From 8894f4ad7735fc0a37fd62c89467163f6ec503cb Mon Sep 17 00:00:00 2001
From: Melanie
Date: Mon, 8 Oct 2012 01:34:32 +0200
Subject: Change permissions on child prim inventory items when god mode "force
 permissive" is used.

---
 OpenSim/Region/Framework/Scenes/SceneObjectGroup.cs | 8 ++++++++
 OpenSim/Region/Framework/Scenes/SceneObjectPart.cs  | 4 ++--
 2 files changed, 10 insertions(+), 2 deletions(-)

(limited to 'OpenSim/Region/Framework')

diff --git a/OpenSim/Region/Framework/Scenes/SceneObjectGroup.cs b/OpenSim/Region/Framework/Scenes/SceneObjectGroup.cs
index 4798481..9dd6639 100644
--- a/OpenSim/Region/Framework/Scenes/SceneObjectGroup.cs
+++ b/OpenSim/Region/Framework/Scenes/SceneObjectGroup.cs
@@ -3422,8 +3422,16 @@ namespace OpenSim.Region.Framework.Scenes
         {
             RootPart.UpdatePermissions(AgentID, field, localID, mask, addRemTF);
 
+            bool god = Scene.Permissions.IsGod(AgentID);
+
             AdjustChildPrimPermissions();
 
+            if (field == 1 && god) // Base mask was set. Update all child part inventories
+            {
+                foreach (SceneObjectPart part in Parts)
+                    part.Inventory.ApplyGodPermissions(RootPart.BaseMask);
+            }
+
             HasGroupChanged = true;
 
             // Send the group's properties to all clients once all parts are updated
diff --git a/OpenSim/Region/Framework/Scenes/SceneObjectPart.cs b/OpenSim/Region/Framework/Scenes/SceneObjectPart.cs
index e6ad89c..c2d4764 100644
--- a/OpenSim/Region/Framework/Scenes/SceneObjectPart.cs
+++ b/OpenSim/Region/Framework/Scenes/SceneObjectPart.cs
@@ -4460,7 +4460,7 @@ namespace OpenSim.Region.Framework.Scenes
                         if (god)
                         {
                             BaseMask = ApplyMask(BaseMask, set, mask);
-                            Inventory.ApplyGodPermissions(_baseMask);
+                            Inventory.ApplyGodPermissions(BaseMask);
                         }
 
                         break;
@@ -4479,7 +4479,7 @@ namespace OpenSim.Region.Framework.Scenes
                     case 16:
                         NextOwnerMask = ApplyMask(NextOwnerMask, set, mask) &
                                 baseMask;
-                        // Prevent the client from creating no mod, no copy
+                        // Prevent the client from creating no copy, no transfer
                         // objects
                         if ((NextOwnerMask & (uint)PermissionMask.Copy) == 0)
                             NextOwnerMask |= (uint)PermissionMask.Transfer;
-- 
cgit v1.1


From aba078c93f4966cf6be10fc02228323843b9249e Mon Sep 17 00:00:00 2001
From: Melanie
Date: Sun, 14 Oct 2012 17:32:46 +0200
Subject: Fix perms when linking an object. Set root part perms to the perms of
 the link set to make the build floater behave consistently. Fixes permissions
 exploit introduced on 23 August.

---
 OpenSim/Region/Framework/Scenes/Scene.Inventory.cs |  6 +++++
 OpenSim/Region/Framework/Scenes/SceneGraph.cs      |  2 ++
 .../Region/Framework/Scenes/SceneObjectGroup.cs    |  7 ++++++
 OpenSim/Region/Framework/Scenes/SceneObjectPart.cs | 28 +++++++++++-----------
 4 files changed, 29 insertions(+), 14 deletions(-)

(limited to 'OpenSim/Region/Framework')

diff --git a/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs b/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs
index dd9210f..ff8589a 100644
--- a/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs
+++ b/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs
@@ -2503,6 +2503,12 @@ namespace OpenSim.Region.Framework.Scenes
             }
 
             m_sceneGraph.LinkObjects(root, children);
+
+            ScenePresence sp;
+            if (TryGetScenePresence(agentId, out sp))
+            {
+                root.SendPropertiesToClient(sp.ControllingClient);
+            }
         }
 
         private string PermissionString(uint permissions)
diff --git a/OpenSim/Region/Framework/Scenes/SceneGraph.cs b/OpenSim/Region/Framework/Scenes/SceneGraph.cs
index e29b2c1..af13b46 100644
--- a/OpenSim/Region/Framework/Scenes/SceneGraph.cs
+++ b/OpenSim/Region/Framework/Scenes/SceneGraph.cs
@@ -1849,6 +1849,7 @@ namespace OpenSim.Region.Framework.Scenes
                         SceneObjectGroupsByLocalPartID[part.LocalId] = parentGroup;
                 }
 
