- Wire up security policy selection machinery to ZConfig (note that the 'C' policy is currently borked, but should be fixed very soon).

dd724d52 · Tres Seaver · 2a8a5e38 · dd724d52 · dd724d52 · dd724d52
Commit dd724d52 authored Jan 15, 2004 by Tres Seaver
5 changed files
--- a/lib/python/Zope/Startup/__init__.py
+++ b/lib/python/Zope/Startup/__init__.py
@@ -40,6 +40,7 @@ def start_zope(cfg):
    # are set up, we flush accumulated messages in StartupHandler's
    # buffers to the real logger.
    starter.setupStartupHandler()
+    starter.setupSecurityOptions()
    # Start ZServer servers before we drop privileges so we can bind to
    # "low" ports:
    starter.setupZServerThreads()
@@ -98,6 +99,14 @@ class ZopeStarter:
            from Signals import Signals
            Signals.registerZopeSignals()
+    def setupSecurityOptions(self):
+        import AccessControl
+        AccessControl.setImplementation(
+            self.cfg.security_policy_implementation)
+        AccessControl.setDefaultBehaviors(
+            not self.cfg.skip_ownership_checking,
+            not self.cfg.skip_authentication_checking)
    def setupStartupHandler(self):
        # set up our initial logging environment (log everything to stderr
        # if we're not in debug mode).

--- a/lib/python/Zope/Startup/handlers.py
+++ b/lib/python/Zope/Startup/handlers.py
@@ -39,14 +39,6 @@ def automatically_quote_dtml_request_data(value):
    not value and _setenv('ZOPE_DTML_REQUEST_AUTOQUOTE', '0')
    return value
-def skip_authentication_checking(value):
-    value and _setenv('ZSP_AUTHENTICATED_SKIP', '1')
-    return value
-def skip_ownership_checking(value):
-    value and _setenv('ZSP_OWNEROUS_SKIP', '1')
-    return value
 def maximum_number_of_session_objects(value):
    default = 1000
    value not in (None, default) and _setenv('ZSESSION_OBJECT_LIMIT', value)
@@ -97,10 +89,6 @@ def rest_output_encoding(value):
    value and _setenv('REST_OUTPUT_ENCODING' , value)
    return value
-def maximum_security_manager_stack_size(value):
-    value is not None and _setenv('Z_MAX_STACK_SIZE', value)
-    return value
 def publisher_profile_file(value):
    value is not None and _setenv('PROFILE_PUBLISHER', value)
    from ZPublisher.Publish import install_profiling
@@ -111,9 +99,6 @@ def http_realm(value):
    value is not None and _setenv('Z_REALM', value)
    return value
-def security_policy_implementation(value):
-    value not in ('C', None) and _setenv('ZOPE_SECURITY_POLICY', value)
 def max_listen_sockets(value):
    import ZServer
    ZServer.CONNECTION_LIMIT = value

--- a/lib/python/Zope/Startup/tests/testStarter.py
+++ b/lib/python/Zope/Startup/tests/testStarter.py
@@ -22,6 +22,7 @@ import unittest
 import ZConfig
 import Zope.Startup
+from Zope.Startup import handlers
 from Zope.Startup import ZopeStarter
 from App.config import getConfiguration, setConfiguration
@@ -76,7 +77,7 @@ class ZopeStarterTestCase(unittest.TestCase):
            if why == 17:
                # already exists
                pass
-        conf, handler = ZConfig.loadConfigFile(schema, sio)
+        conf, self.handler = ZConfig.loadConfigFile(schema, sio)
        self.assertEqual(conf.instancehome, TEMPNAME)
        return conf
@@ -361,9 +362,25 @@ class ZopeStarterTestCase(unittest.TestCase):
                pass
            setConfiguration(old_config)
+    def testInitializeSecurityOptions(self):
+        from AccessControl import Implementation
+        orig = Implementation.getImplementationName()
+        conf = self.load_config_text("""
+            instancehome <<INSTANCE_HOME>>
+            security-policy-implementation python
+            skip-authentication-checking   yes
+            skip-ownership-checking        yes
+            """)
+        self.assertEqual(conf.security_policy_implementation, "PYTHON")
+        starter = ZopeStarter(conf)
+        try:
+            starter.setupSecurityOptions()
+            self.assertEqual(Implementation.getImplementationName(), "PYTHON")
+        finally:
+            Implementation.setImplementation(orig)
 def test_suite():
    return unittest.makeSuite(ZopeStarterTestCase)
 if __name__ == "__main__":
    unittest.main(defaultTest="test_suite")
--- a/lib/python/Zope/Startup/zopeschema.xml
+++ b/lib/python/Zope/Startup/zopeschema.xml
@@ -452,16 +452,6 @@
    <metadefault>unset</metadefault>
  </key>
-  <key name="maximum-security-manager-stack-size" datatype="integer"
-       default="100" handler="maximum_security_manager_stack_size">
-     <description>
-     This variable allows you to customize the size of the Zope
-     SecurityManager stack. You shouldn't change this unless you know what
-     it means.
-     </description>
-     <metadefault>100</metadefault>
-  </key>
  <key name="publisher-profile-file" handler="publisher_profile_file">
    <description>
     Causing this directive to point to a file on the filesystem will
@@ -533,7 +523,7 @@
  <key name="security-policy-implementation"
       datatype=".security_policy_implementation"
-       default="C" handler="security_policy_implementation">
+       default="C">
     <description>
     The default Zope "security policy" implementation is written in C.
     Set this key to "PYTHON" to use the Python implementation
@@ -544,7 +534,7 @@
  </key>
  <key name="skip-authentication-checking" datatype="boolean"
-       default="off" handler="skip_authentication_checking">
+       default="off">
     <description>
     Set this directive to 'on' to cause Zope to prevent Zope from
     attempting to authenticate users during normal operation.
@@ -555,7 +545,7 @@
  </key>
  <key name="skip-ownership-checking" datatype="boolean"
-       default="off" handler="skip_ownership_checking">
+       default="off">
     <description>
     Set this directive to 'on' to cause Zope to ignore ownership checking
     when attempting to execute "through the web" code. By default, this

--- a/lib/python/tempstorage/__init__.py
+++ b/lib/python/tempstorage/__init__.py
 """ tempstorage package """