Fix the new permissions error introduced with the inventory fix
The fix to allow setting perms in inventory accidentally caused folded permissions to be used as a mask for the next owner perms. The current solution isn't optimal but better than anything else we have had. Legacy objects may experience a net loss of permissions if trying to set their perms in inventory, this is deemed preferable to the prior privilege escalation possibility. New items will handle properly.melanie
Melanie Thielker
parent
b9eb3afb62
commit
da51edb5fe
|
|
@ -1124,7 +1124,7 @@ namespace OpenSim.Region.CoreModules.Framework.InventoryAccess
|
|||
// rootPart.OwnerID, item.Owner, item.CurrentPermissions);
|
||||
|
||||
if ((rootPart.OwnerID != item.Owner) ||
|
||||
(item.CurrentPermissions & 16) != 0 ||
|
||||
(item.CurrentPermissions & 8) != 0 ||
|
||||
(item.Flags & (uint)InventoryItemFlags.ObjectSlamPerm) != 0)
|
||||
{
|
||||
//Need to kill the for sale here
|
||||
|
|
@ -1142,22 +1142,37 @@ namespace OpenSim.Region.CoreModules.Framework.InventoryAccess
|
|||
part.RezzerID = item.Owner;
|
||||
part.Inventory.ChangeInventoryOwner(item.Owner);
|
||||
|
||||
// This applies the base mask from the item as the next
|
||||
// permissions for the object. This is correct because the
|
||||
// giver's base mask was masked by the giver's next owner
|
||||
// mask, so the base mask equals the original next owner mask.
|
||||
part.NextOwnerMask = item.BasePermissions;
|
||||
// Reconstruct the original item's base permissions. They
|
||||
// can be found in the lower (folded) bits.
|
||||
if ((item.BasePermissions & (uint)PermissionMask.FoldedMask) != 0)
|
||||
{
|
||||
// We have permissions stored there so use them
|
||||
part.NextOwnerMask = ((item.BasePermissions & 7) << 13);
|
||||
if ((item.BasePermissions & (uint)PermissionMask.FoldedExport) != 0)
|
||||
part.NextOwnerMask |= (uint)PermissionMask.Export;
|
||||
part.NextOwnerMask |= (uint)PermissionMask.Move;
|
||||
}
|
||||
else
|
||||
{
|
||||
// This is a legacy object and we can't avoid the issues that
|
||||
// caused perms loss or escalation before, treat it the legacy
|
||||
// way.
|
||||
part.NextOwnerMask = item.NextPermissions;
|
||||
}
|
||||
}
|
||||
|
||||
so.ApplyNextOwnerPermissions();
|
||||
|
||||
// In case the user has changed flags on a received item
|
||||
// we have to apply those changes after the slam. Else we
|
||||
// get a net loss of permissions
|
||||
// get a net loss of permissions.
|
||||
// On legacy objects, this opts for a loss of permissions rather
|
||||
// than the previous handling that allowed escalation.
|
||||
foreach (SceneObjectPart part in so.Parts)
|
||||
{
|
||||
if ((item.Flags & (uint)InventoryItemFlags.ObjectHasMultipleItems) == 0)
|
||||
{
|
||||
part.GroupMask = item.GroupPermissions & part.BaseMask;
|
||||
part.EveryoneMask = item.EveryOnePermissions & part.BaseMask;
|
||||
part.NextOwnerMask = item.NextPermissions & part.BaseMask;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -647,7 +647,8 @@ namespace OpenSim.Region.Framework.Scenes
|
|||
// Modify
|
||||
uint permsMask = ~ ((uint)PermissionMask.Copy |
|
||||
(uint)PermissionMask.Transfer |
|
||||
(uint)PermissionMask.Modify);
|
||||
(uint)PermissionMask.Modify |
|
||||
(uint)PermissionMask.Export);
|
||||
|
||||
// Now, reduce the next perms to the mask bits
|
||||
// relevant to the operation
|
||||
|
|
@ -677,6 +678,23 @@ namespace OpenSim.Region.Framework.Scenes
|
|||
(uint)PermissionMask.Move;
|
||||
uint ownerPerms = item.CurrentPermissions;
|
||||
|
||||
// These will be applied to the root prim at next rez.
|
||||
// The legacy slam bit (bit 3) and folded permission (bits 0-2)
|
||||
// are preserved due to the above mangling
|
||||
ownerPerms &= nextPerms;
|
||||
|
||||
// Mask the base permissions. This is a conservative
|
||||
// approach altering only the three main perms
|
||||
basePerms &= nextPerms;
|
||||
|
||||
// Mask out the folded portion of the base mask.
|
||||
// While the owner mask carries the actual folded
|
||||
// permissions, the base mask carries the original
|
||||
// base mask, before masking with the folded perms.
|
||||
// We need this later for rezzing.
|
||||
basePerms &= ~(uint)PermissionMask.FoldedMask;
|
||||
basePerms |= ((basePerms >> 13) & 7) | (((basePerms & (uint)PermissionMask.Export) != 0) ? (uint)PermissionMask.FoldedExport : 0);
|
||||
|
||||
// If this is an object, root prim perms may be more
|
||||
// permissive than folded perms. Use folded perms as
|
||||
// a mask
|
||||
|
|
@ -684,6 +702,9 @@ namespace OpenSim.Region.Framework.Scenes
|
|||
{
|
||||
// Create a safe mask for the current perms
|
||||
uint foldedPerms = (item.CurrentPermissions & 7) << 13;
|
||||
if ((item.CurrentPermissions & (uint)PermissionMask.FoldedExport) != 0)
|
||||
foldedPerms |= (uint)PermissionMask.Export;
|
||||
|
||||
foldedPerms |= permsMask;
|
||||
|
||||
bool isRootMod = (item.CurrentPermissions &
|
||||
|
|
@ -691,6 +712,8 @@ namespace OpenSim.Region.Framework.Scenes
|
|||
true : false;
|
||||
|
||||
// Mask the owner perms to the folded perms
|
||||
// Note that this is only to satisfy the viewer.
|
||||
// The effect of this will be reversed on rez.
|
||||
ownerPerms &= foldedPerms;
|
||||
basePerms &= foldedPerms;
|
||||
|
||||
|
|
@ -705,15 +728,6 @@ namespace OpenSim.Region.Framework.Scenes
|
|||
}
|
||||
}
|
||||
|
||||
// These will be applied to the root prim at next rez.
|
||||
// The slam bit (bit 3) and folded permission (bits 0-2)
|
||||
// are preserved due to the above mangling
|
||||
ownerPerms &= nextPerms;
|
||||
|
||||
// Mask the base permissions. This is a conservative
|
||||
// approach altering only the three main perms
|
||||
basePerms &= nextPerms;
|
||||
|
||||
// Assign to the actual item. Make sure the slam bit is
|
||||
// set, if it wasn't set before.
|
||||
itemCopy.BasePermissions = basePerms;
|
||||
|
|
|
|||
Loading…
Reference in New Issue