[Checkins] SVN: AccessControl/branches/sylvain-memory-leak/src/AccessControl/ Change SecurityManager C implementation not to rely on ExtensionClass anymore.
Sylvain Viollow
cvs-admin at zope.org
Wed Nov 7 13:17:23 UTC 2012
Log message for revision 128187:
Change SecurityManager C implementation not to rely on ExtensionClass anymore.
Changed:
U AccessControl/branches/sylvain-memory-leak/src/AccessControl/ImplPython.py
U AccessControl/branches/sylvain-memory-leak/src/AccessControl/cAccessControl.c
-=-
Modified: AccessControl/branches/sylvain-memory-leak/src/AccessControl/ImplPython.py
===================================================================
--- AccessControl/branches/sylvain-memory-leak/src/AccessControl/ImplPython.py 2012-11-07 13:15:15 UTC (rev 128186)
+++ AccessControl/branches/sylvain-memory-leak/src/AccessControl/ImplPython.py 2012-11-07 13:17:22 UTC (rev 128187)
@@ -510,7 +510,7 @@
setDefaultBehaviors(True, True, False)
-class SecurityManager:
+class SecurityManager(object):
"""A security manager provides methods for checking access and managing
executable context and policies
"""
Modified: AccessControl/branches/sylvain-memory-leak/src/AccessControl/cAccessControl.c
===================================================================
--- AccessControl/branches/sylvain-memory-leak/src/AccessControl/cAccessControl.c 2012-11-07 13:15:15 UTC (rev 128186)
+++ AccessControl/branches/sylvain-memory-leak/src/AccessControl/cAccessControl.c 2012-11-07 13:17:22 UTC (rev 128187)
@@ -3,26 +3,26 @@
**
** Access control acceleration routines
- Copyright (c) 2001, Zope Foundation and Contributors.
+ Copyright (c) 2001, Zope Foundation and Contributors.
All rights reserved.
-
+
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are
met:
-
+
o Redistributions of source code must retain the above copyright
notice, this list of conditions, and the disclaimer that follows.
-
+
o Redistributions in binary form must reproduce the above copyright
notice, this list of conditions, and the following disclaimer in
the documentation and/or other materials provided with the
distribution.
-
+
o Neither the name of Digital Creations nor the names of its
contributors may be used to endorse or promote products derived
from this software without specific prior written permission.
-
-
+
+
THIS SOFTWARE IS PROVIDED BY DIGITAL CREATIONS AND CONTRIBUTORS *AS
IS* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
@@ -38,10 +38,10 @@
If you have questions regarding this software,
contact:
-
- Digital Creations L.C.
+
+ Digital Creations L.C.
info at digicool.com
-
+
(540) 371-6909
*/
@@ -114,8 +114,8 @@
}
static PyObject *
-callfunction3(PyObject *function,
- PyObject *arg0, PyObject *arg1,
+callfunction3(PyObject *function,
+ PyObject *arg0, PyObject *arg1,
PyObject *arg2
)
{
@@ -135,9 +135,9 @@
}
static PyObject *
-callfunction4(PyObject *function,
- PyObject *arg0, PyObject *arg1,
- PyObject *arg2, PyObject *arg3
+callfunction4(PyObject *function,
+ PyObject *arg0, PyObject *arg1,
+ PyObject *arg2, PyObject *arg3
)
{
PyObject *t, *r;
@@ -158,9 +158,9 @@
}
static PyObject *
-callfunction5(PyObject *function,
- PyObject *arg0, PyObject *arg1,
- PyObject *arg2, PyObject *arg3, PyObject *arg4
+callfunction5(PyObject *function,
+ PyObject *arg0, PyObject *arg1,
