Re: [Zope-dev] PAS, AuthEncoding and zope.password
On Sun, Feb 20, 2011 at 12:39, Martijn Pieters wrote: >> Yes, changing the existing interface would require a 4.0. If you'd add >> a new interface extending the IPasswordManager one, we could do it in >> a 3.x release. >> >> A new zope.password 3.x release could go into both ZTK 1.1 and 1.0, a >> backwards incompatible 4.0 would have to wait for ZTK 1.2. > > Right. What would be a suitable name for the extended interface? > IMatchingPasswordManager? > > I've committed a revision that implements this as an extension to the > existing interface: > > http://zope3.pov.lt/trac/changeset/120458/zope.password/trunk > > but that's easy enough to change. > > I've also found that the SHA1 scheme in zope.password uses the {SHA1} > prefix, which is incompatible with LDAP and > AccessControl.AuthEncoding, which both use {SHA} instead. I'll change > zope.password to support {SHA} as well, defaulting to that prefix. I've implemented the {SHA} prefix change, as well as implement {CRYPT} support, making zope.password useful for all schemes explicitly named in RFC 2307, except the MD5 scheme. The latter uses a salt by default, making it incompatible with LDAP {MD5}. Open LDAP implements a salted MD5 scheme ({SMD5}) but places the salt at the end of the hash, not at the beginning as the zope.password manager implements it. I think I can keep that one backwards compatible but disable support for generating hashes with a salt, and add a SMD5 manager to implement a compatible scheme. With all the new password managers, this will be at least a 3.7 release, with a separate extended interface. -- Martijn Pieters ___ Zope-Dev maillist - Zope-Dev@zope.org https://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope )
[Zope-dev] Zope Tests: 101 OK, 21 Failed, 2 Unknown
Summary of messages to the zope-tests list. Period Sat Feb 19 12:00:00 2011 UTC to Sun Feb 20 12:00:00 2011 UTC. There were 124 messages: 8 from Zope Tests, 4 from buildbot at pov.lt, 31 from buildbot at winbot.zope.org, 11 from ccomb at free.fr, 5 from ct at gocept.com, 65 from jdriessen at thehealthagency.com. Test failures - Subject: FAILED : winbot / ztk_dev py_270_win64 From: buildbot at winbot.zope.org Date: Sat Feb 19 15:45:25 EST 2011 URL: http://mail.zope.org/pipermail/zope-tests/2011-February/032495.html Subject: FAILED : winbot / ztk_10 py_244_win32 From: buildbot at winbot.zope.org Date: Sat Feb 19 15:54:52 EST 2011 URL: http://mail.zope.org/pipermail/zope-tests/2011-February/032496.html Subject: FAILED : Zope Buildbot / zopetoolkit-1.1_win-py2.5 slave-win From: jdriessen at thehealthagency.com Date: Sat Feb 19 18:47:27 EST 2011 URL: http://mail.zope.org/pipermail/zope-tests/2011-February/032537.html Subject: FAILED : Total languishing bugs for zopeapp: 2 From: ct at gocept.com Date: Sat Feb 19 20:30:13 EST 2011 URL: http://mail.zope.org/pipermail/zope-tests/2011-February/032561.html Subject: FAILED : Total languishing bugs for zopetoolkit: 195 From: ct at gocept.com Date: Sat Feb 19 20:37:01 EST 2011 URL: http://mail.zope.org/pipermail/zope-tests/2011-February/032563.html Subject: FAILED : Total languishing bugs for zope: 48 From: ct at gocept.com Date: Sat Feb 19 20:40:35 EST 2011 URL: http://mail.zope.org/pipermail/zope-tests/2011-February/032564.html Subject: FAILED : Total languishing bugs for zope2: 2 From: ct at gocept.com Date: Sat Feb 19 20:45:06 EST 2011 URL: http://mail.zope.org/pipermail/zope-tests/2011-February/032565.html Subject: FAILED: Repository policy check found errors in 317 projects From: ct at gocept.com Date: Sat Feb 19 21:13:41 EST 2011 URL: http://mail.zope.org/pipermail/zope-tests/2011-February/032570.html Subject: FAILED : winbot / z3c.form_py_265_32 From: buildbot at winbot.zope.org Date: Sat Feb 19 22:11:57 EST 2011 URL: http://mail.zope.org/pipermail/zope-tests/2011-February/032580.html Subject: FAILED : winbot / z3c.rml_py_265_32 From: buildbot at winbot.zope.org Date: Sat Feb 19 22:39:53 EST 2011 URL: http://mail.zope.org/pipermail/zope-tests/2011-February/032583.html Subject: FAILED : Zope Buildbot / zopetoolkit-py2.5 