[Zope] Re: Question about Zope and security

2006-03-29 Thread George Lee
  I'd rather encrypt passwords with a hash and reset the password if the 
  users have lost it. Is it possible to do that in Zope?

Isn't there an option in GRUF to encrypt passwords?

Although I don't think that affects the user's sending of passwords over the 
Web.

Peace,
George

___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )


[Zope] Re: major problems placing authentication on an extranet site-security flaw?

2006-02-11 Thread George Lee
michael nt milne [EMAIL PROTECTED] writes:

 HiI have major problems here trying to set-up authentication over a
 whole Plone site using Zope.

I'm not going to get involved in the large Zope security discussion but I will
post an additional something to plone-users in reply to the more narrow problem.
If you want additional help with it there, we'll need more details and debugging
from you. I usually like to help folks figure out bugs because it's a nice
problem solving stint, but I can't do much without more info.

Peace,
George

___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )


[Zope] Re: major problems placing authentication on an extranet site-security flaw?

2006-02-11 Thread George Lee
Scratch that, looking more closely at the thread it looks like you followed the
make site private documentation and it worked.

Peace,
George

___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )


[Zope] SOLUTION -- Products have incorrect home attribute

2006-01-19 Thread George Lee
 After migrating to a new server, several of my Zope products have an
 incorrect home attribute that specifies where they live on the
 filesystem. However, when I try to change these attributes using an
 external method, the attributes do not change. Any help?
 
 Peace,
 George


Turns out it was a bug in my external method, writing == instead of =, that
tripped me up. This is the external method I used:



OLD_INSTANCE_PROD_DIR_LIST = [
   '/home/BLUH1/zope/instance1/Products/',
   '/home/BLUH2/zope/instance1/Products/',
   ]
NEW_INSTANCE_PROD_DIR = '/usr/local/zope/instance1/Products/'

OLD_PYTHON_PROD_DIR_LIST = [
   '/usr/home/BLUH3/zope/270/lib/python/Products/',
   '/home/BLUH4/zope/273/lib/python/Products/',
   '/home/BLUH5/zope/281/lib/python/Products/',
   ]
NEW_PYTHON_PROD_DIR = '/usr/local/zope/284/lib/python/Products/'

def listHome(self):
   prods = self.Control_Panel.Products
   listBefore = []
   listAfter = []

   for p in prods.objectIds():
  homeBefore = prods._getOb(p).home
  listBefore = listBefore + [homeBefore]
  if homeBefore in map( lambda x : x + p, OLD_INSTANCE_PROD_DIR_LIST ):
 prods._getOb(p).home = NEW_INSTANCE_PROD_DIR + p
  elif homeBefore in map( lambda x : x + p, OLD_PYTHON_PROD_DIR_LIST ):
 prods._getOb(p).home = NEW_PYTHON_PROD_DIR + p
  listAfter = listAfter + [prods._getOb(p).home]

   return Before: %s\n\nAfter: %s % (str(listBefore),str(listAfter))

___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )


[Zope] Re: Products have incorrect home attribute

2006-01-18 Thread George Lee
 I asked the same question a couple of days ago (see wrong directoy in 
 Control_Panel.Products..home) and no, they aren't reset at zope 
 restart, and deleting the pyc files doesn't help either.

Thanks, didn't see the previous conversation. =)

I'll do the delete the Products objects trick ... any idea why it fails to just
directly change the attribute with an external method? I'm not savvy to the
inner workings of ZODB so I don't know if there's read-only attributes or
persistence issues (with a string attribute though?) here...


Peace,
Geroge

___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )


[Zope] Re: Newbee interfaces and implementations

2006-01-18 Thread George Lee
 So you recommend that I should just skip them as long as I'm on Zope2?
 
 I would be happy with that. I find them confusing when they don't
 really interface with but just document my methods.

Some of the reasons interfaces can be helpful are (1) for documentation purposes
and clarity for code if someone needs to look at it, (2) if other classes might
use the same interface, you help make sure you're sticking to a common interface
so that the methods in different classes do similar things, and (3) you can use
methods like isImplementedBy so that certain templates, code, etc. does
something with an object or class if it uses the interface -- what you call
really interfacing.

There's many examples of how (3) might work. It seems like for now that (3)
won't be important to you and (2) might be. Personally I define interfaces for
some classes (especially tools) to help with the documentation, but agree with
you that for other straightforward classes they don't help that much with
documetnation.

Hope this helps; peace,
George

___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )


[Zope] Products have incorrect home attribute

2006-01-17 Thread George Lee
After migrating to a new server, several of my Zope products have an
incorrect home attribute that specifies where they live on the
filesystem. However, when I try to change these attributes using an
external method, the attributes do not change. Any help?

Peace,
George
___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists -
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )


Re: [Zope] External Methods, Proxy Roles, and Executable Security

2005-11-20 Thread George Lee
Great, thanks much.

Is there much buzz about this in CMF developer land? It seems like
proper proxy roles handling, and like you said what Zope 3 security
will do to it, are pretty important and will come up quite often (all
I was doing, after all, was trying to move an object upon workflow
change!).

Peace,
George


On 11/19/05, Dieter Maurer [EMAIL PROTECTED] wrote:
 George Lee wrote at 2005-11-19 00:46 -0500:
 In CMFCore 1.5.4:
 
 If a low-security-clearance user calls an external method that pastes
 an object from a PortalFolder, he gets an error because the following
 line in CMFCore.PortalFolder fails:
 
 if not sm.checkPermission(DeleteObjects, parent):
raise AccessControl_Unauthorized
 
 This is even the case if sm.checkPermission is changed to
 _checkPermission, which takes into account proxy roles. The external
 method does not allow proxy roles attached, so I can't just add a
 Manager proxy role.
 
 Because I called the pasting in an external method, I expected it to
 go through without security problems! Is this a right expectation /
 and a bug, or a wrong expectation?

 It is the fate induced by explicit security checks.
 It will get much worse when the Zope 3 security comes into
 Zope 2 land: then even trusted code will have to deal with
 security proxied objects.


 We currently work around the problem that trusted code
 cannot have proxy roles with the following class:

 class ProxyContext:
   def __init__(self, proxy_roles):
 self._proxy_roles = tuple(proxy_roles)

   def getOwner(self): return None
   getWrappedOwner = getOwner

 This class emulates an object with proxy roles and can be pushed
 onto the SecurityManagers context stack like so:

 sm = getSecurityManager()
 context = ProxyContext(proxy_roles)
 sm.addContext(context)
 try:
 # do something with proxy_roles
 ...
 finally: sm.removeContext(context)


 Note, that I had to fix (in a local copy) CMF's _checkPermission
 for this to work:

It had decided to emulate Zope's proxy role checking only
approximately -- incorrectly for a None owner.

 My fix looks like this:

 security.declarePrivate('_checkPermission')
 def _checkPermission(permission, obj):
  Check if the current user has the permission on the given object.
 
 # this code is ported from ZopeSecurityPolicy.checkPermission
 roles = rolesForPermissionOn(permission, obj)
 if isinstance(roles, basestring):
 roles = [roles]
 context = getSecurityManager()._context

 # check executable owner and proxy roles
 # this code is ported from ZopeSecurityPolicy.validate
 stack = context.stack
 if stack:
 eo = stack[-1]
 owner = eo.getOwner()
 if owner is not None:
 if not owner.allowed(obj, roles):
 return 0
 # DM 2005-09-07: no reason to do it differently from Zope
 #   It accepts proxy_roles even for a None owner
 ##proxy_roles = getattr(eo, '_proxy_roles', None)
 ##if proxy_roles:
 ##if obj is not aq_base(obj):
 ##if not owner._check_context(obj):
 ##return 0
 ##for r in proxy_roles:
 ##if r in roles:
 ## return 1
 ##return 0
 proxy_roles = getattr(eo, '_proxy_roles', None)
 if proxy_roles:
 if obj is not aq_base(obj):
 # DM 2005-09-07: do it as Zope does
 #if not owner._check_context(obj):
 if owner is not None and not owner._check_context(obj):
 return 0
 for r in proxy_roles:
 if r in roles:
  return 1
 return 0

 return context.user.allowed(obj, roles)


 If you are interested in using this approach, you
 should probably file another CMF bug report about the
 wrong handling of proxy roles in _checkPermission.
 I explicitely allow you to attach the fix given above.


 --
 Dieter

___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists -
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )


[Zope] Reprise -- Manager Proxy Role ineffective for deleting/moving objects

2005-11-18 Thread George Lee
I forget if I submitted a collector issue about this before, but I
didn't see it. I just posted one at
http://www.zope.org/Collectors/CMF/396:

Title: PortalFolder.py _verifyObjectPaste ignores executable security

Version info: CMF 1.5.4 but also in trunk

_verifyObjectPaste calls sm.checkPermission(permission_name,self)
rather than _checkPermission(permission_name,self)

This makes it ignore executable security. So, if _verifyObjectPaste is
in an external method or in a script with sufficient proxy roles, it
raises an Unauthorized error for users when the external method /
proxy role security should suffice.



On 9/9/05, Dieter Maurer [EMAIL PROTECTED] wrote:
 George Lee wrote at 2005-9-8 23:57 -0400:
  ...
 Is it okay to just replace sm.checkPermission with _checkPermission
 from CMFCore.utils or is that not okay?

 Yes. But, please file a bug report as well.

