From ab260b5d23da0cf02973583bd869ad8901d63b92 Mon Sep 17 00:00:00 2001
From: Melanie Thielker
Date: Fri, 3 Oct 2008 21:44:33 +0000
Subject: Fix: Mantis#2326: Fix: privilege escalation through attach from
ground Fix: objects being duplicated inventory on detach. Fix: Mad jumping
around of attachments while editing. Fix: Attachments being persisted to
database on login. Fix: Attachments being persisted when changed by a script
like invisprim refresh. Fix: Attachpoint set, but not reset correctly. Fix:
prevent spurious full updates while editing attachments. Several other fixes
---
OpenSim/Region/Environment/Scenes/InnerScene.cs | 14 ++++-
.../Region/Environment/Scenes/Scene.Inventory.cs | 69 +++++++++-------------
.../Region/Environment/Scenes/SceneObjectGroup.cs | 34 +++++++----
.../Region/Environment/Scenes/SceneObjectPart.cs | 5 ++
.../ScriptEngine/DotNetEngine/EventManager.cs | 2 +-
OpenSim/Region/ScriptEngine/XEngine/XEngine.cs | 2 +-
6 files changed, 67 insertions(+), 59 deletions(-)
diff --git a/OpenSim/Region/Environment/Scenes/InnerScene.cs b/OpenSim/Region/Environment/Scenes/InnerScene.cs
index f58f334..65fa544 100644
--- a/OpenSim/Region/Environment/Scenes/InnerScene.cs
+++ b/OpenSim/Region/Environment/Scenes/InnerScene.cs
@@ -418,8 +418,18 @@ namespace OpenSim.Region.Environment.Scenes
///
protected internal void AttachObject(IClientAPI remoteClient, uint objectLocalID, uint AttachmentPt, Quaternion rot)
{
- // Calls attach with a Zero position
+ // If we can't take it, we can't attach it!
+ //
+ SceneObjectPart part = m_parentScene.GetSceneObjectPart(objectLocalID);
+ if (part == null)
+ return;
+ if (!m_parentScene.ExternalChecks.ExternalChecksCanTakeObject(
+ part.UUID, remoteClient.AgentId))
+ return;
+
+ // Calls attach with a Zero position
+ //
AttachObject(remoteClient, objectLocalID, AttachmentPt, rot, Vector3.Zero);
}
@@ -431,6 +441,7 @@ namespace OpenSim.Region.Environment.Scenes
(uint)(PermissionMask.Copy | PermissionMask.Move | PermissionMask.Modify | PermissionMask.Transfer),
(uint)(PermissionMask.Copy | PermissionMask.Move | PermissionMask.Modify | PermissionMask.Transfer),
ItemFlags, false, false, remoteClient.AgentId, true);
+ objatt.SetAttachmentPoint(Convert.ToByte(AttachmentPt));
if (objatt != null)
{
@@ -514,7 +525,6 @@ namespace OpenSim.Region.Environment.Scenes
UUID newAssetID = m_parentScene.attachObjectAssetStore(remoteClient, group, remoteClient.AgentId);
// sets assetID so client can show asset as 'attached' in inventory
- group.SetFromAssetID(newAssetID);
}
group.AttachToAgent(remoteClient.AgentId, AttachmentPt, attachPos);
// In case it is later dropped again, don't let
diff --git a/OpenSim/Region/Environment/Scenes/Scene.Inventory.cs b/OpenSim/Region/Environment/Scenes/Scene.Inventory.cs
index 8557b1c..a7bce49 100644
--- a/OpenSim/Region/Environment/Scenes/Scene.Inventory.cs
+++ b/OpenSim/Region/Environment/Scenes/Scene.Inventory.cs
@@ -1684,7 +1684,8 @@ namespace OpenSim.Region.Environment.Scenes
Queue searchfolders = new Queue();
searchfolders.Enqueue(userInfo.RootFolder);
- UUID foundFolder = userInfo.RootFolder.ID;
+ UUID foundFolder = UUID.Zero;
+ InventoryItemBase item = null;
// search through folders to find the asset.
