date:20041012

Re: [Zope-dev] xml-rpc changes between 2.7.0 and 2.7.3 ??

2004-10-12 Thread Tino Wildenhain

Hi,

Am Di, den 12.10.2004 schrieb Alan Milligan um 0:16:
 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1
 
 Hi,
 
 I had a client that used to work on 2.7.0, and now doesn't on 2.7.3.
 
 The problem would appear to be that it's not substituting the
 xmlrpc.Response class for a GET request on a text/xml content type and
 therefore just delegating to the str() function instead of wrapping it
 in the xml-rpc xml response tags.
 
 I'm a little confused about this, as this only appears to happen in
 HTTPRequest::processInputs which didn't seem to be invoked for my
 xml-rpc call anyway ...
 
 tcpdump follows for the sceptics ...
 
 j..
 08:05:04.901469 IP mistress.balclutha.org.34257 
 mistress.balclutha.org.zope: P 1:456(455) ack 1 win 32767
 nop,nop,timestamp 225097763 225097723
 [EMAIL PROTECTED]@.)..W.x...
 j..GET /last-bastion.net/junk/rpm/RPC2/$RHN/mail/listPackages/1 HTTP/1.1
 Host: localhost:8080
 Accept-Encoding: identity
 x-client-version: 1
 x-transport-info: Extended Capabilities Transport (C) Red Hat, Inc
 (version 1.40)
 x-up2date-version:
 user-agent: rhn.rpclib.py/$Revision: 1.40 $
 x-rhn-transport-capability: follow-redirects=1
 x-rhn-auth-channels: ['mail', '1']
 content-type: text/xml
 x-info: RPC Processor (C) Red Hat, Inc (version 1.44)

Your log is a bit confusing maybe you better use tcpflow
for dumping. But what is clearly seen is the GET request.
I wonder how this ever was supposed to work since 
XML-RPC requires an entidy body for the message (which is
in XML). You can compare with RFC2616 - there is no 
entidy body in GET. Your client needs to use POST.
I suspect then it should work.

Regards
Tino

___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope )

Re: Re: [Zope-dev] xml-rpc changes between 2.7.0 and 2.7.3= ??

2004-10-12 Thread Alan Milligan

Heh,

Yes - would you like to lobby RedHat to change their up2date client??

I think the reason they've done this is because it's much more efficient.  Not only do 
they not have to read the body, they don't have to parse it.

Also, xml-rpc is totally screwed because it doesn't have a file type, and the normal 
binary limitation is 8192 bytes of parsable data between two tags :(

Alan

 Hi,

 Am Di, den 12.10.2004 schrieb Alan Milligan um 0:16:
  -BEGIN PGP SIGNED MESSAGE-
  Hash: SHA1
 
  Hi,
 
  I had a client that used to work on 2.7.0, and now doesn't on 2.7.3.
 
  The problem would appear to be that it's not substituting the
  xmlrpc.Response class for a GET request on a text/xml content type and
  therefore just delegating to the str() function instead of wrapping it
  in the xml-rpc xml response tags.
 
  I'm a little confused about this, as this only appears to happen in
  HTTPRequest::processInputs which didn't seem to be invoked for my
  xml-rpc call anyway ...
 
  tcpdump follows for the sceptics ...
 
  j..
  08:05:04.901469 IP mistress.balclutha.org.34257 
  mistress.balclutha.org.zope: P 1:456(455) ack 1 win 32767
  nop,nop,timestamp 225097763 225097723
  [EMAIL PROTECTED]@.)..W.x...
  j..GET /last-bastion.net/junk/rpm/RPC2/$RHN/mail/listPackages/1 HTTP/1.1
  Host: localhost:8080
  Accept-Encoding: identity
  x-client-version: 1
  x-transport-info: Extended Capabilities Transport (C) Red Hat, Inc
  (version 1.40)
  x-up2date-version:
  user-agent: rhn.rpclib.py/$Revision: 1.40 $
  x-rhn-transport-capability: follow-redirects=1
  x-rhn-auth-channels: ['mail', '1']
  content-type: text/xml
  x-info: RPC Processor (C) Red Hat, Inc (version 1.44)

 Your log is a bit confusing maybe you better use tcpflow
 for dumping. But what is clearly seen is the GET request.
 I wonder how this ever was supposed to work since
 XML-RPC requires an entidy body for the message (which is
 in XML). You can compare with RFC2616 - there is no
 entidy body in GET. Your client needs to use POST.
 I suspect then it should work.

 Regards
 Tino





___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists -
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope )

RE: [Zope-dev] Possible Windows Service improvements.

2004-10-12 Thread Mark Hammond

Ressurecting a bit of an old thread:

 From: Chris McDonough [mailto:[EMAIL PROTECTED]
 Sent: Wednesday, 4 August 2004 11:19 PM
 Subject: Re: [Zope-dev] Possible Windows Service improvements.
...

 I'm a Windows signal idiot.

I was too.  I think I understand them a little better now after having
played with both the signal module, and the win32 specific functions.

 Is there a way that we can make the Zope
 process capture Windows signals and when the Windows equivalent of
 SIGTERM is sent to the process to shut it down cleanly?  This is how
 it works on UNIX, but we circumvent trying to listen for signals on
 Windows entirely at startup.  There are all sorts of hooks for clean
 shutdown now that we can coopt if we can make the process capture a
 signal.

I've uploaded a patch to http://collector.zope.org/Zope/1527.  I'd
appreciate any comments - specifically about if I have hooked the
appropriate place.

My first reaction was that the correct hooks were in SignalHandler.py and
Signals.py - however, Windows signals really aren't suitable for hooking
there - only SIGINT is supported.  Trying to twist code into pretending
signals on Windows worked like Linux ended up with a bit of a mess.  Hacking
Lifetime.py was the cleanest solution.

 Note that the UNIX environment has a lot of additional niceties due to
 responses to signals (like logfile rotation) that Windows doesn't now,
 which tends to have the effect of relegating Windows to a second-class
 platform on which to run a production Zope instance.

I guess the correct way to do that gets back to the other issue this thread
raised - cross-platform startup/error reporting and command handling.  I
fear that will take a little longer to implement.  I hope to break this up
into 2 tasks:

* Give windows reliable shutdown behaviour now.
* Try and develop a basis for reliable cross-platform parent/child
notification and control.

I think the first would allow us to gracefully shutdown services - at the
moment the child process is immediately terminated!  The second would give
us better startup and error recovery, but that seems less important to me.
I hope to submit a patch for the service code shortly.

Mark

___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope )

Re: [Zope-dev] Re: Bad interaction between Zope 2.7.3 and CMF 1.4

2004-10-12 Thread Tres Seaver

Dieter Maurer wrote:
Tres Seaver wrote at 2004-10-9 12:04 -0400:
Stefan H. Holek wrote:
While testing a large-ish customer project under Zope 2.7.3 we found that
when an object with setDefaultAccess('deny') is used as the context for
a PythonScript, the script can no longer aquire tools from the portal
root.
*By definition*, anybody who has declared 'setDefaultAccess('deny') 
*wants* the behavior you describe:  that declaration says, unless I 
give you explicit permission for using a name, refuse.

I do *NOT* think that this is the intended semantics of
setDefaultAccess('deny').
In my view, setDefaultAccess(XXX) should only affect objects
that do not have security declarations themselves.
Acquired tools have security declarations -- they should not be
affected by setDefaultAccess.

If Plone has classes which make such assertions, then either the authors 
*meant* them, or they need to be removed.  This is (literally) the same 
thing as declaring '__allow_access_to_unprotected_subobjects__ = 0' in 
your class.

With this name, it becomes even clearer:
  Acquires tools are neither unprotected nor subobjects.
Hmm, I tried writing a test te verify that my change (after 2.7.2) had 
modified the security policy's behavior.  Here is the test, which I 
expected to pass on the head of the 2.7 branch, but fail on 2.7.2:

--- lib/python/AccessControl/tests/testZopeSecurityPolicy.py27 Jan 
2004 19:22:36 -  1.6.2.6
+++ lib/python/AccessControl/tests/testZopeSecurityPolicy.py12 Oct 
2004 17:15:05 -
@@ -336,6 +336,16 @@
 else:
 self.fail('Policy accepted bad __roles__')

+def test_no_acquisition_through_paranoid(self):
+
+#  Check that acquisition through a paranoid object is not allowed.
+app = App()
+app.wanted = UnprotectedSimpleItem()
+app.enabling = UnprotectedSimpleItem()
+app.blocking = RestrictedSimpleItem()
+self.assertPolicyAllows(app.enabling, 'wanted')
+self.assertPolicyDenies(app.blocking, 'wanted')
+
 def test_suite():
 return unittest.makeSuite(ZopeSecurityPolicyTests)
However, it passes for both.  Anyone care to speculate why?
Tres.
--
===
Tres Seaver[EMAIL PROTECTED]
Zope Corporation  Zope Dealers   http://www.zope.com
___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )

[Zope-dev] Re: Bad interaction between Zope 2.7.3 and CMF 1.4

2004-10-12 Thread Tres Seaver

Tres Seaver wrote:
Dieter Maurer wrote:
Tres Seaver wrote at 2004-10-9 12:04 -0400:
Stefan H. Holek wrote:
While testing a large-ish customer project under Zope 2.7.3 we found 
that
when an object with setDefaultAccess('deny') is used as the context for
a PythonScript, the script can no longer aquire tools from the portal
root.

*By definition*, anybody who has declared 'setDefaultAccess('deny') 
*wants* the behavior you describe:  that declaration says, unless I 
give you explicit permission for using a name, refuse.

I do *NOT* think that this is the intended semantics of
setDefaultAccess('deny').
In my view, setDefaultAccess(XXX) should only affect objects
that do not have security declarations themselves.
Acquired tools have security declarations -- they should not be
affected by setDefaultAccess.

If Plone has classes which make such assertions, then either the 
authors *meant* them, or they need to be removed.  This is 
(literally) the same thing as declaring 
'__allow_access_to_unprotected_subobjects__ = 0' in your class.

With this name, it becomes even clearer:
  Acquires tools are neither unprotected nor subobjects.
Hmm, I tried writing a test te verify that my change (after 2.7.2) had 
modified the security policy's behavior.  Here is the test, which I 
expected to pass on the head of the 2.7 branch, but fail on 2.7.2:

--- lib/python/AccessControl/tests/testZopeSecurityPolicy.py27 Jan 
2004 19:22:36 -  1.6.2.6
+++ lib/python/AccessControl/tests/testZopeSecurityPolicy.py12 Oct 
2004 17:15:05 -
@@ -336,6 +336,16 @@
 else:
 self.fail('Policy accepted bad __roles__')

+def test_no_acquisition_through_paranoid(self):
+
+#  Check that acquisition through a paranoid object is not 
allowed.
+app = App()
+app.wanted = UnprotectedSimpleItem()
+app.enabling = UnprotectedSimpleItem()
+app.blocking = RestrictedSimpleItem()
+self.assertPolicyAllows(app.enabling, 'wanted')
+self.assertPolicyDenies(app.blocking, 'wanted')
+

 def test_suite():
 return unittest.makeSuite(ZopeSecurityPolicyTests)
However, it passes for both.  Anyone care to speculate why?
Tres.
OK, so my change was specifically to 'guarded_getattr', so the test was 
exercising the wrong thing.  Note that this means that the old behaviour 
of guarded_getattr was allowing objects to be returned which wouldn't be 
validated (I think).  Here is a test for 'guarded_getattr', which 
*fails* both before and after my change:

--- lib/python/AccessControl/tests/testZopeGuards.py16 Jan 2004 
21:04:54 -  1.1.4.3
+++ lib/python/AccessControl/tests/testZopeGuards.py12 Oct 2004 
17:51:13 -
@@ -24,11 +24,14 @@
 import AccessControl.SecurityManagement
 from AccessControl.SimpleObjectPolicies import ContainerAssertions
 from zExceptions import Unauthorized
+from Acquisition import Explicit
 from AccessControl.ZopeGuards \
 import guarded_getattr, get_dict_get, get_dict_pop, get_list_pop, \
 get_iter, guarded_min, guarded_max, safe_builtins, 
guarded_enumerate, \
 guarded_sum, guarded_apply

+from testZopeSecurityPolicy \
+import App, UnprotectedSimpleItem, RestrictedSimpleItem
 try:
 __file__
 except NameError:
@@ -112,6 +115,17 @@
 self.assertEqual(values.args, (d, 'values'))
 finally:
 ContainerAssertions[_dict] = old
+
+def test_no_acquisition_through_paranoid(self):
+
+#  Check that acquisition through a paranoid object is not allowed.
+app = App()
+app.wanted = UnprotectedSimpleItem()
+app.enabling = UnprotectedSimpleItem()
+app.blocking = RestrictedSimpleItem()
+ok = self.guarded_getattr(app.enabling, 'wanted')
+self.assertRaises(Unauthorized,
+  self.guarded_getattr, app.blocking, 'wanted')
 class TestGuardedGetattrC(TestGuardedGetattrPy):
Aargh!
Tres.
--
===
Tres Seaver[EMAIL PROTECTED]
Zope Corporation  Zope Dealers   http://www.zope.com
___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )

Re: [Zope-dev] xml-rpc changes between 2.7.0 and 2.7.3 ??

2004-10-12 Thread Alan Milligan

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Tino Wildenhain wrote:
|
|I had a client that used to work on 2.7.0, and now doesn't on 2.7.3.
|
|The problem would appear to be that it's not substituting the
|xmlrpc.Response class for a GET request on a text/xml content type and
|therefore just delegating to the str() function instead of wrapping it
|in the xml-rpc xml response tags.
|
| I wonder how this ever was supposed to work since
| XML-RPC requires an entidy body for the message (which is
| in XML). You can compare with RFC2616 - there is no
| entidy body in GET. Your client needs to use POST.
| I suspect then it should work.
|
Ok, I now more fully understand the subtlety of this explanation.
What happened here is that in cgi.py's FieldStorage class, since this is
a GET request, it completely ignores the CONTENT_TYPE environment and
sets the content-type header to x-www-form-urlencoded.
According to Dave Winer's spec at http://www.xmlrpc.com/spec, XML-RPC is
supposed to be HTTP-POST based, where this issue is fully resolved.
I have implemented this GET 'Extension' with this patch.
I appreciate that supporting 'unofficial' extensions to protocols is not
something we want to encourage, but is there any chance of getting this
patch into zope core (ever)?
Cheers, Alan
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFBbIWLCfroLk4EZpkRAlX3AKDI5Cdb6CUfdkqtSrEllfZeEGEnMwCdHJN0
78EIcOvXOD2H4imuI2NQOxw=
=H+yj
-END PGP SIGNATURE-
--- HTTPRequest.py	2004-10-13 11:22:32.212653472 +1000
+++ HTTPRequest.py.orig	2004-10-13 11:20:51.146017936 +1000
@@ -385,11 +385,9 @@
 fs=FieldStorage(fp=fp,environ=environ,keep_blank_values=1)
 if not hasattr(fs,'list') or fs.list is None:
 # Hm, maybe it's an XML-RPC
-if ((fs.headers.has_key('content-type') and
- fs.headers['content-type'] == 'text/xml' and
- method == 'POST') or
-		(environ.get('CONTENT_TYPE','') == 'text/xml' and
-		 method == 'GET')):
+if (fs.headers.has_key('content-type') and
+fs.headers['content-type'] == 'text/xml' and
+method == 'POST'):
 # Ye haaa, XML-RPC!
 global xmlrpc
 if xmlrpc is None: import xmlrpc
___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope )

Re: [Zope-dev] xml-rpc changes between 2.7.0 and 2.7.3 ??

2004-10-12 Thread Tino Wildenhain

Hi,

Am Mi, den 13.10.2004 schrieb Alan Milligan um 3:31:
 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1
 
 Tino Wildenhain wrote:
 
 |
 |I had a client that used to work on 2.7.0, and now doesn't on 2.7.3.
 |
 |The problem would appear to be that it's not substituting the
 |xmlrpc.Response class for a GET request on a text/xml content type and
 |therefore just delegating to the str() function instead of wrapping it
 |in the xml-rpc xml response tags.
 |
 
 | I wonder how this ever was supposed to work since
 | XML-RPC requires an entidy body for the message (which is
 | in XML). You can compare with RFC2616 - there is no
 | entidy body in GET. Your client needs to use POST.
 | I suspect then it should work.
 |
 
 Ok, I now more fully understand the subtlety of this explanation.
 
 What happened here is that in cgi.py's FieldStorage class, since this is
 a GET request, it completely ignores the CONTENT_TYPE environment and
 sets the content-type header to x-www-form-urlencoded.
 
 According to Dave Winer's spec at http://www.xmlrpc.com/spec, XML-RPC is
 supposed to be HTTP-POST based, where this issue is fully resolved.
 
 I have implemented this GET 'Extension' with this patch.
 
 I appreciate that supporting 'unofficial' extensions to protocols is not
 something we want to encourage, but is there any chance of getting this
 patch into zope core (ever)?

-1 by me. Go and fix the broken client instead. I wonder who came
to such a crazy idea to even think about sending a body with GET.

Regards
Tino

___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope )

Re: [Zope-dev] xml-rpc changes between 2.7.0 and 2.7.3 ??

Re: Re: [Zope-dev] xml-rpc changes between 2.7.0 and 2.7.3= ??

RE: [Zope-dev] Possible Windows Service improvements.

Re: [Zope-dev] Re: Bad interaction between Zope 2.7.3 and CMF 1.4

[Zope-dev] Re: Bad interaction between Zope 2.7.3 and CMF 1.4

Re: [Zope-dev] xml-rpc changes between 2.7.0 and 2.7.3 ??

Re: [Zope-dev] xml-rpc changes between 2.7.0 and 2.7.3 ??

7 matches

Site Navigation

Mail list logo

Footer information