[Zope-Checkins] CVS: Zope/lib/python/Zope/Startup - __init__.py:1.14 handlers.py:1.15 zopeschema.xml:1.25

[Tres Seaver]

Update of /cvs-repository/Zope/lib/python/Zope/Startup
In directory cvs.zope.org:/tmp/cvs-serv23920/Zope/Startup

Modified Files:
	__init__.py handlers.py zopeschema.xml 
Log Message:


  - Wire up security policy selection machinery to ZConfig (note that the
    'C' policy is currently borked, but should be fixed very soon).


=== Zope/lib/python/Zope/Startup/__init__.py 1.13 => 1.14 ===
--- Zope/lib/python/Zope/Startup/__init__.py:1.13	Mon Jan  5 12:04:11 2004
+++ Zope/lib/python/Zope/Startup/__init__.py	Thu Jan 15 18:05:08 2004
@@ -40,6 +40,7 @@
     # are set up, we flush accumulated messages in StartupHandler's
     # buffers to the real logger.
     starter.setupStartupHandler()
+    starter.setupSecurityOptions()
     # Start ZServer servers before we drop privileges so we can bind to
     # "low" ports:
     starter.setupZServerThreads()
@@ -97,6 +98,14 @@
         if os.name == 'posix':
             from Signals import Signals
             Signals.registerZopeSignals()
+
+    def setupSecurityOptions(self):
+        import AccessControl
+        AccessControl.setImplementation(
+            self.cfg.security_policy_implementation)
+        AccessControl.setDefaultBehaviors(
+            not self.cfg.skip_ownership_checking,
+            not self.cfg.skip_authentication_checking)
 
     def setupStartupHandler(self):
         # set up our initial logging environment (log everything to stderr


=== Zope/lib/python/Zope/Startup/handlers.py 1.14 => 1.15 ===
--- Zope/lib/python/Zope/Startup/handlers.py:1.14	Sun Dec 21 18:04:19 2003
+++ Zope/lib/python/Zope/Startup/handlers.py	Thu Jan 15 18:05:08 2004
@@ -39,14 +39,6 @@
     not value and _setenv('ZOPE_DTML_REQUEST_AUTOQUOTE', '0')
     return value
 
-def skip_authentication_checking(value):
-    value and _setenv('ZSP_AUTHENTICATED_SKIP', '1')
-    return value
-
-def skip_ownership_checking(value):
-    value and _setenv('ZSP_OWNEROUS_SKIP', '1')
-    return value
-
 def maximum_number_of_session_objects(value):
     default = 1000
     value not in (None, default) and _setenv('ZSESSION_OBJECT_LIMIT', value)
@@ -97,10 +89,6 @@
     value and _setenv('REST_OUTPUT_ENCODING' , value)
     return value
 
-def maximum_security_manager_stack_size(value):
-    value is not None and _setenv('Z_MAX_STACK_SIZE', value)
-    return value
-
 def publisher_profile_file(value):
     value is not None and _setenv('PROFILE_PUBLISHER', value)
     from ZPublisher.Publish import install_profiling
@@ -110,9 +98,6 @@
 def http_realm(value):
     value is not None and _setenv('Z_REALM', value)
     return value
-
-def security_policy_implementation(value):
-    value not in ('C', None) and _setenv('ZOPE_SECURITY_POLICY', value)
 
 def max_listen_sockets(value):
     import ZServer


=== Zope/lib/python/Zope/Startup/zopeschema.xml 1.24 => 1.25 ===
--- Zope/lib/python/Zope/Startup/zopeschema.xml:1.24	Mon Jan  5 12:04:11 2004
+++ Zope/lib/python/Zope/Startup/zopeschema.xml	Thu Jan 15 18:05:08 2004
@@ -452,16 +452,6 @@
     <metadefault>unset</metadefault>
   </key>
 
-  <key name="maximum-security-manager-stack-size" datatype="integer"
-       default="100" handler="maximum_security_manager_stack_size">
-     <description>
-     This variable allows you to customize the size of the Zope
-     SecurityManager stack. You shouldn't change this unless you know what
-     it means.
-     </description>
-     <metadefault>100</metadefault>
-  </key>
-
   <key name="publisher-profile-file" handler="publisher_profile_file">
     <description>
      Causing this directive to point to a file on the filesystem will
@@ -533,7 +523,7 @@
 
   <key name="security-policy-implementation"
        datatype=".security_policy_implementation"
-       default="C" handler="security_policy_implementation">
+       default="C">
      <description>
      The default Zope "security policy" implementation is written in C.
      Set this key to "PYTHON" to use the Python implementation
@@ -544,7 +534,7 @@
   </key>
 
   <key name="skip-authentication-checking" datatype="boolean"
-       default="off" handler="skip_authentication_checking">
+       default="off">
      <description>
      Set this directive to 'on' to cause Zope to prevent Zope from
      attempting to authenticate users during normal operation.
@@ -555,7 +545,7 @@
   </key>
 
   <key name="skip-ownership-checking" datatype="boolean"
-       default="off" handler="skip_ownership_checking">
+       default="off">
      <description>
      Set this directive to 'on' to cause Zope to ignore ownership checking
      when attempting to execute "through the web" code. By default, this