Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Z
Zope
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Kirill Smelkov
Zope
Commits
8084c378
Commit
8084c378
authored
Jan 30, 2005
by
Andreas Jung
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
- Collector #1617: Fixed crash in ZPT code (caused by improper
checks in cAccessControl)
parent
88263262
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
73 additions
and
55 deletions
+73
-55
doc/CHANGES.txt
doc/CHANGES.txt
+2
-2
lib/python/AccessControl/cAccessControl.c
lib/python/AccessControl/cAccessControl.c
+71
-53
No files found.
doc/CHANGES.txt
View file @
8084c378
...
@@ -17,8 +17,6 @@ Zope Changes
...
@@ -17,8 +17,6 @@ Zope Changes
changes in C, brining the Python and C implementations back in
changes in C, brining the Python and C implementations back in
sync. See lib/python/AccessControl/ZopeSecurityPolicy.py.
sync. See lib/python/AccessControl/ZopeSecurityPolicy.py.
- backport recent changes in cAccessControl from Zope 2.7
- Change acquisition wrappers to implement the descr get slot
- Change acquisition wrappers to implement the descr get slot
directly, this speeding the use of the slot.
directly, this speeding the use of the slot.
...
@@ -53,6 +51,8 @@ Zope Changes
...
@@ -53,6 +51,8 @@ Zope Changes
Bugs fixed
Bugs fixed
- Collector #1617: Fixed crash in ZPT code (caused by improper
checks in cAccessControl)
- Collector #1683: fixing batching in the DA "Test" tab
- Collector #1683: fixing batching in the DA "Test" tab
...
...
lib/python/AccessControl/cAccessControl.c
View file @
8084c378
...
@@ -790,7 +790,6 @@ static PyObject *ZopeSecurityPolicy_validate(PyObject *self, PyObject *args) {
...
@@ -790,7 +790,6 @@ static PyObject *ZopeSecurityPolicy_validate(PyObject *self, PyObject *args) {
PyObject
*
method
=
NULL
;
PyObject
*
method
=
NULL
;
PyObject
*
tmp
=
NULL
;
PyObject
*
tmp
=
NULL
;
char
*
sname
;
int
i
,
l
,
contains
;
int
i
,
l
,
contains
;
PyObject
*
r
;
PyObject
*
r
;
...
@@ -804,26 +803,33 @@ static PyObject *ZopeSecurityPolicy_validate(PyObject *self, PyObject *args) {
...
@@ -804,26 +803,33 @@ static PyObject *ZopeSecurityPolicy_validate(PyObject *self, PyObject *args) {
return
NULL
;
return
NULL
;
/*| # Provide special rules for acquisition attributes
/*| # Provide special rules for acquisition attributes
**| if
isinstance(name, str
):
**| if
type(name) in (StringType, UnicodeType
):
**| if name
.startswith('aq_')
and name not in valid_aq_:
**| if name
[:3] == 'aq_'
and name not in valid_aq_:
**| raise Unauthorized(name, value)
**| raise Unauthorized(name, value)
*/
*/
if
(
PyString_Check
(
name
)
||
PyUnicode_Check
(
name
)
)
{
if
(
PyString_Check
(
name
)
||
PyUnicode_Check
(
name
))
{
sname
=
PyString_AsString
(
name
);
char
*
sname
=
PyString_AsString
(
name
);
if
(
sname
!=
NULL
)
{
/* Conversion to string may have failed, e.g. if name is Unicode
if
(
*
sname
==
'a'
&&
sname
[
1
]
==
'q'
&&
sname
[
2
]
==
'_'
)
{
* and can't be bashed into the default encoding. Unclear what
if
(
strcmp
(
sname
,
"aq_parent"
)
!=
0
&&
* to do then. It's arguably conservative to raise Unauthorized
strcmp
(
sname
,
"aq_inner"
)
!=
0
&&
* in this case.
strcmp
(
sname
,
"aq_explicit"
)
!=
0
)
{
*/
/* Access control violation */
if
(
sname
==
NULL
||
unauthErr
(
name
,
value
);
/* or starts with "aq_" */
return
NULL
;
/* roles is not owned yet */
(
sname
[
0
]
==
'a'
&&
sname
[
1
]
==
'q'
&&
sname
[
2
]
==
'_'
&&
}
/* and isn't aq_{parent, inner, explicit} */
}
strcmp
(
sname
+
3
,
"parent"
)
&&
strcmp
(
sname
+
3
,
"inner"
)
&&
strcmp
(
sname
+
3
,
"explicit"
)
)
)
{
/* Access control violation */
unauthErr
(
name
,
value
);
return
NULL
;
/* roles is not owned yet */
}
}
}
}
Py_XINCREF
(
roles
);
/* Convert the borrowed ref to a real one */
Py_XINCREF
(
roles
);
/* Convert the borrowed ref to a real one */
/*| containerbase = aq_base(container)
/*| containerbase = aq_base(container)
...
@@ -974,7 +980,11 @@ static PyObject *ZopeSecurityPolicy_validate(PyObject *self, PyObject *args) {
...
@@ -974,7 +980,11 @@ static PyObject *ZopeSecurityPolicy_validate(PyObject *self, PyObject *args) {
PyErr_Clear
();
PyErr_Clear
();
}
}
else
else
p
=
PyInt_FromLong
(
1
);
{
ASSIGN
(
p
,
PyInt_FromLong
(
1
));
if
(
p
==
NULL
)
goto
err
;
}
}
}
else
else
{
{
...
@@ -1454,28 +1464,27 @@ SecurityManager_dealloc(SecurityManager *self)
...
@@ -1454,28 +1464,27 @@ SecurityManager_dealloc(SecurityManager *self)
static
PyObject
*
static
PyObject
*
SecurityManager_getattro
(
SecurityManager
*
self
,
PyObject
*
name
)
SecurityManager_getattro
(
SecurityManager
*
self
,
PyObject
*
name
)
{
{
if
(
(
PyString_Check
(
name
)
||
PyUnicode_Check
(
name
)
)
&&
if
(
PyString_Check
(
name
)
||
PyUnicode_Check
(
name
))
{
PyString_AsString
(
name
)[
0
]
==
'_'
)
char
*
name_s
=
PyString_AsString
(
name
);
{
if
(
strcmp
(
PyString_AsString
(
name
),
"_thread_id"
)
==
0
if
(
name_s
==
NULL
)
&&
self
->
thread_id
)
return
NULL
;
{
if
(
name_s
[
0
]
==
'_'
)
{
if
(
!
strcmp
(
name_s
,
"_thread_id"
)
&&
self
->
thread_id
)
{
Py_INCREF
(
self
->
thread_id
);
Py_INCREF
(
self
->
thread_id
);
return
self
->
thread_id
;
return
self
->
thread_id
;
}
}
else
if
(
strcmp
(
PyString_AsString
(
name
),
"_context"
)
==
0
else
if
(
!
strcmp
(
name_s
,
"_context"
)
&&
self
->
context
)
{
&&
self
->
context
)
{
Py_INCREF
(
self
->
context
);
Py_INCREF
(
self
->
context
);
return
self
->
context
;
return
self
->
context
;
}
}
else
if
(
strcmp
(
PyString_AsString
(
name
),
"_policy"
)
==
0
else
if
(
!
strcmp
(
name_s
,
"_policy"
)
&&
self
->
policy
)
{
&&
self
->
policy
)
{
Py_INCREF
(
self
->
policy
);
Py_INCREF
(
self
->
policy
);
return
self
->
policy
;
return
self
->
policy
;
}
}
}
}
}
return
Py_FindAttr
(
OBJECT
(
self
),
name
);
return
Py_FindAttr
(
OBJECT
(
self
),
name
);
}
}
...
@@ -1483,22 +1492,27 @@ SecurityManager_getattro(SecurityManager *self, PyObject *name)
...
@@ -1483,22 +1492,27 @@ SecurityManager_getattro(SecurityManager *self, PyObject *name)
static
int
static
int
SecurityManager_setattro
(
SecurityManager
*
self
,
PyObject
*
name
,
PyObject
*
v
)
SecurityManager_setattro
(
SecurityManager
*
self
,
PyObject
*
name
,
PyObject
*
v
)
{
{
if
(
(
PyString_Check
(
name
)
||
PyUnicode_Check
(
name
)
)
&&
if
(
PyString_Check
(
name
)
||
PyUnicode_Check
(
name
))
{
PyString_AsString
(
name
)[
0
]
==
'_'
)
char
*
name_s
=
PyString_AsString
(
name
);
if
(
name_s
==
NULL
)
return
-
1
;
if
(
name_s
[
0
]
==
'_'
)
{
{
if
(
strcmp
(
PyString_AsString
(
name
),
"_thread_id"
)
==
0
)
if
(
!
