OpenSim
/
OpenSimMirror
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fix: Mantis#2326: Fix: privilege escalation through attach from ground 

Fix: objects being duplicated inventory on detach. Fix: Mad jumping around of
attachments while editing. Fix: Attachments being persisted to database on
login. Fix: Attachments being persisted when changed by a script like
invisprim refresh. Fix: Attachpoint set, but not reset correctly. Fix: prevent
spurious full updates while editing attachments. Several other fixes
0.6.0-stable
Melanie Thielker 2008-10-03 21:44:33 +00:00
parent 61c17a251b
commit ab260b5d23
6 changed files with 67 additions and 59 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
OpenSim/Region/Environment/Scenes/InnerScene.cs
View File

@ -418,8 +418,18 @@ namespace OpenSim.Region.Environment.Scenes
/// <param name="rot"></param> /// <param name="rot"></param>
protected internal void AttachObject(IClientAPI remoteClient, uint objectLocalID, uint AttachmentPt, Quaternion rot) protected internal void AttachObject(IClientAPI remoteClient, uint objectLocalID, uint AttachmentPt, Quaternion rot)
{ {
// Calls attach with a Zero position // If we can't take it, we can't attach it!
//
SceneObjectPart part = m_parentScene.GetSceneObjectPart(objectLocalID);
if (part == null)
return;
if (!m_parentScene.ExternalChecks.ExternalChecksCanTakeObject(
part.UUID, remoteClient.AgentId))
return;
// Calls attach with a Zero position
//
AttachObject(remoteClient, objectLocalID, AttachmentPt, rot, Vector3.Zero); AttachObject(remoteClient, objectLocalID, AttachmentPt, rot, Vector3.Zero);
} }
@ -431,6 +441,7 @@ namespace OpenSim.Region.Environment.Scenes
(uint)(PermissionMask.Copy | PermissionMask.Move | PermissionMask.Modify | PermissionMask.Transfer), (uint)(PermissionMask.Copy | PermissionMask.Move | PermissionMask.Modify | PermissionMask.Transfer),
(uint)(PermissionMask.Copy | PermissionMask.Move | PermissionMask.Modify | PermissionMask.Transfer), (uint)(PermissionMask.Copy | PermissionMask.Move | PermissionMask.Modify | PermissionMask.Transfer),
ItemFlags, false, false, remoteClient.AgentId, true); ItemFlags, false, false, remoteClient.AgentId, true);
objatt.SetAttachmentPoint(Convert.ToByte(AttachmentPt));
if (objatt != null) if (objatt != null)
{ {
@ -514,7 +525,6 @@ namespace OpenSim.Region.Environment.Scenes
UUID newAssetID = m_parentScene.attachObjectAssetStore(remoteClient, group, remoteClient.AgentId); UUID newAssetID = m_parentScene.attachObjectAssetStore(remoteClient, group, remoteClient.AgentId);
// sets assetID so client can show asset as 'attached' in inventory // sets assetID so client can show asset as 'attached' in inventory
group.SetFromAssetID(newAssetID);
} }
group.AttachToAgent(remoteClient.AgentId, AttachmentPt, attachPos); group.AttachToAgent(remoteClient.AgentId, AttachmentPt, attachPos);
// In case it is later dropped again, don't let // In case it is later dropped again, don't let

69
OpenSim/Region/Environment/Scenes/Scene.Inventory.cs
View File

@ -1684,7 +1684,8 @@ namespace OpenSim.Region.Environment.Scenes
Queue<InventoryFolderImpl> searchfolders = new Queue<InventoryFolderImpl>(); Queue<InventoryFolderImpl> searchfolders = new Queue<InventoryFolderImpl>();
searchfolders.Enqueue(userInfo.RootFolder); searchfolders.Enqueue(userInfo.RootFolder);
UUID foundFolder = userInfo.RootFolder.ID; UUID foundFolder = UUID.Zero;
InventoryItemBase item = null;
// search through folders to find the asset. // search through folders to find the asset.
while (searchfolders.Count > 0) while (searchfolders.Count > 0)
@ -1696,6 +1697,7 @@ namespace OpenSim.Region.Environment.Scenes
{ {
if (fld.Items.ContainsKey(assetID)) if (fld.Items.ContainsKey(assetID))
{ {
item = fld.Items[assetID];
foundFolder = fld.ID; foundFolder = fld.ID;
searchfolders.Clear(); searchfolders.Clear();
break; break;
@ -1711,49 +1713,30 @@ namespace OpenSim.Region.Environment.Scenes
} }
} }
AssetBase asset = CreateAsset( if (foundFolder != UUID.Zero && item != null)
objectGroup.GetPartName(objectGroup.LocalId),
objectGroup.GetPartDescription(objectGroup.LocalId),
(sbyte)AssetType.Object,
Utils.StringToBytes(sceneObjectXml));
AssetCache.AddAsset(asset);
InventoryItemBase item = new InventoryItemBase();
item.Creator = objectGroup.RootPart.CreatorID;
item.Owner = agentID;
item.ID = assetID;
item.AssetID = asset.FullID;
item.Description = asset.Description;
item.Name = asset.Name;
item.AssetType = asset.Type;
item.InvType = (int)InventoryType.Object;
// Sticking it in root folder for now.. objects folder later?
item.Folder = foundFolder;// DeRezPacket.AgentBlock.DestinationID;
if ((agentID != objectGroup.RootPart.OwnerID) && ExternalChecks.ExternalChecksPropagatePermissions())
{ {
item.BasePermissions = objectGroup.RootPart.NextOwnerMask; AssetBase asset = CreateAsset(
item.CurrentPermissions = objectGroup.RootPart.NextOwnerMask; objectGroup.GetPartName(objectGroup.LocalId),
item.NextPermissions = objectGroup.RootPart.NextOwnerMask; objectGroup.GetPartDescription(objectGroup.LocalId),
item.EveryOnePermissions = objectGroup.RootPart.EveryoneMask & objectGroup.RootPart.NextOwnerMask; (sbyte)AssetType.Object,
} Utils.StringToBytes(sceneObjectXml));
else AssetCache.AddAsset(asset);
{
item.BasePermissions = objectGroup.GetEffectivePermissions();
item.CurrentPermissions = objectGroup.GetEffectivePermissions();
item.NextPermissions = objectGroup.RootPart.NextOwnerMask;
item.EveryOnePermissions = objectGroup.RootPart.EveryoneMask;
}
userInfo.AddItem(item); item.AssetID = asset.FullID;
item.Description = asset.Description;
item.Name = asset.Name;
item.AssetType = asset.Type;
item.InvType = (int)InventoryType.Object;
item.Folder = foundFolder;
// this gets called when the agent loggs off! userInfo.UpdateItem(item);
if (remoteClient != null)
{ // this gets called when the agent loggs off!
remoteClient.SendInventoryItemCreateUpdate(item); if (remoteClient != null)
{
remoteClient.SendInventoryItemCreateUpdate(item);
}
} }
} }
} }
} }
@ -1786,9 +1769,8 @@ namespace OpenSim.Region.Environment.Scenes
item.AssetType = asset.Type; item.AssetType = asset.Type;
item.InvType = (int)InventoryType.Object; item.InvType = (int)InventoryType.Object;
// Sticking it in root folder for now.. objects folder later? item.Folder = UUID.Zero; // Objects folder!
item.Folder = userInfo.RootFolder.ID;// DeRezPacket.AgentBlock.DestinationID;
if ((remoteClient.AgentId != objectGroup.RootPart.OwnerID) && ExternalChecks.ExternalChecksPropagatePermissions()) if ((remoteClient.AgentId != objectGroup.RootPart.OwnerID) && ExternalChecks.ExternalChecksPropagatePermissions())
{ {
item.BasePermissions = objectGroup.RootPart.NextOwnerMask; item.BasePermissions = objectGroup.RootPart.NextOwnerMask;
@ -1805,8 +1787,11 @@ namespace OpenSim.Region.Environment.Scenes
} }
item.CreationDate = Util.UnixTimeSinceEpoch(); item.CreationDate = Util.UnixTimeSinceEpoch();
grp.SetFromAssetID(item.ID);
userInfo.AddItem(item); userInfo.AddItem(item);
remoteClient.SendInventoryItemCreateUpdate(item); remoteClient.SendInventoryItemCreateUpdate(item);
return item.AssetID; return item.AssetID;
} }
return UUID.Zero; return UUID.Zero;

34
OpenSim/Region/Environment/Scenes/SceneObjectGroup.cs
View File

@ -734,16 +734,18 @@ namespace OpenSim.Region.Environment.Scenes
m_rootPart.IsAttachment = true; m_rootPart.IsAttachment = true;
m_rootPart.SetParentLocalId(avatar.LocalId); m_rootPart.SetParentLocalId(avatar.LocalId);
lock (m_parts) SetAttachmentPoint(Convert.ToByte(attachmentpoint));
{
foreach (SceneObjectPart part in m_parts.Values)
{
part.SetAttachmentPoint(attachmentpoint);
}
}
avatar.AddAttachment(this); avatar.AddAttachment(this);
m_rootPart.ScheduleFullUpdate(); // Killing it here will cause the client to deselect it
// It then reappears on the avatar, deselected
// through the full update below
//
foreach (SceneObjectPart part in m_parts.Values)
m_scene.SendKiPrimitive(part.LocalId);
IsSelected = false; // fudge....
ScheduleGroupForFullUpdate();
} }
} }
public byte GetAttachmentPoint() public byte GetAttachmentPoint()
@ -757,10 +759,7 @@ namespace OpenSim.Region.Environment.Scenes
public void ClearPartAttachmentData() public void ClearPartAttachmentData()
{ {
foreach (SceneObjectPart part in m_parts.Values) SetAttachmentPoint((Byte)0);
{
part.SetAttachmentPoint((Byte)0);
}
} }
public void DetachToGround() public void DetachToGround()
@ -775,7 +774,7 @@ namespace OpenSim.Region.Environment.Scenes
AbsolutePosition = detachedpos; AbsolutePosition = detachedpos;
m_rootPart.AttachedAvatar = UUID.Zero; m_rootPart.AttachedAvatar = UUID.Zero;
m_rootPart.SetParentLocalId(0); m_rootPart.SetParentLocalId(0);
m_rootPart.SetAttachmentPoint((byte)0); SetAttachmentPoint((byte)0);
m_rootPart.IsAttachment = false; m_rootPart.IsAttachment = false;
m_rootPart.ApplyPhysics(m_rootPart.GetEffectiveObjectFlags(), m_scene.m_physicalPrim); m_rootPart.ApplyPhysics(m_rootPart.GetEffectiveObjectFlags(), m_scene.m_physicalPrim);
HasGroupChanged = true; HasGroupChanged = true;
@ -2755,5 +2754,14 @@ namespace OpenSim.Region.Environment.Scenes
{ {
return String.Format("{0} {1} ({2})", Name, UUID, AbsolutePosition); return String.Format("{0} {1} ({2})", Name, UUID, AbsolutePosition);
} }
public void SetAttachmentPoint(byte point)
{
lock(m_parts)
{
foreach (SceneObjectPart part in m_parts.Values)
part.SetAttachmentPoint(point);
}
}
} }
} }

5
OpenSim/Region/Environment/Scenes/SceneObjectPart.cs
View File

@ -2097,6 +2097,11 @@ namespace OpenSim.Region.Environment.Scenes
/// <param name="clientFlags"></param> /// <param name="clientFlags"></param>
public void SendFullUpdateToClient(IClientAPI remoteClient, Vector3 lPos, uint clientFlags) public void SendFullUpdateToClient(IClientAPI remoteClient, Vector3 lPos, uint clientFlags)
{ {
// Suppress full updates during attachment editing
//
if (ParentGroup.IsSelected && IsAttachment)
return;
clientFlags &= ~(uint) PrimFlags.CreateSelected; clientFlags &= ~(uint) PrimFlags.CreateSelected;
if (remoteClient.AgentId == _ownerID) if (remoteClient.AgentId == _ownerID)

2
OpenSim/Region/ScriptEngine/DotNetEngine/EventManager.cs
View File

@ -244,7 +244,7 @@ namespace OpenSim.Region.ScriptEngine.DotNetEngine
int lineEnd = script.IndexOf('\n'); int lineEnd = script.IndexOf('\n');
if (lineEnd != -1) if (lineEnd > 1)
{ {
string firstline = script.Substring(0, lineEnd).Trim(); string firstline = script.Substring(0, lineEnd).Trim();

2
OpenSim/Region/ScriptEngine/XEngine/XEngine.cs
View File

@ -342,7 +342,7 @@ namespace OpenSim.Region.ScriptEngine.XEngine
int lineEnd = script.IndexOf('\n'); int lineEnd = script.IndexOf('\n');
if (lineEnd != 1) if (lineEnd > 1)
{ {
string firstline = script.Substring(0, lineEnd).Trim(); string firstline = script.Substring(0, lineEnd).Trim();