Fixes Mantis #3793 . Committing thomax/Snoopy's patch to allow deeding of objects, with changes:
- Set OwnerID = GroupID for deeded objects. - Close a security loophole that would have allowed a user with deed rights in a group to deed ANY object to that group, even if it's not owned by them and/or not set to that group - Set LastOwnerID correctly. Handle objects vs. prims correctly.0.6.6-post-fixes
parent
8d0eb3307f
commit
664dd58cd9
|
@ -39,7 +39,7 @@ namespace OpenSim.Data.MSSQL
|
|||
/// <summary>
|
||||
/// A MSSQL Interface for the Asset server
|
||||
/// </summary>
|
||||
internal class MSSQLAssetData : AssetDataBase
|
||||
public class MSSQLAssetData : AssetDataBase
|
||||
{
|
||||
private const string _migrationStore = "AssetStore";
|
||||
|
||||
|
|
|
@ -124,16 +124,11 @@ namespace OpenSim.Data.MSSQL
|
|||
}
|
||||
else if (_FieldMap[name].GetValue(es) is UUID)
|
||||
{
|
||||
// UUID uuid;
|
||||
// UUID.TryParse(reader[name].ToString(), out uuid);
|
||||
|
||||
_FieldMap[name].SetValue(es, new UUID((Guid) reader[name])); // uuid);
|
||||
}
|
||||
else
|
||||
{
|
||||
es.EstateID = Convert.ToUInt32(reader["EstateID"].ToString());
|
||||
//Problems converting a Int32 to a UInt32
|
||||
//_FieldMap[name].SetValue(es, reader["EstateID"]);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -163,28 +158,7 @@ namespace OpenSim.Data.MSSQL
|
|||
foreach (string name in names)
|
||||
{
|
||||
insertCommand.Parameters.Add(_Database.CreateParameter("@" + name, _FieldMap[name].GetValue(es)));
|
||||
// if (_FieldMap[name].GetValue(es) is bool)
|
||||
// {
|
||||
// SqlParameter tempBool = new SqlParameter("@" + name, SqlDbType.Bit);
|
||||
//
|
||||
// if ((bool) _FieldMap[name].GetValue(es))
|
||||
// tempBool.Value = 1;
|
||||
// else
|
||||
// tempBool.Value = 0;
|
||||
//
|
||||
// insertCommand.Parameters.Add(tempBool);
|
||||
// }
|
||||
// else
|
||||
// {
|
||||
// //cmd.Parameters.AddWithValue("@" + name, _FieldMap[name].GetValue(es));
|
||||
// SqlParameter tempPar = new SqlParameter("@" + name,
|
||||
// _Database.DbtypeFromType(_FieldMap[name].FieldType));
|
||||
// tempPar.Value = _FieldMap[name].GetValue(es).ToString();
|
||||
//
|
||||
// insertCommand.Parameters.Add(tempPar);
|
||||
// }
|
||||
}
|
||||
// insertCommand.Parameters.Add(_Database.CreateParameter("@ID", es.EstateID, true));
|
||||
SqlParameter idParameter = new SqlParameter("@ID", SqlDbType.Int);
|
||||
idParameter.Direction = ParameterDirection.Output;
|
||||
insertCommand.Parameters.Add(idParameter);
|
||||
|
@ -211,7 +185,6 @@ namespace OpenSim.Data.MSSQL
|
|||
}
|
||||
|
||||
// Munge and transfer the ban list
|
||||
//
|
||||
|
||||
sql = string.Format("insert into estateban select {0}, bannedUUID, bannedIp, bannedIpHostMask, '' from regionban where regionban.regionUUID = @UUID", es.EstateID);
|
||||
using (AutoClosingSqlCommand cmd = _Database.Query(sql))
|
||||
|
@ -253,7 +226,7 @@ namespace OpenSim.Data.MSSQL
|
|||
|
||||
names.Remove("EstateID");
|
||||
|
||||
string sql = string.Format("UPDATE estate_settings SET ") ; // ({0}) values ( @{1}) WHERE EstateID = @EstateID", String.Join(",", names.ToArray()), String.Join(", @", names.ToArray()));
|
||||
string sql = string.Format("UPDATE estate_settings SET ") ;
|
||||
foreach (string name in names)
|
||||
{
|
||||
sql += name + " = @" + name + ", ";
|
||||
|
@ -266,33 +239,9 @@ namespace OpenSim.Data.MSSQL
|
|||
foreach (string name in names)
|
||||
{
|
||||
cmd.Parameters.Add(_Database.CreateParameter("@" + name, _FieldMap[name].GetValue(es)));
|
||||
// if (_FieldMap[name].GetValue(es) is bool)
|
||||
// {
|
||||
// SqlParameter tempBool = new SqlParameter("@" + name, SqlDbType.Bit);
|
||||
//
|
||||
// if ((bool)_FieldMap[name].GetValue(es))
|
||||
// tempBool.Value = 1;
|
||||
// else
|
||||
// tempBool.Value = 0;
|
||||
//
|
||||
// cmd.Parameters.Add(tempBool);
|
||||
// }
|
||||
// else
|
||||
// {
|
||||
// //cmd.Parameters.AddWithValue("@" + name, _FieldMap[name].GetValue(es));
|
||||
// SqlParameter tempPar = new SqlParameter("@" + name,
|
||||
// _Database.DbtypeFromType(_FieldMap[name].FieldType));
|
||||
// tempPar.Value = _FieldMap[name].GetValue(es).ToString();
|
||||
//
|
||||
// cmd.Parameters.Add(tempPar);
|
||||
// }
|
||||
}
|
||||
|
||||
cmd.Parameters.Add(_Database.CreateParameter("@EstateID", es.EstateID));
|
||||
// SqlParameter idParameter = new SqlParameter("@EstateID", SqlDbType.Int);
|
||||
// idParameter.Value = es.EstateID;
|
||||
// cmd.Parameters.Add(idParameter);
|
||||
|
||||
cmd.ExecuteNonQuery();
|
||||
}
|
||||
|
||||
|
@ -329,9 +278,6 @@ namespace OpenSim.Data.MSSQL
|
|||
{
|
||||
EstateBan eb = new EstateBan();
|
||||
|
||||
// UUID uuid;
|
||||
// UUID.TryParse(reader["bannedUUID"].ToString(), out uuid);
|
||||
|
||||
eb.BannedUserID = new UUID((Guid)reader["bannedUUID"]); //uuid;
|
||||
eb.BannedHostAddress = "0.0.0.0";
|
||||
eb.BannedHostIPMask = "0.0.0.0";
|
||||
|
@ -355,11 +301,6 @@ namespace OpenSim.Data.MSSQL
|
|||
{
|
||||
while (reader.Read())
|
||||
{
|
||||
// EstateBan eb = new EstateBan();
|
||||
|
||||
// UUID uuid;
|
||||
// UUID.TryParse(reader["uuid"].ToString(), out uuid);
|
||||
|
||||
uuids.Add(new UUID((Guid)reader["uuid"])); //uuid);
|
||||
}
|
||||
}
|
||||
|
|
|
@ -317,7 +317,7 @@ IF EXISTS (SELECT UUID FROM prims WHERE UUID = @UUID)
|
|||
CameraAtOffsetY = @CameraAtOffsetY, CameraAtOffsetZ = @CameraAtOffsetZ, ForceMouselook = @ForceMouselook,
|
||||
ScriptAccessPin = @ScriptAccessPin, AllowedDrop = @AllowedDrop, DieAtEdge = @DieAtEdge, SalePrice = @SalePrice,
|
||||
SaleType = @SaleType, ColorR = @ColorR, ColorG = @ColorG, ColorB = @ColorB, ColorA = @ColorA, ParticleSystem = @ParticleSystem,
|
||||
ClickAction = @ClickAction, Material = @Material, CollisionSound = @CollisionSound, CollisionSoundVolume = @CollisionSoundVolume,
|
||||
ClickAction = @ClickAction, Material = @Material, CollisionSound = @CollisionSound, CollisionSoundVolume = @CollisionSoundVolume, PassTouches = @PassTouches,
|
||||
LinkNumber = @LinkNumber
|
||||
WHERE UUID = @UUID
|
||||
END
|
||||
|
