perms may be more + // permissive than folded perms. Use folded perms as + // a mask if (item.InvType == (int)InventoryType.Object) { - itemCopy.CurrentPermissions &= ~(uint)(PermissionMask.Copy | PermissionMask.Modify | PermissionMask.Transfer); - itemCopy.CurrentPermissions |= (item.CurrentPermissions & 7) << 13; + // Create a safe mask for the current perms + uint foldedPerms = (item.CurrentPermissions & 7) << 13; + foldedPerms |= permsMask; + + bool isRootMod = (item.CurrentPermissions & + (uint)PermissionMask.Modify) != 0 ? + true : false; + + // Mask the owner perms to the folded perms + ownerPerms &= foldedPerms; + + // If the root was mod, let the mask reflect that + if (isRootMod) + ownerPerms |= (uint)PermissionMask.Modify; } - // Ensure there is no escalation - itemCopy.CurrentPermissions &= (item.NextPermissions | (uint)PermissionMask.Move); + // These will be applied to the root prim at next rez. + // The slam bit (bit 3) and folded permission (bits 0-2) + // are preserved due to the above mangling + ownerPerms &= nextPerms; - // Need slam bit on xfer - itemCopy.CurrentPermissions |= 8; + // Assign to the actual item. Make sure the slam bit is + // set, if it wasn't set before. + itemCopy.BasePermissions = basePerms; + itemCopy.CurrentPermissions = ownerPerms | 16; // Slam itemCopy.NextPermissions = item.NextPermissions; - itemCopy.EveryOnePermissions = 0; + // This preserves "everyone can move" + itemCopy.EveryOnePermissions = item.EveryOnePermissions & + nextPerms; + + // Intentionally killing "share with group" here, as + // the recipient will not have the group this is + // set to itemCopy.GroupPermissions = 0; } else @@ -922,7 +992,7 @@ namespace OpenSim.Region.Framework.Scenes else agentItem.CurrentPermissions = agentItem.BasePermissions & taskItem.CurrentPermissions; - agentItem.CurrentPermissions |= 8; + agentItem.CurrentPermissions |= 16; // Slam agentItem.NextPermissions = taskItem.NextPermissions; agentItem.EveryOnePermissions = taskItem.EveryonePermissions & (taskItem.NextPermissions | (uint)PermissionMask.Move); agentItem.GroupPermissions = taskItem.GroupPermissions & taskItem.NextPermissions; @@ -1113,7 +1183,7 @@ namespace OpenSim.Region.Framework.Scenes (srcTaskItem.NextPermissions | (uint)PermissionMask.Move); destTaskItem.BasePermissions = srcTaskItem.BasePermissions & (srcTaskItem.NextPermissions | (uint)PermissionMask.Move); - destTaskItem.CurrentPermissions |= 8; // Slam! + destTaskItem.CurrentPermissions |= 16; // Slam! } } @@ -1497,7 +1567,7 @@ namespace OpenSim.Region.Framework.Scenes srcTaskItem.NextPermissions; destTaskItem.BasePermissions = srcTaskItem.BasePermissions & srcTaskItem.NextPermissions; - destTaskItem.CurrentPermissions |= 8; // Slam! + destTaskItem.CurrentPermissions |= 16; // Slam! } } @@ -1889,17 +1959,14 @@ namespace OpenSim.Region.Framework.Scenes group.SetGroup(sourcePart.GroupID, null); - if (rootPart.OwnerID != item.OwnerID) + if ((rootPart.OwnerID != item.OwnerID) || (item.CurrentPermissions & 16) != 0) { if (Permissions.PropagatePermissions()) { - if ((item.CurrentPermissions & 8) != 0) + foreach (SceneObjectPart part in partList) { - foreach (SceneObjectPart part in partList) - { - part.EveryoneMask = item.EveryonePermissions; - part.NextOwnerMask = item.NextPermissions; - } + part.EveryoneMask = item.EveryonePermissions; + part.NextOwnerMask = item.NextPermissions; } group.ApplyNextOwnerPermissions(); } @@ -1907,17 +1974,14 @@ namespace OpenSim.Region.Framework.Scenes foreach (SceneObjectPart part in partList) { - if (part.OwnerID != item.OwnerID) + if ((part.OwnerID != item.OwnerID) || (item.CurrentPermissions & 16) != 0) { part.LastOwnerID = part.OwnerID; part.OwnerID = item.OwnerID; part.Inventory.ChangeInventoryOwner(item.OwnerID); } - else if ((item.CurrentPermissions & 8) != 0) // Slam! - { - part.EveryoneMask = item.EveryonePermissions; - part.NextOwnerMask = item.NextPermissions; - } + part.EveryoneMask = item.EveryonePermissions; + part.NextOwnerMask = item.NextPermissions; } rootPart.TrimPermissions(); -- cgit v1.1