while (searchfolders.Count > 0)
@@ -1696,6 +1697,7 @@ namespace OpenSim.Region.Environment.Scenes
{
if (fld.Items.ContainsKey(assetID))
{
+ item = fld.Items[assetID];
foundFolder = fld.ID;
searchfolders.Clear();
break;
@@ -1711,49 +1713,30 @@ namespace OpenSim.Region.Environment.Scenes
}
}
- AssetBase asset = CreateAsset(
- objectGroup.GetPartName(objectGroup.LocalId),
- objectGroup.GetPartDescription(objectGroup.LocalId),
- (sbyte)AssetType.Object,
- Utils.StringToBytes(sceneObjectXml));
- AssetCache.AddAsset(asset);
-
- InventoryItemBase item = new InventoryItemBase();
- item.Creator = objectGroup.RootPart.CreatorID;
- item.Owner = agentID;
- item.ID = assetID;
- item.AssetID = asset.FullID;
- item.Description = asset.Description;
- item.Name = asset.Name;
- item.AssetType = asset.Type;
- item.InvType = (int)InventoryType.Object;
-
- // Sticking it in root folder for now.. objects folder later?
-
- item.Folder = foundFolder;// DeRezPacket.AgentBlock.DestinationID;
- if ((agentID != objectGroup.RootPart.OwnerID) && ExternalChecks.ExternalChecksPropagatePermissions())
- {
- item.BasePermissions = objectGroup.RootPart.NextOwnerMask;
- item.CurrentPermissions = objectGroup.RootPart.NextOwnerMask;
- item.NextPermissions = objectGroup.RootPart.NextOwnerMask;
- item.EveryOnePermissions = objectGroup.RootPart.EveryoneMask & objectGroup.RootPart.NextOwnerMask;
- }
- else
+ if (foundFolder != UUID.Zero && item != null)
{
- item.BasePermissions = objectGroup.GetEffectivePermissions();
- item.CurrentPermissions = objectGroup.GetEffectivePermissions();
- item.NextPermissions = objectGroup.RootPart.NextOwnerMask;
- item.EveryOnePermissions = objectGroup.RootPart.EveryoneMask;
- }
+ AssetBase asset = CreateAsset(
+ objectGroup.GetPartName(objectGroup.LocalId),
+ objectGroup.GetPartDescription(objectGroup.LocalId),
+ (sbyte)AssetType.Object,
+ Utils.StringToBytes(sceneObjectXml));
+ AssetCache.AddAsset(asset);
- userInfo.AddItem(item);
+ item.AssetID = asset.FullID;
+ item.Description = asset.Description;
+ item.Name = asset.Name;
+ item.AssetType = asset.Type;
+ item.InvType = (int)InventoryType.Object;
+ item.Folder = foundFolder;
- // this gets called when the agent loggs off!
- if (remoteClient != null)
- {
- remoteClient.SendInventoryItemCreateUpdate(item);
- }
+ userInfo.UpdateItem(item);
+ // this gets called when the agent loggs off!
+ if (remoteClient != null)
+ {
+ remoteClient.SendInventoryItemCreateUpdate(item);
+ }
+ }
}
}
}
@@ -1786,9 +1769,8 @@ namespace OpenSim.Region.Environment.Scenes
item.AssetType = asset.Type;
item.InvType = (int)InventoryType.Object;
- // Sticking it in root folder for now.. objects folder later?
+ item.Folder = UUID.Zero; // Objects folder!
- item.Folder = userInfo.RootFolder.ID;// DeRezPacket.AgentBlock.DestinationID;
if ((remoteClient.AgentId != objectGroup.RootPart.OwnerID) && ExternalChecks.ExternalChecksPropagatePermissions())
{
item.BasePermissions = objectGroup.RootPart.NextOwnerMask;
@@ -1805,8 +1787,11 @@ namespace OpenSim.Region.Environment.Scenes
}
item.CreationDate = Util.UnixTimeSinceEpoch();
+ grp.SetFromAssetID(item.ID);
+
userInfo.AddItem(item);
remoteClient.SendInventoryItemCreateUpdate(item);
+
return item.AssetID;
}
return UUID.Zero;
diff --git a/OpenSim/Region/Environment/Scenes/SceneObjectGroup.cs b/OpenSim/Region/Environment/Scenes/SceneObjectGroup.cs
index c779a5d..6cd0bae 100644
--- a/OpenSim/Region/Environment/Scenes/SceneObjectGroup.cs
+++ b/OpenSim/Region/Environment/Scenes/SceneObjectGroup.cs
@@ -734,16 +734,18 @@ namespace OpenSim.Region.Environment.Scenes
m_rootPart.IsAttachment = true;
m_rootPart.SetParentLocalId(avatar.LocalId);
- lock (m_parts)
- {
- foreach (SceneObjectPart part in m_parts.Values)
- {
- part.SetAttachmentPoint(attachmentpoint);
- }
- }
+ SetAttachmentPoint(Convert.ToByte(attachmentpoint));
avatar.AddAttachment(this);
- m_rootPart.ScheduleFullUpdate();
+ // Killing it here will cause the client to deselect it
+ // It then reappears on the avatar, deselected
+ // through the full update below
+ //
+ foreach (SceneObjectPart part in m_parts.Values)
+ m_scene.SendKiPrimitive(part.LocalId);
+
+ IsSelected = false; // fudge....
+ ScheduleGroupForFullUpdate();
}
}
public byte GetAttachmentPoint()
@@ -757,10 +759,7 @@ namespace OpenSim.Region.Environment.Scenes
public void ClearPartAttachmentData()
{
- foreach (SceneObjectPart part in m_parts.Values)
- {
- part.SetAttachmentPoint((Byte)0);
- }
+ SetAttachmentPoint((Byte)0);
}
public void DetachToGround()
@@ -775,7 +774,7 @@ namespace OpenSim.Region.Environment.Scenes
AbsolutePosition = detachedpos;
m_rootPart.AttachedAvatar = UUID.Zero;
m_rootPart.SetParentLocalId(0);
- m_rootPart.SetAttachmentPoint((byte)0);
+ SetAttachmentPoint((byte)0);
m_rootPart.IsAttachment = false;
m_rootPart.ApplyPhysics(m_rootPart.GetEffectiveObjectFlags(), m_scene.m_physicalPrim);
HasGroupChanged = true;
@@ -2755,5 +2754,14 @@ namespace OpenSim.Region.Environment.Scenes
{
return String.Format("{0} {1} ({2})", Name, UUID, AbsolutePosition);
}
+
+ public void SetAttachmentPoint(byte point)
+ {
+ lock(m_parts)
+ {
+ foreach (SceneObjectPart part in m_parts.Values)
+ part.SetAttachmentPoint(point);
+ }
+ }
}
}
diff --git a/OpenSim/Region/Environment/Scenes/SceneObjectPart.cs b/OpenSim/Region/Environment/Scenes/SceneObjectPart.cs
index a214884..80c4259 100644
--- a/OpenSim/Region/Environment/Scenes/SceneObjectPart.cs
+++ b/OpenSim/Region/Environment/Scenes/SceneObjectPart.cs
@@ -2097,6 +2097,11 @@ namespace OpenSim.Region.Environment.Scenes
///
public void SendFullUpdateToClient(IClientAPI remoteClient, Vector3 lPos, uint clientFlags)
{
+ // Suppress full updates during attachment editing
+ //
+ if (ParentGroup.IsSelected && IsAttachment)
+ return;
+
clientFlags &= ~(uint) PrimFlags.CreateSelected;
if (remoteClient.AgentId == _ownerID)
diff --git a/OpenSim/Region/ScriptEngine/DotNetEngine/EventManager.cs b/OpenSim/Region/ScriptEngine/DotNetEngine/EventManager.cs
index ef5f83d..4abea40 100644
--- a/OpenSim/Region/ScriptEngine/DotNetEngine/EventManager.cs
+++ b/OpenSim/Region/ScriptEngine/DotNetEngine/EventManager.cs
@@ -244,7 +244,7 @@ namespace OpenSim.Region.ScriptEngine.DotNetEngine
int lineEnd = script.IndexOf('\n');
- if (lineEnd != -1)
+ if (lineEnd > 1)
{
string firstline = script.Substring(0, lineEnd).Trim();
diff --git a/OpenSim/Region/ScriptEngine/XEngine/XEngine.cs b/OpenSim/Region/ScriptEngine/XEngine/XEngine.cs
index 1833d5c..47f04d5 100644
--- a/OpenSim/Region/ScriptEngine/XEngine/XEngine.cs
+++ b/OpenSim/Region/ScriptEngine/XEngine/XEngine.cs
@@ -342,7 +342,7 @@ namespace OpenSim.Region.ScriptEngine.XEngine
int lineEnd = script.IndexOf('\n');
- if (lineEnd != 1)
+ if (lineEnd > 1)
{
string firstline = script.Substring(0, lineEnd).Trim();
--
cgit v1.1