@ -333,7 +333,7 @@ ELSE
|
|||
PayPrice, PayButton1, PayButton2, PayButton3, PayButton4, LoopedSound, LoopedSoundGain, TextureAnimation, OmegaX,
|
||||
OmegaY, OmegaZ, CameraEyeOffsetX, CameraEyeOffsetY, CameraEyeOffsetZ, CameraAtOffsetX, CameraAtOffsetY, CameraAtOffsetZ,
|
||||
ForceMouselook, ScriptAccessPin, AllowedDrop, DieAtEdge, SalePrice, SaleType, ColorR, ColorG, ColorB, ColorA,
|
||||
ParticleSystem, ClickAction, Material, CollisionSound, CollisionSoundVolume, LinkNumber
|
||||
ParticleSystem, ClickAction, Material, CollisionSound, CollisionSoundVolume, PassTouches, LinkNumber
|
||||
) VALUES (
|
||||
@UUID, @CreationDate, @Name, @Text, @Description, @SitName, @TouchName, @ObjectFlags, @OwnerMask, @NextOwnerMask, @GroupMask,
|
||||
@EveryoneMask, @BaseMask, @PositionX, @PositionY, @PositionZ, @GroupPositionX, @GroupPositionY, @GroupPositionZ, @VelocityX,
|
||||
|
@ -343,7 +343,7 @@ ELSE
|
|||
@PayPrice, @PayButton1, @PayButton2, @PayButton3, @PayButton4, @LoopedSound, @LoopedSoundGain, @TextureAnimation, @OmegaX,
|
||||
@OmegaY, @OmegaZ, @CameraEyeOffsetX, @CameraEyeOffsetY, @CameraEyeOffsetZ, @CameraAtOffsetX, @CameraAtOffsetY, @CameraAtOffsetZ,
|
||||
@ForceMouselook, @ScriptAccessPin, @AllowedDrop, @DieAtEdge, @SalePrice, @SaleType, @ColorR, @ColorG, @ColorB, @ColorA,
|
||||
@ParticleSystem, @ClickAction, @Material, @CollisionSound, @CollisionSoundVolume, @LinkNumber
|
||||
@ParticleSystem, @ClickAction, @Material, @CollisionSound, @CollisionSoundVolume, @PassTouches, @LinkNumber
|
||||
)
|
||||
END";
|
||||
|
||||
|
@ -723,7 +723,8 @@ VALUES
|
|||
,[elevation_1_ne] = @elevation_1_ne ,[elevation_2_ne] = @elevation_2_ne ,[elevation_1_se] = @elevation_1_se ,[elevation_2_se] = @elevation_2_se
|
||||
,[elevation_1_sw] = @elevation_1_sw ,[elevation_2_sw] = @elevation_2_sw ,[water_height] = @water_height ,[terrain_raise_limit] = @terrain_raise_limit
|
||||
,[terrain_lower_limit] = @terrain_lower_limit ,[use_estate_sun] = @use_estate_sun ,[fixed_sun] = @fixed_sun ,[sun_position] = @sun_position
|
||||
,[covenant] = @covenant , [sunvectorx] = @sunvectorx, [sunvectory] = @sunvectory, [sunvectorz] = @sunvectorz, [Sandbox] = @Sandbox WHERE [regionUUID] = @regionUUID";
|
||||
,[covenant] = @covenant , [sunvectorx] = @sunvectorx, [sunvectory] = @sunvectory, [sunvectorz] = @sunvectorz, [Sandbox] = @Sandbox, [loaded_creation_date] = @loaded_creation_date, [loaded_creation_time] = @loaded_creation_time, [loaded_creation_id] = @loaded_creation_id
|
||||
WHERE [regionUUID] = @regionUUID";
|
||||
|
||||
using (AutoClosingSqlCommand cmd = _Database.Query(sql))
|
||||
{
|
||||
|
@ -776,13 +777,14 @@ VALUES
|
|||
[block_show_in_search],[agent_limit],[object_bonus],[maturity],[disable_scripts],[disable_collisions],[disable_physics],
|
||||
[terrain_texture_1],[terrain_texture_2],[terrain_texture_3],[terrain_texture_4],[elevation_1_nw],[elevation_2_nw],[elevation_1_ne],
|
||||
[elevation_2_ne],[elevation_1_se],[elevation_2_se],[elevation_1_sw],[elevation_2_sw],[water_height],[terrain_raise_limit],
|
||||
