From 1ab9cd0997b30eae24b0fc609d7d8598e5a549fc Mon Sep 17 00:00:00 2001 From: Melanie Date: Sat, 8 Jan 2011 13:51:34 +0100 Subject: [PATCH 1/4] Fix a couple of security issues --- OpenSim/Region/Framework/Scenes/Scene.Inventory.cs | 3 +++ .../Framework/Scenes/SceneObjectPartInventory.cs | 12 +++++++++--- 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs b/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs index 682c36d5f1..5658f900aa 100644 --- a/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs +++ b/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs @@ -2025,6 +2025,9 @@ namespace OpenSim.Region.Framework.Scenes public void SetScriptRunning(IClientAPI controllingClient, UUID objectID, UUID itemID, bool running) { + if (!Permissions.CanEditScript(itemID, objectID, controllingClient.AgentId)) + return; + SceneObjectPart part = GetSceneObjectPart(objectID); if (part == null) return; diff --git a/OpenSim/Region/Framework/Scenes/SceneObjectPartInventory.cs b/OpenSim/Region/Framework/Scenes/SceneObjectPartInventory.cs index 970003a40b..5a39941c97 100644 --- a/OpenSim/Region/Framework/Scenes/SceneObjectPartInventory.cs +++ b/OpenSim/Region/Framework/Scenes/SceneObjectPartInventory.cs @@ -48,6 +48,7 @@ namespace OpenSim.Region.Framework.Scenes private string m_inventoryFileName = String.Empty; private byte[] m_inventoryFileData = new byte[0]; private uint m_inventoryFileNameSerial = 0; + private bool m_inventoryPrivileged = false; private Dictionary m_scriptErrors = new Dictionary(); @@ -952,6 +953,13 @@ namespace OpenSim.Region.Framework.Scenes { bool changed = CreateInventoryFileName(); + bool includeAssets = false; + if (m_part.ParentGroup.Scene.Permissions.CanEditObjectInventory(m_part.UUID, client.AgentId)) + includeAssets = true; + + if (m_inventoryPrivileged != includeAssets) + changed = true; + InventoryStringBuilder invString = new InventoryStringBuilder(m_part.UUID, UUID.Zero); Items.LockItemsForRead(true); @@ -977,9 +985,7 @@ namespace OpenSim.Region.Framework.Scenes } } - bool includeAssets = false; - if (m_part.ParentGroup.Scene.Permissions.CanEditObjectInventory(m_part.UUID, client.AgentId)) - includeAssets = true; + m_inventoryPrivileged = includeAssets; foreach (TaskInventoryItem item in m_items.Values) { From c271bbcc8af1549666f6a5299a4b9ab9cf1c86d9 Mon Sep 17 00:00:00 2001 From: Melanie Date: Sat, 8 Jan 2011 16:44:28 +0100 Subject: [PATCH 2/4] Preserve the script running flag when copying an object. --- OpenSim/Framework/TaskInventoryItem.cs | 12 +++++++ .../Framework/Interfaces/IScriptModule.cs | 2 ++ .../Scenes/SceneObjectPartInventory.cs | 34 +++++++++++++++++++ .../Region/ScriptEngine/XEngine/XEngine.cs | 12 +++++++ 4 files changed, 60 insertions(+) diff --git a/OpenSim/Framework/TaskInventoryItem.cs b/OpenSim/Framework/TaskInventoryItem.cs index 248502e28e..be2b8c80c3 100644 --- a/OpenSim/Framework/TaskInventoryItem.cs +++ b/OpenSim/Framework/TaskInventoryItem.cs @@ -124,6 +124,9 @@ namespace OpenSim.Framework private UUID _oldID = UUID.Zero; private bool _ownerChanged = false; + + // This used ONLY during copy. It can't be relied on at other times! + private bool _scriptRunning = true; public UUID AssetID { get { @@ -387,6 +390,15 @@ namespace OpenSim.Framework } } + public bool ScriptRunning { + get { + return _scriptRunning; + } + set { + _scriptRunning = value; + } + } + // See ICloneable #region ICloneable Members diff --git a/OpenSim/Region/Framework/Interfaces/IScriptModule.cs b/OpenSim/Region/Framework/Interfaces/IScriptModule.cs index fecdd1b9b8..4a3c63421a 100644 --- a/OpenSim/Region/Framework/Interfaces/IScriptModule.cs +++ b/OpenSim/Region/Framework/Interfaces/IScriptModule.cs @@ -50,5 +50,7 @@ namespace OpenSim.Region.Framework.Interfaces void ResumeScript(UUID itemID); ArrayList GetScriptErrors(UUID itemID); + + bool HasScript(UUID itemID, out bool running); } } diff --git a/OpenSim/Region/Framework/Scenes/SceneObjectPartInventory.cs b/OpenSim/Region/Framework/Scenes/SceneObjectPartInventory.cs index 5a39941c97..6c56dc30c4 100644 --- a/OpenSim/Region/Framework/Scenes/SceneObjectPartInventory.cs +++ b/OpenSim/Region/Framework/Scenes/SceneObjectPartInventory.cs @@ -94,6 +94,7 @@ namespace OpenSim.Region.Framework.Scenes { m_items = value; m_inventorySerial++; + QueryScriptStates(); } } @@ -226,6 +227,36 @@ namespace OpenSim.Region.Framework.Scenes m_items.LockItemsForWrite(false); } + private void QueryScriptStates() + { + if (m_part == null || m_part.ParentGroup == null) + return; + + IScriptModule[] engines = m_part.ParentGroup.Scene.RequestModuleInterfaces(); + if (engines == null) // No engine at all + return; + + Items.LockItemsForRead(true); + foreach (TaskInventoryItem item in Items.Values) + { + if (item.InvType == (int)InventoryType.LSL) + { + foreach (IScriptModule e in engines) + { + bool running; + + if (e.HasScript(item.ItemID, out running)) + { + item.ScriptRunning = running; + break; + } + } + } + } + + Items.LockItemsForRead(false); + } + /// /// Start all the scripts contained in this prim's inventory /// @@ -349,6 +380,9 @@ namespace OpenSim.Region.Framework.Scenes m_part.ParentGroup.Scene.EventManager.TriggerRezScript( m_part.LocalId, item.ItemID, script, startParam, postOnRez, engine, stateSource); StoreScriptErrors(item.ItemID, null); + if (!item.ScriptRunning) + m_part.ParentGroup.Scene.EventManager.TriggerStopScript( + m_part.LocalId, item.ItemID); m_part.ParentGroup.AddActiveScriptCount(1); m_part.ScheduleFullUpdate(); } diff --git a/OpenSim/Region/ScriptEngine/XEngine/XEngine.cs b/OpenSim/Region/ScriptEngine/XEngine/XEngine.cs index 35cc65b35a..6bdd4c8409 100644 --- a/OpenSim/Region/ScriptEngine/XEngine/XEngine.cs +++ b/OpenSim/Region/ScriptEngine/XEngine/XEngine.cs @@ -1695,5 +1695,17 @@ namespace OpenSim.Region.ScriptEngine.XEngine instance.Resume(); } + + public bool HasScript(UUID itemID, out bool running) + { + running = true; + + IScriptInstance instance = GetInstance(itemID); + if (instance == null) + return false; + + running = instance.Running; + return true; + } } } From 72048169c0f8aea6806f987f8ef932798f73a8aa Mon Sep 17 00:00:00 2001 From: Melanie Date: Mon, 10 Jan 2011 22:02:09 +0100 Subject: [PATCH 3/4] Taint SOGs the right way --- OpenSim/Region/Framework/Scenes/SceneObjectGroup.cs | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/OpenSim/Region/Framework/Scenes/SceneObjectGroup.cs b/OpenSim/Region/Framework/Scenes/SceneObjectGroup.cs index 304de6748e..6e0fc435b6 100644 --- a/OpenSim/Region/Framework/Scenes/SceneObjectGroup.cs +++ b/OpenSim/Region/Framework/Scenes/SceneObjectGroup.cs @@ -2857,8 +2857,12 @@ namespace OpenSim.Region.Framework.Scenes } } + RootPart.UpdatePrimFlags(UsePhysics, IsTemporary, IsPhantom, IsVolumeDetect); for (int i = 0; i < parts.Length; i++) - parts[i].UpdatePrimFlags(UsePhysics, IsTemporary, IsPhantom, IsVolumeDetect); + { + if (parts[i] != RootPart) + parts[i].UpdatePrimFlags(UsePhysics, IsTemporary, IsPhantom, IsVolumeDetect); + } } } From 2c6a410e903767a9c4f18777ec0d9fd862fe531e Mon Sep 17 00:00:00 2001 From: Melanie Date: Mon, 10 Jan 2011 22:02:22 +0100 Subject: [PATCH 4/4] Partial permissions fix for boxed items. --- .../Region/Framework/Scenes/Scene.Inventory.cs | 10 ++++++++++ .../Scenes/SceneObjectPartInventory.cs | 18 ++++++++---------- 2 files changed, 18 insertions(+), 10 deletions(-) diff --git a/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs b/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs index 5658f900aa..1f32362e69 100644 --- a/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs +++ b/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs @@ -2171,5 +2171,15 @@ namespace OpenSim.Region.Framework.Scenes m_sceneGraph.LinkObjects(root, children); } + + private string PermissionString(uint permissions) + { + PermissionMask perms = (PermissionMask)permissions & + (PermissionMask.Move | + PermissionMask.Copy | + PermissionMask.Transfer | + PermissionMask.Modify); + return perms.ToString(); + } } } diff --git a/OpenSim/Region/Framework/Scenes/SceneObjectPartInventory.cs b/OpenSim/Region/Framework/Scenes/SceneObjectPartInventory.cs index 6c56dc30c4..3b1ab015bf 100644 --- a/OpenSim/Region/Framework/Scenes/SceneObjectPartInventory.cs +++ b/OpenSim/Region/Framework/Scenes/SceneObjectPartInventory.cs @@ -1163,16 +1163,14 @@ namespace OpenSim.Region.Framework.Scenes foreach (TaskInventoryItem item in m_items.Values) { - if (item.InvType != (int)InventoryType.Object) - { - if ((item.CurrentPermissions & item.NextPermissions & (uint)PermissionMask.Copy) == 0) - mask &= ~((uint)PermissionMask.Copy >> 13); - if ((item.CurrentPermissions & item.NextPermissions & (uint)PermissionMask.Transfer) == 0) - mask &= ~((uint)PermissionMask.Transfer >> 13); - if ((item.CurrentPermissions & item.NextPermissions & (uint)PermissionMask.Modify) == 0) - mask &= ~((uint)PermissionMask.Modify >> 13); - } - else + if ((item.CurrentPermissions & item.NextPermissions & (uint)PermissionMask.Copy) == 0) + mask &= ~((uint)PermissionMask.Copy >> 13); + if ((item.CurrentPermissions & item.NextPermissions & (uint)PermissionMask.Transfer) == 0) + mask &= ~((uint)PermissionMask.Transfer >> 13); + if ((item.CurrentPermissions & item.NextPermissions & (uint)PermissionMask.Modify) == 0) + mask &= ~((uint)PermissionMask.Modify >> 13); + + if (item.InvType == (int)InventoryType.Object) { if ((item.CurrentPermissions & ((uint)PermissionMask.Copy >> 13)) == 0) mask &= ~((uint)PermissionMask.Copy >> 13);