 Also Dieter I noticed that Alan Runyan and you briefly discussed this
 issue back in 2002:
 http://mail.zope.org/pipermail/zope-cmf/2002-September/015350.html

 Any internal use should always take executable security (i.e.
 executable ownership and proxy roles) into account.
 Not doing so is a but, as things expected to be possible are not
 and (maybe even worse) things expected to be impossible may
 be possible.

 There may be a need for application code to check the permissions
 of the user with proxy roles not taken into account.

   E.g. a script that must use a Manager roles to do one
   thing but does not want to do another unless the current
   user has specific permissions.

 For this case, there also should be a method checking
 permissions with proxy roles not taken into account.

 --
 Dieter

___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists -
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )


[Zope] External Methods, Proxy Roles, and Executable Security

2005-11-18 Thread George Lee
In CMFCore 1.5.4:

If a low-security-clearance user calls an external method that pastes
an object from a PortalFolder, he gets an error because the following
line in CMFCore.PortalFolder fails:

if not sm.checkPermission(DeleteObjects, parent):
   raise AccessControl_Unauthorized

This is even the case if sm.checkPermission is changed to
_checkPermission, which takes into account proxy roles. The external
method does not allow proxy roles attached, so I can't just add a
Manager proxy role.

Because I called the pasting in an external method, I expected it to
go through without security problems! Is this a right expectation /
and a bug, or a wrong expectation?

Peace,
George







On 11/18/05, George Lee [EMAIL PROTECTED] wrote:
 I forget if I submitted a collector issue about this before, but I
 didn't see it. I just posted one at
 http://www.zope.org/Collectors/CMF/396:

 Title: PortalFolder.py _verifyObjectPaste ignores executable security

 Version info: CMF 1.5.4 but also in trunk

 _verifyObjectPaste calls sm.checkPermission(permission_name,self)
 rather than _checkPermission(permission_name,self)

 This makes it ignore executable security. So, if _verifyObjectPaste is
 in an external method or in a script with sufficient proxy roles, it
 raises an Unauthorized error for users when the external method /
 proxy role security should suffice.



 On 9/9/05, Dieter Maurer [EMAIL PROTECTED] wrote:
  George Lee wrote at 2005-9-8 23:57 -0400:
   ...
  Is it okay to just replace sm.checkPermission with _checkPermission
  from CMFCore.utils or is that not okay?
 
  Yes. But, please file a bug report as well.
 
  Also Dieter I noticed that Alan Runyan and you briefly discussed this
  issue back in 2002:
  http://mail.zope.org/pipermail/zope-cmf/2002-September/015350.html
 
  Any internal use should always take executable security (i.e.
  executable ownership and proxy roles) into account.
  Not doing so is a but, as things expected to be possible are not
  and (maybe even worse) things expected to be impossible may
  be possible.
 
  There may be a need for application code to check the permissions
  of the user with proxy roles not taken into account.
 
E.g. a script that must use a Manager roles to do one
thing but does not want to do another unless the current
user has specific permissions.
 
  For this case, there also should be a method checking
  permissions with proxy roles not taken into account.
 
  --
  Dieter
 

___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists -
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )


Re: [Zope] VIRTUAL_URL Failure

2005-11-09 Thread George Lee
Two main questions:
  (1) Does anybody *have* good documentation on VIRTUAL_URL and how it
interacts with CookieCrumbler and VirtualHostMonster?
  (2) Does anyone know how to debug VirtualHostMonster or other Python
libraries while running a Zope instance (it lives in Python not in
Zope, so I don't know if I change the code there if those changes will
actually get executed)?



For people who care to read more about what I think is going on:

 Well, where is VIRTUAL_URL documented? Why doesn't Plohn do something
 sane if it's not there?

It's not Plone's issue from what I can tell. CookieCrumbler, which
lives in CMF, does do something sane if VIRTUAL_URL is not there -- it
tries to create a substitute URL.

VIRTUAL_URL is set by the VirtualHostMonster. Does anyone know how to
debug it? Because it is in the python directories used to build Zope,
not in a Zope product which I know how to debug. (Is there a way to
restart python to register changes in VirtualHostMonster.py)?

Here is what I can tell of what is going on:

(1) VIRTUAL_URL is supposed to return the actual URL when there is a
Virtual Hosting Monster, for instance http://subdomain.mydomain.org
instead of http://ip:port/path/to/subdomain/object or
http://mydomain.org/path/to/subdomain/object.

(2) There's an Apache rewrite rule set to transform URL requests like
http://subdomain.org to
http://ip:port/VirtualHostBase/http/subdomain.mydomain.org before they
get sent into Zope.

(3) When VirtualHostMonster receives a request like
http://ip:port/VirtualHostBase/http/subdomain.mydomain.org, it is
supposed to return the currect object at
http://ip:port/path/to/subdomain/object and set a variable VIRTUAL_URL
http://subdomain.mydomain.org in the REQUEST variable.

(4) When navigating to an authenticated-only page, CMFCore's
CookieCrumbler sets a came_from variable to remember where to go. To
set the came_from variable, it first looks for VIRTUAL_URL. If it
doesn't find it, it uses another method to set came_from -- but this
returns an URL, and one that does not work.

(5) During login in Plone to a authenticated-only page, it uses
CMFCore's CookieCrumbler came_from variable.






  I'm wondering if CookieCrumbler is supposed
  to set VIRTUAL_URL given that there's a VHM installed and doesn't?

 It's probably some code in the publisher or vhm. Maybe it's something
 that didn't get merged from a branch or the trunk.

 Your best bet is to come up with minimal (ie: no plone, no cookie
 crumbler, etc) way to reproduce this and file a bug report in the collector.

 Oh, and grab yourself a copy of grep and see where this should be
 defined ;-)

 cheers,

 Chris

 --
 Simplistix - Content Management, Zope  Python Consulting
 - http://www.simplistix.co.uk


___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists -
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )


Re: [Zope] VIRTUAL_URL Failure

2005-11-09 Thread George Lee
   (2) Does anyone know how to debug VirtualHostMonster or other Python
 libraries while running a Zope instance (it lives in Python not in
 Zope, so I don't know if I change the code there if those changes will
 actually get executed)?

Oh wait it is in a Zope product, scratch that.


Peace,
George
___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists -
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )


[Zope] Re: VIRTUAL_URL Failure

2005-11-09 Thread George Lee
 The correct thing to use in a recent Zope is REQUEST['ACTUAL_URL'].

 Florent


This gives something like http://ip:port/path/to/subdomain though
rather than http://subdomain.mydomain.org ... what if anything gives
the latter?


Peace,
George
___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists -
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )


Re: [Zope] Re: VIRTUAL_URL Failure

2005-11-09 Thread George Lee
 I fear you fight a CookieCrumbler bug.

Vicious monsters, indeed.

Thanks for the REQUEST['URL'] tip. It's a pretty good workaround for
now, although not exactly right. If I am going to an object

http://here.org/object

with default page or default method default, then REQUEST['URL'] equals

http://here.org/object/default

instead of

http://here.org/object

This works for purposes of redirecting after login but isn't exactly
what should happen. From what I recall browsing a few ACTUAL_URL, etc.
threads, this is one reason there's a difference between the few
different URL variables.

Also, I opened up a collector issue at
  http://www.zope.org/Collectors/CMF/393

Peace,
George



 The most natural REQUEST['URL'] will give the correct value
 (as it gives what the primary HHTP cleint sees).

 --
 Dieter

___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists -
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )


Re: [Zope] VIRTUAL_URL Failure

2005-11-08 Thread George Lee
Zope 2.8.1

In Plone 2.1.1, when I try to access a page Anonymous does not have
permission to see, it redirects to a login. While doing so, it sets a
came_from variable with the URL I'm trying to access. It sets an ugly

http://my.domain.org/VirtualHostBase/http/my.domain.org:80/contentPages

which does not work. Plone folks suspected this was a Zope problem.

When Plone sets the came_from, it draws on the REQUEST variable. It
first looks to see if there is a VIRTUAL_URL in the REQUEST variable,
but it doesn't find one. I'm wondering if CookieCrumbler is supposed
to set VIRTUAL_URL given that there's a VHM installed and doesn't?

Peace,
George



Peace,
George



On 11/8/05, Chris Withers [EMAIL PROTECTED] wrote:
 George Lee wrote:
  On my Plone site, in CookieCrumbler.py, VIRTUAL_URL is not found in
  the request variable even though I have a Virtual Host Monster. This
  means that when logging in, the came_from URL that my site directs
  to becomes something ugly like

 What version of Zope are you using?

 Why do you think VIRTUAL_URL should be there?

 cheers,

 Chris

 --
 Simplistix - Content Management, Zope  Python Consulting
 - http://www.simplistix.co.uk

___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists -
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )


[Zope] VIRTUAL_URL Failure

2005-11-04 Thread George Lee
Hi,

On my Plone site, in CookieCrumbler.py, VIRTUAL_URL is not found in
the request variable even though I have a Virtual Host Monster. This
means that when logging in, the came_from URL that my site directs
to becomes something ugly like

http://my.domain.org/VirtualHostBase/http/my.domain.org:80/contentPages

This doesn't seem to be an Apache rewriting issue.

Should VIRTUAL_URL be found in the request variable and giving the
right URL (http://my.domain.org/contentPages), and why isn't it
showing up?

Peace,
George
___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists -
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )