Added ability to secure calls via allow_unprotected_calls protocol config flag. #241
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…r netrefs ("allow_unprotected_calls")
Whenever you call a netref with rpyc, formerly the call passes through even on the most restrictive
security settings. This is almost necessary, given that blocking __call__ means that every naked function/method
will not be callable, unless augmented by adding _rpyc_getattr_. This commit checks wrapped/bound calls to see
if they are accessible from thier parent __self__ (via their __name__), and allows them.
There are now also _rpyc_class_getattr/_rpyc_class_setattr/_rpyc_class_getattr which are used when the object
being queried is a class. Otherwise their non-class equivalents are still used, and if they raise
AttributeError, the class versions are called (if available).
Defaulting access via getattr/setattr/delattr was broken, and the tests I was running was only testing new functionality. My bad. The unit tests run now, and I added test_protected_calls
I removed the use of sets.
|
I didn't check in detail so far, but it seems to me that this is quite a big patch for such a small logical semantic change. :/ IMO, the getattr mechanism was already too heavy as is (but maybe that's just the code quality there), and I wouldn't want to add even more complexity. I might have time tomorrow or some time next week to think about how to make it slicker allround. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is a resolution to #239
See that for more information.