Fixes Mantis #3793 . Committing thomax/Snoopy's patch to allow deeding of objects, with changes:

- Set OwnerID = GroupID for deeded objects.
- Close a security loophole that would have allowed a user with deed rights in a group to deed ANY object to that group, even if it's not owned by them and/or not set to that group
- Set LastOwnerID correctly. Handle objects vs. prims correctly.
0.6.6-post-fixes
Melanie Thielker 2009-06-14 21:44:34 +00:00
parent 8d0eb3307f
commit 664dd58cd9
7 changed files with 107 additions and 74 deletions

View File

@ -39,7 +39,7 @@ namespace OpenSim.Data.MSSQL
/// <summary>
/// A MSSQL Interface for the Asset server
/// </summary>
internal class MSSQLAssetData : AssetDataBase
public class MSSQLAssetData : AssetDataBase
{
private const string _migrationStore = "AssetStore";

View File

@ -124,16 +124,11 @@ namespace OpenSim.Data.MSSQL
}
else if (_FieldMap[name].GetValue(es) is UUID)
{
// UUID uuid;
// UUID.TryParse(reader[name].ToString(), out uuid);
_FieldMap[name].SetValue(es, new UUID((Guid) reader[name])); // uuid);
}
else
{
es.EstateID = Convert.ToUInt32(reader["EstateID"].ToString());
//Problems converting a Int32 to a UInt32
//_FieldMap[name].SetValue(es, reader["EstateID"]);
}
}
}
@ -163,28 +158,7 @@ namespace OpenSim.Data.MSSQL
foreach (string name in names)
{
insertCommand.Parameters.Add(_Database.CreateParameter("@" + name, _FieldMap[name].GetValue(es)));
// if (_FieldMap[name].GetValue(es) is bool)
// {
// SqlParameter tempBool = new SqlParameter("@" + name, SqlDbType.Bit);
//
// if ((bool) _FieldMap[name].GetValue(es))
// tempBool.Value = 1;
// else
// tempBool.Value = 0;
//
// insertCommand.Parameters.Add(tempBool);
// }
// else
// {
// //cmd.Parameters.AddWithValue("@" + name, _FieldMap[name].GetValue(es));
// SqlParameter tempPar = new SqlParameter("@" + name,
// _Database.DbtypeFromType(_FieldMap[name].FieldType));
// tempPar.Value = _FieldMap[name].GetValue(es).ToString();
//
// insertCommand.Parameters.Add(tempPar);
// }
}
// insertCommand.Parameters.Add(_Database.CreateParameter("@ID", es.EstateID, true));
SqlParameter idParameter = new SqlParameter("@ID", SqlDbType.Int);
idParameter.Direction = ParameterDirection.Output;
insertCommand.Parameters.Add(idParameter);
@ -211,7 +185,6 @@ namespace OpenSim.Data.MSSQL
}
// Munge and transfer the ban list
//
sql = string.Format("insert into estateban select {0}, bannedUUID, bannedIp, bannedIpHostMask, '' from regionban where regionban.regionUUID = @UUID", es.EstateID);
using (AutoClosingSqlCommand cmd = _Database.Query(sql))
@ -253,7 +226,7 @@ namespace OpenSim.Data.MSSQL
names.Remove("EstateID");
string sql = string.Format("UPDATE estate_settings SET ") ; // ({0}) values ( @{1}) WHERE EstateID = @EstateID", String.Join(",", names.ToArray()), String.Join(", @", names.ToArray()));
string sql = string.Format("UPDATE estate_settings SET ") ;
foreach (string name in names)
{
sql += name + " = @" + name + ", ";
@ -266,33 +239,9 @@ namespace OpenSim.Data.MSSQL
foreach (string name in names)
{
cmd.Parameters.Add(_Database.CreateParameter("@" + name, _FieldMap[name].GetValue(es)));
// if (_FieldMap[name].GetValue(es) is bool)
// {
// SqlParameter tempBool = new SqlParameter("@" + name, SqlDbType.Bit);
//
// if ((bool)_FieldMap[name].GetValue(es))
// tempBool.Value = 1;
// else
// tempBool.Value = 0;
//
// cmd.Parameters.Add(tempBool);
// }
// else
// {
// //cmd.Parameters.AddWithValue("@" + name, _FieldMap[name].GetValue(es));
// SqlParameter tempPar = new SqlParameter("@" + name,
// _Database.DbtypeFromType(_FieldMap[name].FieldType));
// tempPar.Value = _FieldMap[name].GetValue(es).ToString();
//
// cmd.Parameters.Add(tempPar);
// }
}
cmd.Parameters.Add(_Database.CreateParameter("@EstateID", es.EstateID));
// SqlParameter idParameter = new SqlParameter("@EstateID", SqlDbType.Int);
// idParameter.Value = es.EstateID;
// cmd.Parameters.Add(idParameter);
cmd.ExecuteNonQuery();
}
@ -329,9 +278,6 @@ namespace OpenSim.Data.MSSQL
{
EstateBan eb = new EstateBan();
// UUID uuid;
// UUID.TryParse(reader["bannedUUID"].ToString(), out uuid);
eb.BannedUserID = new UUID((Guid)reader["bannedUUID"]); //uuid;
eb.BannedHostAddress = "0.0.0.0";
eb.BannedHostIPMask = "0.0.0.0";
@ -355,11 +301,6 @@ namespace OpenSim.Data.MSSQL
{
while (reader.Read())
{
// EstateBan eb = new EstateBan();
// UUID uuid;
// UUID.TryParse(reader["uuid"].ToString(), out uuid);
uuids.Add(new UUID((Guid)reader["uuid"])); //uuid);
}
}