+ PyObject *arg2, PyObject *arg3, PyObject *arg4
)
{
PyObject *t, *r;
@@ -183,8 +183,8 @@
}
static PyObject *
-callfunction6(PyObject *function,
- PyObject *arg0, PyObject *arg1,
+callfunction6(PyObject *function,
+ PyObject *arg0, PyObject *arg1,
PyObject *arg2, PyObject *arg3,
PyObject *arg4, PyObject *arg5
)
@@ -210,14 +210,14 @@
return r;
}
-static int
-unpacktuple2(PyObject *args, char *name, int min,
+static int
+unpacktuple2(PyObject *args, char *name, int min,
PyObject **a0, PyObject **a1)
-{
+{
int l;
l=PyTuple_Size(args);
if (l < 0) return -1;
- if (l < min)
+ if (l < min)
{
PyErr_Format(PyExc_TypeError, "expected %d arguments, got %d", min, l);
return -1;
@@ -227,14 +227,14 @@
return 0;
}
-static int
-unpacktuple3(PyObject *args, char *name, int min,
+static int
+unpacktuple3(PyObject *args, char *name, int min,
PyObject **a0, PyObject **a1, PyObject **a2)
-{
+{
int l;
l=PyTuple_Size(args);
if (l < 0) return -1;
- if (l < min)
+ if (l < min)
{
PyErr_Format(PyExc_TypeError, "expected %d arguments, got %d", min, l);
return -1;
@@ -245,14 +245,14 @@
return 0;
}
-static int
-unpacktuple4(PyObject *args, char *name, int min,
+static int
+unpacktuple4(PyObject *args, char *name, int min,
PyObject **a0, PyObject **a1, PyObject **a2, PyObject **a3)
-{
+{
int l;
l=PyTuple_Size(args);
if (l < 0) return -1;
- if (l < min)
+ if (l < min)
{
PyErr_Format(PyExc_TypeError, "expected %d arguments, got %d", min, l);
return -1;
@@ -264,15 +264,15 @@
return 0;
}
-static int
-unpacktuple5(PyObject *args, char *name, int min,
- PyObject **a0, PyObject **a1, PyObject **a2,
+static int
+unpacktuple5(PyObject *args, char *name, int min,
+ PyObject **a0, PyObject **a1, PyObject **a2,
PyObject **a3, PyObject **a4)
-{
+{
int l;
l=PyTuple_Size(args);
if (l < 0) return -1;
- if (l < min)
+ if (l < min)
{
PyErr_Format(PyExc_TypeError, "expected %d arguments, got %d", min, l);
return -1;
@@ -285,15 +285,15 @@
return 0;
}
-static int
-unpacktuple6(PyObject *args, char *name, int min,
- PyObject **a0, PyObject **a1, PyObject **a2,
+static int
+unpacktuple6(PyObject *args, char *name, int min,
+ PyObject **a0, PyObject **a1, PyObject **a2,
PyObject **a3, PyObject **a4, PyObject **a5)
-{
+{
int l;
l=PyTuple_Size(args);
if (l < 0) return -1;
- if (l < min)
+ if (l < min)
{
PyErr_Format(PyExc_TypeError, "expected %d arguments, got %d", min, l);
return -1;
@@ -310,7 +310,7 @@
/*
-** Structures
+** Structures
*/
typedef struct {
@@ -319,11 +319,11 @@
typedef struct {
PyObject_HEAD
- PyObject *thread_id;
- PyObject *context;
- PyObject *policy;
- PyObject *validate;
- PyObject *checkPermission;
+ PyObject *thread_id;
+ PyObject *context;
+ PyObject *policy;
+ PyObject *validate;
+ PyObject *checkPermission;
} SecurityManager;
typedef struct {
@@ -372,16 +372,21 @@
static PyObject *permissionName(PyObject *name);
-static PyObject *SecurityManager_validate(SecurityManager *self,
+static PyObject *SecurityManager_new(PyTypeObject *type,
+ PyObject *args, PyObject *kwds);
+static int SecurityManager_traverse(SecurityManager *self,
+ visitproc visit, void *arg);
+static PyObject *SecurityManager_validate(SecurityManager *self,
PyObject *args);
static PyObject *SecurityManager_DTMLValidate(SecurityManager *self,
PyObject *args);
-static PyObject *SecurityManager_checkPermission(SecurityManager *self,
