From dd14016885d9c9a411ffc19b0afb0a6771d47cad Mon Sep 17 00:00:00 2001 From: Melanie Date: Tue, 13 Jul 2010 20:45:16 +0100 Subject: Revamp the permissions propagation. This MAY mess up. Please test. Change the slam bit from 3 to 4. Assume the old slam bit is always set. The new slam bit is a "changed owner" bit, correcting a bug where an item passed from the creator to another with less than full perms, then back (sale test) would arrive back full perm. Lots of in-code docs. --- OpenSim/Region/Framework/Scenes/Scene.Inventory.cs | 134 +++++++++++++++------ OpenSim/Region/Framework/Scenes/Scene.cs | 2 +- .../Framework/Scenes/SceneObjectGroup.Inventory.cs | 5 +- .../Framework/Scenes/SceneObjectPartInventory.cs | 1 - 4 files changed, 103 insertions(+), 39 deletions(-) (limited to 'OpenSim/Region/Framework') diff --git a/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs b/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs index 9ba13ae..34461dc 100644 --- a/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs +++ b/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs @@ -265,6 +265,10 @@ namespace OpenSim.Region.Framework.Scenes public void UpdateInventoryItemAsset(IClientAPI remoteClient, UUID transactionID, UUID itemID, InventoryItemBase itemUpd) { + // This one will let people set next perms on items in agent + // inventory. Rut-Roh. Whatever. Make this secure. Yeah. + // + // Passing something to another avatar or a an object will already InventoryItemBase item = new InventoryItemBase(itemID, remoteClient.AgentId); item = InventoryService.GetItem(item); @@ -274,11 +278,9 @@ namespace OpenSim.Region.Framework.Scenes { item.Name = itemUpd.Name; item.Description = itemUpd.Description; - item.NextPermissions = itemUpd.NextPermissions; - item.CurrentPermissions |= 8; // Slam! - item.EveryOnePermissions = itemUpd.EveryOnePermissions; - item.GroupPermissions = itemUpd.GroupPermissions; - + item.NextPermissions = itemUpd.NextPermissions & item.BasePermissions; + item.EveryOnePermissions = itemUpd.EveryOnePermissions & item.BasePermissions; + item.GroupPermissions = itemUpd.GroupPermissions & item.BasePermissions; item.GroupID = itemUpd.GroupID; item.GroupOwned = itemUpd.GroupOwned; item.CreationDate = itemUpd.CreationDate; @@ -384,28 +386,96 @@ namespace OpenSim.Region.Framework.Scenes if (Permissions.PropagatePermissions() && recipient != senderId) { - // First, make sore base is limited to the next perms - itemCopy.BasePermissions = item.BasePermissions & (item.NextPermissions | (uint)PermissionMask.Move); - // By default, current equals base - itemCopy.CurrentPermissions = itemCopy.BasePermissions & item.CurrentPermissions; - - // If this is an object, replace current perms - // with folded perms + // Trying to do this right this time. This is evil. If + // you believe in Good, go elsewhere. Vampires and other + // evil creatores only beyond this point. You have been + // warned. + + // We're going to mask a lot of things by the next perms + // Tweak the next perms to be nicer to our data + // + // In this mask, all the bits we do NOT want to mess + // with are set. These are: + // + // Transfer + // Copy + // Modufy + uint permsMask = ~ ((uint)PermissionMask.Copy | + (uint)PermissionMask.Transfer | + (uint)PermissionMask.Modify); + + // Now, reduce the next perms to the mask bits + // relevant to the operation + uint nextPerms = permsMask | (item.NextPermissions & + ((uint)PermissionMask.Copy | + (uint)PermissionMask.Transfer | + (uint)PermissionMask.Modify)); + + // nextPerms now has all bits set, except for the actual + // next permission bits. + + // This checks for no mod, no copy, no trans. + // This indicates an error or messed up item. Do it like + // SL and assume trans + if (nextPerms == permsMask) + nextPerms |= (uint)PermissionMask.Transfer; + + // Inventory owner perms are the logical AND of the + // folded perms and the root prim perms, however, if + // the root prim is mod, the inventory perms will be + // mod. This happens on "take" and is of little concern + // here, save for preventing escalation + + // This hack ensures that items previously permalocked + // get unlocked when they're passed or rezzed + uint basePerms = item.BasePermissions | + (uint)PermissionMask.Move; + uint ownerPerms = item.CurrentPermissions; + + // Mask the base permissions. This is a conservative + // approach altering only the three main perms + basePerms &= nextPerms; + + // If this is an object, root prim perms may be more + // permissive than folded perms. Use folded perms as + // a mask if (item.InvType == (int)InventoryType.Object) { - itemCopy.CurrentPermissions &= ~(uint)(PermissionMask.Copy | PermissionMask.Modify | PermissionMask.Transfer); - itemCopy.CurrentPermissions |= (item.CurrentPermissions & 7) << 13; + // Create a safe mask for the current perms + uint foldedPerms = (item.CurrentPermissions & 7) << 13; + foldedPerms |= permsMask; + + bool isRootMod = (item.CurrentPermissions & + (uint)PermissionMask.Modify) != 0 ? + true : false; + + // Mask the owner perms to the folded perms + ownerPerms &= foldedPerms; + + // If the root was mod, let the mask reflect that + if (isRootMod) + ownerPerms |= (uint)PermissionMask.Modify; } - // Ensure there is no escalation - itemCopy.CurrentPermissions &= (item.NextPermissions | (uint)PermissionMask.Move); + // These will be applied to the root prim at next rez. + // The slam bit (bit 3) and folded permission (bits 0-2) + // are preserved due to the above mangling + ownerPerms &= nextPerms; - // Need slam bit on xfer - itemCopy.CurrentPermissions |= 8; + // Assign to the actual item. Make sure the slam bit is + // set, if it wasn't set before. + itemCopy.BasePermissions = basePerms; + itemCopy.CurrentPermissions = ownerPerms | 16; // Slam itemCopy.NextPermissions = item.NextPermissions; - itemCopy.EveryOnePermissions = 0; + // This preserves "everyone can move" + itemCopy.EveryOnePermissions = item.EveryOnePermissions & + nextPerms; + + // Intentionally killing "share with group" here, as + // the recipient will not have the group this is + // set to itemCopy.GroupPermissions = 0; } else @@ -903,7 +973,7 @@ namespace OpenSim.Region.Framework.Scenes else agentItem.CurrentPermissions = agentItem.BasePermissions & taskItem.CurrentPermissions; - agentItem.CurrentPermissions |= 8; + agentItem.CurrentPermissions |= 16; // Slam agentItem.NextPermissions = taskItem.NextPermissions; agentItem.EveryOnePermissions = taskItem.EveryonePermissions & (taskItem.NextPermissions | (uint)PermissionMask.Move); agentItem.GroupPermissions = taskItem.GroupPermissions & taskItem.NextPermissions; @@ -1094,7 +1164,7 @@ namespace OpenSim.Region.Framework.Scenes (srcTaskItem.NextPermissions | (uint)PermissionMask.Move); destTaskItem.BasePermissions = srcTaskItem.BasePermissions & (srcTaskItem.NextPermissions | (uint)PermissionMask.Move); - destTaskItem.CurrentPermissions |= 8; // Slam! + destTaskItem.CurrentPermissions |= 16; // Slam! } } @@ -1478,7 +1548,7 @@ namespace OpenSim.Region.Framework.Scenes