Mailhost expects different security settings in different folders
Hello, I observed a strange effect when using a script which sends some notification mail. Here is the striped down version of the script: try: mailhost=getattr(context, context.superValues('Mail Host')[0].id) except: raise AttributeError, "Can not find a Mail Host object." mailhost.send("Subject: Simple Mail\n\nMessage", "tillea@localhost", "tillea@rki.de") If I use the "Test" button of this script it just sends a mail to me. This works fine if this script is in the container "MyTest". In the container "Application" I have some security settings applied to certain objects but no difference regarding the script in question. The Folder "MyTest" and "Application" are in the root Folder where the MailHost object is stored so the aquisition rule should be the same because there is no additional MailHost object. If I use the "Test" tab in "/Application/TestMailScript" a login screen is provided and if I use my valid login I get: Zope Error Zope has encountered an error while publishing this resource. Error Type: Unauthorized Error Value: You are not allowed to access send in this context Any hint which combination of security settings might cause such a behaviour? (I'm using Zope 2.6.2 under Debian GNU/Linux.) Kind regards Andreas.
Andreas Tille wrote at 2004-1-27 12:38 +0100:
... If I use the "Test" tab in "/Application/TestMailScript" a login screen is provided and if I use my valid login I get:
Zope Error Zope has encountered an error while publishing this resource.
Error Type: Unauthorized Error Value: You are not allowed to access send in this context
Authorization problems are best analysed with Shane's "VerboseSecurity" product (unless you use Zope 2.6.3/Zope 2.7b4 or above). -- Dieter
On Tue, 27 Jan 2004, Dieter Maurer wrote:
Authorization problems are best analysed with Shane's "VerboseSecurity" product (unless you use Zope 2.6.3/Zope 2.7b4 or above). This was really a great hint. I hope this functionality will end up inside Zope. I guess if it is implemented in C the speed slowdown which is mentioned in the README will be no real problem any more.
Regarding my actual problem: Traceback (innermost last): Module ZPublisher.Publish, line 98, in publish Module ZPublisher.mapply, line 88, in mapply Module ZPublisher.Publish, line 39, in call_object Module Shared.DC.Scripts.Bindings, line 252, in __call__ Module Shared.DC.Scripts.Bindings, line 283, in _bindAndExec Module Products.PythonScripts.PythonScript, line 314, in _exec Module Script (Python), line 6, in SimpleMail - <PythonScript at /Influenza/SimpleMail> - Line 6 Module Products.VerboseSecurity.VerboseSecurityPolicy, line 264, in validate Unauthorized: Your user account is defined outside the context of the object being accessed. Access to 'send' of (MailHost instance at 92020b0) denied. Your user account, tillea, exists at /Influenza/acl_users. Access requires one of the following roles: ['Manager']. The situation is as follows: /acl_users/tillea: ['Manager','Owner'] /Influenza/acl_users/tillea: ['Manager','Owner','some','other','permissions'] --> So the error message seems strange because the role 'Manager' occures in both contexts /Influenza/SimpleMail try: mailhost=getattr(context, context.superValues('Mail Host')[0].id) except: raise AttributeError, "Can not find a Mail Host object." mailhost.send("Subject: SimpleMail\n\nMessage Body", "tillea@localhost", "tillea@rki.de") --> This causes the problem /TestFolder/SimpleMail --> same script as above is OK, but this folder does not contain any additional acl_users folder which is the only visible difference for me /MailHost --> I did not changed any security settings here. All items of "Acquire permission settings?" are tickmarked and all other roles (Anonymous, Authenticated, Manager, Owner) are empty. Any hint? BTW, this occures on my development machine running Zope 2.6.2. My production machine (Sparc, Debian) running Zope 2.6.1 works fine. Kind regards Andreas.
From: "Andreas Tille" <tillea@rki.de>
Unauthorized: Your user account is defined outside the context of the object being accessed. Access to 'send' of (MailHost instance at 92020b0) denied. Your user account, tillea, exists at /Influenza/acl_users. Access requires one of the following roles: ['Manager'].
/acl_users/tillea: ['Manager','Owner']
/Influenza/acl_users/tillea:
['Manager','Owner','some','other','permissions']
--> So the error message seems strange because the role 'Manager'
occures
in both contexts
No. The USER exists in both contexts.
/MailHost --> I did not changed any security settings here. All items of "Acquire permission settings?" are tickmarked and all other roles (Anonymous, Authenticated, Manager, Owner) are empty.
Any hint?
Yes:
Unauthorized: Your user account is defined outside the context of the object being accessed.
Your user account, tillea, exists at /Influenza/acl_users. And hence, it has no access things above /Influenza. You should remove the user from /Influenza/acl_users and use the user defained in /acl_users instead.
On Wed, 28 Jan 2004, Lennart Regebro wrote:
From: "Andreas Tille" <tillea@rki.de>
Unauthorized: Your user account is defined outside the context of the object being accessed. Access to 'send' of (MailHost instance at 92020b0) denied. Your user account, tillea, exists at /Influenza/acl_users. Access requires one of the following roles: ['Manager'].
/acl_users/tillea: ['Manager','Owner']
/Influenza/acl_users/tillea:
['Manager','Owner','some','other','permissions']
--> So the error message seems strange because the role 'Manager'
occures
in both contexts
No. The USER exists in both contexts.
/MailHost --> I did not changed any security settings here. All items of "Acquire permission settings?" are tickmarked and all other roles (Anonymous, Authenticated, Manager, Owner) are empty.
Any hint?
Yes:
Unauthorized: Your user account is defined outside the context of the object being accessed.
Your user account, tillea, exists at /Influenza/acl_users. And hence, it has no access things above /Influenza. You should remove the user from /Influenza/acl_users and use the user defained in /acl_users instead. Well, this might help for this very problem, but the application is in fact more complex.
On my live system I define certain roles in the /Influenza folder and some users who get these roles (but not the 'Manager' role!). They are perfectly able to send mails without beeing 'Manager' and there is certainly no reason to have this role just to send mails. How can it happen that this is not possible on the development machine (when I tested this application the machine was running Zope 2.6.1 and once it worked I did not tested this feature after the upgrade to 2.6.2 but there might be some other changes besides upgrading Zope)? Kind regards Andreas.
From: "Andreas Tille" <tillea@rki.de>
On my live system I define certain roles in the /Influenza folder and some users who get these roles (but not the 'Manager' role!). They are perfectly able to send mails without beeing 'Manager' and there is certainly no reason to have this role just to send mails.
If that is the only role who has the 'Use mailhost services' permission in the root, it is. And that is the default setting. And since you define your roles lower than where MailHost is located, you can't set that permission on these roles either. Maybe if you set "Authenticated" so it had 'Use mailhost services' it might work. I'm not sure if you are "Authenticated" above where you are created. Do on no accounts give the right to "Anonymous". If you do people can use your system to send spam. I don't think this has ever actually happened with Zope and MailHost, but it it theoretically possible. Similar exploits have been used with some infamous PHP scripts.
On Wed, 28 Jan 2004, Lennart Regebro wrote:
Do on no accounts give the right to "Anonymous". If you do people can use your system to send spam. I don't think this has ever actually happened with Zope and MailHost, but it it theoretically possible. Similar exploits have been used with some infamous PHP scripts. Thanks for opening my eyes: The difference is in the checkbox for "use mailhost services" for "authenticated" .
At least my stupidity had the advantage of learning about the VerboseSecurity Product which was worth the effort. ;-) Thanks Andreas.
participants (3)
-
Andreas Tille -
Dieter Maurer -
Lennart Regebro