+static PyObject *SecurityManager_checkPermission(SecurityManager *self,
PyObject *args);
+static int SecurityManager_clear(SecurityManager *self);
static void SecurityManager_dealloc(SecurityManager *self);
-static PyObject *SecurityManager_getattro(SecurityManager *self,
+static PyObject *SecurityManager_getattro(SecurityManager *self,
PyObject *name);
-static int SecurityManager_setattro(SecurityManager *self,
+static int SecurityManager_setattro(SecurityManager *self,
PyObject *name, PyObject *value);
static getattrofunc ExtensionClassGetattro;
@@ -392,25 +397,25 @@
*/
static PyMethodDef cAccessControl_methods[] = {
- {"rolesForPermissionOn",
- (PyCFunction)rolesForPermissionOn,
- METH_VARARGS,
- ""
+ {"rolesForPermissionOn",
+ (PyCFunction)rolesForPermissionOn,
+ METH_VARARGS,
+ ""
},
- {"guarded_getattr",
- (PyCFunction)module_guarded_getattr,
- METH_VARARGS,
- ""
- },
- {"aq_validate",
- (PyCFunction)module_aq_validate,
- METH_VARARGS,
- ""
- },
+ {"guarded_getattr",
+ (PyCFunction)module_guarded_getattr,
+ METH_VARARGS,
+ ""
+ },
+ {"aq_validate",
+ (PyCFunction)module_aq_validate,
+ METH_VARARGS,
+ ""
+ },
{"setDefaultBehaviors",
- (PyCFunction)module_setDefaultBehaviors,
- METH_VARARGS,
- ""
+ (PyCFunction)module_setDefaultBehaviors,
+ METH_VARARGS,
+ ""
},
{ NULL, NULL }
};
@@ -419,9 +424,9 @@
static PyMethodDef ZopeSecurityPolicy_methods[] = {
{"validate",
- (PyCFunction)ZopeSecurityPolicy_validate,
- METH_VARARGS,
- ""
+ (PyCFunction)ZopeSecurityPolicy_validate,
+ METH_VARARGS,
+ ""
},
{ NULL, NULL }
};
@@ -468,24 +473,24 @@
static PyMethodDef SecurityManager_methods[] = {
{"validate",
- (PyCFunction)SecurityManager_validate,
- METH_VARARGS,
- ""
+ (PyCFunction)SecurityManager_validate,
+ METH_VARARGS,
+ ""
},
{"DTMLValidate",
- (PyCFunction)SecurityManager_DTMLValidate,
- METH_VARARGS,
- ""
+ (PyCFunction)SecurityManager_DTMLValidate,
+ METH_VARARGS,
+ ""
},
{"checkPermission",
- (PyCFunction)SecurityManager_checkPermission,
- METH_VARARGS,
- ""
+ (PyCFunction)SecurityManager_checkPermission,
+ METH_VARARGS,
+ ""
},
{ NULL, NULL }
};
-static PyExtensionClass SecurityManagerType = {
+static PyTypeObject SecurityManagerType = {
PyObject_HEAD_INIT(NULL) 0,
"SecurityManager", /* tp_name */
sizeof(SecurityManager), /* tp_basicsize */
@@ -509,17 +514,26 @@
(setattrofunc)SecurityManager_setattro, /* tp_setattro */
/* Reserved fields */
0, /* tp_xxx3 */
- 0, /* tp_xxx4 */
+ Py_TPFLAGS_DEFAULT | Py_TPFLAGS_BASETYPE | Py_TPFLAGS_HAVE_GC, /* tp_flags */
/* Docstring */
SecurityManager__doc__, /* tp_doc */
-#ifdef COUNT_ALLOCS
- 0, /* tp_alloc */
- 0, /* tp_free */
- 0, /* tp_maxalloc */
- NULL, /* tp_next */
-#endif
- METHOD_CHAIN(SecurityManager_methods), /* methods */
- 0, /* flags */
+ (traverseproc)SecurityManager_traverse, /* tp_traverse */
+ (inquiry)SecurityManager_clear, /* tp_clear */
+ 0, /* tp_richcompare */
+ 0, /* tp_weaklistoffset */
+ 0, /* tp_iter */
+ 0, /* tp_iternext */
+ SecurityManager_methods, /* tp_methods */
+ 0, /* tp_members */
+ 0, /* tp_getset */
+ 0, /* tp_base */
+ 0, /* tp_dict */
+ 0, /* tp_descr_get */
+ 0, /* tp_descr_set */
+ 0, /* tp_dictoffset */
+ 0, /* tp_init */
+ 0, /* tp_alloc */
+ SecurityManager_new, /* tp_new */
};
@@ -527,19 +541,19 @@
static PyMethodDef PermissionRole_methods[] = {
{"__init__",