srcTaskItem.NextPermissions; destTaskItem.BasePermissions = srcTaskItem.BasePermissions & srcTaskItem.NextPermissions; - destTaskItem.CurrentPermissions |= 8; // Slam! + destTaskItem.CurrentPermissions |= 16; // Slam! } } @@ -1864,17 +1934,14 @@ namespace OpenSim.Region.Framework.Scenes group.SetGroup(sourcePart.GroupID, null); - if (rootPart.OwnerID != item.OwnerID) + if ((rootPart.OwnerID != item.OwnerID) || (item.CurrentPermissions & 16) != 0) { if (Permissions.PropagatePermissions()) { - if ((item.CurrentPermissions & 8) != 0) + foreach (SceneObjectPart part in partList) { - foreach (SceneObjectPart part in partList) - { - part.EveryoneMask = item.EveryonePermissions; - part.NextOwnerMask = item.NextPermissions; - } + part.EveryoneMask = item.EveryonePermissions; + part.NextOwnerMask = item.NextPermissions; } group.ApplyNextOwnerPermissions(); } @@ -1882,17 +1949,14 @@ namespace OpenSim.Region.Framework.Scenes foreach (SceneObjectPart part in partList) { - if (part.OwnerID != item.OwnerID) + if ((part.OwnerID != item.OwnerID) || (item.CurrentPermissions & 16) != 0) { part.LastOwnerID = part.OwnerID; part.OwnerID = item.OwnerID; part.Inventory.ChangeInventoryOwner(item.OwnerID); } - else if ((item.CurrentPermissions & 8) != 0) // Slam! - { - part.EveryoneMask = item.EveryonePermissions; - part.NextOwnerMask = item.NextPermissions; - } + part.EveryoneMask = item.EveryonePermissions; + part.NextOwnerMask = item.NextPermissions; } rootPart.TrimPermissions(); diff --git a/OpenSim/Region/Framework/Scenes/Scene.cs b/OpenSim/Region/Framework/Scenes/Scene.cs index e2ab643..f7d2d37 100644 --- a/OpenSim/Region/Framework/Scenes/Scene.cs +++ b/OpenSim/Region/Framework/Scenes/Scene.cs @@ -4731,7 +4731,7 @@ namespace OpenSim.Region.Framework.Scenes part.NextOwnerMask; item.GroupPermissions = part.GroupMask & part.NextOwnerMask; - item.CurrentPermissions |= 8; // Slam! + item.CurrentPermissions |= 16; // Slam! item.CreationDate = Util.UnixTimeSinceEpoch(); if (InventoryService.AddItem(item)) diff --git a/OpenSim/Region/Framework/Scenes/SceneObjectGroup.Inventory.cs b/OpenSim/Region/Framework/Scenes/SceneObjectGroup.Inventory.cs index f7e46af..55d2e32 100644 --- a/OpenSim/Region/Framework/Scenes/SceneObjectGroup.Inventory.cs +++ b/OpenSim/Region/Framework/Scenes/SceneObjectGroup.Inventory.cs @@ -172,13 +172,14 @@ namespace OpenSim.Region.Framework.Scenes taskItem.GroupPermissions = item.GroupPermissions & item.NextPermissions; taskItem.NextPermissions = item.NextPermissions; - taskItem.CurrentPermissions |= 8; + // We're adding this to a prim we don't own. Force + // owner change + taskItem.CurrentPermissions |= 16; // Slam } else { taskItem.BasePermissions = item.BasePermissions; taskItem.CurrentPermissions = item.CurrentPermissions; - taskItem.CurrentPermissions |= 8; taskItem.EveryonePermissions = item.EveryOnePermissions; taskItem.GroupPermissions = item.GroupPermissions; taskItem.NextPermissions = item.NextPermissions; diff --git a/OpenSim/Region/Framework/Scenes/SceneObjectPartInventory.cs b/OpenSim/Region/Framework/Scenes/SceneObjectPartInventory.cs index 3a8f168..cabcf37 100644 --- a/OpenSim/Region/Framework/Scenes/SceneObjectPartInventory.cs +++ b/OpenSim/Region/Framework/Scenes/SceneObjectPartInventory.cs @@ -952,7 +952,6 @@ namespace OpenSim.Region.Framework.Scenes item.CurrentPermissions &= ~(uint)PermissionMask.Transfer; if ((item.CurrentPermissions & ((uint)PermissionMask.Modify >> 13)) == 0) item.CurrentPermissions &= ~(uint)PermissionMask.Modify; - item.CurrentPermissions |= 8; } item.CurrentPermissions &= item.NextPermissions; item.BasePermissions &= item.NextPermissions; -- cgit v1.1 From cd8bb316ea1bd0fc039c63ad75500a3b9c2d4248 Mon Sep 17 00:00:00 2001 From: Melanie Thielker Date: Wed, 14 Jul 2010 03:59:26 +0200 Subject: Remove getting the object capacity from the money module. It is now set directly from the Region Info (and the region ini file) --- OpenSim/Region/Framework/Scenes/Scene.cs | 18 +----------------- 1 file changed, 1 insertion(+), 17 deletions(-) (limited to 'OpenSim/Region/Framework') diff --git a/OpenSim/Region/Framework/Scenes/Scene.cs b/OpenSim/Region/Framework/Scenes/Scene.cs index f7d2d37..40176ec 100644 --- a/OpenSim/Region/Framework/Scenes/Scene.cs +++ b/OpenSim/Region/Framework/Scenes/Scene.cs @@ -478,8 +478,6 @@ namespace OpenSim.Region.Framework.Scenes set { m_sceneGraph.RestorePresences = value; } } - public int objectCapacity = 45000; - #endregion #region BinaryStats @@ -687,7 +685,7 @@ namespace OpenSim.Region.Framework.Scenes StatsReporter.OnSendStatsResult += SendSimStatsPackets; StatsReporter.OnStatsIncorrect += m_sceneGraph.RecalculateStats; - StatsReporter.SetObjectCapacity(objectCapacity); + StatsReporter.SetObjectCapacity(RegionInfo.ObjectCapacity); // Old /* @@ -4119,20 +4117,6 @@ namespace OpenSim.Region.Framework.Scenes #region Other Methods - public void SetObjectCapacity(int objects) - { - // Region specific config overrides global - // - if (RegionInfo.ObjectCapacity != 0) - objects = RegionInfo.ObjectCapacity; - - if (StatsReporter != null) - { - StatsReporter.SetObjectCapacity(objects); - } - objectCapacity = objects; - } - #endregion public void HandleObjectPermissionsUpdate(IClientAPI controller, UUID agentID, UUID sessionID, byte field, uint localId, uint mask, byte set) -- cgit v1.1 From 87fb19162ed0a7a66c576deda25717efa24029b2 Mon Sep 17 00:00:00 2001 From: Diva Canto Date: Wed, 14 Jul 2010 06:57:56 -0700 Subject: More on mantis #4869. This fixes the problem of objects showing up as no copy when they are copy-able. It works, but I have no idea what I'm doing. --- OpenSim/Region/Framework/Scenes/Scene.Inventory.cs | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'OpenSim/Region/Framework') diff --git a/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs b/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs index 34461dc..daacdf0 100644 --- a/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs +++ b/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs @@ -276,6 +276,7 @@ namespace OpenSim.Region.Framework.Scenes { if (UUID.Zero == transactionID) { + m_log.DebugFormat("[XXX] UUID.Zero = transactionID"); item.Name = itemUpd.Name; item.Description = itemUpd.Description; item.NextPermissions = itemUpd.NextPermissions & item.BasePermissions; @@ -302,6 +303,7 @@ namespace OpenSim.Region.Framework.Scenes } else { + m_log.DebugFormat("[XXX] UUID.Zero != transactionID"); IAgentAssetTransactions agentTransactions = this.RequestModuleInterface(); if (agentTransactions != null) { @@ -386,6 +388,7 @@ namespace OpenSim.Region.Framework.Scenes if (Permissions.PropagatePermissions() && recipient != senderId) { + m_log.Debug("[XXX] Permissions.PropagatePermissions()"); // Trying to do this right this time. This is evil. If // you believe in Good, go elsewhere. Vampires and other // evil creatores only beyond this point. You have been @@ -449,12 +452,18 @@ namespace OpenSim.Region.Framework.Scenes (uint)PermissionMask.Modify) != 0 ? true : false; + bool isRootCopy = (item.CurrentPermissions & + (uint)PermissionMask.Copy) != 0 ? + true : false; + // Mask the owner perms to the folded perms ownerPerms &= foldedPerms; // If the root was mod, let the mask reflect that if (isRootMod) ownerPerms |= (uint)PermissionMask.Modify; + if (isRootCopy) + ownerPerms |= (uint)PermissionMask.Copy; } // These will be applied to the root prim at next rez. -- cgit v1.1 From bec1d7cc36bb01beed912b482612a69ff14287c9 Mon Sep 17 00:00:00 2001 From: Diva Canto Date: Wed, 14 Jul 2010 07:00:24 -0700 Subject: Removed left-over debug messages. --- OpenSim/Region/Framework/Scenes/Scene.Inventory.cs | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) (limited to 'OpenSim/Region/Framework') diff --git a/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs b/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs index daacdf0..142143b 100644 --- a/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs +++ b/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs @@ -276,7 +276,7 @@ namespace OpenSim.Region.Framework.Scenes { if (UUID.Zero == transactionID) { - m_log.DebugFormat("[XXX] UUID.Zero = transactionID"); + item.Name = itemUpd.Name; item.Description = itemUpd.Description; item.NextPermissions = itemUpd.NextPermissions & item.BasePermissions; @@ -303,7 +303,6 @@ namespace OpenSim.Region.Framework.Scenes } else { - m_log.DebugFormat("[XXX] UUID.Zero != transactionID"); IAgentAssetTransactions agentTransactions = this.RequestModuleInterface(); if (agentTransactions != null) { @@ -388,7 +387,6 @@ namespace OpenSim.Region.Framework.Scenes if (Permissions.PropagatePermissions() && recipient != senderId) { - m_log.Debug("[XXX] Permissions.PropagatePermissions()"); // Trying to do this right this time. This is evil. If // you believe in Good, go elsewhere. Vampires and other // evil creatores only beyond this point. You have been -- cgit v1.1 From 33aa7ba7dc19a37698d9a799d19a3d2e57b5115b Mon Sep 17 00:00:00 2001 From: Melanie Date: Wed, 14 Jul 2010 14:59:34 +0100 Subject: Revert "More on mantis #4869. This fixes the problem of objects showing up as no copy when they are copy-able. It works, but I have no idea what I'm doing." Cuauses a permission escalation. do NOT USE the preceding commit --- OpenSim/Region/Framework/Scenes/Scene.Inventory.cs | 7 ------- 1 file changed, 7 deletions(-) (limited to 'OpenSim/Region/Framework') diff --git a/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs b/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs index 142143b..34461dc 100644 --- a/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs +++ b/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs @@ -276,7 +276,6 @@ namespace OpenSim.Region.Framework.Scenes { if (UUID.Zero == transactionID) { - item.Name = itemUpd.Name; item.Description = itemUpd.Description; item.NextPermissions = itemUpd.NextPermissions & item.BasePermissions; @@ -450,18 +449,12 @@ namespace OpenSim.Region.Framework.Scenes (uint)PermissionMask.Modify) != 0 ? true : false; - bool isRootCopy = (item.CurrentPermissions & - (uint)PermissionMask.Copy) != 0 ? - true : false; - // Mask the owner perms to the folded perms ownerPerms &= foldedPerms; // If the root was mod, let the mask reflect that if (isRootMod) ownerPerms |= (uint)PermissionMask.Modify; - if (isRootCopy) - ownerPerms |= (uint)PermissionMask.Copy; } // These will be applied to the root prim at next rez. -- cgit v1.1 From 39cd57598bf21c10bf5f187a65d37ba2c07c775b Mon Sep 17 00:00:00 2001 From: Melanie Thielker Date: Wed, 14 Jul 2010 16:21:55 +0200 Subject: Fix a permissions issue --- OpenSim/Region/Framework/Scenes/Scene.Inventory.cs | 15 +++++++++++---- .../Framework/Scenes/SceneObjectGroup.Inventory.cs | 18 +++++++++++------- 2 files changed, 22 insertions(+), 11 deletions(-) (limited to 'OpenSim/Region/Framework') diff --git a/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs b/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs index 34461dc..2578685 100644 --- a/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs +++ b/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs @@ -432,10 +432,6 @@ namespace OpenSim.Region.Framework.Scenes (uint)PermissionMask.Move; uint ownerPerms = item.CurrentPermissions; - // Mask the base permissions. This is a conservative - // approach altering only the three main perms - basePerms &= nextPerms; - // If this is an object, root prim perms may be more // permissive than folded perms. Use folded perms as // a mask @@ -451,10 +447,17 @@ namespace OpenSim.Region.Framework.Scenes // Mask the owner perms to the folded perms ownerPerms &= foldedPerms; + basePerms &= foldedPerms; // If the root was mod, let the mask reflect that + // We also need to adjust the base here, because + // we should be able to edit in-inventory perms + // for the root prim, if it's mod. if (isRootMod) + { ownerPerms |= (uint)PermissionMask.Modify; + basePerms |= (uint)PermissionMask.Modify; + } } // These will be applied to the root prim at next rez. @@ -462,6 +465,10 @@ namespace OpenSim.Region.Framework.Scenes // are preserved due to the above mangling ownerPerms &= nextPerms; + // Mask the base permissions. This is a conservative + // approach altering only the three main perms + basePerms &= nextPerms; + // Assign to the actual item. Make sure the slam bit is // set, if it wasn't set before. itemCopy.BasePermissions = basePerms; diff --git a/OpenSim/Region/Framework/Scenes/SceneObjectGroup.Inventory.cs b/OpenSim/Region/Framework/Scenes/SceneObjectGroup.Inventory.cs index 55d2e32..9a01a28 100644 --- a/OpenSim/Region/Framework/Scenes/SceneObjectGroup.Inventory.cs +++ b/OpenSim/Region/Framework/Scenes/SceneObjectGroup.Inventory.cs @@ -282,7 +282,7 @@ namespace OpenSim.Region.Framework.Scenes PermissionMask.Move | PermissionMask.Transfer) | 7; - uint ownerMask = 0x7ffffff; + uint ownerMask = 0x7fffffff; foreach (SceneObjectPart part in m_parts.Values) { ownerMask &= part.OwnerMask; @@ -296,12 +296,16 @@ namespace OpenSim.Region.Framework.Scenes if ((ownerMask & (uint)PermissionMask.Transfer) == 0) perms &= ~(uint)PermissionMask.Transfer; - if ((ownerMask & RootPart.NextOwnerMask & (uint)PermissionMask.Modify) == 0) - perms &= ~((uint)PermissionMask.Modify >> 13); - if ((ownerMask & RootPart.NextOwnerMask & (uint)PermissionMask.Copy) == 0) - perms &= ~((uint)PermissionMask.Copy >> 13); - if ((ownerMask & RootPart.NextOwnerMask & (uint)PermissionMask.Transfer) == 0) - perms &= ~((uint)PermissionMask.Transfer >> 13); + // If root prim permissions are applied here, this would screw + // with in-inventory manipulation of the next owner perms + // in a major way. So, let's move this to the give itself. + // Yes. I know. Evil. +// if ((ownerMask & RootPart.NextOwnerMask & (uint)PermissionMask.Modify) == 0) +// perms &= ~((uint)PermissionMask.Modify >> 13); +// if ((ownerMask & RootPart.NextOwnerMask & (uint)PermissionMask.Copy) == 0) +// perms &= ~((uint)PermissionMask.Copy >> 13); +// if ((ownerMask & RootPart.NextOwnerMask & (uint)PermissionMask.Transfer) == 0) +// perms &= ~((uint)PermissionMask.Transfer >> 13); return perms; } -- cgit v1.1