Uploaded image for project: 'mod_python'
  1. mod_python
  2. MODPYTHON-43

mod_python.publisher auth functions access to globals

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 3.1.4
    • Fix Version/s: 3.3.1
    • Component/s: publisher
    • Labels:
      None

      Description

      In the mod_python.publisher code, the code for performing basic authentication
      has in a few spots code of the form:

      if "_auth_" in func_code.co_names:
      i = list(func_code.co_names).index("_auth_")
      _auth_ = func_code.co_consts[i+1]
      if hasattr(_auth_, "co_name"):
      _auth_ = new.function(_auth_, globals())
      found_auth = 1

      What this does is that if the target of the request is a function and that function
      contains a nested function, which in this case is called "_auth_", then that
      nested function is turned into a callable object and is subsequently called to
      determine if the user is able to perform the request.

      In making the nested function callable, it uses "globals()". By using this though
      it is using the globals from the mod_python.publisher module and not the
      module which the nested function is contained within. This means that the
      following code will actually fail.

      import xxx

      def function(req):

      def _auth_(req,username,password):
      return xxx.auth(req,username,password)

      This is because the module "xxx" imported at global scope within the module isn't
      available to the nested function when it is called as it is seeing the globals of
      mod_python.publisher instead. To get around the problem, the import has to be
      local to the nested function.

      def function(req):

      def _auth_(req,username,password):
      import xxx
      return xxx.auth(req,username,password)

      Since in this case the auth function being called is a nested function, we know that
      we can actually grab the globals for the correct module by getting "func_globals"
      from the enclosing function.

      if "_auth_" in func_code.co_names:
      i = list(func_code.co_names).index("_auth_")
      _auth_ = func_code.co_consts[i+1]
      if hasattr(_auth_, "co_name"):
      _auth_ = new.function(_auth_, object.func_globals)
      found_auth = 1

      Ie., instead of "globals()", use "object.func_globals" where "object is the enclosing
      function object.

        Attachments

          Activity

            People

            • Assignee:
              grahamd Graham Dumpleton
              Reporter:
              grahamd Graham Dumpleton
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: