[Erp5-report] r12790 - in /spec/debian/unstable/erp5-verbosesecurity: ./ VerboseSecurity/ V...
nobody at svn.erp5.org
nobody at svn.erp5.org
Thu Feb 15 18:28:46 CET 2007
Author: yusei
Date: Thu Feb 15 18:28:43 2007
New Revision: 12790
URL: http://svn.erp5.org?rev=12790&view=rev
Log:
added debian package and workspace.
Added:
spec/debian/unstable/erp5-verbosesecurity/
spec/debian/unstable/erp5-verbosesecurity/VerboseSecurity/
spec/debian/unstable/erp5-verbosesecurity/VerboseSecurity/CHANGES.txt
spec/debian/unstable/erp5-verbosesecurity/VerboseSecurity/PermissionRolePatch.py
spec/debian/unstable/erp5-verbosesecurity/VerboseSecurity/README.txt
spec/debian/unstable/erp5-verbosesecurity/VerboseSecurity/VerboseSecurityPolicy.py
spec/debian/unstable/erp5-verbosesecurity/VerboseSecurity/__init__.py
spec/debian/unstable/erp5-verbosesecurity/VerboseSecurity/debian/
spec/debian/unstable/erp5-verbosesecurity/VerboseSecurity/debian/changelog
spec/debian/unstable/erp5-verbosesecurity/VerboseSecurity/debian/compat
spec/debian/unstable/erp5-verbosesecurity/VerboseSecurity/debian/control
spec/debian/unstable/erp5-verbosesecurity/VerboseSecurity/debian/copyright
spec/debian/unstable/erp5-verbosesecurity/VerboseSecurity/debian/dzproduct
spec/debian/unstable/erp5-verbosesecurity/VerboseSecurity/debian/postinst
spec/debian/unstable/erp5-verbosesecurity/VerboseSecurity/debian/rules (with props)
spec/debian/unstable/erp5-verbosesecurity/VerboseSecurity/tests/
spec/debian/unstable/erp5-verbosesecurity/VerboseSecurity/tests/testPermissionRolePatch.py
spec/debian/unstable/erp5-verbosesecurity/VerboseSecurity/tests/testVerboseSecurityPolicy.py
spec/debian/unstable/erp5-verbosesecurity/VerboseSecurity/version.txt
spec/debian/unstable/erp5-verbosesecurity/erp5-verbosesecurity_0.6-1.diff.gz (with props)
spec/debian/unstable/erp5-verbosesecurity/erp5-verbosesecurity_0.6-1.dsc
spec/debian/unstable/erp5-verbosesecurity/erp5-verbosesecurity_0.6-1_all.deb (with props)
spec/debian/unstable/erp5-verbosesecurity/erp5-verbosesecurity_0.6-1_i386.build
spec/debian/unstable/erp5-verbosesecurity/erp5-verbosesecurity_0.6-1_i386.changes
spec/debian/unstable/erp5-verbosesecurity/erp5-verbosesecurity_0.6.orig.tar.gz (with props)
Added: spec/debian/unstable/erp5-verbosesecurity/VerboseSecurity/CHANGES.txt
URL: http://svn.erp5.org/spec/debian/unstable/erp5-verbosesecurity/VerboseSecurity/CHANGES.txt?rev=12790&view=auto
==============================================================================
--- spec/debian/unstable/erp5-verbosesecurity/VerboseSecurity/CHANGES.txt (added)
+++ spec/debian/unstable/erp5-verbosesecurity/VerboseSecurity/CHANGES.txt Thu Feb 15 18:28:43 2007
@@ -1,0 +1,35 @@
+
+Version 0.6:
+
+ - This version is compatible only with Zope 2.7. Zope's security
+ machinery changed enough that compatibility with earlier versions
+ of Zope is too difficult to maintain.
+
+ - VerboseSecurity no longer requires the Python security
+ implementation to show what permission was required. It is now
+ possible to monkey-patch the C code!
+
+ - It is now possible to disable verbose security with an
+ environment variable. See __init__.py.
+
+Version 0.5:
+
+ - VerboseSecurity no longer tries to display every Unauthorized
+ error message. There were too many false positives.
+
+Version 0.4:
+
+ - Removed the DTML debugging module. Since ZPT is better than DTML
+ and Zope 2.6 produces nice, informative ZPT tracebacks, the DTML
+ debugger isn't needed anymore.
+
+Version 0.3:
+
+ - Updated for Zope 2.4.x. (No longer works with previous versions.)
+
+Version 0.2.1:
+
+ - Removed code that tried to add debugging information after the DTML
+ had been parsed. It was too eager, interfered with dtml-sendmail,
+ and is no longer necessary.
+
Added: spec/debian/unstable/erp5-verbosesecurity/VerboseSecurity/PermissionRolePatch.py
URL: http://svn.erp5.org/spec/debian/unstable/erp5-verbosesecurity/VerboseSecurity/PermissionRolePatch.py?rev=12790&view=auto
==============================================================================
--- spec/debian/unstable/erp5-verbosesecurity/VerboseSecurity/PermissionRolePatch.py (added)
+++ spec/debian/unstable/erp5-verbosesecurity/VerboseSecurity/PermissionRolePatch.py Thu Feb 15 18:28:43 2007
@@ -1,0 +1,118 @@
+##############################################################################
+#
+# Copyright (c) 2002 Zope Corporation and Contributors. All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+__doc__="""Patch of PermissionRole.
+
+This patch exposes the permission name for a role computation.
+
+$Id: PermissionRolePatch.py,v 1.4 2004/06/17 02:38:44 shane Exp $
+"""
+
+import sys
+from ExtensionClass import Base
+from AccessControl.PermissionRole \
+ import PermissionRole, _what_not_even_god_should_do
+from zLOG import LOG, ERROR
+
+
+try:
+ # Patch PermissionRole.
+
+ def __of__(self, parent):
+ r = imPermissionRole()
+ r._p = self._p
+ r._pa = parent
+ r._d = self._d
+ p = getattr(parent, 'aq_inner', None)
+ if p is not None:
+ return r.__of__(p)
+ else:
+ return r
+
+ PermissionRole.__of__ = __of__
+
+except:
+ LOG('VerboseSecurity', ERROR, "Unable to patch PermissionRole.",
+ error=sys.exc_info())
+
+
+class imPermissionRole(Base):
+ """Implement permission-based roles"""
+
+ def __of__(self, parent):
+ obj = parent
+ n = self._p
+ # The next line includes the permission name
+ # in the allowable roles.
+ r = [n]
+ while 1:
+ if hasattr(obj, n):
+ roles = getattr(obj, n)
+
+ if roles is None:
+ return 'Anonymous',
+
+ t = roles.__class__
+
+ if t is tuple:
+ # If we get a tuple, then we don't acquire
+ if r is None:
+ return roles
+ return r + list(roles)
+
+ if issubclass(t, basestring):
+ # We found roles set to a name. Start over
+ # with the new permission name. If the permission
+ # name is '', then treat as private!
+ if roles:
+ if roles != n:
+ n = roles
+ # If we find a name that is the same as the
+ # current name, we just ignore it.
+ roles = None
+ else:
+ return _what_not_even_god_should_do
+
+ elif roles:
+ if r is None: r = list(roles)
+ else: r = r + list(roles)
+
+ obj = getattr(obj, 'aq_inner', None)
+ if obj is None:
+ break
+ obj = obj.aq_parent
+
+ if r is None or len(r) < 2:
+ r = self._d
+
+ return r
+
+ # The following methods are needed in the unlikely case that an unwrapped
+ # object is accessed:
+ def __getitem__(self, i):
+ try:
+ v = self._v
+ except:
+ v = self._v = self.__of__(self._pa)
+ del self._pa
+
+ return v[i]
+
+ def __len__(self):
+ try:
+ v = self._v
+ except:
+ v = self._v = self.__of__(self._pa)
+ del self._pa
+
+ return len(v)
+
Added: spec/debian/unstable/erp5-verbosesecurity/VerboseSecurity/README.txt
URL: http://svn.erp5.org/spec/debian/unstable/erp5-verbosesecurity/VerboseSecurity/README.txt?rev=12790&view=auto
==============================================================================
--- spec/debian/unstable/erp5-verbosesecurity/VerboseSecurity/README.txt (added)
+++ spec/debian/unstable/erp5-verbosesecurity/VerboseSecurity/README.txt Thu Feb 15 18:28:43 2007
@@ -1,0 +1,71 @@
+
+Author
+======
+
+Shane Hathaway
+Zope Corporation
+shane at zope dot com
+
+
+VerboseSecurity Product
+=======================
+
+Zope has a flexible, fine-grained security model that lets you
+configure context-dependent mappings from users to roles and from
+roles to permissions. The model fits most organizations' needs and
+has been used all over the world, but the flexibility sometimes comes
+at a price of complexity.
+
+One major difficulty in using the Zope security model is its lack of
+clarity when access is denied. Because production sites should not
+reveal too much about the site to those who are denied access, the
+lack of verbosity in the default Zope security policy is appropriate
+for such sites. But site developers need more details.
+
+This product attempts to explain the complete reasoning for failed
+access. It shows what object was being accessed, what permission is
+required to access it, what roles map to that permission in that
+context, the executable object and its owner, the effective proxy
+roles, and other pertinent information. All of this information
+appears in the exception message when access is denied.
+
+The current version of this product is designed for Zope 2.7.
+
+
+Installation
+============
+
+Unpack the product in your Zope Products folder. The VerboseSecurity
+product replaces the Zope security policy with the
+"VerboseSecurityPolicy".
+
+The next time an Unauthorized exception occurs, you'll get a complete
+explanation for the failed access. You can also see recent exceptions
+through the web using the error_log object. Note, however, that in
+the default configuration, error_log will not display Unauthorized
+exceptions. Just remove "Unauthorized" from the list of ignored
+exceptions.
+
+
+Side effects
+============
+
+Like all products that dynamically patch Zope, there are a few side
+effects:
+
+- The speed of security checks, which occur quite frequently in Zope,
+will be slower, especially when access is denied. The difference is
+unlikely to be noticeable during site development, however.
+
+- The product reveals a lot of information about the structure of your
+site, so it may not be appropriate for some production sites. It is
+unlikely to inadvertently reveal passwords, though.
+
+- The PermissionRole patch included in the product internally adds an
+imaginary role to the roles computed for a permission. The imaginary
+role is a munged version of the permission name. Consequently, it is
+possible to assign users to this imaginary role. This is an
+interesting feature to have, since it potentially lets you bypass role
+assignment and assign users directly to permissions. But this feature
+should not be regarded as standard, and it is not officially
+supported.
Added: spec/debian/unstable/erp5-verbosesecurity/VerboseSecurity/VerboseSecurityPolicy.py
URL: http://svn.erp5.org/spec/debian/unstable/erp5-verbosesecurity/VerboseSecurity/VerboseSecurityPolicy.py?rev=12790&view=auto
==============================================================================
--- spec/debian/unstable/erp5-verbosesecurity/VerboseSecurity/VerboseSecurityPolicy.py (added)
+++ spec/debian/unstable/erp5-verbosesecurity/VerboseSecurity/VerboseSecurityPolicy.py Thu Feb 15 18:28:43 2007
@@ -1,0 +1,411 @@
+##############################################################################
+#
+# Copyright (c) 2002 Zope Corporation and Contributors. All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+__doc__="""Verbose version of Zope security policy
+
+
+$Id: VerboseSecurityPolicy.py,v 1.7 2004/06/17 02:38:44 shane Exp $"""
+__version__='$Revision: 1.7 $'[11:-2]
+
+
+from Acquisition import aq_base, aq_inner, aq_parent
+from AccessControl import Unauthorized
+from AccessControl.SimpleObjectPolicies import Containers, _noroles
+from zLOG import LOG, PROBLEM, BLATHER
+
+from AccessControl.PermissionRole import _what_not_even_god_should_do, \
+ rolesForPermissionOn
+
+
+class VerboseSecurityPolicy:
+
+ def __init__(self, ownerous=1, authenticated=1):
+ """Create a Zope security policy.
+
+ Two optional keyword arguments may be provided:
+
+ ownerous -- Untrusted users can create code
+ (e.g. Python scripts or templates),
+ so check that code owners can access resources.
+ The argument must have a truth value.
+ The default is true.
+
+ authenticated -- Allow access to resources based on the
+ privaledges of the authenticated user.
+ The argument must have a truth value.
+ The default is true.
+
+ This (somewhat experimental) option can be set
+ to false on sites that allow only public
+ (unauthenticated) access. An anticipated
+ scenario is a ZEO configuration in which some
+ clients allow only public access and other
+ clients allow full management.
+ """
+ self._ownerous = ownerous
+ self._authenticated = authenticated
+
+ def validate(self, accessed, container, name, value, context,
+ roles=_noroles, getattr=getattr, _noroles=_noroles,
+ valid_aq_=('aq_parent','aq_inner', 'aq_explicit')):
+
+ ############################################################
+ # Provide special rules for the acquisition attributes
+ if isinstance(name, str):
+ if name.startswith('aq_') and name not in valid_aq_:
+ info = setUnauthorized(
+ 'aq_* names (other than %s) are not allowed'
+ % ', '.join(valid_aq_),
+ accessed, container, name, value, context)
+ raise Unauthorized(info)
+
+ containerbase = aq_base(container)
+ accessedbase = aq_base(accessed)
+ if accessedbase is accessed:
+ # accessed is not a wrapper, so assume that the
+ # value could not have been acquired.
+ accessedbase = container
+
+ ############################################################
+ # If roles weren't passed in, we'll try to get them from the object
+
+ if roles is _noroles:
+ roles = getattr(value, '__roles__', roles)
+
+ ############################################################
+ # We still might not have any roles
+
+ if roles is _noroles:
+
+ ############################################################
+ # We have an object without roles and we didn't get a list
+ # of roles passed in. Presumably, the value is some simple
+ # object like a string or a list. We'll try to get roles
+ # from its container.
+ if container is None:
+ # Either container or a list of roles is required
+ # for ZopeSecurityPolicy to know whether access is
+ # allowable.
+ info = setUnauthorized(
+ 'No container provided',
+ accessed, container, name, value, context)
+ raise Unauthorized(info)
+
+ roles = getattr(container, '__roles__', roles)
+ if roles is _noroles:
+ if containerbase is container:
+ # Container is not wrapped.
+ if containerbase is not accessedbase:
+ info = setUnauthorized(
+ 'Unable to find __roles__ in the container '
+ 'and the container is not wrapped',
+ accessed, container, name, value, context)
+ raise Unauthorized(info)
+ else:
+ # Try to acquire roles
+ try: roles = container.aq_acquire('__roles__')
+ except AttributeError:
+ if containerbase is not accessedbase:
+ info = setUnauthorized(
+ 'Unable to find or acquire __roles__ '
+ 'from the container',
+ accessed, container, name, value, context)
+ raise Unauthorized(info)
+
+ # We need to make sure that we are allowed to
+ # get unprotected attributes from the container. We are
+ # allowed for certain simple containers and if the
+ # container says we can. Simple containers
+ # may also impose name restrictions.
+ p = Containers(type(container), None)
+ if p is None:
+ p = getattr(container,
+ '__allow_access_to_unprotected_subobjects__',
+ None)
+
+ if p is not None:
+ tp = p.__class__
+ if tp is not int:
+ if tp is dict:
+ if isinstance(name, basestring):
+ p = p.get(name)
+ else:
+ p = 1
+ else:
+ p = p(name, value)
+
+ if not p:
+ info = setUnauthorized(
+ 'The container has no security assertions',
+ accessed, container, name, value, context
+ )
+ raise Unauthorized(info)
+
+ if roles is _noroles:
+ return 1
+
+ # We are going to need a security-aware object to pass
+ # to allowed(). We'll use the container.
+ value = container
+
+ # Short-circuit tests if we can:
+ try:
+ if roles is None or 'Anonymous' in roles:
+ return 1
+ except TypeError:
+ # 'roles' isn't a sequence
+ LOG('Zope Security Policy', PROBLEM, "'%s' passed as roles"
+ " during validation of '%s' is not a sequence." % (
+ `roles`, name))
+ raise
+
+ # Check executable security
+ stack = context.stack
+ if stack:
+ eo = stack[-1]
+
+ # If the executable had an owner, can it execute?
+ if self._ownerous:
+ owner = eo.getOwner()
+ if (owner is not None) and not owner.allowed(value, roles):
+ # We don't want someone to acquire if they can't
+ # get an unacquired!
+ if len(roles) < 1:
+ info = setUnauthorized(
+ "The object is marked as private",
+ accessed, container, name, value, context)
+ elif userHasRolesButNotInContext(owner, value, roles):
+ info = setUnauthorized(
+ "The owner of the executing script is defined "
+ "outside the context of the object being "
+ "accessed",
+ accessed, container, name, value, context,
+ required_roles=roles, eo_owner=owner, eo=eo)
+ else:
+ info = setUnauthorized(
+ "The owner of the executing script does not "
+ "have the required permission",
+ accessed, container, name, value, context,
+ required_roles=roles, eo_owner=owner, eo=eo,
+ eo_owner_roles=getUserRolesInContext(
+ owner, value))
+ raise Unauthorized(info)
+
+ # Proxy roles, which are a lot safer now.
+ proxy_roles = getattr(eo, '_proxy_roles', None)
+ if proxy_roles:
+ # Verify that the owner actually can state the proxy role
+ # in the context of the accessed item; users in subfolders
+ # should not be able to use proxy roles to access items
+ # above their subfolder!
+ owner = eo.getWrappedOwner()
+
+ if owner is not None:
+ if container is not containerbase:
+ # Unwrapped objects don't need checking
+ if not owner._check_context(container):
+ # container is higher up than the owner,
+ # deny access
+ info = setUnauthorized(
+ "The owner of the executing script is defined "
+ "outside the context of the object being "
+ "accessed. The script has proxy roles, "
+ "but they do not apply in this context.",
+ accessed, container, name, value, context,
+ required_roles=roles, eo_owner=owner, eo=eo)
+ raise Unauthorized(info)
+
+ for r in proxy_roles:
+ if r in roles:
+ return 1
+
+ # Proxy roles actually limit access!
+ if len(roles) < 1:
+ info = setUnauthorized(
+ "The object is marked as private",
+ accessed, container, name, value, context)
+ else:
+ info = setUnauthorized(
+ "The proxy roles set on the executing script "
+ "do not allow access",
+ accessed, container, name, value, context,
+ eo=eo, eo_proxy_roles=proxy_roles,
+ required_roles=roles)
+ raise Unauthorized(info)
+
+ try:
+ if self._authenticated and context.user.allowed(value, roles):
+ return 1
+ except AttributeError:
+ pass
+
+ if len(roles) < 1:
+ info = setUnauthorized(
+ "The object is marked as private",
+ accessed, container, name, value, context)
+ elif not self._authenticated:
+ info = setUnauthorized(
+ "Authenticated access is not allowed by this "
+ "security policy",
+ accessed, container, name, value, context)
+ elif userHasRolesButNotInContext(context.user, value, roles):
+ info = setUnauthorized(
+ "Your user account is defined outside "
+ "the context of the object being accessed",
+ accessed, container, name, value, context,
+ required_roles=roles, user=context.user)
+ else:
+ info = setUnauthorized(
+ "Your user account does not "
+ "have the required permission",
+ accessed, container, name, value, context,
+ required_roles=roles, user=context.user,
+ user_roles=getUserRolesInContext(context.user, value))
+ raise Unauthorized(info)
+
+
+ def checkPermission(self, permission, object, context):
+ # XXX proxy roles and executable owner are not checked
+ roles = rolesForPermissionOn(permission, object)
+ if isinstance(roles, basestring):
+ roles = [roles]
+ return context.user.allowed(object, roles)
+
+
+def item_repr(ob):
+ """Generates a repr without angle brackets (to avoid HTML quoting)"""
+ return repr(ob).replace('<', '(').replace('>', ')')
+
+
+def simplifyRoles(roles):
+ """Simplifies and sorts a role list."""
+ d = {}
+ for r in roles:
+ d[r] = 1
+ lst = d.keys()
+ lst.sort()
+ return lst
+
+
+def setUnauthorized(msg, accessed, container, name, value, context,
+ required_roles=None,
+ user_roles=None,
+ user=None,
+ eo=None,
+ eo_owner=None,
+ eo_owner_roles=None,
+ eo_proxy_roles=None,
+ ):
+ """Returns the message with extra info appended.
+
+ Also saves the message in a thread-specific buffer so that
+ the error can be recovered later."""
+ s = '%s. Access to %s of %s' % (
+ msg, repr(name), item_repr(container))
+ if aq_base(container) is not aq_base(accessed):
+ s += ', acquired through %s,' % item_repr(accessed)
+ info = [s + ' denied.']
+ if user is not None:
+ try:
+ ufolder = '/'.join(aq_parent(aq_inner(user)).getPhysicalPath())
+ except:
+ ufolder = '(unknown)'
+ info.append('Your user account, %s, exists at %s.' % (
+ str(user), ufolder))
+ if required_roles is not None:
+ p = None
+ required_roles = list(required_roles)
+ for r in required_roles:
+ if r.startswith('_') and r.endswith('_Permission'):
+ p = r[1:]
+ required_roles.remove(r)
+ break
+ sr = simplifyRoles(required_roles)
+ if p:
+ info.append('Access requires %s, '
+ 'granted to the following roles: %s.' %
+ (p, sr))
+ else:
+ info.append('Access requires one of the following roles: %s.'
+ % sr)
+ if user_roles is not None:
+ info.append(
+ 'Your roles in this context are %s.' % simplifyRoles(user_roles))
+ if eo is not None:
+ s = 'The executing script is %s' % item_repr(eo)
+ if eo_proxy_roles is not None:
+ s += ', with proxy roles: %s' % simplifyRoles(eo_proxy_roles)
+ if eo_owner is not None:
+ s += ', owned by %s' % repr(eo_owner)
+ if eo_owner_roles is not None:
+ s += ', who has the roles %s' % simplifyRoles(eo_owner_roles)
+ info.append(s + '.')
+ res = ' '.join(info)
+ LOG('VerboseSecurity', BLATHER, 'Unauthorized: %s' % res)
+ return res
+
+
+def getUserRolesInContext(user, context):
+ """Returns user roles for a context."""
+ if hasattr(aq_base(user), 'getRolesInContext'):
+ return user.getRolesInContext(context)
+ else:
+ return ()
+
+
+def userHasRolesButNotInContext(user, object, object_roles):
+ '''Returns 1 if the user has any of the listed roles but
+ is not defined in a context which is not an ancestor of object.
+ '''
+ if object_roles is None or 'Anonymous' in object_roles:
+ return 0
+ usr_roles = getUserRolesInContext(user, object)
+ for role in object_roles:
+ if role in usr_roles:
+ # User has the roles.
+ return (not verifyAcquisitionContext(
+ user, object, object_roles))
+ return 0
+
+
+def verifyAcquisitionContext(self, object, object_roles=None):
+ """Mimics the relevant section of User.allowed(). self is a user object.
+ """
+ ufolder = aq_parent(self)
+ ucontext = aq_parent(ufolder)
+ if ucontext is not None:
+ if object is None:
+ # This is a strange rule, though
+ # it doesn't cause any security holes. SDH
+ return 1
+ if not hasattr(object, 'aq_inContextOf'):
+ if hasattr(object, 'im_self'):
+ # This is a method. Grab its self.
+ object=object.im_self
+ if not hasattr(object, 'aq_inContextOf'):
+ # object is not wrapped, therefore we
+ # can't determine context.
+ # Fail the access attempt. Otherwise
+ # this would be a security hole.
+ return None
+ if not object.aq_inContextOf(ucontext, 1):
+ if 'Shared' in object_roles:
+ # Damn, old role setting. Waaa
+ object_roles=self._shared_roles(object)
+ if 'Anonymous' in object_roles: return 1
+ return None
+ # Note that if self were not wrapped, it would
+ # not be possible to determine the user's context
+ # and this method would return 1.
+ # However, as long as user folders always return
+ # wrapped user objects, this is safe.
+ return 1
Added: spec/debian/unstable/erp5-verbosesecurity/VerboseSecurity/__init__.py
URL: http://svn.erp5.org/spec/debian/unstable/erp5-verbosesecurity/VerboseSecurity/__init__.py?rev=12790&view=auto
==============================================================================
--- spec/debian/unstable/erp5-verbosesecurity/VerboseSecurity/__init__.py (added)
+++ spec/debian/unstable/erp5-verbosesecurity/VerboseSecurity/__init__.py Thu Feb 15 18:28:43 2007
@@ -1,0 +1,25 @@
+##############################################################################
+#
+# Copyright (c) 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE
+#
+##############################################################################
+__doc__="""VerboseSecurity product.
+
+$Id: __init__.py,v 1.3 2004/06/17 02:38:44 shane Exp $
+"""
+
+import os
+from VerboseSecurityPolicy import VerboseSecurityPolicy
+
+if os.environ.get('ZOPE_VERBOSE_SECURITY', '1'):
+ from AccessControl.SecurityManager import setSecurityPolicy
+ setSecurityPolicy(VerboseSecurityPolicy())
+ import PermissionRolePatch
Added: spec/debian/unstable/erp5-verbosesecurity/VerboseSecurity/debian/changelog
URL: http://svn.erp5.org/spec/debian/unstable/erp5-verbosesecurity/VerboseSecurity/debian/changelog?rev=12790&view=auto
==============================================================================
--- spec/debian/unstable/erp5-verbosesecurity/VerboseSecurity/debian/changelog (added)
+++ spec/debian/unstable/erp5-verbosesecurity/VerboseSecurity/debian/changelog Thu Feb 15 18:28:43 2007
@@ -1,0 +1,6 @@
+erp5-verbosesecurity (0.6-1) unstable; urgency=low
+
+ * Initial Release.
+
+ -- Yusei TAHARA <yusei at domen.cx> Wed, 14 Feb 2007 03:27:56 +0900
+
Added: spec/debian/unstable/erp5-verbosesecurity/VerboseSecurity/debian/compat
URL: http://svn.erp5.org/spec/debian/unstable/erp5-verbosesecurity/VerboseSecurity/debian/compat?rev=12790&view=auto
==============================================================================
--- spec/debian/unstable/erp5-verbosesecurity/VerboseSecurity/debian/compat (added)
+++ spec/debian/unstable/erp5-verbosesecurity/VerboseSecurity/debian/compat Thu Feb 15 18:28:43 2007
@@ -1,0 +1,1 @@
+5
Added: spec/debian/unstable/erp5-verbosesecurity/VerboseSecurity/debian/control
URL: http://svn.erp5.org/spec/debian/unstable/erp5-verbosesecurity/VerboseSecurity/debian/control?rev=12790&view=auto
==============================================================================
--- spec/debian/unstable/erp5-verbosesecurity/VerboseSecurity/debian/control (added)
+++ spec/debian/unstable/erp5-verbosesecurity/VerboseSecurity/debian/control Thu Feb 15 18:28:43 2007
@@ -1,0 +1,30 @@
+Source: erp5-verbosesecurity
+Section: web
+Priority: optional
+Maintainer: Yusei TAHARA
+Build-Depends: debhelper (>= 5.0)
+Build-Depends-Indep: zope-debhelper (>= 0.3.6)
+Standards-Version: 3.7.2
+
+Package: erp5-verbosesecurity
+Architecture: all
+Depends: erp5-zope
+Description: A Zope product that helps explain the reason for denied security access
+ Zope has a flexible, fine-grained security model that lets you configure
+ context-dependent mappings from users to roles and from roles to
+ permissions. The model fits most organizations' needs and has been used
+ all over the world, but the flexibility sometimes comes at a price of
+ complexity.
