From 664dd58cd9a8318c14fc3e3a3950c3e29cf97ba8 Mon Sep 17 00:00:00 2001
From: Melanie Thielker
Date: Sun, 14 Jun 2009 21:44:34 +0000
Subject: Fixes Mantis #3793 . Committing thomax/Snoopy's patch to allow
deeding of objects, with changes: - Set OwnerID = GroupID for deeded objects.
- Close a security loophole that would have allowed a user with deed rights
in a group to deed ANY object to that group, even if it's not owned by them
and/or not set to that group - Set LastOwnerID correctly. Handle objects vs.
prims correctly.
---
OpenSim/Data/MSSQL/MSSQLAssetData.cs | 2 +-
OpenSim/Data/MSSQL/MSSQLEstateData.cs | 61 +---------------------
OpenSim/Data/MSSQL/MSSQLRegionData.cs | 38 +++++++++++---
OpenSim/Data/MSSQL/MSSQLUserData.cs | 4 ++
.../World/Permissions/PermissionsModule.cs | 17 +++++-
OpenSim/Region/Framework/Scenes/Scene.Inventory.cs | 42 +++++++++++++--
.../Region/Framework/Scenes/Scene.Permissions.cs | 17 ++++++
7 files changed, 107 insertions(+), 74 deletions(-)
(limited to 'OpenSim')
diff --git a/OpenSim/Data/MSSQL/MSSQLAssetData.cs b/OpenSim/Data/MSSQL/MSSQLAssetData.cs
index 69474b1..ba2b816 100644
--- a/OpenSim/Data/MSSQL/MSSQLAssetData.cs
+++ b/OpenSim/Data/MSSQL/MSSQLAssetData.cs
@@ -39,7 +39,7 @@ namespace OpenSim.Data.MSSQL
///
/// A MSSQL Interface for the Asset server
///
- internal class MSSQLAssetData : AssetDataBase
+ public class MSSQLAssetData : AssetDataBase
{
private const string _migrationStore = "AssetStore";
diff --git a/OpenSim/Data/MSSQL/MSSQLEstateData.cs b/OpenSim/Data/MSSQL/MSSQLEstateData.cs
index 29aa2c0..c0c6349 100644
--- a/OpenSim/Data/MSSQL/MSSQLEstateData.cs
+++ b/OpenSim/Data/MSSQL/MSSQLEstateData.cs
@@ -124,16 +124,11 @@ namespace OpenSim.Data.MSSQL
}
else if (_FieldMap[name].GetValue(es) is UUID)
{
-// UUID uuid;
-// UUID.TryParse(reader[name].ToString(), out uuid);
-
_FieldMap[name].SetValue(es, new UUID((Guid) reader[name])); // uuid);
}
else
{
es.EstateID = Convert.ToUInt32(reader["EstateID"].ToString());
- //Problems converting a Int32 to a UInt32
- //_FieldMap[name].SetValue(es, reader["EstateID"]);
}
}
}
@@ -163,28 +158,7 @@ namespace OpenSim.Data.MSSQL
foreach (string name in names)
{
insertCommand.Parameters.Add(_Database.CreateParameter("@" + name, _FieldMap[name].GetValue(es)));
-// if (_FieldMap[name].GetValue(es) is bool)
-// {
-// SqlParameter tempBool = new SqlParameter("@" + name, SqlDbType.Bit);
-//
-// if ((bool) _FieldMap[name].GetValue(es))
-// tempBool.Value = 1;
-// else
-// tempBool.Value = 0;
-//
-// insertCommand.Parameters.Add(tempBool);
-// }
-// else
-// {
-// //cmd.Parameters.AddWithValue("@" + name, _FieldMap[name].GetValue(es));
-// SqlParameter tempPar = new SqlParameter("@" + name,
-// _Database.DbtypeFromType(_FieldMap[name].FieldType));
-// tempPar.Value = _FieldMap[name].GetValue(es).ToString();
-//
-// insertCommand.Parameters.Add(tempPar);
-// }
}
-// insertCommand.Parameters.Add(_Database.CreateParameter("@ID", es.EstateID, true));
SqlParameter idParameter = new SqlParameter("@ID", SqlDbType.Int);
idParameter.Direction = ParameterDirection.Output;
insertCommand.Parameters.Add(idParameter);
@@ -211,7 +185,6 @@ namespace OpenSim.Data.MSSQL
}
// Munge and transfer the ban list
- //
sql = string.Format("insert into estateban select {0}, bannedUUID, bannedIp, bannedIpHostMask, '' from regionban where regionban.regionUUID = @UUID", es.EstateID);
using (AutoClosingSqlCommand cmd = _Database.Query(sql))
@@ -253,7 +226,7 @@ namespace OpenSim.Data.MSSQL
names.Remove("EstateID");
- string sql = string.Format("UPDATE estate_settings SET ") ; // ({0}) values ( @{1}) WHERE EstateID = @EstateID", String.Join(",", names.ToArray()), String.Join(", @", names.ToArray()));
+ string sql = string.Format("UPDATE estate_settings SET ") ;
foreach (string name in names)
{
sql += name + " = @" + name + ", ";
@@ -266,33 +239,9 @@ namespace OpenSim.Data.MSSQL
foreach (string name in names)
{
cmd.Parameters.Add(_Database.CreateParameter("@" + name, _FieldMap[name].GetValue(es)));
-// if (_FieldMap[name].GetValue(es) is bool)
-// {
-// SqlParameter tempBool = new SqlParameter("@" + name, SqlDbType.Bit);
-//
-// if ((bool)_FieldMap[name].GetValue(es))
-// tempBool.Value = 1;
-// else
-// tempBool.Value = 0;
-//
-// cmd.Parameters.Add(tempBool);
-// }
-// else
-// {
-// //cmd.Parameters.AddWithValue("@" + name, _FieldMap[name].GetValue(es));
-// SqlParameter tempPar = new SqlParameter("@" + name,
-// _Database.DbtypeFromType(_FieldMap[name].FieldType));
-// tempPar.Value = _FieldMap[name].GetValue(es).ToString();
-//
-// cmd.Parameters.Add(tempPar);
-// }
}
cmd.Parameters.Add(_Database.CreateParameter("@EstateID", es.EstateID));
-// SqlParameter idParameter = new SqlParameter("@EstateID", SqlDbType.Int);
-// idParameter.Value = es.EstateID;
-// cmd.Parameters.Add(idParameter);
-
cmd.ExecuteNonQuery();
}
@@ -329,9 +278,6 @@ namespace OpenSim.Data.MSSQL
{
EstateBan eb = new EstateBan();
-// UUID uuid;
-// UUID.TryParse(reader["bannedUUID"].ToString(), out uuid);
-
eb.BannedUserID = new UUID((Guid)reader["bannedUUID"]); //uuid;
eb.BannedHostAddress = "0.0.0.0";
eb.BannedHostIPMask = "0.0.0.0";
@@ -355,11 +301,6 @@ namespace OpenSim.Data.MSSQL
{
while (reader.Read())
{
- // EstateBan eb = new EstateBan();
-
-// UUID uuid;
-// UUID.TryParse(reader["uuid"].ToString(), out uuid);
-
uuids.Add(new UUID((Guid)reader["uuid"])); //uuid);
}
}
diff --git a/OpenSim/Data/MSSQL/MSSQLRegionData.cs b/OpenSim/Data/MSSQL/MSSQLRegionData.cs
index a171853..bd7a281 100644
--- a/OpenSim/Data/MSSQL/MSSQLRegionData.cs
+++ b/OpenSim/Data/MSSQL/MSSQLRegionData.cs
@@ -317,7 +317,7 @@ IF EXISTS (SELECT UUID FROM prims WHERE UUID = @UUID)
CameraAtOffsetY = @CameraAtOffsetY, CameraAtOffsetZ = @CameraAtOffsetZ, ForceMouselook = @ForceMouselook,
ScriptAccessPin = @ScriptAccessPin, AllowedDrop = @AllowedDrop, DieAtEdge = @DieAtEdge, SalePrice = @SalePrice,
SaleType = @SaleType, ColorR = @ColorR, ColorG = @ColorG, ColorB = @ColorB, ColorA = @ColorA, ParticleSystem = @ParticleSystem,
- ClickAction = @ClickAction, Material = @Material, CollisionSound = @CollisionSound, CollisionSoundVolume = @CollisionSoundVolume,
+ ClickAction = @ClickAction, Material = @Material, CollisionSound = @CollisionSound, CollisionSoundVolume = @CollisionSoundVolume, PassTouches = @PassTouches,
LinkNumber = @LinkNumber
WHERE UUID = @UUID
END
@@ -333,7 +333,7 @@ ELSE
PayPrice, PayButton1, PayButton2, PayButton3, PayButton4, LoopedSound, LoopedSoundGain, TextureAnimation, OmegaX,
OmegaY, OmegaZ, CameraEyeOffsetX, CameraEyeOffsetY, CameraEyeOffsetZ, CameraAtOffsetX, CameraAtOffsetY, CameraAtOffsetZ,
ForceMouselook, ScriptAccessPin, AllowedDrop, DieAtEdge, SalePrice, SaleType, ColorR, ColorG, ColorB, ColorA,
- ParticleSystem, ClickAction, Material, CollisionSound, CollisionSoundVolume, LinkNumber
+ ParticleSystem, ClickAction, Material, CollisionSound, CollisionSoundVolume, PassTouches, LinkNumber
) VALUES (
@UUID, @CreationDate, @Name, @Text, @Description, @SitName, @TouchName, @ObjectFlags, @OwnerMask, @NextOwnerMask, @GroupMask,
@EveryoneMask, @BaseMask, @PositionX, @PositionY, @PositionZ, @GroupPositionX, @GroupPositionY, @GroupPositionZ, @VelocityX,
@@ -343,7 +343,7 @@ ELSE
@PayPrice, @PayButton1, @PayButton2, @PayButton3, @PayButton4, @LoopedSound, @LoopedSoundGain, @TextureAnimation, @OmegaX,
@OmegaY, @OmegaZ, @CameraEyeOffsetX, @CameraEyeOffsetY, @CameraEyeOffsetZ, @CameraAtOffsetX, @CameraAtOffsetY, @CameraAtOffsetZ,
@ForceMouselook, @ScriptAccessPin, @AllowedDrop, @DieAtEdge, @SalePrice, @SaleType, @ColorR, @ColorG, @ColorB, @ColorA,
- @ParticleSystem, @ClickAction, @Material, @CollisionSound, @CollisionSoundVolume, @LinkNumber
+ @ParticleSystem, @ClickAction, @Material, @CollisionSound, @CollisionSoundVolume, @PassTouches, @LinkNumber
)
END";
@@ -723,7 +723,8 @@ VALUES
,[elevation_1_ne] = @elevation_1_ne ,[elevation_2_ne] = @elevation_2_ne ,[elevation_1_se] = @elevation_1_se ,[elevation_2_se] = @elevation_2_se
,[elevation_1_sw] = @elevation_1_sw ,[elevation_2_sw] = @elevation_2_sw ,[water_height] = @water_height ,[terrain_raise_limit] = @terrain_raise_limit
,[terrain_lower_limit] = @terrain_lower_limit ,[use_estate_sun] = @use_estate_sun ,[fixed_sun] = @fixed_sun ,[sun_position] = @sun_position
-,[covenant] = @covenant , [sunvectorx] = @sunvectorx, [sunvectory] = @sunvectory, [sunvectorz] = @sunvectorz, [Sandbox] = @Sandbox WHERE [regionUUID] = @regionUUID";
+,[covenant] = @covenant , [sunvectorx] = @sunvectorx, [sunvectory] = @sunvectory, [sunvectorz] = @sunvectorz, [Sandbox] = @Sandbox, [loaded_creation_date] = @loaded_creation_date, [loaded_creation_time] = @loaded_creation_time, [loaded_creation_id] = @loaded_creation_id
+ WHERE [regionUUID] = @regionUUID";
using (AutoClosingSqlCommand cmd = _Database.Query(sql))
{
@@ -776,13 +777,14 @@ VALUES
[block_show_in_search],[agent_limit],[object_bonus],[maturity],[disable_scripts],[disable_collisions],[disable_physics],
[terrain_texture_1],[terrain_texture_2],[terrain_texture_3],[terrain_texture_4],[elevation_1_nw],[elevation_2_nw],[elevation_1_ne],
[elevation_2_ne],[elevation_1_se],[elevation_2_se],[elevation_1_sw],[elevation_2_sw],[water_height],[terrain_raise_limit],
- [terrain_lower_limit],[use_estate_sun],[fixed_sun],[sun_position],[covenant],[sunvectorx], [sunvectory], [sunvectorz],[Sandbox])
+ [terrain_lower_limit],[use_estate_sun],[fixed_sun],[sun_position],[covenant],[sunvectorx], [sunvectory], [sunvectorz],[Sandbox], [loaded_creation_date], [loaded_creation_time], [loaded_creation_id]
+ )
VALUES
(@regionUUID,@block_terraform,@block_fly,@allow_damage,@restrict_pushing,@allow_land_resell,@allow_land_join_divide,
@block_show_in_search,@agent_limit,@object_bonus,@maturity,@disable_scripts,@disable_collisions,@disable_physics,
@terrain_texture_1,@terrain_texture_2,@terrain_texture_3,@terrain_texture_4,@elevation_1_nw,@elevation_2_nw,@elevation_1_ne,
@elevation_2_ne,@elevation_1_se,@elevation_2_se,@elevation_1_sw,@elevation_2_sw,@water_height,@terrain_raise_limit,
- @terrain_lower_limit,@use_estate_sun,@fixed_sun,@sun_position,@covenant,@sunvectorx,@sunvectory, @sunvectorz, @Sandbox)";
+ @terrain_lower_limit,@use_estate_sun,@fixed_sun,@sun_position,@covenant,@sunvectorx,@sunvectory, @sunvectorz, @Sandbox, @loaded_creation_date, @loaded_creation_time, @loaded_creation_id )";
using (AutoClosingSqlCommand cmd = _Database.Query(sql))
{
@@ -843,6 +845,20 @@ VALUES
);
newSettings.Covenant = new UUID((Guid)row["covenant"]);
+ if (row["loaded_creation_date"] is DBNull)
+ newSettings.LoadedCreationDate = "";
+ else
+ newSettings.LoadedCreationDate = (String)row["loaded_creation_date"];
+
+ if (row["loaded_creation_time"] is DBNull)
+ newSettings.LoadedCreationTime = "";
+ else
+ newSettings.LoadedCreationTime = (String)row["loaded_creation_time"];
+
+ if (row["loaded_creation_id"] is DBNull)
+ newSettings.LoadedCreationID = "";
+ else
+ newSettings.LoadedCreationID = (String)row["loaded_creation_id"];
return newSettings;
}
@@ -1064,7 +1080,8 @@ VALUES
prim.CollisionSound = new UUID((Guid)primRow["CollisionSound"]);
prim.CollisionSoundVolume = Convert.ToSingle(primRow["CollisionSoundVolume"]);
-
+ if (Convert.ToInt16(primRow["PassTouches"]) != 0)
+ prim.PassTouches = true;
prim.LinkNum = Convert.ToInt32(primRow["LinkNumber"]);
return prim;
@@ -1240,6 +1257,9 @@ VALUES
parameters.Add(_Database.CreateParameter("sunvectory", settings.SunVector.Y));
parameters.Add(_Database.CreateParameter("sunvectorz", settings.SunVector.Z));
parameters.Add(_Database.CreateParameter("covenant", settings.Covenant));
+ parameters.Add(_Database.CreateParameter("LoadedCreationDate", settings.LoadedCreationDate));
+ parameters.Add(_Database.CreateParameter("LoadedCreationTime", settings.LoadedCreationTime));
+ parameters.Add(_Database.CreateParameter("LoadedCreationID", settings.LoadedCreationID));
return parameters.ToArray();
}
@@ -1442,6 +1462,10 @@ VALUES
parameters.Add(_Database.CreateParameter("CollisionSound", prim.CollisionSound));
parameters.Add(_Database.CreateParameter("CollisionSoundVolume", prim.CollisionSoundVolume));
+ if (prim.PassTouches)
+ parameters.Add(_Database.CreateParameter("PassTouches", 1));
+ else
+ parameters.Add(_Database.CreateParameter("PassTouches", 0));
parameters.Add(_Database.CreateParameter("LinkNumber", prim.LinkNum));
return parameters.ToArray();
diff --git a/OpenSim/Data/MSSQL/MSSQLUserData.cs b/OpenSim/Data/MSSQL/MSSQLUserData.cs
index c04dbda..6efb89d 100644
--- a/OpenSim/Data/MSSQL/MSSQLUserData.cs
+++ b/OpenSim/Data/MSSQL/MSSQLUserData.cs
@@ -1125,6 +1125,10 @@ ELSE
retval.ID = new UUID((Guid)reader["UUID"]);
retval.FirstName = (string)reader["username"];
retval.SurName = (string)reader["lastname"];
+ if (reader.IsDBNull(reader.GetOrdinal("email")))
+ retval.Email = "";
+ else
+ retval.Email = (string)reader["email"];
retval.PasswordHash = (string)reader["passwordHash"];
retval.PasswordSalt = (string)reader["passwordSalt"];
diff --git a/OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs b/OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs
index d786df8..380104d 100644
--- a/OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs
+++ b/OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs
@@ -184,6 +184,7 @@ namespace OpenSim.Region.CoreModules.World.Permissions
m_scene.Permissions.OnAbandonParcel += CanAbandonParcel;
m_scene.Permissions.OnReclaimParcel += CanReclaimParcel;
m_scene.Permissions.OnDeedParcel += CanDeedParcel;
+ m_scene.Permissions.OnDeedObject += CanDeedObject;
m_scene.Permissions.OnIsGod += IsGod;
m_scene.Permissions.OnDuplicateObject += CanDuplicateObject;
m_scene.Permissions.OnDeleteObject += CanDeleteObject; //MAYBE FULLY IMPLEMENTED
@@ -818,6 +819,20 @@ namespace OpenSim.Region.CoreModules.World.Permissions
return GenericParcelOwnerPermission(user, parcel, (ulong)GroupPowers.LandDeed);
}
+ private bool CanDeedObject(UUID user, UUID group, Scene scene)
+ {
+ DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
+ if (m_bypassPermissions) return m_bypassPermissionsValue;
+
+ ScenePresence sp = scene.GetScenePresence(user);
+ IClientAPI client = sp.ControllingClient;
+
+ if((client.GetGroupPowers(group) & (ulong)GroupPowers.DeedObject) == 0)
+ return false;
+
+ return true;
+ }
+
private bool IsGod(UUID user, Scene scene)
{
DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
@@ -846,7 +861,7 @@ namespace OpenSim.Region.CoreModules.World.Permissions
if (part.GroupID != UUID.Zero)
{
- if ((part.OwnerID == UUID.Zero) && ((owner != part.LastOwnerID) || ((part.GroupMask & PERM_TRANS) == 0)))
+ if ((part.OwnerID == part.GroupID) && ((owner != part.LastOwnerID) || ((part.GroupMask & PERM_TRANS) == 0)))
return false;
if ((part.GroupMask & PERM_COPY) == 0)
diff --git a/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs b/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs
index 8e3c688..1a40a0d 100644
--- a/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs
+++ b/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs
@@ -2682,16 +2682,48 @@ namespace OpenSim.Region.Framework.Scenes
void ObjectOwner(IClientAPI remoteClient, UUID ownerID, UUID groupID, List localIDs)
{
if (!Permissions.IsGod(remoteClient.AgentId))
- return;
+ {
+ if (ownerID != UUID.Zero)
+ return;
+
+ if (!Permissions.CanDeedObject(remoteClient.AgentId, groupID))
+ return;
+ }
+
+ List groups = new List();
foreach (uint localID in localIDs)
{
SceneObjectPart part = GetSceneObjectPart(localID);
- if (part != null && part.ParentGroup != null)
+ if (!groups.Contains(part.ParentGroup))
+ groups.Add(part.ParentGroup);
+ }
+
+ foreach (SceneObjectGroup sog in groups)
+ {
+ if (ownerID != null)
{
- part.ParentGroup.SetOwnerId(ownerID);
- part.Inventory.ChangeInventoryOwner(ownerID);
- part.ParentGroup.SetGroup(groupID, remoteClient);
+ sog.SetOwnerId(ownerID);
+ sog.SetGroup(groupID, remoteClient);
+
+ foreach (SceneObjectPart child in sog.Children.Values)
+ child.Inventory.ChangeInventoryOwner(ownerID);
+ }
+ else
+ {
+ if (!Permissions.CanEditObject(sog.UUID, remoteClient.AgentId))
+ continue;
+
+ if (sog.GroupID != groupID)
+ continue;
+
+ foreach (SceneObjectPart child in sog.Children.Values)
+ {
+ child.LastOwnerID = child.OwnerID;
+ child.Inventory.ChangeInventoryOwner(groupID);
+ }
+
+ sog.SetOwnerId(groupID);
}
}
}
diff --git a/OpenSim/Region/Framework/Scenes/Scene.Permissions.cs b/OpenSim/Region/Framework/Scenes/Scene.Permissions.cs
index d0da618..226ec15 100644
--- a/OpenSim/Region/Framework/Scenes/Scene.Permissions.cs
+++ b/OpenSim/Region/Framework/Scenes/Scene.Permissions.cs
@@ -69,6 +69,7 @@ namespace OpenSim.Region.Framework.Scenes
public delegate bool AbandonParcelHandler(UUID user, ILandObject parcel, Scene scene);
public delegate bool ReclaimParcelHandler(UUID user, ILandObject parcel, Scene scene);
public delegate bool DeedParcelHandler(UUID user, ILandObject parcel, Scene scene);
+ public delegate bool DeedObjectHandler(UUID user, UUID group, Scene scene);
public delegate bool BuyLandHandler(UUID user, ILandObject parcel, Scene scene);
public delegate bool LinkObjectHandler(UUID user, UUID objectID);
public delegate bool DelinkObjectHandler(UUID user, UUID objectID);
@@ -127,6 +128,7 @@ namespace OpenSim.Region.Framework.Scenes
public event AbandonParcelHandler OnAbandonParcel;
public event ReclaimParcelHandler OnReclaimParcel;
public event DeedParcelHandler OnDeedParcel;
+ public event DeedObjectHandler OnDeedObject;
public event BuyLandHandler OnBuyLand;
public event LinkObjectHandler OnLinkObject;
public event DelinkObjectHandler OnDelinkObject;
@@ -735,6 +737,21 @@ namespace OpenSim.Region.Framework.Scenes
return true;
}
+ public bool CanDeedObject(UUID user, UUID group)
+ {
+ DeedObjectHandler handler = OnDeedObject;
+ if (handler != null)
+ {
+ Delegate[] list = handler.GetInvocationList();
+ foreach (DeedObjectHandler h in list)
+ {
+ if (h(user, group, m_scene) == false)
+ return false;
+ }
+ }
+ return true;
+ }
+
public bool CanBuyLand(UUID user, ILandObject parcel)
{
BuyLandHandler handler = OnBuyLand;
--
cgit v1.1