- (PyCFunction)PermissionRole_init,
- METH_VARARGS,
- ""
+ (PyCFunction)PermissionRole_init,
+ METH_VARARGS,
+ ""
},
{"__of__",
- (PyCFunction)PermissionRole_of,
- METH_O,
- ""
+ (PyCFunction)PermissionRole_of,
+ METH_O,
+ ""
},
{"rolesForPermissionOn",
- (PyCFunction)PermissionRole_rolesForPermissionOn,
- METH_O,
- ""
+ (PyCFunction)PermissionRole_rolesForPermissionOn,
+ METH_O,
+ ""
},
{ NULL, NULL }
};
@@ -589,14 +603,14 @@
static PyMethodDef imPermissionRole_methods[] = {
{"__of__",
- (PyCFunction)imPermissionRole_of,
- METH_O,
- ""
+ (PyCFunction)imPermissionRole_of,
+ METH_O,
+ ""
},
{"rolesForPermissionOn",
- (PyCFunction)imPermissionRole_of,
- METH_O,
- ""
+ (PyCFunction)imPermissionRole_of,
+ METH_O,
+ ""
},
{ NULL, NULL }
};
@@ -701,7 +715,7 @@
** elsewhere... (e.g. imports)
*/
-static int
+static int
ZopeSecurityPolicy_setup(void) {
UNLESS (NoSequenceFormat = PyString_FromString(
"'%s' passed as roles"
@@ -722,20 +736,20 @@
return -1;
UNLESS (allowed_str = PyString_FromString("allowed")) return -1;
UNLESS (getOwner_str = PyString_FromString("getOwner")) return -1;
- UNLESS (getWrappedOwner_str = PyString_FromString("getWrappedOwner"))
+ UNLESS (getWrappedOwner_str = PyString_FromString("getWrappedOwner"))
return -1;
- UNLESS (getPhysicalRoot_str = PyString_FromString("getPhysicalRoot"))
+ UNLESS (getPhysicalRoot_str = PyString_FromString("getPhysicalRoot"))
return -1;
UNLESS (aq_parent_str = PyString_FromString("aq_parent")) return -1;
- UNLESS (_check_context_str = PyString_FromString("_check_context"))
+ UNLESS (_check_context_str = PyString_FromString("_check_context"))
return -1;
UNLESS (unrestrictedTraverse_str = PyString_FromString(
- "unrestrictedTraverse"))
+ "unrestrictedTraverse"))
return -1;
- UNLESS (checkPermission_str = PyString_FromString("checkPermission"))
+ UNLESS (checkPermission_str = PyString_FromString("checkPermission"))
return -1;
- UNLESS (__allow_access_to_unprotected_subobjects__ =
+ UNLESS (__allow_access_to_unprotected_subobjects__ =
PyString_FromString(
"__allow_access_to_unprotected_subobjects__"))
return -1;
@@ -746,8 +760,8 @@
/*
** unauthErr
**
-** Generate the unauthorized error
-*/
+** Generate the unauthorized error
+*/
static void unauthErr(PyObject *name, PyObject *value) {
@@ -770,7 +784,7 @@
PyObject *name = NULL;
PyObject *value = NULL;
PyObject *context = NULL;
- PyObject *roles = NULL;
+ PyObject *roles = NULL;
/* Import from SimpleObject Policy._noroles */
/* Note that _noroles means missing roles, spelled with a NULL in C.
Jim. */
@@ -784,23 +798,22 @@
PyObject *method = NULL;
PyObject *tmp = NULL;
+ int i, l, contains;
+ PyObject *r;
- int i, l, contains;
- PyObject *r;
-
/*| def validate(self, accessed, container, name, value, context
**| roles=_noroles ...
*/
if (unpacktuple6(args, "validate", 5, &accessed, &container,
- &name, &value, &context, &roles) < 0)
+ &name, &value, &context, &roles) < 0)
return NULL;
/*| # Provide special rules for acquisition attributes
**| if type(name) in (StringType, UnicodeType):
**| if name[:3] == 'aq_' and name not in valid_aq_:
**| raise Unauthorized(name, value)
- */
+ */
if (PyString_Check(name) || PyUnicode_Check(name)) {
char *sname = PyString_AsString(name);
@@ -809,7 +822,7 @@
* to do then. It's arguably conservative to raise Unauthorized
* in this case.
