diff options
| author | Melanie Thielker | 2017-01-13 23:47:26 +0000 |
|---|---|---|
| committer | Melanie Thielker | 2017-01-13 23:47:26 +0000 |
| commit | da51edb5fe117b96d2a3761a3b735776c8cb05cb (patch) | |
| tree | 2cdae3825abcda8e26fbd6cbe343a28433c51ca1 /OpenSim/Region/CoreModules/Framework | |
| parent | Merge branch 'master' of opensimulator.org:/var/git/opensim (diff) | |
| download | opensim-SC_OLD-da51edb5fe117b96d2a3761a3b735776c8cb05cb.zip opensim-SC_OLD-da51edb5fe117b96d2a3761a3b735776c8cb05cb.tar.gz opensim-SC_OLD-da51edb5fe117b96d2a3761a3b735776c8cb05cb.tar.bz2 opensim-SC_OLD-da51edb5fe117b96d2a3761a3b735776c8cb05cb.tar.xz | |
Fix the new permissions error introduced with the inventory fix
The fix to allow setting perms in inventory accidentally caused folded
permissions to be used as a mask for the next owner perms. The current
solution isn't optimal but better than anything else we have had.
Legacy objects may experience a net loss of permissions if trying to
set their perms in inventory, this is deemed preferable to the prior
privilege escalation possibility. New items will handle properly.
Diffstat (limited to 'OpenSim/Region/CoreModules/Framework')
| -rw-r--r-- | OpenSim/Region/CoreModules/Framework/InventoryAccess/InventoryAccessModule.cs | 29 |
1 files changed, 22 insertions, 7 deletions
diff --git a/OpenSim/Region/CoreModules/Framework/InventoryAccess/InventoryAccessModule.cs b/OpenSim/Region/CoreModules/Framework/InventoryAccess/InventoryAccessModule.cs index 0104823..f8a2c2e 100644 --- a/OpenSim/Region/CoreModules/Framework/InventoryAccess/InventoryAccessModule.cs +++ b/OpenSim/Region/CoreModules/Framework/InventoryAccess/InventoryAccessModule.cs | |||
| @@ -1124,7 +1124,7 @@ namespace OpenSim.Region.CoreModules.Framework.InventoryAccess | |||
| 1124 | // rootPart.OwnerID, item.Owner, item.CurrentPermissions); | 1124 | // rootPart.OwnerID, item.Owner, item.CurrentPermissions); |
| 1125 | 1125 | ||
| 1126 | if ((rootPart.OwnerID != item.Owner) || | 1126 | if ((rootPart.OwnerID != item.Owner) || |
| 1127 | (item.CurrentPermissions & 16) != 0 || | 1127 | (item.CurrentPermissions & 8) != 0 || |
| 1128 | (item.Flags & (uint)InventoryItemFlags.ObjectSlamPerm) != 0) | 1128 | (item.Flags & (uint)InventoryItemFlags.ObjectSlamPerm) != 0) |
| 1129 | { | 1129 | { |
| 1130 | //Need to kill the for sale here | 1130 | //Need to kill the for sale here |
| @@ -1142,22 +1142,37 @@ namespace OpenSim.Region.CoreModules.Framework.InventoryAccess | |||
| 1142 | part.RezzerID = item.Owner; | 1142 | part.RezzerID = item.Owner; |
| 1143 | part.Inventory.ChangeInventoryOwner(item.Owner); | 1143 | part.Inventory.ChangeInventoryOwner(item.Owner); |
| 1144 | 1144 | ||
| 1145 | // This applies the base mask from the item as the next | 1145 | // Reconstruct the original item's base permissions. They |
| 1146 | // permissions for the object. This is correct because the | 1146 | // can be found in the lower (folded) bits. |
| 1147 | // giver's base mask was masked by the giver's next owner | 1147 | if ((item.BasePermissions & (uint)PermissionMask.FoldedMask) != 0) |
| 1148 | // mask, so the base mask equals the original next owner mask. | 1148 | { |
| 1149 | part.NextOwnerMask = item.BasePermissions; | 1149 | // We have permissions stored there so use them |
| 1150 | part.NextOwnerMask = ((item.BasePermissions & 7) << 13); | ||
| 1151 | if ((item.BasePermissions & (uint)PermissionMask.FoldedExport) != 0) | ||
| 1152 | part.NextOwnerMask |= (uint)PermissionMask.Export; | ||
| 1153 | part.NextOwnerMask |= (uint)PermissionMask.Move; | ||
| 1154 | } | ||
| 1155 | else | ||
| 1156 | { | ||
| 1157 | // This is a legacy object and we can't avoid the issues that | ||
| 1158 | // caused perms loss or escalation before, treat it the legacy | ||
| 1159 | // way. | ||
| 1160 | part.NextOwnerMask = item.NextPermissions; | ||
| 1161 | } | ||
| 1150 | } | 1162 | } |
| 1151 | 1163 | ||
| 1152 | so.ApplyNextOwnerPermissions(); | 1164 | so.ApplyNextOwnerPermissions(); |
| 1153 | 1165 | ||
| 1154 | // In case the user has changed flags on a received item | 1166 | // In case the user has changed flags on a received item |
| 1155 | // we have to apply those changes after the slam. Else we | 1167 | // we have to apply those changes after the slam. Else we |
| 1156 | // get a net loss of permissions | 1168 | // get a net loss of permissions. |
| 1169 | // On legacy objects, this opts for a loss of permissions rather | ||
| 1170 | // than the previous handling that allowed escalation. | ||
| 1157 | foreach (SceneObjectPart part in so.Parts) | 1171 | foreach (SceneObjectPart part in so.Parts) |
| 1158 | { | 1172 | { |
| 1159 | if ((item.Flags & (uint)InventoryItemFlags.ObjectHasMultipleItems) == 0) | 1173 | if ((item.Flags & (uint)InventoryItemFlags.ObjectHasMultipleItems) == 0) |
| 1160 | { | 1174 | { |
| 1175 | part.GroupMask = item.GroupPermissions & part.BaseMask; | ||
| 1161 | part.EveryoneMask = item.EveryOnePermissions & part.BaseMask; | 1176 | part.EveryoneMask = item.EveryOnePermissions & part.BaseMask; |
| 1162 | part.NextOwnerMask = item.NextPermissions & part.BaseMask; | 1177 | part.NextOwnerMask = item.NextPermissions & part.BaseMask; |
| 1163 | } | 1178 | } |