+ .
+ One major difficulty in using the Zope security model is its lack of
+ clarity when access is denied. Because production sites should not reveal
+ too much about the site to those who are denied access, the lack of
+ verbosity in the default Zope security policy is appropriate for such
+ sites. But site developers need more details.
+ .
+ This product attempts to explain the complete reasoning for failed
+ access. It shows what object was being accessed, what permission is
+ required to access it, what roles map to that permission in that context,
+ the executable object and its owner, the effective proxy roles, and other
+ pertinent information. All of this information appears in the exception
+ message when access is denied.
Added: spec/debian/unstable/erp5-verbosesecurity/VerboseSecurity/debian/copyright
URL: http://svn.erp5.org/spec/debian/unstable/erp5-verbosesecurity/VerboseSecurity/debian/copyright?rev=12790&view=auto
==============================================================================
--- spec/debian/unstable/erp5-verbosesecurity/VerboseSecurity/debian/copyright (added)
+++ spec/debian/unstable/erp5-verbosesecurity/VerboseSecurity/debian/copyright Thu Feb 15 18:28:43 2007
@@ -1,0 +1,6 @@
+Author
+======
+
+Shane Hathaway
+Zope Corporation
+shane at zope dot com
Added: spec/debian/unstable/erp5-verbosesecurity/VerboseSecurity/debian/dzproduct
URL: http://svn.erp5.org/spec/debian/unstable/erp5-verbosesecurity/VerboseSecurity/debian/dzproduct?rev=12790&view=auto
==============================================================================
--- spec/debian/unstable/erp5-verbosesecurity/VerboseSecurity/debian/dzproduct (added)
+++ spec/debian/unstable/erp5-verbosesecurity/VerboseSecurity/debian/dzproduct Thu Feb 15 18:28:43 2007
@@ -1,0 +1,3 @@
+Name: VerboseSecurity
+Package: erp5-verbosesecurity
+ZopeVersions: >= 2.7
Added: spec/debian/unstable/erp5-verbosesecurity/VerboseSecurity/debian/postinst
URL: http://svn.erp5.org/spec/debian/unstable/erp5-verbosesecurity/VerboseSecurity/debian/postinst?rev=12790&view=auto
==============================================================================
--- spec/debian/unstable/erp5-verbosesecurity/VerboseSecurity/debian/postinst (added)
+++ spec/debian/unstable/erp5-verbosesecurity/VerboseSecurity/debian/postinst Thu Feb 15 18:28:43 2007
@@ -1,0 +1,7 @@
+#!/bin/sh -e
+
+. /usr/share/debconf/confmodule
+
+#DEBHELPER#
+
+db_stop
Added: spec/debian/unstable/erp5-verbosesecurity/VerboseSecurity/debian/rules
URL: http://svn.erp5.org/spec/debian/unstable/erp5-verbosesecurity/VerboseSecurity/debian/rules?rev=12790&view=auto
==============================================================================
--- spec/debian/unstable/erp5-verbosesecurity/VerboseSecurity/debian/rules (added)
+++ spec/debian/unstable/erp5-verbosesecurity/VerboseSecurity/debian/rules Thu Feb 15 18:28:43 2007
@@ -1,0 +1,44 @@
+#!/usr/bin/make -f
+# Sample debian/rules that uses debhelper.
+# GNU copyright 1997 to 1999 by Joey Hess.
+
+# Uncomment this to turn on verbose mode.
+#export DH_VERBOSE=1
+
+pwd := $(shell pwd)
+debian := $(pwd)/debian/erp5-verbosesecurity
+
+build: build-stamp
+build-stamp:
+ touch build-stamp
+
+clean:
+ dh_testdir
+ dh_testroot
+ rm -f build-stamp configure-stamp
+ dh_clean
+
+install: build
+ dh_testdir
+ dh_testroot
+ dh_clean -k
+ dh_installdirs
+ dh_installerp5zope .
+
+binary-indep: build install
+ dh_testdir
+ dh_testroot
+ dh_installdocs
+ dh_installexamples
+ dh_installchangelogs
+ dh_compress
+ dh_fixperms
+ dh_installdeb
+ dh_gencontrol
+ dh_md5sums
+ dh_builddeb
+
+binary-arch:
+
+binary: binary-indep binary-arch
+.PHONY: build clean binary-indep binary install
Propchange: spec/debian/unstable/erp5-verbosesecurity/VerboseSecurity/debian/rules
------------------------------------------------------------------------------
svn:executable =
Added: spec/debian/unstable/erp5-verbosesecurity/VerboseSecurity/tests/testPermissionRolePatch.py
URL: http://svn.erp5.org/spec/debian/unstable/erp5-verbosesecurity/VerboseSecurity/tests/testPermissionRolePatch.py?rev=12790&view=auto
==============================================================================
--- spec/debian/unstable/erp5-verbosesecurity/VerboseSecurity/tests/testPermissionRolePatch.py (added)
+++ spec/debian/unstable/erp5-verbosesecurity/VerboseSecurity/tests/testPermissionRolePatch.py Thu Feb 15 18:28:43 2007
@@ -1,0 +1,142 @@
+##############################################################################
+#
+# Copyright (c) 2001 Zope Corporation and Contributors. All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE
+#
+##############################################################################
+"""Tests of PermissionRolePatch
+"""
+
+__rcs_id__='$Id: testPermissionRolePatch.py,v 1.1 2002/08/22 16:50:05 shane Exp $'
+__version__='$Revision: 1.1 $'[11:-2]
+
+import os, sys, unittest
+
+from AccessControl.PermissionRole import PermissionRole
+from Acquisition import Implicit, Explicit, aq_base
+
+import Products.VerboseSecurity.PermissionRolePatch
+
+ViewPermission = 'View'
+EditThingsPermission = 'Edit Things!'
+DeletePermission = 'Delete'
+
+
+class AppRoot(Explicit):
+ _View_Permission = None
+ _Edit_Things__Permission = ('Manager', 'Owner')
+ # No default for delete permission.
+
+class ImplicitContainer(Implicit):
+ pass
+
+class ExplicitContainer(Explicit):
+ pass
+
+class RestrictiveObject(Implicit):
+ _View_Permission = ('Manager',)
+ _Delete_Permission = () # Nobody
+
+class PermissiveObject(Explicit):
+ _Edit_Things__Permission = ['Anonymous']
+
+class ZClassMethodish(Implicit):
+ # Think of this as a method that should only be visible to users
+ # who have the edit permission.
+ _View_Permission = '_Edit_Things__Permission'
+ _Edit_Things__Permission = ''
+ _Delete_Permission = ''
+
+
+def assertPRoles(ob, permission, expect):
+ """
+ Asserts that in the context of ob, the given permission maps to
+ the given roles.
+ """
+ pr = PermissionRole(permission)
+ roles = pr.__of__(ob)
+ roles2 = aq_base(pr).__of__(ob)
+ if roles != roles2 and tuple(roles) != tuple(roles2):
+ raise AssertionError, (
+ 'Different methods of checking roles computed unequal results')
+ same = 0
+ if roles and pr._p in roles:
+ roles = list(roles)
+ roles.remove(pr._p)
+ if roles is None or expect is None:
+ if (roles is None or tuple(roles) == ('Anonymous',)) and (
+ expect is None or tuple(expect) == ('Anonymous',)):
+ same = 1
+ else:
+ got = {}
+ for r in roles:
+ got[r] = 1
+ expected = {}
+ for r in expect:
+ expected[r] = 1
+ if got == expected: # Dict compare does the Right Thing.
+ same = 1
+ if not same:
+ raise AssertionError, 'Expected roles: %s, got: %s' % (
+ `expect`, `roles`)
+
+
+class PermissionRoleTests (unittest.TestCase):
+
+ def testRestrictive(self, explicit=0):
+ app = AppRoot()
+ if explicit:
+ app.c = ExplicitContainer()
+ else:
+ app.c = ImplicitContainer()
+ app.c.o = RestrictiveObject()
+ o = app.c.o
+ assertPRoles(o, ViewPermission, ('Manager',))
+ assertPRoles(o, EditThingsPermission, ('Manager','Owner',))
+ assertPRoles(o, DeletePermission, ())
+
+ def testPermissive(self, explicit=0):
+ app = AppRoot()
+ if explicit:
+ app.c = ExplicitContainer()
+ else:
+ app.c = ImplicitContainer()
+ app.c.o = PermissiveObject()
+ o = app.c.o
+ assertPRoles(o, ViewPermission, ('Anonymous',))
+ assertPRoles(o, EditThingsPermission, ('Anonymous','Manager','Owner',))
+ assertPRoles(o, DeletePermission, ('Manager',))
+
+ def testExplicit(self):
+ self.testRestrictive(1)
+ self.testPermissive(1)
+
+ def testAppDefaults(self):
+ o = AppRoot()
+ assertPRoles(o, ViewPermission, ('Anonymous',))
+ assertPRoles(o, EditThingsPermission, ('Manager','Owner',))
+ assertPRoles(o, DeletePermission, ('Manager',))
+
+ def testPermissionMapping(self):
+ app = AppRoot()
+ app.c = ImplicitContainer()
+ app.c.o = ZClassMethodish()
+ o = app.c.o
+ assertPRoles(o, ViewPermission, ('Manager','Owner',))
+ assertPRoles(o, EditThingsPermission, ())
+ assertPRoles(o, DeletePermission, ())
+
+
+def test_suite():
+ suite = unittest.TestSuite()
+ suite.addTest(unittest.makeSuite(PermissionRoleTests))
+ return suite
+
+if __name__ == '__main__':
+ unittest.main(defaultTest='test_suite')
Added: spec/debian/unstable/erp5-verbosesecurity/VerboseSecurity/tests/testVerboseSecurityPolicy.py
URL: http://svn.erp5.org/spec/debian/unstable/erp5-verbosesecurity/VerboseSecurity/tests/testVerboseSecurityPolicy.py?rev=12790&view=auto
==============================================================================
--- spec/debian/unstable/erp5-verbosesecurity/VerboseSecurity/tests/testVerboseSecurityPolicy.py (added)
+++ spec/debian/unstable/erp5-verbosesecurity/VerboseSecurity/tests/testVerboseSecurityPolicy.py Thu Feb 15 18:28:43 2007
@@ -1,0 +1,257 @@
+##############################################################################
+#
+# Copyright (c) 2001 Zope Corporation and Contributors. All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE
+#
+##############################################################################
+"""Tests of ZopeSecurityPolicy
+"""
+
+__rcs_id__='$Id: testVerboseSecurityPolicy.py,v 1.2 2004/06/17 02:38:46 shane Exp $'
+__version__='$Revision: 1.2 $'[11:-2]
+
+import os, sys, unittest
+
+import ZODB
+from zExceptions import Unauthorized
+from Products.VerboseSecurity.VerboseSecurityPolicy \
+ import VerboseSecurityPolicy
+from AccessControl.User import UserFolder
+from AccessControl.SecurityManagement import SecurityContext
+from Acquisition import Implicit, Explicit, aq_base
+from MethodObject import Method
+from ComputedAttribute import ComputedAttribute
+
+
+user_roles = ('RoleOfUser',)
+eo_roles = ('RoleOfExecutableOwner',)
+sysadmin_roles = ('RoleOfSysAdmin',)
+
+
+class App(Explicit):
+ pass
+
+
+class PublicMethod (Method):
+ def getOwner(self):
+ return None
+
+ __roles__ = None
+
+
+class ProtectedMethod (PublicMethod):
+ __roles__ = user_roles
+
+
+class OwnedMethod (PublicMethod):
+ __roles__ = eo_roles
+
+ def getOwner(self):
+ return self.aq_parent.aq_parent.acl_users.getUserById('theowner')
+
+
+class setuidMethod (PublicMethod):
+ _proxy_roles = sysadmin_roles
+
+ def getWrappedOwner(self):
+ return None
+
+
+class DangerousMethod (PublicMethod):
+ # Only accessible to sysadmin or people who use proxy roles
+ __roles__ = sysadmin_roles
+
+
+class SimpleItemish (Implicit):
+ public_m = PublicMethod()
+ protected_m = ProtectedMethod()
+ owned_m = OwnedMethod()
+ setuid_m = setuidMethod()
+ dangerous_m = DangerousMethod()
+ public_prop = 'Public Value'
+ private_prop = 'Private Value'
+
+
+class UnprotectedSimpleItem (SimpleItemish):
+
+ __allow_access_to_unprotected_subobjects__ = 1
+
+
+class RestrictedSimpleItem (SimpleItemish):
+
+ __allow_access_to_unprotected_subobjects__ = 0
+
+ _View_Permission = eo_roles
+
+
+class PartlyProtectedSimpleItem1 (SimpleItemish):
+
+ __allow_access_to_unprotected_subobjects__ = {'public_prop': 1,}
+
+
+class PartlyProtectedSimpleItem2 (SimpleItemish):
+
+ def __allow_access_to_unprotected_subobjects__(self, name, value):
+ if name == 'public_prop':
+ return 1
+ return 0
+
+
+class PartlyProtectedSimpleItem3 (PartlyProtectedSimpleItem1):
+ # Set the roles of objects that are accessible because of
+ # __allow_access_to_unprotected_subobjects__ .
+ __roles__ = sysadmin_roles
+
+
+class SimpleClass:
+ attr = 1
+
+
+class ZopeSecurityPolicyTests (unittest.TestCase):
+
+ policy = VerboseSecurityPolicy()
+
+ def setUp(self):
+ a = App()
+ self.a = a
+ a.item = UnprotectedSimpleItem()
+ self.item = a.item
+ a.r_item = RestrictedSimpleItem()
+ a.item1 = PartlyProtectedSimpleItem1()
+ a.item2 = PartlyProtectedSimpleItem2()
+ a.item3 = PartlyProtectedSimpleItem3()
+ uf = UserFolder()
+ a.acl_users = uf
+ self.uf = a.acl_users
+ uf._addUser('joe', 'password', 'password', user_roles, ())
+ uf._addUser('theowner', 'password', 'password', eo_roles, ())
+ user = uf.getUserById('joe')
+ self.user = user
+ context = SecurityContext(user)
+ self.context = context
+
+ def assertPolicyAllows(self, ob, attrname):
+ res = self.policy.validate(ob, ob, attrname, getattr(ob, attrname),
+ self.context)
+ if not res:
+ assert 0, 'Policy quietly denied %s' % attrname
+
+ def assertPolicyDenies(self, ob, attrname):
+ try:
+ res = self.policy.validate(ob, ob, attrname, getattr(ob, attrname),
+ self.context)
+ except Unauthorized:
+ # Passed the test.
+ pass
+ else:
+ if res:
+ assert 0, 'Policy quietly allowed %s' % attrname
+ else:
+ assert 0, ('Policy denied %s, but did not '
+ 'throw an exception.' % attrname)
+
+ def testUserAccess(self):
+ item = self.item
+ self.assertPolicyAllows(item, 'public_m')
+ self.assertPolicyAllows(item, 'protected_m')
+ self.assertPolicyDenies(item, 'owned_m')
+ self.assertPolicyAllows(item, 'setuid_m')
+ self.assertPolicyDenies(item, 'dangerous_m')
+
+ def testOwnerAccess(self):
+ self.context = SecurityContext(self.uf.getUserById('theowner'))
+ item = self.item
+ self.assertPolicyAllows(item, 'public_m')
+ self.assertPolicyDenies(item, 'protected_m')
+ self.assertPolicyAllows(item, 'owned_m')
+ self.assertPolicyAllows(item, 'setuid_m')
+ self.assertPolicyDenies(item, 'dangerous_m')
+
+ def testProxyAccess(self):
+ item = self.item
+ self.context.stack.append(item.setuid_m)
+ self.assertPolicyAllows(item, 'public_m')
+ self.assertPolicyDenies(item, 'protected_m')
+ self.assertPolicyDenies(item, 'owned_m')
+ self.assertPolicyAllows(item, 'setuid_m')
+ self.assertPolicyAllows(item, 'dangerous_m')
+
+ def testAccessToUnprotectedSubobjects(self):
+ item = self.item
+ r_item = self.a.r_item
+ item1 = self.a.item1
+ item2 = self.a.item2
+ item3 = self.a.item3
+ self.assertPolicyAllows(item, 'public_prop')
+ self.assertPolicyDenies(r_item,'public_prop')
+ self.assertPolicyAllows(item1, 'public_prop')
+ self.assertPolicyAllows(item2, 'public_prop')
+ self.assertPolicyDenies(item3,'public_prop')
+ self.assertPolicyAllows(item, 'private_prop')
+ self.assertPolicyDenies(r_item,'private_prop')
+ self.assertPolicyDenies(item1, 'private_prop')
+ self.assertPolicyDenies(item2, 'private_prop')
+ self.assertPolicyDenies(item3, 'private_prop')
+
+ def testAccessToSimpleContainer(self):
+ self.assertPolicyAllows({}, 'keys')
+ self.assertPolicyAllows([], 'append')
+ self.assertPolicyDenies(SimpleClass, 'attr')
+ self.assertPolicyDenies(SimpleClass(), 'attr')
+ c = SimpleClass()
+ c.attr = PublicMethod()
+ self.assertPolicyAllows(c, 'attr')
+
+ def testRolesForPermission(self):
+ # Test of policy.checkPermission().
+ r_item = self.a.r_item
+ context = self.context
+ v = self.policy.checkPermission('View', r_item, context)
+ assert not v, '_View_Permission should deny access to user'
+ o_context = SecurityContext(self.uf.getUserById('theowner'))
+ v = self.policy.checkPermission('View', r_item, o_context)
+ assert v, '_View_Permission should grant access to theowner'
+
+ def testAqNames(self):
+ policy = self.policy
+ ob = App()
+ ob.__roles__ = None
+ ob = App().__of__(ob)
+ ob.__roles__ = None
+ self.assertPolicyDenies(ob, 'aq_self')
+ self.assertPolicyDenies(ob, 'aq_base')
+ self.assertPolicyAllows(ob, 'aq_parent')
+ self.assertPolicyAllows(ob, 'aq_explicit')
+ self.assertPolicyAllows(ob, 'aq_inner')
+
+ if 1:
+ def testInsaneRoles(self):
+ # Makes sure the policy doesn't blow up on bad input.
+ c = SimpleClass()
+ m = PublicMethod()
+ c.m = m
+ # Test good roles
+ self.assertPolicyAllows(c, 'm')
+ # Test bad roles
+ m.__roles__ = 1950
+ try:
+ self.assertPolicyAllows(c, 'm')
+ except TypeError:
+ pass
+ else:
+ assert 0, 'Policy accepted bad __roles__'
+
+
+def test_suite():
+ suite = unittest.TestSuite()
+ suite.addTest(unittest.makeSuite(ZopeSecurityPolicyTests))
+ return suite
+
+if __name__ == '__main__':
+ unittest.main(defaultTest='test_suite')
Added: spec/debian/unstable/erp5-verbosesecurity/VerboseSecurity/version.txt
URL: http://svn.erp5.org/spec/debian/unstable/erp5-verbosesecurity/VerboseSecurity/version.txt?rev=12790&view=auto
==============================================================================
--- spec/debian/unstable/erp5-verbosesecurity/VerboseSecurity/version.txt (added)
+++ spec/debian/unstable/erp5-verbosesecurity/VerboseSecurity/version.txt Thu Feb 15 18:28:43 2007
@@ -1,0 +1,1 @@
+VerboseSecurity-0.6
Added: spec/debian/unstable/erp5-verbosesecurity/erp5-verbosesecurity_0.6-1.diff.gz
URL: http://svn.erp5.org/spec/debian/unstable/erp5-verbosesecurity/erp5-verbosesecurity_0.6-1.diff.gz?rev=12790&view=auto
==============================================================================
Binary file - no diff available.
Propchange: spec/debian/unstable/erp5-verbosesecurity/erp5-verbosesecurity_0.6-1.diff.gz
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: spec/debian/unstable/erp5-verbosesecurity/erp5-verbosesecurity_0.6-1.dsc
URL: http://svn.erp5.org/spec/debian/unstable/erp5-verbosesecurity/erp5-verbosesecurity_0.6-1.dsc?rev=12790&view=auto
==============================================================================
--- spec/debian/unstable/erp5-verbosesecurity/erp5-verbosesecurity_0.6-1.dsc (added)
+++ spec/debian/unstable/erp5-verbosesecurity/erp5-verbosesecurity_0.6-1.dsc Thu Feb 15 18:28:43 2007
@@ -1,0 +1,12 @@
+Format: 1.0
+Source: erp5-verbosesecurity
+Version: 0.6-1
+Binary: erp5-verbosesecurity
+Maintainer: Yusei TAHARA
+Architecture: all
+Standards-Version: 3.7.2
+Build-Depends: debhelper (>= 5.0)
+Build-Depends-Indep: zope-debhelper (>= 0.3.6)
+Files:
+ eeeea8457a67eb49616ac22f57562241 9773 erp5-verbosesecurity_0.6.orig.tar.gz
+ 2a04f9813712d98e916c5d9c8dcdc782 1403 erp5-verbosesecurity_0.6-1.diff.gz
Added: spec/debian/unstable/erp5-verbosesecurity/erp5-verbosesecurity_0.6-1_all.deb
URL: http://svn.erp5.org/spec/debian/unstable/erp5-verbosesecurity/erp5-verbosesecurity_0.6-1_all.deb?rev=12790&view=auto
==============================================================================
Binary file - no diff available.
Propchange: spec/debian/unstable/erp5-verbosesecurity/erp5-verbosesecurity_0.6-1_all.deb
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: spec/debian/unstable/erp5-verbosesecurity/erp5-verbosesecurity_0.6-1_i386.build
URL: http://svn.erp5.org/spec/debian/unstable/erp5-verbosesecurity/erp5-verbosesecurity_0.6-1_i386.build?rev=12790&view=auto
==============================================================================
--- spec/debian/unstable/erp5-verbosesecurity/erp5-verbosesecurity_0.6-1_i386.build (added)
+++ spec/debian/unstable/erp5-verbosesecurity/erp5-verbosesecurity_0.6-1_i386.build Thu Feb 15 18:28:43 2007
@@ -1,0 +1,34 @@
+ fakeroot debian/rules clean
+dh_testdir
+dh_testroot
+rm -f build-stamp configure-stamp
+dh_clean
+ dpkg-source -b VerboseSecurity
+dpkg-source: warning: source directory `./VerboseSecurity' is not <sourcepackage>-<upstreamversion> `erp5-verbosesecurity-0.6'
+dpkg-source: warning: .orig directory name VerboseSecurity.orig is not <package>-<upstreamversion> (wanted erp5-verbosesecurity-0.6.orig)
+dpkg-source: building erp5-verbosesecurity using existing erp5-verbosesecurity_0.6.orig.tar.gz
+dpkg-source: building erp5-verbosesecurity in erp5-verbosesecurity_0.6-1.diff.gz
+dpkg-source: building erp5-verbosesecurity in erp5-verbosesecurity_0.6-1.dsc
+ debian/rules build
+touch build-stamp
+ fakeroot debian/rules binary
+dh_testdir
+dh_testroot
+dh_clean -k
+dh_installdirs
+dh_installerp5zope .
+dh_testdir
+dh_testroot
+dh_installdocs
+dh_installexamples
+dh_installchangelogs
+dh_compress
+dh_fixperms
+dh_installdeb
+dh_gencontrol
+dh_md5sums
+dh_builddeb
+dpkg-deb: `../erp5-verbosesecurity_0.6-1_all.deb' ¤Ë¥Ñ¥Ã¥±¡¼¥¸ `erp5-verbosesecurity' ¤ò¹½ÃÛ¤·¤Æ¤¤¤Þ¤¹¡£
+ dpkg-genchanges
+dpkg-genchanges: including full source code in upload
+dpkg-buildpackage (debuild emulation): full upload (original source is included)
Added: spec/debian/unstable/erp5-verbosesecurity/erp5-verbosesecurity_0.6-1_i386.changes
URL: http://svn.erp5.org/spec/debian/unstable/erp5-verbosesecurity/erp5-verbosesecurity_0.6-1_i386.changes?rev=12790&view=auto
==============================================================================
--- spec/debian/unstable/erp5-verbosesecurity/erp5-verbosesecurity_0.6-1_i386.changes (added)
+++ spec/debian/unstable/erp5-verbosesecurity/erp5-verbosesecurity_0.6-1_i386.changes Thu Feb 15 18:28:43 2007
@@ -1,0 +1,21 @@
+Format: 1.7
+Date: Wed, 14 Feb 2007 03:27:56 +0900
+Source: erp5-verbosesecurity
+Binary: erp5-verbosesecurity
+Architecture: source all
+Version: 0.6-1
+Distribution: unstable
+Urgency: low
+Maintainer: Yusei TAHARA
+Changed-By: Yusei TAHARA <yusei at domen.cx>
+Description:
+ erp5-verbosesecurity - A Zope product that helps explain the reason for denied security
+Changes:
+ erp5-verbosesecurity (0.6-1) unstable; urgency=low
+ .
+ * Initial Release.
+Files:
+ 6571f698351b0edd13cd508de603542e 392 web optional erp5-verbosesecurity_0.6-1.dsc
+ eeeea8457a67eb49616ac22f57562241 9773 web optional erp5-verbosesecurity_0.6.orig.tar.gz
+ 2a04f9813712d98e916c5d9c8dcdc782 1403 web optional erp5-verbosesecurity_0.6-1.diff.gz
+ fb2857bf847c6027bf9120783a37184a 12320 web optional erp5-verbosesecurity_0.6-1_all.deb
Added: spec/debian/unstable/erp5-verbosesecurity/erp5-verbosesecurity_0.6.orig.tar.gz
URL: http://svn.erp5.org/spec/debian/unstable/erp5-verbosesecurity/erp5-verbosesecurity_0.6.orig.tar.gz?rev=12790&view=auto
==============================================================================
Binary file - no diff available.
Propchange: spec/debian/unstable/erp5-verbosesecurity/erp5-verbosesecurity_0.6.orig.tar.gz
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
More information about the Erp5-report
mailing list