[Zope-Checkins] SVN: Zope/trunk/ - the 'trusted-proxy' directive in zope.conf now also accepts

Andreas Jung andreas at andreas-jung.com
Wed Nov 24 03:48:35 EST 2004 

Log message for revision 28496:
        - the 'trusted-proxy' directive in zope.conf now also accepts
          hostnames instead of IP addresses only (patch by Dieter Maurer)
  

Changed:
  U   Zope/trunk/doc/CHANGES.txt
  U   Zope/trunk/lib/python/Zope/Startup/__init__.py
  U   Zope/trunk/lib/python/Zope/Startup/handlers.py

-=-
Modified: Zope/trunk/doc/CHANGES.txt
===================================================================
--- Zope/trunk/doc/CHANGES.txt	2004-11-24 08:18:07 UTC (rev 28495)
+++ Zope/trunk/doc/CHANGES.txt	2004-11-24 08:48:24 UTC (rev 28496)
@@ -46,6 +46,9 @@
 
     Bugs fixed
 
+      - the 'trusted-proxy' directive in zope.conf now also accepts
+        hostnames instead of IP addresses only (patch by Dieter Maurer)
+
       - Fixed test.py to not over-resolve symbolic links. Needed to run
         tests when the Products directory and a product are symlinks.
 

Modified: Zope/trunk/lib/python/Zope/Startup/__init__.py
===================================================================
--- Zope/trunk/lib/python/Zope/Startup/__init__.py	2004-11-24 08:18:07 UTC (rev 28495)
+++ Zope/trunk/lib/python/Zope/Startup/__init__.py	2004-11-24 08:48:24 UTC (rev 28496)
@@ -16,9 +16,10 @@
 
 import logging
 import os
-import re
 import sys
 import socket
+from re import compile
+from socket import gethostbyaddr
 
 import ZConfig
 
@@ -138,8 +139,10 @@
             filename = self.cfg.publisher_profile_file
             ZPublisher.Publish.install_profiling(filename)
         if self.cfg.trusted_proxies:
-            proxies = tuple(self.cfg.trusted_proxies)
-            ZPublisher.HTTPRequest.trusted_proxies = proxies
+            # DM 2004-11-24: added host name mapping (such that examples in conf file really have a chance to work
+            mapped = []
+            for name in self.cfg.trusted_proxies: mapped.extend(_name2Ips(name))
+            ZPublisher.HTTPRequest.trusted_proxies = tuple(mapped)
 
     def setupSecurityOptions(self):
         import AccessControl
@@ -403,3 +406,14 @@
     os.setuid(uid)
     logger.info('Set effective user to "%s"' % effective_user)
     return 1 # for unit testing purposes 
+
+
+# DM 2004-11-24: added
+def _name2Ips(host, isIp_=compile(r'(\d+\.){3}').match):
+    '''map a name *host* to the sequence of its ip addresses;
+    use *host* itself (as sequence) if it already is an ip address.
+    Thus, if only a specific interface on a host is trusted,
+    identify it by its ip (and not the host name).
+    '''
+    if isIp_(host): return [host]
+    return gethostbyaddr(host)[2]

Modified: Zope/trunk/lib/python/Zope/Startup/handlers.py
===================================================================
--- Zope/trunk/lib/python/Zope/Startup/handlers.py	2004-11-24 08:18:07 UTC (rev 28495)
+++ Zope/trunk/lib/python/Zope/Startup/handlers.py	2004-11-24 08:48:24 UTC (rev 28496)
@@ -153,3 +153,4 @@
         if not name.startswith('_'):
             handlers[name] = value
     return multihandler(handlers)
+

More information about the Zope-Checkins mailing list