From 8894f4ad7735fc0a37fd62c89467163f6ec503cb Mon Sep 17 00:00:00 2001 From: Melanie Date: Mon, 8 Oct 2012 01:34:32 +0200 Subject: [PATCH 1/5] Change permissions on child prim inventory items when god mode "force permissive" is used. --- OpenSim/Region/Framework/Scenes/SceneObjectGroup.cs | 8 ++++++++ OpenSim/Region/Framework/Scenes/SceneObjectPart.cs | 4 ++-- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/OpenSim/Region/Framework/Scenes/SceneObjectGroup.cs b/OpenSim/Region/Framework/Scenes/SceneObjectGroup.cs index 4798481b42..9dd66393df 100644 --- a/OpenSim/Region/Framework/Scenes/SceneObjectGroup.cs +++ b/OpenSim/Region/Framework/Scenes/SceneObjectGroup.cs @@ -3422,8 +3422,16 @@ namespace OpenSim.Region.Framework.Scenes { RootPart.UpdatePermissions(AgentID, field, localID, mask, addRemTF); + bool god = Scene.Permissions.IsGod(AgentID); + AdjustChildPrimPermissions(); + if (field == 1 && god) // Base mask was set. Update all child part inventories + { + foreach (SceneObjectPart part in Parts) + part.Inventory.ApplyGodPermissions(RootPart.BaseMask); + } + HasGroupChanged = true; // Send the group's properties to all clients once all parts are updated diff --git a/OpenSim/Region/Framework/Scenes/SceneObjectPart.cs b/OpenSim/Region/Framework/Scenes/SceneObjectPart.cs index e6ad89c415..c2d4764315 100644 --- a/OpenSim/Region/Framework/Scenes/SceneObjectPart.cs +++ b/OpenSim/Region/Framework/Scenes/SceneObjectPart.cs @@ -4460,7 +4460,7 @@ namespace OpenSim.Region.Framework.Scenes if (god) { BaseMask = ApplyMask(BaseMask, set, mask); - Inventory.ApplyGodPermissions(_baseMask); + Inventory.ApplyGodPermissions(BaseMask); } break; @@ -4479,7 +4479,7 @@ namespace OpenSim.Region.Framework.Scenes case 16: NextOwnerMask = ApplyMask(NextOwnerMask, set, mask) & baseMask; - // Prevent the client from creating no mod, no copy + // Prevent the client from creating no copy, no transfer // objects if ((NextOwnerMask & (uint)PermissionMask.Copy) == 0) NextOwnerMask |= (uint)PermissionMask.Transfer; From 01f498bfb4e011d8c291fc7e87cd207215d7032d Mon Sep 17 00:00:00 2001 From: Melanie Date: Thu, 11 Oct 2012 21:10:25 +0200 Subject: [PATCH 2/5] Remove spammy debug for IM --- .../Avatar/InstantMessage/MessageTransferModule.cs | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/OpenSim/Region/CoreModules/Avatar/InstantMessage/MessageTransferModule.cs b/OpenSim/Region/CoreModules/Avatar/InstantMessage/MessageTransferModule.cs index 0c067d7c61..e96262427e 100644 --- a/OpenSim/Region/CoreModules/Avatar/InstantMessage/MessageTransferModule.cs +++ b/OpenSim/Region/CoreModules/Avatar/InstantMessage/MessageTransferModule.cs @@ -164,8 +164,8 @@ namespace OpenSim.Region.CoreModules.Avatar.InstantMessage // try child avatar second foreach (Scene scene in m_Scenes) { - m_log.DebugFormat( - "[INSTANT MESSAGE]: Looking for child of {0} in {1}", toAgentID, scene.RegionInfo.RegionName); + //m_log.DebugFormat( + // "[INSTANT MESSAGE]: Looking for child of {0} in {1}", toAgentID, scene.RegionInfo.RegionName); ScenePresence sp = scene.GetScenePresence(toAgentID); if (sp != null) @@ -181,7 +181,7 @@ namespace OpenSim.Region.CoreModules.Avatar.InstantMessage } } - m_log.DebugFormat("[INSTANT MESSAGE]: Delivering IM to {0} via XMLRPC", im.toAgentID); + //m_log.DebugFormat("[INSTANT MESSAGE]: Delivering IM to {0} via XMLRPC", im.toAgentID); SendGridInstantMessageViaXMLRPC(im, result); } From de3ff44406943ffad5832b6b0434209a8fabc298 Mon Sep 17 00:00:00 2001 From: Melanie Date: Sun, 14 Oct 2012 17:10:26 +0200 Subject: [PATCH 3/5] Make texture sedning use only two threads to make things less harsh on bandwidth --- OpenSim/Region/ClientStack/Linden/Caps/GetTextureModule.cs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/OpenSim/Region/ClientStack/Linden/Caps/GetTextureModule.cs b/OpenSim/Region/ClientStack/Linden/Caps/GetTextureModule.cs index cc65981200..d1a158379e 100644 --- a/OpenSim/Region/ClientStack/Linden/Caps/GetTextureModule.cs +++ b/OpenSim/Region/ClientStack/Linden/Caps/GetTextureModule.cs @@ -104,9 +104,9 @@ namespace OpenSim.Region.ClientStack.Linden if (m_workerThreads == null) { - m_workerThreads = new Thread[4]; + m_workerThreads = new Thread[2]; - for (uint i = 0; i < 4; i++) + for (uint i = 0; i < 2; i++) { m_workerThreads[i] = Watchdog.StartThread(DoTextureRequests, String.Format("TextureWorkerThread{0}", i), From ce26730d4eb2e94ddb13aaa5203fef158f5ab5d9 Mon Sep 17 00:00:00 2001 From: Melanie Date: Sun, 14 Oct 2012 17:31:29 +0200 Subject: [PATCH 4/5] Allow bypassing perms dialog (console only) --- .../Region/ScriptEngine/Shared/Api/Implementation/LSL_Api.cs | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/LSL_Api.cs b/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/LSL_Api.cs index adef0e6839..82de06f3c8 100644 --- a/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/LSL_Api.cs +++ b/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/LSL_Api.cs @@ -3795,6 +3795,10 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api if (World.GetExtraSetting("auto_grant_attach_perms") == "true") implicitPerms = ScriptBaseClass.PERMISSION_ATTACH; } + if (World.GetExtraSetting("auto_grant_all_perms") == "true") + { + implicitPerms = perm; + } } if ((perm & (~implicitPerms)) == 0) // Requested only implicit perms From aba078c93f4966cf6be10fc02228323843b9249e Mon Sep 17 00:00:00 2001 From: Melanie Date: Sun, 14 Oct 2012 17:32:46 +0200 Subject: [PATCH 5/5] Fix perms when linking an object. Set root part perms to the perms of the link set to make the build floater behave consistently. Fixes permissions exploit introduced on 23 August. --- .../InstantMessage/MessageTransferModule.cs | 2 +- .../Framework/Scenes/Scene.Inventory.cs | 6 +++++ OpenSim/Region/Framework/Scenes/SceneGraph.cs | 2 ++ .../Framework/Scenes/SceneObjectGroup.cs | 7 ++++++ .../Framework/Scenes/SceneObjectPart.cs | 24 +++++++++---------- 5 files changed, 28 insertions(+), 13 deletions(-) diff --git a/OpenSim/Region/CoreModules/Avatar/InstantMessage/MessageTransferModule.cs b/OpenSim/Region/CoreModules/Avatar/InstantMessage/MessageTransferModule.cs index e96262427e..edd970797c 100644 --- a/OpenSim/Region/CoreModules/Avatar/InstantMessage/MessageTransferModule.cs +++ b/OpenSim/Region/CoreModules/Avatar/InstantMessage/MessageTransferModule.cs @@ -181,7 +181,7 @@ namespace OpenSim.Region.CoreModules.Avatar.InstantMessage } } - //m_log.DebugFormat("[INSTANT MESSAGE]: Delivering IM to {0} via XMLRPC", im.toAgentID); + m_log.DebugFormat("[INSTANT MESSAGE]: Delivering IM to {0} via XMLRPC", im.toAgentID); SendGridInstantMessageViaXMLRPC(im, result); } diff --git a/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs b/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs index dd9210fd55..ff8589a32a 100644 --- a/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs +++ b/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs @@ -2503,6 +2503,12 @@ namespace OpenSim.Region.Framework.Scenes } m_sceneGraph.LinkObjects(root, children); + + ScenePresence sp; + if (TryGetScenePresence(agentId, out sp)) + { + root.SendPropertiesToClient(sp.ControllingClient); + } } private string PermissionString(uint permissions) diff --git a/OpenSim/Region/Framework/Scenes/SceneGraph.cs b/OpenSim/Region/Framework/Scenes/SceneGraph.cs index e29b2c1543..af13b46568 100644 --- a/OpenSim/Region/Framework/Scenes/SceneGraph.cs +++ b/OpenSim/Region/Framework/Scenes/SceneGraph.cs @@ -1849,6 +1849,7 @@ namespace OpenSim.Region.Framework.Scenes SceneObjectGroupsByLocalPartID[part.LocalId] = parentGroup; } + parentGroup.AdjustChildPrimPermissions(); parentGroup.HasGroupChanged = true; parentGroup.ProcessBackup(m_parentScene.SimulationDataService, true); parentGroup.ScheduleGroupForFullUpdate(); @@ -1989,6 +1990,7 @@ namespace OpenSim.Region.Framework.Scenes // return unless the root is deleted. This will remove them // from the database. They will be rewritten immediately, // minus the rows for the unlinked child prims. + g.AdjustChildPrimPermissions(); m_parentScene.SimulationDataService.RemoveObject(g.UUID, m_parentScene.RegionInfo.RegionID); g.TriggerScriptChangedEvent(Changed.LINK); g.HasGroupChanged = true; // Persist diff --git a/OpenSim/Region/Framework/Scenes/SceneObjectGroup.cs b/OpenSim/Region/Framework/Scenes/SceneObjectGroup.cs index 9dd66393df..053bfb4050 100644 --- a/OpenSim/Region/Framework/Scenes/SceneObjectGroup.cs +++ b/OpenSim/Region/Framework/Scenes/SceneObjectGroup.cs @@ -3410,11 +3410,18 @@ namespace OpenSim.Region.Framework.Scenes public void AdjustChildPrimPermissions() { + uint newOwnerMask = (uint)PermissionMask.All & 0xfffffff8; // Mask folded bits + uint foldedPerms = RootPart.OwnerMask & 3; + ForEachPart(part => { + newOwnerMask &= part.BaseMask; if (part != RootPart) part.ClonePermissions(RootPart); }); + + RootPart.OwnerMask = newOwnerMask | foldedPerms; + RootPart.ScheduleFullUpdate(); } public void UpdatePermissions(UUID AgentID, byte field, uint localID, diff --git a/OpenSim/Region/Framework/Scenes/SceneObjectPart.cs b/OpenSim/Region/Framework/Scenes/SceneObjectPart.cs index c2d4764315..3274cbd599 100644 --- a/OpenSim/Region/Framework/Scenes/SceneObjectPart.cs +++ b/OpenSim/Region/Framework/Scenes/SceneObjectPart.cs @@ -4497,20 +4497,20 @@ namespace OpenSim.Region.Framework.Scenes { bool update = false; - if (BaseMask != source.BaseMask || - OwnerMask != source.OwnerMask || - GroupMask != source.GroupMask || - EveryoneMask != source.EveryoneMask || - NextOwnerMask != source.NextOwnerMask) - update = true; + uint prevOwnerMask = OwnerMask; + uint prevGroupMask = GroupMask; + uint prevEveryoneMask = EveryoneMask; + uint prevNextOwnerMask = NextOwnerMask; - BaseMask = source.BaseMask; - OwnerMask = source.OwnerMask; - GroupMask = source.GroupMask; - EveryoneMask = source.EveryoneMask; - NextOwnerMask = source.NextOwnerMask; + OwnerMask = source.OwnerMask & BaseMask; + GroupMask = source.GroupMask & BaseMask; + EveryoneMask = source.EveryoneMask & BaseMask; + NextOwnerMask = source.NextOwnerMask & BaseMask; - if (update) + if (OwnerMask != prevOwnerMask || + GroupMask != prevGroupMask || + EveryoneMask != prevEveryoneMask || + NextOwnerMask != prevNextOwnerMask) SendFullUpdateToAllClients(); }