+                parentGroup.AdjustChildPrimPermissions();
                 parentGroup.HasGroupChanged = true;
                 parentGroup.ProcessBackup(m_parentScene.SimulationDataService, true);
                 parentGroup.ScheduleGroupForFullUpdate();
@@ -1989,6 +1990,7 @@ namespace OpenSim.Region.Framework.Scenes
                     // return unless the root is deleted. This will remove them
                     // from the database. They will be rewritten immediately,
                     // minus the rows for the unlinked child prims.
+                    g.AdjustChildPrimPermissions();
                     m_parentScene.SimulationDataService.RemoveObject(g.UUID, m_parentScene.RegionInfo.RegionID);
                     g.TriggerScriptChangedEvent(Changed.LINK);
                     g.HasGroupChanged = true; // Persist
diff --git a/OpenSim/Region/Framework/Scenes/SceneObjectGroup.cs b/OpenSim/Region/Framework/Scenes/SceneObjectGroup.cs
index 9dd6639..053bfb4 100644
--- a/OpenSim/Region/Framework/Scenes/SceneObjectGroup.cs
+++ b/OpenSim/Region/Framework/Scenes/SceneObjectGroup.cs
@@ -3410,11 +3410,18 @@ namespace OpenSim.Region.Framework.Scenes
 
         public void AdjustChildPrimPermissions()
         {
+            uint newOwnerMask = (uint)PermissionMask.All & 0xfffffff8; // Mask folded bits
+            uint foldedPerms = RootPart.OwnerMask & 3;
+
             ForEachPart(part =>
             {
+                newOwnerMask &= part.BaseMask;
                 if (part != RootPart)
                     part.ClonePermissions(RootPart);
             });
+
+            RootPart.OwnerMask = newOwnerMask | foldedPerms;
+            RootPart.ScheduleFullUpdate();
         }
 
         public void UpdatePermissions(UUID AgentID, byte field, uint localID,
diff --git a/OpenSim/Region/Framework/Scenes/SceneObjectPart.cs b/OpenSim/Region/Framework/Scenes/SceneObjectPart.cs
index c2d4764..3274cbd 100644
--- a/OpenSim/Region/Framework/Scenes/SceneObjectPart.cs
+++ b/OpenSim/Region/Framework/Scenes/SceneObjectPart.cs
@@ -4497,20 +4497,20 @@ namespace OpenSim.Region.Framework.Scenes
         {
             bool update = false;
 
-            if (BaseMask != source.BaseMask ||
-                OwnerMask != source.OwnerMask ||
-                GroupMask != source.GroupMask ||
-                EveryoneMask != source.EveryoneMask ||
-                NextOwnerMask != source.NextOwnerMask)
-                update = true;
-
-            BaseMask = source.BaseMask;
-            OwnerMask = source.OwnerMask;
-            GroupMask = source.GroupMask;
-            EveryoneMask = source.EveryoneMask;
-            NextOwnerMask = source.NextOwnerMask;
-
-            if (update)
+            uint prevOwnerMask = OwnerMask;
+            uint prevGroupMask = GroupMask;
+            uint prevEveryoneMask = EveryoneMask;
+            uint prevNextOwnerMask = NextOwnerMask;
+
+            OwnerMask = source.OwnerMask & BaseMask;
+            GroupMask = source.GroupMask & BaseMask;
+            EveryoneMask = source.EveryoneMask & BaseMask;
+            NextOwnerMask = source.NextOwnerMask & BaseMask;
+
+            if (OwnerMask != prevOwnerMask ||
+                GroupMask != prevGroupMask ||
+                EveryoneMask != prevEveryoneMask ||
+                NextOwnerMask != prevNextOwnerMask)
                 SendFullUpdateToAllClients();
         }
 
-- 
cgit v1.1