[Zope-Checkins] CVS: Packages/AccessControl - cAccessControl.c:1.20.2.14

[Tim Peters]

Update of /cvs-repository/Packages/AccessControl
In directory cvs.zope.org:/tmp/cvs-serv6147/lib/python/AccessControl

Modified Files:
      Tag: Zope-2_7-branch
	cAccessControl.c 
Log Message:
ZopeSecurityPolicy_validate():  In the part checking the name,

- Failure to convert to string must be explicitly dealt with.  It's
  unclear to me what should be done then.  This settles for raising
  Unauthorized.  Is that right?  Wrong?  Don't know; it's at least
  arguably OK to do this.

- Changed the indentation to at least bear *some* resemblance to the
  block structure.

- Restored a speed trick lost in a previous checkin (testing for the
  "aq_" prefix one character at a time).

- Extended that speed trick:  one it's known the prefix is "aq_",
  there's no need to check that 3 additional times.

- Localized the definition of char* sname to the only block that uses
  it.


=== Packages/AccessControl/cAccessControl.c 1.20.2.13 => 1.20.2.14 ===
--- Packages/AccessControl/cAccessControl.c:1.20.2.13	Sun Dec 12 13:38:31 2004
+++ Packages/AccessControl/cAccessControl.c	Tue Dec 14 10:48:10 2004
@@ -772,8 +772,6 @@
 	PyObject *method = NULL;
 	PyObject *tmp = NULL;
 
-	char *sname;
-
         int i, l, contains;
         PyObject *r;
 
@@ -791,18 +789,26 @@
 	**|	   raise Unauthorized(name, value)
 	*/ 
 
-	if ( PyString_Check(name) || PyUnicode_Check(name) ) {
-	    sname = PyString_AsString(name); 
-	    if (sname != NULL) {
-        if (! strncmp(sname, "aq_", 3)) {
-			if (strcmp(sname,"aq_parent")  &&
-                strcmp(sname,"aq_inner")  &&
-                strcmp(sname,"aq_explicit")) {
-				/* Access control violation */
-				unauthErr(name, value);
-				return NULL;  /* roles is not owned yet */
-		            }
-	        }
+	if (PyString_Check(name) || PyUnicode_Check(name)) {
+	    char *sname = PyString_AsString(name);
+	    /* Conversion to string may have failed, e.g. if name is Unicode
+	     * and can't be bashed into the default encoding.  Unclear what
+	     * to do then.  It's arguably conservative to raise Unauthorized
+	     * in this case.
+	     */
+	    if (sname == NULL || 
+     	            /* or starts with "aq_" */
+     	            (sname[0] == 'a' && sname[1] == 'q' && sname[2] == '_' &&
+     	                 /* and isn't aq_{parent, inner, explicit} */
+     	                 strcmp(sname + 3, "parent") &&
+     	                 strcmp(sname + 3, "inner") &&
+     	                 strcmp(sname + 3, "explicit")
+     	            )
+     	        )
+     	    {
+                /* Access control violation */
+		unauthErr(name, value);
+		return NULL;  /* roles is not owned yet */
 	    }
 	}