slave-osx From: jdriessen at thehealthagency.com Date: Sat Feb 19 22:43:32 EST 2011 URL: http://mail.zope.org/pipermail/zope-tests/2011-February/032584.html Subject: FAILED : winbot / z3c.template_py_265_32 From: buildbot at winbot.zope.org Date: Sat Feb 19 23:02:36 EST 2011 URL: http://mail.zope.org/pipermail/zope-tests/2011-February/032586.html Subject: FAILED : winbot / z3c.layer.ready2go_py_265_32 From: buildbot at winbot.zope.org Date: Sat Feb 19 23:11:25 EST 2011 URL: http://mail.zope.org/pipermail/zope-tests/2011-February/032587.html Subject: FAILED : winbot / z3c.formui_py_265_32 From: buildbot at winbot.zope.org Date: Sat Feb 19 23:12:45 EST 2011 URL: http://mail.zope.org/pipermail/zope-tests/2011-February/032588.html Subject: FAILED : winbot / z3c.tabular_py_265_32 From: buildbot at winbot.zope.org Date: Sat Feb 19 23:14:56 EST 2011 URL: http://mail.zope.org/pipermail/zope-tests/2011-February/032589.html Subject: FAILED : winbot / z3c.contents_py_265_32 From: buildbot at winbot.zope.org Date: Sat Feb 19 23:15:50 EST 2011 URL: http://mail.zope.org/pipermail/zope-tests/2011-February/032590.html Subject: FAILED : winbot / z3c.ptcompat_py_265_32 From: buildbot at winbot.zope.org Date: Sat Feb 19 23:33:22 EST 2011 URL: http://mail.zope.org/pipermail/zope-tests/2011-February/032591.html Subject: FAILED : winbot / z3c.pdftemplate_py_265_32 From: buildbot at winbot.zope.org Date: Sat Feb 19 23:37:18 EST 2011 URL: http://mail.zope.org/pipermail/zope-tests/2011-February/032592.html Subject: FAILED : winbot / z3c.coverage_py_265_32 From: buildbot at winbot.zope.org Date: Sat Feb 19 23:38:39 EST 2011 URL: http://mail.zope.org/pipermail/zope-tests/2011-February/032593.html Subject: FAILED : winbot / z3c.macro_py_265_32 From: buildbot at winbot.zope.org Date: Sat Feb 19 23:39:23 EST 2011 URL: http://mail.zope.org/pipermail/zope-tests/2011-February/032594.html Subject: FAILED : winbot / z3c.pagelet_py_265_32 From: buildbot at winbot.zope.org Date: Sat Feb 19 23:43:48 EST 2011 URL: http://mail.zope.org/pipermail/zope-tests/2011-February/032595.html Unknown --- Subject: UNKNOWN : Zope Buildbot / zopetoolkit-1.1-py2.6 slave-osx From: jdriessen at thehealthagency.com Date: Sat Feb 19 21:38:19 EST 2011 URL: http://mail.zope.org/pipermail/zope-tests/2011-February/032572.html Subject: UNKNOWN : Zope Buildbot / zopetoolkit-py2.6 slave-osx From: jdriessen at thehealthagency.com Date: Sat Feb 19 23:55:13 EST 2011 URL: http://mail.zope.org/pipermail/zope-tests/2011-February/032596.html Tests passed OK --- Subject: OK : winbot / ztk_dev py_254_win32 From: buildbot at winbot.zope.org Date: Sat Feb 19 15:18
Re: [Zope-dev] PAS, AuthEncoding and zope.password
On Sun, Feb 20, 2011 at 11:56, Hanno Schlichting wrote: > Yes, changing the existing interface would require a 4.0. If you'd add > a new interface extending the IPasswordManager one, we could do it in > a 3.x release. > > A new zope.password 3.x release could go into both ZTK 1.1 and 1.0, a > backwards incompatible 4.0 would have to wait for ZTK 1.2. Right. What would be a suitable name for the extended interface? IMatchingPasswordManager? I've committed a revision that implements this as an extension to the existing interface: http://zope3.pov.lt/trac/changeset/120458/zope.password/trunk but that's easy enough to change. I've also found that the SHA1 scheme in zope.password uses the {SHA1} prefix, which is incompatible with LDAP and AccessControl.AuthEncoding, which both use {SHA} instead. I'll change zope.password to support {SHA} as well, defaulting to that prefix. >> What version of Zope2 can start using the >> new AccessControl package with a "zope.password >= 4.0.0" dependency? > > This depends on the changes in AccessControl and how backwards > compatible they are. > > If backwards compatibility is preserved, this can go into Zope 2.13 > and trunk, since we allow minor feature additions in the stable > series. Zope 2.12 is at a 2.12.15 release now and at the end of its > lifecycle - it'll only see bugfixes. It'll be backwards compatible. I'm planning to keep supporting legacy schemes registered with registerScheme, with listSchemes listing zope.password managers as well. The only thing that could perhaps be removed are the SSHADigestScheme and SHADigestSCheme classes, as these will be completely redundant with zope.password support. -- Martijn Pieters ___ Zope-Dev maillist - Zope-Dev@zope.org https://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] PAS, AuthEncoding and zope.password
Hi. On Sun, Feb 20, 2011 at 11:41 AM, Martijn Pieters wrote: > On Fri, Feb 18, 2011 at 22:19, Martijn Pieters wrote: >> We should at the very least convert PAS to use zope.password instead >> of AccessControl.AuthEncoding. > > I'll just go ahead and expand then IPasswordManager interface to > provide a match method that returns a boolean if a given hash uses the > specific encoding scheme. Presumably this'll be zope.password 4.0.0. Yes, changing the existing interface would require a 4.0. If you'd add a new interface extending the IPasswordManager one, we could do it in a 3.x release. A new zope.password 3.x release could go into both ZTK 1.1 and 1.0, a backwards incompatible 4.0 would have to wait for ZTK 1.2. > What does this mean for the versioning of AccessControl however? Will > that'll be a 2.14 release? Introducing a new dependency on zope.password will mean a 2.14 release. > What version of Zope2 can start using the > new AccessControl package with a "zope.password >= 4.0.0" dependency? This depends on the changes in AccessControl and how backwards compatible they are. If backwards compatibility is preserved, this can go into Zope 2.13 and trunk, since we allow minor feature additions in the stable series. Zope 2.12 is at a 2.12.15 release now and at the end of its lifecycle - it'll only see bugfixes. Hanno ___ Zope-Dev maillist - Zope-Dev@zope.org https://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] PAS, AuthEncoding and zope.password
On Fri, Feb 18, 2011 at 22:19, Martijn Pieters wrote: > We should at the very least convert PAS to use zope.password instead > of AccessControl.AuthEncoding. There is a snag. The zope.password API doesn't provide any way to detect what scheme was used for a given hash. Say you have a SSHA hash, it'll start with the string "{SSHA}", while a bcrypt encryption starts with "$2a$". Unfortunately, the zope.password IPasswordManager only provides methods to encode the password and check if a given password is correct. The only consumer of the interface, zope.app.authentication.principalfolder only supports one password manager at a time so never had a need to detect schemes. I'll just go ahead and expand then IPasswordManager interface to provide a match method that returns a boolean if a given hash uses the specific encoding scheme. Presumably this'll be zope.password 4.0.0. What does this mean for the versioning of AccessControl however? Will that'll be a 2.14 release? What version of Zope2 can start using the new AccessControl package with a "zope.password >= 4.0.0" dependency? Zope2 primarily uses the ZTK, so a version pin would be needed there until the new zope.password release makes it into the ZTK. -- Martijn Pieters ___ Zope-Dev maillist - Zope-Dev@zope.org https://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Acquisition wrapped objects do not behave well on unicode call
On 2011-02-19 17:17:44 +0100, Hanno Schlichting said: > On Thu, Feb 17, 2011 at 8:27 AM, Christian Zagrodnick wrote: >> On 2011-02-16 22:22:53 +0100, Hanno Schlichting said: svn+ssh://svn.zope.org/repos/main/Acquisition/branches/zagy-unicode-should-be-called Sure. >>> I'll review, merge and release. Should be sometime this week, >>> cannot promise a day. > > Branch reviewed, merged and released in Acquisition 2.13.6. > > Could you remove the merged branch once you updated your buildout config? Done. Thanks for releasing! -- Christian Zagrodnick · c...@gocept.com gocept gmbh & co. kg · forsterstraße 29 · 06112 halle (saale) · germany http://gocept.com · tel +49 345 1229889 4 · fax +49 345 1229889 1 Zope and Plone consulting and development ___ Zope-Dev maillist - Zope-Dev@zope.org https://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope )