- the 'trusted-proxy' directive in zope.conf now also accepts

hostnames instead of IP addresses only (patch by Dieter Maurer)

- the 'trusted-proxy' directive in zope.conf now also accepts
hostnames instead of IP addresses only (patch by Dieter Maurer)
5ffc0bd2 · Andreas Jung · a409af63 · 5ffc0bd2 · 5ffc0bd2 · 5ffc0bd2
Commit 5ffc0bd2 authored Nov 24, 2004 by Andreas Jung
Showing with 21 additions and 3 deletions

doc/CHANGES.txt doc/CHANGES.txt +3 -0

lib/python/Zope/Startup/__init__.py lib/python/Zope/Startup/__init__.py +17 -3

lib/python/Zope/Startup/handlers.py lib/python/Zope/Startup/handlers.py +1 -0

No files found.
--- a/doc/CHANGES.txt
+++ b/doc/CHANGES.txt
@@ -46,6 +46,9 @@ Zope Changes

    Bugs fixed

+      - the 'trusted-proxy' directive in zope.conf now also accepts
+        hostnames instead of IP addresses only (patch by Dieter Maurer)
+
      - Fixed test.py to not over-resolve symbolic links. Needed to run
        tests when the Products directory and a product are symlinks.


--- a/lib/python/Zope/Startup/__init__.py
+++ b/lib/python/Zope/Startup/__init__.py
@@ -16,9 +16,10 @@

 import logging
 import os
-import re
 import sys
 import socket
+from re import compile
+from socket import gethostbyaddr

 import ZConfig

@@ -138,8 +139,10 @@ class ZopeStarter:
            filename = self.cfg.publisher_profile_file
            ZPublisher.Publish.install_profiling(filename)
        if self.cfg.trusted_proxies:
-            proxies = tuple(self.cfg.trusted_proxies)
-            ZPublisher.HTTPRequest.trusted_proxies = proxies
+            # DM 2004-11-24: added host name mapping (such that examples in conf file really have a chance to work
+            mapped = []
+            for name in self.cfg.trusted_proxies: mapped.extend(_name2Ips(name))
+            ZPublisher.HTTPRequest.trusted_proxies = tuple(mapped)

    def setupSecurityOptions(self):
        import AccessControl
@@ -403,3 +406,14 @@ def dropPrivileges(cfg):
    os.setuid(uid)
    logger.info('Set effective user to "%s"' % effective_user)
    return 1 # for unit testing purposes 
+
+
+# DM 2004-11-24: added
+def _name2Ips(host, isIp_=compile(r'(\d+\.){3}').match):
+    '''map a name *host* to the sequence of its ip addresses;
+    use *host* itself (as sequence) if it already is an ip address.
+    Thus, if only a specific interface on a host is trusted,
+    identify it by its ip (and not the host name).
+    '''
+    if isIp_(host): return [host]
+    return gethostbyaddr(host)[2]
--- a/lib/python/Zope/Startup/handlers.py
+++ b/lib/python/Zope/Startup/handlers.py
@@ -153,3 +153,4 @@ def handleConfig(config, multihandler):
        if not name.startswith('_'):
            handlers[name] = value
    return multihandler(handlers)
+