View File

@ -317,7 +317,7 @@ IF EXISTS (SELECT UUID FROM prims WHERE UUID = @UUID)
CameraAtOffsetY = @CameraAtOffsetY, CameraAtOffsetZ = @CameraAtOffsetZ, ForceMouselook = @ForceMouselook,
ScriptAccessPin = @ScriptAccessPin, AllowedDrop = @AllowedDrop, DieAtEdge = @DieAtEdge, SalePrice = @SalePrice,
SaleType = @SaleType, ColorR = @ColorR, ColorG = @ColorG, ColorB = @ColorB, ColorA = @ColorA, ParticleSystem = @ParticleSystem,
ClickAction = @ClickAction, Material = @Material, CollisionSound = @CollisionSound, CollisionSoundVolume = @CollisionSoundVolume,
ClickAction = @ClickAction, Material = @Material, CollisionSound = @CollisionSound, CollisionSoundVolume = @CollisionSoundVolume, PassTouches = @PassTouches,
LinkNumber = @LinkNumber
WHERE UUID = @UUID
END
@ -333,7 +333,7 @@ ELSE
PayPrice, PayButton1, PayButton2, PayButton3, PayButton4, LoopedSound, LoopedSoundGain, TextureAnimation, OmegaX,
OmegaY, OmegaZ, CameraEyeOffsetX, CameraEyeOffsetY, CameraEyeOffsetZ, CameraAtOffsetX, CameraAtOffsetY, CameraAtOffsetZ,
ForceMouselook, ScriptAccessPin, AllowedDrop, DieAtEdge, SalePrice, SaleType, ColorR, ColorG, ColorB, ColorA,
ParticleSystem, ClickAction, Material, CollisionSound, CollisionSoundVolume, LinkNumber
ParticleSystem, ClickAction, Material, CollisionSound, CollisionSoundVolume, PassTouches, LinkNumber
) VALUES (
@UUID, @CreationDate, @Name, @Text, @Description, @SitName, @TouchName, @ObjectFlags, @OwnerMask, @NextOwnerMask, @GroupMask,
@EveryoneMask, @BaseMask, @PositionX, @PositionY, @PositionZ, @GroupPositionX, @GroupPositionY, @GroupPositionZ, @VelocityX,
@ -343,7 +343,7 @@ ELSE
@PayPrice, @PayButton1, @PayButton2, @PayButton3, @PayButton4, @LoopedSound, @LoopedSoundGain, @TextureAnimation, @OmegaX,
@OmegaY, @OmegaZ, @CameraEyeOffsetX, @CameraEyeOffsetY, @CameraEyeOffsetZ, @CameraAtOffsetX, @CameraAtOffsetY, @CameraAtOffsetZ,
@ForceMouselook, @ScriptAccessPin, @AllowedDrop, @DieAtEdge, @SalePrice, @SaleType, @ColorR, @ColorG, @ColorB, @ColorA,
@ParticleSystem, @ClickAction, @Material, @CollisionSound, @CollisionSoundVolume, @LinkNumber
@ParticleSystem, @ClickAction, @Material, @CollisionSound, @CollisionSoundVolume, @PassTouches, @LinkNumber
)
END";
@ -723,7 +723,8 @@ VALUES
,[elevation_1_ne] = @elevation_1_ne ,[elevation_2_ne] = @elevation_2_ne ,[elevation_1_se] = @elevation_1_se ,[elevation_2_se] = @elevation_2_se
,[elevation_1_sw] = @elevation_1_sw ,[elevation_2_sw] = @elevation_2_sw ,[water_height] = @water_height ,[terrain_raise_limit] = @terrain_raise_limit
,[terrain_lower_limit] = @terrain_lower_limit ,[use_estate_sun] = @use_estate_sun ,[fixed_sun] = @fixed_sun ,[sun_position] = @sun_position
,[covenant] = @covenant , [sunvectorx] = @sunvectorx, [sunvectory] = @sunvectory, [sunvectorz] = @sunvectorz, [Sandbox] = @Sandbox WHERE [regionUUID] = @regionUUID";
,[covenant] = @covenant , [sunvectorx] = @sunvectorx, [sunvectory] = @sunvectory, [sunvectorz] = @sunvectorz, [Sandbox] = @Sandbox, [loaded_creation_date] = @loaded_creation_date, [loaded_creation_time] = @loaded_creation_time, [loaded_creation_id] = @loaded_creation_id
WHERE [regionUUID] = @regionUUID";
using (AutoClosingSqlCommand cmd = _Database.Query(sql))
{
@ -776,13 +777,14 @@ VALUES
[block_show_in_search],[agent_limit],[object_bonus],[maturity],[disable_scripts],[disable_collisions],[disable_physics],