[terrain_lower_limit],[use_estate_sun],[fixed_sun],[sun_position],[covenant],[sunvectorx], [sunvectory], [sunvectorz],[Sandbox])
|
||||
[terrain_lower_limit],[use_estate_sun],[fixed_sun],[sun_position],[covenant],[sunvectorx], [sunvectory], [sunvectorz],[Sandbox], [loaded_creation_date], [loaded_creation_time], [loaded_creation_id]
|
||||
)
|
||||
VALUES
|
||||
(@regionUUID,@block_terraform,@block_fly,@allow_damage,@restrict_pushing,@allow_land_resell,@allow_land_join_divide,
|
||||
@block_show_in_search,@agent_limit,@object_bonus,@maturity,@disable_scripts,@disable_collisions,@disable_physics,
|
||||
@terrain_texture_1,@terrain_texture_2,@terrain_texture_3,@terrain_texture_4,@elevation_1_nw,@elevation_2_nw,@elevation_1_ne,
|
||||
@elevation_2_ne,@elevation_1_se,@elevation_2_se,@elevation_1_sw,@elevation_2_sw,@water_height,@terrain_raise_limit,
|
||||
@terrain_lower_limit,@use_estate_sun,@fixed_sun,@sun_position,@covenant,@sunvectorx,@sunvectory, @sunvectorz, @Sandbox)";
|
||||
@terrain_lower_limit,@use_estate_sun,@fixed_sun,@sun_position,@covenant,@sunvectorx,@sunvectory, @sunvectorz, @Sandbox, @loaded_creation_date, @loaded_creation_time, @loaded_creation_id )";
|
||||
|
||||
using (AutoClosingSqlCommand cmd = _Database.Query(sql))
|
||||
{
|
||||
|
@ -843,6 +845,20 @@ VALUES
|
|||
);
|
||||
newSettings.Covenant = new UUID((Guid)row["covenant"]);
|
||||
|
||||
if (row["loaded_creation_date"] is DBNull)
|
||||
newSettings.LoadedCreationDate = "";
|
||||
else
|
||||
newSettings.LoadedCreationDate = (String)row["loaded_creation_date"];
|
||||
|
||||
if (row["loaded_creation_time"] is DBNull)
|
||||
newSettings.LoadedCreationTime = "";
|
||||
else
|
||||
newSettings.LoadedCreationTime = (String)row["loaded_creation_time"];
|
||||
|
||||
if (row["loaded_creation_id"] is DBNull)
|
||||
newSettings.LoadedCreationID = "";
|
||||
else
|
||||
newSettings.LoadedCreationID = (String)row["loaded_creation_id"];
|
||||
return newSettings;
|
||||
}
|
||||
|
||||
|
@ -1064,7 +1080,8 @@ VALUES
|
|||
|
||||
prim.CollisionSound = new UUID((Guid)primRow["CollisionSound"]);
|
||||
prim.CollisionSoundVolume = Convert.ToSingle(primRow["CollisionSoundVolume"]);
|
||||
|
||||
if (Convert.ToInt16(primRow["PassTouches"]) != 0)
|
||||
prim.PassTouches = true;
|
||||
prim.LinkNum = Convert.ToInt32(primRow["LinkNumber"]);
|
||||
|
||||
return prim;
|
||||
|
@ -1240,6 +1257,9 @@ VALUES
|
|||
parameters.Add(_Database.CreateParameter("sunvectory", settings.SunVector.Y));
|
||||
parameters.Add(_Database.CreateParameter("sunvectorz", settings.SunVector.Z));
|
||||
parameters.Add(_Database.CreateParameter("covenant", settings.Covenant));
|
||||
parameters.Add(_Database.CreateParameter("LoadedCreationDate", settings.LoadedCreationDate));
|
||||
parameters.Add(_Database.CreateParameter("LoadedCreationTime", settings.LoadedCreationTime));
|
||||
parameters.Add(_Database.CreateParameter("LoadedCreationID", settings.LoadedCreationID));
|
||||
|
||||
return parameters.ToArray();
|
||||
}
|
||||
|
@ -1442,6 +1462,10 @@ VALUES
|
|||
|
||||
parameters.Add(_Database.CreateParameter("CollisionSound", prim.CollisionSound));
|
||||
parameters.Add(_Database.CreateParameter("CollisionSoundVolume", prim.CollisionSoundVolume));
|
||||
if (prim.PassTouches)
|
||||
parameters.Add(_Database.CreateParameter("PassTouches", 1));
|
||||
else
|
||||
parameters.Add(_Database.CreateParameter("PassTouches", 0));
|
||||
parameters.Add(_Database.CreateParameter("LinkNumber", prim.LinkNum));
|
||||
|
||||
return parameters.ToArray();
|
||||
|
|
|
@ -1125,6 +1125,10 @@ ELSE
|
|||
retval.ID = new UUID((Guid)reader["UUID"]);
|
||||
retval.FirstName = (string)reader["username"];
|
||||
retval.SurName = (string)reader["lastname"];
|
||||
if (reader.IsDBNull(reader.GetOrdinal("email")))
|
||||
retval.Email = "";
|
||||
else
|
||||
retval.Email = (string)reader["email"];
|
||||
|
||||
retval.PasswordHash = (string)reader["passwordHash"];
|
||||
retval.PasswordSalt = (string)reader["passwordSalt"];
|
||||
|
|
|
@ -184,6 +184,7 @@ namespace OpenSim.Region.CoreModules.World.Permissions
|
|||
m_scene.Permissions.OnAbandonParcel += CanAbandonParcel;
|
||||
m_scene.Permissions.OnReclaimParcel += CanReclaimParcel;
|
||||
m_scene.Permissions.OnDeedParcel += CanDeedParcel;
|
||||
m_scene.Permissions.OnDeedObject += CanDeedObject;
|
||||
m_scene.Permissions.OnIsGod += IsGod;
|
||||
m_scene.Permissions.OnDuplicateObject += CanDuplicateObject;
|
||||
m_scene.Permissions.OnDeleteObject += CanDeleteObject; //MAYBE FULLY IMPLEMENTED
|
||||
|
@ -818,6 +819,20 @@ namespace OpenSim.Region.CoreModules.World.Permissions
|
|||
return GenericParcelOwnerPermission(user, parcel, (ulong)GroupPowers.LandDeed);
|
||||
}
|
||||
|
||||
private bool CanDeedObject(UUID user, UUID group, Scene scene)
|
||||
{
|
||||
DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
|
||||
if (m_bypassPermissions) return m_bypassPermissionsValue;
|
||||
|
||||
ScenePresence sp = scene.GetScenePresence(user);
|
||||
IClientAPI client = sp.ControllingClient;
|
||||
|
||||
if((client.GetGroupPowers(group) & (ulong)GroupPowers.DeedObject) == 0)
|
||||
return false;
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
private bool IsGod(UUID user, Scene scene)
|
||||
{
|
||||
DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
|
||||
|
@ -846,7 +861,7 @@ namespace OpenSim.Region.CoreModules.World.Permissions
|
|||
|
||||
if (part.GroupID != UUID.Zero)
|
||||
{
|
||||
if ((part.OwnerID == UUID.Zero) && ((owner != part.LastOwnerID) || ((part.GroupMask & PERM_TRANS) == 0)))
|
||||
if ((part.OwnerID == part.GroupID) && ((owner != part.LastOwnerID) || ((part.GroupMask & PERM_TRANS) == 0)))
|
||||
return false;
|
||||
|
||||
if ((part.GroupMask & PERM_COPY) == 0)
|
||||
|
|
|
@ -2682,16 +2682,48 @@ namespace OpenSim.Region.Framework.Scenes
|
|||
void ObjectOwner(IClientAPI remoteClient, UUID ownerID, UUID groupID, List<uint> localIDs)
|
||||
{
|
||||
if (!Permissions.IsGod(remoteClient.AgentId))
|
||||
{
|
||||
if (ownerID != UUID.Zero)
|
||||
return;
|
||||
|
||||
if (!Permissions.CanDeedObject(remoteClient.AgentId, groupID))
|
||||
return;
|
||||
}
|
||||
|
||||
List<SceneObjectGroup> groups = new List<SceneObjectGroup>();
|
||||
|
||||
foreach (uint localID in localIDs)
|
||||
{
|
||||
SceneObjectPart part = GetSceneObjectPart(localID);
|
||||
if (part != null && part.ParentGroup != null)
|
||||
if (!groups.Contains(part.ParentGroup))
|
||||
groups.Add(part.ParentGroup);
|
||||
}
|
||||
|
||||
foreach (SceneObjectGroup sog in groups)
|
||||
{
|
||||
part.ParentGroup.SetOwnerId(ownerID);
|
||||
part.Inventory.ChangeInventoryOwner(ownerID);
|
||||
part.ParentGroup.SetGroup(groupID, remoteClient);
|
||||
if (ownerID != null)
|
||||
{
|
||||
sog.SetOwnerId(ownerID);
|
||||
sog.SetGroup(groupID, remoteClient);
|
||||
|
||||
foreach (SceneObjectPart child in sog.Children.Values)
|
||||
child.Inventory.ChangeInventoryOwner(ownerID);
|
||||
}
|
||||
else
|
||||
{
|
||||
if (!Permissions.CanEditObject(sog.UUID, remoteClient.AgentId))
|
||||
continue;
|
||||
|
||||
if (sog.GroupID != groupID)
|
||||
continue;
|
||||
|
||||
foreach (SceneObjectPart child in sog.Children.Values)
|
||||
{
|
||||
child.LastOwnerID = child.OwnerID;
|
||||
child.Inventory.ChangeInventoryOwner(groupID);
|
||||
}
|
||||
|
||||
sog.SetOwnerId(groupID);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -69,6 +69,7 @@ namespace OpenSim.Region.Framework.Scenes
|
|||
public delegate bool AbandonParcelHandler(UUID user, ILandObject parcel, Scene scene);
|
||||
public delegate bool ReclaimParcelHandler(UUID user, ILandObject parcel, Scene scene);
|
||||
public delegate bool DeedParcelHandler(UUID user, ILandObject parcel, Scene scene);
|
||||
public delegate bool DeedObjectHandler(UUID user, UUID group, Scene scene);
|
||||
public delegate bool BuyLandHandler(UUID user, ILandObject parcel, Scene scene);
|
||||
public delegate bool LinkObjectHandler(UUID user, UUID objectID);
|
||||
public delegate bool DelinkObjectHandler(UUID user, UUID objectID);
|
||||
|
@ -127,6 +128,7 @@ namespace OpenSim.Region.Framework.Scenes
|
|||
public event AbandonParcelHandler OnAbandonParcel;
|
||||
public event ReclaimParcelHandler OnReclaimParcel;
|
||||
public event DeedParcelHandler OnDeedParcel;
|
||||
public event DeedObjectHandler OnDeedObject;
|
||||
public event BuyLandHandler OnBuyLand;
|
||||
public event LinkObjectHandler OnLinkObject;
|
||||
public event DelinkObjectHandler OnDelinkObject;
|
||||
|
@ -735,6 +737,21 @@ namespace OpenSim.Region.Framework.Scenes
|
|||
return true;
|
||||
}
|
||||
|
||||
public bool CanDeedObject(UUID user, UUID group)
|
||||
{
|
||||
DeedObjectHandler handler = OnDeedObject;
|
||||
if (handler != null)
|
||||
{
|
||||
Delegate[] list = handler.GetInvocationList();
|
||||
foreach (DeedObjectHandler h in list)
|
||||
{
|
||||
if (h(user, group, m_scene) == false)
|
||||
return false;
|
||||
}
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
public bool CanBuyLand(UUID user, ILandObject parcel)
|
||||
{
|
||||
BuyLandHandler handler = OnBuyLand;
|
||||
|
|
Loading…
Reference in New Issue