Add support for restricting access based on restricted execution mode.
Renamed the 'readonly' field to 'flags' and defined some new flag bits: READ_RESTRICTED and WRITE_RESTRICTED, as well as a shortcut RESTRICTED that means both.
This commit is contained in:
parent
bf80a033ee
commit
c299fc16f2
|
@ -31,7 +31,7 @@ struct memberlist {
|
|||
char *name;
|
||||
int type;
|
||||
int offset;
|
||||
int readonly;
|
||||
int flags;
|
||||
};
|
||||
|
||||
/* Types */
|
||||
|
@ -58,9 +58,13 @@ struct memberlist {
|
|||
#define T_PSTRING_INPLACE 15
|
||||
#endif /* macintosh */
|
||||
|
||||
/* Readonly flag */
|
||||
/* Flags */
|
||||
#define READONLY 1
|
||||
#define RO READONLY /* Shorthand */
|
||||
#define READ_RESTRICTED 2
|
||||
#define WRITE_RESTRICTED 4
|
||||
#define RESTRICTED (READ_RESTRICTED | WRITE_RESTRICTED)
|
||||
|
||||
|
||||
DL_IMPORT(PyObject *) PyMember_Get(char *, struct memberlist *, char *);
|
||||
DL_IMPORT(int) PyMember_Set(char *, struct memberlist *, char *, PyObject *);
|
||||
|
|
|
@ -38,6 +38,12 @@ PyMember_Get(char *addr, struct memberlist *mlist, char *name)
|
|||
for (l = mlist; l->name != NULL; l++) {
|
||||
if (strcmp(l->name, name) == 0) {
|
||||
PyObject *v;
|
||||
if ((l->flags & READ_RESTRICTED) &&
|
||||
PyEval_GetRestricted()) {
|
||||
PyErr_SetString(PyExc_RuntimeError,
|
||||
"restricted attribute");
|
||||
return NULL;
|
||||
}
|
||||
addr += l->offset;
|
||||
switch (l->type) {
|
||||
case T_BYTE:
|
||||
|
@ -133,17 +139,22 @@ PyMember_Set(char *addr, struct memberlist *mlist, char *name, PyObject *v)
|
|||
|
||||
for (l = mlist; l->name != NULL; l++) {
|
||||
if (strcmp(l->name, name) == 0) {
|
||||
if ((l->flags & READONLY) || l->type == T_STRING
|
||||
#ifdef macintosh
|
||||
if (l->readonly || l->type == T_STRING ||
|
||||
l->type == T_PSTRING)
|
||||
|| l->type == T_PSTRING
|
||||
#endif
|
||||
)
|
||||
{
|
||||
#else
|
||||
if (l->readonly || l->type == T_STRING ) {
|
||||
#endif /* macintosh */
|
||||
PyErr_SetString(PyExc_TypeError,
|
||||
"readonly attribute");
|
||||
return -1;
|
||||
}
|
||||
if ((l->flags & WRITE_RESTRICTED) &&
|
||||
PyEval_GetRestricted()) {
|
||||
PyErr_SetString(PyExc_RuntimeError,
|
||||
"restricted attribute");
|
||||
return -1;
|
||||
}
|
||||
if (v == NULL && l->type != T_OBJECT) {
|
||||
PyErr_SetString(PyExc_TypeError,
|
||||
"can't delete numeric/char attribute");
|
||||
|
|
Loading…
Reference in New Issue