*/
- if (sname == NULL ||
+ if (sname == NULL ||
/* or starts with "aq_" */
(sname[0] == 'a' && sname[1] == 'q' && sname[2] == '_' &&
/* and isn't aq_{parent, inner, explicit} */
@@ -836,7 +849,7 @@
containerbase = aq_base(container);
if (containerbase == NULL) goto err;
-
+
if (aq_isWrapper(accessed))
accessedbase = aq_base(accessed);
else {
@@ -862,7 +875,7 @@
}
/*| # We still might not have any roles
- **|
+ **|
**| if roles is _noroles:
*/
@@ -895,33 +908,31 @@
**| raise Unauthorized(name, value)
*/
- roles = PyObject_GetAttr(container, __roles__);
+ roles = PyObject_GetAttr(container, __roles__);
if (roles == NULL) {
PyErr_Clear();
if (!aq_isWrapper(container)) {
- if (containerbase != accessedbase) {
- unauthErr(name, value);
- goto err;
- }
- }
- else {
- roles = aq_acquire(container, __roles__);
- if (roles == NULL) {
- if (PyErr_ExceptionMatches(
- PyExc_AttributeError))
- {
- PyErr_Clear();
- if (containerbase != accessedbase) {
+ if (containerbase != accessedbase) {
+ unauthErr(name, value);
+ goto err;
+ }
+ }
+ else {
+ roles = aq_acquire(container, __roles__);
+ if (roles == NULL) {
+ if (PyErr_ExceptionMatches(PyExc_AttributeError))
+ {
+ PyErr_Clear();
+ if (containerbase != accessedbase) {
unauthErr(name, value);
goto err;
}
- }
- else
- goto err;
- }
+ }
+ else
+ goto err;
+ }
}
-
}
/*| # We need to make sure that we are allowed to get
@@ -936,16 +947,15 @@
**| "__allow_access_to_unprotected_subobjects__", None)
*/
- p = callfunction2(Containers, OBJECT(container->ob_type),
- Py_None);
+ p = callfunction2(Containers, OBJECT(container->ob_type), Py_None);
if (p == NULL)
- goto err;
+ goto err;
if (p == Py_None) {
- ASSIGN(p, PyObject_GetAttr(container,
- __allow_access_to_unprotected_subobjects__));
- if (p == NULL)
- PyErr_Clear();
+ ASSIGN(p, PyObject_GetAttr(container,
+ __allow_access_to_unprotected_subobjects__));
+ if (p == NULL)
+ PyErr_Clear();
}
/*| if p is not None:
@@ -961,11 +971,11 @@
**| p = p(name, value)
*/
- if (p)
+ if (p)
{
- if (! PyInt_Check(p))
+ if (! PyInt_Check(p))
{
- if (PyDict_Check(p))
+ if (PyDict_Check(p))
{
if (PyString_Check(name) || PyUnicode_Check(name))
{
@@ -979,8 +989,8 @@
if (p == NULL)
goto err;
}
- }
- else
+ }
+ else
{
ASSIGN(p, callfunction2(p, name, value));
if (p == NULL)
@@ -992,7 +1002,7 @@
/*| if not p:
**| raise Unauthorized, cleanupName(name, value)
*/
-
+
if (p == NULL || ! PyObject_IsTrue(p)) {
Py_XDECREF(p);
unauthErr(name, value);
@@ -1011,7 +1021,7 @@
/*| # We are going to need a security-aware object to pass
**| # to allowed(). We'll use the container
- **|
+ **|
**| value = container
*/
@@ -1024,7 +1034,7 @@
**| if roles is None or 'Anonymous' in roles: return 1
**| except TypeError:
**| LOG.warn('"%s' passed as roles"
- **| " during validation of '%s' is not a sequence." %
+ **| " during validation of '%s' is not a sequence." %
**| ('roles', name))
**| raise
*/
@@ -1049,7 +1059,7 @@
if (!PyErr_ExceptionMatches(PyExc_TypeError))
goto err;
PyErr_Fetch(&t, &v, &tb);
-
+
m=PyObject_Repr(roles);
if (m) ASSIGN(m, Py_BuildValue("OO", m, name));
if (m) ASSIGN(m, PyString_Format(NoSequenceFormat, m));
@@ -1077,7 +1087,7 @@
**| # If the executable had an owner, can it execute?
**| owner = eo.getOwner()
**| if (owner is not None) and not owner.allowed(value, roles)
- **| # We don't want someone to acquire if they can't
+ **| # We don't want someone to acquire if they can't
**| # get an unacquired!
**| raise Unauthorized, ('You are not authorized to'
**| 'access <em>%s</em>.' % cleanupName(name, value))
@@ -1090,7 +1100,7 @@
owner = PyObject_GetAttr(eo, getOwner_str);
if (owner) ASSIGN(owner, PyObject_CallObject(owner, NULL));
- if (owner ==NULL)
+ if (owner ==NULL)
{
Py_DECREF(eo);
goto err;
@@ -1123,14 +1133,14 @@
**| if proxy_roles:
**| # Verify that the owner actually can state the proxy role
**| # in the context of the accessed item; users in subfolders
- **| # should not be able to use proxy roles to access items
+ **| # should not be able to use proxy roles to access items
**| # above their subfolder!
**| owner = eo.getWrappedOwner()
- **|
+ **|
**| if owner is not None:
**| if container is not containerbase:
**| if not owner._check_context(container):
- **| # container is higher up than the owner,
+ **| # container is higher up than the owner,
**| # deny access
**| raise Unauthorized(name, value)
**|
@@ -1142,12 +1152,12 @@
*/
proxy_roles = PyObject_GetAttr(eo, _proxy_roles_str);
- if (proxy_roles == NULL)
+ if (proxy_roles == NULL)
{
Py_DECREF(eo);
PyErr_Clear();
}
- else if (PyObject_IsTrue(proxy_roles))
+ else if (PyObject_IsTrue(proxy_roles))
{
method = PyObject_GetAttr(eo, getWrappedOwner_str);
@@ -1195,7 +1205,7 @@
contains = 0;
- if (PyTuple_Check(proxy_roles))
+ if (PyTuple_Check(proxy_roles))
{
l=PyTuple_GET_SIZE(proxy_roles);
for (i=0; i < l; i++)
@@ -1205,7 +1215,7 @@
break;
}
}
- else
+ else
{
l=PySequence_Size(proxy_roles);
if (l < 0) contains = -1;
@@ -1218,7 +1228,7 @@
}
else
contains = -1;
- if (contains < 0)
+ if (contains < 0)
break;
}
}
@@ -1287,7 +1297,7 @@
static void ZopeSecurityPolicy_dealloc(ZopeSecurityPolicy *self) {
Py_DECREF(self->ob_type); /* Extensionclass init incref'd */
- PyObject_DEL(self);
+ PyObject_DEL(self);
}
@@ -1308,39 +1318,53 @@
static PyObject *
+SecurityManager_new(PyTypeObject *type, PyObject *args, PyObject *kwds)
+{
+ SecurityManager *self;
+
+ self = (SecurityManager *)type->tp_alloc(type, 0);
+ self->validate = NULL;
+ self->checkPermission = NULL;
+ self->context = NULL;
+ self->policy = NULL;
+ self->thread_id = NULL;
+ return (PyObject *) self;
+}
+
+static PyObject *
SecurityManager_validate(SecurityManager *self, PyObject *args)
{
- PyObject *accessed=Py_None, *container=Py_None, *name=Py_None,
+ PyObject *accessed=Py_None, *container=Py_None, *name=Py_None,
*value=Py_None, *roles=NULL;
-
+
if (unpacktuple5(args, "validate", 0,
&accessed, &container, &name, &value, &roles) < 0)
return NULL;
CHECK_SECURITY_MANAGER_STATE(self, NULL);
GET_SECURITY_MANAGER_VALIDATE(self, NULL);
-
+
if (roles== NULL)
- return callfunction5(self->validate,
+ return callfunction5(self->validate,
accessed, container, name, value, self->context);
- return callfunction6(self->validate,
+ return callfunction6(self->validate,
accessed, container, name, value, self->context, roles);
}
static PyObject *
SecurityManager_DTMLValidate(SecurityManager *self, PyObject *args)
{
- PyObject *accessed=Py_None, *container=Py_None, *name=Py_None,
+ PyObject *accessed=Py_None, *container=Py_None, *name=Py_None,
*value=Py_None, *md=NULL;
-
+
if (unpacktuple5(args, "DTMLValidate", 0,
&accessed, &container, &name, &value, &md) < 0)
return NULL;
CHECK_SECURITY_MANAGER_STATE(self, NULL);
GET_SECURITY_MANAGER_VALIDATE(self, NULL);
-
- return callfunction5(self->validate,
+
+ return callfunction5(self->validate,
accessed, container, name, value, self->context);
}
@@ -1348,37 +1372,59 @@
SecurityManager_checkPermission(SecurityManager *self, PyObject *args)
{
PyObject *permission, *object;
-
+
if (unpacktuple2(args, "checkPermission", 2, &permission, &object) < 0)
return NULL;
CHECK_SECURITY_MANAGER_STATE(self, NULL);
- if (self->checkPermission == NULL &&
- ((self->checkPermission = PyObject_GetAttr(self->policy,
- checkPermission_str))
+ if (self->checkPermission == NULL &&
+ ((self->checkPermission = PyObject_GetAttr(self->policy,
+ checkPermission_str))
== NULL)) return NULL;
- return callfunction3(self->checkPermission,
+ return callfunction3(self->checkPermission,
permission, object, self->context);
}
-static void
-SecurityManager_dealloc(SecurityManager *self)
+static int
+SecurityManager_traverse(SecurityManager *self, visitproc visit, void *arg)
{
- Py_XDECREF(self->thread_id);
+ Py_VISIT(self->policy);
+ Py_VISIT(self->validate);
+ Py_VISIT(self->checkPermission);
+ Py_VISIT(self->context);
+ Py_VISIT(self->thread_id);
+ return 0;
+}
+
+static int
+SecurityManager_clear(SecurityManager *self)
+{
+ Py_XDECREF(self->checkPermission);
+ self->checkPermission = NULL;
Py_XDECREF(self->context);
+ self->context = NULL;
Py_XDECREF(self->policy);
+ self->policy = NULL;
+ Py_XDECREF(self->thread_id);
+ self->thread_id = NULL;
Py_XDECREF(self->validate);
- Py_XDECREF(self->checkPermission);
- Py_DECREF(self->ob_type); /* Extensionclass init incref'd */
- PyObject_DEL(self);
+ self->validate = NULL;
+ return 0;
}
+static void
+SecurityManager_dealloc(SecurityManager *self)
+{
+ SecurityManager_clear(self);
+ self->ob_type->tp_free((PyObject*)self);
+}
+
static PyObject *
SecurityManager_getattro(SecurityManager *self, PyObject *name)
{
if (PyString_Check(name) || PyUnicode_Check(name)) {
- char *name_s = PyString_AsString(name);
+ char *name_s = PyString_AsString(name);
if (name_s == NULL)
return NULL;
@@ -1402,7 +1448,7 @@
return Py_FindAttr(OBJECT(self), name);
}
-static int
+static int
SecurityManager_setattro(SecurityManager *self, PyObject *name, PyObject *v)
{
if (PyString_Check(name) || PyUnicode_Check(name)) {
@@ -1465,7 +1511,7 @@
**| self.__name__ = name
**| self._p = "_" + string.translate(name, name_trans) + "_Permission"
**| self._d = default
- */
+ */
if (unpacktuple2(args, "__init__", 1, &name, &deflt) < 0) return NULL;
@@ -1510,7 +1556,7 @@
r->_pa = parent;
Py_INCREF(parent);
-
+
/*| r._d = self._d
*/
@@ -1568,7 +1614,7 @@
Py_XDECREF(self->ob_type); /* Extensionclass init incref'd */
- PyObject_DEL(self);
+ PyObject_DEL(self);
}
@@ -1591,7 +1637,7 @@
if (name_s == NULL)
PyErr_Clear(); /* defer to ExtensionClassGetattro */
else if (name_s[0] == '_') {
- if (! strcmp(name_s, "__name__"))
+ if (! strcmp(name_s, "__name__"))
result = self->__name__;
else if (! strcmp(name_s, "__roles__"))
result = self->__roles__;
@@ -1714,12 +1760,12 @@
Py_DECREF(self->ob_type); /* Extensionclass init incref'd */
- PyObject_DEL(self);
+ PyObject_DEL(self);
}
/*
** rolesForPermissionOn
-*/
+*/
static PyObject *rolesForPermissionOn(PyObject *self, PyObject *args) {
PyObject *perm = NULL;
@@ -1732,19 +1778,19 @@
**| """Return the roles that have the permisson on the given object"""
*/
- if (unpacktuple4(args, "rolesForPermissionOn", 2,
+ if (unpacktuple4(args, "rolesForPermissionOn", 2,
&perm, &object, &deflt, &n) < 0)
return NULL;
return c_rolesForPermissionOn(perm, object, deflt, n);
}
-/*
+/*
def rolesForPermissionOn(perm, object, default=_default_roles, n=None):
"""Return the roles that have the given permission on the given object
"""
*/
static PyObject *
-c_rolesForPermissionOn(PyObject *perm, PyObject *object,
+c_rolesForPermissionOn(PyObject *perm, PyObject *object,
PyObject *_default_roles, PyObject *n)
{
PyObject *r, *result = NULL;
@@ -1846,14 +1892,14 @@
goto end;
}
}
-
+
/*
elif roles:
if r is None:
r = list(roles)
else: r = r + list(roles)
*/
- else
+ else
{
int bool = PyObject_IsTrue(roles);
if (bool < 0)
@@ -1885,7 +1931,7 @@
else /* roles == NULL */
PyErr_Clear();
-
+
/*
object = aq_inner(object)
if object is None:
@@ -1894,16 +1940,16 @@
*/
{
PyObject *tobj = aq_inner(object);
- if (tobj == NULL)
+ if (tobj == NULL)
goto end;
Py_DECREF(object);
object = tobj;
-
- if (object == Py_None)
+
+ if (object == Py_None)
break;
tobj = aq_parent(object);
- if (tobj == NULL)
+ if (tobj == NULL)
goto end;
Py_DECREF(object);
object = tobj;
@@ -1928,13 +1974,13 @@
Py_INCREF(r);
result = r;
-
+
end:
Py_DECREF(n);
Py_DECREF(object);
Py_DECREF(r);
return result;
-}
+}
/*
@@ -1958,7 +2004,7 @@
in = PyString_AsString(name);
if (in == NULL)
return NULL;
-
+
while (len && *in) {
r = *(in++);
if (!isalnum(r)) r='_';
@@ -1982,7 +2028,7 @@
/* def guarded_getattr(inst, name, default=_marker): */
static PyObject *
-guarded_getattr(PyObject *inst, PyObject *name, PyObject *default_,
+guarded_getattr(PyObject *inst, PyObject *name, PyObject *default_,
PyObject *validate)
{
PyObject *v=0, *t=0;
@@ -2045,13 +2091,13 @@
if (PyDict_Check(t))
{
PyObject *attrv;
-
+
attrv = PyDict_GetItem(t, name);
if (attrv != NULL)
{
i=PyObject_IsTrue(attrv);
if (i < 0) goto err;
- if (i)
+ if (i)
{
if (attrv->ob_type->tp_call)
{
@@ -2082,7 +2128,7 @@
PyObject *factory;
factory = callfunction2(t, name, v);
- if (factory == NULL)
+ if (factory == NULL)
goto err;
if (PyCallable_Check(factory))
@@ -2095,13 +2141,13 @@
return v;
}
- /*
+ /*
# See if we can get the value doing a filtered acquire.
# aq_acquire will either return the same value as held by
# v or it will return an Unauthorized raised by validate.
validate = SecurityManagement.getSecurityManager().validate
aq_acquire(inst, name, aq_validate, validate)
-
+
return v
*/
@@ -2114,7 +2160,7 @@
Py_DECREF(t);
return v;
-
+
unauthErr(name, v);
err:
Py_DECREF(v);
@@ -2194,8 +2240,8 @@
if (unpacktuple3(args, "guarded_getattr", 2, &ob, &name, &default_) < 0)
return NULL;
-
- UNLESS (validate = PyObject_GetAttr(self, validate_str))
+
+ UNLESS (validate = PyObject_GetAttr(self, validate_str))
{
/* This section is pure paranoia at this point. It was necessary
while debugging. */
@@ -2213,7 +2259,7 @@
static struct PyMethodDef dtml_methods[] = {
- {"guarded_getattr", (PyCFunction)dtml_guarded_getattr,
+ {"guarded_getattr", (PyCFunction)dtml_guarded_getattr,
METH_VARARGS|METH_KEYWORDS, "" },
{NULL, NULL}
};
@@ -2229,10 +2275,9 @@
void initcAccessControl(void) {
PyObject *module;
PyObject *dict;
- PURE_MIXIN_CLASS(RestrictedDTMLMixin,
- "A mix-in for derivatives of DT_String.String "
- "that adds Zope security."
- , dtml_methods);
+ PURE_MIXIN_CLASS(RestrictedDTMLMixin,
+ "A mix-in for derivatives of DT_String.String "
+ "that adds Zope security.", dtml_methods);
if (!ExtensionClassImported) return;
@@ -2244,34 +2289,35 @@
cAccessControl_methods,
"cAccessControl.c\n");
+ if (PyType_Ready(&SecurityManagerType) < 0)
+ return;
+ Py_INCREF(&SecurityManagerType);
+ PyModule_AddObject(module, "SecurityManager",
+ (PyObject *) &SecurityManagerType);
+
aq_init(); /* For Python <= 2.1.1, aq_init() should be after
Py_InitModule(). */
dict = PyModule_GetDict(module);
PyDict_SetItemString(dict, "_what_not_even_god_should_do",
- _what_not_even_god_should_do);
+ _what_not_even_god_should_do);
- PyExtensionClass_Export(dict, "RestrictedDTMLMixin",
- RestrictedDTMLMixinType);
+ PyExtensionClass_Export(dict, "RestrictedDTMLMixin",
+ RestrictedDTMLMixinType);
PyExtensionClass_Export(dict, "ZopeSecurityPolicy",
- ZopeSecurityPolicyType);
+ ZopeSecurityPolicyType);
- PyExtensionClass_Export(dict,"SecurityManager",
- SecurityManagerType);
-
PyExtensionClass_Export(dict, "PermissionRole",
- PermissionRoleType);
+ PermissionRoleType);
PyExtensionClass_Export(dict, "imPermissionRole",
- imPermissionRoleType);
+ imPermissionRoleType);
- imPermissionRoleObj = PyMapping_GetItemString(dict,
- "imPermissionRole");
+ imPermissionRoleObj = PyMapping_GetItemString(dict, "imPermissionRole");
+ aq_validate = PyMapping_GetItemString(dict, "aq_validate");
- aq_validate = PyMapping_GetItemString(dict, "aq_validate");
-
/*| from SimpleObjectPolicies import Containers
*/
@@ -2315,4 +2361,3 @@
Py_DECREF(module);
module = NULL;
}
-
More information about the checkins
mailing list