[terrain_texture_1],[terrain_texture_2],[terrain_texture_3],[terrain_texture_4],[elevation_1_nw],[elevation_2_nw],[elevation_1_ne],
[elevation_2_ne],[elevation_1_se],[elevation_2_se],[elevation_1_sw],[elevation_2_sw],[water_height],[terrain_raise_limit],
[terrain_lower_limit],[use_estate_sun],[fixed_sun],[sun_position],[covenant],[sunvectorx], [sunvectory], [sunvectorz],[Sandbox])
[terrain_lower_limit],[use_estate_sun],[fixed_sun],[sun_position],[covenant],[sunvectorx], [sunvectory], [sunvectorz],[Sandbox], [loaded_creation_date], [loaded_creation_time], [loaded_creation_id]
)
VALUES
(@regionUUID,@block_terraform,@block_fly,@allow_damage,@restrict_pushing,@allow_land_resell,@allow_land_join_divide,
@block_show_in_search,@agent_limit,@object_bonus,@maturity,@disable_scripts,@disable_collisions,@disable_physics,
@terrain_texture_1,@terrain_texture_2,@terrain_texture_3,@terrain_texture_4,@elevation_1_nw,@elevation_2_nw,@elevation_1_ne,
@elevation_2_ne,@elevation_1_se,@elevation_2_se,@elevation_1_sw,@elevation_2_sw,@water_height,@terrain_raise_limit,
@terrain_lower_limit,@use_estate_sun,@fixed_sun,@sun_position,@covenant,@sunvectorx,@sunvectory, @sunvectorz, @Sandbox)";
@terrain_lower_limit,@use_estate_sun,@fixed_sun,@sun_position,@covenant,@sunvectorx,@sunvectory, @sunvectorz, @Sandbox, @loaded_creation_date, @loaded_creation_time, @loaded_creation_id )";
using (AutoClosingSqlCommand cmd = _Database.Query(sql))
{
@ -843,6 +845,20 @@ VALUES
);
newSettings.Covenant = new UUID((Guid)row["covenant"]);
if (row["loaded_creation_date"] is DBNull)
newSettings.LoadedCreationDate = "";
else
newSettings.LoadedCreationDate = (String)row["loaded_creation_date"];
if (row["loaded_creation_time"] is DBNull)
newSettings.LoadedCreationTime = "";
else
newSettings.LoadedCreationTime = (String)row["loaded_creation_time"];
if (row["loaded_creation_id"] is DBNull)
newSettings.LoadedCreationID = "";
else
newSettings.LoadedCreationID = (String)row["loaded_creation_id"];
return newSettings;
}
@ -1064,7 +1080,8 @@ VALUES
prim.CollisionSound = new UUID((Guid)primRow["CollisionSound"]);
prim.CollisionSoundVolume = Convert.ToSingle(primRow["CollisionSoundVolume"]);
if (Convert.ToInt16(primRow["PassTouches"]) != 0)
prim.PassTouches = true;
prim.LinkNum = Convert.ToInt32(primRow["LinkNumber"]);
return prim;
@ -1240,6 +1257,9 @@ VALUES
parameters.Add(_Database.CreateParameter("sunvectory", settings.SunVector.Y));
parameters.Add(_Database.CreateParameter("sunvectorz", settings.SunVector.Z));
parameters.Add(_Database.CreateParameter("covenant", settings.Covenant));
parameters.Add(_Database.CreateParameter("LoadedCreationDate", settings.LoadedCreationDate));
parameters.Add(_Database.CreateParameter("LoadedCreationTime", settings.LoadedCreationTime));
parameters.Add(_Database.CreateParameter("LoadedCreationID", settings.LoadedCreationID));
return parameters.ToArray();
}
@ -1442,6 +1462,10 @@ VALUES
parameters.Add(_Database.CreateParameter("CollisionSound", prim.CollisionSound));
parameters.Add(_Database.CreateParameter("CollisionSoundVolume", prim.CollisionSoundVolume));
if (prim.PassTouches)
parameters.Add(_Database.CreateParameter("PassTouches", 1));
else
parameters.Add(_Database.CreateParameter("PassTouches", 0));
parameters.Add(_Database.CreateParameter("LinkNumber", prim.LinkNum));
return parameters.ToArray();

View File

@ -1125,6 +1125,10 @@ ELSE
retval.ID = new UUID((Guid)reader["UUID"]);
retval.FirstName = (string)reader["username"];
retval.SurName = (string)reader["lastname"];
if (reader.IsDBNull(reader.GetOrdinal("email")))
retval.Email = "";
else
retval.Email = (string)reader["email"];
retval.PasswordHash = (string)reader["passwordHash"];
retval.PasswordSalt = (string)reader["passwordSalt"];

View File

@ -184,6 +184,7 @@ namespace OpenSim.Region.CoreModules.World.Permissions
m_scene.Permissions.OnAbandonParcel += CanAbandonParcel;
m_scene.Permissions.OnReclaimParcel += CanReclaimParcel;
m_scene.Permissions.OnDeedParcel += CanDeedParcel;
m_scene.Permissions.OnDeedObject += CanDeedObject;
m_scene.Permissions.OnIsGod += IsGod;
m_scene.Permissions.OnDuplicateObject += CanDuplicateObject;
m_scene.Permissions.OnDeleteObject += CanDeleteObject; //MAYBE FULLY IMPLEMENTED
@ -818,6 +819,20 @@ namespace OpenSim.Region.CoreModules.World.Permissions
return GenericParcelOwnerPermission(user, parcel, (ulong)GroupPowers.LandDeed);
}
private bool CanDeedObject(UUID user, UUID group, Scene scene)
{
DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
if (m_bypassPermissions) return m_bypassPermissionsValue;
ScenePresence sp = scene.GetScenePresence(user);
IClientAPI client = sp.ControllingClient;
if((client.GetGroupPowers(group) & (ulong)GroupPowers.DeedObject) == 0)
return false;
return true;
}
private bool IsGod(UUID user, Scene scene)
{
DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
@ -846,7 +861,7 @@ namespace OpenSim.Region.CoreModules.World.Permissions
if (part.GroupID != UUID.Zero)
{
if ((part.OwnerID == UUID.Zero) && ((owner != part.LastOwnerID) || ((part.GroupMask & PERM_TRANS) == 0)))
if ((part.OwnerID == part.GroupID) && ((owner != part.LastOwnerID) || ((part.GroupMask & PERM_TRANS) == 0)))
return false;
if ((part.GroupMask & PERM_COPY) == 0)

View File

@ -2682,16 +2682,48 @@ namespace OpenSim.Region.Framework.Scenes
void ObjectOwner(IClientAPI remoteClient, UUID ownerID, UUID groupID, List<uint> localIDs)
{
if (!Permissions.IsGod(remoteClient.AgentId))
return;
{
if (ownerID != UUID.Zero)
return;
if (!Permissions.CanDeedObject(remoteClient.AgentId, groupID))
return;
}
List<SceneObjectGroup> groups = new List<SceneObjectGroup>();
foreach (uint localID in localIDs)
{
SceneObjectPart part = GetSceneObjectPart(localID);
if (part != null && part.ParentGroup != null)
if (!groups.Contains(part.ParentGroup))
groups.Add(part.ParentGroup);
}
foreach (SceneObjectGroup sog in groups)
{
if (ownerID != null)
{
part.ParentGroup.SetOwnerId(ownerID);
part.Inventory.ChangeInventoryOwner(ownerID);
part.ParentGroup.SetGroup(groupID, remoteClient);
sog.SetOwnerId(ownerID);
sog.SetGroup(groupID, remoteClient);
foreach (SceneObjectPart child in sog.Children.Values)
child.Inventory.ChangeInventoryOwner(ownerID);
}
else
{
if (!Permissions.CanEditObject(sog.UUID, remoteClient.AgentId))
continue;
if (sog.GroupID != groupID)
continue;
foreach (SceneObjectPart child in sog.Children.Values)
{
child.LastOwnerID = child.OwnerID;
child.Inventory.ChangeInventoryOwner(groupID);
}
sog.SetOwnerId(groupID);
}
}
}

View File

@ -69,6 +69,7 @@ namespace OpenSim.Region.Framework.Scenes
public delegate bool AbandonParcelHandler(UUID user, ILandObject parcel, Scene scene);
public delegate bool ReclaimParcelHandler(UUID user, ILandObject parcel, Scene scene);
public delegate bool DeedParcelHandler(UUID user, ILandObject parcel, Scene scene);
public delegate bool DeedObjectHandler(UUID user, UUID group, Scene scene);
public delegate bool BuyLandHandler(UUID user, ILandObject parcel, Scene scene);
public delegate bool LinkObjectHandler(UUID user, UUID objectID);
public delegate bool DelinkObjectHandler(UUID user, UUID objectID);
@ -127,6 +128,7 @@ namespace OpenSim.Region.Framework.Scenes
public event AbandonParcelHandler OnAbandonParcel;
public event ReclaimParcelHandler OnReclaimParcel;
public event DeedParcelHandler OnDeedParcel;
public event DeedObjectHandler OnDeedObject;
public event BuyLandHandler OnBuyLand;
public event LinkObjectHandler OnLinkObject;
public event DelinkObjectHandler OnDelinkObject;
@ -735,6 +737,21 @@ namespace OpenSim.Region.Framework.Scenes
return true;
}
public bool CanDeedObject(UUID user, UUID group)
{
DeedObjectHandler handler = OnDeedObject;
if (handler != null)
{
Delegate[] list = handler.GetInvocationList();
foreach (DeedObjectHandler h in list)
{
if (h(user, group, m_scene) == false)
return false;
}
}
return true;
}
public bool CanBuyLand(UUID user, ILandObject parcel)
{
BuyLandHandler handler = OnBuyLand;