strcmp
(
name_s
,
"_thread_id"
)
)
{
{
Py_INCREF
(
v
);
Py_INCREF
(
v
);
ASSIGN
(
self
->
thread_id
,
v
);
ASSIGN
(
self
->
thread_id
,
v
);
return
0
;
return
0
;
}
}
else
if
(
strcmp
(
PyString_AsString
(
name
),
"_context"
)
==
0
)
else
if
(
!
strcmp
(
name_s
,
"_context"
)
)
{
{
Py_INCREF
(
v
);
Py_INCREF
(
v
);
ASSIGN
(
self
->
context
,
v
);
ASSIGN
(
self
->
context
,
v
);
return
0
;
return
0
;
}
}
else
if
(
strcmp
(
PyString_AsString
(
name
),
"_policy"
)
==
0
)
else
if
(
!
strcmp
(
name_s
,
"_policy"
)
)
{
{
Py_INCREF
(
v
);
Py_INCREF
(
v
);
ASSIGN
(
self
->
policy
,
v
);
ASSIGN
(
self
->
policy
,
v
);
...
@@ -1515,6 +1529,8 @@ SecurityManager_setattro(SecurityManager *self, PyObject *name, PyObject *v)
...
@@ -1515,6 +1529,8 @@ SecurityManager_setattro(SecurityManager *self, PyObject *name, PyObject *v)
return
0
;
return
0
;
}
}
}
}
}
PyErr_SetObject
(
PyExc_AttributeError
,
name
);
PyErr_SetObject
(
PyExc_AttributeError
,
name
);
return
-
1
;
return
-
1
;
}
}
...
@@ -1522,7 +1538,6 @@ SecurityManager_setattro(SecurityManager *self, PyObject *name, PyObject *v)
...
@@ -1522,7 +1538,6 @@ SecurityManager_setattro(SecurityManager *self, PyObject *name, PyObject *v)
/*
/*
** PermissionRole_init
** PermissionRole_init
**
**
...
@@ -1650,32 +1665,35 @@ static void PermissionRole_dealloc(PermissionRole *self) {
...
@@ -1650,32 +1665,35 @@ static void PermissionRole_dealloc(PermissionRole *self) {
**
**
*/
*/
static
PyObject
*
PermissionRole_getattro
(
PermissionRole
*
self
,
PyObject
*
name
)
{
static
PyObject
*
PyObject
*
result
=
NULL
;
PermissionRole_getattro
(
PermissionRole
*
self
,
PyObject
*
name
)
{
PyObject
*
result
=
NULL
;
char
*
name_s
=
PyString_AsString
(
name
);
char
*
name_s
=
PyString_AsString
(
name
);
/* see whether we know the attribute */
/* see whether we know the attribute */
/* we support both the old "_d" (from the Python implementation)
/* we support both the old "_d" (from the Python implementation)
and the new "__roles__"
and the new "__roles__"
*/
*/
if
(
name_s
[
0
]
==
'_'
)
{
if
(
name_s
[
1
]
==
'_'
)
{
if
(
name_s
==
NULL
)
if
(
strcmp
(
name_s
,
"__name__"
)
==
0
)
PyErr_Clear
();
/* defer to ExtensionClassGetattro */
result
=
self
->
__name__
;
else
if
(
name_s
[
0
]
==
'_'
)
{
else
if
(
strcmp
(
name_s
,
"__roles__"
)
==
0
)
if
(
!
strcmp
(
name_s
,
"__name__"
))
result
=
self
->
__roles__
;
result
=
self
->
__name__
;
}
else
if
(
!
strcmp
(
name_s
,
"__roles__"
))
else
if
(
name_s
[
1
]
==
'p'
&&
name_s
[
2
]
==
0
)
result
=
self
->
__roles__
;
result
=
self
->
_p
;
else
if
(
!
strcmp
(
name_s
,
"_p"
))
else
if
(
name_s
[
1
]
==
'd'
&&
name_s
[
2
]
==
0
)
result
=
self
->
_p
;
result
=
self
->
__roles__
;
else
if
(
!
strcmp
(
name_s
,
"_d"
))
result
=
self
->
__roles__
;
}
}
if
(
result
)
{
if
(
result
)
{
Py_INCREF
(
result
);
Py_INCREF
(
result
);
return
result
;
return
result
;
}
else
{
return
ExtensionClassGetattro
((
PyObject
*
)
self
,
name
);
}
}
else
return
ExtensionClassGetattro
((
PyObject
*
)
self
,
name
);
}
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment